Home » ZyXEL Manuals » Networking » ZyXEL SBG3300-NB00 » Manual Viewer

ZyXEL SBG3300-NB00 User Guide - Page 294

Pre-Shared Key

Get ZyXEL SBG3300-NB00 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 294 highlights

Chapter 20 IPSec VPN distinguish incoming SAs because you can select between three encryption algorithms (DES, 3DES and AES), two authentication algorithms (MD5 and SHA1) and eight key groups when you configure a VPN rule (see Section 20.4 on page 278). The ID type and content act as an extra level of identification for incoming SAs. The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. Table 96 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= IP Type the IP address of your computer. FQDN Type a domain name (up to 31 characters) by which to identify this Device. User-FQDN Type an e-mail address (up to 31 characters) by which to identify this Device. The domain name or e-mail address that you use in the Local ID Content field is used for identification purposes only and does not need to be a real domain name or e-mail address. 20.7.7.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two Devices in this example can complete negotiation and establish a VPN tunnel. Table 97 Matching ID Type and Content Configuration Example Device A Device B Local ID type: User-FQDN Local ID type: IP Local ID content: [email protected] Local ID content: 1.1.1.2 Remote ID type: IP Remote ID type: E-mail Remote ID content: 1.1.1.2 Remote ID content: [email protected] The two Devices in this example cannot complete their negotiation because Device B's Local ID type is IP, but Device A's Remote ID type is set to E-mail. An "ID mismatched" message displays in the IPSEC LOG. Table 98 Mismatching ID Type and Content Configuration Example DEVICE A DEVICE B Local ID type: IP Local ID type: IP Local ID content: 1.1.1.10 Local ID content: 1.1.1.2 Remote ID type: User-FQDN Remote ID type: IP Remote ID content: [email protected] Remote ID content: 1.1.1.0 20.7.8 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 20.7.3 on page 291 for more on IKE phases). It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. 294 SBG3300-N Series User's Guide

Section	Page
SBG3300-N Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	15
Introducing the Device	17
1.1 Overview	17
1.2 Ways to Manage the Device	17
1.3 Good Habits for Managing the Device	17
1.4 Applications for the Device	18
1.4.1 Internet Access	18
1.4.2 Device’s USB Support	19
1.5 LEDs (Lights)	19
1.6 The RESET Button	21
1.7 Wireless Access	21
1.7.1 Using the WLAN Button	21
The Web Configurator	23
2.1 Overview	23
2.1.1 Accessing the Web Configurator	23
2.2 Web Configurator Layout	25
2.2.1 Title Bar	25
2.2.2 Main Window	26
2.2.3 Navigation Panel	26
Quick Start	31
3.1 Overview	31
3.2 Quick Start Setup	31
Tutorials	35
4.1 Overview	35
4.2 Setting Up an ADSL PPPoE Connection	35
4.3 Setting Up a Secure Wireless Network	38
4.3.1 Configuring the Wireless Network Settings	38
4.3.2 Using WPS	40
4.3.3 Without WPS	43
4.4 Setting Up Multiple Wireless Groups	44
4.5 Configuring Static Route for Routing to Another Network	47
4.6 Configuring QoS Queue and Class Setup	50
4.7 Access the Device Using DDNS	53
4.7.1 Registering a DDNS Account on www.dyndns.org	53
4.7.2 Configuring DDNS on Your Device	54
4.7.3 Testing the DDNS Setting	54
4.8 Configuring the MAC Address Filter	55
4.9 Access Your Shared Files From a Computer	56
4.10 Certificate Configuration for VPN	57
4.11 Examples of Configuring IPSec VPN Rules	60
4.11.1 Example 1: Use 3DES Encryption	60
4.11.2 Example 2: Use AES128 Encryption	63
4.11.3 Example 3: Configuring a Site-to-Site with Dynamic Peer Rule	64
4.11.4 Example 4: Configuring a Remote Access Rule	64
4.12 PPTP VPN Tutorial	65
4.12.1 Configuring PPTP VPN Setup (Server)	65
4.12.2 Configuring PPTP VPN on Windows (Client)	66
4.12.3 Configuring PPTP VPN on Android Devices (Client)	81
4.12.4 Configuring PPTP VPN in iOS Devices (Client)	83
4.13 L2TP VPN Tutorial	85
4.13.1 Configuring the Default_L2TPVPN IPSec VPN Rule (Server)	86
4.13.2 Configuring the L2TP VPN Setup (Server)	87
4.13.3 Configuring L2TP VPN in Windows (Client)	88
4.13.4 Configuring L2TP VPN on Windows 7 and Vista	90
4.13.5 Configuring L2TP VPN on Windows XP	101
4.13.6 Configuring L2TP VPN on Android Devices (Client)	107
4.13.7 Configuring L2TP VPN in iOS Devices (Client)	110
Technical Reference	113
Status Screens	115
5.1 Overview	115
5.2 The Status Screen	115
Broadband	119
6.1 Overview	119
6.1.1 What You Can Do in this Chapter	119
6.1.2 What You Need to Know	120
6.1.3 Before You Begin	123
6.2 The Broadband Screen	123
6.2.1 Add/Edit Internet Connection	125
6.3 The 3G WAN Screen	133
6.4 The Add New 3G Dongle Screen	136
6.4.1 Add 3G Dongle Information	136
6.5 The Advanced Screen	137
6.6 The 802.1x Screen	138
6.6.1 Edit 802.1x Settings	139
6.7 The multi-WAN Screen	139
6.7.1 Add/Edit multi-WAN	140
6.7.2 How to Configure multi-WAN for Load Balancing and Failover	141
6.8 Technical Reference	142
Wireless	147
7.1 Overview	147
7.1.1 What You Can Do in this Chapter	147
7.1.2 What You Need to Know	148
7.2 The General Screen	148
7.2.1 No Security	151
7.2.2 Basic (WEP Encryption)	151
7.2.3 More Secure (WPA(2)-PSK)	153
7.2.4 WPA(2) Authentication	154
7.3 The More AP Screen	155
7.3.1 Edit More AP	156
7.4 MAC Authentication	158
7.5 The WPS Screen	159
7.6 The WMM Screen	160
7.7 The Others Screen	161
7.8 The Channel Status Screen	163
7.9 Technical Reference	163
7.9.1 Wireless Network Overview	163
7.9.2 Additional Wireless Terms	165
7.9.3 Wireless Security Overview	165
7.9.4 Signal Problems	167
7.9.5 BSS	168
7.9.6 MBSSID	168
7.9.7 Preamble Type	169
7.9.8 WiFi Protected Setup (WPS)	169
LAN	177
8.1 Overview	177
8.1.1 What You Can Do in this Chapter	177
8.1.2 What You Need To Know	178
8.1.3 Before You Begin	179
8.2 The LAN Setup Screen	179
8.3 The Static DHCP Screen	182
8.4 The UPnP Screen	184
8.5 Installing UPnP in Windows Example	185
8.6 Using UPnP in Windows XP Example	188
8.7 The Additional Subnet Screen	194
8.8 The 5th Ethernet Port Screen	195
8.9 Technical Reference	195
8.9.1 LANs, WANs and the Device	196
8.9.2 DHCP Setup	196
8.9.3 DNS Server Addresses	196
8.9.4 LAN TCP/IP	197
Routing	199
9.1 Overview	199
9.1.1 What You Can Do in this Chapter	199
9.2 The Routing Screen	200
9.2.1 Add/Edit Static Route	201
9.3 The Policy Forwarding Screen	201
9.3.1 Add/Edit Policy Forwarding	203
9.4 The RIP Screen	203
Quality of Service (QoS)	205
10.1 Overview	205
10.1.1 What You Can Do in this Chapter	205
10.2 What You Need to Know	206
10.3 The Quality of Service General Screen	207
10.4 The Queue Setup Screen	208
10.4.1 Adding a QoS Queue	210
10.5 The Class Setup Screen	210
10.5.1 Add/Edit QoS Class	212
10.6 The QoS Policer Setup Screen	215
10.6.1 Add/Edit a QoS Policer	216
10.7 The QoS Monitor Screen	217
10.8 Technical Reference	218
Network Address Translation (NAT)	223
11.1 Overview	223
11.1.1 What You Can Do in this Chapter	223
11.1.2 What You Need To Know	223
11.2 The Port Forwarding Screen	224
11.2.1 Add/Edit Port Forwarding	226
11.3 The Applications Screen	227
11.3.1 Add New Application	228
11.4 The Port Triggering Screen	228
11.4.1 Add/Edit Port Triggering Rule	230
11.5 The DMZ Screen	231
11.6 The ALG Screen	232
11.7 The Address Mapping Screen	232
11.7.1 Add/Edit Address Mapping Rule	233
11.8 Technical Reference	234
11.8.1 NAT Definitions	234
11.8.2 What NAT Does	235
11.8.3 How NAT Works	236
11.8.4 NAT Application	237
Dynamic DNS Setup	239
12.1 Overview	239
12.1.1 What You Can Do in this Chapter	239
12.1.2 What You Need To Know	240
12.2 The DNS Entry Screen	240
12.2.1 Add/Edit DNS Entry	241
12.3 The Dynamic DNS Screen	241
Interface Group	243
13.1 Overview	243
13.2 The Interface Group Screen	243
13.2.1 Interface Group Configuration	244
13.2.2 Interface Grouping Criteria	245
USB Service	247
14.1 Overview	247
14.1.1 What You Can Do in this Chapter	247
14.1.2 What You Need To Know	247
14.2 The File Sharing Screen	248
14.2.1 Before You Begin	248
Firewall	251
15.1 Overview	251
15.1.1 What You Can Do in this Chapter	251
15.1.2 What You Need to Know	252
15.2 The Firewall Screen	253
15.3 The Service Screen	253
15.3.1 Add/Edit a Service	255
15.4 The Access Control Screen	256
15.4.1 Add/Edit an ACL Rule	257
15.5 The DoS Screen	258
MAC Filter	261
16.1 Overview	261
16.2 The MAC Filter Screen	261
User Access Control	263
17.1 Overview	263
17.2 The User Access Control Screen	263
17.2.1 Add/Edit a User Access Control Rule	264
Scheduler Rules	267
18.1 Overview	267
18.2 The Scheduler Rules Screen	267
18.2.1 Add/Edit a Schedule	268
Certificates	269
19.1 Overview	269
19.1.1 What You Can Do in this Chapter	269
19.2 What You Need to Know	269
19.3 The Local Certificates Screen	270
19.3.1 Create Certificate Request	271
19.3.2 Load Signed Certificate	272
19.4 The Trusted CA Screen	273
19.4.1 View Trusted CA Certificate	274
19.4.2 Import Trusted CA Certificate	275
IPSec VPN	277
20.1 Overview	277
20.2 What You Can Do in this Chapter	277
20.3 What You Need To Know	278
20.4 The Setup Screen	278
20.4.1 Add/Edit VPN Rule	279
20.4.2 The VPN Connection Add/Edit Screen	280
20.4.3 The Default_L2TPVPN IPSec VPN Rule	286
20.5 The IPSec VPN Monitor Screen	287
20.6 The Radius Screen	287
20.7 Technical Reference	288
20.7.1 IPSec Architecture	289
20.7.2 Encapsulation	290
20.7.3 IKE Phases	291
20.7.4 Negotiation Mode	291
20.7.5 IPSec and NAT	292
20.7.6 VPN, NAT, and NAT Traversal	292
20.7.7 ID Type and Content	293
20.7.8 Pre-Shared Key	294
20.7.9 Diffie-Hellman (DH) Key Groups	295
PPTP VPN	296
21.1 Overview	296
21.2 What You Can Do in this Chapter	296
21.3 PPTP VPN Setup	297
21.4 The PPTP VPN Monitor Screen	298
21.5 PPTP VPN Troubleshooting Tips	298
L2TP VPN	301
22.1 Overview	301
22.1.1 What You Can Do in this Chapter	301
22.2 L2TP VPN Screen	302
22.3 The L2TP VPN Monitor Screen	303
22.4 L2TP VPN Troubleshooting Tips	303
Log	307
23.1 Overview	307
23.1.1 What You Can Do in this Chapter	307
23.1.2 What You Need To Know	307
23.2 The System Log Screen	308
23.3 The Security Log Screen	309
Network Status	311
24.1 Overview	311
24.1.1 What You Can Do in this Chapter	311
24.2 The WAN Status Screen	311
24.3 The LAN Status Screen	312
ARP Table	315
25.1 Overview	315
25.1.1 How ARP Works	315
25.2 ARP Table Screen	315
Routing Table	317
26.1 Overview	317
26.2 The Routing Table Screen	317
IGMP Status	319
27.1 Overview	319
27.2 The IGMP Group Status Screen	319
xDSL Statistics	321
28.1 The xDSL Statistics Screen	321
User Account	325
29.1 Overview	325
29.2 The User Account Screen	325
29.2.1 Add/Edit a Users Account	326
Remote Management	329
30.1 Overview	329
30.2 The Remote MGMT Screen	329
TR-069 Client	331
31.1 Overview	331
31.2 The TR-069 Client Screen	331
SNMP	333
32.1 The SNMP Agent Screen	333
Time	335
33.1 Overview	335
33.2 The Time Screen	335
E-mail Notification	339
34.1 Overview	339
34.2 The Email Notification Screen	339
34.2.1 Email Notification Edit	340
Logs Setting	341
35.1 Overview	341
35.2 The Log Setting Screen	341
35.2.1 Example E-mail Log	342
Firmware Upgrade	345
36.1 Overview	345
36.2 The Firmware Screen	345
Configuration	347
37.1 Overview	347
37.2 The Configuration Screen	347
37.3 The Reboot Screen	349
Diagnostic	350
38.1 Overview	350
38.1.1 What You Can Do in this Chapter	350
38.2 What You Need to Know	350
38.3 Ping & TraceRoute & NsLookup	351
38.4 802.1ag	352
38.5 OAM Ping Test	353
Troubleshooting	355
39.1 Power, Hardware Connections, and LEDs	355
39.2 Device Access and Login	356
39.3 Internet Access	358
39.4 Wireless Internet Access	359
39.5 USB Device Connection	360
39.6 UPnP	360
Setting up Your Computer’s IP Address	363
IP Addresses and Subnetting	385
Pop-up Windows, JavaScript and Java Permissions	393
Wireless LANs	403
IPv6	417
Services	425
Legal Information	429

Match case Limit results 1 per page

Chapter 20 IPSec VPN

SBG3300-N Series User’s Guide

294

distinguish incoming SAs because you can select between three encryption algorithms (DES, 3DES

and AES), two authentication algorithms (MD5 and SHA1) and eight key groups when you configure

a VPN rule (see

Section 20.4 on page 278

). The ID type and content act as an extra level of

identification for incoming SAs.

The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP

address, domain name, or e-mail address.

20.7.7.1

ID Type and Content Examples

Two IPSec routers must have matching ID type and content configuration in order to set up a VPN

tunnel.

The two Devices in this example can complete negotiation and establish a VPN tunnel.

The two Devices in this example cannot complete their negotiation because Device B’s

Local ID

type

, but Device A’s

Remote ID type

is set to

E-mail

. An “ID mismatched” message displays

in the IPSEC LOG.

20.7.8

Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see

Section

20.7.3 on page 291

for more on IKE phases). It is called “pre-shared” because you have to share it

with another party before you can communicate with them over a secure connection.

Table 96

Local ID Type and Content Fields

LOCAL ID TYPE=

CONTENT=

Type the IP address of your computer.

FQDN

Type a domain name (up to 31 characters) by which to identify this Device.

User-FQDN

Type an e-mail address (up to 31 characters) by which to identify this Device.

The domain name or e-mail address that you use in the

Local ID

Content

field

is used for identification purposes only and does not need to be a real domain

name or e-mail address.

Table 97

Matching ID Type and Content Configuration Example

Device A

Device B

Local ID type: User-FQDN

Local ID type: IP

Local ID content: [email protected]

Local ID content: 1.1.1.2

Remote ID type: IP

Remote ID type: E-mail

Remote ID content: 1.1.1.2

Remote ID content: [email protected]

Table 98

Mismatching ID Type and Content Configuration Example

DEVICE A

DEVICE B

Local ID type: IP

Local ID content: 1.1.1.10

Local ID content: 1.1.1.2

Remote ID type: User-FQDN

Remote ID type: IP

Remote ID content: [email protected]

Remote ID content: 1.1.1.0