Home » ZyXEL Manuals » Networking » ZyXEL P-792H v2 » Manual Viewer

ZyXEL P-792H v2 User Guide - Page 182

Pre-Shared Key, Diffie-Hellman DH Key Groups, Telecommuter VPN/IPSec Examples

Get ZyXEL P-792H v2 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 182 highlights

Chapter 12 VPN 12.9.10 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 12.9.5 on page 177 for more on IKE phases). It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. 12.9.11 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. DiffieHellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 DH1) and 1024-bit (Group 2 - DH2) Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys. 12.9.12 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single P-792H v2 at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The P-792H v2 at headquarters has a static public IP address. 12.9.12.1 Telecommuters Sharing One VPN Rule Example See the following figure and table for an example configuration that allows multiple telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a P-792H v2 at headquarters (HQ in the figure). The telecommuters do not have domain names mapped to the WAN IP addresses of their IPSec routers. The telecommuters must all use the same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap. Figure 83 Telecommuters Sharing One VPN Rule Example LAN A 192.168.2.12 B LAN 192.168.3.2 C LAN Internet HQ LAN 192.168.1.10 192.168.4.15 182 P-792H v2 User's Guide

Section	Page
P-792H v2	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	23
Getting To Know Your P-792H v2	25
1.1 Overview	25
1.1.1 High-speed Internet Access with G.SHDSL	25
1.1.2 High-speed Point-to-point Connections	26
1.2 Ways to Manage the P-792H v2	26
1.3 Good Habits for Managing the P-792H v2	27
1.4 LEDs	27
1.5 The RESET Button	28
1.5.1 Using the RESET Button	28
Introducing the Web Configurator	29
2.1 Web Configurator Overview	29
2.2 Accessing the Web Configurator	29
2.3 Web Configurator Main Screen	31
2.3.1 Title Bar	32
2.3.2 Navigation Panel	32
2.3.3 Main Window	35
2.3.4 Status Bar	35
Status Screens	37
3.1 Overview	37
3.2 The Status Screen	37
3.3 Client List	40
3.4 Status: VPN Status	40
3.5 Any IP Table	40
3.6 Packet Statistics	41
Internet Setup Wizard	43
4.1 Overview	43
4.2 Internet Access Wizard Setup	43
4.2.1 Manual Configuration	46
Tutorial	53
5.1 Overview	53
5.2 Configuring Point-to-point Connection	53
5.2.1 Set Up the Server	54
5.2.2 Set Up the Client	55
5.2.3 Connect the P-792H v2s	55
Technical Reference	57
WAN Setup	59
6.1 Overview	59
6.1.1 What You Can Do in the WAN Screens	59
6.1.2 What You Need to Know About WAN	60
6.1.3 Before You Begin	61
6.2 The Internet Access Setup Screen	62
6.2.1 Advanced Internet Access Setup	66
6.3 The More Connections Screen	68
6.3.1 More Connections Edit	70
6.3.2 Configuring More Connections Advanced Setup	73
6.4 The WAN Backup Setup Screen	75
6.5 WAN Technical Reference	76
6.5.1 Encapsulation	76
6.5.2 Multiplexing	78
6.5.3 VPI and VCI	78
6.5.4 IP Address Assignment	78
6.5.5 Nailed-Up Connection (PPP)	79
6.5.6 NAT	79
6.6 Metric	79
6.7 Traffic Redirect	80
6.8 Traffic Shaping	81
6.8.1 ATM Traffic Classes	82
LAN Setup	85
7.1 Overview	85
7.1.1 What You Can Do in the LAN Screens	85
7.1.2 What You Need To Know About LAN	86
7.1.3 Before You Begin	87
7.2 The IP Screen	87
7.2.1 The Advanced LAN IP Setup Screen	88
7.3 The DHCP Setup Screen	90
7.4 The Client List Screen	92
7.5 The IP Alias Screen	93
7.5.1 Configuring the LAN IP Alias Screen	94
7.6 LAN Technical Reference	95
7.6.1 LANs, WANs and the ZyXEL Device	95
7.6.2 DHCP Setup	96
7.6.3 DNS Server Addresses	96
7.6.4 LAN TCP/IP	97
7.6.5 RIP Setup	98
7.6.6 Multicast	98
Network Address Translation (NAT)	101
8.1 Overview	101
8.1.1 What You Can Do in the NAT Screens	101
8.1.2 What You Need To Know About NAT	101
8.2 The NAT General Setup Screen	103
8.3 The Port Forwarding Screen	104
8.3.1 Configuring the Port Forwarding Screen	105
8.3.2 The Port Forwarding Rule Edit Screen	106
8.4 The Address Mapping Screen	107
8.4.1 The Address Mapping Rule Edit Screen	109
8.5 The ALG Screen	111
8.6 NAT Technical Reference	111
8.6.1 NAT Definitions	111
8.6.2 What NAT Does	112
8.6.3 How NAT Works	113
8.6.4 NAT Application	114
8.6.5 NAT Mapping Types	114
Firewalls	117
9.1 Overview	117
9.1.1 What You Can Do in the Firewall Screens	117
9.1.2 What You Need to Know About Firewall	118
9.1.3 Firewall Rule Setup Example	119
9.2 The Firewall General Screen	122
9.3 The Firewall Rule Screen	124
9.3.1 Configuring Firewall Rules	126
9.3.2 Customized Services	128
9.3.3 Configuring a Customized Service	129
9.4 The Firewall Threshold Screen	129
9.4.1 Threshold Values	130
9.4.2 Configuring Firewall Thresholds	131
9.5 Firewall Technical Reference	133
9.5.1 Firewall Rules Overview	133
9.5.2 Guidelines For Enhancing Security With Your Firewall	134
9.5.3 Security Considerations	135
9.5.4 Triangle Route	135
Content Filtering	139
10.1 Overview	139
10.1.1 What You Can Do in the Content Filter Screens	139
10.1.2 What You Need to Know About Content Filtering	139
10.1.3 Before You Begin	139
10.1.4 Content Filtering Example	140
10.2 The Keyword Screen	142
10.3 The Schedule Screen	143
10.4 The Trusted Screen	144
Certificates	145
11.1 Overview	145
11.1.1 What You Need to Know About Certificates	145
11.1.2 Verifying a Certificate	146
11.2 The Trusted CAs Screen	147
11.2.1 Trusted CA Import	149
11.2.2 Trusted CA Details	150
11.3 Certificates Technical Reference	152
11.3.1 Certificates Overview	152
11.3.2 Private-Public Certificates	152
VPN	155
12.1 Overview	155
12.1.1 What You Can Do in the VPN Screens	155
12.1.2 What You Need to Know About IPSec VPN	156
12.1.3 Before You Begin	157
12.2 VPN Setup Screen	157
12.3 The VPN Edit Screen	160
12.4 Configuring Advanced IKE Settings	165
12.5 Manual Key Setup	167
12.5.1 Security Parameter Index (SPI)	168
12.6 Configuring Manual Key	168
12.7 Viewing SA Monitor	171
12.8 Configuring VPN Global Setting	172
12.9 IPSec VPN Technical Reference	173
12.9.1 IPSec Architecture	173
12.9.2 IPSec and NAT	174
12.9.3 VPN, NAT, and NAT Traversal	175
12.9.4 Encapsulation	176
12.9.5 IKE Phases	177
12.9.6 Negotiation Mode	178
12.9.7 Keep Alive	178
12.9.8 Remote DNS Server	179
12.9.9 ID Type and Content	180
12.9.10 Pre-Shared Key	182
12.9.11 Diffie-Hellman (DH) Key Groups	182
12.9.12 Telecommuter VPN/IPSec Examples	182
Static Route	187
13.1 Overview	187
13.2 The Static Route Screen	188
13.2.1 Static Route Edit	189
802.1Q/1P	191
14.1 Overview	191
14.1.1 What You Can Do in the 802.1Q/1P Screens	191
14.1.2 What You Need to Know About 802.1Q/1P	191
14.1.3 802.1Q/1P Example	193
14.2 The 802.1Q/1P Group Setting Screen	197
14.2.1 Editing 802.1Q/1P Group Setting	198
14.3 The 802.1Q/1P Port Setting Screen	199
Quality of Service (QoS)	201
15.1 Overview	201
15.2 QoS Overview	201
15.2.1 What You Can Do in the QoS Screens	202
15.2.2 What You Need to Know About QoS	202
15.2.3 QoS Class Setup Example	203
15.3 The QoS General Screen	207
15.4 The Class Setup Screen	208
15.4.1 The Class Configuration Screen	210
15.5 The QoS Monitor Screen	214
15.6 QoS Technical Reference	215
15.6.1 IEEE 802.1Q Tag	215
15.6.2 IP Precedence	215
15.6.3 DiffServ	216
15.6.4 Automatic Priority Queue Assignment	216
Dynamic DNS Setup	219
16.1 Overview	219
16.1.1 What You Need To Know About DDNS	219
16.2 The Dynamic DNS Screen	220
Remote Management	223
17.1 Overview	223
17.1.1 What You Can Do in the Remote Management Screens	224
17.1.2 What You Need to Know About Remote Management	224
17.2 The WWW Screen	225
17.2.1 Configuring the WWW Screen	225
17.3 The Telnet Screen	226
17.4 The FTP Screen	227
17.5 The SNMP Screen	228
17.5.1 Supported MIBs	230
17.5.2 SNMP Traps	230
17.5.3 Configuring SNMP	231
17.6 The DNS Screen	232
17.7 The ICMP Screen	233
Universal Plug-and-Play (UPnP)	235
18.1 Overview	235
18.1.1 What You Can Do in the UPnP Screen	235
18.1.2 What You Need to Know About UPnP	235
18.2 The UPnP Screen	237
18.3 Installing UPnP in Windows Example	237
18.4 Using UPnP in Windows XP Example	241
System Settings	247
19.1 Overview	247
19.1.1 What You Can Do in the System Settings Screens	247
19.1.2 What You Need to Know About System Settings	247
19.2 The General Screen	248
19.3 The Time Setting Screen	250
Logs	253
20.1 Overview	253
20.1.1 What You Can Do in the Log Screens	253
20.1.2 What You Need To Know About Logs	253
20.2 The View Log Screen	254
20.3 The Log Settings Screen	255
20.4 SMTP Error Messages	257
20.4.1 Example E-mail Log	257
20.5 Log Descriptions	258
Tools	267
21.1 Overview	267
21.1.1 What You Can Do in the Tool Screens	267
21.1.2 What You Need To Know About Tools	268
21.1.3 Before You Begin	269
21.1.4 Tool Examples	269
21.2 The Firmware Screen	275
21.3 The Configuration Screen	277
21.4 The Restart Screen	279
Diagnostic	281
22.1 Overview	281
22.1.1 What You Can Do in the Diagnostic Screens	281
22.2 The General Diagnostic Screen	281
22.3 The DSL Line Diagnostic Screen	282
Introducing the SMT	285
23.1 Accessing the SMT	285
23.2 SMT Menu Items	286
23.3 Navigating the SMT Interface	289
General Setup	291
24.1 Configuring General Setup	291
24.1.1 Configuring Dynamic DNS	292
WAN Setup	295
25.1 WAN Setup	295
25.2 Configuring Traffic Redirect	297
LAN Setup	299
26.1 Accessing the LAN Menus	299
26.2 LAN Port Filter Setup	299
26.3 TCP/IP and DHCP Setup Menu	300
26.4 LAN IP Alias	302
Internet Access Setup	303
27.1 Internet Access Setup	303
Remote Node Setup	307
28.1 Introduction to Remote Node Setup	307
28.2 Remote Node Setup	307
28.3 Remote Node Profile	308
28.4 Remote Node Network Layer Options	310
28.5 Remote Node Filter	312
28.6 Remote Node ATM Layer Options	314
28.7 Advance Setup Options	315
Static Route Setup	317
29.1 IP Static Route Setup	317
29.2 Bridge Static Route Setup	319
NAT Setup	321
30.1 Using NAT	321
30.1.1 SUA (Single User Account) Versus NAT	321
30.1.2 Applying NAT	322
30.2 NAT Setup	323
30.2.1 Address Mapping Sets	324
30.3 Configuring a Server behind NAT	327
30.4 General NAT Examples	328
30.4.1 Internet Access Only	329
30.4.2 Example 2: Internet Access with a Default Server	330
30.4.3 Example 3: Multiple Public IP Addresses With Inside Servers	330
30.4.4 Example 4: NAT Unfriendly Application Programs	334
Firewall Setup	337
31.1 Using P-792H v2 SMT Menus	337
31.1.1 Activating the Firewall	337
Filter Configuration	339
32.1 Introduction to Filters	339
32.1.1 The Filter Structure of the P-792H v2	340
32.2 Configuring a Filter Set	342
32.2.1 Configuring a Filter Rule	344
32.2.2 Configuring a TCP/IP Filter Rule	344
32.2.3 Configuring a Generic Filter Rule	348
32.3 Example Filter	349
32.4 Filter Types and NAT	351
32.5 Firewall Versus Filters	352
32.6 Applying a Filter	352
32.6.1 Applying LAN Filters	352
32.6.2 Applying Remote Node Filters	353
System Password	355
System Information & Diagnosis	357
34.1 Introduction to System Status	357
34.2 System Status	357
34.3 System Information and Console Port Speed	359
34.3.1 System Information	360
34.3.2 Console Port Speed	361
34.4 Log and Trace	361
34.4.1 Viewing Error Log	361
34.4.2 Syslog Logging	362
34.5 Diagnostic	366
Firmware and Configuration File Maintenance	369
35.1 Introduction	369
35.2 Filename Conventions	369
35.3 Backup Configuration	370
35.3.1 Backup Configuration	371
35.3.2 Using the FTP Command from the Command Line	371
35.3.3 Example of FTP Commands from the Command Line	372
35.3.4 GUI-based FTP Clients	372
35.3.5 File Maintenance Over WAN	372
35.3.6 Backup Configuration Using TFTP	373
35.3.7 TFTP Command Example	373
35.3.8 GUI-based TFTP Clients	374
35.3.9 Backup Via Console Port	374
35.4 Restore Configuration	375
35.4.1 Restore Using FTP	376
35.4.2 Restore Using FTP Session Example	377
35.4.3 Restore Via Console Port	377
35.5 Uploading Firmware and Configuration Files	378
35.5.1 Firmware File Upload	378
35.5.2 Configuration File Upload	379
35.5.3 FTP File Upload Command from the DOS Prompt Example	380
35.5.4 FTP Session Example of Firmware File Upload	380
35.5.5 TFTP File Upload	381
35.5.6 TFTP Upload Command Example	381
35.5.7 Uploading Via Console Port	382
35.5.8 Uploading Firmware File Via Console Port	382
35.5.9 Example Xmodem Firmware Upload Using HyperTerminal	383
35.5.10 Uploading Configuration File Via Console Port	383
35.5.11 Example Xmodem Configuration Upload Using HyperTerminal	384
Menus 24.8 to 24.11	385
36.1 Command Interpreter Mode	385
36.1.1 Command Syntax	385
36.1.2 Command Usage	386
36.2 Call Control Support	386
36.2.1 Budget Management	387
36.3 Time and Date Setting	388
36.4 Remote Management	391
36.4.1 Remote Management Limitations	391
Schedule Setup	393
37.1 Schedule Set Overview	393
37.2 Schedule Setup	393
37.3 Schedule Set Setup	394
Troubleshooting	397
38.1 Power, Hardware Connections, and LEDs	397
38.2 P-792H v2 Access and Login	398
38.3 Internet Access	400
38.4 Network Connections	401
Product Specifications	403
Wall-mounting Instructions	409
Setting up Your Computer’s IP Address	411
Pop-up Windows, JavaScripts and Java Permissions	435
IP Addresses and Subnetting	445
Services	455
Legal Information	459