Cisco Router DPC/EPC2425 DOCSIS User Manual

							
4028315 Rev A    51  
  How Do I Configure My DOCSIS Residential Gateway?
   
Configuring and Enabling TC P and UDP Port Filters 
Use the Setup Advanced Settings - Port Filtering page to configure and enable TCP 
and UDP port filters. These filters preven t a range of TCP/UDP ports from accessing 
the Internet. You can also prevent PCs fr om sending outgoing TCP/UDP traffic to 
the WAN on specific IP port numbers. This  filter is not IP address- or MAC address-
specific. The system blocks the specified port ranges for all PCs. 
Note:  If you are not familiar with the advanc ed settings detailed in this section, 
contact your service provider before you  attempt to change any of the residential 
gateway default advanced port filtering settings. 
Click  Port Filtering  in the Advanced Settings section of the Setup page to access the 
Setup Advanced Settings - Port Filtering page. 
 
Setup Advanced Settings -  Port Filtering Page 
The following illustration is an example  of the Setup Advanced Settings - Port 
Filtering page. 
  
Setup Advanced Settings - Port  Filtering Page Description 
Use this link to enter and enable the desired  port filtering ranges and protocols in the 
appropriate fields and then click  Apply to apply and save your new port filtering 
settings. 
  
						

							
52    4028315 Rev A  
How Do I Configure My DOCSIS Residential Gateway?   
Configuring Port Forwarding  for Local IP Addresses 
Use the Setup Advanced Settings - Port Forwarding page to configure port 
forwarding for local IP addresses. Port forw arding allows you to run a server on the 
LAN by specifying the mapping of TCP/UDP ports to a local PC. You must a\
lso set 
up a fixed private LAN IP address for the destination device. 
Note:  If you are not familiar with the advanc ed settings detailed in this section, 
contact your service provider before you  attempt to change any of the residential 
gateway default advanced port forwarding settings. 
Click  Port Forwarding  in the Advanced Settings section of the Setup page to access 
the Setup Advanced Settings - Port Forwarding page. 
 
Setup Advanced Settings -  Port Forwarding Page 
The following illustration is an example  of the Setup Advanced Settings - Port 
Forwarding page. 
  
Setup Advanced Settings - Port  Forwarding Page Description 
The following example illustrates how to  use the port forwarding feature to 
configure the Microsoft X-Box Online Live for Internet gaming. 
Note:  For most widely used applications (including Microsoft X-Box Online Live), 
the built-in firewall automatically maps  and opens ports required for that 
application while the application is in use. 
1   Set the device to be used for port forw ard to a fixed IP address, for example, 
192.168.0.5 .  
						

							
4028315 Rev A    53  
  How Do I Configure My DOCSIS Residential Gateway?
   
2   In the first entry of the Port Forwarding  area of the page, enter the same IP 
address (192.168.0.5) in the Local IP Address field. 
3   In the same row, enter the appropriate  port numbers in the Start Port and End 
Port fields. 
4   In the same row, select the appropriate  protocol from the drop-down list in the 
Protocol field, and then select the box in the  Enable field. 
5   To add additional ports, repeat steps 1 through 4, and then go to step 6. 
6   Click  Apply  to apply and save your new port forwarding settings. 
 
Configuring TCP/UDP Port Triggers 
Use the Setup Advanced Settings - Port Tr iggers page to configure TCP/UDP port 
triggers. Port triggering is similar to port  forwarding but is dynamic. In other words, 
the system does not hold the ports open indefinitely. For example, when the 
residential gateway detects outgoing data on  a specific IP port number set in the 
“Trigger Range,” the resulting ports set  in the “Target Range” will open for 
incoming data. If the system detects no ou tgoing traffic on the “Trigger Range” ports 
for a period of 10 minutes, the “Target Range” ports close. This is a safer method for 
opening specific ports for special app lications, such as, video conferencing 
programs, interactive gaming, and file transfe r in chat programs. This is safe because 
the ports are dynamically triggered and not held open continuously or left open 
erroneously by the router administrator.  Therefore, these ports are not exposed and 
vulnerable for potential hackers to discover. 
Note:  If you are not familiar with the advanc ed settings detailed in this section, 
contact your service provider before you  attempt to change any of the residential 
gateway default advanced port triggers settings. 
Click  Port Triggers  in the Advanced Settings section of the Setup page to access the 
Setup Advanced Settings - Port Triggers page. 
  
						

							
54    4028315 Rev A  
How Do I Configure My DOCSIS Residential Gateway?   
Setup Advanced Settings -  Port Triggers Page 
The following illustration is an example  of the Setup Advanced Settings - Port 
Triggers page. 
  
Setup Advanced Settings - Port  Triggers Page Description 
Use this link to enter and enable the port forwarding trigger and target range start 
and end ports along with protocol info rmation in the appropriate fields. The 
following example illustrates how to use the  port triggering feature to configure the 
Microsoft X-Box Online Live for Internet gaming. 
Note:  For most widely used applications (including Microsoft X-Box Online Live), 
the built-in firewall automatically maps  and opens ports required for that 
application while the application is in use. 
1   In the first row, enter  88 in both Start Port and End Port fields. 
2   In the same row, select  UDP from the drop-down list in the Protocol field, and 
then select the box in the  Enable field. 
3   In the second row, enter  3074 in both Start Port and End Port fields. 
4   In the same row as the second entry, select  Both, and then select the box in the 
Enable field. 
5   Click  Apply  to apply and save your new port forwarding settings. 
  
						

							
4028315 Rev A    55  
  How Do I Configure My DOCSIS Residential Gateway?
   
Configuring the DMZ Host 
Use the Setup Advanced Settings - DMZ Host page to configure an IP address that is 
visible to the WAN. DMZ hosting is commonly referred to as “exposed host,” and 
allows you to specify the “default” recipi ent of WAN traffic that Network Address 
Translation (NAT) is unable to translate  to a known local PC. DMZ allows one IP 
address to be unprotected while others remain protected. 
Note:  If you are not familiar with the advanc ed settings detailed in this section, 
contact your service provider before you  attempt to change any of the residential 
gateway default advanced DMZ host settings. 
Click  DMZ Host  in the Advanced Settings section of the Setup page to access the 
Setup Advanced Settings - DMZ Host page. 
 
Setup Advanced Settings - DMZ Host Page 
The following illustration is an example of  the Setup Advanced Settings - DMZ Host 
page. 
  
Setup Advanced Settings - DM Z Host Page Description 
Use this link to place a Private LAN IP de vice, for example, an FTP, Mail, or Web 
server directly on the Internet (bypassing  the firewall). You set the server with a 
fixed IP address as a DMZ Host by entering  its IP address in the DMZ Address field. 
Make sure the IP address used is not in th e range of addresses delivered by the built-
in DHCP server. After setting up a DMZ Host , all ports on this device are open to 
the Internet. You may configure only one PC  to be the DMZ host. DMZ is generally 
used for PCs running “problem” applications  that use random port numbers and do 
not function correctly with the specific po rt triggers or port forwarding setups 
described earlier in this guide. Af ter entering a DMZ Address, click  Apply to apply 
and save your new DMZ Host setting. 
  
						

							
56    4028315 Rev A  
How Do I Configure My DOCSIS Residential Gateway?   
Configuring VPN Termination 
Use the Setup Advanced Settings - VPN Termination page to configure VPN 
protocols and manage VPN tunnels. A VPN is a connection between two endpoints 
in different networks that allows private da ta to be sent securely and transparently 
over public networks or other private ne tworks. With a VPN, you can send data 
securely between these two locations or netw orks. This is accomplished by creating a 
VPN tunnel. A VPN tunnel connects the two PCs or networks and allows data to 
be transmitted over the Internet as if it  were still within those networks. The VPN 
tunnel uses IPsec (Internet Protocol securi ty) to encrypt the data sent between the 
two networks and encapsulate the data within a normal Ethernet/IP frame so as to 
transport the private network securely  and seamlessly through other public or 
private networks.  
A VPN provides a cost-effective and more  secure alternative to using a private, 
dedicated, leased line for a private networ k. Using industry standard encryption and 
authentication techniques, an Internet Prot ocol Security (IPsec) VPN creates a secure 
connection that operates as if you were di rectly connected to your local network. 
For example, a VPN allows users to sit at home and connect to his/her employers 
corporate network and receive an IP address  in their private network just as though 
they were sitting in their office connected to their corporate LAN.  
Another advantage of a VPN network is t hat it all proprietary Microsoft Windows-
based networking protocols can pass thro ugh the router using the VPN tunnel to 
access corporate shared network drives. 
Note:  If you are not familiar with the advanc ed settings detailed in this section, 
contact your service provider before you  attempt to change any of the wireless home 
gateway defaults advanced VPN Termination settings. 
Click  VPN Termination  in the Advanced Settings section of the Setup page to access 
the Setup Advanced Settings - VPN Termination - Status page. The VPN 
Termination - Status page allows you to  create, configure, and control IPsec VPN 
tunnels. 
  
						

							
4028315 Rev A    57  
  How Do I Configure My DOCSIS Residential Gateway?
   
Setup Advanced Settings - VPN Te rmination - Blank Status Page 
The following illustration is an example of  a blank Setup Advanced Settings - VPN 
Termination - Status page. No VPN tunnels are configured. 
  
Setup Advanced Settings - VPN Termin ation - Status Page with VPN 
Tunnel Configured 
The following illustration is an example  of the Setup Advanced Settings - VPN 
Termination - Status page with a VPN tunnel configured. 
 
  
Setup Advanced Settings - VPN Termin ation - Status Page Description 
This section describes the section headin gs and field descriptions of the Setup 
Advanced Settings - VPN Termination - Status page. This page allows you to create, 
configure, and control IPsec VPN tunnels.  
Note:  You can set up and mange up to 50 different VPN tunnels.  
						

							
58    4028315 Rev A  
How Do I Configure My DOCSIS Residential Gateway?   
 
Field Name  Description 
IPsec Endpoint  Enables/disables  the IP sec endpoint mode 
Name  Displays the user-defined tunnel name entered from the VPN Setup  page 
Status  Displays the current connect ion state (Connected/NOT Connected) 
Control  Displays one of the following  three keys based on the current tunnel 
enable and connection state: 
ƒ  Enable 
ƒ Connect 
ƒ Endpoint disabled 
Configure  Displays Edit or Delete keys used for settings management 
Add New Tunnel  Allows you to create a new tunnel configuration. When you click  Add 
New Tunnel , the VPN Setup  page opens 
Event Log  Allows you to access the Event Log page. The Event Log page shows a  history of VPN connections and activity in chronological order and also 
displays the IP address of both endpoints on the tunnel (local and 
remote) 
Note: On the Event Log page, pressing the  Refresh key updates the 
Event Log table to show any changes since the page was loaded. 
Pressing the  Clear key clears the log table of its current contents and 
only the most recent data appears 
   
						

							
4028315 Rev A    59  
  How Do I Configure My DOCSIS Residential Gateway?
   
Creating and Configur ing IPsec VPN Tunnels 
To create and configure IPsec VPN tunnels, click  Add New Tunnel on the VPN 
Termination - Status page. The VPN Setup pa ge opens. The following illustration is 
an example of the VPN Setup page. 
   
						

							
60    4028315 Rev A  
How Do I Configure My DOCSIS Residential Gateway?   
Setup Advanced Settings - VP N Setup Page Description 
This section describes the section headin gs and field descriptions of the Setup 
Advanced Settings - VPN Setup page. This page allows you create, configure, and 
control IPsec VPN tunnels.  
Tunnel Section 
 
Field Name  Description 
Tunnel  Displays existing tunnels and allows each tunnel to be individually  configured 
Name  Displays the name of a group of se ttings for a single tunnel. If no name 
is entered, the tunnels are named sequentially 1, 2, 3, and so on 
Enable/Disable  Enables/disables a VPN tunnel after the tunnel is named and  configured. Click Apply to activate the selected setting (Enabled or 
Disabled) 
Function Keys 
The following table describes the function ke ys associated with the Tunnel section of 
the VPN Setup page. 
 
Key Description 
Delete Tunnel  Allows you to delete a tunnel 
Add New Tunnel  Allows you to create a he ading for the tunnel settings that you can 
select using the Tu nnel drop-down menu 
Apply  Activates the selected setting (Enabled or Disabled) 
Local Endpoint Settings 
The following table describes the fields in  the Local endpoint settings section of the 
VPN Setup page. 
 
Field Name  Description 
Address group type  Allows you to select the address group type for the local VPN access  group. The following types are available: 
ƒ IP subnet 
ƒ Single IP address 
ƒ IP address range