Cisco Router DPC/EPC2425 DOCSIS User Manual
Have a look at the manual Cisco Router DPC/EPC2425 DOCSIS User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4028315 Rev A 61 How Do I Configure My DOCSIS Residential Gateway? Field Name Description Subnet Allows you to enter Subnet information based on the selected Address group type as follows: ƒ For IP subnet, enter the subnet ƒ For Single IP address, enter only the specific IP address ƒ For IP address range, enter the starting and ending IP addresses Mask Allows you to enter Mask information based on the selected Address group type as follows: ƒ For IP subnet, enter the subnet mask ƒ For Single IP address, enter only the specific IP address in the Subnet field. Leave this field blank. ƒ For IP address range, enter the starting IP and ending IP addresses Identity type Allows you to select the local Identity type from one of the following options: ƒ WAN IP address of the router(default) ƒ User-specified IP address ƒ Fully qualified domain name (FQDN) ƒ Email address This is the identity that the far endpoint will use for identification of the VPN termination point. The remote VPN endpoint on the other end of the tunnel should match these settings for its remote endpoint settings Identity Allows you to enter the identi ty string after you have selected the identity type using one of the following formats: ƒ For IP address mode use the format xxx.xxx.xxx.xxx ƒ For FQDN use the format yourdomain.com ƒ For email address use the form at [email protected] The remote VPN endpoint on the other end of the tunnel should match these settings for its remote endpoint settings
62 4028315 Rev A How Do I Configure My DOCSIS Residential Gateway? Remote Endpoint Settings These settings control how the local endp oint (router) connects to the far VPN termination point (the other end of the VPN tunnel). Field Name Description Address group type Allows you to select the address group type for the remote VPN access group. The following types are available: ƒ IP subnet ƒ Single IP address ƒ IP address range The remote VPN endpoint on the other end of the tunnel should match these settings for its remote endpoint settings Subnet Allows you to enter Subnet information based on the selected Address group type as follows: ƒ For IP subnet, enter the subnet ƒ For Single IP address, enter only the specific IP address ƒ For IP address range, enter the starting and ending IP addresses Mask Allows you to enter Mask information based on the selected Address group type as follows: ƒ For IP subnet, enter the subnet mask ƒ For Single IP address, enter only the specific IP address in the Subnet field. Leave this field blank. ƒ For IP address range, enter the starting IP and ending IP addresses Identity type Allows you to select the remo te Identity type from one of the following options: ƒ WAN IP address of the router(default) ƒ User-specified IP address ƒ Fully qualified domain name (FQDN) ƒ Email address This is the identity that the far endpoint will use for identification of the VPN termination point. The remote VPN endpoint on the other end of the tunnel should match these settings for its remote endpoint settings
4028315 Rev A 63 How Do I Configure My DOCSIS Residential Gateway? Field Name Description Identity Allows you to enter the identi ty string after you have selected the identity type using one of the following formats: ƒ For IP address mode use the format xxx.xxx.xxx.xxx ƒ For FQDN use the format yourdomain.com ƒ For email address u se the format [email protected] The remote VPN endpoint on the other end of the tunnel should match these settings for its remote endpoint settings Network address type Allows you to enter the address type for the endpoint WAN. Choose one of the following options: ƒ IP address ƒ FQDN Remote address Allows you to enter either the IP address or the FQDN of the remote endpoint depending on what Network Address type you selected IPsec Settings With VPN tunnels there are two phas es of Security Association (SA). Phase 1 creates an Internet Key Exchange (IKE) SA When Phase 1 is complete, Phase 2 create s one or more IPsec SAs that are then used to key IPsec sessions Field Description Pre-shared key Allows you to enter the Pre-shared key of the firewall identifier if one side of the VPN tunnel is using a unique firewall Phase 1 DH group Allows you to select one of following three Diffie-Hellman (DH) encryption/decryption groups: ƒ 768 bits ƒ 1024 bits ƒ 1536 bits Diffie-Hellman is a cryptographic technique that uses public and private keys for encryption and decr yption. The higher number of bits selected, the more secure the connection
64 4028315 Rev A How Do I Configure My DOCSIS Residential Gateway? Field Description Phase 1 encryption Allows you to select th e form of encryption to secure the VPN connection between endpoints. Select from the following five encryption types: ƒ DES ƒ 3DES ƒ AES-128 ƒ AES-192 ƒ AES-256 You may choose any encryption type as long as the other end of the VPN tunnel uses the same method Phase 1 authentication Allows you to select an authentication type for another level of security. Select one of the following authentication types: ƒ MD5 ƒ SHA You may choose either authentication type as long as the other end of the VPN tunnel uses the same method Note: SHA is recommended because it is more secure. Phase 1 SA lifetime Allows you to enter the nu mber of seconds for an individual rotating key to last until a re-key negotiation between each endpoint occurs. Smaller lifetimes are generally more secure since it would give a hacker a smaller amount of time to try to crack the key. However, key negotiation does take up bandwidth, so network throughput is sacrificed with small lifetimes. The default setting is 28,800 seconds. Phase 2 encryption Allows you to select th e form of encryption to secure the VPN connection between endpoints. Select from the following five encryption types: ƒ DES ƒ 3DES ƒ AES-128 ƒ AES-192 ƒ AES-256 You may select any form of encryption as long as long as the other end of the VPN tunnel uses the same method Note: 3DES encryption is commonly used, but AES is recommended because it is very difficult to crack
4028315 Rev A 65 How Do I Configure My DOCSIS Residential Gateway? Field Description Phase 2 authentication Allows you to select an authentication type for another level of security. Select one of the following three authentication types: ƒ MD5 ƒ SHA ƒ Null (none) You may choose any authentication type as long as the other end of the VPN tunnel uses the same method Note: SHA is recommended because it is more secure. Phase 2 SA lifetime Allows you to enter the nu mber of seconds for an individual rotating key to last until a re-key negotiation between each endpoint occurs. Smaller lifetimes are generally more secure since it would give a hacker a smaller amount of time to try to crack the key. However, key negotiation does take up bandwidth, so network throughput is sacrificed with small lifetimes. The default setting for Phase 2 is 3,600 seconds. Configuring Firewall Protection Use the Setup Firewall - Options page to configure webpage filtering and firewall protection. This page allows you to enab le various firewall protection filters. Note: If you are not familiar with the advanc ed settings detailed in this section, contact your service provider before you attempt to change any of the residential gateway default firewall options settings. Click Options in the Firewall section of the Setup page to access the Setup Firewall - Options page.
66 4028315 Rev A How Do I Configure My DOCSIS Residential Gateway? Setup Firewall - Options Page The following illustration is an example of the Setup Firewall - Options page. Setup Firewall - Opti ons Page Description This section describes the section headings and fields descriptions of the Setup Firewall - Options page. Note: If you make changes in any of the fiel ds in the Setup Firewall - Options page, click Apply to apply and save your Firewall settings. The following table provides a descriptio n of each field name within the Setup Firewall - Options page. Field Name Description Filter Proxy Enables/disables proxy Filter Cookies Enables/disables cookie blocking. This feature filters the unsolicited delivery of cookies to devices from the Internet to devices in your private local network. Cookies are computer files that contain personal information or Web surfing behavior data. Filter Java Applets Enable s/disables java applets. This feature helps to protect the devices in your private network from irritating or malicious Ja va applets that are sent, unsolicited, to devices in your private network from the Internet. These applet s run automatically when they are received by a PC.
4028315 Rev A 67 How Do I Configure My DOCSIS Residential Gateway? Field Name Description Filter ActiveX Enables/disables ActiveX controls. This feature helps to protect the devices in your private network from irritating or malicious ActiveX controls that are sent, unsolicited, to devices in your private network from the Internet. These ActiveX controls run automatically when they are received by a PC. Filter Popup Windows Enables/disables popup windows. Some commonly used applications employ popup windows as part of the application. If you disa ble popup windows, it may interfere with some of these applications. Block Fragmented IP Packets Enables/disables filtering of fragmented IP packets. This feature helps protect your private local network from Internet based denial of service attacks. Port Scan Detection Enables/disables the gateway from responding to Internet based port scans. This feature is designed to protect your private local network from Internet based hackers who attempt to gain unsolicited access your network by detecting open IP ports on your gateway. IP Flood Detection Blocks malicious de vices that are attempting to flood devices or networks with illegal broadcast packets. Also referred to as “broadcast storm.” Firewall Protection Enables/disables the firewall. When the firewall is enabled, the firewall will allow most commonly used applications to automatically open IP ports and pass data without any special setup or manual port configuration. Configuring Firewall Event Logging and E-mail Alerts Use the Setup Firewall - Event Logging page to access the firewall event log and allows you to enter your e-mail address in order for you to receive e-mail alerts related to firewall attacks by hackers. Note: If you are not familiar with the settings detailed in this section, contact your service provider before you attempt to c hange any of the residential gateway default firewall event logging settings. Click Event Logging in the Firewall section of the Setup page to access the Setup Firewall - Event Logging page.
68 4028315 Rev A How Do I Configure My DOCSIS Residential Gateway? Setup Firewall - Ev ent Logging Page The following illustration is an example of the Setup Firewall - Event Logging page. Setup Firewall - Event Logging Page Description The Setup Firewall - Event Logging page show s events captured by the firewall. The log displays the following items: Description of the event Number of events that have occurred Last occurrence of an event Target and source addresses You can configure the system to e-mail log events to the administrator in order for the administrator to monitor the firewall. This section describes the section headings and fields descriptions of the Setup Firewall - Event Logging page. Field Name Description Enable Email Address Allows you to enter the e-mail address of the person who monitors the firewall. When an event occurs, it will be logged and an email will be sent to this address automatically reporting the event. SMTP Server Name Allows you to enter the mail server name of your outgoing mail server, or the mail server of your Internet service provider (ISP) E-mail Alerts Allows you to enable or disable sending e-mail alerts Description Describes what event was detected by the gateways firewall
4028315 Rev A 69 How Do I Configure My DOCSIS Residential Gateway? Field Name Description Count Displays the number of times the event has been detected Last Occurrence Displays the time the last occurrence of this event was detected Target Displays the IP address of the device in your private local network to which the event was directed along with the IP port number targeted by the event Source Displays the IP address of the Internet based source of the event along with the IP port number used by that device Function Keys The following function keys appear on the Setup Firewall - Event Logging page. Key Description Apply Saves the values you enter into the fields without closing the screen E-mail Log Allows you to force the system to send an e-mail alert even if the E-mail Alerts box is left unchecked Clear Log Allows you to clear all entries in the log Configuring Parental Control Use the Setup Parental Control - User Setup page to configure parental controls on the residential gateway, and to add or dele te the individuals who are authorized to set parental controls. Note: If you are not familiar with the settings detailed in this section, contact your service provider before you attempt to c hange any of the residential gateway default parental control settings. Click User Setup in the Parental Control section of the Setup page to access the Setup Parental Control - User Setup page.
70 4028315 Rev A How Do I Configure My DOCSIS Residential Gateway? Setup Parental Contro l - User Setup Page The following illustration is an example of the Setup Parental Control - User Setup page. Setup Parental Control - Us er Setup Page Description This section describes the section headings and fields descriptions of the Setup Parental Control - User Setup page. This pa ge allows you to set up user profiles. Each profile can be assigned customized le vels of Internet access as defined by the access rules assigned to that users profile. Note: Once you define and enable user profile s, each user must sign-on each time they wish to access the Internet. The user can sign-on when the pop-up sign-on screen appears in their web browser. The user must enter their correct user name and password in order to gain Internet access. Important: Make sure to disable pop-up blockers on your web browser when using user profiles. User names and passwords are case-sensitive. Field Name Description Add User Allows you to add a new user profile. Enter the name of the user and click the Add User button to add the user to the list.