Some security devices allow you to define the properties of a WAN data link by configuring the WAN interface. This page allows you to configure the properties for the physical line and the encapsulation method to be used to transfer data across the WAN.
Enter the necessary WAN interface information, then click Apply:
Interface Name (read-only): The name of a physical interface is composed of the media type, slot number (for some devices), and port number, for example, serial1/0 or serial6/0.
WAN Configuration
Member Link: Select this option if the interface is to be added to a multilink interface (also called a bundle).
Note: You must create the multilink interface, configure the encapsulation, and bind the multilink interface to a security zone before member links can be added. To create and configure a multilink interface, see Configuring a Multilink Interface.
Multilink Interface: Select the multilink interface to which the WAN interface is added.
Main Link: Select this option if the WAN interface is not part of a multilink interface.
BRI Mode: Select Leased Line Mode or Dial Using BRI to configure the device for ISDN support.
Note:
If you uncheck the Leased Line
and Dial Using BRI options and
click Apply, then the
Dialer Pool
link is displayed at the top of the Interface Properties screen.
The dialer pool is another method to configure the device for ISDN support
using the dialer interface.
Leased Line Mode: The interface in this mode is a Layer 3 interface and is predefined for a data rate of 128 Kbps. There is no signaling on the D-channel and the leased line is used to deliver data only. Leased line mode supports PPP encapsulation only.
Dial Using BRI: Check this option to use the ISDN BRI to dial out. Click Apply and edit the Dialer Enable Options.
WAN Encapsulation:
None: Sets no encapsulation method
PPP: Sets the WAN interface to use Point-to-Point Protocol as the encapsulation method
Frame Relay: Sets the WAN interface to use Frame Relay as the encapsulation method
Cisco HDLC: Sets the WAN interface to use Cisco HDLC as the encapsulation method
Binding a PPP Profile (appears after you select PPP or MLPPP encapsulation and click Apply): Select the PPP access profile.
Note: For an interface with PPP encapsulation, you must bind a PPP access profile to the interface. You must create a PPP access profile even if no authentication is used on the PPP data link. See PPP access profiles.
Zone Name: Select the zone to which the interface is bound.
Fixed IP option:
IP Address/Netmask: Enter the IP Address and netmask of the interface.
Manageable: Select this option to enable management of the device using the interface IP address.
Manage IP: The logical IP address through which you can manage the device. You can set a different Manage IP address on each available interface. The Manage IP address must be on the same subnet as the physical IP address.
Unnumbered: Sets the WAN interface to use a unnumbered interface.
Interface: Selects the unnumbered interface.
Management Services:
WebUI: Select this option to enable management through the Web user interface (WebUI).
SNMP: Select this option to enable the use of SNMP. The device supports the SNMPv1 protocol (described in RFC-1157) and all relevant MIB II (Management Information Base II) groups defined in RFC-1213.
Telnet: Select this option to allow management through a terminal emulation program for TCP/IP networks such as the Internet. Telnet is a common way to remotely control a network device.
SSL: Select this option to allow the interface to receive HTTPS traffic for secure management of the device via the WebUI.
SSH: Select this option to enable management using a secure command shell (SSH). You can administer the device from an Ethernet connection or a dial-in modem using SSH.
Other Services:
Ping: Select this option to allow the device to respond to ICMP echo requests, or "pings". Ping is a utility that determines whether a specific IP address is accessible or not.
Path MTU (IPV4): Sets the device to use the smallest MTU for all the links in a path.
Ident-reset: Services like Mail and FTP send identification requests. If they receive no acknowledgment, they send the request again. While the request is processing, there is no user access. An ident-reset restores access that has been blocked by an unacknowledged identification request.
Maximum Transfer Unit (MTU): The default protocol MTU is 1500 bytes for serial, T1, E1, ISDN BRI, and multilink interfaces and 4470 bytes for T3 interfaces. If the MTU of the network to which the interface connects is different, enter that value here. You can specify a value between 800 and 8192 bytes.
DNS Proxy: Select this option if you want the device to proxy (forward) DNS queries received on this interface to the appropriate DNS server as configured on the DNS Proxy Configuration page.
Note: The DNS Proxy option does not apply to Layer 2 interfaces.
WebAuth checkbox: (Appears only when an IP address/netmask is entered and applied) Select this option to enable WebAuth authentication for this interface.
IP: Enter the IP address that receives authentication requests for the WebAuth server. The WebAuth IP address must be in the same subnet as the interface IP address.
SSL Only checkbox: Select this option to require that all WebAuth authentication requests use SSL. The URL that a WebAuth authentication user enters in his or her Web browser must be https://ip_addr, in which ip_addr is the IP address that receives authentication requests for the WebAuth server.
After the Basic WAN interface parameters are configured, specific WAN interface options can be configured. To configure WAN interface specific features, click WAN at the top of the interface Properties. Depending upon the interface you are configuring, you will see one of the following options:
Once the Basic WAN interface parameters are configured, WAN encapsulation can be configured. To configure the encapsulation method, click PPP, FR, or Cisco HDLC at the top of the page:
To configure PPP options for the interface. See PPP options.
To configure Frame Relay options for the interface. See Frame Relay options.
To configure Cisco HDLC options for the interface. See Cisco HDLC options.