Cisco Small Business RV 120W Wireless-N VPN Firewall ...
Cisco Small Business RV 120W Wireless-N VPN Firewall ... Cisco Small Business RV 120W Wireless-N VPN Firewall ...
Configuring the FirewallFirewall Configuration Examples4Example 3: Multi-NAT ConfigurationIn this example, you want to configure multi-NAT to support multiple public IPaddresses on one WAN port interface.Create an inbound rule that configures the firewall to host an additional public IPaddress. Associate this address with a web server on the DMZ. If you arrange withyour ISP to have more than one public IP address for your use, you can use theadditional public IP addresses to map to servers on your LAN. One of these publicIP addresses is used as the primary IP address of the router. This address is usedto provide Internet access to your LAN PCs through NAT. The other addresses areavailable to map to your DMZ servers.The following addressing scheme is used to illustrate this procedure:• WAN IP address: 10.1.0.118• LAN IP address: 192.168.1.1; subnet 255.255.255.0• Web server PC in the DMZ, IP address: 192.168.1.2• Access to Web server: (simulated) public IP address 10.1.0.52ParameterConnection TypeActionServiceSource IPValueInboundAlways AllowHTTPSingle AddressStart 10.1.0.52Send to Local Server (DNAT IP)Rule Status192.168.1.2 (local IP address of your web server)EnabledCisco RV120W Administration Guide 89
Configuring the FirewallFirewall Configuration Examples4Example 4: Block traffic by schedule if generated from specific range ofmachinesIn this example, you want to block all HTTP traffic on the weekends if the requestoriginates from a specific group of machines in the LAN having a known range ofIP addresses, and anyone coming in through the Network from the WAN (i.e. allremote users).STEP 1STEP 2STEP 3STEP 4STEP 5STEP 6STEP 7Setup a schedule. Choose Firewall > Advanced Settings > Schedules.Click Add.Enter the schedule name (for example, “Weekend”).Under Time, check All Day.Under Repeat, leave Everyday unchecked.Check Saturday and Sunday.Click Save.Create an outbound access rule with the following parameters:ParameterConnection TypeActionScheduleServiceSource IPStartFinishDestination IPRule StatusValueOutboundBlock by ScheduleWeekendHTTPAddress Rangestarting IP addressending IP addressAnyEnabledCisco RV120W Administration Guide 90
- Page 47 and 48: Configuring NetworkingConfiguring R
- Page 49 and 50: Configuring NetworkingConfiguring P
- Page 51 and 52: Configuring NetworkingConfiguring I
- Page 55 and 56: Configuring NetworkingConfiguring I
- Page 57 and 58: Configuring NetworkingConfiguring I
- Page 59 and 60: Configuring NetworkingConfiguring I
- Page 61 and 62: Configuring the Wireless NetworkA N
- Page 63 and 64: Configuring the Wireless NetworkUnd
- Page 65 and 66: Configuring the Wireless NetworkCon
- Page 67 and 68: Configuring the Wireless NetworkCon
- Page 69 and 70: Configuring the Wireless NetworkCon
- Page 71 and 72: Configuring the Wireless NetworkCon
- Page 73 and 74: Configuring the Wireless NetworkCon
- Page 75 and 76: Configuring the FirewallCisco RV120
- Page 77 and 78: Configuring the FirewallConfiguring
- Page 79 and 80: Configuring the FirewallConfiguring
- Page 81 and 82: Configuring the FirewallConfiguring
- Page 83 and 84: Configuring the FirewallConfiguring
- Page 85 and 86: Configuring the FirewallConfiguring
- Page 87 and 88: Configuring the FirewallConfiguring
- Page 89 and 90: Configuring the FirewallConfiguring
- Page 91 and 92: Configuring the FirewallConfiguring
- Page 93 and 94: Configuring the FirewallConfiguring
- Page 95 and 96: Configuring the FirewallConfiguring
- Page 97: Configuring the FirewallFirewall Co
- Page 101 and 102: 5Configuring Virtual Private Networ
- Page 103 and 104: Configuring Virtual Private Network
- Page 105 and 106: Configuring Virtual Private Network
- Page 107 and 108: Configuring Virtual Private Network
- Page 109 and 110: Configuring Virtual Private Network
- Page 111 and 112: Configuring Virtual Private Network
- Page 113 and 114: Configuring Virtual Private Network
- Page 115 and 116: Configuring Virtual Private Network
- Page 117 and 118: Configuring Virtual Private Network
- Page 119 and 120: Configuring Virtual Private Network
- Page 121 and 122: 6Configuring Quality of Service (Qo
- Page 123 and 124: Configuring Quality of Service (QoS
- Page 125 and 126: Configuring Quality of Service (QoS
- Page 127 and 128: Administering Your Cisco RV120WConf
- Page 129 and 130: Administering Your Cisco RV120WUsin
- Page 131 and 132: Administering Your Cisco RV120WConf
- Page 133 and 134: Administering Your Cisco RV120WConf
- Page 135 and 136: Administering Your Cisco RV120WCapt
- Page 137 and 138: Administering Your Cisco RV120WConf
- Page 139 and 140: Administering Your Cisco RV120WConf
- Page 141 and 142: Administering Your Cisco RV120WConf
- Page 143 and 144: Administering Your Cisco RV120WUpgr
- Page 145 and 146: 8Viewing the Cisco RV120W StatusThi
- Page 147 and 148: Viewing the Cisco RV120W StatusView
Configuring the <strong>Firewall</strong><strong>Firewall</strong> Configuration Examples4Example 3: Multi-NAT ConfigurationIn this example, you want to configure multi-NAT to support multiple public IPaddresses on one WAN port interface.Create an inbound rule that configures the firewall to host an additional public IPaddress. Associate this address with a web server on the DMZ. If you arrange withyour ISP to have more than one public IP address for your use, you can use theadditional public IP addresses to map to servers on your LAN. One of these publicIP addresses is used as the primary IP address of the router. This address is usedto provide Internet access to your LAN PCs through NAT. The other addresses areavailable to map to your DMZ servers.The following addressing scheme is used to illustrate this procedure:• WAN IP address: 10.1.0.118• LAN IP address: 192.168.1.1; subnet 255.255.255.0• Web server PC in the DMZ, IP address: 192.168.1.2• Access to Web server: (simulated) public IP address 10.1.0.52ParameterConnection TypeActionServiceSource IPValueInboundAlways AllowHTTPSingle AddressStart 10.1.0.52Send to Local Server (DNAT IP)Rule Status192.168.1.2 (local IP address of your web server)Enabled<strong>Cisco</strong> <strong>RV</strong><strong>120W</strong> Administration Guide 89