Home » ZyXEL Manuals » Networking » ZyXEL NBG-460N » Manual Viewer

ZyXEL NBG-460N User Guide - Page 210

VPN, NAT, and NAT Traversal

Get ZyXEL NBG-460N PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 210 highlights

Chapter 15 IPSec VPN Steps 3-4: The NBG-460N and the remote IPSec router participate in a DiffieHellman key exchange, based on the accepted DH key group, to establish a shared secret. Steps 5-6: Finally, the NBG-460N and the remote IPSec router generate an encryption key from the shared secret, encrypt their identities, and exchange their encrypted identity information for authentication. In contrast, aggressive mode only takes three steps to establish an IKE SA. Step 1: The NBG-460N sends its proposals to the remote IPSec router. It also starts the Diffie-Hellman key exchange and sends its (unencrypted) identity to the remote IPSec router for authentication. Step 2: The remote IPSec router selects an acceptable proposal and sends it back to the NBG-460N. It also finishes the Diffie-Hellman key exchange, authenticates the NBG-460N, and sends its (unencrypted) identity to the NBG-460N for authentication. Step 3: The NBG-460N authenticates the remote IPSec router and confirms that the IKE SA is established. Aggressive mode does not provide as much security as main mode because the identity of the NBG-460N and the identity of the remote IPSec router are not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication (for example, telecommuters). 15.6.6 VPN, NAT, and NAT Traversal In the following example, there is another router (A) between router X and router Y. Figure 129 VPN/NAT Example 210 If router A does NAT, it might change the IP addresses, port numbers, or both. If router X and router Y try to establish a VPN tunnel, the authentication fails because it depends on this information. The routers cannot establish a VPN tunnel. Most routers like router A now have an IPSec pass-through feature. This feature helps router A recognize VPN packets and route them appropriately. If router A has this feature, router X and router Y can establish a VPN tunnel as long as the NBG-460N User's Guide

Section	Page
NBG-460N	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	21
Getting to Know Your NBG-460N	23
1.1 Overview	23
1.2 Applications	23
1.3 Wireless Applications	24
1.3.1 Router Mode	24
1.3.2 AP Mode	25
1.3.3 Router vs. AP	26
1.4 Ways to Manage the NBG-460N	26
1.5 Good Habits for Managing the NBG-460N	27
1.6 LEDs	27
The WPS Button	29
2.1 Overview	29
Introducing the Web Configurator	31
3.1 Web Configurator Overview	31
3.2 Accessing the Web Configurator	31
3.3 Resetting the NBG-460N	33
3.3.1 Procedure to Use the Reset Button	33
3.4 Navigating the Web Configurator	33
3.5 The Status Screen in Router Mode	34
3.5.1 Navigation Panel	37
3.5.2 Summary: Any IP Table	39
3.5.3 Summary: Bandwidth Management Monitor	39
3.5.4 Summary: DHCP Table	40
3.5.5 Summary: Packet Statistics	41
3.5.6 Summary: VPN Monitor	42
3.5.7 Summary: Wireless Station Status	43
Connection Wizard	45
4.1 Wizard Setup	45
4.2 Connection Wizard: STEP 1: System Information	46
4.2.1 System Name	46
4.2.2 Domain Name	47
4.3 Connection Wizard: STEP 2: Wireless LAN	48
4.3.1 Basic (WEP) Security	49
4.3.2 Extend (WPA-PSK or WPA2-PSK) Security	50
4.4 Connection Wizard: STEP 3: Internet Configuration	51
4.4.1 Ethernet Connection	52
4.4.2 PPPoE Connection	52
4.4.3 PPTP Connection	53
4.4.4 Your IP Address	55
4.4.5 WAN IP Address Assignment	55
4.4.6 IP Address and Subnet Mask	56
4.4.7 DNS Server Address Assignment	57
4.4.8 WAN IP and DNS Server Address Assignment	57
4.4.9 WAN MAC Address	58
4.5 Connection Wizard: STEP 4: Bandwidth management	59
4.6 Connection Wizard Complete	60
Tutorials	63
5.1 Overview	63
5.2 How to Connect to the Internet from an AP	63
5.2.1 Configure Wireless Security Using WPS on both your NBG-460N and Wireless Client	63
5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N	67
5.2.3 Configure Your Notebook	68
5.3 Site-To-Site VPN Tunnel Tutorial	70
5.3.1 Configuring Bob’s NBG-460N VPN Settings	71
5.3.2 Configuring Jack’s NBG-460N VPN Settings	73
5.3.3 Checking the VPN Connection	75
5.4 Bandwidth Management for your Network	76
5.4.1 Configuring Bandwidth Management by Application	76
5.4.2 Configuring Bandwidth Management by Custom Application	77
5.4.3 Configuring Bandwidth Allocation by IP or IP Range	78
AP Mode	81
6.1 Overview	81
6.2 Setting your NBG-460N to AP Mode	81
6.3 The Status Screen	82
6.3.1 Navigation Panel	84
6.4 Configuring Your Settings	86
6.4.1 LAN Settings	86
6.4.2 WLAN and Maintenance Settings	87
6.5 Logging in to the Web Configurator in AP Mode	88
Network	89
Wireless LAN	91
7.1 Overview	91
7.2 What You Can Do	92
7.3 What You Should Know	92
7.3.1 Wireless Security Overview	92
7.4 General Wireless LAN Screen	95
7.4.1 No Security	96
7.4.2 WEP Encryption	97
7.4.3 WPA-PSK/WPA2-PSK	100
7.4.4 WPA/WPA2	101
7.5 MAC Filter Screen	103
7.6 Wireless LAN Advanced Screen	105
7.7 Quality of Service (QoS) Screen	105
7.7.1 Application Priority Configuration	107
7.8 WPS Screen	109
7.9 WPS Station Screen	110
7.10 Scheduling Screen	110
7.11 Technical Reference	112
7.11.1 Roaming	112
7.11.2 Quality of Service	114
7.12 WiFi Protected Setup	115
7.12.1 iPod Touch Web Configurator	115
7.12.2 Login Screen	116
7.12.3 System Status	116
7.12.4 WPS in Progress	119
7.12.5 Port Forwarding	119
7.13 Accessing the iPod Touch Web Configurator	121
7.13.1 Accessing the iPod Touch Web Configurator	121
WAN	123
8.1 Overview	123
8.2 What You Can Do	123
8.3 What You Need To Know	124
8.3.1 Configuring Your Internet Connection	124
8.3.2 Multicast	125
8.3.3 IPTV STB Port	126
8.3.4 NetBIOS over TCP/IP	128
8.3.5 Auto-Bridge	128
8.4 Internet Connection	129
8.4.1 Ethernet Encapsulation	129
8.4.2 PPPoE Encapsulation	131
8.4.3 PPTP Encapsulation	134
8.5 Advanced WAN Screen	136
8.6 Technical Reference	138
8.6.1 IGMP	138
LAN	139
9.1 Overview	139
9.2 What You Can Do	139
9.3 What You Need To Know	140
9.3.1 IP Pool Setup	140
9.3.2 LAN TCP/IP	140
9.4 LAN IP Screen	140
9.5 LAN IP Alias	141
9.6 Advanced LAN Screen	142
9.7 Technical Reference	143
9.7.1 LANs, WANs and the ZyXEL Device	143
9.7.2 Any IP	144
DHCP	147
10.1 Overview	147
10.2 What You Can Do	147
10.3 What You Need To Know	147
10.4 DHCP General Screen	148
10.5 DHCP Advanced Screen	148
10.6 Client List Screen	150
Network Address Translation (NAT)	153
11.1 Overview	153
11.2 What You Can Do	154
11.3 General NAT Screen	154
11.4 NAT Application Screen	155
11.4.1 Game List Example	158
11.4.2 Configuring Servers Behind Port Forwarding Example	158
11.5 NAT Advanced Screen	159
11.5.1 Trigger Port Forwarding Example	161
11.5.2 Two Points To Remember About Trigger Ports	162
Dynamic DNS	163
12.1 Overview	163
12.2 What You Can Do	163
12.3 What You Need To Know	163
12.3.1 DynDNS Wildcard	163
12.4 Dynamic DNS Screen	164
Security	167
Firewall	169
13.1 Overview	169
13.2 What You Can Do	169
13.3 What You Need To Know	170
13.3.1 About the NBG-460N Firewall	170
13.3.2 Triangle Routes	170
13.3.3 Triangle Routes and IP Alias	171
13.4 General Firewall Screen	172
13.5 Services Screen	172
13.5.1 The Add Firewall Rule Screen	175
Content Filtering	179
14.1 Overview	179
14.2 What You Can Do	179
14.3 What You Need To Know	179
14.3.1 Content Filtering Profiles	179
14.4 Filter Screen	181
14.5 Schedule Screen	183
14.6 Technical Reference	183
14.6.1 Customizing Keyword Blocking URL Checking	184
IPSec VPN	185
15.1 Overview	185
15.2 What You Can Do	185
15.3 What You Need To Know	186
15.3.1 IKE SA (IKE Phase 1) Overview	186
15.3.2 IPSec SA (IKE Phase 2) Overview	187
15.4 The General Screen	188
15.4.1 VPN Rule Setup (Basic)	189
15.4.2 VPN Rule Setup (Advanced)	194
15.4.3 VPN Rule Setup (Manual)	201
15.5 The SA Monitor Screen	205
15.6 Technical Reference	206
15.6.1 VPN and Remote Management	206
15.6.2 IKE SA Proposal	207
15.6.3 Diffie-Hellman (DH) Key Exchange	208
15.6.4 Authentication	208
15.6.5 Negotiation Mode	209
15.6.6 VPN, NAT, and NAT Traversal	210
15.6.7 IPSec Protocol	211
15.6.8 Encapsulation	211
15.6.9 IPSec SA Proposal and Perfect Forward Secrecy	212
15.6.10 Additional IPSec VPN Topics	212
Management	215
Static Route	217
16.1 Overview	217
16.2 What You Can Do	217
16.3 IP Static Route Screen	218
16.3.1 Static Route Setup Screen	219
Bandwidth Management	221
17.1 Overview	221
17.2 What You Can Do	221
17.3 What You Need To Know	222
17.4 General Configuration Screen	222
17.5 Advanced Configuration	224
17.5.1 Rule Configuration with the Pre-defined Service	226
17.5.2 Rule Configuration: User Defined Service Rule Configuration	227
17.6 Monitor Screen	228
17.7 Technical References	229
17.7.1 Predefined Bandwidth Management Services	229
17.7.2 Default Bandwidth Management Classes and Priorities	230
17.7.3 Bandwidth Management Priorities	231
Remote Management	233
18.1 Overview	233
18.2 What You Can Do	233
18.3 What You Need To Know	234
18.3.1 Remote Management Limitations	234
18.3.2 Remote Management and NAT	234
18.3.3 System Timeout	234
18.4 WWW Screen	235
18.5 Telnet Screen	236
18.6 FTP Screen	236
18.7 DNS Screen	237
Universal Plug-and-Play (UPnP)	239
19.1 Overview	239
19.2 What You Can Do	239
19.3 What You Need to Know	239
19.3.1 NAT Traversal	239
19.3.2 Cautions with UPnP	240
19.4 UPnP Screen	240
19.5 Technical Reference	241
19.5.1 Using UPnP in Windows XP Example	241
19.5.2 Web Configurator Easy Access	244
Maintenance and Troubleshooting	247
System	249
20.1 Overview	249
20.2 What You Can Do	249
20.3 System General Screen	249
20.4 Time Setting Screen	251
Logs	255
21.1 Overview	255
21.2 What You Can Do	255
21.3 What You Need to Know	255
21.4 View Log Screen	256
21.5 Log Settings	257
21.6 Technical Reference	260
21.6.1 Log Descriptions	260
Tools	275
22.1 Overview	275
22.2 What You Can Do	275
22.3 Firmware Upload Screen	275
22.4 Configuration Screen	278
22.4.1 Backup Configuration	278
22.4.2 Restore Configuration	278
22.4.3 Back to Factory Defaults	280
22.5 Restart Screen	280
22.6 Wake On LAN	281
22.7 Green	281
Configuration Mode	283
23.1 Overview	283
23.2 What You Can Do	283
23.3 General Screen	283
Sys Op Mode	285
24.1 Overview	285
24.2 What You Can Do	285
24.3 What You Need to Know	285
24.4 General Screen	287
Language	289
25.1 Language Screen	289
Troubleshooting	291
26.1 Power, Hardware Connections, and LEDs	291
26.2 NBG-460N Access and Login	292
26.3 Internet Access	294
26.4 Resetting the NBG-460N to Its Factory Defaults	296
26.5 Wireless Router/AP Troubleshooting	297
26.6 Advanced Features	297
Product Specifications and Wall- Mounting Instructions	299
Appendices and Index	305
Pop-up Windows, JavaScripts and Java Permissions	307
IP Addresses and Subnetting	315
Setting up Your Computer’s IP Address	325
27.0.1 Verifying Settings	342
Wireless LANs	343
27.0.2 WPA(2)-PSK Application Example	353
27.0.3 WPA(2) with RADIUS Application Example	353
Services	355
Legal Information	359