Home » ZyXEL Manuals » Networking » ZyXEL MAX318M » Manual Viewer

ZyXEL MAX318M User Guide - Page 141

Security, WiMAX Device Configuration User's Guide, Domain Name, E-mail, Remote Endpoint

Get ZyXEL MAX318M PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 141 highlights

Chapter 8 Security Table 60 IPSec VPN: Add (continued) LABEL Remote ID Type DESCRIPTION Select IP to identify the remote IPSec router by its IP address. Select Domain Name to identify the remote IPSec router by a domain name. Content Select E-mail to identify the remote IPSec router by an e-mail address. The configuration of the remote content depends on the remote ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the WiMAX Device will use the address in the Remote Endpoint field (refer to the Remote Endpoint field description). For Domain Name or E-mail, type a domain name or e-mail address by which to identify the remote IPSec router. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. It is recommended that you type an IP address other than 0.0.0.0 or use the Domain Name or E-mail ID type in the following situations: IKE Phase 1 Proposal # Encryption • When there is a NAT router between the two IPSec routers. • When you want the WiMAX Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly. Select which key size and encryption algorithm to use in the IKE SA. Choices are: • DES - a 56-bit key with the DES encryption algorithm • 3DES - a 168-bit key with the DES encryption algorithm • AES128 - a 128-bit key with the AES encryption algorithm • AES192 - a 192-bit key with the AES encryption algorithm • AES256 - a 256-bit key with the AES encryption algorithm The WiMAX Device and the remote IPSec router must use the same key size and encryption algorithm. Longer keys require more processing power, resulting in increased latency and decreased throughput. Authentication Select which hash algorithm to use to authenticate packet data. Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower. Remove Select an entry and click this to delete it. Add Click this to create a new entry. OK Click this to save the changes. Key Group Select which Diffie-Hellman key group (DHx) you want to use for encryption keys. Choices are: • DH1 - use a 768-bit random number • DH2 - use a 1024-bit random number • DH5 - use a 1536-bit random number The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. WiMAX Device Configuration User's Guide 141

Section	Page
WiMAX CPE Series	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	7
Table of Contents	9
User’s Guide	15
Introduction to the Series	17
1.1 About Your WiMAX Device	17
1.1.1 WiMAX Internet Access	18
1.1.2 Models with Phone Ports	18
1.1.3 Models with WiFi	19
1.2 Good Habits for Managing the WiMAX Device	19
Introduction to the Web Configurator	20
2.1 Overview	20
2.1.1 Accessing the Web Configurator	20
2.1.2 Saving and Canceling Changes	21
2.1.3 Working with Tables	21
2.2 The Main Screen	22
Setup Wizard	25
3.1 Overview	25
3.1.1 Welcome to the Setup Wizard	25
3.1.2 LAN Settings	26
3.1.3 WiMAX Frequency Settings	27
3.1.4 WiMAX Authentication Settings	28
3.1.5 VoIP Settings	30
3.1.6 WLAN Settings	32
3.1.7 Setup Complete	34
Tutorials	35
4.1 Overview	35
4.2 WiMAX Connection Settings	35
4.3 Setting Up a Small Network for the LAN	36
4.4 Making a Telephone Call Over the Internet	38
4.4.1 Configure Your SIP Account	38
4.5 Blocking Web Access from the WiMAX Device	40
4.6 Restricting Wireless Access to the WiMAX Device	40
4.7 Allowing Internet Users to use Internal Servers	42
4.8 Access the WiMAX Device with a Domain Name	44
4.8.1 Registering a DDNS Account on www.dyndns.org	45
4.8.2 Configuring DDNS on Your WiMAX Device	46
4.8.3 Testing the DDNS Setting	46
4.9 Configuring Static Route for Routing to Another Network	46
4.10 Remotely Managing Your WiMAX Device	48
4.11 Changing Certificate to Communicate with Other Networks	49
4.12 Using Virtual Networks	50
4.12.1 Scenario 1	51
4.12.2 Scenario 2	52
4.12.3 Scenario 3	54
4.12.4 Scenario 4	56
4.12.5 Scenario 5	58
Technical Reference	61
System Status	63
5.1 Overview	63
5.2 System Status	63
WiMAX	67
6.1 Overview	67
6.1.1 What You Need to Know	67
6.2 Connection Settings	70
6.3 Frequency Settings	72
6.4 Authentication Settings	74
6.5 Channel Plan Settings	77
6.6 CAPL Settings	79
6.6.1 CAPL Settings: Add	80
6.7 RAPL Settings	81
6.8 Home NSP Settings	82
6.9 Connect	83
6.10 Wide Scan	85
6.11 Link Status	87
6.12 Link Statistics	88
6.13 Connection Info	89
6.14 Service Flow	89
Network Setting	91
7.1 Overview	91
7.1.1 What You Need to Know	91
7.2 WAN	94
7.3 PPPoE	96
7.4 GRE	97
7.5 EtherIP	98
7.6 IP	98
7.7 DHCP	99
7.8 WLAN	100
7.9 WPS	102
7.10 MAC Address Filter	103
7.11 Static Route	104
7.12 Static Route Add	104
7.13 RIP	105
7.14 Port Forwarding	107
7.14.1 Port Forwarding Wizard	108
7.15 Port Trigger	108
7.15.1 Port Trigger Wizard	110
7.15.2 Trigger Port Forwarding Example	111
7.16 DMZ	111
7.17 ALG	112
7.18 QoS	113
7.19 UPnP	113
7.19.1 Installing UPnP in Windows XP	114
7.19.2 Web Configurator Easy Access	118
7.20 VLAN	119
7.21 DDNS	121
7.22 IGMP Proxy	123
7.23 Content Filter	123
Security	125
8.1 Overview	125
8.1.1 What You Need to Know	125
8.2 IP Filter	125
8.3 MAC Filter	126
8.4 DDOS	127
8.5 PPTP VPN Server	129
8.6 PPTP VPN Client	130
8.7 PPTP VPN Client: Add	131
8.8 L2TP VPN Server	133
8.9 L2TP VPN Client	135
8.10 L2TP VPN Client: Add	135
8.11 IPSec VPN	137
8.11.1 IPSec VPN: Add	139
8.12 Technical Reference	144
8.12.1 IPSec Architecture	144
8.12.2 Encapsulation	145
8.12.3 IKE Phases	146
8.12.4 Negotiation Mode	147
8.12.5 IPSec and NAT	147
8.12.6 VPN, NAT, and NAT Traversal	148
8.12.7 ID Type and Content	148
8.12.8 Pre-Shared Key	150
8.12.9 Diffie-Hellman (DH) Key Groups	150
The VoIP General Screens	151
9.1 VoIP Overview	151
9.1.1 What You Need to Know	151
9.1.2 Before you Begin	152
9.2 Media	153
9.3 QoS	154
9.4 SIP Settings	155
9.5 Speed Dial	155
9.6 Technical Reference	156
9.6.1 DSCP and Per-Hop Behavior	156
The VoIP Account Screens	157
10.1 Overview	157
10.1.1 What You Need to Know	157
10.2 Status	160
10.3 Server	161
10.4 SIP	163
10.5 Feature	165
10.6 Dialing	166
10.7 FAX	167
10.8 Technical Reference	167
10.8.1 SIP Call Progression with Session Timer	167
10.8.2 SIP Client Server	170
The VoIP Line Screens	171
11.1 Overview	171
11.1.1 What You Need to Know	171
11.2 Phone	172
11.3 Voice	172
11.4 Region	173
Maintenance	175
12.1 Overview	175
12.1.1 What You Need to Know	175
12.2 Password	180
12.3 HTTP	181
12.4 Telnet	181
12.5 SSH	182
12.6 SNMP	183
12.7 CWMP	183
12.8 OMA-DM	185
12.9 Date/Time	187
12.10 Time Zone	187
12.11 Upgrade File	188
12.11.1 The Firmware Upload Process	189
12.12 Upgrade Link	189
12.13 CWMP Upgrade	189
12.14 Backup/Restore	190
12.15 Restore	190
12.15.1 The Restore Configuration Process	191
12.16 Factory Defaults	191
12.17 Log Setting	192
12.18 Log Display	192
12.19 Network Test	193
12.20 Traceroute	194
12.21 About	194
12.22 Reboot	195
Troubleshooting	197
13.1 Power, Hardware Connections, and LEDs	197
13.2 WiMAX Device Access and Login	198
13.3 Internet Access	199
13.4 Wireless Internet Access (for Models with WiFi)	201
13.5 Phone Calls and VoIP (for Models with Phone Ports)	201
13.6 Reset the WiMAX Device to Its Factory Defaults	202
13.6.1 Pop-up Windows, JavaScript and Java Permissions	202
Product Specifications	203
WiMAX Security	207
Importing Certificates	211
Common Services	237
Open Software Announcements	241
Legal Information	277

Match case Limit results 1 per page

Chapter 8 Security

WiMAX Device Configuration User’s Guide

141

Remote ID

Type

Select

to identify the remote IPSec router by its IP address.

Select

Domain Name

to identify the remote IPSec router by a domain name.

Select

E-mail

to identify the remote IPSec router by an e-mail address.

Content

The configuration of the remote content depends on the remote ID type.

For

, type the IP address of the computer with which you will make the VPN

connection. If you configure this field to 0.0.0.0 or leave it blank, the WiMAX

Device will use the address in the

Remote Endpoint

field (refer to the

Remote

Endpoint

field description).

For

Domain Name

E-mail

, type a domain name or e-mail address by which

to identify the remote IPSec router. Use up to 31 ASCII characters including

spaces, although trailing spaces are truncated. The domain name or e-mail

address is for identification purposes only and can be any string.

It is recommended that you type an IP address other than 0.0.0.0 or use the

Domain Name

E-mail

ID type in the following situations:

•

When there is a NAT router between the two IPSec routers.

•

When you want the WiMAX Device to distinguish between VPN connection

requests that come in from remote IPSec routers with dynamic WAN IP

addresses.

IKE Phase 1

Proposal

This field is a sequential value, and it is not associated with a specific proposal.

The sequence of proposals should not affect performance significantly.

Encryption

Select which key size and encryption algorithm to use in the IKE SA. Choices

are:

•

DES

- a 56-bit key with the DES encryption algorithm

•

3DES

- a 168-bit key with the DES encryption algorithm

•

AES128

- a 128-bit key with the AES encryption algorithm

•

AES192

- a 192-bit key with the AES encryption algorithm

•

AES256

- a 256-bit key with the AES encryption algorithm

The WiMAX Device and the remote IPSec router must use the same key size and

encryption algorithm. Longer keys require more processing power, resulting in

increased latency and decreased throughput.

Authentication

Select which hash algorithm to use to authenticate packet data. Choices are

SHA1

and

MD5

SHA1

is generally considered stronger than

MD5

, but it is also

slower.

Remove

Select an entry and click this to delete it.

Add

Click this to create a new entry.

Click this to save the changes.

Key Group

Select which Diffie-Hellman key group (DHx) you want to use for encryption

keys. Choices are:

•

DH1

- use a 768-bit random number

•

DH2

- use a 1024-bit random number

•

DH5

- use a 1536-bit random number

The longer the key, the more secure the encryption, but also the longer it takes

to encrypt and decrypt information. Both routers must use the same DH key

group.

Table 60

IPSec VPN: Add (continued)

LABEL

DESCRIPTION