Home » ZyXEL Manuals » Networking » ZyXEL VSG1432-B101 » Manual Viewer

ZyXEL VSG1432-B101 User Guide - Page 256

Table 88

Get ZyXEL VSG1432-B101 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 256 highlights

Chapter 21 IPSec Table 88 IPSec Settings > Add/Edit: Manual LABEL DESCRIPTION Encryption Algorithm Select DES, 3DES, AES(aes-cbc) or ESP_NULL from the drop-down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. This implementation of AES(aes-cbc) in Cipher Block Chaining (CBC) mode uses a 128-bit key. AES is faster than 3DES. Encryption Key Authentication Algorithm Authentication Key SPI Apply Cancel Select ESP_NULL to set up a tunnel without encryption. When you select ESP_NULL, you do not enter an encryption key. Type 16 hexadecimal ("0-9", "A-F") characters if you select to use the DES encryption algorithm or 48 hexadecimal characters if you use the 3DES encryption algorithm. Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA1 for maximum security. Type 32 hexadecimal ("0-9", "A-F") characters if you select to use the MD5 authentication algorithm or 40 hexadecimal characters if you use the SHA1 authentication algorithm. Type a hexadecimal number from 111 to FFFFFFFF for the Security Parameter Index. Click Apply/Save to save your changes and return to the IPSec screen. Click Cancel to exit this screen without saving. 21.4 Technical Reference This section provides some technical background information about the topics covered in this chapter. 256 VSG1432-B101 Series User's Guide

Section	Page
VSG1432-B101 Series	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	21
Introducing the VSG1432-B101	23
1.1 Overview	23
1.2 Ways to Manage the ZyXEL Device	23
1.3 Good Habits for Managing the ZyXEL Device	23
1.4 Applications for the ZyXEL Device	24
1.4.1 Internet Access	24
1.4.2 ZyXEL Device’s USB Support	25
1.5 Hardware Setup	26
1.6 Hardware Connections	28
1.7 LEDs (Lights)	29
1.8 The RESET Button	31
1.9 Wireless Access	31
1.9.1 Using the WLAN/WPS Button	31
The Web Configurator	33
2.1 Overview	33
2.1.1 Accessing the Web Configurator	33
2.2 Web Configurator Layout	36
2.2.1 Title Bar	36
2.2.2 Main Window	37
2.2.3 Navigation Panel	37
Quick Start	41
3.1 Overview	41
3.2 Quick Start Setup	41
Tutorials	43
4.1 Overview	43
4.2 Setting Up an ADSL PPPoE Connection	43
4.3 Setting Up a Secure Wireless Network	46
4.3.1 Configuring the Wireless Network Settings	46
4.3.2 Using WPS	48
4.3.3 Without WPS	52
4.4 Setting Up Multiple Wireless Groups	53
4.5 Setting Up NAT Port Forwarding	56
4.6 Configuring Static Route for Routing to Another Network	58
4.7 Configuring QoS Queue and Class Setup	60
4.8 Access the ZyXEL Device Using DDNS	63
4.8.1 Registering a DDNS Account on www.dyndns.org	64
4.8.2 Configuring DDNS on Your ZyXEL Device	64
4.8.3 Testing the DDNS Setting	65
4.9 Access Your Shared Files From a Computer	65
Technical Reference	67
Network Map and Status Screens	69
5.1 Overview	69
5.2 The Network Map Screen	69
5.3 The Status Screen	71
Broadband	75
6.1 Overview	75
6.1.1 What You Need to Know	75
6.1.2 Before You Begin	76
6.2 The Broadband Screen	77
6.2.1 Add/Edit Broadband	78
6.2.2 PPPoE Encapsulation	78
6.3 Technical Reference	86
6.3.1 Encapsulation	86
6.3.2 Multiplexing	87
6.3.3 VPI and VCI	87
6.3.4 IP Address Assignment	87
6.3.5 NAT	88
6.3.6 Traffic Shaping	88
6.3.7 ATM Traffic Classes	89
6.3.8 Introduction to VLANs	89
Wireless	91
7.1 Overview	91
7.1.1 What You Can Do in this Chapter	91
7.1.2 What You Need to Know	92
7.2 The General Screen	92
7.2.1 No Security	95
7.2.2 Basic (WEP Encryption)	96
7.2.3 More Secure (WPA(2)-PSK)	98
7.2.4 WPA(2) Authentication	99
7.3 The More AP Screen	101
7.3.1 Edit More AP	102
7.4 MAC Authentication	103
7.5 The WPS Screen	105
7.6 The WMM Screen	106
7.7 The WDS Screen	107
7.7.1 WDS Scan	109
7.8 The Others Screen	110
7.9 Technical Reference	111
7.9.1 Wireless Network Overview	111
7.9.2 Additional Wireless Terms	113
7.9.3 Wireless Security Overview	114
7.9.4 Signal Problems	117
7.9.5 BSS	117
7.9.6 MBSSID	118
7.9.7 Preamble Type	119
7.9.8 Wireless Distribution System (WDS)	119
7.9.9 WiFi Protected Setup (WPS)	120
Home Networking	127
8.1 Overview	127
8.1.1 What You Can Do in this Chapter	127
8.1.2 What You Need To Know	128
8.1.3 Before You Begin	129
8.2 The LAN Setup Screen	130
8.3 The Static DHCP Screen	132
8.4 The UPnP Screen	133
8.5 Installing UPnP in Windows Example	134
8.6 Using UPnP in Windows XP Example	137
8.7 Technical Reference	142
8.7.1 LANs, WANs and the ZyXEL Device	143
8.7.2 DHCP Setup	143
8.7.3 DNS Server Addresses	143
8.7.4 LAN TCP/IP	144
Static Routing	147
9.1 Overview	147
9.2 The Routing Screen	148
9.2.1 Add/Edit Static Route	149
Quality of Service (QoS)	151
10.1 Overview	151
10.1.1 What You Can Do in this Chapter	151
10.2 What You Need to Know	152
10.3 The Quality of Service General Screen	153
10.4 The Queue Setup Screen	154
10.4.1 Adding a QoS Queue	156
10.5 The Class Setup Screen	157
10.5.1 Add/Edit QoS Class	159
10.6 The QoS Policer Setup Screen	163
10.6.1 Add/Edit a QoS Policer	164
10.7 The QoS Monitor Screen	165
10.8 Technical Reference	166
Policy Forwarding	171
11.1 Overview	171
11.2 The Policy Forwarding Screen	171
11.2.1 Add/Edit Policy Forwarding	172
Network Address Translation (NAT)	175
12.1 Overview	175
12.1.1 What You Can Do in this Chapter	175
12.1.2 What You Need To Know	175
12.2 The Port Forwarding Screen	176
12.2.1 Add/Edit Port Forwarding	178
12.3 The Applications Screen	179
12.3.1 Add New Application	180
12.4 The Port Triggering Screen	181
12.4.1 Add/Edit Port Triggering Rule	183
12.5 The DMZ Screen	185
12.6 The ALG Screen	186
12.7 The Sessions Screen	186
12.8 Technical Reference	187
12.8.1 NAT Definitions	187
12.8.2 What NAT Does	188
12.8.3 How NAT Works	189
12.8.4 NAT Application	190
Dynamic DNS Setup	193
13.1 Overview	193
13.1.1 What You Can Do in this Chapter	194
13.1.2 What You Need To Know	194
13.2 The DNS Entry Screen	195
13.2.1 Add/Edit DNS Entry	196
13.3 The Dynamic DNS Screen	196
IGMP	199
14.1 Overview	199
14.1.1 What You Can Do in this Chapter	199
14.1.2 What You Need to Know	199
14.2 The IGMP General Screen	202
14.3 IGMP Filter Configuration	204
14.3.1 IGMP Host Limitation Edit	206
14.3.2 IGMP Service Add	207
14.3.3 IGMP Host Limitation Add	208
14.4 IGMP ACL Configuration	209
14.4.1 IGMP ACL Add	210
Interface Group	211
15.1 Overview	211
15.1.1 What You Can Do in this Chapter	211
15.2 The Interface Group Screen	211
15.2.1 Interface Group Configuration	213
Firewall	215
16.1 Overview	215
16.1.1 What You Can Do in this Chapter	215
16.1.2 What You Need to Know	216
16.2 The Firewall Screen	217
16.3 The Protocol Screen	217
16.3.1 Add a Protocol	219
16.4 The Access Control Screen	220
16.4.1 Add/Edit an ACL Rule	222
MAC Filter	225
17.1 Overview	225
17.2 The MAC Filter Screen	225
Parental Control	227
18.1 Overview	227
18.2 The Parental Control Screen	227
18.2.1 Add/Edit Parental Control Rule	228
Scheduler Rules	231
19.1 Overview	231
19.2 The Scheduler Rules Screen	231
19.2.1 Add/Edit a Schedule	232
Certificates	233
20.1 Overview	233
20.1.1 What You Can Do in this Chapter	233
20.2 What You Need to Know	233
20.3 The Local Certificates Screen	234
20.3.1 Create Certificate Request	235
20.3.2 Load Signed Certificate	236
20.3.3 Import Certificate	237
20.3.4 Certificate Details	239
20.4 The Trusted CA Screen	241
20.4.1 View Trusted CA Certificate	242
20.4.2 Import Trusted CA Certificate	243
IPSec	245
21.1 Overview	245
21.1.1 What You Can Do in this Chapter	245
21.1.2 What You Need to Know	246
21.2 The IPSec Status Screen	247
21.3 The IPSec Settings Screen	248
21.3.1 Add/Edit IPSec Setting	249
21.3.2 Configuring Manual Key	254
21.4 Technical Reference	256
21.4.1 IPSec Architecture	257
21.4.2 Encapsulation	258
21.4.3 IKE Phases	259
21.4.4 Negotiation Mode	260
21.4.5 IPSec and NAT	260
21.4.6 VPN, NAT, and NAT Traversal	261
21.4.7 ID Type and Content	262
21.4.8 Pre-Shared Key	263
21.4.9 Diffie-Hellman (DH) Key Groups	264
Service Control	265
22.1 Overview	265
22.2 The Service Control Screen	265
ARP Table	267
23.1 Overview	267
23.1.1 How ARP Works	267
23.2 ARP Table Screen	268
Logs	269
24.1 Overview	269
24.1.1 What You Can Do in this Chapter	269
24.1.2 What You Need To Know	269
24.2 The System Log Screen	270
24.3 The Security Log Screen	271
Traffic Status	273
25.1 Overview	273
25.1.1 What You Can Do in this Chapter	273
25.2 The WAN Status Screen	274
25.3 The LAN Status Screen	276
IGMP Status	279
26.1 Overview	279
26.1.1 What You Can Do in this Chapter	279
26.2 The IGMP Group Screen	279
26.3 IGMP Statistics Screen	280
Users Configuration	283
27.1 Overview	283
27.2 The Users Configuration Screen	283
27.2.1 Add/Edit a Users Account	285
Remote Management	287
28.1 Overview	287
28.1.1 What You Can Do in this Chapter	287
28.2 The TR-069 Clients Screen	287
28.3 The TR-064 Screen	289
Time Settings	291
29.1 Overview	291
29.2 The Time Setting Screen	291
Logs Setting	295
30.1 Overview	295
30.2 The Log Settings Screen	295
30.2.1 Example E-mail Log	297
Firmware Upgrade	299
31.1 Overview	299
31.2 The Firmware Screen	299
Configuration	301
32.1 Overview	301
32.2 The Configuration Screen	301
32.3 The Reboot Screen	304
Diagnostic	305
33.1 Overview	305
33.2 The Diagnostic Screen	305
Troubleshooting	307
34.1 Power, Hardware Connections, and LEDs	307
34.2 ZyXEL Device Access and Login	308
34.3 Internet Access	310
34.4 Wireless Internet Access	312
Product Specifications	315
35.1 Hardware Specifications	315
35.2 Firmware Specifications	316
Setting up Your Computer’s IP Address	321
IP Addresses and Subnetting	345
Pop-up Windows, JavaScripts and Java Permissions	355
Wireless LANs	365
Services	381
Open Software Announcements	385
Legal Information	397

Match case Limit results 1 per page

Chapter 21 IPSec

VSG1432-B101 Series User’s Guide

256

21.4

Technical Reference

This section provides some technical background information about the topics

covered in this chapter.

Encryption

Algorithm

Select

DES

3DES

AES(aes-cbc)

ESP_NULL

from the drop-down

list box.

When you use one of these encryption algorithms for data

communications, both the sending device and the receiving device

must use the same secret key, which can be used to encrypt and

decrypt the message or to generate and verify a message

authentication code. The DES encryption algorithm uses a 56-bit key.

Triple DES (

3DES

) is a variation on

DES

that uses a 168-bit key. As a

result,

3DES

is more secure than

DES

. It also requires more

processing power, resulting in increased latency and decreased

throughput. This implementation of

AES(aes-cbc)

in Cipher Block

Chaining (CBC) mode uses a 128-bit key.

AES

is faster than

3DES

Select

ESP_NULL

to set up a tunnel without encryption. When you

select

ESP_NULL

, you do not enter an encryption key.

Encryption Key

Type 16 hexadecimal ("0-9", "A-F") characters if you select to use the

DES encryption algorithm or 48 hexadecimal characters if you use the

3DES encryption algorithm.

Authentication

Algorithm

Select

SHA1

MD5

from the drop-down list box.

MD5

(Message

Digest 5) and

SHA1

(Secure Hash Algorithm) are hash algorithms used

to authenticate packet data. The

SHA1

algorithm is generally

considered stronger than

MD5

, but is slower. Select

MD5

for minimal

security and

SHA1

for maximum security.

Authentication

Key

Type 32 hexadecimal ("0-9", "A-F") characters if you select to use the

MD5 authentication algorithm or 40 hexadecimal characters if you use

the SHA1 authentication algorithm.

SPI

Type a hexadecimal number from 111 to FFFFFFFF for the Security

Parameter Index.

Apply

Click

Apply/Save

to save your changes and return to the

IPSec

screen.

Cancel

Click

Cancel

to exit this screen without saving.

Table 88

IPSec Settings > Add/Edit: Manual

LABEL

DESCRIPTION