Home » ZyXEL Manuals » Networking » ZyXEL VSG1432-B101 » Manual Viewer

ZyXEL VSG1432-B101 User Guide - Page 252

Table 87

Get ZyXEL VSG1432-B101 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 252 highlights

Chapter 21 IPSec Table 87 Settings > Add/Edit: Auto(IKE) LABEL DESCRIPTION Authentication Method Select Pre-Shared Key to use a pre-shared key for authentication. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection. Pre-Shared Key Select Certificates (X.509) to use a certificate for authentication. This field is available only when you select Pre-Shared Key in the Authentication Method field. Type up to 15 alphanumeric characters for the pre-shared key. Both ends of the VPN tunnel must use the same pre-shared key. You will receive a "PYLD_MALFORMED" (payload malformed) packet if the same pre-shared key is not used on both ends. Local/Remote ID Select IP to identify this ZyXEL Device by its IP address. Type Select DNS to identify this ZyXEL Device by a domain name. Select E-mail to identify this ZyXEL Device by an e-mail address. Select ASN1DN (Abstract Syntax Notation one - Distinguished Name) to identify the remote IPSec router by the subject field in a certificate. This is used only with certificate-based authentication. Local/Remote ID When you select IP in the Local/Remote ID Type field, type the IP Content address of your computer in the Local/Remote ID Content field. When you select DNS or E-mail in the Local/Remote ID Type field, type a domain name or e-mail address by which to identify this ZyXEL Device in the Local/Remote ID Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. Advanced IKE Settings Click Show Advanced Settings to display and configure more detailed settings of your IKE key management. Otherwise, click Hide Advanced Settings. NAT_Traversal Select Enable if you want to set up a VPN tunnel when there are NAT routers between the ZyXEL Device and remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router. Otherwise, select Disable. Phase 1/Phase 2 Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. 252 VSG1432-B101 Series User's Guide

Section	Page
VSG1432-B101 Series	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	21
Introducing the VSG1432-B101	23
1.1 Overview	23
1.2 Ways to Manage the ZyXEL Device	23
1.3 Good Habits for Managing the ZyXEL Device	23
1.4 Applications for the ZyXEL Device	24
1.4.1 Internet Access	24
1.4.2 ZyXEL Device’s USB Support	25
1.5 Hardware Setup	26
1.6 Hardware Connections	28
1.7 LEDs (Lights)	29
1.8 The RESET Button	31
1.9 Wireless Access	31
1.9.1 Using the WLAN/WPS Button	31
The Web Configurator	33
2.1 Overview	33
2.1.1 Accessing the Web Configurator	33
2.2 Web Configurator Layout	36
2.2.1 Title Bar	36
2.2.2 Main Window	37
2.2.3 Navigation Panel	37
Quick Start	41
3.1 Overview	41
3.2 Quick Start Setup	41
Tutorials	43
4.1 Overview	43
4.2 Setting Up an ADSL PPPoE Connection	43
4.3 Setting Up a Secure Wireless Network	46
4.3.1 Configuring the Wireless Network Settings	46
4.3.2 Using WPS	48
4.3.3 Without WPS	52
4.4 Setting Up Multiple Wireless Groups	53
4.5 Setting Up NAT Port Forwarding	56
4.6 Configuring Static Route for Routing to Another Network	58
4.7 Configuring QoS Queue and Class Setup	60
4.8 Access the ZyXEL Device Using DDNS	63
4.8.1 Registering a DDNS Account on www.dyndns.org	64
4.8.2 Configuring DDNS on Your ZyXEL Device	64
4.8.3 Testing the DDNS Setting	65
4.9 Access Your Shared Files From a Computer	65
Technical Reference	67
Network Map and Status Screens	69
5.1 Overview	69
5.2 The Network Map Screen	69
5.3 The Status Screen	71
Broadband	75
6.1 Overview	75
6.1.1 What You Need to Know	75
6.1.2 Before You Begin	76
6.2 The Broadband Screen	77
6.2.1 Add/Edit Broadband	78
6.2.2 PPPoE Encapsulation	78
6.3 Technical Reference	86
6.3.1 Encapsulation	86
6.3.2 Multiplexing	87
6.3.3 VPI and VCI	87
6.3.4 IP Address Assignment	87
6.3.5 NAT	88
6.3.6 Traffic Shaping	88
6.3.7 ATM Traffic Classes	89
6.3.8 Introduction to VLANs	89
Wireless	91
7.1 Overview	91
7.1.1 What You Can Do in this Chapter	91
7.1.2 What You Need to Know	92
7.2 The General Screen	92
7.2.1 No Security	95
7.2.2 Basic (WEP Encryption)	96
7.2.3 More Secure (WPA(2)-PSK)	98
7.2.4 WPA(2) Authentication	99
7.3 The More AP Screen	101
7.3.1 Edit More AP	102
7.4 MAC Authentication	103
7.5 The WPS Screen	105
7.6 The WMM Screen	106
7.7 The WDS Screen	107
7.7.1 WDS Scan	109
7.8 The Others Screen	110
7.9 Technical Reference	111
7.9.1 Wireless Network Overview	111
7.9.2 Additional Wireless Terms	113
7.9.3 Wireless Security Overview	114
7.9.4 Signal Problems	117
7.9.5 BSS	117
7.9.6 MBSSID	118
7.9.7 Preamble Type	119
7.9.8 Wireless Distribution System (WDS)	119
7.9.9 WiFi Protected Setup (WPS)	120
Home Networking	127
8.1 Overview	127
8.1.1 What You Can Do in this Chapter	127
8.1.2 What You Need To Know	128
8.1.3 Before You Begin	129
8.2 The LAN Setup Screen	130
8.3 The Static DHCP Screen	132
8.4 The UPnP Screen	133
8.5 Installing UPnP in Windows Example	134
8.6 Using UPnP in Windows XP Example	137
8.7 Technical Reference	142
8.7.1 LANs, WANs and the ZyXEL Device	143
8.7.2 DHCP Setup	143
8.7.3 DNS Server Addresses	143
8.7.4 LAN TCP/IP	144
Static Routing	147
9.1 Overview	147
9.2 The Routing Screen	148
9.2.1 Add/Edit Static Route	149
Quality of Service (QoS)	151
10.1 Overview	151
10.1.1 What You Can Do in this Chapter	151
10.2 What You Need to Know	152
10.3 The Quality of Service General Screen	153
10.4 The Queue Setup Screen	154
10.4.1 Adding a QoS Queue	156
10.5 The Class Setup Screen	157
10.5.1 Add/Edit QoS Class	159
10.6 The QoS Policer Setup Screen	163
10.6.1 Add/Edit a QoS Policer	164
10.7 The QoS Monitor Screen	165
10.8 Technical Reference	166
Policy Forwarding	171
11.1 Overview	171
11.2 The Policy Forwarding Screen	171
11.2.1 Add/Edit Policy Forwarding	172
Network Address Translation (NAT)	175
12.1 Overview	175
12.1.1 What You Can Do in this Chapter	175
12.1.2 What You Need To Know	175
12.2 The Port Forwarding Screen	176
12.2.1 Add/Edit Port Forwarding	178
12.3 The Applications Screen	179
12.3.1 Add New Application	180
12.4 The Port Triggering Screen	181
12.4.1 Add/Edit Port Triggering Rule	183
12.5 The DMZ Screen	185
12.6 The ALG Screen	186
12.7 The Sessions Screen	186
12.8 Technical Reference	187
12.8.1 NAT Definitions	187
12.8.2 What NAT Does	188
12.8.3 How NAT Works	189
12.8.4 NAT Application	190
Dynamic DNS Setup	193
13.1 Overview	193
13.1.1 What You Can Do in this Chapter	194
13.1.2 What You Need To Know	194
13.2 The DNS Entry Screen	195
13.2.1 Add/Edit DNS Entry	196
13.3 The Dynamic DNS Screen	196
IGMP	199
14.1 Overview	199
14.1.1 What You Can Do in this Chapter	199
14.1.2 What You Need to Know	199
14.2 The IGMP General Screen	202
14.3 IGMP Filter Configuration	204
14.3.1 IGMP Host Limitation Edit	206
14.3.2 IGMP Service Add	207
14.3.3 IGMP Host Limitation Add	208
14.4 IGMP ACL Configuration	209
14.4.1 IGMP ACL Add	210
Interface Group	211
15.1 Overview	211
15.1.1 What You Can Do in this Chapter	211
15.2 The Interface Group Screen	211
15.2.1 Interface Group Configuration	213
Firewall	215
16.1 Overview	215
16.1.1 What You Can Do in this Chapter	215
16.1.2 What You Need to Know	216
16.2 The Firewall Screen	217
16.3 The Protocol Screen	217
16.3.1 Add a Protocol	219
16.4 The Access Control Screen	220
16.4.1 Add/Edit an ACL Rule	222
MAC Filter	225
17.1 Overview	225
17.2 The MAC Filter Screen	225
Parental Control	227
18.1 Overview	227
18.2 The Parental Control Screen	227
18.2.1 Add/Edit Parental Control Rule	228
Scheduler Rules	231
19.1 Overview	231
19.2 The Scheduler Rules Screen	231
19.2.1 Add/Edit a Schedule	232
Certificates	233
20.1 Overview	233
20.1.1 What You Can Do in this Chapter	233
20.2 What You Need to Know	233
20.3 The Local Certificates Screen	234
20.3.1 Create Certificate Request	235
20.3.2 Load Signed Certificate	236
20.3.3 Import Certificate	237
20.3.4 Certificate Details	239
20.4 The Trusted CA Screen	241
20.4.1 View Trusted CA Certificate	242
20.4.2 Import Trusted CA Certificate	243
IPSec	245
21.1 Overview	245
21.1.1 What You Can Do in this Chapter	245
21.1.2 What You Need to Know	246
21.2 The IPSec Status Screen	247
21.3 The IPSec Settings Screen	248
21.3.1 Add/Edit IPSec Setting	249
21.3.2 Configuring Manual Key	254
21.4 Technical Reference	256
21.4.1 IPSec Architecture	257
21.4.2 Encapsulation	258
21.4.3 IKE Phases	259
21.4.4 Negotiation Mode	260
21.4.5 IPSec and NAT	260
21.4.6 VPN, NAT, and NAT Traversal	261
21.4.7 ID Type and Content	262
21.4.8 Pre-Shared Key	263
21.4.9 Diffie-Hellman (DH) Key Groups	264
Service Control	265
22.1 Overview	265
22.2 The Service Control Screen	265
ARP Table	267
23.1 Overview	267
23.1.1 How ARP Works	267
23.2 ARP Table Screen	268
Logs	269
24.1 Overview	269
24.1.1 What You Can Do in this Chapter	269
24.1.2 What You Need To Know	269
24.2 The System Log Screen	270
24.3 The Security Log Screen	271
Traffic Status	273
25.1 Overview	273
25.1.1 What You Can Do in this Chapter	273
25.2 The WAN Status Screen	274
25.3 The LAN Status Screen	276
IGMP Status	279
26.1 Overview	279
26.1.1 What You Can Do in this Chapter	279
26.2 The IGMP Group Screen	279
26.3 IGMP Statistics Screen	280
Users Configuration	283
27.1 Overview	283
27.2 The Users Configuration Screen	283
27.2.1 Add/Edit a Users Account	285
Remote Management	287
28.1 Overview	287
28.1.1 What You Can Do in this Chapter	287
28.2 The TR-069 Clients Screen	287
28.3 The TR-064 Screen	289
Time Settings	291
29.1 Overview	291
29.2 The Time Setting Screen	291
Logs Setting	295
30.1 Overview	295
30.2 The Log Settings Screen	295
30.2.1 Example E-mail Log	297
Firmware Upgrade	299
31.1 Overview	299
31.2 The Firmware Screen	299
Configuration	301
32.1 Overview	301
32.2 The Configuration Screen	301
32.3 The Reboot Screen	304
Diagnostic	305
33.1 Overview	305
33.2 The Diagnostic Screen	305
Troubleshooting	307
34.1 Power, Hardware Connections, and LEDs	307
34.2 ZyXEL Device Access and Login	308
34.3 Internet Access	310
34.4 Wireless Internet Access	312
Product Specifications	315
35.1 Hardware Specifications	315
35.2 Firmware Specifications	316
Setting up Your Computer’s IP Address	321
IP Addresses and Subnetting	345
Pop-up Windows, JavaScripts and Java Permissions	355
Wireless LANs	365
Services	381
Open Software Announcements	385
Legal Information	397

Match case Limit results 1 per page

Chapter 21 IPSec

VSG1432-B101 Series User’s Guide

252

Authentication

Method

Select

Pre-Shared Key

to use a pre-shared key for authentication. A

pre-shared key identifies a communicating party during a phase 1 IKE

negotiation. It is called "pre-shared" because you have to share it with

another party before you can communicate with them over a secure

connection.

Select

Certificates (X.509)

to use a certificate for authentication.

Pre-Shared Key

This field is available only when you select

Pre-Shared Key

in the

Authentication Method

field.

Type up to 15 alphanumeric characters for the pre-shared key. Both

ends of the VPN tunnel must use the same pre-shared key. You will

receive a “PYLD_MALFORMED” (payload malformed) packet if the same

pre-shared key is not used on both ends.

Local/Remote ID

Type

Select

to identify this ZyXEL Device by its IP address.

Select

DNS

to identify this ZyXEL Device by a domain name.

Select

E-mail

to identify this ZyXEL Device by an e-mail address.

Select

ASN1DN

(Abstract Syntax Notation one - Distinguished Name)

to identify the remote IPSec router by the subject field in a certificate.

This is used only with certificate-based authentication.

Local/Remote ID

Content

When you select

in the

Local/Remote ID Type

field, type the IP

address of your computer in the

Local/Remote ID Content

field.

When you select

DNS

E-mail

in the

Local/Remote ID Type

field,

type a domain name or e-mail address by which to identify this ZyXEL

Device in the

Local/Remote ID

Content

field. Use up to 31 ASCII

characters including spaces, although trailing spaces are truncated.

The domain name or e-mail address is for identification purposes only

and can be any string.

Advanced IKE

Settings

Click

Show Advanced Settings

to display and configure more

detailed settings of your IKE key management. Otherwise, click

Hide

Advanced Settings

NAT_Traversal

Select

Enable

if you want to set up a VPN tunnel when there are NAT

routers between the ZyXEL Device and remote IPSec router. The

remote IPSec router must also enable NAT traversal, and the NAT

routers have to forward UDP port 500 packets to the remote IPSec

router behind the NAT router. Otherwise, select

Disable

Phase 1/Phase 2

Mode

Select

Main

Aggressive

from the drop-down list box. Multiple SAs

connecting through a secure gateway must have the same negotiation

mode.

Table 87

Settings > Add/Edit: Auto(IKE)

LABEL

DESCRIPTION