Home » ZyXEL Manuals » Networking » ZyXEL P-335U » Manual Viewer

ZyXEL P-335U User Guide - Page 157

My IP Address, E-mail, Local ID Type, Local Content, Local, Content, Domain Name, IPSec,

Get ZyXEL P-335U PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 157 highlights

P-334U/P-335U User's Guide Table 53 Security > VPN > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION My IP Address Enter the ZyXEL Device's static WAN IP address (if it has one) or leave the field set to 0.0.0.0. The ZyXEL Device uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes down, the ZyXEL Device uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. Otherwise, you can enter one of the dynamic domain names that you have configured (in the DDNS screen) to have the ZyXEL Device use that dynamic domain name's IP address. The VPN tunnel has to be rebuilt if My IP Address changes after setup. Local ID Type Select IP to identify this ZyXEL Device by its IP address. Select DNS to identify this ZyXEL Device by a domain name. Select E-mail to identify this ZyXEL Device by an e-mail address. Local Content When you select IP in the Local ID Type field, type the IP address of your computer in the Local Content field. The ZyXEL Device automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the Local Content field to 0.0.0.0 or leave it blank. It is recommended that you type an IP address other than 0.0.0.0 in the Local Content field or use the Domain Name or E-mail ID type in the following situations. • When there is a NAT router between the two IPSec routers. • When you want the remote IPSec router to be able to distinguish between VPN connection requests that come in from IPSec routers with dynamic WAN IP addresses. When you select Domain Name or E-mail in the Local ID Type field, type a domain name or e-mail address by which to identify this ZyXEL Device in the Local Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. Secure Gateway Address Type the WAN IP address or the domain name (up to 31 characters) of the IPSec router with which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode field must be set to IKE). In order to have more than one active rule with the Secure Gateway Address field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between rules. If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field and the LAN's full IP address range as the local IP address, then you cannot configure any other active rules with the Secure Gateway Address field set to 0.0.0.0. Peer ID Type Note: You can also enter a remote secure gateway's domain name in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL Device has to rebuild the VPN tunnel each time the remote secure gateway's WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Chapter 13 IPSec VPN 157

Section	Page
User’s Guide	1
Copyright	3
Certifications	4
Safety Warnings	6
ZyXEL Limited Warranty	7
Customer Support	8
Table of Contents	11
List of Figures	19
List of Tables	25
Preface	29
1. Getting to Know Your ZyXEL Device	31
1.1 ZyXEL Device Overview	31
1.2 Applications for the ZyXEL Device	31
1.2.1 Secure Broadband Internet Access via Cable or DSL Modem	31
1.2.2 Wireless LAN Application	32
1.2.3 Print Server and Router Combined Application (P-335U Only)	33
1.2.4 VPN Application (P-335U Only)	33
1.3 Ways to Manage the ZyXEL Device	33
1.4 Good Habits for Managing Your ZyXEL Device	34
1.4.1 Front Panel LEDs	34
2. Introducing the Web Configurator	37
2.1 Web Configurator Overview	37
2.2 Accessing the Web Configurator	37
2.3 Resetting the ZyXEL Device	38
2.3.1 Procedure to Use the Reset Button	38
2.4 Navigating the Web Configurator	38
2.4.1 Navigation Panel	41
2.4.2 Summary: Bandwidth Management Monitor	43
2.4.3 Summary: DHCP Table	44
2.4.4 Summary: Packet Statistics	45
2.4.5 VPN Monitor	46
2.4.6 Summary: Wireless Station Status	46
3. Connection Wizard	49
3.1 Wizard Setup	49
3.2 Connection Wizard: STEP 1: System Information	50
3.2.1 System Name	50
3.2.2 Domain Name	51
3.3 Connection Wizard: STEP 2: Wireless LAN	51
3.3.1 Basic(WEP) Security	53
3.3.2 Extend(WPA-PSK or WPA2-PSK) Security	54
3.3.3 OTIST	55
3.4 Connection Wizard: STEP 3: Internet Configuration	56
3.4.1 Ethernet Connection	56
3.4.2 PPPoE Connection	57
3.4.3 PPTP Connection	58
3.4.4 Your IP Address	60
3.4.5 WAN IP Address Assignment	60
3.4.6 IP Address and Subnet Mask	61
3.4.7 DNS Server Address Assignment	61
3.4.8 WAN IP and DNS Server Address Assignment	62
3.4.9 WAN MAC Address	63
3.5 Connection Wizard: STEP 4: Bandwidth management	64
3.6 Connection Wizard Complete	65
4. Wireless LAN	67
4.1 Wireless Network Overview	67
4.2 Wireless Security Overview	68
4.2.1 SSID	68
4.2.2 MAC Address Filter	68
4.2.3 User Authentication	68
4.2.4 Encryption	69
4.2.5 One-Touch Intelligent Security Technology (OTIST)	70
4.3 General Wireless LAN Screen	70
4.3.1 No Security	71
4.3.2 WEP Encryption	72
4.3.3 WPA-PSK/WPA2-PSK	74
4.3.4 WPA/WPA2	75
4.4 OTIST	77
4.4.1 Enabling OTIST	78
4.4.1.1 AP	78
4.4.1.2 Wireless Client	79
4.4.2 Starting OTIST	80
4.4.3 Notes on OTIST	80
4.5 MAC Filter	81
4.6 Wireless LAN Advanced Screen	83
5. Wireless Tutorial	85
5.1 Example Parameters	85
5.2 Configuring the AP	85
5.3 Configuring the Wireless Client	87
5.3.1 Connecting to a Wireless LAN	88
5.3.2 Creating and Using a Profile	90
6. WAN	95
6.1 WAN Overview	95
6.2 WAN MAC Address	95
6.3 Internet Connection	95
6.3.1 Ethernet Encapsulation	95
6.3.2 PPPoE Encapsulation	97
6.3.3 PPTP Encapsulation	100
6.4 Advanced WAN Screen	103
7. LAN	105
7.1 LAN Overview	105
7.1.1 IP Pool Setup	105
7.1.2 System DNS Servers	105
7.2 LAN TCP/IP	105
7.2.1 Factory LAN Defaults	105
7.2.2 IP Address and Subnet Mask	106
7.2.3 Multicast	106
7.3 LAN IP Screen	106
7.4 LAN IP Alias	107
7.5 Advanced LAN Screen	108
8. DHCP Server	111
8.1 DHCP	111
8.2 DHCP Server General Screen	111
8.3 DHCP Server Advanced Screen	112
8.4 Client List Screen	113
9. Network Address Translation (NAT)	115
9.1 NAT Overview	115
9.2 Using NAT	115
9.2.1 Port Forwarding: Services and Port Numbers	115
9.2.2 Configuring Servers Behind Port Forwarding (Example)	116
9.3 General NAT Screen	116
9.4 NAT Application Screen	117
9.4.1 Game List Example	119
9.5 Trigger Port Forwarding	120
9.5.1 Trigger Port Forwarding Example	121
9.5.2 Two Points To Remember About Trigger Ports	121
9.6 NAT Advanced Screen	121
10. Dynamic DNS	125
10.1 Dynamic DNS Introduction	125
10.1.1 DynDNS Wildcard	125
10.2 Dynamic DNS Screen	125
11. Firewall	127
11.1 Introduction to Firewall	127
11.1.1 What is a Firewall?	127
11.1.2 Stateful Inspection Firewall.	127
11.1.3 About the ZyXEL Device Firewall	127
11.1.4 Guidelines For Enhancing Security With Your Firewall	128
11.2 General Firewall Screen	128
11.3 Services Screen	129
12. Content Filtering	133
12.1 Introduction to Content Filtering	133
12.2 Restrict Web Features	133
12.3 Days and Times	133
12.4 Filter Screen	133
12.5 Schedule	135
12.6 Customizing Keyword Blocking URL Checking	136
12.6.1 Domain Name or IP Address URL Checking	136
12.6.2 Full Path URL Checking	136
12.6.3 File Name URL Checking	137
13. IPSec VPN	139
13.1 IPSec VPN Overview	139
13.1.1 IKE SA (IKE Phase 1) Overview	140
13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router	140
13.1.2 IKE SA Setup	140
13.1.2.1 IKE SA Proposal	141
13.1.2.2 Diffie-Hellman (DH) Key Exchange	141
13.1.2.3 Authentication	141
13.1.2.4 Negotiation Mode	143
13.1.2.5 VPN, NAT, and NAT Traversal	143
13.1.3 IPSec SA (IKE Phase 2) Overview	144
13.1.3.1 Local Network and Remote Network	144
13.1.3.2 IPSec Protocol	144
13.1.3.3 Encapsulation	145
13.1.3.4 IPSec SA Proposal and Perfect Forward Secrecy	145
13.1.4 Additional IPSec VPN Topics	146
13.1.4.1 SA Life Time	146
13.1.4.2 Encryption and Authentication Algorithms	146
13.2 Remote DNS Server	147
13.3 VPN Summary	147
13.4 VPN Rule Setup (IKE)	148
13.5 Advanced VPN Rule Setup (IKE)	153
13.6 IPSec SA Using Manual Keys	159
13.6.1 IPSec SA Proposal Using Manual Keys	160
13.6.2 Authentication and the Security Parameter Index (SPI)	160
13.7 VPN Rule Setup (Manual)	160
13.8 VPN SA Monitor	164
13.9 VPN Global Setting	165
13.10 Telecommuter VPN/IPSec Examples	165
13.10.1 Telecommuters Sharing One VPN Rule Example	166
13.10.2 Telecommuters Using Unique VPN Rules Example	166
13.11 VPN and Remote Management	168
14. Static Route Screens	169
14.1 Static Route Overview	169
14.2 IP Static Route Screen	170
14.2.1 Static Route Setup Screen	171
15. Bandwidth Management	173
15.1 Bandwidth Management Overview	173
15.2 Application-based Bandwidth Management	173
15.3 Subnet-based Bandwidth Management	174
15.4 Application and Subnet-based Bandwidth Management	174
15.5 Bandwidth Management Priorities	175
15.6 Predefined Bandwidth Management Services	175
15.6.1 Services and Port Numbers	176
15.7 Default Bandwidth Management Classes and Priorities	178
15.8 Bandwidth Management General Configuration	179
15.9 Bandwidth Management Advanced Configuration	180
15.9.1 Rule Configuration with the Pre-defined Service	182
15.9.2 Rule Configuration with the User-defined Service	183
15.10 Bandwidth Management Monitor	184
16. Remote Management Screens	185
16.1 Remote Management Overview	185
16.1.1 Remote Management Limitations	185
16.1.2 Remote Management and NAT	186
16.1.3 System Timeout	186
16.2 WWW Screen	186
16.3 Telnet	187
16.4 Telnet Screen	187
16.5 FTP Screen	188
16.6 DNS Screen	189
17. UPnP	191
17.1 Universal Plug and Play Overview	191
17.1.1 How Do I Know If I'm Using UPnP?	191
17.1.2 NAT Traversal	191
17.1.3 Cautions with UPnP	191
17.2 UPnP and ZyXEL	192
17.3 UPnP Screen	192
17.4 Installing UPnP in Windows Example	193
17.4.1 Installing UPnP in Windows Me	193
17.4.2 Installing UPnP in Windows XP	194
17.5 Using UPnP in Windows XP Example	195
17.5.1 Auto-discover Your UPnP-enabled Network Device	195
17.5.2 Web Configurator Easy Access	196
17.5.3 Web Configurator Easy Access	197
18. Print Server	199
18.1 Print Server Overview	199
18.2 ZyXEL Device Print Server	199
18.3 Print Server Screen	200
19. Print Server Driver Setup	201
19.1 Installation Requirements	201
19.2 Windows 95/98 SE/Me/2000/XP/NT 4.0	201
19.2.1 Print Server Driver Setup Wizard	202
19.2.2 Adding a New Printer	207
19.3 Macintosh OS X	211
20. System	215
20.1 System Overview	215
20.2 System General Screen	215
20.3 Time Setting Screen	216
21. Logs	219
21.1 View Log	219
21.2 Log Settings	220
22. Tools	223
22.1 Firmware Upload Screen	223
22.2 Configuration Screen	224
22.2.1 Backup Configuration	225
22.2.2 Restore Configuration	225
22.2.3 Back to Factory Defaults	226
22.3 Restart Screen	227
23. Configuration Mode	229
24. Troubleshooting	231
24.1 Problems Starting Up the ZyXEL Device	231
24.2 Problems with the LAN	231
24.3 Problems with the WAN	232
24.4 Problems Accessing the ZyXEL Device	233
24.5 Problems with Restricted Web Pages and Keyword Blocking	233
24.5.1 Pop-up Windows, JavaScripts and Java Permissions	235
24.5.1.1 Internet Explorer Pop-up Blockers	235
24.5.1.2 JavaScripts	238
24.5.1.3 Java Permissions	240
24.5.2 ActiveX Controls in Internet Explorer	242
A. Product Specifications	245
B. Print Server Specifications	249
ZyXEL Device Print Server Compatible USB Printers	250
C. Setting up Your Computer’s IP Address	255
Windows 95/98/Me	255
Installing Components	256
Configuring	257
Verifying Settings	258
Windows 2000/NT/XP	258
Verifying Settings	263
Macintosh OS 8/9	263
Verifying Settings	265
Macintosh OS X	265
Verifying Settings	266
Linux	266
Using the K Desktop Environment (KDE)	267
Using Configuration Files	268
Verifying Settings	270
D. IP Subnetting	271
IP Addressing	271
IP Classes	271
Subnet Masks	272
Subnetting	272
Example: Two Subnets	273
Example: Four Subnets	275
Example Eight Subnets	276
Subnetting With Class A and Class B Networks.	277
E. Wireless LANs	279
Wireless LAN Topologies	279
Ad-hoc Wireless LAN Configuration	279
BSS	279
ESS	280
Channel	281
RTS/CTS	281
Fragmentation Threshold	282
Preamble Type	283
IEEE 802.11g Wireless LAN	283
Wireless Security Overview	284
IEEE 802.1x	284
RADIUS	284
Types of RADIUS Messages	285
Types of Authentication	286
EAP-MD5 (Message-Digest Algorithm 5)	286
EAP-TLS (Transport Layer Security)	286
EAP-TTLS (Tunneled Transport Layer Service)	286
PEAP (Protected EAP)	286
LEAP	287
Dynamic WEP Key Exchange	287
WPA and WPA2	287
Encryption	288
User Authentication	289
Wireless Client WPA Supplicants	289
WPA(2) with RADIUS Application Example	289
WPA(2)-PSK Application Example	290
Security Parameters Summary	291
F. Log Descriptions	293
Log Commands	307
Configuring What You Want the ZyXEL Device to Log	307
Displaying Logs	308
Log Command Example	308
G. Services	309
H. Internal SPTGEN	313
Internal SPTGEN Overview	313
The Configuration Text File Format	313
Internal SPTGEN File Modification - Important Points to Remember	314
Internal SPTGEN FTP Download Example	314
Internal SPTGEN FTP Upload Example	315
Example Internal SPTGEN Menus	316
Command Examples	328
I. Triangle Route	329
The Ideal Setup	329
The “Triangle Route” Problem	329
The “Triangle Route” Solutions	330
IP Aliasing	330
Index	331
A	331
B	331
C	331
D	331
E	331
F	332
G	332
H	332
I	332
J	333
K	333
L	333
M	333
N	333
O	333
P	333
R	333
S	334
T	334
U	334
V	334
W	334

Match case Limit results 1 per page

P-334U/P-335U User’s Guide

Chapter 13 IPSec VPN

157

My IP Address

Enter the ZyXEL Device's static WAN IP address (if it has one) or leave the field

set to

0.0.0.0

The ZyXEL Device uses its current WAN IP address (static or dynamic) in

setting up the VPN tunnel if you leave this field as

0.0.0.0

. If the WAN

connection goes down, the ZyXEL Device uses the dial backup IP address for

the VPN tunnel when using dial backup or the LAN IP address when using

traffic redirect.

Otherwise, you can enter one of the dynamic domain names that you have

configured (in the

DDNS

screen) to have the ZyXEL Device use that dynamic

domain name's IP address.

The VPN tunnel has to be rebuilt if

My IP Address

changes after setup.

Local ID Type

Select

to identify this ZyXEL Device by its IP address.

Select

DNS

to identify this ZyXEL Device by a domain name.

Select

E-mail

to identify this ZyXEL Device by an e-mail address.

Local Content

When you select

in the

Local ID Type

field, type the IP address of your

computer in the

Local Content

field. The ZyXEL Device automatically uses the

IP address in the

My IP Address

field (refer to the

My IP Address

field

description) if you configure the

Local

Content

field to

0.0.0.0

or leave it blank.

It is recommended that you type an IP address other than

0.0.0.0

in the

Local

Content

field or use the

Domain Name

E-mail

ID type in the following

situations.

•

When there is a NAT router between the two IPSec routers.

•

When you want the remote IPSec router to be able to distinguish between

VPN connection requests that come in from IPSec routers with dynamic

WAN IP addresses.

When you select

Domain Name

E-mail

in the

Local ID Type

field, type a

domain name or e-mail address by which to identify this ZyXEL Device in the

Local

Content

field. Use up to 31 ASCII characters including spaces, although

trailing spaces are truncated. The domain name or e-mail address is for

identification purposes only and can be any string.

Secure Gateway

Address

Type the WAN IP address or the domain name (up to 31 characters) of the

IPSec router with which you're making the VPN connection. Set this field to

0.0.0.0

if the remote IPSec router has a dynamic WAN IP address (the

IPSec

Keying Mode

field must be set to

IKE

In order to have more than one active rule with the

Secure Gateway Address

field set to

0.0.0.0

, the ranges of the local IP addresses cannot overlap between

rules.

If you configure an active rule with

0.0.0.0

in the

Secure Gateway Address

field and the LAN’s full IP address range as the local IP address, then you

cannot configure any other active rules with the

Secure Gateway Address

field

set to

0.0.0.0

Note:

You can also enter a remote secure gateway’s domain

name in the

Secure Gateway Address

field if the remote

secure gateway has a dynamic WAN IP address and is

using DDNS. The ZyXEL Device has to rebuild the VPN

tunnel each time the remote secure gateway’s WAN IP

address changes (there may be a delay until the DDNS

servers are updated with the remote gateway’s new WAN

IP address).

Peer ID Type

Select

to identify the remote IPSec router by its IP address.

Select

DNS

to identify the remote IPSec router by a domain name.

Select

E-mail

to identify the remote IPSec router by an e-mail address.

Table 53

Security > VPN > Rule Setup: IKE (Advanced)

(continued)

LABEL

DESCRIPTION