Digi TransPort WR31 User Manual page 304

Configure network interfaces
Use interface x,y for the source IP address of IPsec packets
If it is required to use another interface (such as not the interface currently being configured) as
the source address for IPsec packets, this may be achieved by selecting the desired interface
from the drop-down list and typing the desired interface instance number into the adjacent text
box.
Enable the firewall on this interface
Enabling this setting causes the router to apply the firewall settings to traffic using this interface.
When debugging connections issues it is often helpful to make sure this setting is disabled,
because incorrect firewall rules prevent a connection from passing network traffic. If the
connection works when the firewall is turned off but fails when turned on, a good place to start
checking parameters would be in the firewall settings page, Configuration > Security >
Firewall.
Remote management access
The Remote access options parameter can be set to No restrictions, Disable management,
Disable return RST, Disable management and return RST.
When set to No restrictions, users on this interface can access the router's Telnet, FTP, and
•
web services for the purpose of managing the router.
When set to Disable management, users on this interface are prevented from managing the
•
router via Telnet, FTP, or the web interface.
For Disable return RST, whenever a router receives a TCP SYN packet for one of its own IP
•
addresses with the destination port set to an unexpected value, such as a port that the router
would normally expect to receive TCP traffic on, it will reply with a TCP RST packet. This is
normal behavior. However, the nature of internet traffic is such that whenever an internet
connection is established, TCYP SYN packets are to be expected. As the router's PPP
inactivity timer is restarted each time the router transmits data (but not when it receives
data), the standard response of the router to SYN packets, such as transmitting an RST
packet, will restart the inactivity timer and prevent the router from disconnecting the link
even when there is no genuine traffic. This effect can be prevented by using the appropriate
commands and options within the firewall script. However, on Digi 1000 series routers, or
where you are not using a firewall, the same result can be achieved by selecting this option,
such as when this option is selected the normal behavior of the router in responding to SYN
packets with RST packets is disabled. The option will also prevent the router from
responding to unsolicited UDP packets with the normal ICMP destination unreachable
responses.
The Disable management an return RST option prevents users from managing the router
•
via the Telnet, FTP, and web interfaces and also disables the transmission of TCP RST
packets as above.
Digi TransPort WR Routers User Guide
Configure Advanced interfaces settings: External modems and PPP
304