Advertisement
D-Link Co.,_______________________________________________________________________ FAQ
My-net
|
O--|
|---[Router]-----------[Cisco Router]---|
O--|
|
Due to Cisco's authentication scheme, you need to configure some
additional fields when talking to a Cisco device.
instances to pay attention to.
authentication scheme, and the second is their interpretation of
CHAP.
If the Cisco router requests PAP:
In Menu 13:
-
Set Mutual Authen to 'Yes'.
-
Set PAP Login to the appropriate login name.
-
Set PAP Password to the appropriate login password.
If the Cisco router requests CHAP:
Note: The Cisco device must be configured as a remote node and
not a remote user.
In Menu 11.1 (only if Call Direction is 'Incoming' or 'Both'):
-
Set Incoming: Rem Login to the Cisco device hostname.
-
Set Outgoing: My Login to the System Name value in menu 1.
-
Set Incoming: Rem Password to be the same as Outgoing: My
Password.
7.
How can I protect against IP spoofing attacks?
The Router's filter sets provide a means to protect against IP
spoofing attacks.
For the incoming data filters:
- Deny packets from the outside that claim to be from the inside
- Allow everything that isn't spoofing us
Filter Type= TCP/IP Filter Rule
Active= Yes
Source: IP Addr= a.b.c.d
Source: IP Mask= w.x.y.z
Action Matched= Drop
Action Not Matched= Forward
where a.b.c.d is an IP address on your local network and w.x.y.z
is your netmask
For the outgoing data filters:
- Deny "bounceback" packets
- Allow packets that originate from us
Filter Type= TCP/IP Filter Rule
Active= Yes
Destination: IP Addr= a.b.c.d
Destination: IP Mask= w.x.y.z
The first is Cisco's mutual
The basic scheme is as follows:
Rem-net
|
|--O
|--O
|
There are two
FAQ: 14
Advertisement
