Table of Contents
Advertisement
10. c oMMonly requested feAtures for telstrA
business broAdbAnd equiPMent extrAs – cisco cPe
A. Wireless
b. r emote Access
Wired equivalent Privacy (WeP) and
the routers support various remote
Wifi Protected Access (WPA) are the
access applications, such as sdM, telnet,
two security protocol options available
and ssh to allow remote management.
for encrypting wireless communications
sdM can either use http or https.
on the router.
however, the sdM software needs
We recommend customers use WPA
to be installed on the Pc.
– the stronger of the two encryption
telnet and ssh are network protocols
methods.
which allow remote interactive tcP
WPA is the second generation wireless
sessions to the router. telnet is less
encryption protocol and designed to
secure since the tcP session is all in
overcome the security flaws that were
clear text while ssh is more secure,
evident in WeP. WPA is available in WPA2
it uses encryption to protect the data
(enterprise) and WPA-PsK (Personal).
between the client and the router.
We recommend you use WPA as your
c. r emote Access vPn
method for Wireless encryption.
(iPsec vPn)
WPA-PsK is easier to setup than WPA2
remote Access vPn allows mobile
(enterprise) since it uses a pre-shared
workers (tele-workers) to securely
key, compared to certificates in an
access the corporate network from
enterprise environment. the minimum
anywhere in the world.
length is 8 characters; with maximum
to securely access the corporate
63 characters, we recommend a
network, the router needs to be setup
minimum length of 20 characters.
to accept and terminate the iPsec vPn
values can be alpha-numeric.
tunnel and the cisco vPn client
to use either WeP or WPA both the
software needs to be installed on
wireless devices and the operating
the Pc to initiate the request.
system must be able to support it.
When the iPsec tunnel is established,
please note: some older operating
it offers the user comprehensive security
systems may not support WPA and
by encrypting the data between the
will require WeP. it is not possible
client Pc and the router.
to mix WPA and WeP.
Important note:
if one device on the network is limited
this feature is available through
to WeP, then either that device needs
telstra if you have purchased the
to be replaced or the entire network
telstra business broadband extras
is to be limited to using WeP.
'router support service (rss)'.
for more information on this telstra
business broadband extras, please
contact your telstra Account
representative or call 1800 655 744.
23
d. d ynamic host control
Protocol (dhcP)
the dhcP protocol allows a server to
dynamically assign iP addresses and
dns addresses to the Pc tcP/iP software
stack. the iP addresses are assigned
from an arbitrary iP address pool.
e. i ntegrated firewall
in its simplest form, a firewall
prevents unauthorized access from
an untrusted source to a trusted
network. the Zone base firewall (Zbf)
feature is a sophisticated form of
firewall introduced in cisco ios
version 12.4(6)t which provides
stateful inspection.
stateful inspection offers better
security by keeping track of the packets
traversing the router by "inspecting"
the packet up to the application layer
information. this allows the router to
distinguish legitimate packets for
different types of connections.
f. n etwork Address translation
(nAt)/Port Address
translation (PAt)
the concept of nAt and PAt allows
internal devices with unregistered
(private) address to access the internet
by having the router re-write and
replace the internal address with an
internet (public) valid iP Address.
nAt allows the router to allocate
one public iP address to one internal
private iP address while PAt allows the
router to share one public iP address
amongst many internal private
iP addressed devices.
it should be noted that some protocols
may break when used in conjunction
with nAt/PAt since some protocols
may have embedded iP addresses
in the payload itself.
it is assumed the customer will
only encounter standard well
known protocols.
24
Advertisement
Table of Contents
