1. Manuals
  2. Brands
  3. Asus Manuals
  4. Network Router
  5. RX3041H
  6. User manual

Asus RX3041H User Manual

High-speed router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
RX3041H
User's Manual
Revision 1.3
Aug. 19, 2004

Advertisement

Table of Contents
loading

Related Manuals for Asus RX3041H

Summary of Contents for Asus RX3041H

  • Page 1 RX3041H User’s Manual Revision 1.3 Aug. 19, 2004...

  • Page 3: Table Of Contents

    Step 2. Connect computers or a LAN............9 3.1.3 Step 3. Attach the AC adapter..............9 3.1.4 Step 4. Turn on the RX3041H, the ADSL or cable modem and power up your computers..................10 Part 2 — Configuring Your Computers..............11 3.2.1 Before you begin ..................11...
  • Page 4 Windows® 95, 98, and Me PCs ..............12 3.2.5 Windows® NT 4.0 workstations:..............12 3.2.6 Assigning static IP addresses to your PCs ..........13 Part 3 — Quick Configuration of the RX3041H..........13 3.3.1 Buttons Used in Setup Wizard..............14 3.3.2 Setting Up the RX3041H................14 3.3.3...
  • Page 5 5.2.3.4 Viewing Fixed DHCP Lease Table..........29 DNS........................29 5.3.1 About DNS....................29 5.3.2 Assigning DNS Addresses...............30 5.3.3 Configuring DNS Relay................30 Viewing LAN Statistics..................31 Configuring WAN Settings .....33 WAN Connection Mode..................33 PPPoE ........................33 6.2.1 WAN PPPoE Configuration Parameters ..........33 6.2.2 Configuring PPPoE for WAN ..............35 Dynamic IP......................36 6.3.1 WAN Dynamic IP Configuration Parameters ..........36...
  • Page 6 Configuring HTTP DDNS Client.................48 Configuring Local Host Table................48 8.4.1.1 Add a Host Table Entry ...............49 8.4.1.2 Modify a Host Table Entry ............49 8.4.1.3 Delete a Host Table Entry ............49 8.4.1.4 View the Host Table..............49 Configuring Firewall/NAT Settings..51 Firewall Overview ....................51 9.1.1 Stateful Packet Inspection ...............51 9.1.2...
  • Page 7 9.6.4 Delete an URL Filter Rule ................62 9.6.5 View Existing URL Filter Rules ..............62 Configuring Advanced Firewall Features – (Firewall Advanced)....62 9.7.1 Configuring Self Access Rules ..............63 9.7.1.1 Self Access Configuration Parameters ........63 9.7.1.2 Add a Self Access Rule ...............63 9.7.1.3 Modify a Self Access Rule............64 9.7.1.4...
  • Page 8 9.8.3.4 Delete a NAT Pool ...............80 9.8.3.5 NAT Pool Example ..............80 9.8.4 Configuring Time Range................81 9.8.4.1 Time Range Configuration Parameters ........81 9.8.4.2 Add a Time Range...............82 9.8.4.3 Modify a Time Range ..............82 9.8.4.4 Delete a Time Range..............82 9.8.4.5 Delete a Schedule in a Time Range ...........82 9.8.4.6 Time Range Example..............83 Firewall Statistics –...
  • Page 9 11.6.1.2 Reset to Factory Settings Using Reset Button........100 11.6.2 Backup System Configuration ...............100 11.6.3 Restore System Configuration...............100 11.7 Upgrade Firmware....................101 11.8 Reset the RX3041H ..................102 11.9 Logout Configuration Manager ................102 ALG Configuration .......105 System Specifications......109 Hardware Specification ..................109 Default Settings ....................109 IP Addresses, Network Masks, and Subnets ..........113...
  • Page 10 Diagnosing Problem using IP Utilities..............118 D.1.1 Ping......................118 D.1.2 Nslookup....................119 Glossary ..........121 Index ............127 List of Figures Figure 2.1. Front Panel LEDs...........................3 Figure 2.2. Rear Panel Connections........................4 Figure 3.1. Overview of Hardware Connections ....................10 Figure 3.2. Login Screen ............................14 Figure 3.3.
  • Page 11 Figure 6.6. WAN Static IP Configuration ......................38 Figure 6.7. WAN Statistics Page........................... 39 Figure 7.1. RIP Configuration..........................42 Figure 7.2. Static Route Configuration......................... 43 Figure 7.3. Routing Table............................. 44 Figure 8.1. Network Diagram for RFC-2136 DDNS..................... 45 Figure 8.2. Network Diagram for HTTP DDNS ....................46 Figure 8.3.
  • Page 12 Figure 9.26 IP Pool Configuration......................... 76 Figure 9.27. Network Diagram for IP Pool Configuration..................77 Figure 9.28. IP Pool Example – Add Two IP Pools – MISgroup1 and MISgroup2..........77 Figure 9.29. IP Pool Example – Deny QUAKE-II Connection for MISgroup1............. 78 Figure 9.30.
  • Page 13 Figure 11.17. Counter Down Counter for Router Reset ..................102 Figure 11.18. Logout Page..........................103 Figure 11.19. Confirmation for Closing Browser (IE) ..................103 Figure D.1. Using the ping Utility......................... 119 Figure D.2. Using the nslookup Utility......................... 120 List of Tables Table 2.1.
  • Page 14 Table 11.3. Fixed DHCP Lease Configuration Parameters................. 98 Table A.1. Supported ALG ..........................105 Table B.1. Hardware Specification........................109 Table B.2. System Default Settings ........................109 Table C.1. IP Address structure.......................... 113...

  • Page 15: Introduction

    RX3041H User’s Manual Chapter 1. Introduction Introduction Congratulations on becoming the owner of the high-speed router, RX3041H. Your LAN (local area network) will now be able to access the Internet using your broadband connection such as those with ADSL or cable modem.

  • Page 16: Special Messages

    Chapter 1. Introduction RX3041H User’s Manual 1.3.3 Special messages This document uses the following icons to call your attention to specific instructions or explanations. Provides clarification or non-essential information on the current topic. Note Explains terms or acronyms that may be unfamiliar to many readers.

  • Page 17: Getting To Know The Rx3041H

    RX3041H User’s Manual Chapter 2. Getting to Know the RX3041H Getting to Know the RX3041H Parts List In addition to this document, your router should come with the following: RX3041H High Speed Router AC adapter Ethernet cable (“straight-through” type) Front Panel The front panel contains LED indicators that show the status of the unit.

  • Page 18: Rear Panel

    Chapter 2. Getting to Know the RX3041H RX3041H User’s Manual Rear Panel The rear panel contains the ports for the unit's data and power connections. Figure 2.2. Rear Panel Connections Table 2.2. Rear Panel Labels and LEDs Label Function Power Input Jack...

  • Page 19: Address Sharing And Management

    2.4.1.1 Address Sharing and Management The RX3041H Firewall provides NAT to share a single high-speed Internet connection and to save the cost of multiple connections required for the hosts on the LAN segments connected to the RX3041H. This feature conceals network address and prevents them from becoming public. It maps unregistered IP addresses of hosts connected to the LAN with valid ones for Internet access.

  • Page 20: Defense Against Dos Attacks

    This high-performance content access control results in increased productivity, lower bandwidth usage and reduced legal liability. The RX3041H Firewall has the ability to handle active content filtering on certain application protocols such as HTTP, FTP, SMTP and RPC.

  • Page 21: Application Level Gateway (Alg)

    2.4.1.8 Log and Alerts Events in the network, that could be attempts to affect its security, are recorded in the RX3041H System log file. Event details are recorded in WELF (WebTrends Enhanced Log Format ) format so that statistical tools can be used to generate custom reports.

  • Page 23: Quick Start Guide

    Step 1. Connect an ADSL or a cable modem. For the RX3041H: Connect one end of the Ethernet cable to the port labeled WAN on the rear panel of the device. Connect the other end to the Ethernet port on the ADSL or cable modem.

  • Page 24: Step 4. Turn On The Rx3041H, The Adsl Or Cable Modem And Power Up Your Computers

    Turn on the RX3041H, the ADSL or cable modem and power up your computers. Press the Power switch on the rear panel of the RX3041H to the ON position. Turn on your ADSL or cable modem. Turn on and boot up your computer(s) and any LAN devices such as hubs or switches.

  • Page 25: Part 2 - Configuring Your Computers

    3.2.1 Before you begin By default, the RX3041H automatically assigns all required Internet settings to your PCs. You need only to configure the PCs to accept the information when it is assigned. In some cases, you may want to configure network settings manually to some or all of your computers rather than allow the RX3041H to do so.

  • Page 26: Windows® 95, 98, And Me Pcs

    10. In the TCP/IP Properties dialog box, click the “Default Gateway” tab. Enter 192.168.1.1 (the default LAN port IP address of the RX3041H) in the “New gateway” address field and click <Add> button to add the default gateway entry.

  • Page 27: Assigning Static Ip Addresses To Your Pcs

    In some cases, you may want to assign IP addresses to some or all of your PCs directly (often called “statically”), rather than allowing the RX3041H to assign them. This option may be desirable (but not required) You have obtained one or more public IP addresses that you want to always associate with specific computers (for example, if you are using a computer as a public web server).

  • Page 28: Buttons Used In Setup Wizard

    The RX3041H provides a preinstalled software program called Configuration Manager that enables you to configure the RX3041H via your Web browser. The settings that you are most likely to need to change before using the device are grouped onto sequence of configuration pages guided by Setup Wizard. The following table shows the buttons that you’ll encounter in Setup Wizard.

  • Page 29: Figure 3.3. Setup Wizard Home Page

    RX3041H User’s Manual Chapter 3. Quick Start Guide Default Password: admin You can change the password at any time (see section 11.2 Change the Login Password on page 93). Note The Setup Wizard home page displays each time you log into the Configuration Manager (shown in Figure 3.3 on page 15).

  • Page 30: Figure 3.5. Setup Wizard - System Identity Configuration Page

    Chapter 3. Quick Start Guide RX3041H User’s Manual When changing passwords, make sure you enter the existing login password in the Login Password field, make any changes for the passwords and click the button to save the changes. 5. Now we are at the System Information setup page; enter the requested information in the spaces provided and click the button to save the changes.

  • Page 31: Figure 3.7. Setup Wizard - Lan Ip Configuration Page

    RX3041H User’s Manual Chapter 3. Quick Start Guide Figure 3.7. Setup Wizard – LAN IP Configuration Page Figure 3.8. Setup Wizard – LAN DHCP Server Configuration Page 8. It is recommended that you keep the default settings for the DHCP server until after you have completed the rest of the configurations and confirm that your Internet connection is working properly.

  • Page 32: Figure 3.9. Setup Wizard - Wan Pppoe Configuration Page

    Chapter 3. Quick Start Guide RX3041H User’s Manual Connection Mode drop- down list Figure 3.9. Setup Wizard – WAN PPPoE Configuration Page Connection Mode drop- down list Figure 3.10. Setup Wizard – WAN Dynamic IP Configuration Page...

  • Page 33: Figure 3.11. Setup Wizard - Wan Static Ip Configuration Page

    RX3041H User’s Manual Chapter 3. Quick Start Guide a) PPPoE Connection Mode (see Figure 3.9) • You don’t need to enter primary/secondary DNS IP addresses as PPPoE is able to automatically obtain this information for you from your ISP. However, if you prefer to use your favorite DNS servers, you may enter them in the space provided.

  • Page 34: Testing Your Setup

    3.3.3 Testing Your Setup At this point, the RX3041H should enable any computer on your LAN to use the RX3041H’s ADSL or cable modem connection to access the Internet. To test the Internet connection, open your web browser, and type the URL of any external website (such as http://www.asus.com).

  • Page 35: Getting Started With The Configuration Manager

    RX3041H User’s Manual Chapter 4. Getting Started with the Configuration Manager Getting Started with the Configuration Manager[CT9] Your router includes a preinstalled program called the Configuration Manager, which allows you to customize the device settings to meet the needs of your network. You access the Configuration Manager through a web browser from any PC that has access to the router via network connections.

  • Page 36: Functional Layout

    Chapter 4. Getting Started with the Configuration Manager RX3041H User’s Manual You can change the password at any time (see section 11.2.1 Change the Login Password on page 93). Note The Setup Wizard page, as shown in Figure 3.3, displays each time you log into the Configuration Manager.

  • Page 37: Overview Of System Configuration

    RX3041H User’s Manual Chapter 4. Getting Started with the Configuration Manager Table 4.1. Description of Commonly Used Buttons and Icons Button/Icon Function Stores any changes you have made on the current page. Adds the existing configuration to the system, e.g. a static route or a firewall ACL rule and etc.

  • Page 39: Configuring Lan Settings

    Ethernet switch. You must assign a unique IP address to each device residing on your LAN. The LAN IP address identifies the RX3041H as a node on your network must be in the same subnet as the PCs on your LAN.

  • Page 40: Dhcp (Dynamic Host Control Protocol)

    IP information to computers on a network. When you enable DHCP on a network, you allow a device — such as the RX3041H — to assign temporary IP addresses to your computers whenever they connect to your network. The assigning device is called a DHCP server, and the receiving device is a DHCP client.

  • Page 41: Dhcp Server Configuration

    Internet names that you type into your web browser into their equivalent numeric IP addresses. Typically, the server(s) are located with your ISP. However, you may enter LAN IP address of the RX3041H as it will serve as DNS proxy for the LAN computers and forward the DNS request from the LAN to DNS servers and relay the results back to the LAN computers.

  • Page 42: Viewing Existing Ip Address Lease

    Viewing Existing IP Address Lease When the RX3041H functions as a DHCP server for your LAN, it keeps a record of all the addresses it has leased to your computers. To view the existing lease table, just open the DHCP Server configuration page by clicking the LAN DHCP menu.

  • Page 43: Add A Fixed Dhcp Lease

    RX3041H User’s Manual Chapter 5. Configuring LAN Settings Table 5.4. Fixed DHCP Lease Configuration Parameters Field Description Fixed DHCP Lease A hardware ID of the device that needs a fixed IP address from the DHCP server. Fixed DHCP Lease IP The IP address leased from the DHCP server.

  • Page 44: Assigning Dns Addresses

    In either case, you can specify the actual addresses of the ISP's DNS servers (on the PC or in the DHCP pool), or you can specify the address of the LAN port on the RX3041H (e.g., 192.168.1.1). When you specify the LAN port IP address, the device performs DNS relay, as described in the following section.

  • Page 45: Viewing Lan Statistics

    RX3041H User’s Manual Chapter 5. Configuring LAN Settings Viewing LAN Statistics You will not typically need to view the statistics data for your LAN, but you may find it helpful when working with your ISP to diagnose network and Internet data transmission problems.

  • Page 47: Configuring Wan Settings

    ISP. You’ll learn to configure IP address, DHCP and DNS server for your WAN in this chapter. WAN Connection Mode Three modes of WAN connection are supported by the RX3041H – PPPoE, dynamic IP and static IP. The configuration of each connection mode is described in the details in the following sections. PPPoE 6.2.1...
  • Page 48 Enable this option if you wish to keep your Internet connection active, even when there is no traffic. Enter the value for the “Echo Interval” at which you want the RX3041H to send out some data periodically to your ISP. The default value of “Echo Interval” is 60 second.

  • Page 49: Configuring Pppoe For Wan

    RX3041H User’s Manual Chapter 6. Configuring WAN Settings Figure 6.1. WAN PPPoE Configuration Page 6.2.2 Configuring PPPoE for WAN Follow the instructions below to configure PPPoE settings: 1. Open the WAN configuration page by clicking on the WAN menu. 2. Select PPPoE from the Connection Mode drop-down list as shown in Figure 6.1.

  • Page 50: Dynamic Ip

    Chapter 6. Configuring WAN Settings RX3041H User’s Manual 11. Choose a connection option and enter appropriate setting if desired. The default setting is “Disable”. 12. Click to save the PPPoE settings when you are done with the configuration. You’ll see a summary of the WAN PPPoE configuration at the bottom half of the configuration page.

  • Page 51: Static Ip

    WAN subnet mask provided by your ISP. Typically, it is set as 255.255.255.0. Gateway Address Gateway IP address provided by your ISP. It must be in the same subnet as the WAN on the RX3041H. Primary/ Secondary You must at least enter the IP address of the primary DNS server. Secondary DNS is optional 6.4.2...

  • Page 52: Viewing Wan Statistics

    Chapter 6. Configuring WAN Settings RX3041H User’s Manual Connection Mode drop- down list Figure 6.5. WAN Static IP Configuration 5. Enter gateway address provided by your ISP in the space provided. 6. Enter the IP address of the primary DNS server. This information should be provided by your ISP.

  • Page 53: Figure 6.7. Wan Statistics Page

    RX3041H User’s Manual Chapter 6. Configuring WAN Settings Figure 6.7. WAN Statistics Page To see the updated statistics, click on the button.

  • Page 55: Configuring Routes

    The essential challenge of a router is: when it receives data intended for a particular destination, which next device should it send that data to? When you define IP routes, you provide the rules that the RX3041H uses to make these decisions.

  • Page 56: Configuring Rip

    Chapter 7. Configuring Routes RX3041H User’s Manual Field Description Passive Mode Enable this mode if RIP configured for this interface will only receive routing information from other routers and not send routing information to other routers. Disable this mode if you want this interface to send and receive routing information to/from other routers.

  • Page 57: Static Routing

    RX3041H User’s Manual Chapter 7. Configuring Routes 8. Repeat steps 3 to 7 if you want to configure another interface to support routing information exchange. 9. Click to save the RIP configuration. Static Routing 7.3.1 Static Route Configuration Parameters The following table defines the available configuration parameters for static routing configuration.

  • Page 58: Viewing The Routing Table

    This table is known as the device’s routing table. To view the RX3041H’s routing table, just open the Routing configuration page by clicking on the Routing menu. The Routing Table displays at the bottom half of the Routing configuration page, as shown in Figure 7.3.

  • Page 59: Configuring Ddns

    Dynamic DNS is a service that allows computers to use the same domain name, even when the IP address changes from time to time (during reboot or when the ISP's DHCP server resets IP leases). RX3041H connects to a Dynamic DNS service whenever the WAN IP address changes. It supports setting up the web services such as Web server, FTP server using a domain name instead of the IP address.

  • Page 60: Ddns Configuration Parameters

    DNS Zone Name Enter the registered domain name provided by your ISP into this field. (Note: The host name of RX3041H has to be configured in the System Information Setup page properly. For example, If the host name of your RX3041H is “host1”...

  • Page 61: Configuring Rfc-2136 Ddns Client

    Microsoft Knowledge Base article “Q317590: Configure DNS Dynamic Update in Windows 2000”, for details. 2. Make sure that you have a host name configured for the RX3041H; otherwise, open the System Identity configuration page to configure one. Please refer to the section 11.3 “Configure System Identity” for more details.

  • Page 62: Configuring Http Ddns Client

    2. Make sure that you have a host name configured for the RX3041H; otherwise, open the System Identity configuration page to configure one. Please refer to the section 11.3 “Configure System Identity” for more details.

  • Page 63: Add A Host Table Entry

    RX3041H User’s Manual Chapter 8. Configuring DDNS servers to allow the LAN hosts to access the server using the host name, e.g. telnet myServer.myCompany.com. 8.4.1.1 Add a Host Table Entry To add a host table entry, follow the instructions below: 1.

  • Page 65: Configuring Firewall/Nat Settings

    View firewall statistics. Note: When you define an ACL rule, you instruct the RX3041H to examine each data packet it receives to determine whether it meets criteria set forth in the rule. The criteria can include the network or internet protocol it is carrying, the direction in which it is traveling (for example, from the LAN to the Internet or vice versa), the IP address of the sending computer, the destination IP address, and other characteristics of the packet data.

  • Page 66: Tracking Connection State

    NAT Overview Network Address Translation allows use of a single device, such as the RX3041H, to act as an agent between the Internet (public network) and a local (private) network. This means that a NAT IP address can represent an entire group of computers to any entity outside a network.

  • Page 67: Dynamic Nat

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings Figure 9.1 Static NAT – Mapping Four Private IP Addresses to Four Globally Valid IP Addresses 9.2.2 Dynamic NAT Dynamic NAT maps an internal host dynamically to a globally valid Internet address (m-to-n). The mapping usually contains a pool of internal IP addresses (m) and a pool of globally valid Internet IP addresses (n) with m usually greater than n.

  • Page 68: Napt (Network Address And Port Translation) Or Pat (Port Address Translation)

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual 9.2.3 NAPT (Network Address and Port Translation) or PAT (Port Address Translation) Also called IP Masquerading, this feature maps many internal hosts to one globally valid Internet address. The mapping contains a pool of network ports to be used for translation. Every packet is translated with the globally valid Internet address and the port number is translated with an un-used port from the pool of network ports.

  • Page 69: Reverse Static Nat

    Reverse NAPT is also called inbound mapping, port mapping, or virtual server. Any packet coming to the RX3041H can be relayed to the internal host based on the protocol, port number and/or IP address specified in the ACL rule. This is useful when multiple services are hosted on different internal machines. Figure 9.6 shows that web server (TCP/80) is hosted on PC A, telnet server (TCP/23) on PC B, DNS server (UDP/53) on PC C and FTP server (TCP/21) on PC D.
  • Page 70 Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Field Description IP Address Specify the appropriate network address Subnet This option allows you to include all the computers that are connected in an IP subnet. When this option is selected, the following fields become...

  • Page 71: Configuring Inbound Acl Rules

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings Field Description Service This option allows you to select any of the pre-configured services (selectable from the drop-down list) instead of the destination port. The following are examples of services: BATTLE-NET, PC-ANYWHERE, FINGER, DIABLO-II, L2TP, H323GK,...

  • Page 72: Add An Inbound Acl Rule

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual 9.4.1 Add an Inbound ACL Rule To add an inbound ACL rule, follow the instructions below: 1. Open the Inbound ACL Rule Configuration Page by clicking on the Fire wall Inbound ACL menu.

  • Page 73: Delete An Inbound Acl Rule

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 2. Click on the icon of the rule to be modified in the inbound ACL table or select the rule number from the “ID” drop-down list. 3. Make desired changes to any or all of the following fields: action, source/destination IP, source/destination port, protocol, port mapping, time ranges, application filtering, and log.

  • Page 74: Modify An Outbound Acl Rule

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Figure 9.9. Outbound ACL Configuration Example 5. Assign a priority for this rule by selecting a number from the “Move to” drop-down list. Note that the number indicates the priority of the rule with 1 being the highest. Higher priority rules will be examined prior to the lower priority rules by the firewall.

  • Page 75: Display Existing Outbound Acl Rules

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 1. Open the Outbound ACL Rule Configuration Page by clicking on the Firewall Outbound ACL menu. 2. Click on the icon of the rule to be deleted in the outbound ACL table or select the rule number from the “ID”...

  • Page 76: Modify An Url Filter Rule

    Advanced) This option sequence brings up the screen with the following sub-options for setting advanced firewall features: Self Access – This option allows you to configure rules for controlling packets targeting the RX3041H itself. Services – Use this option to configure services (applications using specified port numbers). Each service record contains the name of service record, the IP protocol value and its corresponding port number.

  • Page 77: Configuring Self Access Rules

    Select the direction from which the traffic will be allowed. From LAN Select Enable or Disable to allow or deny traffic from the LAN (internal network) to the RX3041H. From WAN Select Enable or Disable to allow or deny traffic from WAN (external network) to the RX3041H.

  • Page 78: Modify A Self Access Rule

    Add a new Self Access rule to: • Allow TCP port 80 traffic (i.e. HTTP traffic) from the LAN and deny the HTTP traffic from the WAN port (i.e. from the external network) to the RX3041H. 9.7.1.3 Modify a Self Access Rule To modify a Self Access rule, follow the instructions below: 1.

  • Page 79: Add A Service

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.7.2.2 Add a Service To add a service, follow the instructions below: 1. Open the Service List configuration page by clicking the Firewall Advanced Service. 2. Select “Add New” from the service drop-down list.

  • Page 80: Delete A Service

    9.7.3 Configuring DoS Settings The RX3041H has a proprietary Attack Defense Engine that protects internal networks from Denial of Service (DoS) attacks such as SYN flooding, IP smurfing, LAND, Ping of Death and all re-assembly attacks. It can drop ICMP redirects and IP loose/strict source routing packets. For example, a security device with the RX3041H Firewall provides protection from “WinNuke”, a widely used program to remotely crash unprotected...

  • Page 81: Configuring Dos Settings

    IP packet. This option is required if your connection to the ISP is through PPPoE. This data is used during transmission or reception of IP fragments. When large sized packets are sent via the RX3041H, the packets are chopped into fragments as large as MTU (Maximum Transmission Unit). By default, this number is set to 45.

  • Page 82: Firewall Policy List - (Firewall Policy List)

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Figure 9.16. DoS Attack Protection List To configure DoS settings, follow the instructions below: 1. Open the DoS configuration page by clicking on the Firewall Advanced DoS menu. 2. Check or uncheck individual option to enable or disable additional protection against specific type of attack.

  • Page 83: Configuring Application Filter

    This high-performance content access control results in increased productivity, lower bandwidth usage and reduced legal liability. The RX3041H has the ability to handle active content filtering on certain application protocols such as HTTP, FTP, SMTP and RPC.

  • Page 84: Add An Application Filter

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Field Description PASV Allow initiation of a passive data connection. PORT Allow or deny Port Number to participate in an active data connection. RETR Allow or deny getting a file from the FTP server.

  • Page 85: Ftp Example: Add A Ftp Filter Rule To Block Ftp Delete Command

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.8.1.2.1 FTP Example: Add a FTP Filter Rule to Block FTP DELETE Command 10.64.2.0 FTP Server 10.64.2.254 Outside FW Inside FW Private Network 192.168.1.0/24 Figure 9.18 Network Diagram for FTP Filter Example – Blocking FTP Delete Command 1.

  • Page 86: Figure 9.20 Ftp Filter Example - Firewall Configuration Assistant

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual FTP Command drop-down list Figure 9.20 FTP Filter Example – Firewall Configuration Assistant 8. Select the desired FTP command from the FTP Command drop-down list and then click on the button. The selected FTP command will be added into the selected Deny FTP Commands field.

  • Page 87: Http Example: Add A Http Filter Rule To Block Java Applets And Java Archives

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.8.1.2.2 HTTP Example: Add a HTTP Filter Rule to Block JAVA Applets and Java Archives 1. Open the Application Filer configuration page by clicking the Firewall Policy List Application Filter menu. 2. Select HTTP from the Filter Type drop-down list.

  • Page 88: Modify An Application Filter

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual HTTP filter drop-down list Figure 9.24. HTTP Filter Example – Associate HTTP Filter Rule to an ACL Rule 9.8.1.3 Modify an Application Filter To modify an IP Pool, follow the instructions below: 1.

  • Page 89: Delete An Application Filter

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 4. Click on the button to save the new settings. The new settings for this application filter will then be displayed in the Application Filter List table. 9.8.1.4 Delete an Application Filter...

  • Page 90: Modify An Ip Pool

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual IP Pool drop-down list IP Pool Type drop-down list Figure 9.26 IP Pool Configuration 6. Click on the button to create the new IP Pool. The new IP Pool will then be displayed in the IP Pool list table.

  • Page 91: Ip Pool Example

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 9.8.2.5 IP Pool Example Internet Outside FW Inside FW 192.168.1.10 192.168.1.11 192.168.1.12 MISgroup2 MISgroup1 Figure 9.27. Network Diagram for IP Pool Configuration 1. Open the IP Pool configuration page to create two IP groups – see Figure 9.28.

  • Page 92: Configuring Nat Pool

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Source IP Type drop-down list IP Pool drop-down list Figure 9.29. IP Pool Example – Deny QUAKE-II Connection for MISgroup1 9.8.3 Configuring NAT Pool 9.8.3.1 NAT Pool Configuration Parameters Table 9.8 describes the configuration parameters available for a NAT pool.

  • Page 93: Add A Nat Pool

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings Field Description Interface Select this type of NAT to specify the Dynamic Interface whose IP address should be used for subjecting traffic to NAT. 9.8.3.2 Add a NAT Pool To add a NAT Pool, follow the instructions below: 1.

  • Page 94: Delete A Nat Pool

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual 4. Click on the button to save the new settings. The new settings for this pool will then be displayed in the NAT Pool List table. 9.8.3.4 Delete a NAT Pool To delete a NAT Pool, click on the icon of the NAT pool to be deleted or follow the instruction below: 1.

  • Page 95: Configuring Time Range

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 2. Associate the NAT pool to an outbound ACL rule by selecting “NAT Pool” from the NAT type drop-down list and then choose an existing NAT pool from the NAT pool drop-down list.

  • Page 96: Add A Time Range

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual 9.8.4.2 Add a Time Range To add a Time Range, follow the instructions below: 1. Open the Time Range configuration page by clicking the Firewall Policy List Time Range menu. 2. Select “Add New Time Range” from the Time Range drop-down list.

  • Page 97: Time Range Example

    RX3041H User’s Manual Chapter 9. Configuring Firewall/NAT Settings 3. Select the Schedule from the drop-down list. 4. Click on the button to delete this schedule. 9.8.4.6 Time Range Example 1. Create a time range – see Figure 9.32. Figure 9.35. Time Range Example – Create a Time Range 2.

  • Page 98: Figure 9.37. Firewall Statistics

    Chapter 9. Configuring Firewall/NAT Settings RX3041H User’s Manual Figure 9.37. Firewall Statistics...

  • Page 99: Configuring Remote Access

    When a user belonging to a group logs in via the Internet or through the local network, the RX3041H Firewall activates the policies associated with the group and creates dynamic policies associated with the user. These dynamic policies are referred to for every connection from the user.

  • Page 100: Add A User Group And/Or A User

    Chapter 10. Configuring Remote Access RX3041H User’s Manual Field Description User State Click on the Enable or Disable radio button to enable or disable the user. Disabling the user will force the user to be disconnected. Further login from that specific user will be disabled. Enabling the user will allow the specific user to log in.

  • Page 101: Modify A User Group Or A User

    RX3041H User’s Manual Chapter 10. Configuring Remote Access 1. Open the User Group configuration page by clicking the Remote Access User Group menu. 2. Select an existing group from the user group drop-down list. 3. Select “Add New User” from the user drop-down list.

  • Page 102: User Group And Users Configuration Example

    Chapter 10. Configuring Remote Access RX3041H User’s Manual 10.2.5 User Group and Users Configuration Example Figure 10.2. User Group and Users Configuration Example Example Figure 10.2 displays the screen with entries to: Add a new user group and a new user •...

  • Page 103: Modify A Group Acl Rule

    RX3041H User’s Manual Chapter 10. Configuring Remote Access 2. Select “Add New” from the “ID” drop-down list. 3. Set desired action (Allow or Deny) from the “Action” drop-down list. 4. Select Outbound or Inbound from the rule Type drop-down list.

  • Page 104: Delete A Group Acl Rule

    For a user belonging to a user group to connect to the Internet Access Router, he or she must do a special login first to activate user group based policies; otherwise, the RX3041H will drop all the connection requests from the user. Users in a user group can enter the following URL in the browser in order to login to the RX3041H and activate associated access policies.

  • Page 105: Configure Firewall For Remote Access

    The steps required for configuring the RX3041H for remote access is best explained with an example. The following shows the steps required to configure the RX3041H for the remote users, Richard and Gloria, to access the FTP server located in the protected network, i.e. corporate LAN.

  • Page 106: Figure 10.8. User And User Group Configuration Example

    2. Create an inbound group ACL rule (see Figure 10.9) to allow remote access users, Richard and Gloria, to access FTP server in the corporate network. 3. Remote users, Richard and Gloria, can then login into the RX3041H to access the FTP server by entering the following URL in the browser:...

  • Page 107: System Management

    RX3041H User’s Manual Chapter 11. System Management System Management This chapter describes the following administrative tasks that you can perform using the Configuration Manager: Configure system services Modify password and add management hosts Modify system specific information Modify system date and time...

  • Page 108: Configure Management Stations

    Chapter 11. System Management RX3041H User’s Manual Administrator has the privilege to modify the system settings while guest can only view the system settings. Passwords of both the admin and guest accounts can be changed by the administrator. This username and password is only used for logging into the Configuration Manager;...

  • Page 109: Add A Management Station Group

    RX3041H User’s Manual Chapter 11. System Management Table 11.1. Management Station Configuration Parameters Field Description Add New Click on this option to add a new management group. Number Select a management group from the drop-down list to modify its configuration.

  • Page 110: Modify A Management Station Group

    Chapter 11. System Management RX3041H User’s Manual Figure 11.4. Management Station Summary 11.2.2.3 Modify a Management Station Group To modify a management station group, follow the instructions below: 1. Open the Password configuration page by clicking the System Management Password menu.

  • Page 111: Date/Time Configuration Parameters

    Date and time can be maintained by the router itself by entering correct date and time in the Date and Time fields respectively. Note that you must manually set the date and time again each time the RX3041H reboots. It is recommended that you use external time servers to help maintain the date and time for your router. Follow the instructions below to configure SNTP servers to maintain date and time for your router: 1.

  • Page 112: View The System Date And Time

    RX3041H. Trap message is sent by the RX3041H to tell the SNMP management station that something has happened on the RX3041H. This field is used to enter the Trap Address IP address of the SNMP management station that is supposed to receive trap...

  • Page 113: Configuring Snmp

    Default Setting menu. 2. Click on button to set the system configuration back to the factory default settings. Note that the RX3041H will reboot to make the factory default configuration in effect. Figure 11.9. Default Setting Configuration 3. A count down timer will popup as shown below.

  • Page 114: Reset To Factory Settings Using Reset Button

    3. After the ALARM LED flashes once, press the reset button again. You will then see the Alarm LED flash twice in about 5 seconds. This indicates that the RX3041H is about to revert to the factory default settings. If you change your mind, you may press the reset button again or turn the power off to cancel the action.

  • Page 115: Upgrade Firmware

    ASUSTeK may from time to time provide you with an update to the firmware running on the RX3041H. All system software is contained in a single file, called an image. Configuration Manager provides an easy way to upload the new firmware image. To upgrade the image, follow this procedure: 1.

  • Page 116: Reset The Rx3041H

    RX3041H. You’ll have to manually reset the RX3041H by pressing the reset button to start all over again. Note: the firmware update process may take up to 3 minutes to complete.

  • Page 117: Figure 11.18. Logout Page

    RX3041H User’s Manual Chapter 11. System Management To logout of Configuration Manager, open the Logout page by clicking the Logout menu and then click on the button in the Logout page. If you are using IE, a window similar to the one shown in Figure 11.19 will pop up for logout confirmation before closing your browser window.

  • Page 119: Alg Configuration

    RX3041H User’s Manual Appendix A. ALG Configuration ALG Configuration Table A.1 lists all the supported ALGs (Application Layer Gateway). Table A.1. Supported ALG ALG/Application Protocol and Port Predefined Service Tested Software Name Name Version PC Anywhere UDP/22 PC-ANYWHERE pcAnywhere 9.0.0...
  • Page 120 Appendix A. ALG Configuration RX3041H User’s Manual ALG/Application Protocol and Port Predefined Service Tested Software Name Name Version L2TP UDP/1701 L2TP Windows 2000 Server built-in UDP/53 PPTP TCP/1723 PPTP Windows 2000 Server built-in UDP/53 IPSec (Only Tunnel UDP/500 Windows 2000 Server...
  • Page 121 RX3041H User’s Manual Appendix A. ALG Configuration ALG/Application Protocol and Port Predefined Service Tested Software Name Name Version TCP/443 HTTPS TCP/80 HTTP UDP/53 Diablo II (BATTLE- TCP/4000 DIABLO-II Diablo II NET-TCP, BATTLE- TCP/ 6112 BATTLE-NET-TCP, NET-UDP) BATTLE-NET-UDP UDP/53 UDP/6112 Diablo II...

  • Page 123: System Specifications

    Ports For use on system reboot and reset to factory Reset button settings Console port For use by ASUS only Temperature: 0°C ~ 40°C (32°F ~ 105°F) Operation Humidity: 10% ~ 90%, non-condensing Environmental Specification Temperature: -20°C ~ 65°C (-4°F ~ 149°F)
  • Page 124 Appendix B. System Specifications RX3041H User’s Manual (PPPoE:0, Host Name RX3041H PPPoE:1) Obtain DNS Automatically MSS Clamping Enabled, MSS Value – 40 bytes Options Keep Alive, Echo Interval – 60 seconds Host Name RX3041H Dynamic (DHCP Obtain DNS Automatically Client)
  • Page 125 RX3041H User’s Manual Appendix B. System Specifications System Management Firewall, DNS Relay, DHCP Server, Revert Enable back to the factory default by using the Reset System Services button Disable DDNS, RIP, SNTP, UPnP Username: admin (cannot be changed) Administrator Password: admin...

  • Page 127: Ip Addresses, Network Masks, And Subnets

    RX3041H User’s Manual Appendix C. IP Addresses, Network Masks, and Subnets IP Addresses, Network Masks, and Subnets C.1 IP Addresses This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered.

  • Page 128: Subnet Masks

    Appendix C. IP Addresses, Network Masks, and Subnets RX3041H User’s Manual Class A networks are the Internet's largest networks, each with room for over 16 million hosts. Up to 126 of these huge networks can exist, for a total of over 2 billion hosts. Because of their huge size, these networks are used for WANs and by organizations at the infrastructure level of the Internet, such as your ISP.
  • Page 129 RX3041H User’s Manual Appendix C. IP Addresses, Network Masks, and Subnets Class C: 255.255.255.0 These are called default because they are used when a network is initially configured, at which time it has no subnets.

  • Page 131: Troubleshooting

    Appendix D. Troubleshooting Troubleshooting This appendix suggests solutions for problems you may encounter in installing or using the RX3041H, and provides instructions for using several IP utilities to diagnose problems. Contact Customer Support if these suggestions do not resolve the problem.

  • Page 132: Diagnosing Problem Using Ip Utilities

    Appendix D. Troubleshooting RX3041H User’s Manual Problem Troubleshooting Suggestion public IP address (usually this public IP address is the WAN IP address). Your PC’s IP address must be within the IP range specified in the NAT rules. The default firewall outbound ACL rule includes a NAT rule for all hosts on the LAN.

  • Page 133: Nslookup

    If the target computer cannot be located, you will receive the message “Request timed out.” Using the ping command, you can test whether the path to the RX3041H is working (using the preconfigured default LAN IP address 192.168.1.1) or another address you assigned.

  • Page 134: Figure D.2. Using The Nslookup Utility

    Appendix D. Troubleshooting RX3041H User’s Manual Figure D.2. Using the nslookup Utility There may be several addresses associated with an Internet name. This is common for web sites that receive heavy traffic; they use multiple, redundant servers to carry the same information.

  • Page 135: Glossary

    A DHCP relay is a computer that forwards DHCP data between computers that request IP addresses and the DHCP server that assigns the addresses. Each of the RX3041H's interfaces can be configured as a DHCP relay. See DHCP. DHCP server...
  • Page 136 Appendix E. Glossary RX3041H User’s Manual element of URLs, which identify a specific file at a web site, e.g., http://www.asus.com. See also DNS. download To transfer data in the downstream direction, i.e., from the Internet to the user. Digital Subscriber Line A technology that allows both digital data and analog voice signals to travel over existing copper telephone lines.
  • Page 137 Local Area Network A network limited to a small geographic area, such as a home, office, or small building. Light Emitting Diode An electronic light-emitting device. The indicator lights on the front of the RX3041H are LEDs. MAC address Media Access Control address The permanent hardware address of a device, assigned by its manufacturer.
  • Page 138 Appendix E. Glossary RX3041H User’s Manual between your ISP and your computer. The WAN interface on the RX3041H uses two forms of PPP called PPPoA and PPPoE. See also PPPoA, PPPoE. PPPoE Point-to-Point Protocol over Ethernet One of the two types of PPP interfaces you can define for a Virtual Circuit (VC), the other type being PPPoA.
  • Page 139 Wide Area Network Any network spread over a large geographical area, such as a country or continent. With respect to the RX3041H, WAN refers to the Internet. Web browser A software program that uses Hyper-Text Transfer Protocol (HTTP) to download information from (and upload to) web sites, and displays the information, which may consist of text, graphic images, audio, or video, to the user.

  • Page 141: Index

    RX3041H User’s Manual Appendix F. Index Index 100BASE-T, 121 defined, 29 10BASE-T, 121 relay, 30 ADSL, 121 Domain name, 121 authenticate, 121 Domain Name System. See DNS Binary numbers, 121 download, 122 Bits, 121 Broadband, 121 defined, 122 Broadcast, 121...
  • Page 142 Appendix F. Index RX3041H User’s Manual Internet, 122 in Fixed DHCP Lease Table, 29 troubleshooting access to, 117 MAC addresses, 123 Intranet, 122 Management Station Configuration, 95 IP address Mask. See Network mask in device's routing table, 44 Mbps, 123...
  • Page 143 RX3041H User’s Manual Appendix F. Index Management Station Configuration, 95 Static routes Routing Configuration, 42, 43, 44 adding, 43 Setup Wizard, 15, 23 Statically assigned IP addresses, 26 User Password Configuration, 94 Subnet, 124 WAN Statistics, 39 Subnet mask. See Network mask...

Table of Contents