Home » ZyXEL Manuals » Networking » ZyXEL SBG3300-NB00 » Manual Viewer

ZyXEL SBG3300-NB00 User Guide - Page 282

User-FQDN, Local ID Type, Remote ID Type, Negotiation Mode, Pre-Shared Key, Table 90, LABEL,

Get ZyXEL SBG3300-NB00 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 282 highlights

Chapter 20 IPSec VPN Table 90 VPN > IPSec VPN > Setup > Edit (continued) LABEL Pre-Shared Key DESCRIPTION Select this to have the Device and remote IPSec router use a pre-shared key (password) to identify each other when they negotiate the IKE SA. Type the pre-shared key in the field to the right. The pre-shared key can be • 8 - 32 alphanumeric characters or 8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by "0x". If you want to enter the key in hexadecimal, type "0x" at the beginning of the key. For example, "0x0123456789ABCDEF" is in hexadecimal format; in "0123456789ABCDEF" is in ASCII format. If you use hexadecimal, you must enter twice as many characters since you need to enter pairs. The Device and remote IPSec router must use the same pre-shared key. Certificate Note: All remote access application scenario of IPsec rules must use the same preshared key. In order to use Certificate for IPsec authentication, you need to add new host certificates in the Security > Certificates screen. See a tutorial on how to add new host certificates in Chapter 4 on page 57. Select this to have the Device and remote IPSec router use certificates to authenticate each other when they negotiate the IKE SA. Then select the certificate the Device uses to identify itself to the remote IPsec router. This certificate is one of the certificates in Certificates. If this certificate is self-signed, import it into the remote IPsec router. If this certificate is signed by a CA, the remote IPsec router must trust that CA. Local/Remote ID Type Note: The IPSec routers must trust each other's certificates. The Device uses one of its Trusted Certificates to authenticate the remote IPSec router's certificate. The trusted certificate can be a self-signed certificate or that of a trusted CA that signed the remote IPSec router's certificate. Select which type of identification is used to identify the Device during authentication. Any - The Device does not check the identity of the itself/remote IPSec router. IP - The Device/remote IPSec router is identified by its IP address. FQDN - The Device/remote IPSec router is identified by a domain name. User-FQDN - The Device/remote IPSec router is identified by an e-mail address. Local/Remote ID Content Note: The options FQDN and User-FQDN of Local ID Type and Remote ID Type are not applicable if you select Main as the Negotiation Mode with Pre-Shared Key. When you select IP in the Local/Remote ID Type field, type the IP address of your computer in the Local/Remote ID Content field. When you select FQDN or User-FQDN in the Local/Remote ID Type field, type a domain name or e-mail address by which to identify this Device in the Local/Remote ID Content field. 282 SBG3300-N Series User's Guide

Section	Page
SBG3300-N Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	15
Introducing the Device	17
1.1 Overview	17
1.2 Ways to Manage the Device	17
1.3 Good Habits for Managing the Device	17
1.4 Applications for the Device	18
1.4.1 Internet Access	18
1.4.2 Device’s USB Support	19
1.5 LEDs (Lights)	19
1.6 The RESET Button	21
1.7 Wireless Access	21
1.7.1 Using the WLAN Button	21
The Web Configurator	23
2.1 Overview	23
2.1.1 Accessing the Web Configurator	23
2.2 Web Configurator Layout	25
2.2.1 Title Bar	25
2.2.2 Main Window	26
2.2.3 Navigation Panel	26
Quick Start	31
3.1 Overview	31
3.2 Quick Start Setup	31
Tutorials	35
4.1 Overview	35
4.2 Setting Up an ADSL PPPoE Connection	35
4.3 Setting Up a Secure Wireless Network	38
4.3.1 Configuring the Wireless Network Settings	38
4.3.2 Using WPS	40
4.3.3 Without WPS	43
4.4 Setting Up Multiple Wireless Groups	44
4.5 Configuring Static Route for Routing to Another Network	47
4.6 Configuring QoS Queue and Class Setup	50
4.7 Access the Device Using DDNS	53
4.7.1 Registering a DDNS Account on www.dyndns.org	53
4.7.2 Configuring DDNS on Your Device	54
4.7.3 Testing the DDNS Setting	54
4.8 Configuring the MAC Address Filter	55
4.9 Access Your Shared Files From a Computer	56
4.10 Certificate Configuration for VPN	57
4.11 Examples of Configuring IPSec VPN Rules	60
4.11.1 Example 1: Use 3DES Encryption	60
4.11.2 Example 2: Use AES128 Encryption	63
4.11.3 Example 3: Configuring a Site-to-Site with Dynamic Peer Rule	64
4.11.4 Example 4: Configuring a Remote Access Rule	64
4.12 PPTP VPN Tutorial	65
4.12.1 Configuring PPTP VPN Setup (Server)	65
4.12.2 Configuring PPTP VPN on Windows (Client)	66
4.12.3 Configuring PPTP VPN on Android Devices (Client)	81
4.12.4 Configuring PPTP VPN in iOS Devices (Client)	83
4.13 L2TP VPN Tutorial	85
4.13.1 Configuring the Default_L2TPVPN IPSec VPN Rule (Server)	86
4.13.2 Configuring the L2TP VPN Setup (Server)	87
4.13.3 Configuring L2TP VPN in Windows (Client)	88
4.13.4 Configuring L2TP VPN on Windows 7 and Vista	90
4.13.5 Configuring L2TP VPN on Windows XP	101
4.13.6 Configuring L2TP VPN on Android Devices (Client)	107
4.13.7 Configuring L2TP VPN in iOS Devices (Client)	110
Technical Reference	113
Status Screens	115
5.1 Overview	115
5.2 The Status Screen	115
Broadband	119
6.1 Overview	119
6.1.1 What You Can Do in this Chapter	119
6.1.2 What You Need to Know	120
6.1.3 Before You Begin	123
6.2 The Broadband Screen	123
6.2.1 Add/Edit Internet Connection	125
6.3 The 3G WAN Screen	133
6.4 The Add New 3G Dongle Screen	136
6.4.1 Add 3G Dongle Information	136
6.5 The Advanced Screen	137
6.6 The 802.1x Screen	138
6.6.1 Edit 802.1x Settings	139
6.7 The multi-WAN Screen	139
6.7.1 Add/Edit multi-WAN	140
6.7.2 How to Configure multi-WAN for Load Balancing and Failover	141
6.8 Technical Reference	142
Wireless	147
7.1 Overview	147
7.1.1 What You Can Do in this Chapter	147
7.1.2 What You Need to Know	148
7.2 The General Screen	148
7.2.1 No Security	151
7.2.2 Basic (WEP Encryption)	151
7.2.3 More Secure (WPA(2)-PSK)	153
7.2.4 WPA(2) Authentication	154
7.3 The More AP Screen	155
7.3.1 Edit More AP	156
7.4 MAC Authentication	158
7.5 The WPS Screen	159
7.6 The WMM Screen	160
7.7 The Others Screen	161
7.8 The Channel Status Screen	163
7.9 Technical Reference	163
7.9.1 Wireless Network Overview	163
7.9.2 Additional Wireless Terms	165
7.9.3 Wireless Security Overview	165
7.9.4 Signal Problems	167
7.9.5 BSS	168
7.9.6 MBSSID	168
7.9.7 Preamble Type	169
7.9.8 WiFi Protected Setup (WPS)	169
LAN	177
8.1 Overview	177
8.1.1 What You Can Do in this Chapter	177
8.1.2 What You Need To Know	178
8.1.3 Before You Begin	179
8.2 The LAN Setup Screen	179
8.3 The Static DHCP Screen	182
8.4 The UPnP Screen	184
8.5 Installing UPnP in Windows Example	185
8.6 Using UPnP in Windows XP Example	188
8.7 The Additional Subnet Screen	194
8.8 The 5th Ethernet Port Screen	195
8.9 Technical Reference	195
8.9.1 LANs, WANs and the Device	196
8.9.2 DHCP Setup	196
8.9.3 DNS Server Addresses	196
8.9.4 LAN TCP/IP	197
Routing	199
9.1 Overview	199
9.1.1 What You Can Do in this Chapter	199
9.2 The Routing Screen	200
9.2.1 Add/Edit Static Route	201
9.3 The Policy Forwarding Screen	201
9.3.1 Add/Edit Policy Forwarding	203
9.4 The RIP Screen	203
Quality of Service (QoS)	205
10.1 Overview	205
10.1.1 What You Can Do in this Chapter	205
10.2 What You Need to Know	206
10.3 The Quality of Service General Screen	207
10.4 The Queue Setup Screen	208
10.4.1 Adding a QoS Queue	210
10.5 The Class Setup Screen	210
10.5.1 Add/Edit QoS Class	212
10.6 The QoS Policer Setup Screen	215
10.6.1 Add/Edit a QoS Policer	216
10.7 The QoS Monitor Screen	217
10.8 Technical Reference	218
Network Address Translation (NAT)	223
11.1 Overview	223
11.1.1 What You Can Do in this Chapter	223
11.1.2 What You Need To Know	223
11.2 The Port Forwarding Screen	224
11.2.1 Add/Edit Port Forwarding	226
11.3 The Applications Screen	227
11.3.1 Add New Application	228
11.4 The Port Triggering Screen	228
11.4.1 Add/Edit Port Triggering Rule	230
11.5 The DMZ Screen	231
11.6 The ALG Screen	232
11.7 The Address Mapping Screen	232
11.7.1 Add/Edit Address Mapping Rule	233
11.8 Technical Reference	234
11.8.1 NAT Definitions	234
11.8.2 What NAT Does	235
11.8.3 How NAT Works	236
11.8.4 NAT Application	237
Dynamic DNS Setup	239
12.1 Overview	239
12.1.1 What You Can Do in this Chapter	239
12.1.2 What You Need To Know	240
12.2 The DNS Entry Screen	240
12.2.1 Add/Edit DNS Entry	241
12.3 The Dynamic DNS Screen	241
Interface Group	243
13.1 Overview	243
13.2 The Interface Group Screen	243
13.2.1 Interface Group Configuration	244
13.2.2 Interface Grouping Criteria	245
USB Service	247
14.1 Overview	247
14.1.1 What You Can Do in this Chapter	247
14.1.2 What You Need To Know	247
14.2 The File Sharing Screen	248
14.2.1 Before You Begin	248
Firewall	251
15.1 Overview	251
15.1.1 What You Can Do in this Chapter	251
15.1.2 What You Need to Know	252
15.2 The Firewall Screen	253
15.3 The Service Screen	253
15.3.1 Add/Edit a Service	255
15.4 The Access Control Screen	256
15.4.1 Add/Edit an ACL Rule	257
15.5 The DoS Screen	258
MAC Filter	261
16.1 Overview	261
16.2 The MAC Filter Screen	261
User Access Control	263
17.1 Overview	263
17.2 The User Access Control Screen	263
17.2.1 Add/Edit a User Access Control Rule	264
Scheduler Rules	267
18.1 Overview	267
18.2 The Scheduler Rules Screen	267
18.2.1 Add/Edit a Schedule	268
Certificates	269
19.1 Overview	269
19.1.1 What You Can Do in this Chapter	269
19.2 What You Need to Know	269
19.3 The Local Certificates Screen	270
19.3.1 Create Certificate Request	271
19.3.2 Load Signed Certificate	272
19.4 The Trusted CA Screen	273
19.4.1 View Trusted CA Certificate	274
19.4.2 Import Trusted CA Certificate	275
IPSec VPN	277
20.1 Overview	277
20.2 What You Can Do in this Chapter	277
20.3 What You Need To Know	278
20.4 The Setup Screen	278
20.4.1 Add/Edit VPN Rule	279
20.4.2 The VPN Connection Add/Edit Screen	280
20.4.3 The Default_L2TPVPN IPSec VPN Rule	286
20.5 The IPSec VPN Monitor Screen	287
20.6 The Radius Screen	287
20.7 Technical Reference	288
20.7.1 IPSec Architecture	289
20.7.2 Encapsulation	290
20.7.3 IKE Phases	291
20.7.4 Negotiation Mode	291
20.7.5 IPSec and NAT	292
20.7.6 VPN, NAT, and NAT Traversal	292
20.7.7 ID Type and Content	293
20.7.8 Pre-Shared Key	294
20.7.9 Diffie-Hellman (DH) Key Groups	295
PPTP VPN	296
21.1 Overview	296
21.2 What You Can Do in this Chapter	296
21.3 PPTP VPN Setup	297
21.4 The PPTP VPN Monitor Screen	298
21.5 PPTP VPN Troubleshooting Tips	298
L2TP VPN	301
22.1 Overview	301
22.1.1 What You Can Do in this Chapter	301
22.2 L2TP VPN Screen	302
22.3 The L2TP VPN Monitor Screen	303
22.4 L2TP VPN Troubleshooting Tips	303
Log	307
23.1 Overview	307
23.1.1 What You Can Do in this Chapter	307
23.1.2 What You Need To Know	307
23.2 The System Log Screen	308
23.3 The Security Log Screen	309
Network Status	311
24.1 Overview	311
24.1.1 What You Can Do in this Chapter	311
24.2 The WAN Status Screen	311
24.3 The LAN Status Screen	312
ARP Table	315
25.1 Overview	315
25.1.1 How ARP Works	315
25.2 ARP Table Screen	315
Routing Table	317
26.1 Overview	317
26.2 The Routing Table Screen	317
IGMP Status	319
27.1 Overview	319
27.2 The IGMP Group Status Screen	319
xDSL Statistics	321
28.1 The xDSL Statistics Screen	321
User Account	325
29.1 Overview	325
29.2 The User Account Screen	325
29.2.1 Add/Edit a Users Account	326
Remote Management	329
30.1 Overview	329
30.2 The Remote MGMT Screen	329
TR-069 Client	331
31.1 Overview	331
31.2 The TR-069 Client Screen	331
SNMP	333
32.1 The SNMP Agent Screen	333
Time	335
33.1 Overview	335
33.2 The Time Screen	335
E-mail Notification	339
34.1 Overview	339
34.2 The Email Notification Screen	339
34.2.1 Email Notification Edit	340
Logs Setting	341
35.1 Overview	341
35.2 The Log Setting Screen	341
35.2.1 Example E-mail Log	342
Firmware Upgrade	345
36.1 Overview	345
36.2 The Firmware Screen	345
Configuration	347
37.1 Overview	347
37.2 The Configuration Screen	347
37.3 The Reboot Screen	349
Diagnostic	350
38.1 Overview	350
38.1.1 What You Can Do in this Chapter	350
38.2 What You Need to Know	350
38.3 Ping & TraceRoute & NsLookup	351
38.4 802.1ag	352
38.5 OAM Ping Test	353
Troubleshooting	355
39.1 Power, Hardware Connections, and LEDs	355
39.2 Device Access and Login	356
39.3 Internet Access	358
39.4 Wireless Internet Access	359
39.5 USB Device Connection	360
39.6 UPnP	360
Setting up Your Computer’s IP Address	363
IP Addresses and Subnetting	385
Pop-up Windows, JavaScript and Java Permissions	393
Wireless LANs	403
IPv6	417
Services	425
Legal Information	429

Match case Limit results 1 per page

Chapter 20 IPSec VPN

SBG3300-N Series User’s Guide

282

Pre-Shared Key

Select this to have the Device and remote IPSec router use a pre-shared key

(password) to identify each other when they negotiate the IKE SA. Type the pre-shared

key in the field to the right. The pre-shared key can be

•

8 - 32 alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-".

•

8 - 32 pairs of hexadecimal (0-9, A-F) characters, preceded by “0x”.

If you want to enter the key in hexadecimal, type “0x” at the beginning of the key. For

example, "0x0123456789ABCDEF" is in hexadecimal format; in “0123456789ABCDEF”

is in ASCII format. If you use hexadecimal, you must enter twice as many characters

since you need to enter pairs.

The Device and remote IPSec router must use the same pre-shared key.

Note: All remote access application scenario of IPsec rules must use the same pre-

shared key.

Certificate

In order to use

Certificate

for IPsec authentication, you need to add new host

certificates in the

Security

Certificates

screen. See a tutorial on how to add new

host certificates in

Chapter 4 on page 57

Select this to have the Device and remote IPSec router use certificates to authenticate

each other when they negotiate the IKE SA. Then select the certificate the Device uses

to identify itself to the remote IPsec router.

This certificate is one of the certificates in

Certificates

. If this certificate is self-signed,

import it into the remote IPsec router. If this certificate is signed by a CA, the remote

IPsec router must trust that CA.

Note: The IPSec routers must trust each other’s certificates.

The Device uses one of its

Trusted Certificates

to authenticate the remote IPSec

router’s certificate. The trusted certificate can be a self-signed certificate or that of a

trusted CA that signed the remote IPSec router’s certificate.

Local/Remote ID

Type

Select which type of identification is used to identify the Device during authentication.

Any

- The Device does not check the identity of the itself/remote IPSec router.

- The Device/remote IPSec router is identified by its IP address.

FQDN

- The Device/remote IPSec router is identified by a domain name.

User-FQDN

- The Device/remote IPSec router is identified by an e-mail address.

Note: The options

FQDN

and

User-FQDN

Local ID Type

and

Remote ID Type

are not

applicable if you select

Main

as the

Negotiation Mode

with

Pre-Shared Key

Local/Remote ID

Content

When you select

in the

Local/Remote ID Type

field, type the IP address of your

computer in the

Local/Remote ID Content

field.

When you select

FQDN

User-FQDN

in the

Local/Remote ID Type

field, type a

domain name or e-mail address by which to identify this Device in the

Local/Remote

ID Content

field.

Table 90

VPN > IPSec VPN > Setup > Edit (continued)

LABEL

DESCRIPTION