Dialog box element Description

Only for the following traffic

Specifies that a demand-dial connection is initiated only when IP packets forwarded over this demand-dial interface match one of the listed filters. When the demand-dial interface is in a disconnected state, all packets forwarded to the demand-dial interface are compared to the filters listed. If a packet matches any of the filters, the demand-dial connection is initiated and the packet is forwarded across the demand-dial connection. If the packet does not match any of the filters, the demand-dial connection is not initiated and the packet is discarded.

This option applies to all the filters that you have added. You cannot change this option for individual filters.

You can select this option only after you have added at least one filter.

For all traffic except

Specifies that a demand-dial connection is not initiated for IP packets forwarded to this demand-dial interface if the packets match any of the filters listed. When the demand-dial interface is in a disconnected state, all packets forwarded by using the demand-dial interface are compared to the filters listed. If the packet matches any of the filters, the demand-dial connection is not initiated and the packet is discarded. If a packet does not match any filter, the demand-dial connection is initiated and the packet is forwarded across the demand-dial connection.

This option applies to all the filters that you have added. You cannot change this option for individual filters.

You can only configure this option after you have added at least one filter.

New

Click to add a filter. You can set a filter based on where the packet is coming from (the source), where the packet is going (the destination), or which protocol the packet is using. You can set all three of these values for a filter or set any combination of the three, depending on the level of control that you want. For more information, see Add or Edit IP Filter.

Edit

Click to modify the settings for a selected filter. For more information, see Add or Edit IP Filter.

Delete

Removes a selected filter from the list.

Add or Edit IP Filter

Dialog box element Description

Source network

Specifies whether the filter checks the network address from which the packet is coming. After selecting this check box, you must specify a network IP address and subnet mask.

Destination network

Specifies whether the filter checks the network address to which the packet is going. After selecting this check box, you must specify a network address and subnet mask.

IP address

Specifies the IP address of the network from which the packet was sent or to which the packet is going. You must also specify a subnet mask.

Subnet mask

Specifies the subnet mask that corresponds to the network IP address.

Protocol

Lists the available protocol types that you can base a filter on. The default is Any protocol. If you select Other, you must type a protocol identifier in Protocol number.

Source port

For TCP, TCP (established), and UDP protocols, provides a space for you to type the port number specified by the source to be used by the filter. Some applications use well-known ports to send and receive packets. You can set a filter for one of these ports if you know which numbers the application uses for the protocol specified in Protocol. For example, you can try to block FTP traffic or allow only PPTP traffic.

Destination port

For TCP, TCP (established), and UDP protocols, type the port number used by the destination for the packet.

ICMP type

Specifies the ICMP type.

ICMP code

Specifies the ICMP code.

Protocol number

Specifies the IP protocol number.

Additional references