Allowing Vpns Through A Firewall - Netopia 4752 2A4NA Administration Manual

Sdsl integrated access device

Hide thumbs Also See for 4752 2A4NA:

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

Table of Contents

Select IP Proﬁle Parameters and press Return. The IP Proﬁle Parameters screen appears.

Address Translation Enabled:

NAT Map List...

NAT Server List...

Local WAN IP Address:

Remote IP Address:

Remote IP Mask:

Filter Set...

Remove Filter Set

Receive RIP:

Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx).

Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.

Allowing VPNs through a Firewall

An administrator interested in securing a network will usually combine the use of VPNs with the use of a ﬁrewall

or some similar mechanism. This is because a VPN is not a complete security solution, but rather a component

of overall security. Using a VPN will add security to transactions carried over a public network, but a VPN alone

will not prevent a public network from inﬁltrating a private network. Therefore, you should combine use of a

ﬁrewall with VPNs, where the ﬁrewall will secure the private network from inﬁltration from a public network, and

the VPN will secure the transactions that must cross the public network.

A strict ﬁrewall may not be provisioned to allow VPN trafﬁc to pass back and forth as needed. In order to ensure

that a ﬁrewall will allow a VPN, certain attributes must be added to the ﬁrewall's provisioning. The provisions

necessary vary slightly between ATMP and PPTP, but both protocols operate on the same basic premise: there

are control and negotiation operations, and there is the tunnelled trafﬁc that carries the payload of data

between the VPN endpoints. The difference is that ATMP uses UDP to handle control and negotiation, while

PPTP uses TCP. Then both ATMP and PPTP use GRE to carry the payload.

For PPTP negotiation to work, TCP packets inbound and outbound destined for port 1723 must be allowed.

Likewise, for ATMP negotiation to work, UDP packets inbound and outbound destined for port 5150 must be

allowed. Source ports are dynamic, so, if possible, make this ﬂexible, too. Additionally, PPTP and ATMP both

require a ﬁrewall to allow GRE bi-directionally.

The following sections illustrate a sample ﬁltering setup to allow either PPTP or ATMP trafﬁc to cross a ﬁrewall:

PPTP example on page 12-24

ATMP example on page 12-27

Make your own appropriate substitutions. For more information on ﬁlters and ﬁrewalls, see

"Security.".

IP Profile Parameters

Yes

Easy-PAT

Easy-Servers

0.0.0.0

173.167.8.10

255.255.0.0

Both

Virtual Private Networks (VPNs) 12-23

Chapter 13,

Table of Contents

This manual is also suitable for:

4752

Allowing Vpns Through A Firewall - Netopia 4752 2A4NA Administration Manual

Allowing VPNs through a Firewall

Related Manuals for Netopia 4752 2A4NA

Related Content for Netopia 4752 2A4NA

This manual is also suitable for:

Table of Contents