Home » ZyXEL Manuals » Networking » ZyXEL NBG-460N » Manual Viewer

ZyXEL NBG-460N User Guide - Page 204

Table 67

Get ZyXEL NBG-460N PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 204 highlights

Chapter 15 IPSec VPN Table 67 Security > VPN > General > Rule Setup: Manual (continued) LABEL DESCRIPTION Remote Address For a single IP address, enter a (static) IP address on the network behind the remote IPSec router. For a specific range of IP addresses, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router. Remote Address End / Mask To specify IP addresses on a network by their subnet mask, enter a (static) IP address on the network behind the remote IPSec router. When the remote IP address is a single address, type it a second time here. When the remote IP address is a range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router. Remote Port Start Remote Port End My IP Address When the remote IP address is a subnet address, enter a subnet mask on the network behind the remote IPSec router. 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3. Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Remote Port Start is left at 0, Remote Port End will also remain at 0. Enter the NBG-460N's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. The NBG-460N uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the NBG-460N uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. Otherwise, you can enter one of the dynamic domain names that you have configured (in the DDNS screen) to have the NBG-460N use that dynamic domain name's IP address. Secure Gateway Address SPI Encapsulation Mode Enable Replay Detection The VPN tunnel has to be rebuilt if My IP Address changes after setup. Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with which you're making the VPN connection. Type a unique SPI (Security Parameter Index) from one to four characters long. Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9". Select Tunnel mode or Transport mode from the drop-down list box. As a VPN setup is processing intensive, the system is vulnerable to Denial of Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks. Select Yes from the drop-down menu to enable replay detection, or select No to disable it. 204 NBG-460N User's Guide

Section	Page
NBG-460N	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	21
Getting to Know Your NBG-460N	23
1.1 Overview	23
1.2 Applications	23
1.3 Wireless Applications	24
1.3.1 Router Mode	24
1.3.2 AP Mode	25
1.3.3 Router vs. AP	26
1.4 Ways to Manage the NBG-460N	26
1.5 Good Habits for Managing the NBG-460N	27
1.6 LEDs	27
The WPS Button	29
2.1 Overview	29
Introducing the Web Configurator	31
3.1 Web Configurator Overview	31
3.2 Accessing the Web Configurator	31
3.3 Resetting the NBG-460N	33
3.3.1 Procedure to Use the Reset Button	33
3.4 Navigating the Web Configurator	33
3.5 The Status Screen in Router Mode	34
3.5.1 Navigation Panel	37
3.5.2 Summary: Any IP Table	39
3.5.3 Summary: Bandwidth Management Monitor	39
3.5.4 Summary: DHCP Table	40
3.5.5 Summary: Packet Statistics	41
3.5.6 Summary: VPN Monitor	42
3.5.7 Summary: Wireless Station Status	43
Connection Wizard	45
4.1 Wizard Setup	45
4.2 Connection Wizard: STEP 1: System Information	46
4.2.1 System Name	46
4.2.2 Domain Name	47
4.3 Connection Wizard: STEP 2: Wireless LAN	48
4.3.1 Basic (WEP) Security	49
4.3.2 Extend (WPA-PSK or WPA2-PSK) Security	50
4.4 Connection Wizard: STEP 3: Internet Configuration	51
4.4.1 Ethernet Connection	52
4.4.2 PPPoE Connection	52
4.4.3 PPTP Connection	53
4.4.4 Your IP Address	55
4.4.5 WAN IP Address Assignment	55
4.4.6 IP Address and Subnet Mask	56
4.4.7 DNS Server Address Assignment	57
4.4.8 WAN IP and DNS Server Address Assignment	57
4.4.9 WAN MAC Address	58
4.5 Connection Wizard: STEP 4: Bandwidth management	59
4.6 Connection Wizard Complete	60
Tutorials	63
5.1 Overview	63
5.2 How to Connect to the Internet from an AP	63
5.2.1 Configure Wireless Security Using WPS on both your NBG-460N and Wireless Client	63
5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N	67
5.2.3 Configure Your Notebook	68
5.3 Site-To-Site VPN Tunnel Tutorial	70
5.3.1 Configuring Bob’s NBG-460N VPN Settings	71
5.3.2 Configuring Jack’s NBG-460N VPN Settings	73
5.3.3 Checking the VPN Connection	75
5.4 Bandwidth Management for your Network	76
5.4.1 Configuring Bandwidth Management by Application	76
5.4.2 Configuring Bandwidth Management by Custom Application	77
5.4.3 Configuring Bandwidth Allocation by IP or IP Range	78
AP Mode	81
6.1 Overview	81
6.2 Setting your NBG-460N to AP Mode	81
6.3 The Status Screen	82
6.3.1 Navigation Panel	84
6.4 Configuring Your Settings	86
6.4.1 LAN Settings	86
6.4.2 WLAN and Maintenance Settings	87
6.5 Logging in to the Web Configurator in AP Mode	88
Network	89
Wireless LAN	91
7.1 Overview	91
7.2 What You Can Do	92
7.3 What You Should Know	92
7.3.1 Wireless Security Overview	92
7.4 General Wireless LAN Screen	95
7.4.1 No Security	96
7.4.2 WEP Encryption	97
7.4.3 WPA-PSK/WPA2-PSK	100
7.4.4 WPA/WPA2	101
7.5 MAC Filter Screen	103
7.6 Wireless LAN Advanced Screen	105
7.7 Quality of Service (QoS) Screen	105
7.7.1 Application Priority Configuration	107
7.8 WPS Screen	109
7.9 WPS Station Screen	110
7.10 Scheduling Screen	110
7.11 Technical Reference	112
7.11.1 Roaming	112
7.11.2 Quality of Service	114
7.12 WiFi Protected Setup	115
7.12.1 iPod Touch Web Configurator	115
7.12.2 Login Screen	116
7.12.3 System Status	116
7.12.4 WPS in Progress	119
7.12.5 Port Forwarding	119
7.13 Accessing the iPod Touch Web Configurator	121
7.13.1 Accessing the iPod Touch Web Configurator	121
WAN	123
8.1 Overview	123
8.2 What You Can Do	123
8.3 What You Need To Know	124
8.3.1 Configuring Your Internet Connection	124
8.3.2 Multicast	125
8.3.3 IPTV STB Port	126
8.3.4 NetBIOS over TCP/IP	128
8.3.5 Auto-Bridge	128
8.4 Internet Connection	129
8.4.1 Ethernet Encapsulation	129
8.4.2 PPPoE Encapsulation	131
8.4.3 PPTP Encapsulation	134
8.5 Advanced WAN Screen	136
8.6 Technical Reference	138
8.6.1 IGMP	138
LAN	139
9.1 Overview	139
9.2 What You Can Do	139
9.3 What You Need To Know	140
9.3.1 IP Pool Setup	140
9.3.2 LAN TCP/IP	140
9.4 LAN IP Screen	140
9.5 LAN IP Alias	141
9.6 Advanced LAN Screen	142
9.7 Technical Reference	143
9.7.1 LANs, WANs and the ZyXEL Device	143
9.7.2 Any IP	144
DHCP	147
10.1 Overview	147
10.2 What You Can Do	147
10.3 What You Need To Know	147
10.4 DHCP General Screen	148
10.5 DHCP Advanced Screen	148
10.6 Client List Screen	150
Network Address Translation (NAT)	153
11.1 Overview	153
11.2 What You Can Do	154
11.3 General NAT Screen	154
11.4 NAT Application Screen	155
11.4.1 Game List Example	158
11.4.2 Configuring Servers Behind Port Forwarding Example	158
11.5 NAT Advanced Screen	159
11.5.1 Trigger Port Forwarding Example	161
11.5.2 Two Points To Remember About Trigger Ports	162
Dynamic DNS	163
12.1 Overview	163
12.2 What You Can Do	163
12.3 What You Need To Know	163
12.3.1 DynDNS Wildcard	163
12.4 Dynamic DNS Screen	164
Security	167
Firewall	169
13.1 Overview	169
13.2 What You Can Do	169
13.3 What You Need To Know	170
13.3.1 About the NBG-460N Firewall	170
13.3.2 Triangle Routes	170
13.3.3 Triangle Routes and IP Alias	171
13.4 General Firewall Screen	172
13.5 Services Screen	172
13.5.1 The Add Firewall Rule Screen	175
Content Filtering	179
14.1 Overview	179
14.2 What You Can Do	179
14.3 What You Need To Know	179
14.3.1 Content Filtering Profiles	179
14.4 Filter Screen	181
14.5 Schedule Screen	183
14.6 Technical Reference	183
14.6.1 Customizing Keyword Blocking URL Checking	184
IPSec VPN	185
15.1 Overview	185
15.2 What You Can Do	185
15.3 What You Need To Know	186
15.3.1 IKE SA (IKE Phase 1) Overview	186
15.3.2 IPSec SA (IKE Phase 2) Overview	187
15.4 The General Screen	188
15.4.1 VPN Rule Setup (Basic)	189
15.4.2 VPN Rule Setup (Advanced)	194
15.4.3 VPN Rule Setup (Manual)	201
15.5 The SA Monitor Screen	205
15.6 Technical Reference	206
15.6.1 VPN and Remote Management	206
15.6.2 IKE SA Proposal	207
15.6.3 Diffie-Hellman (DH) Key Exchange	208
15.6.4 Authentication	208
15.6.5 Negotiation Mode	209
15.6.6 VPN, NAT, and NAT Traversal	210
15.6.7 IPSec Protocol	211
15.6.8 Encapsulation	211
15.6.9 IPSec SA Proposal and Perfect Forward Secrecy	212
15.6.10 Additional IPSec VPN Topics	212
Management	215
Static Route	217
16.1 Overview	217
16.2 What You Can Do	217
16.3 IP Static Route Screen	218
16.3.1 Static Route Setup Screen	219
Bandwidth Management	221
17.1 Overview	221
17.2 What You Can Do	221
17.3 What You Need To Know	222
17.4 General Configuration Screen	222
17.5 Advanced Configuration	224
17.5.1 Rule Configuration with the Pre-defined Service	226
17.5.2 Rule Configuration: User Defined Service Rule Configuration	227
17.6 Monitor Screen	228
17.7 Technical References	229
17.7.1 Predefined Bandwidth Management Services	229
17.7.2 Default Bandwidth Management Classes and Priorities	230
17.7.3 Bandwidth Management Priorities	231
Remote Management	233
18.1 Overview	233
18.2 What You Can Do	233
18.3 What You Need To Know	234
18.3.1 Remote Management Limitations	234
18.3.2 Remote Management and NAT	234
18.3.3 System Timeout	234
18.4 WWW Screen	235
18.5 Telnet Screen	236
18.6 FTP Screen	236
18.7 DNS Screen	237
Universal Plug-and-Play (UPnP)	239
19.1 Overview	239
19.2 What You Can Do	239
19.3 What You Need to Know	239
19.3.1 NAT Traversal	239
19.3.2 Cautions with UPnP	240
19.4 UPnP Screen	240
19.5 Technical Reference	241
19.5.1 Using UPnP in Windows XP Example	241
19.5.2 Web Configurator Easy Access	244
Maintenance and Troubleshooting	247
System	249
20.1 Overview	249
20.2 What You Can Do	249
20.3 System General Screen	249
20.4 Time Setting Screen	251
Logs	255
21.1 Overview	255
21.2 What You Can Do	255
21.3 What You Need to Know	255
21.4 View Log Screen	256
21.5 Log Settings	257
21.6 Technical Reference	260
21.6.1 Log Descriptions	260
Tools	275
22.1 Overview	275
22.2 What You Can Do	275
22.3 Firmware Upload Screen	275
22.4 Configuration Screen	278
22.4.1 Backup Configuration	278
22.4.2 Restore Configuration	278
22.4.3 Back to Factory Defaults	280
22.5 Restart Screen	280
22.6 Wake On LAN	281
22.7 Green	281
Configuration Mode	283
23.1 Overview	283
23.2 What You Can Do	283
23.3 General Screen	283
Sys Op Mode	285
24.1 Overview	285
24.2 What You Can Do	285
24.3 What You Need to Know	285
24.4 General Screen	287
Language	289
25.1 Language Screen	289
Troubleshooting	291
26.1 Power, Hardware Connections, and LEDs	291
26.2 NBG-460N Access and Login	292
26.3 Internet Access	294
26.4 Resetting the NBG-460N to Its Factory Defaults	296
26.5 Wireless Router/AP Troubleshooting	297
26.6 Advanced Features	297
Product Specifications and Wall- Mounting Instructions	299
Appendices and Index	305
Pop-up Windows, JavaScripts and Java Permissions	307
IP Addresses and Subnetting	315
Setting up Your Computer’s IP Address	325
27.0.1 Verifying Settings	342
Wireless LANs	343
27.0.2 WPA(2)-PSK Application Example	353
27.0.3 WPA(2) with RADIUS Application Example	353
Services	355
Legal Information	359

Match case Limit results 1 per page

Chapter 15 IPSec VPN

NBG-460N User’s Guide

204

Remote

Address

For a single IP address, enter a (static) IP address on the network

behind the remote IPSec router.

For a specific range of IP addresses, enter the beginning (static) IP

address, in a range of computers on the network behind the remote

IPSec router.

To specify IP addresses on a network by their subnet mask, enter a

(static) IP address on the network behind the remote IPSec router.

Remote

Address End /

Mask

When the remote IP address is a single address, type it a second time

here.

When the remote IP address is a range, enter the end (static) IP

address, in a range of computers on the network behind the remote

IPSec router.

When the remote IP address is a subnet address, enter a subnet mask

on the network behind the remote IPSec router.

Remote Port

Start

0 is the default and signifies any port. Type a port number from 0 to

65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23,

Telnet; 80, HTTP; 25, SMTP; 110, POP3.

Remote Port

End

Enter a port number in this field to define a port range. This port

number must be greater than that specified in the previous field. If

Remote Port Start

is left at 0,

Remote Port End

will also remain at 0.

My IP Address

Enter the NBG-460N's static WAN IP address (if it has one) or leave the

field set to

0.0.0.0

The NBG-460N uses its current WAN IP address (static or dynamic) in

setting up the VPN tunnel if you leave this field as

0.0.0.0

. If the WAN

connection goes down, the NBG-460N uses the dial backup IP address

for the VPN tunnel when using dial backup or the LAN IP address when

using traffic redirect.

Otherwise, you can enter one of the dynamic domain names that you

have configured (in the

DDNS

screen) to have the NBG-460N use that

dynamic domain name's IP address.

The VPN tunnel has to be rebuilt if

My IP Address

changes after setup.

Secure

Gateway

Address

Type the WAN IP address or the domain name (up to 31 characters) of

the IPSec router with which you're making the VPN connection.

SPI

Type a unique

SPI

(Security Parameter Index) from one to four

characters long. Valid Characters are "0, 1, 2, 3, 4, 5, 6, 7, 8, and 9".

Encapsulation

Mode

Select

Tunnel

mode or

Transport

mode from the drop-down list box.

Enable Replay

Detection

As a VPN setup is processing intensive, the system is vulnerable to

Denial of Service (DoS) attacks The IPSec receiver can detect and reject

old or duplicate packets to protect against replay attacks. Select

Yes

from the drop-down menu to enable replay detection, or select

disable it.

Table 67

Security > VPN > General > Rule Setup: Manual (continued)

LABEL

DESCRIPTION