Home » ZyXEL Manuals » Networking » ZyXEL P-792H v2 » Manual Viewer

ZyXEL P-792H v2 User Guide - Page 170

Security > VPN > Setup > Manual Key continued

Get ZyXEL P-792H v2 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 170 highlights

Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time. Remote Address Type Use the drop-down menu to choose Single, Range, or Subnet. Select Single with a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask. IP Address Start When the Remote Address Type field is configured to Single, enter a (static) IP address on the network behind the remote IPSec router. When the Remote Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the network behind the remote IPSec router. When the Remote Address Type field is configured to Subnet, enter a (static) IP address on the network behind the remote IPSec router. End / Subnet Mask When the Remote Address Type field is configured to Single, this field is N/A. When the Remote Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router. When the Remote Address Type field is configured to Subnet, enter a subnet mask on the network behind the remote IPSec router. Address Information My IP Address Enter the WAN IP address of your P-792H v2. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic) to set up the VPN tunnel. Secure Gateway Type the WAN IP address or the URL (up to 31 characters) of the IPSec Address router with which you're making the VPN connection. Security Protocol IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described next). Encryption Algorithm Select DES, 3DES or NULL from the drop-down list box. When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. Select NULL to set up a tunnel without encryption. When you select NULL, you do not enter an encryption key. 170 P-792H v2 User's Guide

Section	Page
P-792H v2	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	23
Getting To Know Your P-792H v2	25
1.1 Overview	25
1.1.1 High-speed Internet Access with G.SHDSL	25
1.1.2 High-speed Point-to-point Connections	26
1.2 Ways to Manage the P-792H v2	26
1.3 Good Habits for Managing the P-792H v2	27
1.4 LEDs	27
1.5 The RESET Button	28
1.5.1 Using the RESET Button	28
Introducing the Web Configurator	29
2.1 Web Configurator Overview	29
2.2 Accessing the Web Configurator	29
2.3 Web Configurator Main Screen	31
2.3.1 Title Bar	32
2.3.2 Navigation Panel	32
2.3.3 Main Window	35
2.3.4 Status Bar	35
Status Screens	37
3.1 Overview	37
3.2 The Status Screen	37
3.3 Client List	40
3.4 Status: VPN Status	40
3.5 Any IP Table	40
3.6 Packet Statistics	41
Internet Setup Wizard	43
4.1 Overview	43
4.2 Internet Access Wizard Setup	43
4.2.1 Manual Configuration	46
Tutorial	53
5.1 Overview	53
5.2 Configuring Point-to-point Connection	53
5.2.1 Set Up the Server	54
5.2.2 Set Up the Client	55
5.2.3 Connect the P-792H v2s	55
Technical Reference	57
WAN Setup	59
6.1 Overview	59
6.1.1 What You Can Do in the WAN Screens	59
6.1.2 What You Need to Know About WAN	60
6.1.3 Before You Begin	61
6.2 The Internet Access Setup Screen	62
6.2.1 Advanced Internet Access Setup	66
6.3 The More Connections Screen	68
6.3.1 More Connections Edit	70
6.3.2 Configuring More Connections Advanced Setup	73
6.4 The WAN Backup Setup Screen	75
6.5 WAN Technical Reference	76
6.5.1 Encapsulation	76
6.5.2 Multiplexing	78
6.5.3 VPI and VCI	78
6.5.4 IP Address Assignment	78
6.5.5 Nailed-Up Connection (PPP)	79
6.5.6 NAT	79
6.6 Metric	79
6.7 Traffic Redirect	80
6.8 Traffic Shaping	81
6.8.1 ATM Traffic Classes	82
LAN Setup	85
7.1 Overview	85
7.1.1 What You Can Do in the LAN Screens	85
7.1.2 What You Need To Know About LAN	86
7.1.3 Before You Begin	87
7.2 The IP Screen	87
7.2.1 The Advanced LAN IP Setup Screen	88
7.3 The DHCP Setup Screen	90
7.4 The Client List Screen	92
7.5 The IP Alias Screen	93
7.5.1 Configuring the LAN IP Alias Screen	94
7.6 LAN Technical Reference	95
7.6.1 LANs, WANs and the ZyXEL Device	95
7.6.2 DHCP Setup	96
7.6.3 DNS Server Addresses	96
7.6.4 LAN TCP/IP	97
7.6.5 RIP Setup	98
7.6.6 Multicast	98
Network Address Translation (NAT)	101
8.1 Overview	101
8.1.1 What You Can Do in the NAT Screens	101
8.1.2 What You Need To Know About NAT	101
8.2 The NAT General Setup Screen	103
8.3 The Port Forwarding Screen	104
8.3.1 Configuring the Port Forwarding Screen	105
8.3.2 The Port Forwarding Rule Edit Screen	106
8.4 The Address Mapping Screen	107
8.4.1 The Address Mapping Rule Edit Screen	109
8.5 The ALG Screen	111
8.6 NAT Technical Reference	111
8.6.1 NAT Definitions	111
8.6.2 What NAT Does	112
8.6.3 How NAT Works	113
8.6.4 NAT Application	114
8.6.5 NAT Mapping Types	114
Firewalls	117
9.1 Overview	117
9.1.1 What You Can Do in the Firewall Screens	117
9.1.2 What You Need to Know About Firewall	118
9.1.3 Firewall Rule Setup Example	119
9.2 The Firewall General Screen	122
9.3 The Firewall Rule Screen	124
9.3.1 Configuring Firewall Rules	126
9.3.2 Customized Services	128
9.3.3 Configuring a Customized Service	129
9.4 The Firewall Threshold Screen	129
9.4.1 Threshold Values	130
9.4.2 Configuring Firewall Thresholds	131
9.5 Firewall Technical Reference	133
9.5.1 Firewall Rules Overview	133
9.5.2 Guidelines For Enhancing Security With Your Firewall	134
9.5.3 Security Considerations	135
9.5.4 Triangle Route	135
Content Filtering	139
10.1 Overview	139
10.1.1 What You Can Do in the Content Filter Screens	139
10.1.2 What You Need to Know About Content Filtering	139
10.1.3 Before You Begin	139
10.1.4 Content Filtering Example	140
10.2 The Keyword Screen	142
10.3 The Schedule Screen	143
10.4 The Trusted Screen	144
Certificates	145
11.1 Overview	145
11.1.1 What You Need to Know About Certificates	145
11.1.2 Verifying a Certificate	146
11.2 The Trusted CAs Screen	147
11.2.1 Trusted CA Import	149
11.2.2 Trusted CA Details	150
11.3 Certificates Technical Reference	152
11.3.1 Certificates Overview	152
11.3.2 Private-Public Certificates	152
VPN	155
12.1 Overview	155
12.1.1 What You Can Do in the VPN Screens	155
12.1.2 What You Need to Know About IPSec VPN	156
12.1.3 Before You Begin	157
12.2 VPN Setup Screen	157
12.3 The VPN Edit Screen	160
12.4 Configuring Advanced IKE Settings	165
12.5 Manual Key Setup	167
12.5.1 Security Parameter Index (SPI)	168
12.6 Configuring Manual Key	168
12.7 Viewing SA Monitor	171
12.8 Configuring VPN Global Setting	172
12.9 IPSec VPN Technical Reference	173
12.9.1 IPSec Architecture	173
12.9.2 IPSec and NAT	174
12.9.3 VPN, NAT, and NAT Traversal	175
12.9.4 Encapsulation	176
12.9.5 IKE Phases	177
12.9.6 Negotiation Mode	178
12.9.7 Keep Alive	178
12.9.8 Remote DNS Server	179
12.9.9 ID Type and Content	180
12.9.10 Pre-Shared Key	182
12.9.11 Diffie-Hellman (DH) Key Groups	182
12.9.12 Telecommuter VPN/IPSec Examples	182
Static Route	187
13.1 Overview	187
13.2 The Static Route Screen	188
13.2.1 Static Route Edit	189
802.1Q/1P	191
14.1 Overview	191
14.1.1 What You Can Do in the 802.1Q/1P Screens	191
14.1.2 What You Need to Know About 802.1Q/1P	191
14.1.3 802.1Q/1P Example	193
14.2 The 802.1Q/1P Group Setting Screen	197
14.2.1 Editing 802.1Q/1P Group Setting	198
14.3 The 802.1Q/1P Port Setting Screen	199
Quality of Service (QoS)	201
15.1 Overview	201
15.2 QoS Overview	201
15.2.1 What You Can Do in the QoS Screens	202
15.2.2 What You Need to Know About QoS	202
15.2.3 QoS Class Setup Example	203
15.3 The QoS General Screen	207
15.4 The Class Setup Screen	208
15.4.1 The Class Configuration Screen	210
15.5 The QoS Monitor Screen	214
15.6 QoS Technical Reference	215
15.6.1 IEEE 802.1Q Tag	215
15.6.2 IP Precedence	215
15.6.3 DiffServ	216
15.6.4 Automatic Priority Queue Assignment	216
Dynamic DNS Setup	219
16.1 Overview	219
16.1.1 What You Need To Know About DDNS	219
16.2 The Dynamic DNS Screen	220
Remote Management	223
17.1 Overview	223
17.1.1 What You Can Do in the Remote Management Screens	224
17.1.2 What You Need to Know About Remote Management	224
17.2 The WWW Screen	225
17.2.1 Configuring the WWW Screen	225
17.3 The Telnet Screen	226
17.4 The FTP Screen	227
17.5 The SNMP Screen	228
17.5.1 Supported MIBs	230
17.5.2 SNMP Traps	230
17.5.3 Configuring SNMP	231
17.6 The DNS Screen	232
17.7 The ICMP Screen	233
Universal Plug-and-Play (UPnP)	235
18.1 Overview	235
18.1.1 What You Can Do in the UPnP Screen	235
18.1.2 What You Need to Know About UPnP	235
18.2 The UPnP Screen	237
18.3 Installing UPnP in Windows Example	237
18.4 Using UPnP in Windows XP Example	241
System Settings	247
19.1 Overview	247
19.1.1 What You Can Do in the System Settings Screens	247
19.1.2 What You Need to Know About System Settings	247
19.2 The General Screen	248
19.3 The Time Setting Screen	250
Logs	253
20.1 Overview	253
20.1.1 What You Can Do in the Log Screens	253
20.1.2 What You Need To Know About Logs	253
20.2 The View Log Screen	254
20.3 The Log Settings Screen	255
20.4 SMTP Error Messages	257
20.4.1 Example E-mail Log	257
20.5 Log Descriptions	258
Tools	267
21.1 Overview	267
21.1.1 What You Can Do in the Tool Screens	267
21.1.2 What You Need To Know About Tools	268
21.1.3 Before You Begin	269
21.1.4 Tool Examples	269
21.2 The Firmware Screen	275
21.3 The Configuration Screen	277
21.4 The Restart Screen	279
Diagnostic	281
22.1 Overview	281
22.1.1 What You Can Do in the Diagnostic Screens	281
22.2 The General Diagnostic Screen	281
22.3 The DSL Line Diagnostic Screen	282
Introducing the SMT	285
23.1 Accessing the SMT	285
23.2 SMT Menu Items	286
23.3 Navigating the SMT Interface	289
General Setup	291
24.1 Configuring General Setup	291
24.1.1 Configuring Dynamic DNS	292
WAN Setup	295
25.1 WAN Setup	295
25.2 Configuring Traffic Redirect	297
LAN Setup	299
26.1 Accessing the LAN Menus	299
26.2 LAN Port Filter Setup	299
26.3 TCP/IP and DHCP Setup Menu	300
26.4 LAN IP Alias	302
Internet Access Setup	303
27.1 Internet Access Setup	303
Remote Node Setup	307
28.1 Introduction to Remote Node Setup	307
28.2 Remote Node Setup	307
28.3 Remote Node Profile	308
28.4 Remote Node Network Layer Options	310
28.5 Remote Node Filter	312
28.6 Remote Node ATM Layer Options	314
28.7 Advance Setup Options	315
Static Route Setup	317
29.1 IP Static Route Setup	317
29.2 Bridge Static Route Setup	319
NAT Setup	321
30.1 Using NAT	321
30.1.1 SUA (Single User Account) Versus NAT	321
30.1.2 Applying NAT	322
30.2 NAT Setup	323
30.2.1 Address Mapping Sets	324
30.3 Configuring a Server behind NAT	327
30.4 General NAT Examples	328
30.4.1 Internet Access Only	329
30.4.2 Example 2: Internet Access with a Default Server	330
30.4.3 Example 3: Multiple Public IP Addresses With Inside Servers	330
30.4.4 Example 4: NAT Unfriendly Application Programs	334
Firewall Setup	337
31.1 Using P-792H v2 SMT Menus	337
31.1.1 Activating the Firewall	337
Filter Configuration	339
32.1 Introduction to Filters	339
32.1.1 The Filter Structure of the P-792H v2	340
32.2 Configuring a Filter Set	342
32.2.1 Configuring a Filter Rule	344
32.2.2 Configuring a TCP/IP Filter Rule	344
32.2.3 Configuring a Generic Filter Rule	348
32.3 Example Filter	349
32.4 Filter Types and NAT	351
32.5 Firewall Versus Filters	352
32.6 Applying a Filter	352
32.6.1 Applying LAN Filters	352
32.6.2 Applying Remote Node Filters	353
System Password	355
System Information & Diagnosis	357
34.1 Introduction to System Status	357
34.2 System Status	357
34.3 System Information and Console Port Speed	359
34.3.1 System Information	360
34.3.2 Console Port Speed	361
34.4 Log and Trace	361
34.4.1 Viewing Error Log	361
34.4.2 Syslog Logging	362
34.5 Diagnostic	366
Firmware and Configuration File Maintenance	369
35.1 Introduction	369
35.2 Filename Conventions	369
35.3 Backup Configuration	370
35.3.1 Backup Configuration	371
35.3.2 Using the FTP Command from the Command Line	371
35.3.3 Example of FTP Commands from the Command Line	372
35.3.4 GUI-based FTP Clients	372
35.3.5 File Maintenance Over WAN	372
35.3.6 Backup Configuration Using TFTP	373
35.3.7 TFTP Command Example	373
35.3.8 GUI-based TFTP Clients	374
35.3.9 Backup Via Console Port	374
35.4 Restore Configuration	375
35.4.1 Restore Using FTP	376
35.4.2 Restore Using FTP Session Example	377
35.4.3 Restore Via Console Port	377
35.5 Uploading Firmware and Configuration Files	378
35.5.1 Firmware File Upload	378
35.5.2 Configuration File Upload	379
35.5.3 FTP File Upload Command from the DOS Prompt Example	380
35.5.4 FTP Session Example of Firmware File Upload	380
35.5.5 TFTP File Upload	381
35.5.6 TFTP Upload Command Example	381
35.5.7 Uploading Via Console Port	382
35.5.8 Uploading Firmware File Via Console Port	382
35.5.9 Example Xmodem Firmware Upload Using HyperTerminal	383
35.5.10 Uploading Configuration File Via Console Port	383
35.5.11 Example Xmodem Configuration Upload Using HyperTerminal	384
Menus 24.8 to 24.11	385
36.1 Command Interpreter Mode	385
36.1.1 Command Syntax	385
36.1.2 Command Usage	386
36.2 Call Control Support	386
36.2.1 Budget Management	387
36.3 Time and Date Setting	388
36.4 Remote Management	391
36.4.1 Remote Management Limitations	391
Schedule Setup	393
37.1 Schedule Set Overview	393
37.2 Schedule Setup	393
37.3 Schedule Set Setup	394
Troubleshooting	397
38.1 Power, Hardware Connections, and LEDs	397
38.2 P-792H v2 Access and Login	398
38.3 Internet Access	400
38.4 Network Connections	401
Product Specifications	403
Wall-mounting Instructions	409
Setting up Your Computer’s IP Address	411
Pop-up Windows, JavaScripts and Java Permissions	435
IP Addresses and Subnetting	445
Services	455
Legal Information	459

Match case Limit results 1 per page

Chapter 12 VPN

P-792H v2 User’s Guide

170

Remote

Remote IP addresses must be static and correspond to the remote

IPSec router's configured local IP addresses.

Two active SAs cannot have the local and remote IP address(es) both

the same. Two active SAs can have the same local or remote IP

address, but not both. You can configure multiple SAs between the

same local and remote IP addresses, as long as only one is active at

any time.

Remote Address

Type

Use the drop-down menu to choose

Single

Range

, or

Subnet

. Select

Single

with a single IP address. Select

Range

for a specific range of IP

addresses. Select

Subnet

to specify IP addresses on a network by

their subnet mask.

IP Address Start

When the

Remote Address Type

field is configured to Single, enter a

(static) IP address on the network behind the remote IPSec router.

When the

Remote Address Type

field is configured to

Range

, enter

the beginning (static) IP address, in a range of computers on the

network behind the remote IPSec router. When the

Remote Address

Type

field is configured to

Subnet

, enter a (static) IP address on the

network behind the remote IPSec router.

End / Subnet

Mask

When the

Remote Address Type

field is configured to

Single

, this

field is N/A. When the

Remote Address Type

field is configured to

Range

, enter the end (static) IP address, in a range of computers on

the network behind the remote IPSec router. When the

Remote

Address Type

field is configured to

Subnet

, enter a subnet mask on

the network behind the remote IPSec router.

Address Information

My IP Address

Enter the WAN IP address of your P-792H v2. The VPN tunnel has to be

rebuilt if this IP address changes.

The following applies if this field is configured as

0.0.0.0

The P-792H v2 uses the current P-792H v2 WAN IP address (static or

dynamic) to set up the VPN tunnel.

Secure Gateway

Address

Type the WAN IP address or the URL (up to 31 characters) of the IPSec

router with which you're making the VPN connection.

Security Protocol

IPSec Protocol

Select

ESP

if you want to use ESP (Encapsulation Security Payload).

The ESP protocol (RFC 2406) provides encryption as well as some of

the services offered by

. If you select ESP here, you must select

options from the

Encryption Algorithm

and

Authentication

Algorithm

fields (described next).

Encryption

Algorithm

Select

DES

3DES

NULL

from the drop-down list box.

When

DES

is used for data communications, both sender and receiver

must know the same secret key, which can be used to encrypt and

decrypt the message or to generate and verify a message

authentication code. The

DES

encryption algorithm uses a 56-bit key.

Triple DES (

3DES

) is a variation on

DES

that uses a 168-bit key. As a

result,

3DES

is more secure than

DES

. It also requires more

processing power, resulting in increased latency and decreased

throughput. Select

NULL

to set up a tunnel without encryption. When

you select

NULL

, you do not enter an encryption key.

Table 46

Security > VPN > Setup > Manual Key (continued)

LABEL

DESCRIPTION