ZyXEL P-202H User Guide
ZyXEL P-202H Manual
 |
View all ZyXEL P-202H manuals
Add to My Manuals
Save this manual to your list of manuals |
ZyXEL P-202H manual content summary:
- ZyXEL P-202H | User Guide - Page 1
P-202H Plus v2 ISDN Internet Access Router User's Guide Version 3.40 Edition 1 8/2006 - ZyXEL P-202H | User Guide - Page 2
- ZyXEL P-202H | User Guide - Page 3
P-202H Plus v2 User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL - ZyXEL P-202H | User Guide - Page 4
User's Guide Certifications Federal not installed and used in accordance with the instructions, may cause harmful interference to radio communications. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product - ZyXEL P-202H | User Guide - Page 5
and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during - ZyXEL P-202H | User Guide - Page 6
P-202H Plus v2 User's Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) or consequential damages of any kind to the purchaser. To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be - ZyXEL P-202H | User Guide - Page 7
• Date that you received your device. • Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE LOCATION CORPORATE HEADQUARTERS (WORLDWIDE) SALES E-MAIL FAX [email protected] +886-3-578-3942 [email protected] +886-3-578-2439 COSTA RICA soporte - ZyXEL P-202H | User Guide - Page 8
User's Guide METHOD SUPPORT E-MAIL LOCATION NORWAY SALES E-MAIL [email protected] [email protected] TELEPHONE FAX +47-22-80-61-80 +47-22-80-61-81 WEB SITE FTP SITE www.zyxel.no POLAND [email protected] +48 (22) 333 8250 +48 (22) 333 8251 www.pl.zyxel.com RUSSIA http://zyxel.ru/support +7-095 - ZyXEL P-202H | User Guide - Page 9
P-202H Plus v2 User's Guide Table of Contents Copyright ...2 Certifications ...3 Safety Warnings ...4 ZyXEL Limited Warranty 5 Customer Support...6 Table of Contents ...8 List of Figures ...20 List of Tables ...26 Preface ...30 Chapter 1 Getting To Know Your ZyXEL Device 32 1.1 Introducing the - ZyXEL P-202H | User Guide - Page 10
Guide Chapter 3 Wizard Setup ...46 3.1 Introduction ...46 3.1.1 MSN (Multiple Subscriber Number) and Subaddress 46 3.1.2 PABX Outside Line Prefix 46 3.2 Wizard Setup ...46 3.2.1 Test Your Internet Connection 53 Chapter 4 LAN Setup...54 4.1 LAN Overview 54 4.1.1 LANs, WANs and the ZyXEL Services - ZyXEL P-202H | User Guide - Page 11
P-202H Plus v2 User's Guide 6.6 Configuring Address Mapping 71 6.6.1 Address Mapping Rule Edit 72 Chapter 7 Dynamic DNS...74 Stateful Inspection Firewalls 77 8.3 Introduction to ZyXEL's Firewall 77 8.3.1 Denial of Service Attacks 78 8.4 Denial of Service 78 8.4.1 Basics ...78 8.4.2 Types of - ZyXEL P-202H | User Guide - Page 12
P-202H Plus v2 User's Guide 9.3.1 Alerts ...90 9.3.2 Threshold Values 90 9.3.3 Half-Open Sessions 91 9.3.3.1 TCP Timeout Values 102 9.9 Logs Screen ...103 9.10 Example Firewall Rule 104 9.11 Predefined Services 107 Chapter 10 Introduction to IPSec 110 10.1 VPN Overview 110 10.1.1 IPSec ...110 - ZyXEL P-202H | User Guide - Page 13
v2 User's Guide 10.3.1 Transport 11 Advanced IKE Settings 128 11.12 Manual Key 131 11.12.1 Security Parameter Index (SPI 131 11.13 Manual Key Screen 132 11.14 SA ISDN-DCP 140 12.3 Configuring NetCAPI 141 12.3.1 Configuring the ZyXEL Device as a NetCAPI Server 142 12.3.2 RVS-COM 142 12.3.3 - ZyXEL P-202H | User Guide - Page 14
Plus v2 User's Guide Chapter 13 Supplementary Phone Services 144 13.1 Overview ...144 13.2 Setting Up Supplemental Phone Service 145 13.3 The 15 Introducing the SMT 158 15.1 SMT Introduction 158 15.2 Accessing the ZyXEL Device via Console Port 158 15.2.1 Initial Screen 158 15.2.2 Entering - ZyXEL P-202H | User Guide - Page 15
P-202H Plus v2 User's Guide 15.5.1 System Management Terminal Interface Summary 162 15.6 Changing 167 Chapter 17 Menu 2 ISDN Setup 170 17.1 ISDN Setup Overview 170 17.1.1 Supplementary Voice Services 170 17.1.2 ISDN Call Waiting 170 17.1.3 PABX Outside Line Prefix 170 17.1.4 Outgoing Calling - ZyXEL P-202H | User Guide - Page 16
198 21.1 Static Route 198 21.2 IP Static Route Setup 198 Chapter 22 Dial-in Setup ...202 22.1 Dial-in Users Overview 202 22.2 Default Dial-in User Setup 202 22.2.1 CLID Callback Support For Dial-In Users 202 22.3 Setting Up Default Dial-in 203 22.3.1 Default Dial-in Filter 205 22.4 Callback - ZyXEL P-202H | User Guide - Page 17
Guide 24.2 Access Methods 230 24.3 Enabling the Firewall 230 24.3.1 Viewing the Firewall Log 231 24.3.2 Example E-mail Log 233 Chapter 25 Filter Configuration 234 25.1 Introduction to Filters 234 25.1.1 The Filter Structure of the ZyXEL About SNMP 250 26.2 Supported MIBs 251 26.3 SNMP - ZyXEL P-202H | User Guide - Page 18
P-202H Plus v2 User's Guide 28.3.2 Unix Syslog 263 28.3.2.1 CDR 264 28.3.2.2 Packet triggered 265 28.3.2.3 Filter log 265 28.3.2.4 PPP log 266 28.3.2.5 POTS log 266 28.3.3 Accounting - ZyXEL P-202H | User Guide - Page 19
...306 33.5 Manual Setup 308 33.5.1 Active Protocol 308 Chapter 34 SA Monitor ...312 34.1 SA Monitor Overview 312 34.2 Using SA Monitor 312 Chapter 35 IPSec Log...314 35.1 IPSec Logs ...314 Chapter 36 Troubleshooting 318 36.1 Problems Starting Up the ZyXEL Device 318 36.2 Problems with the LAN - ZyXEL P-202H | User Guide - Page 20
P-202H Plus v2 User's Guide 36.3 Problems with the ISDN Line 319 36.4 Problems with Remote User Dial-in 319 36.5 Problems Accessing the ZyXEL Device 320 Appendix A Product Specifications 322 Appendix B Wall-mounting Instructions 324 Appendix C Log Descriptions 326 Appendix D Setting up Your - ZyXEL P-202H | User Guide - Page 21
P-202H Plus v2 User's Guide List of Figures Figure 1 Internet Access Application 36 Figure 2 LAN-to-LAN 98 Figure 36 Firewall > Source and Destination Addresses 99 Figure 37 Firewall > Customized Services 100 Figure 38 Firewall > Configure Customized Services 101 List of Figures 20 - ZyXEL P-202H | User Guide - Page 22
Guide Figure 39 Firewall > Timeout 102 Figure 40 Firewall > Logs 103 Figure 41 Firewall Example: Edit Rule 105 Figure 42 Firewall Example: Configure Source IP 105 Figure 43 Firewall Example: Customized Service Rule Setup with Manual Key 132 Dynamic DNS 167 Figure 77 ZyXEL Device Behind a PABX - ZyXEL P-202H | User Guide - Page 23
P-202H Plus v2 User's Guide Figure 82 Menu 3 Ethernet Setup 178 Figure 83 Menu 3.1 LAN Port Filter Setup 178 Figure 84 Menu 3.2 TCP/IP and DHCP Ethernet Setup 179 Figure - ZyXEL P-202H | User Guide - Page 24
P-202H Plus v2 User's Guide Figure 125 NAT Example 3 224 Figure 126 NAT Example 3: Menu 11.3 225 Figure 127 Example 3: Menu 15.1.1.1 225 Figure 128 Example 3: Final Menu 15.1.1 226 - ZyXEL P-202H | User Guide - Page 25
P-202H Plus v2 User's Guide Figure 168 Display for a Successful Manual Call 269 Figure 169 Telnet in Menu 24.5 Menu 26.1 Schedule Set Setup 297 Figure 201 Applying Schedule Set(s) to a Remote Node 298 Figure 202 VPN SMT Menu Tree 300 Figure 203 Menu 27 VPN/IPSec Setup 301 Figure 204 Menu 27 - ZyXEL P-202H | User Guide - Page 26
P-202H Plus v2 User's Guide Figure 211 Wall-mounting Example 324 Figure 212 WIndows 95/98/Me: Network: Configuration 339 Figure 213 Windows 95/98/Me: TCP/IP Properties: IP - ZyXEL P-202H | User Guide - Page 27
P-202H Plus v2 User's Guide List of Tables Table 1 Front Panel LEDs 39 Table 2 Web Configurator Table 9 NAT Definitions ...64 Table 10 NAT Mapping Types 67 Table 11 NAT Mode ...68 Table 12 Services and Port Numbers 69 Table 13 Edit SUA/NAT Server Set 71 Table 14 Address Mapping Rules 72 - ZyXEL P-202H | User Guide - Page 28
Guide Table 39 Rule Setup with Manual Key 132 Table 40 SA Monitor ...135 Table 41 Global Setting ...136 Table 42 Telecommuter and Headquarters Configuration Example 136 Table 43 VPN Logs ...139 Table 44 NetCAPI ...141 Table 45 Supplemental Services Nodes Comparison Chart 202 Table 71 Menu 13 - ZyXEL P-202H | User Guide - Page 29
P-202H Plus v2 User's Guide Table 82 Menu 22 SNMP Manual Setup 309 Table 105 Menu 27.2 SA Monitor 313 Table 106 Sample IKE Key Exchange Logs 315 Table 107 Sample IPSec Logs During Packet Transmission 316 Table 108 RFC-2408 ISAKMP Payload Types 317 Table 109 Troubleshooting Starting Up Your ZyXEL - ZyXEL P-202H | User Guide - Page 30
P-202H Plus v2 User's Guide Table 125 IKE Logs ...330 Table 126 PKI Logs ...333 Table 127 Certificate Path Verification Failure Reason Codes 334 Table 128 ACL Setting Notes 335 - ZyXEL P-202H | User Guide - Page 31
as the "ZyXEL Device" in this User's Guide. Related Documentation • Supporting Disk Refer to the included CD for support documents. • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains connection information and instructions on getting started - ZyXEL P-202H | User Guide - Page 32
P-202H Plus v2 User's Guide Please go to http://www.zyxel.com for product news, firmware, updated documents, and other support materials. User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to [email protected] or send - ZyXEL P-202H | User Guide - Page 33
a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN. The ZyXEL Device firewall supports TCP/UDP inspection, DoS detection and protection, real - ZyXEL P-202H | User Guide - Page 34
Guide 4-Port Switch A combination of switch and router makes your ZyXEL Device a cost-effective and viable network solution. You can connect up to four computers to the ZyXEL point-to-multipoint. ISDN Basic Rate Interface (BRI) Support The ZyXEL Device supports a single BRI. A BRI offers two 64 Kbps - ZyXEL P-202H | User Guide - Page 35
Plus v2 User's Guide Extensive Analog Phone Support The ZyXEL Device is equipped with two standard phone jacks for you to connect analog devices such as telephones and FAX machines. It also supports supplementary services such as call waiting and 3-way calling. Incoming Call Support In addition to - ZyXEL P-202H | User Guide - Page 36
Firmware via LAN The ZyXEL Device supports the up/downloading of firmware and configuration file over the LAN. Supplementary Voice Features The ZyXEL Device supports the following supplementary voice features on both of its analog or POTS (Plain Old Telephone Service) phone ports: 35 Chapter - ZyXEL P-202H | User Guide - Page 37
take full advantage of the Supplementary Voice Services available though the ZyXEL Device's phone ports, you will need to subscribe to the services from your local telephone company. Caller ID Display Services on Analog PSTN Lines The ZyXEL Device supports Caller ID information on both phone ports - ZyXEL P-202H | User Guide - Page 38
P-202H Plus v2 User's Guide Figure 2 LAN-to-LAN Application Example 1.3.3 Remote Access Server Your ZyXEL Device allows remote users to dial-in and gain access to your LAN. This feature enables individuals that have computers with remote access capabilities to - ZyXEL P-202H | User Guide - Page 39
Figure 4 Secure Internet Access and VPN Application P-202H Plus v2 User's Guide 1.4 Front Panel LEDs The following figure shows the front panel LEDs. Figure 5 Front Panel Chapter 1 Getting To Know Your ZyXEL Device 38 - ZyXEL P-202H | User Guide - Page 40
v2 User's Guide The following table describes the LEDs. Table 1 Front Panel LEDs LED POWER COLOR Green STATUS On Red ETHERNET Green 1-4 ISDN LNK Green Blinking On Off On Blinking Off On Off ISDN B1, B2 Green PHONE 1-2 Green On Off On Blinking Off DESCRIPTION The ZyXEL Device is receiving - ZyXEL P-202H | User Guide - Page 41
from your device. Web pop-up blocking is enabled by default in Windows XP SP (Service Pack) 2. • JavaScripts (enabled by default). • Java permissions (enabled by default). See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. 2.2 Accessing the - ZyXEL P-202H | User Guide - Page 42
P-202H Plus v2 User's Guide Figure 6 Password Screen 6 You should see a screen asking you to change your or the SMT menu, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file. This means that you will lose all configurations that - ZyXEL P-202H | User Guide - Page 43
Guide 2 Press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the ZyXEL Access Setup Use this screen to configure Internet Service Provider parameters. NAT NAT Mode Use this screen - ZyXEL P-202H | User Guide - Page 44
v2 User's Guide Table 2 . Use this screen to allow applications to access services over ISDN. This screen contains administrative and system-related is highly recommended that you periodically change the password for accessing the ZyXEL Device. If you didn't change the default one after you logged - ZyXEL P-202H | User Guide - Page 45
Figure 9 Password P-202H Plus v2 User's Guide The following table describes the labels in this screen. Table 3 you type. After you change the password, use the new password to access the ZyXEL Device. Type the new password again for confirmation. Click Apply to save your changes back to the - ZyXEL P-202H | User Guide - Page 46
P-202H Plus v2 User's Guide 45 Chapter 2 Introducing the Web Configurator - ZyXEL P-202H | User Guide - Page 47
P-202H Plus v2 User's Guide CHAPTER 3 Wizard Setup This chapter provides information on the Line Prefix field. Otherwise, leave it blank. Please note that the PABX prefix is for calls initiated by the ZyXEL Device only. If you place a call from a device on either A/B adapter, you must dial the prefix - ZyXEL P-202H | User Guide - Page 48
P-202H Plus v2 User's Guide Figure 10 Wizard 1: ISDN Line Set Up The following table B channels, select Switch/Switch (default). If you are only using one B channel (for example, your ZyXEL Device is sharing the ISDN line with another device), then select Switch/Unused. If your second B channel is - ZyXEL P-202H | User Guide - Page 49
P-202H Plus v2 User's Guide Table 4 Wizard 1: ISDN Line Set Up LABEL DESCRIPTION Incoming found, the call is dropped. If you select Don't Care, then all data calls are routed to the ZyXEL Device itself. Analog calls, however, are routed to either A/B adapter 1 or 2, or simply ignored, depending - ZyXEL P-202H | User Guide - Page 50
User's Guide Figure 11 Wizard 2: ISP Parameters For Internet Access The following table describes the fields in this screen. Table 5 Wizard 2: ISP Parameters For Internet Access LABEL DESCRIPTION Name Type the name of your service provider. Login Information Primary Phone Your ZyXEL Device - ZyXEL P-202H | User Guide - Page 51
P-202H Plus v2 User's Guide Table 5 Wizard 2: ISP Parameters For Internet Access LABEL DESCRIPTION IP Address Type an IP address to identify your ZyXEL Device on the LAN. Network Address Translation Choose SUA Only if you have a single public IP address. SUA (Single User Account) is a subset - ZyXEL P-202H | User Guide - Page 52
P-202H Plus v2 User's Guide Figure 12 Wizard 3: Summary 4 If you click Change LAN Configuration to change your ZyXEL Device LAN settings, the screen displays as shown below. Figure 13 Wizard: LAN Configuration 51 Chapter 3 Wizard Setup - ZyXEL P-202H | User Guide - Page 53
Guide The following table describes the fields in this screen. Table 6 Wizard: LAN Configuration LABEL TCP/IP LAN IP Address DESCRIPTION Enter the IP address of your ZyXEL allow your ZyXEL Device to assign IP addresses, a default gateway and DNS servers to computer systems that support the DHCP - ZyXEL P-202H | User Guide - Page 54
com. Internet access is just the beginning. Refer to the rest of this User's Guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup - ZyXEL P-202H | User Guide - Page 55
's Guide CHAPTER LANs, WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service - ZyXEL P-202H | User Guide - Page 56
's Guide 4.1.2.1 IP Pool Setup The ZyXEL Device IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. - ZyXEL P-202H | User Guide - Page 57
mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. 4.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from - ZyXEL P-202H | User Guide - Page 58
's Guide Figure 16 LAN Setup The following table describes the fields in this screen. Table 7 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server, your ZyXEL Device can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the - ZyXEL P-202H | User Guide - Page 59
P-202H Plus v2 User's Guide Table 7 LAN Setup (continued) LABEL IP Subnet Mask Apply Cancel DESCRIPTION The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device automatically selects the subnet mask based on the IP address that you assign. Unless you are - ZyXEL P-202H | User Guide - Page 60
P-202H Plus v2 User's Guide 59 Chapter 4 LAN Setup - ZyXEL P-202H | User Guide - Page 61
Guide CHAPTER 5 WAN Setup This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 PPP Multilink The ZyXEL . After the initial call, the ZyXEL Device uses BAP (Bandwidth Allocation Protocol - ZyXEL P-202H | User Guide - Page 62
P-202H Plus v2 User's Guide Figure 17 WAN Setup The following table describes the labels in this screen. Table 8 WAN Setup LABEL DESCRIPTION Name Type the name of your service provider. Login Information Primary Phone # Your ZyXEL Device always calls your ISP using the primary phone number - ZyXEL P-202H | User Guide - Page 63
P-202H Plus v2 User's Guide Table 8 WAN Setup (continued) LABEL DESCRIPTION Static IP Address Select this option to manually configure your ZyXEL Device IP address. IP Address Type an IP address to identify your ZyXEL Device on the LAN. Dial Out Channel Setting Transfer Type This field - ZyXEL P-202H | User Guide - Page 64
P-202H Plus v2 User's Guide 63 Chapter 5 WAN Setup - ZyXEL P-202H | User Guide - Page 65
P-202H Plus v2 User's Guide CHAPTER 6 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 6.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source - ZyXEL P-202H | User Guide - Page 66
P-202H Plus v2 User's Guide 6.1.2 What NAT Does In the simplest form, NAT changes the source IP address -to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their - ZyXEL P-202H | User Guide - Page 67
instance, PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today's ZyXEL Device maps each local IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services - ZyXEL P-202H | User Guide - Page 68
P-202H Plus v2 User's Guide Port numbers do NOT change for One-to-One and Many Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private - ZyXEL P-202H | User Guide - Page 69
User's Guide The following if you have just one public WAN IP address for your ZyXEL Device. The ZyXEL Device uses Server Set 1 in the NAT - Edit cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to - ZyXEL P-202H | User Guide - Page 70
Guide 6.4.1 Default Server IP Address In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen. Note: If you do not assign an IP address in Server Set 1 (default server), the ZyXEL - ZyXEL P-202H | User Guide - Page 71
Figure 21 Multiple Servers Behind NAT Example P-202H Plus v2 User's Guide 6.5 Configuring SUA Server Note: If you do not assign an IP address in Server Set 1 (default server), the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. - ZyXEL P-202H | User Guide - Page 72
P-202H Plus v2 User's Guide The following table describes the fields in this screen. Table 13 address of the server here. Click Save to save your changes back to the ZyXEL Device. Click Cancel to return to the previous configuration. 6.6 Configuring Address Mapping Ordering your rules is important - ZyXEL P-202H | User Guide - Page 73
User's Guide The (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only. M-M Ov (Overload): . Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Click Back - ZyXEL P-202H | User Guide - Page 74
User's Guide The (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only. • Many-to-Many • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Local Start - ZyXEL P-202H | User Guide - Page 75
Guide CHAPTER 7 Dynamic DNS This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 7.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services instruction. 7.2 Configuring Dynamic DNS To change your ZyXEL - ZyXEL P-202H | User Guide - Page 76
. Table 16 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in - ZyXEL P-202H | User Guide - Page 77
Guide CHAPTER 8 Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of use programs written for specific Internet services, such as HTTP, FTP and - ZyXEL P-202H | User Guide - Page 78
v2 User's Guide • Information granular application level access control or caching that some proxies support. See Section 8.5 on page 82 for more information on to ZyXEL's Firewall The ZyXEL Device firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks - ZyXEL P-202H | User Guide - Page 79
Plus v2 User's Guide 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre - ZyXEL P-202H | User Guide - Page 80
P-202H Plus v2 User's Guide 8.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the - ZyXEL P-202H | User Guide - Page 81
P-202H Plus v2 User's Guide • SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system - ZyXEL P-202H | User Guide - Page 82
P-202H Plus v2 User's Guide Figure 29 Smurf Attack 8.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: - ZyXEL P-202H | User Guide - Page 83
v2 User's Guide 8.4.2.3 Traceroute Traceroute should be allowed through the router or firewall. The ZyXEL Device blocks all IP Spoofing attempts. 8.5 Stateful Inspection With be trusted. For example, if you access some outside service, the proxy server remembers things about your original request, - ZyXEL P-202H | User Guide - Page 84
P-202H Plus v2 User's Guide The previous figure shows the ZyXEL Device's default firewall rules in action as the connection's temporary inbound access list entries are deleted. 8.5.2 Stateful Inspection and the ZyXEL Device Additional rules may be defined to extend or override the default rules. For - ZyXEL P-202H | User Guide - Page 85
P-202H Plus v2 User's Guide • Allow certain types of traffic from the Internet to specific hosts on connection information such as IP addresses, TCP ports, sequence numbers, etc. When the ZyXEL Device receives any subsequent packet (from the Internet or from the LAN), its connection information - ZyXEL P-202H | User Guide - Page 86
Guide A similar situation exists for ICMP, except that the ZyXEL . Any protocol that operates in this way must be supported on a case-by-case basis. You can use the • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security - ZyXEL P-202H | User Guide - Page 87
Plus v2 User's Guide • Encourage your Packet Filtering Vs Firewall Below are some comparisons between the ZyXEL Device's filtering and firewall functions. 8.7.1 Packet Filtering: • need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet. - ZyXEL P-202H | User Guide - Page 88
P-202H Plus v2 User's Guide 8.7.1.1 When To Use Filtering • To block/allow LAN packets by their the network session rather than control individual packets in a session. • The firewall provides e-mail service to notify you of routine reports and when alerts occur. 8.7.2.1 When To Use The Firewall • - ZyXEL P-202H | User Guide - Page 89
Plus v2 User's Guide CHAPTER 9 Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 9.1 activate) the firewall. Figure 31 Enabling the Firewall 9.2 E-Mail To change your ZyXEL Device's E-mail log settings, click Firewall, and then E-mail. The screen - ZyXEL P-202H | User Guide - Page 90
P-202H Plus v2 User's Guide Figure 32 Firewall > E-mail The following table describes the blank, alerts will not be sent via e-mail. Return Address Type an E-mail address to identify the ZyXEL Device as the sender of the e-mail messages i.e., a "return-to-sender" address for backup purposes. Log - ZyXEL P-202H | User Guide - Page 91
P-202H Plus v2 User's Guide Table 21 Firewall > E-mail (continued) LABEL Apply Cancel DESCRIPTION Click Apply to save your changes back to the ZyXEL Device. Click Cancel to return to the previously saved settings. 9.3 Attack Alert Attack alerts are real-time reports of DoS attacks. In the Alert - ZyXEL P-202H | User Guide - Page 92
Guide 9.3.3 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service Blocking Time timeout is 0 (the default), then the ZyXEL Device deletes the oldest existing half-open session for the host - ZyXEL P-202H | User Guide - Page 93
Guide The following table describes the labels in this screen. Table 22 Firewall > Alert LABEL Generate alert when attack detected Denial of Service that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open sessions as necessary, until the - ZyXEL P-202H | User Guide - Page 94
P-202H Plus v2 User's Guide Table 22 Firewall > Alert (continued) LABEL Blocking Time Click Back to return to the previous screen. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. 9.4 Rules Overview Firewall rules are subdivided into - ZyXEL P-202H | User Guide - Page 95
P-202H Plus v2 User's Guide 9.5.1 Rule Checklist State the intent of the rule. For example, " the rule to forward or block traffic? 2 What direction of traffic does the rule apply to? 3 What IP services will be affected? 4 What computers on the LAN are to be affected (if any)? 5 What computers on - ZyXEL P-202H | User Guide - Page 96
P-202H Plus v2 User's Guide 9.5.3.3 Source Address What is the connection's source address; is it on the LAN or configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules 9.6.2 WAN to LAN Rules The default rule for WAN to - ZyXEL P-202H | User Guide - Page 97
Firewall > Rule Summary P-202H Plus v2 User's Guide The following table describes the labels in this screen. packet. Please note that a blank source or destination address is equivalent to Any. Service This is the service to which the rule applies. See Figure 30 on page 107 for more information. - ZyXEL P-202H | User Guide - Page 98
P-202H Plus v2 User's Guide Table 23 Firewall > Rule Summary (continued) LABEL DESCRIPTION to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 9.7.1 Configuring Firewall Rules Refer - ZyXEL P-202H | User Guide - Page 99
Rule P-202H Plus v2 User's Guide The following table describes the labels Services Select a service in the Available Services box on the left, then click >> to select. The selected service shows up on the Selected Services box on the right. To remove a service, click on it in the Selected Services - ZyXEL P-202H | User Guide - Page 100
P-202H Plus v2 User's Guide Table 24 Firewall > Edit a Rule (continued) LABEL DESCRIPTION Action for Matched Packet Log Alert Back Apply Cancel Delete Use the drop down list box to - ZyXEL P-202H | User Guide - Page 101
. Click Cancel to return to the previously saved settings. 9.7.3 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further - ZyXEL P-202H | User Guide - Page 102
P-202H Plus v2 User's Guide 9.7.4 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. Refer to Section 8.1 on page 76 for more - ZyXEL P-202H | User Guide - Page 103
P-202H Plus v2 User's Guide 9.8.1 Factors Influencing Choices for Timeout Values The factors the number of seconds (default 3600) for an inactive TCP connection to remain open before the ZyXEL Device considers the connection closed. UDP Idle Timeout Type the number of seconds (default 60) for - ZyXEL P-202H | User Guide - Page 104
P-202H Plus v2 User's Guide 9.9 Logs Screen When you configure a new rule you also have the option to log events that match, don't match (or both) this rule. Click Logs - ZyXEL P-202H | User Guide - Page 105
P-202H Plus v2 User's Guide Table 29 Firewall > Logs (continued) LABEL DESCRIPTION EXAMPLE Reason This field states the reason for the log; i.e., was the rule matched, not matched, or was - ZyXEL P-202H | User Guide - Page 106
P-202H Plus v2 User's Guide Figure 41 Firewall Example: Edit Rule 4 Click SrcAdd to open the Rule IP Config screen. Configure it as follows and click Apply. Figure 42 Firewall Example: Configure Source IP 5 Click Edit Available Service in the Edit Rule screen and then click a rule number to bring up - ZyXEL P-202H | User Guide - Page 107
P-202H Plus v2 User's Guide 6 Follow the procedures outlined earlier in this chapter to configure all your rules. Configure the rule configuration screen like the one below and apply it. Figure 44 Firewall Example: Edit Rule: Select Customized Services 7 On completing the configuration procedure - ZyXEL P-202H | User Guide - Page 108
Plus v2 User's Guide Figure 45 Firewall Example: Rule Summary 9.11 Predefined Services The Available Services list box in the Edit Rule screen (see Section 9.7.1 on page 97) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appear - ZyXEL P-202H | User Guide - Page 109
P-202H Plus v2 User's Guide Table 30 Predefined Services (continued) SERVICE DESCRIPTION CU-SEEME(TCP/UDP:7648, A popular videoconferencing solution from White Pines Software. 24032) DNS(UDP/TCP:53) Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. - ZyXEL P-202H | User Guide - Page 110
P-202H Plus v2 User's Guide Table 30 Predefined Services (continued) SERVICE SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS (TCP midrange systems, UNIX systems and network servers. Simole Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home - ZyXEL P-202H | User Guide - Page 111
P-202H Plus v2 User's Guide CHAPTER 10 Introduction to IPSec This chapter introduces the basics secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP - ZyXEL P-202H | User Guide - Page 112
P-202H Plus v2 User's Guide Figure 46 Encryption and Decryption 10.1.3.2 Data Confidentiality The IPSec sender verify the source of IPSec packets. This service depends on the data integrity service. 10.1.4 VPN Applications The ZyXEL Device supports the following VPN applications. • Linking Two or - ZyXEL P-202H | User Guide - Page 113
47 IPSec Architecture P-202H Plus v2 User's Guide 10.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload 10.2.2 Key Management Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. 10.3 Encapsulation The two modes of - ZyXEL P-202H | User Guide - Page 114
202H Plus v2 User's Guide Figure 48 Transport and IP packet to transmit it securely. A Tunnel mode is required for gateway services to provide access to internal systems. Tunnel mode is fundamentally an IP tunnel on a host computer behind the ZyXEL Device. 113 Chapter 10 Introduction to IPSec - ZyXEL P-202H | User Guide - Page 115
P-202H Plus v2 User's Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, - ZyXEL P-202H | User Guide - Page 116
P-202H Plus v2 User's Guide 115 Chapter 10 Introduction to IPSec - ZyXEL P-202H | User Guide - Page 117
P-202H Plus v2 User's Guide CHAPTER 11 VPN Screens This chapter introduces the VPN web (Encapsulating Security Payload) Protocol The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non- - ZyXEL P-202H | User Guide - Page 118
P-202H Plus v2 User's Guide . Table 32 AH and ESP Encryption Authentication ESP AH DES (default My IP Address is the WAN IP address of the ZyXEL Device. If this field is configured as 0.0.0.0, then the ZyXEL Device will use the current ZyXEL Device WAN IP address (static or dynamic) to set - ZyXEL P-202H | User Guide - Page 119
Guide You can also enter a remote secure gateway's domain name in the Secure Gateway IP Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL 0.0.0.0 only when using IKE key management and not Manual key management. 11.5 VPN Summary Screen The following - ZyXEL P-202H | User Guide - Page 120
P-202H Plus v2 User's Guide Figure 50 VPN Summary The following table describes the the computer on your local network behind your ZyXEL Device. The same (static) IP address is displayed twice when the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single. The - ZyXEL P-202H | User Guide - Page 121
v2 User's Guide 11.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the ZyXEL Device automatically renegotiates and content are encrypted to provide identity protection. In this case the ZyXEL Device can only distinguish between up to eight different incoming SAs that connect - ZyXEL P-202H | User Guide - Page 122
P-202H Plus v2 User's Guide Table 34 Local ID Type and Content Fields LOCAL ID TYPE CONTENT E-mail Type an e-mail address (up to 31 characters) by which to identify this ZyXEL Device. The domain name or e-mail address that you use in the Content field is used for identification purposes only - ZyXEL P-202H | User Guide - Page 123
P-202H Plus v2 User's Guide Figure 51 Mismatching ID Type and Content Configuration Example ZYXEL DEVICE A Peer ID type: E-mail Peer ID content: [email protected] ZYXEL DEVICE B Peer ID type: IP Peer ID content: N/A 11.8 Pre-Shared Key A pre-shared key identifies a communicating party during a phase - ZyXEL P-202H | User Guide - Page 124
Guide leaves the firewall. Select this check box to have the ZyXEL Device automatically re-initiate the SA after the SA lifetime times Manual from the drop-down list box. IKE provides more protection so it is generally recommended. Manual is a useful option for troubleshooting if you have problems - ZyXEL P-202H | User Guide - Page 125
P-202H Plus v2 User's Guide Table 37 VPN Rule Setup (continued) LABEL DESCRIPTION Negotiation Mode Select Main or Aggressive from the drop-down list box. The ZyXEL Device's negotiation mode should be identical to that on the remote secure gateway. Local Local IP addresses must be static and - ZyXEL P-202H | User Guide - Page 126
P-202H Plus v2 User's Guide Table 37 VPN Rule Setup (continued) LABEL DESCRIPTION Local ID Type Select IP to identify this ZyXEL Device by its IP address. Select DNS to identify this ZyXEL Device by a domain name. Select E-mail to identify this ZyXEL Device by an e-mail address. Content When - ZyXEL P-202H | User Guide - Page 127
User's Guide Table 37 ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options DES, 3DES or NULL from the drop-down list box. The ZyXEL Device's encryption algorithm should be identical to the secure remote gateway. - ZyXEL P-202H | User Guide - Page 128
P-202H Plus v2 User's Guide Figure 53 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a the IPSec SA if there is traffic when the IPSec SA lifetime period expires. The ZyXEL Device also automatically renegotiates the IPSec SA if both IPSec routers have keep alive enabled, - ZyXEL P-202H | User Guide - Page 129
v2 User's Guide • Main DH1) and 1024-bit (Group 2 - DH2) Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared security, so PFS is disabled (None) by default in the ZyXEL Device. Disabling PFS means new authentication and encryption keys are - ZyXEL P-202H | User Guide - Page 130
P-202H Plus v2 User's Guide Figure 54 Advanced Rule Setup The following table signifies any protocol. As a VPN setup is processing intensive, the system is vulnerable to Denial of Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay - ZyXEL P-202H | User Guide - Page 131
P-202H Plus v2 User's Guide Table 38 Advanced Rule Setup (continued) LABEL DESCRIPTION End Enter on both ends. Encryption Algorithm Select DES or 3DES from the drop-down list box. The ZyXEL Device's encryption algorithm should be identical to the secure remote gateway. When DES is used for - ZyXEL P-202H | User Guide - Page 132
Device and return to the VPN-IKE screen. Click Cancel to return to the VPN-IKE screen without saving your ZyXEL Device. 11.12 Manual Key Manual key management is useful if you have problems with IKE key management. 11.12.1 Security Parameter Index (SPI) An SPI is used to distinguish different SAs - ZyXEL P-202H | User Guide - Page 133
Key Mode Local Address Type DESCRIPTION Select this check box to activate this VPN policy. Select IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have problems using IKE key management. Use the drop-down menu to choose Single, Range, or Subnet. Select - ZyXEL P-202H | User Guide - Page 134
's Guide Table 39 Rule Setup with Manual Key the remote IPSec router. Enter the WAN IP address of your ZyXEL Device. The ZyXEL Device uses its current WAN IP address (static or dynamic) in RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must - ZyXEL P-202H | User Guide - Page 135
P-202H Plus v2 User's Guide Table 39 Rule Setup with Manual Key LABEL Encryption Algorithm Encryption Key (Only with ESP) Authentication Algorithm Authentication Key Back Apply Cancel Delete DESCRIPTION Select DES, 3DES or NULL from the drop-down list box. The ZyXEL Device's encryption algorithm - ZyXEL P-202H | User Guide - Page 136
P-202H Plus v2 User's Guide Figure 56 SA Monitor The following table describes the labels in . This field displays the security protocols used for an SA. Both AH and ESP increase ZyXEL Device processing requirements and communications latency (delay). Click the radio button next to a security - ZyXEL P-202H | User Guide - Page 137
P-202H Plus v2 User's Guide The following table describes the labels in this screen. Table 41 Global Back to return to the previous screen. Click Apply to save your changes back to the ZyXEL Device. Click Reset to begin configuring this screen afresh. 11.16 Telecommuter VPN/IPSec Examples The - ZyXEL P-202H | User Guide - Page 138
Guide Figure 58 Telecommuters Sharing One VPN Rule Example 11.16.2 Telecommuters Using Unique VPN Rules Example With aggressive negotiation mode (see Section 11.10.1 on page 127), the ZyXEL use a separate VPN rule to simultaneously access a ZyXEL Device at headquarters. They can use different IPSec - ZyXEL P-202H | User Guide - Page 139
P-202H Plus v2 User's Guide Figure 59 Telecommuters Using Unique VPN Rules Example 11.17 Logs This screen displays the logs for all VPNs. The VPN log includes log index - ZyXEL P-202H | User Guide - Page 140
P-202H Plus v2 User's Guide Figure 60 VPN Logs The following table describes the labels in this screen. Table 43 VPN Logs LABEL Log Back Previous Page Refresh Clear Next - ZyXEL P-202H | User Guide - Page 141
Guide CHAPTER 12 NetCAPI This chapter covers the NetCAPI screen. 12.1 NetCAPI Overview Your ZyXEL Device supports NetCAPI. NetCAPI is ZyXEL CAPI CAPI is an interface standard that allows applications to access ISDN services. Several applications can share one or more ISDN lines. When an application - ZyXEL P-202H | User Guide - Page 142
P-202H Plus v2 User's Guide 12.3 Configuring NetCAPI To edit your ZyXEL Device's NetCAPI settings, click Advanced > NetCAPI. . Select Subscriber Number (MSN) if you want to direct all incoming call to the ZyXEL Device only when the incoming phone number matches the ISDN DATA number. If the incoming - ZyXEL P-202H | User Guide - Page 143
P-202H Plus v2 User's Guide Table 44 NetCAPI LABEL End IP Operation Apply Cancel DESCRIPTION different ISDN communication programs (such as AVM Fritz or RVS-COM) to access the ISDN on the ZyXEL Device. NetCAPI can carry out CAPI applications only if the CAPI driver is installed on your computer. - ZyXEL P-202H | User Guide - Page 144
P-202H Plus v2 User's Guide 12.3.3 Example of Installing a CAPI driver and Communication Software software, enter one of the license keys of your RVS-COM Lite CD-ROM and follow the instructions on the configuration wizard. When you install RVS-Lite, RVS-COM AUTOMATICALLY installs CAPI driver before - ZyXEL P-202H | User Guide - Page 145
Plus v2 User's Guide CHAPTER 13 Supplementary Phone Services This chapter discusses the European ISDN supplemental services. 13.1 Overview The ZyXEL Device supports a comprehensive set of advanced calling features known as Supplemental Services. European ISDN Supplemental Services may vary and have - ZyXEL P-202H | User Guide - Page 146
P-202H Plus v2 User's Guide 13.2 Setting Up Supplemental Phone Service All Supplemental Phone Services are enabled by default except the timing is much more precise. With manual tapping, if the duration is too long, it may be interpreted as hanging up by the ZyXEL Device. 13.4 Call Waiting ISDN Call - ZyXEL P-202H | User Guide - Page 147
P-202H Plus v2 User's Guide • You are dialing a number on the B-channel the incoming caller is attempting to reach, but have not yet established a connection. 13.5 Three Way Calling Three Way Calling allows you to add a third party to an existing call. This service must be subscribed from your - ZyXEL P-202H | User Guide - Page 148
P-202H Plus v2 User's Guide 3 When you are ready to conference the two calls together, press the flash fine, and you can use whichever one you are most comfortable with. 13.8 Reminder Ring The ZyXEL Device sends a single short ring to your telephone every time a call has been forwarded (US - ZyXEL P-202H | User Guide - Page 149
v2 User's Guide 13.9 Number (MSN) to determine routing for all incoming calls, the ZyXEL Device will compare the incoming call's Called Party Number or Subaddress . 13.11 Terminal Portability (Suspend/Resume) The Terminal Portability service allows you to suspend a phone call temporarily. You can - ZyXEL P-202H | User Guide - Page 150
P-202H Plus v2 User's Guide 149 Chapter 13 Supplementary Phone Services - ZyXEL P-202H | User Guide - Page 151
P-202H Plus v2 User's Guide CHAPTER 14 Maintenance This chapter displays system information such as ZyNOS firmware, Status to open the following screen, where you can use to monitor your ZyXEL Device. Note that these fields are READ-ONLY and only for diagnostic purposes. Chapter 14 Maintenance 150 - ZyXEL P-202H | User Guide - Page 152
P-202H Plus v2 User's Guide Figure 63 System Status The following table describes the labels in this screen. Table 47 System Status LABEL DESCRIPTION System Status System Name This is the name of your ZyXEL Device. It is for identification purposes. ZyNOS Firmware Version This is the ZyNOS - ZyXEL P-202H | User Guide - Page 153
P-202H Plus v2 User's Guide Table 47 System Status LABEL DESCRIPTION MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your ZyXEL Device. IP Address This is the LAN port IP address. IP Subnet Mask This is the LAN port IP subnet mask. DHCP This is the - ZyXEL P-202H | User Guide - Page 154
P-202H Plus v2 User's Guide Table 48 System Status > Show Statistics (continued) LABEL ZyXEL Device provides the TCP/IP configuration for the clients. If set to None, DHCP service will be disabled and you must have another DHCP server on your LAN, or else the computer must be manually - ZyXEL P-202H | User Guide - Page 155
P-202H Plus v2 User's Guide Click Maintenance, and then the DHCP Table tab. Read-only information here relates to on the bottom of your device. Click Firmware to open the following screen. Follow the instructions in this screen to upload firmware to your ZyXEL Device. Chapter 14 Maintenance 154 - ZyXEL P-202H | User Guide - Page 156
P-202H Plus v2 User's Guide Figure 66 Firmware Upgrade The following table describes the labels in to two minutes. Click this button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. You can also press the RESET button on the rear panel to reset - ZyXEL P-202H | User Guide - Page 157
Figure 67 Firmware Upload In Progress P-202H Plus v2 User's Guide The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 68 - ZyXEL P-202H | User Guide - Page 158
P-202H Plus v2 User's Guide 14.5 Budget Control Budget management allows you to set a limit on the total outgoing call time of the ZyXEL Device over a period of time. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls - ZyXEL P-202H | User Guide - Page 159
P-202H Plus v2 User's Guide CHAPTER 15 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 15.1 SMT Introduction The ZyXEL Device's SMT (System Management Terminal) is a menu-driven interface that you can access from - ZyXEL P-202H | User Guide - Page 160
Plus v2 User's Guide For your first login, enter the default password "1234". As you type the password, the screen displays an asterisk "*" for each character you type. Please note that if there is no activity for longer than five minutes after you log in, your ZyXEL Device will automatically log - ZyXEL P-202H | User Guide - Page 161
P-202H Plus v2 User's Guide Table 52 SMT Menus Overview (continued) MENUS SUB MENUS 12 Static Routing Setup 12.1 Edit IP Static Route 13 Default Dial-in Setup 13.1 Default - ZyXEL P-202H | User Guide - Page 162
Monitor 27.3 View IPSec Log 27.1.1 IPSec Setup 27.1.1.1 IKE Setup 27.1.1.2 Manual Setup 15.5 Navigating the SMT Interface The SMT(System Management Terminal) is the interface that you use to configure your ZyXEL Device. Several operations that you should be familiar with before you attempt to - ZyXEL P-202H | User Guide - Page 163
P-202H Plus v2 User's Guide Table 53 Main Menu Commands OPERATION Save your configuration Exit the the main menu, as shown next. Figure 73 SMT Main Menu Copyright (c) 1994 - 2006 ZyXEL Communications Corp. P202H Plus v2 Main Menu Getting Started 1. General Setup 2. ISDN Setup 3. Ethernet - ZyXEL P-202H | User Guide - Page 164
P-202H Plus v2 User's Guide Table 54 Main Menu Summary # MENU TITLE DESCRIPTION 11 Remote Node Setup . 13 Default Dial-in Setup Use this menu to set up default dial-in parameters so that your ZyXEL Device can be used as a dial-in server. 14 Dial-in User Setup Use this menu to configure - ZyXEL P-202H | User Guide - Page 165
P-202H Plus v2 User's Guide 5 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER]. Note: When you type in a password, the screen displays an "*" for each character you type. Chapter 15 Introducing the SMT 164 - ZyXEL P-202H | User Guide - Page 166
P-202H Plus v2 User's Guide 165 Chapter 15 Introducing the SMT - ZyXEL P-202H | User Guide - Page 167
P-202H Plus v2 User's Guide CHAPTER 16 Menu 1 General Setup Menu 1 - General Setup contains and then the Properties button. Note the entry for the Computer name field and enter it as the ZyXEL Device System Name. • In Windows XP, click start, My Computer, View system information and then - ZyXEL P-202H | User Guide - Page 168
User's Guide 2 Fill ) of your ZyXEL Device. Contact Person's Enter the name (up to 30 characters) of the person in charge of this ZyXEL Name Device. Figure 76 Menu 1.1 Configure Dynamic DNS Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= - ZyXEL P-202H | User Guide - Page 169
Guide Follow the instructions in the next table to configure Dynamic DNS parameters. Table 56 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the name of your Dynamic DNS service to you. Enable Wildcard Your ZyXEL Device supports DYNDNS Wildcard. Press [SPACE BAR - ZyXEL P-202H | User Guide - Page 170
P-202H Plus v2 User's Guide 169 Chapter 16 Menu 1 General Setup - ZyXEL P-202H | User Guide - Page 171
P-202H Plus v2 User's Guide CHAPTER 17 Menu 2 ISDN Setup This chapter tells you how to Services available on the ZyXEL Device series include: • Call Waiting • Three Way Calling (conference) • Call Transfer • Call Forwarding. The Advanced Phone Services chapter in this manual describes these services - ZyXEL P-202H | User Guide - Page 172
P-202H Plus v2 User's Guide Please note that the PABX prefix is for calls initiated by the ZyXEL Device only. If you place a call from a device on either A/B adapter, you must dial the prefix by hand. 17.1.4 Outgoing Calling Party Number If these fields are not blank, the ZyXEL Device will use these - ZyXEL P-202H | User Guide - Page 173
P-202H Plus v2 User's Guide Figure 78 Menu 2 ISDN Setup Menu 2 - ISDN Setup Switch Type: DSS-1 B Channel Usage= this will be Switch/Switch (default). If you are only using one B channel (e.g., your ZyXEL Device is sharing the ISDN BRI line with another device), then select Switch/Unused. If your - ZyXEL P-202H | User Guide - Page 174
P-202H Plus v2 User's Guide Table 57 Menu 2 ISDN Setup FIELD DESCRIPTION Analog Call Routing Select the destination for analog calls. The choices are A/B Adapter 1, A/B Adapter 2 and Ignore. This field - ZyXEL P-202H | User Guide - Page 175
Plus v2 User's Guide The following table ZyXEL Device asks if you wish to test your ISDN. If you select Yes, the ZyXEL Device will perform a loop-back test to check the ISDN line. If the loop-back test fails, please note the error message that you receive and take the appropriate troubleshooting - ZyXEL P-202H | User Guide - Page 176
P-202H Plus v2 User's Guide Figure 80 Loopback Test Setup LoopBack Test ... Dialing to 40000// ... Sending and Receiving Data ... Disconnecting ... LoopBack Test OK ### Hit any key to continue. ### 17.3 NetCAPI Your ZyXEL Device supports NetCAPI. NetCAPI is ZyXEL's implementation of CAPI (Common - ZyXEL P-202H | User Guide - Page 177
P-202H Plus v2 User's Guide The following table describes the fields in this menu. Table 59 on your computer, and RVSCOM will register itself to the ZyXEL Device. This option is the maximum number of clients that the ZyXEL Device supports at the same time. Incoming Data Call Number Matching This - ZyXEL P-202H | User Guide - Page 178
P-202H Plus v2 User's Guide 177 Chapter 17 Menu 2 ISDN Setup - ZyXEL P-202H | User Guide - Page 179
P-202H Plus v2 User's Guide CHAPTER 18 Menu 3 Ethernet Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 18.1 Ethernet Setup This section describes how - ZyXEL P-202H | User Guide - Page 180
Guide 18.2 Ethernet TCP/IP and DHCP Server The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support Alias= No Press ENTER to Confirm or ESC to Cancel: Follow the instructions in the next table on how to configure the DHCP fields. Table - ZyXEL P-202H | User Guide - Page 181
Guide IP address of the actual, remote DHCP server here. Use the instructions in the following table to configure TCP/IP parameters for the LAN session-layer protocol used to establish membership in a Multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and version 2 (IGMP- - ZyXEL P-202H | User Guide - Page 182
User's Guide Figure 85 N/A Enter here to CONFIRM or ESC to CANCEL: Use the instructions in the following table to configure IP alias parameters. Table 62 Unless you are implementing subnetting, use the subnet mask computed by the ZyXEL Device. Press [SPACE BAR] and then [ENTER] to select the - ZyXEL P-202H | User Guide - Page 183
P-202H Plus v2 User's Guide Table 62 Menu 3.2.1 IP Alias Setup FIELD DESCRIPTION Incoming Protocol Enter the filter set(s) you wish to apply to the incoming traffic between this node Filters and the ZyXEL Device. Outgoing Protocol Enter the filter set(s) you wish to apply to the outgoing - ZyXEL P-202H | User Guide - Page 184
P-202H Plus v2 User's Guide 183 Chapter 18 Menu 3 Ethernet Setup - ZyXEL P-202H | User Guide - Page 185
Plus v2 User's Guide CHAPTER 19 Internet Access Setup This chapter shows you how to configure your ZyXEL Device for Internet access the remote nodes that you can access in menu 11. Before you configure your ZyXEL Device for Internet access, you need to collect your Internet account information from - ZyXEL P-202H | User Guide - Page 186
Password My WAN IP Addr DESCRIPTION Enter the name of your Internet Service Provider, e.g., myISP. This information is for identification purposes only. Both the Primary and the Secondary Phone number refer to the number that the ZyXEL Device dials to connect to the ISP. Enter the login name given - ZyXEL P-202H | User Guide - Page 187
P-202H Plus v2 User's Guide CHAPTER 20 Remote Node Configuration This chapter covers remote node configuration with the time being rounded up to the nearest unit when bills are calculated. For example, the ZyXEL Device may make a call but drop the call after 10 seconds (maybe there was no reply) - ZyXEL P-202H | User Guide - Page 188
P-202H Plus v2 User's Guide Figure 88 Menu 11 Remote Node Setup Menu 11 - Remote Node Setup 1. ChangeMe (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Enter Node # to - ZyXEL P-202H | User Guide - Page 189
Plus v2 User's Guide Table 64 Menu 11.1 Remote Node Profile FIELD Call Direction Incoming: Rem Login Rem Password Rem CLID Call Back Outgoing My Login My Password Authen Pri(mary) Sec(ondary) Phone # Edit PPP Options DESCRIPTION If this parameter is set to Both, your ZyXEL Device can both place - ZyXEL P-202H | User Guide - Page 190
User's Guide Table 64 Options: Transfer Type This field specifies the type of connection between the ZyXEL Device and this remote node. When set to Leased, the Allocated the access code number of your preferred telecommunications service provider. Your telephone company should supply you with - ZyXEL P-202H | User Guide - Page 191
P-202H Plus v2 User's Guide 20.4 PPP Multilink The ZyXEL Device uses the PPP Multilink Protocol (PPP/MP) '30-60' means the add threshold is 30 Kbps and subtract threshold is 60 Kbps. The ZyXEL Device performs bandwidth on demand only if it initiates the call. Addition and subtraction are based on - ZyXEL P-202H | User Guide - Page 192
P-202H Plus v2 User's Guide If, after making the call to bring up a second channel, the second channel does not succeed in joining the Multilink Protocol bundle (because the remote device does not recognize the second call as coming from the same device), the ZyXEL Device will hang up the second - ZyXEL P-202H | User Guide - Page 193
P-202H Plus v2 User's Guide Table 66 Menu 11.2 Remote Node PPP Options FIELD DESCRIPTION time to cancel. 20.7 LAN-to-LAN Application A typical LAN-to-LAN application is to use your ZyXEL Device to connect a branch office to the headquarters, as depicted in the following diagram. Figure 91 TCP/IP - ZyXEL P-202H | User Guide - Page 194
P-202H Plus v2 User's Guide LAN 1 Setup Menu 11.1 - Remote Node Profile Rem Node Name= Confirm or ESC to Cancel: Additionally, you may also need to define static routes if some services reside beyond the immediate remote LAN. 20.8 Configuring Network Layer Options Follow the steps below to edit - ZyXEL P-202H | User Guide - Page 195
P-202H Plus v2 User's Guide 1 To configure the TCP/IP parameters of a remote node, You must fill in either the remote ZyXEL Device WAN IP address or the remote ZyXEL Device LAN IP address. This depends on the remote router's WAN IP i.e., for the (remote) ZyXEL Device, the My WAN IP Addr settings - ZyXEL P-202H | User Guide - Page 196
P-202H Plus v2 User's Guide Table 68 Menu 11.3 Remote Node Network Layer Options FIELD My 1 and 15. In practice, 2 or 3 is usually a good number. Private This parameter determines if the ZyXEL Device will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is - ZyXEL P-202H | User Guide - Page 197
P-202H Plus v2 User's Guide Figure 93 Menu 11.5 Remote Node Filter Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device - ZyXEL P-202H | User Guide - Page 198
P-202H Plus v2 User's Guide 197 Chapter 20 Remote Node Configuration - ZyXEL P-202H | User Guide - Page 199
P-202H Plus v2 User's Guide CHAPTER 21 Static Route Setup This chapter shows you how to setup IP static routes. 21.1 Static Route Static routes tell the ZyXEL Device routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN - ZyXEL P-202H | User Guide - Page 200
P-202H Plus v2 User's Guide Figure 95 Menu 12 IP Static Route Setup Menu 12 - IP Static Route Setup Follow the discussion on IP Subnet Mask in this manual. Type the IP address of the gateway. The gateway is an immediate neighbor of your ZyXEL Device that will forward the packet to the destination. - ZyXEL P-202H | User Guide - Page 201
P-202H Plus v2 User's Guide Table 69 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Metric 1 and 15. In practice, 2 or 3 is usually a good number. Private This parameter determines if the ZyXEL Device will include the route to this remote node in its RIP broadcasts. If set to Yes, this route - ZyXEL P-202H | User Guide - Page 202
P-202H Plus v2 User's Guide 201 Chapter 21 Static Route Setup - ZyXEL P-202H | User Guide - Page 203
Plus v2 User's Guide CHAPTER 22 Dial-in Setup This chapter shows you how to configure your ZyXEL Device to receive calls . Please note that for CLID authentication to work on the ZyXEL Device, your telephone company must support caller ID. If the remote node requires mutual authentication, please - ZyXEL P-202H | User Guide - Page 204
P-202H Plus v2 User's Guide 22.3 Setting Up Default Dial-in From the Main Menu, enter security reason, setting authentication to None is strongly discouraged. Options for this field are: CHAP/PAP - Your ZyXEL Device will try CHAP first, but PAP will be used if CHAP is not available. CHAP -Use CHAP - ZyXEL P-202H | User Guide - Page 205
P-202H Plus v2 User's Guide Table 71 Menu 13 Default Dial-in Setup FIELD Compression Mutual host from using an invalid IP address and potentially disrupting the whole network. This field tells your ZyXEL Device to provide the remote host with an IP address from the pool. This field is required - ZyXEL P-202H | User Guide - Page 206
P-202H Plus v2 User's Guide Table 71 Menu 13 Default Dial-in Setup FIELD Edit Filter Sets specify the filter set(s) to apply to the incoming and outgoing traffic between all dial-in users and your ZyXEL Device. Note that the filter set(s) only applies to the dial-in users but not the remote nodes. - ZyXEL P-202H | User Guide - Page 207
P-202H Plus v2 User's Guide The other is ease of accounting. For instance, your company pays for the connection charges for telecommuting employees and you use your ZyXEL Device as the dial-in server. When you turn on the callback option for the dial-in users, all usage is charged to the company - ZyXEL P-202H | User Guide - Page 208
P-202H Plus v2 User's Guide The following table describes the fields in this menu. a required field. Otherwise, a N/ A will appear in the field. Enter the telephone number to which your ZyXEL Device will call back. Rem CLID If you enable CLID Authen field in menu 13, then you need to specify - ZyXEL P-202H | User Guide - Page 209
Figure 101 Example of Telecommuting P-202H Plus v2 User's Guide See the following screens on how to configure your ZyXEL Device if a remote user's computer is running Windows®. Configuring Menu 13: Figure 102 Configuring Menu 13 for Remote Access Menu 13 - Default Dial-in Setup - ZyXEL P-202H | User Guide - Page 210
P-202H Plus v2 User's Guide Figure 103 Edit Dial-in-User Example Menu 14.1 - Edit Dial-in User User so this field does not apply when there is callback. 22.7 LAN-to-LAN Server Application Example Your ZyXEL Device can also be used as a dial-in server for LAN-to-LAN application to provide access for - ZyXEL P-202H | User Guide - Page 211
P-202H Plus v2 User's Guide LAN 1 Figure 105 LAN 1 LAN-to-LAN Application Menu 11.1 - Remote No Idle Timeout(sec)= 100 Press ENTER to Confirm or ESC to Cancel: Go to menu 24.4.5 of the ZyXEL Device on LAN 1 and enter the numbers that correspond to the menu in LAN 1 above to test callback with - ZyXEL P-202H | User Guide - Page 212
P-202H Plus v2 User's Guide Figure 107 Testing Callback With Your Connection Start dialing for node ### Hit that you do not pay for the first call, i.e., when the ZyXEL Device on LAN 1 calls the ZyXEL Device on LAN 2. The ZyXEL Device (LAN 2) looks at the ISDN Dchannel and verifies that the - ZyXEL P-202H | User Guide - Page 213
P-202H Plus v2 User's Guide Menu 13 Figure 109 Configuring CLID With Callback Menu 13 - Rem CLID number in menu 11.1. Figure 110 Callback and CLID Connection Test Copyright (c) 1994 - 2006 ZyXEL Communications Corp. LAN_2>sys trcl call Tracelog type 9080 level 1 ### Hit any key to terminate *** - ZyXEL P-202H | User Guide - Page 214
P-202H Plus v2 User's Guide 213 Chapter 22 Dial-in Setup - ZyXEL P-202H | User Guide - Page 215
Guide CHAPTER 23 Network Address Translation (NAT) This chapter discusses how to configure NAT on the ZyXEL Device. 23.1 Using NAT Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL ZyXEL Device also supports Full - ZyXEL P-202H | User Guide - Page 216
P-202H Plus v2 User's Guide Figure 111 Menu 4: Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= ChangeMe Pri Phone #= 1234 Sec Phone #= My Login= ChangeMe My Password= ******** - ZyXEL P-202H | User Guide - Page 217
202H Plus v2 User's Guide The following table describes the options for Network Address Translation. Table 73 Applying NAT in Menus 4 & 11.3 FIELD NAT DESCRIPTION Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device. The SMT - ZyXEL P-202H | User Guide - Page 218
P-202H Plus v2 User's Guide Figure 114 Menu 15.1 Address Mapping Sets Menu 15.1 - Address Mapping Sets 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Enter Menu Selection Number: Enter 255 to display the - ZyXEL P-202H | User Guide - Page 219
P-202H Plus v2 User's Guide Table 74 Menu 15.1.255 SUA Address Mapping Rules FIELD DESCRIPTION Global Start IP This is the starting global IP address (IGA). If you have a - ZyXEL P-202H | User Guide - Page 220
P-202H Plus v2 User's Guide 23.3.1.2 Ordering Your Rules Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored. If there - ZyXEL P-202H | User Guide - Page 221
P-202H Plus v2 User's Guide The following table explains the fields in this menu. Table 76 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION Type Press [SPACE - ZyXEL P-202H | User Guide - Page 222
P-202H Plus v2 User's Guide 3 Enter 1 to go to Menu 15.2.1 NAT Server Setup as follows. Figure 119 Menu 15.2.1 NAT Server Setup Menu 15.2.1 - NAT Server Setup Rule Start - ZyXEL P-202H | User Guide - Page 223
P-202H Plus v2 User's Guide 23.5 General NAT Examples The following are some examples of NAT configuration. 23.5.1 Example 1: Internet Access Only In the following Internet access example, you only - ZyXEL P-202H | User Guide - Page 224
P-202H Plus v2 User's Guide 23.5.2 Example 2: Internet Access with an Inside Server The dynamic Inside Global Address is assigned by the ISP. Figure 123 NAT Example 2 In this case, - ZyXEL P-202H | User Guide - Page 225
P-202H Plus v2 User's Guide 1 Map the first IGA to the first inside FTP server for FTP traffic in both directions (1 : 1 mapping, giving both local and global IP addresses). 2 Map - ZyXEL P-202H | User Guide - Page 226
P-202H Plus v2 User's Guide Figure 126 NAT Example 3: Menu 11.3 Menu 11.3 - Remote Node Network Layer Options Rem IP Addr: Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature - ZyXEL P-202H | User Guide - Page 227
P-202H Plus v2 User's Guide Figure 128 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example 3 Idx Local Start IP Local End IP Global Start IP Global - ZyXEL P-202H | User Guide - Page 228
P-202H Plus v2 User's Guide 23.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port - ZyXEL P-202H | User Guide - Page 229
P-202H Plus v2 User's Guide Figure 132 Example 4: Menu 15.1.1 Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Idx Local Start IP Local End IP Global Start - ZyXEL P-202H | User Guide - Page 230
P-202H Plus v2 User's Guide 229 Chapter 23 Network Address Translation (NAT) - ZyXEL P-202H | User Guide - Page 231
ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator, see the following chapters for instructions must be active to protect against Denial of Service (DoS) attacks. Additional rules may be configured using the web configurator. Chapter - ZyXEL P-202H | User Guide - Page 232
P-202H Plus v2 User's Guide Figure 133 Menu 21.2 Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating - ZyXEL P-202H | User Guide - Page 233
P-202H Plus v2 User's Guide Table 77 View Firewall Log FIELD DESCRIPTION EXAMPLES # This is ss: e.g., 00:00:00 clock will start at 2000/01/01 00:00:00 the last time the ZyXEL Device was reset. Packet Information This field lists packet information such as protocol and src/dest port numbers ( - ZyXEL P-202H | User Guide - Page 234
User's Guide 24.3.2 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail. Subject: Firewall Alert From ZyXEL Device Date: Fri, 07 Apr 2006 10:05:42 From: [email protected] To: [email protected] - ZyXEL P-202H | User Guide - Page 235
P-202H Plus v2 User's Guide CHAPTER 25 Filter Configuration This chapter shows you how to create and apply filters. 25.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data - ZyXEL P-202H | User Guide - Page 236
P-202H Plus v2 User's Guide 25.1.1 The Filter Structure of the ZyXEL Device A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to - ZyXEL P-202H | User Guide - Page 237
P-202H Plus v2 User's Guide You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 25.2 Configuring a Filter Set The ZyXEL Device includes filtering for - ZyXEL P-202H | User Guide - Page 238
P-202H Plus v2 User's Guide Figure 137 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup 3. View Firewall Log Enter Menu Selection Number: 2 - ZyXEL P-202H | User Guide - Page 239
P-202H Plus v2 User's Guide Figure 139 NetBIOS_WAN Filter Rules Summary Menu 21.1.1 - Filter Rules Summary # A Type Filter Rules M m n 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP= - ZyXEL P-202H | User Guide - Page 240
P-202H Plus v2 User's Guide Figure 142 FTP_WAN Filter Rules Summary Menu 21.1.4 - Filter Rules Summary # A Type Filter Rules M m n 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP= - ZyXEL P-202H | User Guide - Page 241
P-202H Plus v2 User's Guide The protocol dependent filter rules abbreviation are listed as device filter sets. If you include a protocol filter set in a device filter field or vice versa, the ZyXEL Device will warn you and will not allow you to save. 25.2.3 Configuring a TCP/IP Filter Rule This - ZyXEL P-202H | User Guide - Page 242
P-202H Plus v2 User's Guide Figure 143 Menu 21.1.1.1 TCP/IP Filter Rule. Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 - ZyXEL P-202H | User Guide - Page 243
P-202H Plus v2 User's Guide Table 80 Menu 21.1.x.x TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison to apply - ZyXEL P-202H | User Guide - Page 244
P-202H Plus v2 User's Guide Figure 144 Executing an IP Filter 25.2.4 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic - ZyXEL P-202H | User Guide - Page 245
P-202H Plus v2 User's Guide For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to - ZyXEL P-202H | User Guide - Page 246
P-202H Plus v2 User's Guide Table 81 Menu 21.1.x.x Generic Filter Rule Menu Fields Filter Rules Summary. 25.3 Example Filter Let's look at an example to block outside users from accessing the ZyXEL Device via telnet. Figure 146 Telnet Filter Example 1 Enter 21 from the main menu to open Menu 21 - - ZyXEL P-202H | User Guide - Page 247
P-202H Plus v2 User's Guide 4 Enter a descriptive name or comment in the Edit Comments field and 6 is the TCP IP Protocol. • The Port # for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services. • Select Equal from the Port # Comp field as you are looking for - ZyXEL P-202H | User Guide - Page 248
P-202H Plus v2 User's Guide Figure 148 Example Filter Rules Summary: Menu 21.1.3 Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n 1 to know the exact address and port on the wire. Therefore, the ZyXEL Device applies the protocol filters to the "native" IP address and port - ZyXEL P-202H | User Guide - Page 249
Filter Sets P-202H Plus v2 User's Guide 25.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filter sets filter incoming traffic to the ZyXEL Device and output filter sets filter outgoing traffic from the - ZyXEL P-202H | User Guide - Page 250
P-202H Plus v2 User's Guide Figure 150 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup Input Filter Sets: protocol filters= 2 device filters= Output Filter Sets: protocol filters= device filters= Press - ZyXEL P-202H | User Guide - Page 251
's Guide CHAPTER 26 SNMP Configuration This chapter explains SNMP Configuration menu 22. 26.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyXEL Device supports SNMP - ZyXEL P-202H | User Guide - Page 252
P-202H Plus v2 User's Guide The managed devices contain object variables/managed objects that define the agent to inform the manager of some events. 26.2 Supported MIBs The ZyXEL Device supports RFC-1215 and MIB II as defined in RFC-1213 as well as ZyXEL private MIBs. The focus of the MIBs is to let - ZyXEL P-202H | User Guide - Page 253
P-202H Plus v2 User's Guide The following table describes the SNMP configuration your configuration or press [ESC] to cancel and go back to the previous screen. 26.4 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 83 SNMP Traps - ZyXEL P-202H | User Guide - Page 254
P-202H Plus v2 User's Guide Table 84 Ports and Permanent Virtual Circuits PORT PVC (PERMANENT VIRTUAL CIRCUIT) ... ... 13 12 14 xDSL 253 Chapter 26 SNMP Configuration - ZyXEL P-202H | User Guide - Page 255
User's Guide CHAPTER 27 System Security This chapter describes how to configure the system security on the ZyXEL Device. ZyXEL Device in the chapter about introducing the web configurator . 27.3 RADIUS RADIUS (Remote Authentication Dial-In User Service) is based on a client-sever model that supports - ZyXEL P-202H | User Guide - Page 256
P-202H Plus v2 User's Guide RADIUS authentication is a popular protocol used to authenticate users number of users from a central location Figure 155 RADIUS Server In order to ensure network security, the ZyXEL Device and the RADIUS server use a shared secret key, which is a password, they both know - ZyXEL P-202H | User Guide - Page 257
User's Guide Table 85 . You need not change this value unless your network administrator instructs you to do so with additional information. Key Specify a . This key must be the same on the external authentication server and ZyXEL Device. When you have completed this menu, press [ENTER] at the - ZyXEL P-202H | User Guide - Page 258
P-202H Plus v2 User's Guide 257 Chapter 27 System Security - ZyXEL P-202H | User Guide - Page 259
P-202H Plus v2 User's Guide CHAPTER 28 System Information and Diagnosis This chapter covers the shown next (see Figure 158 on page 259). System Status is a tool that can be used to monitor your ZyXEL Device. To get to System Status, type 24 to go to Menu 24 - System Maintenance. From this menu, - ZyXEL P-202H | User Guide - Page 260
P-202H Plus v2 User's Guide Figure 158 Menu 24.1 System Maintenance : Status Chan --- Link Down Down Menu 24.1 - System information displayed for each channel. This refers to the IP address of the ZyXEL Device. This shows your Caller ID. 259 Chapter 28 System Information and Diagnosis - ZyXEL P-202H | User Guide - Page 261
P-202H Plus v2 User's Guide Table 86 System Maintenance: Status Menu Fields FIELD Peer IP Address Peer CLID Ethernet Status TxPkts RxPkts Collision Total Outcall Time CPU Load LAN Packet - ZyXEL P-202H | User Guide - Page 262
P-202H Plus v2 User's Guide Figure 160 Menu 24.2.1 System Maintenance : Information Menu 24.2.1 - System for the console port through Menu 24.2.2 - System Maintenance - Change Console Port Speed. Your ZyXEL Device supports 9600 (default), 19200, 38400, 57600 and 115200 bps. Press [SPACE BAR] and then - ZyXEL P-202H | User Guide - Page 263
P-202H Plus v2 User's Guide Figure 161 Menu 24.2.2 System Maintenance : Change Console Port Speed .3 - System Maintenance - Log and Trace to display the error log in the system. After the ZyXEL Device finishes displaying the error log, you will have the option to clear it. Samples of typical error - ZyXEL P-202H | User Guide - Page 264
P-202H Plus v2 User's Guide Figure 163 Sample Error and Information Messages 51 Sat Jan Login Successfully SMT Password pass SMT Session Begin netMakeChannDial plug in firewall 28.3.2 Unix Syslog The ZyXEL Device uses the syslog facility to log the CDR (Call Detail Record) and system messages to - ZyXEL P-202H | User Guide - Page 265
P-202H Plus v2 User's Guide Table 88 Menu 24.3.2 System Maintenance : Syslog and Accounting press [ENTER] to confirm or [ESC] to cancel. Your ZyXEL Device sends five types of syslog messages. Some examples (not all ZyXEL Device specific) of these syslog messages with their message formats are - ZyXEL P-202H | User Guide - Page 266
P-202H Plus v2 User's Guide 28.3.2.2 Packet triggered Packet triggered Message Format SdcmdSyslogSend( 202.132.155.97 ZyXEL: GEN[ffffffffffff0080] }S05>R01mF Mar 03 12:00:57 202.132.155.97 ZyXEL: GEN[00a0c5f502010080] }S05>R01mF Mar 03 12:01:06 202.132.155.97 ZyXEL: IP[Src=192.168.2.33 Dst=202 - ZyXEL P-202H | User Guide - Page 267
Guide 28.3.2.4 PPP log PPP Log Message Format SdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String ); String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP / IPXCP Jul 19 11:42:44 192.168.102.2 ZyXEL - ZyXEL P-202H | User Guide - Page 268
Guide this value unless your network administrator instructs you to do so. Key shared between the external accounting server and the ZyXEL Device. When you have completed this menu : IP Header: IP Version Header Length Type of Service Total Length Idetification Flags Fragment Offset Time to Live - ZyXEL P-202H | User Guide - Page 269
202H Plus v2 User's Guide 28.4 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyXEL Device to determine if Number: Manual Call Remote Node= N/A Host IP Address= N/A The following table describes the diagnostic tests available in menu 24.4 for your ZyXEL Device - ZyXEL P-202H | User Guide - Page 270
Guide Table 90 System Maintenance Menu Diagnostic FIELD DESCRIPTION Manual Call This provides a way for you to place a call to a remote node manually. has been done correctly. When this option is chosen, the ZyXEL Device places a manual call to the ISP remote node. If everything is working - ZyXEL P-202H | User Guide - Page 271
P-202H Plus v2 User's Guide CHAPTER 29 Firmware and Configuration File Maintenance This chapter you to have a destination filename different than the source, you will need to rename them as the ZyXEL Device only recognizes "rom-0" and "ras". Be sure you keep unaltered copies of both files for later - ZyXEL P-202H | User Guide - Page 272
" and "upload" are relative to the computer. Download means to transfer from the ZyXEL Device to the computer, while upload means from your computer to the ZyXEL Device. 29.2.1 Backup Configuration Follow the instructions as shown in the next screen. 271 Chapter 29 Firmware and Configuration File - ZyXEL P-202H | User Guide - Page 273
v2 User's Guide Figure 169 must remain in this menu to back up using TFTP), please see your router manual. Press ENTER to Exit: 29.2.2 Using the FTP Command from the Command Line Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras - ZyXEL P-202H | User Guide - Page 274
User's Guide 29 anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option. Normal. The server requires a blocks it. 29.2.6 Backup Configuration Using TFTP The ZyXEL Device supports the up/downloading of the firmware and the configuration file - ZyXEL P-202H | User Guide - Page 275
P-202H Plus v2 User's Guide 2 Put the SMT in command interpreter (CI) mode by entering 8 in (*.bin extension) or configuration file (*.rom extension) on your computer. This is the filename on the ZyXEL Device. The filename for the firmware is "ras" and for the configuration file, is "rom-0". - ZyXEL P-202H | User Guide - Page 276
P-202H Plus v2 User's Guide 29.2.9 Backup Via Console Port Back up configuration via console port by following the HyperTerminal procedure shown next. Procedures using other serial communications programs should - ZyXEL P-202H | User Guide - Page 277
v2 User's Guide Figure 174 Successful preferred method for restoring your current computer configuration to your ZyXEL Device since FTP is faster. Please note that you this menu to restore using TFTP), please see your router manual. Press ENTER to Exit: 1 Launch the FTP client on your computer. - ZyXEL P-202H | User Guide - Page 278
P-202H Plus v2 User's Guide 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is "1234"). 5 Enter "bin" to set transfer mode to binary. 6 Find the "rom" file (on your computer) that you want to restore to your ZyXEL Device. 7 Use "put" to transfer files - ZyXEL P-202H | User Guide - Page 279
Guide Type the configuration file's location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. 4 After a successful restoration you will see the following screen. Press any key to restart the ZyXEL configuration or by following the instructions in Menu 24.7.2 - System - ZyXEL P-202H | User Guide - Page 280
P-202H Plus v2 User's Guide Enter 1 in menu 24.7 to display the following screen an upload firmware that you must remain on this menu to upload system firmware using TFTP), please see your user manual. Press ENTER to Exit: 29.4.2 Configuration File Upload You see the following screen when you telnet - ZyXEL P-202H | User Guide - Page 281
Guide 29.4.3 FTP File Upload Command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter "open", followed by a space and the IP address of your ZyXEL in this chapter. 29.4.5 TFTP File Upload The ZyXEL Device also supports the uploading of firmware files using TFTP (Trivial - ZyXEL P-202H | User Guide - Page 282
v2 User's Guide 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records Maintenance - Upload System Firmware, and then follow the instructions as shown in the following screen. 281 Chapter 29 Firmware - ZyXEL P-202H | User Guide - Page 283
Plus v2 User's Guide Figure 185 Menu Upload After the configuration upload process has completed, restart the ZyXEL Device by entering "atgo". 29.4.10 Uploading Configuration File System Maintenance - Upload System Configuration File. Follow the instructions as shown in the next screen. Chapter 29 - ZyXEL P-202H | User Guide - Page 284
P-202H Plus v2 User's Guide Figure 187 Menu 24.7.2 As Seen Using the Console Port Menu 24.7.2 - System for other serial communications programs should be similar. 3 Enter "atgo" to restart the ZyXEL Device. 29.4.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File - ZyXEL P-202H | User Guide - Page 285
P-202H Plus v2 User's Guide CHAPTER 30 System Maintenance This chapter leads you through SMT diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands. Enter 8 from Menu 24 - System Maintenance - ZyXEL P-202H | User Guide - Page 286
Guide 30.1.2 Command Usage A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 190 Valid Commands Copyright (c) 1994 - 2006 ZyXEL Support The ZyXEL number manually before the ZyXEL - ZyXEL P-202H | User Guide - Page 287
P-202H Plus v2 User's Guide 30.2.1 Call Control Parameters Menu 24.9.1 shows the call control Menu 24.9.2 shows the blacklist. The phone numbers on the blacklist are numbers that the ZyXEL Device had problems connecting to in the past. The only operation allowed is taking a number off the list - ZyXEL P-202H | User Guide - Page 288
P-202H Plus v2 User's Guide Figure 193 Menu 24.9.2 Blacklist Menu 24.9.2 - Blacklist Phone Number 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Remove Selection(1-14): 30.2.3 Budget Management Menu 24.9.3 shows the - ZyXEL P-202H | User Guide - Page 289
P-202H Plus v2 User's Guide The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will - ZyXEL P-202H | User Guide - Page 290
P-202H Plus v2 User's Guide The following table describes the fields in this menu. Table 96 date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyXEL Device. Menu 24.10 allows you to update the time and - ZyXEL P-202H | User Guide - Page 291
v2 User's Guide Figure 197 the time service protocol that your timeserver sends when you turn on the ZyXEL Device. Not all timeservers support all protocols, the default, is similar to Time (RFC-868). None enter the time manually. Time Server IP Address Enter the IP address or domain name of - ZyXEL P-202H | User Guide - Page 292
P-202H Plus v2 User's Guide 2 When the ZyXEL Device starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting. 291 Chapter 30 System Maintenance - ZyXEL P-202H | User Guide - Page 293
P-202H Plus v2 User's Guide CHAPTER 31 Remote Management This chapter covers remote management (SMT menu 24.11). 31.1 Remote Management Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. You may manage your - ZyXEL P-202H | User Guide - Page 294
Guide The following table describes the fields in this screen. Table 98 Menu 24.11 - Remote Management Control FIELD DESCRIPTION Telnet Server FTP Server Web Server Each of these read-only labels denotes a service client to use this service or protocol to access the ZyXEL Device. Enter an IP - ZyXEL P-202H | User Guide - Page 295
P-202H Plus v2 User's Guide 31.3 System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out - ZyXEL P-202H | User Guide - Page 296
P-202H Plus v2 User's Guide 295 Chapter 31 Remote Management - ZyXEL P-202H | User Guide - Page 297
P-202H Plus v2 User's Guide CHAPTER 32 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 32.1 Introduction to Call Scheduling The call scheduling feature allows the ZyXEL Device to manage a - ZyXEL P-202H | User Guide - Page 298
P-202H Plus v2 User's Guide To setup a schedule set, select the schedule set you want or ESC to Cancel: If a connection has been already established, your ZyXEL Device will not drop it. Once the connection is dropped manually or it times out, then that remote node can't be triggered up until - ZyXEL P-202H | User Guide - Page 299
P-202H Plus v2 User's Guide Table 99 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION Action Forced On means that the connection is maintained whether or not there is a demand call - ZyXEL P-202H | User Guide - Page 300
P-202H Plus v2 User's Guide 299 Chapter 32 Call Scheduling - ZyXEL P-202H | User Guide - Page 301
P-202H Plus v2 User's Guide CHAPTER 33 VPN/IPSec Setup This chapter introduces the VPN View the IPSec connection log in menu 27.3. This menu is also useful for troubleshooting This is an overview of the VPN menu tree. Figure 202 VPN SMT Menu Tree From the main menu, enter 27 to display the first - ZyXEL P-202H | User Guide - Page 302
P-202H Plus v2 User's Guide Figure 203 Menu 27 VPN/IPSec Setup Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor 3. View IPSec Log Enter Menu Selection Number: 33.2 IPSec - ZyXEL P-202H | User Guide - Page 303
Guide Table 100 Menu 27.1 IPSec Summary FIELD DESCRIPTION Local Addr Start When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to SINGLE, this is a (static) IP address on the LAN behind your ZyXEL 's type of key management, (IKE or Manual). Remote Addr Start When the Addr Type - ZyXEL P-202H | User Guide - Page 304
P-202H Plus v2 User's Guide Table 100 Menu 27.1 IPSec Summary FIELD DESCRIPTION Select Command Press [SPACE BAR] to choose from None, Edit or Delete and then press [ENTER]. You - ZyXEL P-202H | User Guide - Page 305
P-202H Plus v2 User's Guide The following table describes the fields in this menu. Table 101 does not need to be a real domain name or e-mail address. Enter the IP address of your ZyXEL Device. The ZyXEL Device uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you - ZyXEL P-202H | User Guide - Page 306
P-202H Plus v2 User's Guide Table 101 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION When the Addr Type field is configured to SINGLE, enter a (static) IP address on the LAN behind your ZyXEL Device. When the Addr Type field is configured to RANGE, enter the beginning (static) IP address, in a - ZyXEL P-202H | User Guide - Page 307
User's Guide Table 101 is processing intensive, the system is vulnerable to Denial of Service (DoS) attacks The IPSec receiver can detect and reject to choose either IKE or Manual and then press [ENTER]. Manual Management is useful for troubleshooting if you have problems using IKE key management. - ZyXEL P-202H | User Guide - Page 308
P-202H Plus v2 User's Guide Figure 206 Menu 27.1.1.1 IKE Setup Menu 27.1.1.1 - IKE which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. ZyXEL Device DES encryption algorithm uses a 56-bit key. Triple DES (3DES), is a variation on DES that - ZyXEL P-202H | User Guide - Page 309
P-202H Plus v2 User's Guide Table 102 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION SA 33.5 Manual Setup You only configure Menu 27.1.1.2 - Manual Setup when you select Manual in the Key Management field in Menu 27.1.1 - IPSec Setup. Manual key management is useful if you have problems with IKE - ZyXEL P-202H | User Guide - Page 310
v2 User's Guide To edit this menu, move the cursor to the Edit Key Management Setup field in Menu 27.1.1 - IPSec Setup press [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 27.1.1.2 - Manual Setup. Figure 207 Menu 27.1.1.2 Manual Setup Menu 27.1.1.2 - Manual Setup Active Protocol - ZyXEL P-202H | User Guide - Page 311
P-202H Plus v2 User's Guide Table 104 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION AH Setup The AH Setup fields are N/A if you chose an ESP Active Protocol. SPI (Decimal) The SPI must be from one - ZyXEL P-202H | User Guide - Page 312
P-202H Plus v2 User's Guide 311 Chapter 33 VPN/IPSec Setup - ZyXEL P-202H | User Guide - Page 313
P-202H Plus v2 User's Guide CHAPTER 34 SA Monitor This chapter teaches you how to not timeout until the SA lifetime period expires. See the Web configurator part on keep alive to have the ZyXEL Device renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic. 34.2 Using - ZyXEL P-202H | User Guide - Page 314
P-202H Plus v2 User's Guide The following table describes the fields in this menu. Table 105 are MD5 (default - 128 bits) and SHA -1(160 bits). Both AH and ESP increase ZyXEL Device processing requirements and communications latency (delay). Select Command Press [SPACE BAR] to choose from - ZyXEL P-202H | User Guide - Page 315
P-202H Plus v2 User's Guide CHAPTER 35 IPSec Log This chapter interprets common IPSec log messages. 35.1 IPSec Logs To view the IPSec and IKE connection log, type 3 in menu - ZyXEL P-202H | User Guide - Page 316
User's Guide Figure :08:10 Recv: Clear IPSec Log (y/n): This menu is useful for troubleshooting. A log index number, the date and time the log was created and finished yet. !! Duplicate requests with the same cookie The ZyXEL Device has received multiple requests from the same peer but it - ZyXEL P-202H | User Guide - Page 317
P-202H Plus v2 User's Guide Table 106 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! No !! Local / remote IPs of incoming request conflict with rule If the security gateway is "0.0.0.0", the ZyXEL Device will use the peer's "Local Addr" as its "Remote Addr". If this IP (range) - ZyXEL P-202H | User Guide - Page 318
P-202H Plus v2 User's Guide The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table - ZyXEL P-202H | User Guide - Page 319
P-202H Plus v2 User's Guide CHAPTER 36 Troubleshooting This chapter covers potential problems and the corresponding remedies. 36.1 Problems Starting Up the ZyXEL Device Table 109 Troubleshooting Starting Up Your ZyXEL Device PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I turn on the - ZyXEL P-202H | User Guide - Page 320
Guide 36.3 Problems with the ISDN Line Table 111 Troubleshooting the ISDN Line PROBLEM CORRECTIVE ACTION The ISDN initialization failed. This problem the remote dialin user is supplying a valid IP address, or that the ZyXEL Device is assigning a valid address from the IP pool. If the remote - ZyXEL P-202H | User Guide - Page 321
P-202H Plus v2 User's Guide 36.5 Problems Accessing the ZyXEL Device Table 113 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot The default user password is "user" and admin password is "1234". The Password access the field is case-sensitive. Make sure that - ZyXEL P-202H | User Guide - Page 322
P-202H Plus v2 User's Guide 321 Chapter 36 Troubleshooting - ZyXEL P-202H | User Guide - Page 323
P-202H Plus v2 User's Guide APPENDIX A Product Specifications See also the Introduction chapter mm Screw size for wallmounting M3*10 Table 115 Firmware ISDN Switch Type ISDN Standards Other Protocol Support Europe: DSS1 (NET3) with the following deltas: German, French, Swiss, Italy, U.K., N. - ZyXEL P-202H | User Guide - Page 324
Guide Table 115 Firmware (continued) Management Firewall VPN (ICSA Certified) Supplemental Phone Service RAM and LAN port Stateful Packet Inspection. Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc. Real time E-mail alerts. Reports and logs. Manual - ZyXEL P-202H | User Guide - Page 325
P-202H Plus v2 User's Guide APPENDIX B Wall-mounting Instructions Do the following to hang your ZyXEL Device on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high - ZyXEL P-202H | User Guide - Page 326
P-202H Plus v2 User's Guide 325 Appendix B Wall-mounting Instructions - ZyXEL P-202H | User Guide - Page 327
P-202H Plus v2 User's Guide APPENDIX C Log Descriptions This appendix provides descriptions of example log messages. Table 116 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router - ZyXEL P-202H | User Guide - Page 328
P-202H Plus v2 User's Guide Table 117 System Error Logs (continued) LOG MESSAGE DESCRIPTION readNetBIOSFilter: calloc error WAN connection is down. The router failed to allocate memory for the NetBIOS - ZyXEL P-202H | User Guide - Page 329
P-202H Plus v2 User's Guide Table 119 TCP Reset Logs (continued) LOG MESSAGE Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP - ZyXEL P-202H | User Guide - Page 330
P-202H Plus v2 User's Guide Table 121 ICMP Logs (continued) LOG MESSAGE Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP DESCRIPTION The firewall does not support this kind of ICMP packets or the ICMP packets are out of order. The router sent an ICMP reply packet to the sender. - ZyXEL P-202H | User Guide - Page 331
P-202H Plus v2 User's Guide Table 123 Attack Logs (continued) LOG MESSAGE DESCRIPTION teardrop ICMP (type:%d, code:%d) illegal command TCP NetBIOS TCP ip spoofing - no routing entry [TCP | UDP | IGMP | - ZyXEL P-202H | User Guide - Page 332
P-202H Plus v2 User's Guide Table 125 IKE Logs (continued) LOG MESSAGE DESCRIPTION Verifying Local ID failed: The connection failed during IKE phase 2 because the router and the peer's Local/ - ZyXEL P-202H | User Guide - Page 333
P-202H Plus v2 User's Guide Table 125 IKE Logs (continued) LOG MESSAGE DESCRIPTION No known incoming packet's ID content is displayed. Unsupported local ID Type: The phase 1 ID type is not supported by the router. Build Phase 1 ID The router has started to build the phase 1 ID. Adjust - ZyXEL P-202H | User Guide - Page 334
P-202H Plus v2 User's Guide Table 125 IKE Logs (continued) LOG MESSAGE DESCRIPTION Rule [%d] Phase 1 ID mismatch The listed rule's IKE phase 1 ID did not match between the router and - ZyXEL P-202H | User Guide - Page 335
P-202H Plus v2 User's Guide Table 126 PKI Logs (continued) LOG MESSAGE DESCRIPTION Rcvd ca cert: name as recorded, from - ZyXEL P-202H | User Guide - Page 336
P-202H Plus v2 User's Guide Table 127 Certificate Path Verification Failure Reason Codes (continued (W to L) LAN to WAN WAN to LAN (L to L) (W to W) LAN to LAN/ ZyXEL Device WAN to WAN/ ZyXEL Device DESCRIPTION ACL set for packets traveling from the LAN to the WAN. ACL set for packets traveling - ZyXEL P-202H | User Guide - Page 337
P-202H Plus v2 User's Guide Table 129 ICMP Notes TYPE 0 3 4 5 8 11 12 13 14 15 16 CODE 0 0 1 2 3 4 5 0 0 1 2 3 0 0 1 0 0 0 for the Type of Service and Host Echo Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the - ZyXEL P-202H | User Guide - Page 338
P-202H Plus v2 User's Guide The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. Table - ZyXEL P-202H | User Guide - Page 339
v2 User's Guide APPENDIX D Setting settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure have IP addresses that place them in the same subnet as the ZyXEL Device's LAN port. Windows 95/98/Me Click Start, Settings, - ZyXEL P-202H | User Guide - Page 340
P-202H Plus v2 User's Guide Figure 212 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the - ZyXEL P-202H | User Guide - Page 341
P-202H Plus v2 User's Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer - ZyXEL P-202H | User Guide - Page 342
P-202H Plus v2 User's Guide Figure 214 Windows 95/98/Me: TCP/IP Properties: DNS window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings 1 Click Start and then Run. 2 In the Run - ZyXEL P-202H | User Guide - Page 343
Figure 215 Windows XP: Start Menu P-202H Plus v2 User's Guide 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 216 Windows XP: Control Panel 3 Right-click - ZyXEL P-202H | User Guide - Page 344
P-202H Plus v2 User's Guide Figure 217 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. - ZyXEL P-202H | User Guide - Page 345
P-202H Plus v2 User's Guide • If you have a static IP address click Use the following gateways. • In TCP/IP Gateway Address, type the IP address of the default gateway in Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a - ZyXEL P-202H | User Guide - Page 346
P-202H Plus v2 User's Guide Figure 220 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS - ZyXEL P-202H | User Guide - Page 347
v2 User's Guide Figure 221 Windows up Connections in Windows 2000/NT). 11Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel - ZyXEL P-202H | User Guide - Page 348
P-202H Plus v2 User's Guide Figure 222 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 223 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, - ZyXEL P-202H | User Guide - Page 349
P-202H Plus v2 User's Guide 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the - ZyXEL P-202H | User Guide - Page 350
Plus v2 User's Guide Figure 225 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the - ZyXEL P-202H | User Guide - Page 351
P-202H Plus v2 User's Guide Note: Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP - ZyXEL P-202H | User Guide - Page 352
P-202H Plus v2 User's Guide • If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static - ZyXEL P-202H | User Guide - Page 353
P-202H Plus v2 User's Guide 1 Assuming that you have only one network card on the computer, locate the ifconfigeth0 configuration file (where eth0 is the name of the Ethernet card). - ZyXEL P-202H | User Guide - Page 354
P-202H Plus v2 User's Guide Figure 233 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: Shutting down loopback interface: Setting network parameters: Bringing up - ZyXEL P-202H | User Guide - Page 355
P-202H Plus v2 User's Guide APPENDIX E IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller - ZyXEL P-202H | User Guide - Page 356
P-202H Plus v2 User's Guide The following table shows the network number and host ID arrangement for classes A, B and C. Table 131 Classes of IP Addresses IP ADDRESS Class A Class B Class C - ZyXEL P-202H | User Guide - Page 357
P-202H Plus v2 User's Guide Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID ( - ZyXEL P-202H | User Guide - Page 358
P-202H Plus v2 User's Guide Table 134 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.240 255.255.255.248 255.255.255.252 SUBNET MASK "1" BITS /28 / - ZyXEL P-202H | User Guide - Page 359
P-202H Plus v2 User's Guide Table 136 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.127 NETWORK NUMBER Lowest Host ID: 192.168.1.1 Highest Host - ZyXEL P-202H | User Guide - Page 360
P-202H Plus v2 User's Guide Table 138 Subnet 1 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 Lowest Host ID: 192.168.1.1 Highest Host - ZyXEL P-202H | User Guide - Page 361
P-202H Plus v2 User's Guide The following table shows class C IP address last octet values for each subnet. Table 142 Eight Subnets SUBNET 1 2 3 4 5 6 7 8 SUBNET ADDRESS FIRST ADDRESS 0 1 32 33 64 - ZyXEL P-202H | User Guide - Page 362
P-202H Plus v2 User's Guide The following table is a summary for class "B" subnet planning. Table 144 Class B Subnet Planning NO. "BORROWED" HOST BITS SUBNET MASK 1 255.255.128.0 (/17) 2 255. - ZyXEL P-202H | User Guide - Page 363
P-202H Plus v2 User's Guide APPENDIX F Pop-up Windows, JavaScripts and Java Permissions In blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device's IP address. Disable pop - ZyXEL P-202H | User Guide - Page 364
P-202H Plus v2 User's Guide Figure 236 Internet Options 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up - ZyXEL P-202H | User Guide - Page 365
Figure 237 Internet Options P-202H Plus v2 User's Guide 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix "http://". For example, http:// - ZyXEL P-202H | User Guide - Page 366
P-202H Plus v2 User's Guide Figure 238 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the - ZyXEL P-202H | User Guide - Page 367
Figure 239 Internet Options P-202H Plus v2 User's Guide 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets - ZyXEL P-202H | User Guide - Page 368
P-202H Plus v2 User's Guide Figure 240 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 - ZyXEL P-202H | User Guide - Page 369
Figure 241 Security Settings - Java P-202H Plus v2 User's Guide JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for under Java (Sun) is - ZyXEL P-202H | User Guide - Page 370
P-202H Plus v2 User's Guide Figure 242 Java (Sun) 369 Appendix F Pop-up Windows, JavaScripts and Java Permissions - ZyXEL P-202H | User Guide - Page 371
Calling Line IDentification 34, 202 see also CLID Call-Trigerring Packet 267 Index P-202H Plus v2 User's Guide Index CAPI 140 CAPI driver of transmission 200 Custom Ports Creating/Editing 101 customer support 6 Customized Services 99, 100 Customized services 100 D data compression 35 DDNS 74 and - ZyXEL P-202H | User Guide - Page 372
Guide device model number 154 DHCP 35, 54, 261 see also Dynamic Host Configuration Protocol 54 DHCP relay 35 DHCP server 35 DHCP setup 54 TCP/IP configuration 54 Dial-in filter 205 Dial-in user and CLID callback 202 Dial-in user setup 202 Rule Security Ramifications 94 Services 107 SMT Menus 230 - ZyXEL P-202H | User Guide - Page 373
263 Login password 159 M Management Information Base (MIB) 251 Max-incomplete High 91 Max-incomplete Low 91 Metric 200 Index P-202H Plus v2 User's Guide MP 34 MSN 148 see also Multiple subscriber number 148 Multicast 180 Multilink Protocol 34 Multiple subscriber number 148 My Login 188 My Password - ZyXEL P-202H | User Guide - Page 374
Required fields 161 Reset button, the 42 Resetting the Time 290 Resetting the ZyXEL device 41 Restore Configuration 276 RFC 1631 64 RTC 289 Rules 95 Checklist 94 Key Fields 94 LAN to WAN 95 373 Logic 93 Predefined Services 107 S SA Monitor 312 safety warnings 4 Saving the State 82 Schedule Sets - ZyXEL P-202H | User Guide - Page 375
v2 User's Guide subnet mask 356 subnetting 356 Supplemental phone services 144 Supplemental services 144 call forwarding 147 call transfer 146 call waiting 145 MSN. see also Multiple subscriber number 148 overview 144 setup 145 terminal portability 148 three way calling 146 Supporting Disk 30 SYN
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
 |
 |
P-202H Plus v2
ISDN Internet Access Router
User’s Guide
Version 3.40
Edition 1
8/2006