advertisement
121
Chapter 8
Network Address Translation (NAT) Screens
This chapter discusses how to configure NAT on the BCM50a Integrated Router.
NAT overview
NAT (Network Address Translation—NAT, RFC 1631) is the translation of the
IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network, is changed to a different IP address known within another network.
NAT definitions
Inside/outside denotes where a host is located relative to the BCM50a Integrated
Router. For example, the computers of your subscribers are the inside hosts, while the Web servers on the Internet are the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router. For example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
BCM50a Integrated Router Configuration — Basics
122 Chapter 8 Network Address Translation (NAT) Screens
Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the
IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside
host when the packet is on the WAN side. Table 23
summarizes this information.
Table 23 NAT definitions
Term
Inside
Outside
Local
Global
Description
This refers to the host on the LAN.
This refers to the host on the WAN.
This refers to the packet address (source or destination) as the packet travels on the LAN.
This refers to the packet address (source or destination) as the packet travels on the WAN.
Note: NAT never changes the IP address (either local or global) of an outside host.
What NAT does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back,
NAT translates the destination address (the inside global address) to the inside local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers (for example a web server and a Telnet server) on your local network and make them accessible to the outside world. You can make designated servers on the LAN accessible to the outside world. If you do not define any servers (for Many-to-One and
Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your BCM50a Integrated Router filters out all incoming inquiries, thus preventing intruders from probing your network. For more information about IP address translation, refer to The IP Network Address
Translator (NAT) (RFC 1631).
N0115790
Chapter 8 Network Address Translation (NAT) Screens 123
How NAT works
Each packet has two addresses–a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the
LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers for
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The BCM50a Integrated Router keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored, as illustrated in
.
Figure 32 How NAT works
BCM50a Integrated Router
Port restricted cone NAT
The BCM50a Integrated Router uses port restricted cone NAT.
Port restricted cone NAT maps all requests from the same private IP address and port to the same public IP address and port. A host on the Internet can only send a packet to the private IP address and port if the private IP address and port has previously sent a packet to the IP address and port of that host.
BCM50a Integrated Router Configuration — Basics
124 Chapter 8 Network Address Translation (NAT) Screens
In
, B can send packets, with source IP address e.f.g.h and port 20202 to
A because A previously sent a packet to IP address e.f.g.h and port 20202. B cannot send packets, with source IP address e.f.g.h and port 10101 to A because A has not sent a packet to IP address e.f.g.h and port 10101.
Figure 33 Port Restricted Cone NAT
NAT application
Figure 34 illustrates a possible NAT application, where three inside LANs
(logical LANs using IP Alias) behind the BCM50a Integrated Router can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
N0115790
Chapter 8 Network Address Translation (NAT) Screens 125
Figure 34 NAT application with IP Alias
BCM50a Integrated Router
NAT mapping types
NAT supports five types of IP/port mapping. They are:
• One to One: In One-to-One mode, the BCM50a Integrated Router maps one local IP address to one global IP address.
• Many to One: In Many-to-One mode, the BCM50a Integrated Router maps multiple local IP addresses to one global IP address. This is equivalent to
SUA (for example, PAT, port address translation), the Single User Account feature (the SUA Only option).
• Many to Many Overload: In Many-to-Many Overload mode, the BCM50a
Integrated Router maps the multiple local IP addresses to shared global IP addresses.
• Many One to One: In Many-One-to-One mode, the BCM50a Integrated
Router maps each local IP address to a unique global IP address.
• Server: With this type you can specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many-One-to-One NAT mapping types.
BCM50a Integrated Router Configuration — Basics
126 Chapter 8 Network Address Translation (NAT) Screens
Table 24 summarizes these types.
Table 24 NAT mapping type
Type
One-to-One
Many-to-One (SUA/PAT)
Many-to-Many Overload
Many-One-to-One
Server
IP Mapping
ILA1
ÅÆ IGA1
ILA1
ÅÆ IGA1
ILA2 ÅÆ IGA1
…
ILA1
ÅÆ IGA1
ILA2 ÅÆ IGA2
ILA3
ÅÆ IGA1
ILA4 ÅÆ IGA2
…
ILA1
ÅÆ IGA1
ILA2 ÅÆ IGA2
ILA3
ÅÆ IGA3
…
Server 1 IP ÅÆ IGA1
Server 2 IP
ÅÆ IGA1
Server 3 IP ÅÆ IGA1
SMT Abbreviations
1-1
M-1
M-M Ov
M-1-1
Server
Using NAT
Note: You must create a firewall rule in addition to setting up SUA/
NAT, to allow traffic from the WAN to be forwarded through the
BCM50a Integrated Router.
SUA (Single User Account) versus NAT
SUA (Single User Account) is an implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The BCM50a
Integrated Router also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types. Select either SUA Only or Full Feature in WAN IP.
N0115790
Chapter 8 Network Address Translation (NAT) Screens 127
SUA Server
A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though
SUA makes your whole inside network appear as a single computer to the outside world.
You can enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example, both FTP and web service), it is better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports.
With many residential broadband ISP accounts you cannot run any server processes (such as a Web or FTP server) from your location. Your ISP periodically checks for servers and can suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP.
Default server IP address
In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen.
Note: If you do not assign a Default Server IP Address, the BCM50a
Integrated Router discards all packets received for ports that are not specified here or in the remote management setup.
BCM50a Integrated Router Configuration — Basics
128 Chapter 8 Network Address Translation (NAT) Screens
Port forwarding: Services and Port Numbers
The most often used port numbers are shown in
. Refer to Assigned
Numbers (RFC 1700) for further information about port numbers.
Table 25 Services and port numbers
Services
ECHO
FTP (File Transfer Protocol)
SMTP (Simple Mail Transfer Protocol)
DNS (Domain Name System)
Finger
HTTP (Hyper Text Transfer protocol or WWW, Web)
POP3 (Post Office Protocol)
NNTP (Network News Transport Protocol)
SNMP (Simple Network Management Protocol)
SNMP trap
PPTP (Point-to-Point Tunneling Protocol)
Port Number
79
80
110
119
7
21
25
53
161
162
1723
Configuring servers behind SUA (example)
For example, you want to assign ports 22-25 to one server, port 80 to another and assign a default server IP address of 192.168.1.35, as shown in
N0115790
Chapter 8 Network Address Translation (NAT) Screens 129
Figure 35 Multiple servers behind NAT example
BCM50a Integrated Router
Configuring SUA Server
Note: If you do not assign a Default Server IP Address, then all packets received for ports not specified in this screen are discarded.
Click SUA/NAT to open the SUA Server screen.
Refer to
Chapter 10, “Firewalls,” on page 145
BCM50a Integrated Router Configuration — Basics
130 Chapter 8 Network Address Translation (NAT) Screens
Figure 36 SUA/NAT setup
N0115790
Table 26 describes the fields in Figure 36
.
Table 26 SUA/NAT setup
Label
Default Server
#
Description
In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a default server IP address, then all packets received for ports not specified in this screen are discarded.
Number of an individual SUA server entry.
Chapter 8 Network Address Translation (NAT) Screens 131
Table 26 SUA/NAT setup
Label
Active
Name
Start Port
Description
Select this check box to enable the SUA server entry. Clear this check box to disallow forwarding of these ports to an inside server without having to delete the entry.
Enter a name to identify this port forwarding rule.
Enter a port number here. To forward only one port, enter it again in the End Port field. To specify a range of ports, enter the last port to be forwarded in the End Port No field
End Port
Server IP
Address
Apply
Reset
Enter the inside IP address of the server here.
Click Apply to save your changes to the BCM50a Integrated Router.
Click Reset to clear your changes.
Configuring Address Mapping
Ordering your rules is important because the BCM50a Integrated Router applies the rules in the order that you specify. When a rule matches the current packet, the
BCM50a Integrated Router takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule is pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and you configure rule number 9. In the set summary screen, the new rule becomes rule 7, not 9. If you delete rule 4, rules 5 to 7 are pushed up by 1 rule, so old rules 5, 6, and 7 become new rules 4, 5, and 6.
To change the NAT address mapping settings, click SUA/NAT, then the Address
Mapping tab. The screen appears as shown in Figure 37 .
BCM50a Integrated Router Configuration — Basics
132 Chapter 8 Network Address Translation (NAT) Screens
Figure 37 Address Mapping
N0115790
Table 27 describes the fields in Figure 37
.
Table 27 Address Mapping
Label Description
Local Start IP
Local End IP
This refers to the Inside Local Address (ILA), that is the starting local IP address. Local IP addresses are N/A for Server port mapping.
This is the end Inside Local Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 and 255.255.255.255 as the
Local End IP address. This field is N/A for One-to-One and Server mapping types.
Global Start IP This refers to the Inside Global IP Address (IGA). 0.0.0.0 is for a dynamic IP address from your ISP with Many-to-One and Server mapping types.
Global End IP This is the ending Inside Global Address (IGA), that is the starting global IP address. This field is N/A for One-to-One, Many-to-One and
Server mapping types.
Chapter 8 Network Address Translation (NAT) Screens 133
Table 27 Address Mapping
Label
Type
Edit
Delete
Insert
Description
1. One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
2. Many-to-One mode maps multiple local IP addresses to one global
IP address. This is equivalent to SUA (that is, PAT, port address translation), the Single User Account feature.
3. Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.
4. Many One-to-One mode maps each local IP address to unique global IP addresses.
5. Server permits you to specify inside servers of different services behind the NAT to be accessible to the outside world.
Click Edit to go to the Address Mapping Rule screen.
Click Delete to delete an address mapping rule.
Click Insert to insert a new mapping rule before an existing one.
Configuring Address Mapping
To edit an Address Mapping rule, click the Edit button to display the screen
BCM50a Integrated Router Configuration — Basics
134 Chapter 8 Network Address Translation (NAT) Screens
Figure 38 Address Mapping edit
N0115790
Table 28 describes the fields in Figure 38
.
Table 28 Address Mapping edit
Label
Type
Local Start IP
Local End IP
Global Start IP
Description
Choose the port mapping type from one of the following.
1. One-to-One: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for
One-to-one NAT mapping type.
2. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for example, PAT, port address translation), the Single User Account feature.
3. Many-to-Many Ov (Overload): Many-to-Many Overload mode maps multiple local IP addresses to shared global IP addresses.
4. Many One-to-One: Many One-to-one mode maps each local IP address to unique global IP addresses.
5. Server: With this type, you can specify inside servers of different services behind the NAT to be accessible to the outside world.
This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping.
This is the end Inside Local IP Address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address.
This field is N/A for One-to-One and Server mapping types.
This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP.
Chapter 8 Network Address Translation (NAT) Screens 135
Table 28 Address Mapping edit
Label
Global End IP
Apply
Reset
Description
This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-One, Many-to-One and Server mapping types.
Click Apply to save your changes to the BCM50a Integrated
Router.
Click Reset to begin configuring this screen afresh.
Trigger Port Forwarding
Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the
WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address,
Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The BCM50a Integrated Router records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a trigger port). When the WAN port on the BCM50a Integrated Router receives a response with a specific port number and protocol (incoming port), the BCM50a Integrated Router forwards the traffic to the LAN IP address of the computer that sent the request. After that connection closes, another computer on the LAN can use the service in the same manner. This way, you do not need to configure a new IP address each time you want a different LAN computer to use the application.
Trigger Port Forwarding example
Figure 39 illustrates an example of trigger port forwarding.
BCM50a Integrated Router Configuration — Basics
136 Chapter 8 Network Address Translation (NAT) Screens
Figure 39 Trigger Port Forwarding process: example
BCM50a Integrated Router
1 Jane (A) requests a file from the Real Audio server (port 7070).
2 Port 7070 is a trigger port and causes the BCM50a Integrated Router to record
Jane’s computer IP address. The BCM50a Integrated Router associates Jane's computer IP address with the incoming port range of 6970-7170.
3 The Real Audio server responds using a port number ranging between
6970-7170.
4 The BCM50a Integrated Router forwards the traffic to Jane’s computer IP address.
5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The BCM50a Integrated Router times out in three minutes with
UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control
Protocol/Internet Protocol).
Two points to remember about Trigger Ports
Trigger events only happen on data that is coming from inside the BCM50a
Integrated Router and going to the outside.
If an application needs a continuous data stream, that port (range) is tied up so that another computer on the LAN cannot trigger it.
N0115790
Chapter 8 Network Address Translation (NAT) Screens 137
Configuring Trigger Port Forwarding
To change trigger port settings of your BCM50a Integrated Router, click SUA/
NAT and the Trigger Port tab. The screen appears as shown in
.
Note: Only one LAN computer can use a trigger port (range) at a time.
Figure 40 Trigger Port
BCM50a Integrated Router Configuration — Basics
138 Chapter 8 Network Address Translation (NAT) Screens
describes the fields in Figure 40
.
Table 29 Trigger Port
Label
No.
Name
Incoming
Start Port
End Port
Trigger
Start Port
End Port
Apply
Reset
Description
This is the rule index number (read-only).
Type a unique name (up to 15 characters) for identification purposes. All characters are permitted, including spaces.
Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The BCM50a Integrated Router forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
Type a port number or the starting port number in a range of port numbers.
Type a port number or the ending port number in a range of port numbers.
The trigger port is a port (or a range of ports) that causes (or triggers) the BCM50a Integrated Router to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Type a port number or the starting port number in a range of port numbers.
Type a port number or the ending port number in a range of port numbers.
Click Apply to save your changes to the BCM50a Integrated Router.
Click Reset to begin configuring this screen afresh.
N0115790
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 3 Contents
- 17 Figures
- 23 Tables
- 27 Preface
- 27 Before you begin
- 27 Text conventions
- 28 Related publications
- 28 Hard copy technical manuals
- 28 How to get Help
- 29 Getting Help from the Nortel Web site
- 29 Getting Help over the phone from a Nortel Solutions Center
- 29 Getting Help from a specialist by using an Express Routing Code
- 30 Getting Help through a Nortel distributor or reseller
- 31 Getting to know your BCM50a Integrated Router
- 31 Introducing the BCM50a Integrated Router
- 31 Features
- 32 Physical features
- 34 Nonphysical features
- 39 Applications for the BCM50a Integrated Router
- 39 Secure broadband internet access and VPN
- 41 Introducing the WebGUI
- 41 WebGUI overview
- 41 Accessing the BCM50a Integrated Router WebGUI
- 44 Restoring the factory-default configuration settings
- 44 Navigating the BCM50a Integrated Router WebGUI
- 47 Wizard setup
- 47 Wizard overview
- 47 Encapsulation
- 47 ENET ENCAP
- 48 PPP over Ethernet
- 48 PPPoA
- 48 RFC 1483
- 48 Multiplexing
- 49 VC-based multiplexing
- 49 LLC-based multiplexing
- 49 VPI and VCI
- 49 Wizard setup configuration: first screen
- 51 IP address and subnet mask
- 51 IP address assignment
- 52 IP assignment with PPPoA or PPPoE encapsulation
- 52 IP assignment with RFC 1483 encapsulation
- 52 IP assignment with ENET ENCAP encapsulation
- 52 Private IP addresses
- 53 Nailed-up connection (only with PPP)
- 53 NAT
- 53 Wizard setup configuration: second screen
- 59 DHCP setup
- 59 IP pool setup
- 59 Wizard setup configuration: third screen
- 63 Wizard setup configuration: connection tests
- 63 Test your Internet connection
- 65 User Notes
- 65 General Notes
- 68 Advanced Router Configuration
- 75 System screens
- 75 System overview
- 75 DNS overview
- 75 Private DNS server
- 76 Configuring General Setup
- 79 Dynamic DNS
- 79 DYNDNS wildcard
- 79 Configuring Dynamic DNS
- 81 Configuring Password
- 83 Predefined NTP time server list
- 84 Configuring Time and Date
- 88 ALG
- 88 Configuring ALG
- 89 LAN screens
- 89 LAN overview
- 89 DHCP setup
- 89 IP pool setup
- 90 DNS servers
- 90 LAN TCP/IP
- 90 Factory LAN defaults
- 90 RIP setup
- 91 Multicast
- 92 Configuring IP
- 95 Configuring Static DHCP
- 97 Configuring IP Alias
- 99 WAN screens
- 99 WAN overview
- 99 TCP/IP Priority (metric)
- 100 Configuring General
- 102 PPPoE encapsulation
- 103 Configuring WAN ISP
- 105 Configuring WAN IP
- 109 Traffic redirect
- 111 Configuring Traffic Redirect
- 112 Configuring Dial Backup
- 117 Advanced Modem Setup
- 117 AT Command Strings
- 117 DTR Signal
- 117 Response Strings
- 118 Configuring Advanced Modem Setup
- 121 Network Address Translation (NAT) Screens
- 121 NAT overview
- 121 NAT definitions
- 122 What NAT does
- 123 How NAT works
- 124 NAT application
- 125 NAT mapping types
- 126 Using NAT
- 126 SUA (Single User Account) versus NAT
- 127 SUA Server
- 127 Default server IP address
- 128 Port forwarding: Services and Port Numbers
- 128 Configuring servers behind SUA (example)
- 129 Configuring SUA Server
- 131 Configuring Address Mapping
- 135 Trigger Port Forwarding
- 135 Trigger Port Forwarding example
- 136 Two points to remember about Trigger Ports
- 137 Configuring Trigger Port Forwarding
- 139 Static Route screens
- 139 Static Route overview
- 140 Configuring IP Static Route
- 142 Configuring Route entry
- 145 Firewalls
- 145 Firewall overview
- 145 Types of firewalls
- 146 Packet filtering firewalls
- 146 Application level firewalls
- 146 Stateful Inspection firewalls
- 147 Introduction to the BCM50a Integrated Router firewall
- 148 Denial of Service
- 148 Basics
- 149 Types of DoS attacks
- 153 Stateful inspection
- 154 Stateful inspection process
- 155 Stateful inspection and the BCM50a Integrated Router
- 156 TCP security
- 157 UDP/ICMP security
- 157 Upper layer protocols
- 158 Guidelines for enhancing security with your firewall
- 158 Packet filtering vs. firewall
- 159 Packet filtering:
- 159 Firewall
- 161 Firewall screens
- 161 Access methods
- 161 Firewall policies overview
- 163 Rule logic overview
- 163 Rule checklist
- 163 Security ramifications
- 164 Key fields for configuring rules
- 164 Connection direction examples
- 165 LAN to WAN rules
- 166 WAN to LAN rules
- 166 Configuring firewall
- 170 Configuring firewall rules
- 173 Configuring source and destination addresses
- 174 Configuring custom ports
- 175 Example firewall rule
- 178 Predefined services
- 181 Alerts
- 182 Configuring attack alert
- 182 Threshold values
- 182 Half-open sessions
- 187 Content filtering
- 187 Introduction to content filtering
- 187 Restrict web features
- 187 Days and Times
- 188 Configure Content Filtering
- 191 VPN
- 191 VPN
- 191 IPSec
- 191 BCM50a Integrated Router VPN functions
- 192 VPN screens overview
- 193 Other terminology
- 193 VPN applications
- 194 IPSec architecture
- 195 IPSec algorithms
- 196 AH (Authentication Header) protocol
- 196 ESP (Encapsulating Security Payload) protocol
- 197 Key management
- 198 Encapsulation
- 198 Transport mode
- 199 Tunnel mode
- 199 IPSec and NAT
- 200 Secure Gateway Address
- 201 Dynamic Secure Gateway Address
- 201 Summary screen
- 204 Keep Alive
- 204 Nailed up
- 205 NAT Traversal
- 206 NAT Traversal configuration
- 206 Preshared key
- 206 Configuring Contivity Client VPN Rule Setup
- 208 Configuring Advanced Setup
- 210 ID Type and content
- 211 ID type and content examples
- 212 My IP Address
- 213 Configuring Branch Office VPN Rule Setup
- 222 Configuring an IP Policy
- 228 Port forwarding server
- 228 Configuring a port forwarding server
- 230 IKE phases
- 232 Negotiation Mode
- 232 Preshared key
- 233 Diffie-Hellman (DH) Key Groups
- 233 Perfect Forward Secrecy (PFS)
- 233 Configuring advanced Branch office setup
- 237 SA Monitor
- 239 Global settings
- 240 VPN Client Termination
- 244 VPN Client Termination IP pool summary
- 246 VPN Client Termination IP pool edit
- 247 VPN Client Termination advanced
- 253 Certificates
- 253 Certificates overview
- 254 Advantages of certificates
- 254 Self-signed certificates
- 255 Configuration summary
- 255 My Certificates
- 258 Certificate file formats
- 259 Importing a certificate
- 261 Creating a certificate
- 265 My Certificate details
- 269 Trusted CAs
- 272 Importing a Trusted CA certificate
- 273 Trusted CA Certificate details
- 277 Trusted remote hosts
- 279 Verifying a certificate of a trusted remote host
- 279 Trusted remote host certificate fingerprints
- 281 Importing a certificate of a trusted remote host
- 282 Trusted remote host certificate details
- 286 Directory servers
- 287 Add or edit a directory server
- 291 Bandwidth management
- 291 Bandwidth management overview
- 292 Bandwidth classes and filters
- 292 Proportional bandwidth allocation
- 292 Application based bandwidth management
- 292 Subnet based bandwidth management
- 293 Application and subnet based bandwidth management
- 293 Reserving bandwidth for nonbandwidth class traffic
- 294 Configuring summary
- 295 Configuring class setup
- 297 Bandwidth Manager Class Configuration
- 300 Bandwidth management statistics
- 302 Monitor
- 303 Authentication server
- 303 Introduction to Local User database
- 303 Local User database
- 305 Edit Local User Database
- 308 Current split networks
- 309 Current split networks edit
- 311 Configuring RADIUS
- 315 Remote management screens
- 315 Remote management overview
- 315 Remote management limitations
- 316 Remote management and NAT
- 316 System timeout
- 317 Introduction to HTTPS
- 318 Configuring WWW
- 320 HTTPS example
- 321 Internet Explorer warning messages
- 321 Netscape Navigator warning messages
- 323 Avoiding the browser warning messages
- 324 Logon screen
- 329 SSH overview
- 330 How SSH works
- 331 SSH implementation on the BCM50a Integrated Router
- 331 Requirements for using SSH
- 331 Configuring SSH
- 333 Secure Telnet using SSH examples
- 333 Example 1: Microsoft Windows
- 334 Example 2: Linux
- 335 Secure FTP using SSH example
- 336 Telnet
- 337 Configuring TELNET
- 338 Configuring FTP
- 339 Configuring SNMP
- 341 Supported MIBs
- 341 SNMP Traps
- 342 REMOTE MANAGEMENT: SNMP
- 343 Configuring DNS
- 344 Configuring Security
- 347 UPnP
- 347 Universal Plug and Play overview
- 347 How do I know if I am using UPnP?
- 347 NAT Traversal
- 348 Cautions with UPnP
- 348 UPnP implementation
- 348 Configuring UPnP
- 350 Displaying UPnP port mapping
- 351 Installing UPnP in Windows example
- 352 Installing UPnP in Windows Me
- 353 Installing UPnP in Windows XP
- 354 Using UPnP in Windows XP example
- 355 Autodiscover Your UPnP-enabled Network Device
- 357 WebGUI easy access
- 359 Logs Screens
- 359 Configuring View Log
- 361 Configuring Log settings
- 364 Configuring Reports
- 367 Viewing Web site hits
- 369 Viewing Protocol/Port
- 370 Viewing LAN IP address
- 372 Reports specifications
- 373 Call scheduling screens
- 373 Call scheduling introduction
- 373 Call schedule summary
- 375 Call scheduling edit
- 377 Applying Schedule Sets to a remote node
- 379 Maintenance
- 379 Maintenance overview
- 379 Status screen
- 381 System statistics
- 383 DHCP Table screen
- 384 Diagnostic Screen
- 386 F/W Upload screen
- 389 Configuration screen
- 389 Back to Factory Defaults
- 390 Backup configuration
- 390 Restore configuration
- 392 Restart screen
- 393 Troubleshooting
- 393 Problems Starting Up the BCM50a Integrated Router
- 394 Problems with the LAN LED
- 394 Problems with the LAN interface
- 395 Problems with the WAN interface
- 395 Problems with Internet access
- 396 Problems accessing an Internet Web site
- 396 Problems with the password
- 396 Problems with the WebGUI
- 396 Problems with Remote Management
- 397 Allowing Pop-up Windows, JavaScript and Java Permissions
- 397 Internet Explorer Pop-up Blockers
- 401 Internet Explorer JavaScript
- 403 Internet Explorer Java Permissions
- 405 Netscape Pop-up Blockers
- 409 Netscape Java Permissions and JavaScript
- 413 Log Descriptions
- 422 VPN/IPSec Logs
- 423 VPN Responder IPSec Log
- 431 Log Commands
- 431 Configuring what you want the BCM50a Integrated Router to log
- 432 Displaying Logs
- 433 Log Command Example
- 435 Index