Home » ZyXEL Manuals » Networking » ZyXEL P-660HNU-F1 » Manual Viewer

ZyXEL P-660HNU-F1 User Guide - Page 213

IPSec and NAT, IPSec Algorithms, Key Management

Get ZyXEL P-660HNU-F1 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 213 highlights

Figure 110 IPSec Architecture Chapter 16 VPN IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms. The Authentication Algorithms, HMAC-MD5 (RFC 2403) and HMAC-SHA-1 (RFC 2404, provide an authentication mechanism for the AH and ESP protocols. Key Management Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. 16.6.2 IPSec and NAT Read this section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match. The VPN device at the receiving end doesn't know about the NAT in the middle, so it assumes that the data has been maliciously altered. ADSL Series User's Guide 213

Section	Page
ADSL Router Series	1
Videos	2
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	19
Introduction	21
1.1 Overview	21
1.2 Applications for the ZyXEL Device	21
1.2.1 Internet Access	21
1.2.2 Wireless Connection	22
1.2.3 ZyXEL Device’s USB and Print Server Support	22
1.3 The WPS/WLAN Button	23
1.4 Ways to Manage the ZyXEL Device	24
1.5 Good Habits for Managing the ZyXEL Device	25
1.6 The RESET Button	25
Introducing the Web Configurator	27
2.1 Overview	27
2.1.1 Accessing the Web Configurator	27
2.2 The Web Configurator Layout	29
2.2.1 Title Bar	29
2.2.2 Main Window	30
2.2.3 Navigation Panel	30
2.3 User Mode	32
2.3.1 Overview	32
2.3.2 What You Can Do	32
2.3.3 Navigation Panel	33
2.3.4 Network Map	33
2.3.5 Control Panel	34
2.3.6 Power Saving	34
2.3.7 Content Filter	35
2.3.8 Firewall	36
2.3.9 Wireless Security	37
2.3.10 WPS	38
2.3.11 Media Server	38
Tutorials	41
3.1 Overview	41
3.2 Setting Up Your DSL Connection	41
3.3 How to Set up a Wireless Network	44
3.3.1 Example Parameters	44
3.3.2 Configuring the ADSL Device	44
3.3.3 Connecting Wirelessly to your ADSL Device	46
3.3.4 Configuring the Wireless Client using the WPS PIN number	48
3.4 Setting Up NAT Port Forwarding to Allow Access to Network Servers from the Internet	49
3.5 Using the File Sharing Feature	50
3.5.1 Set Up File Sharing	51
3.5.2 Access Your Shared Files From a Computer	54
3.6 Using the Print Server Feature	56
3.7 Configuring the MAC Address Filter for Restricting Wireless Internet Access	70
3.8 Configuring Static Route for Routing to Another Network	71
3.9 Configuring QoS Queue and Class Setup	73
3.10 Access the ADSL Device Using DDNS	77
3.10.1 Registering a DDNS Account on www.dyndns.org	78
3.10.2 Configuring DDNS on Your ADSL Device	78
3.10.3 Testing the DDNS Setting	79
Technical Reference	81
Connection Status and System Info Screens	83
4.1 Overview	83
4.2 The Connection Status Screen	83
4.3 The System Info Screen	84
Broadband	87
5.1 Overview	87
5.1.1 What You Can Do in this Chapter	87
5.1.2 What You Need to Know	87
5.1.3 Before You Begin	88
5.2 The Broadband Screen	88
5.2.1 Add/Edit Internet Connection	89
5.3 Technical Reference	100
Wireless	105
6.1 Overview	105
6.1.1 What You Can Do in this Chapter	105
6.1.2 Wireless Network Overview	105
6.1.3 Before You Begin	107
6.2 The Wireless General Screen	107
6.2.1 No Security	109
6.2.2 Basic (Static WEP/Shared WEP Encryption)	109
6.2.3 More Secure (WPA(2)-PSK)	111
6.2.4 WPA(2) Authentication	112
6.3 The More AP Screen	113
6.3.1 Edit More AP	114
6.4 The WPS Screen	115
6.5 The WMM Screen	117
6.6 Scheduling Screen	118
6.7 Technical Reference	119
6.7.1 Additional Wireless Terms	119
6.7.2 Wireless Security Overview	119
6.7.3 Signal Problems	122
6.7.4 BSS	122
6.7.5 MBSSID	122
6.7.6 WiFi Protected Setup (WPS)	123
Home Networking	131
7.1 Overview	131
7.1.1 What You Can Do in this Chapter	131
7.1.2 What You Need To Know	131
7.2 The LAN Setup Screen	134
7.3 The Static DHCP Screen	136
7.3.1 Before You Begin	136
7.4 The UPnP Screen	137
7.5 The File Sharing Screen	138
7.5.1 Before You Begin	139
7.5.2 Add/Edit File Sharing	140
7.5.3 Add New User	141
7.6 The Media Server Screen	142
7.6.1 The Media Server Screen	142
7.7 The Print Server Screen	143
7.7.1 Before You Begin	143
7.8 Technical Reference	144
7.9 Installing UPnP in Windows Example	148
7.10 Using UPnP in Windows XP Example	151
Routing	157
8.1 Overview	157
8.2 Configuring Static Route	157
8.2.1 Add/Edit Static Route	158
DNS Route	161
9.1 Overview	161
9.1.1 What You Can Do in this Chapter	161
9.2 The DNS Route Screen	162
9.2.1 Add/Edit DNS Route Edit	162
Quality of Service (QoS)	165
10.1 Overview	165
10.1.1 What You Can Do in this Chapter	165
10.1.2 What You Need to Know	165
10.2 The QoS General Screen	166
10.3 The Queue Setup Screen	167
10.3.1 Add/Edit a QoS Queue	168
10.4 The Class Setup Screen	169
10.4.1 Add/Edit QoS Class	170
10.5 The QoS Monitor Screen	173
10.6 QoS Technical Reference	173
10.6.1 IP Precedence	174
10.6.2 DiffServ	174
Network Address Translation (NAT)	175
11.1 Overview	175
11.1.1 What You Can Do in this Chapter	175
11.1.2 What You Need To Know	175
11.2 The Port Forwarding Screen	176
11.2.1 The Port Forwarding Screen	177
11.2.2 The Port Forwarding Edit Screen	177
11.3 The Sessions Screen	178
11.4 The ALG Screen	179
11.5 Technical Reference	180
11.5.1 NAT Definitions	180
11.5.2 What NAT Does	180
11.5.3 How NAT Works	180
Dynamic DNS	183
12.1 Overview	183
12.1.1 What You Need To Know	183
12.2 The Dynamic DNS Screen	183
Firewall	185
13.1 Overview	185
13.1.1 What You Can Do in this Chapter	185
13.1.2 What You Need to Know	185
13.2 The General Screen	186
13.3 The Services Screen	187
13.4 Firewall Technical Reference	188
13.4.1 Guidelines For Enhancing Security With Your Firewall	188
13.4.2 Security Considerations	188
MAC Filter	191
14.1 Overview	191
14.1.1 What You Need to Know	191
14.2 The MAC Filter Screen	191
Certificates	193
15.1 Overview	193
15.1.1 What You Can Do in this Chapter	193
15.1.2 What You Need to Know	193
15.1.3 Verifying a Certificate	195
15.2 Local Certificates	196
15.2.1 Trusted CAs	197
15.2.2 Trusted CA Import	198
15.2.3 View Certificate	198
15.3 VPN Certificates	199
15.3.1 Import Certificate	200
VPN	203
16.1 Overview	203
16.1.1 What You Can Do in the VPN Screens	203
16.1.2 What You Need to Know About IPSec VPN	203
16.1.3 Before You Begin	205
16.2 VPN Setup Screen	205
16.3 The VPN Edit Screen	206
16.4 Configuring Advanced Settings	210
16.5 Viewing SA Monitor	212
16.6 IPSec VPN Technical Reference	212
16.6.1 IPSec Architecture	212
16.6.2 IPSec and NAT	213
16.6.3 VPN, NAT, and NAT Traversal	214
16.6.4 Encapsulation	215
16.6.5 IKE Phases	216
16.6.6 Negotiation Mode	217
16.6.7 Remote DNS Server	217
16.6.8 ID Type and Content	218
16.6.9 Pre-Shared Key	219
16.6.10 Diffie-Hellman (DH) Key Groups	219
16.6.11 Telecommuter VPN/IPSec Examples	219
System Monitor	223
17.1 Overview	223
17.1.1 What You Can Do in this Chapter	223
17.2 The WAN Status Screen	223
17.3 The LAN Status Screen	224
17.4 The NAT Status Screen	225
User Account	227
18.1 Overview	227
18.2 The User Account Screen	227
Remote MGMT	229
19.1 Overview	229
19.1.1 What You Need to Know	229
19.2 The Remote MGMT Screen	229
System	231
20.1 Overview	231
20.1.1 What You Need to Know	231
20.2 The System Screen	231
Time Setting	233
21.1 Overview	233
21.2 The Time Setting Screen	233
Log Setting	235
22.1 Overview	235
22.2 The Log Setting Screen	235
Firmware Upgrade	237
23.1 Overview	237
23.2 The Firmware Screen	237
Backup/Restore	239
24.1 Overview	239
24.2 The Backup/Restore Screen	239
24.3 The Reboot Screen	241
Diagnostic	243
25.1 Overview	243
25.1.1 What You Can Do in this Chapter	243
25.2 The Ping Screen	243
25.3 The DSL Line Screen	244
Troubleshooting	247
26.1 Overview	247
26.2 Power, Hardware Connections, and LEDs	247
26.3 ZyXEL Device Access and Login	248
26.4 Internet Access	250
26.5 Wireless Internet Access	251
26.6 USB Device Connection	252
26.7 UPnP	253
Product Specifications	255
IP Addresses and Subnetting	263
Setting Up Your Computer’s IP Address	273
Pop-up Windows, Java Script and Java Permissions	303
Wireless LANs	311
Common Services	331
Open Software Announcements	335
Legal Information	357

Match case Limit results 1 per page

Chapter 16 VPN

ADSL Series User’s Guide

213

Figure 110

IPSec Architecture

IPSec Algorithms

The

ESP

(Encapsulating Security Payload) Protocol (RFC 2406) and

(Authentication Header)

protocol (RFC 2402) describe the packet formats and the default standards for packet structure

(including implementation algorithms).

The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption

Standard) and Triple DES algorithms.

The Authentication Algorithms, HMAC-MD5 (RFC 2403) and HMAC-SHA-1 (RFC 2404, provide an

authentication mechanism for the

and

ESP

protocols.

Key Management

Key management allows you to determine whether to use IKE (ISAKMP) or manual key

configuration in order to set up a VPN.

16.6.2

IPSec and NAT

Read this section if you are running IPSec on a host computer behind the ZyXEL Device.

NAT is incompatible with the

protocol in both

Transport

and

Tunnel

mode. An IPSec VPN using

the

protocol digitally signs the outbound packet, both data payload and headers, with a hash

value appended to the packet. When using

protocol, packet contents (the data payload) are not

encrypted.

A NAT device in between the IPSec endpoints will rewrite either the source or destination address

with one of its own choosing. The VPN device at the receiving end will verify the integrity of the

incoming packet by computing its own hash value, and complain that the hash value appended to

the received packet doesn't match. The VPN device at the receiving end doesn't know about the

NAT in the middle, so it assumes that the data has been maliciously altered.