Cradlepoint Technology mbr1200 User Guide
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010 CRADLEPOINT, INC. PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 44
Enable DMZ.
If an application has trouble working from behind the router, you can expose one computer to the Internet and run the application on
that computer. NOTE: Placing a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only
recommended as a last resort.
recommended as a last resort.
DMZ IP Address.
Specify the IP address of the computer on the LAN that you want to have unrestricted Internet communication. If this computer
obtains its IP address automatically using DHCP, be sure to make a static reservation on the Basic
→ DHCP
sub-menu so that the IP address of
the DMZ machine does not change.
5.3.6
NON-UDP/TCP/ICMP LAN Sessions
When a LAN application that uses a protocol other than UDP, TCP, or ICMP
initiates a session to the Internet, the router‟s NAT can track such a session,
even though it does not recognize the protocol. This feature is useful
because it enables certain applications (most importantly a single VPN
connection to a remote host) without the need for an ALG.
initiates a session to the Internet, the router‟s NAT can track such a session,
even though it does not recognize the protocol. This feature is useful
because it enables certain applications (most importantly a single VPN
connection to a remote host) without the need for an ALG.
NOTE: this feature does not apply to the DMZ host (if one is enabled). The
DMZ host always handles these kinds of sessions.
DMZ host always handles these kinds of sessions.
Enable.
(Default: enabled). Allows single VPN connections to a remote host.
But, for multiple VPN connections, the appropriate VPN ALG must be used.
Disabling this option, however, only disables VPN if the appropriate VPN
ALG is also disabled.
Disabling this option, however, only disables VPN if the appropriate VPN
ALG is also disabled.
5.3.7
Application Level Gateway (ALG) Configuration
Here you can enable or disable ALGs. Some protocols and applications
require special handling of the IP payload to make them work with network
address translation (NAT). Each ALG provides special handling for a specific
protocol or application. A number of ALGs for common applications are
enabled by default.
require special handling of the IP payload to make them work with network
address translation (NAT). Each ALG provides special handling for a specific
protocol or application. A number of ALGs for common applications are
enabled by default.
PPTP.
Allows multiple machines on the LAN to connect to their corporate networks using PPTP protocol. When the PPTP ALG is enabled, LAN
computers can establish PPTP VPN connections either with the same or with different VPN servers. When the PPTP ALG is disabled, the router
allows VPN operation in a restricted way -- LAN computers are typically able to establish VPN tunnels to different VPN Internet servers but not to
the same server. The advantage of disabling the PPTP ALG is to increase VPN performance. Enabling the PPTP ALG also allows incoming VPN
connections to a LAN side VPN server (refer to
allows VPN operation in a restricted way -- LAN computers are typically able to establish VPN tunnels to different VPN Internet servers but not to
the same server. The advantage of disabling the PPTP ALG is to increase VPN performance. Enabling the PPTP ALG also allows incoming VPN
connections to a LAN side VPN server (refer to
IPSec (VPN). Allows multiple VPN clients to connect to their corporate networks using IPSec. Some VPN clients support traversal of IPSec
through NAT. This option may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network,
try disabling this option.
through NAT. This option may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network,
try disabling this option.
(continued)