Security settings – Netopia 6.3 User Manual
Page 142
142
Appendix A
CONFIG Commands
Specifies the port number for telnet (CLI) communication with the Cayman Gate-
way. Because port numbers in the range 0-1024 are used by other protocols, you
should use numbers in the range 2000-32767 when assigning new port numbers
to the Cayman Gateway telnet configuration interface.
Security Settings
Security settings include the Firewall and IPSec parameters. All of the security
functionality is keyed.
Firewall Settings (for BreakWater Firewall).
The 3 settings for BreakWater are discussed in detail on
SafeHarbour IPSec Settings
SafeHarbour VPN is a tunnel between the local network and another geographi-
cally dispersed network that is interconnected over the Internet. This VPN tunnel
provides a secure, cost-effective alternative to dedicated leased lines. Internet Pro-
tocol Security (IPsec) is a series of services including encryption, authentication,
integrity, and replay protection. Internet Key Exchange (IKE) is the key manage-
ment protocol of IPsec that establishes keys for encryption and decryption.
Because this VPN software implementation is built to these standards, the other
side of the tunnel can be either another Cayman unit or another IPsec/IKE based
security product. For VPN you can choose to have traffic authenticated,
encrypted, or both.
When connecting the Cayman unit in a telecommuting scenario, the corporate
VPN settings will dictate the settings to be used in the Cayman unit. If a parame-
ter has not been specified from the other end of the tunnel, choose the default
unless you fully understand the ramifications of your parameter choice.
This enables Network Address Translation (NAT) over the SafeHarbour tunnel.
Turns on the SafeHarbour IPsec tunnel capability.
The name of the tunnel can be quoted to allow special characters and embedded
spaces.
BOTH
set servers telnet-tcp [ 0 - 32767 ]
BOTH
set ip security firewall option (ClearSailing)
{ClearSailing | SilentRunning | LANdLocked}
BOTH
set security ipsec nat-enable (off) {on | off}
BOTH
set security ipsec option (off) {on | off}
BOTH
set security ipsec tunnels name "123"