Manualshelf

Specifications

ManualsBrandsAVM ManualsSoftwareAccess Server englisch
101102103104105106107108109110
Internet Access Through a Third-party Router
104 AVM Access Server – 6 AVM Access Server for Experts
services (such as HTTP, FTP) using the proxy server in KEN!, then you
must activate appropriate IP packet filters in the Access Server to pro-
hibit direct routing between the LAN and the Internet.
Internet Access Through a Third-party Router
The Access Server can also use an Internet connection through an ex-
isting router in the LAN. If the router performs Network Address Transla-
tion (NAT, or IP masquerading), then it must be configured to forward
two ports from the Internet interface to the IP address of the AVM
Access Server in order to allow VPN connections:
UDP destination port 500 (ISAKMP) -> IP address of the Access
Server, destination port 500
ESP -> IP address of the Access Server
The IPsec “Authentication Header” (AH) protocol cannot be used
through NAT on an external router. This restriction is minor, since ESP
alone includes a checksum over the entire packet. Only the new IP
header carrying the public IP addresses of the tunnel endpoints is not
secured by a checksum.
Dynamic DNS
Dynamic DNS is a service in the Internet that associates a fixed domain
name with a dynamically assigned IP address. The computer con-
cerned must notify the dynamic DNS provider every time its IP address
changes. With most ISDN and ADSL Internet Service Providers, a new IP
address is assigned each time the line is dialed up, so that the IP num-
ber must be registered with each new connection. The AVM Access
Server currently implements automatic updates for dynamic DNS pro-
viders: www.staticip.de and www.dyndns.org. Both of these providers
require registration before service can begin. These two providers offer
basic dynamic DNS service free of charge.
6.3 Connections to Remote Users
Every user configured in the AVM Access Server is a member of a user
group. All properties of the user group apply to each group member.
Each individual user also has individual properties.
On creating a user group, an IP address range is defined for address as-
signments to the users in the group.