Home » ZyXEL Manuals » Networking » ZyXEL P-793H v2 » Manual Viewer

ZyXEL P-793H v2 User Guide - Page 200

Certificates Technical Reference

Get ZyXEL P-793H v2 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 200 highlights

Chapter 12 Certificates 12.3 Certificates Technical Reference This section provides technical background information about the topics covered in this chapter. 12.3.1 Certificates Overview The P-793H v2 can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates provide a way to exchange public keys for use in authentication. The P-793H v2 uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. Advantages of Certificates Certificates offer the following benefits. • The P-793H v2 only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys. 12.3.2 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure. These keys work like a handwritten signature (in fact, certificates are often referred to as "digital signatures"). Only you can write your signature exactly as it should look. When people know what your signature looks like, they can verify whether something was signed by you, or by someone else. In the same way, your private key "writes" your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows. 200 P-793H v2 User's Guide

Section	Page
P-793H v2	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
List of Figures	23
List of Tables	31
User’s Guide	35
Getting To Know Your P-793H v2	37
1.1 Overview	37
1.1.1 High-speed Internet Access with G.SHDSL	37
1.1.2 High-speed Point-to-point Connections	38
1.1.3 High-speed Point-to-2points Connections	38
1.2 Ways to Manage the P-793H v2	39
1.3 Good Habits for Managing the P-793H v2	40
1.4 LEDs	40
1.5 The RESET Button	41
1.5.1 Using the RESET Button	41
Introducing the Web Configurator	43
2.1 Web Configurator Overview	43
2.2 Accessing the Web Configurator	43
2.3 Web Configurator Main Screen	45
2.3.1 Title Bar	46
2.3.2 Navigation Panel	46
2.3.3 Main Window	49
2.3.4 Status Bar	49
Status Screens	51
3.1 Overview	51
3.2 The Status Screen	51
3.3 Client List	54
3.4 Status: VPN Status	54
3.5 Any IP Table	54
3.6 Packet Statistics	55
Internet Setup Wizard	57
4.1 Overview	57
4.2 Internet Access Wizard Setup	57
4.2.1 Manual Configuration	60
Tutorials	67
5.1 Overview	67
5.2 Configuring Point-to-point Connection	67
5.2.1 Set Up the Server	68
5.2.2 Set Up the Client	69
5.2.3 Connect the P-793H v2s	69
5.3 Configuring a Point-to-2points Connection	70
5.3.1 Set up the Server	70
5.3.2 Set up the Clients	71
5.3.3 Connect the P-793H v2s	72
Technical Reference	73
WAN Setup	75
6.1 Overview	75
6.1.1 What You Can Do in the WAN Screens	75
6.1.2 What You Need to Know About WAN	76
6.1.3 Before You Begin	77
6.2 The Internet Access Setup Screen	78
6.2.1 2Wire-2Line Service Mode	82
6.2.2 Advanced Internet Access Setup	83
6.3 The More Connections Screen	86
6.3.1 More Connections Edit	87
6.3.2 Configuring More Connections Advanced Setup	90
6.4 The WAN Backup Setup Screen	92
6.5 WAN Technical Reference	93
6.5.1 Encapsulation	93
6.5.2 Multiplexing	95
6.5.3 VPI and VCI	95
6.5.4 IP Address Assignment	95
6.5.5 Nailed-Up Connection (PPP)	96
6.5.6 NAT	96
6.6 Metric	96
6.7 Traffic Redirect	97
6.8 Traffic Shaping	98
6.8.1 ATM Traffic Classes	99
LAN Setup	101
7.1 Overview	101
7.1.1 What You Can Do in the LAN Screens	101
7.1.2 What You Need To Know About LAN	102
7.1.3 Before You Begin	103
7.2 The IP Screen	103
7.2.1 The Advanced LAN IP Setup Screen	104
7.3 The DHCP Setup Screen	106
7.4 The Client List Screen	108
7.5 The IP Alias Screen	109
7.5.1 Configuring the LAN IP Alias Screen	110
7.6 LAN Technical Reference	111
7.6.1 LANs, WANs and the ZyXEL Device	111
7.6.2 DHCP Setup	112
7.6.3 DNS Server Addresses	112
7.6.4 LAN TCP/IP	113
7.6.5 RIP Setup	114
7.6.6 Multicast	114
Network Address Translation (NAT)	117
8.1 Overview	117
8.1.1 What You Can Do in the NAT Screens	117
8.1.2 What You Need To Know About NAT	117
8.2 The NAT General Setup Screen	119
8.3 The Port Forwarding Screen	120
8.3.1 Configuring the Port Forwarding Screen	121
8.3.2 The Port Forwarding Rule Edit Screen	122
8.4 The Address Mapping Screen	123
8.4.1 The Address Mapping Rule Edit Screen	125
8.5 The ALG Screen	127
8.6 NAT Technical Reference	127
8.6.1 NAT Definitions	127
8.6.2 What NAT Does	128
8.6.3 How NAT Works	129
8.6.4 NAT Application	130
8.6.5 NAT Mapping Types	130
Firewalls	133
9.1 Overview	133
9.1.1 What You Can Do in the Firewall Screens	133
9.1.2 What You Need to Know About Firewall	134
9.1.3 Firewall Rule Setup Example	135
9.2 The Firewall General Screen	138
9.3 The Firewall Rule Screen	140
9.3.1 Configuring Firewall Rules	142
9.3.2 Customized Services	144
9.3.3 Configuring a Customized Service	145
9.4 The Firewall Threshold Screen	145
9.4.1 Threshold Values	146
9.4.2 Configuring Firewall Thresholds	147
9.5 Firewall Technical Reference	149
9.5.1 Firewall Rules Overview	149
9.5.2 Guidelines For Enhancing Security With Your Firewall	150
9.5.3 Security Considerations	151
9.5.4 Triangle Route	151
Content Filtering	155
10.1 Overview	155
10.1.1 What You Can Do in the Content Filter Screens	155
10.1.2 What You Need to Know About Content Filtering	155
10.1.3 Before You Begin	155
10.1.4 Content Filtering Example	156
10.2 The Keyword Screen	158
10.3 The Schedule Screen	159
10.4 The Trusted Screen	160
VPN	161
11.1 Overview	161
11.1.1 What You Can Do in the VPN Screens	161
11.1.2 What You Need to Know About IPSec VPN	162
11.1.3 Before You Begin	163
11.2 VPN Setup Screen	163
11.3 The VPN Edit Screen	166
11.4 Configuring Advanced IKE Settings	171
11.5 Manual Key Setup	173
11.5.1 Security Parameter Index (SPI)	174
11.6 Configuring Manual Key	174
11.7 Viewing SA Monitor	177
11.8 Configuring VPN Global Setting	179
11.9 IPSec VPN Technical Reference	179
11.9.1 IPSec Architecture	180
11.9.2 IPSec and NAT	180
11.9.3 VPN, NAT, and NAT Traversal	181
11.9.4 Encapsulation	183
11.9.5 IKE Phases	184
11.9.6 Negotiation Mode	185
11.9.7 Keep Alive	185
11.9.8 Remote DNS Server	185
11.9.9 ID Type and Content	186
11.9.10 Pre-Shared Key	188
11.9.11 Diffie-Hellman (DH) Key Groups	188
11.9.12 Telecommuter VPN/IPSec Examples	188
Certificates	193
12.1 Overview	193
12.1.1 What You Need to Know About Certificates	193
12.1.2 Verifying a Certificate	194
12.2 The Trusted CAs Screen	195
12.2.1 Trusted CA Import	197
12.2.2 Trusted CA Details	198
12.3 Certificates Technical Reference	200
12.3.1 Certificates Overview	200
12.3.2 Private-Public Certificates	200
Static Route	203
13.1 Overview	203
13.2 The Static Route Screen	204
13.2.1 Static Route Edit	205
802.1Q/1P	207
14.1 Overview	207
14.1.1 What You Can Do in the 802.1Q/1P Screens	207
14.1.2 What You Need to Know About 802.1Q/1P	207
14.1.3 802.1Q/1P Example	209
14.2 The 802.1Q/1P Group Setting Screen	213
14.2.1 Editing 802.1Q/1P Group Setting	214
14.3 The 802.1Q/1P Port Setting Screen	215
Quality of Service (QoS)	217
15.1 Overview	217
15.2 QoS Overview	217
15.2.1 What You Can Do in the QoS Screens	218
15.2.2 What You Need to Know About QoS	218
15.2.3 QoS Class Setup Example	219
15.3 The QoS General Screen	223
15.4 The Class Setup Screen	224
15.4.1 The Class Configuration Screen	226
15.5 The QoS Monitor Screen	230
15.6 QoS Technical Reference	231
15.6.1 IEEE 802.1Q Tag	231
15.6.2 IP Precedence	231
15.6.3 DiffServ	232
15.6.4 Automatic Priority Queue Assignment	232
Dynamic DNS Setup	235
16.1 Overview	235
16.1.1 What You Need To Know About DDNS	235
16.2 The Dynamic DNS Screen	236
Remote Management	239
17.1 Overview	239
17.1.1 What You Can Do in the Remote Management Screens	240
17.1.2 What You Need to Know About Remote Management	240
17.2 The WWW Screen	241
17.2.1 Configuring the WWW Screen	241
17.3 The Telnet Screen	242
17.4 The FTP Screen	243
17.5 The SNMP Screen	244
17.5.1 Supported MIBs	246
17.5.2 SNMP Traps	246
17.5.3 Configuring SNMP	247
17.6 The DNS Screen	248
17.7 The ICMP Screen	249
Universal Plug-and-Play (UPnP)	251
18.1 Overview	251
18.1.1 What You Can Do in the UPnP Screen	251
18.1.2 What You Need to Know About UPnP	251
18.2 The UPnP Screen	253
18.3 Installing UPnP in Windows Example	253
18.4 Using UPnP in Windows XP Example	257
System Settings	263
19.1 Overview	263
19.1.1 What You Can Do in the System Settings Screens	263
19.1.2 What You Need to Know About System Settings	263
19.2 The General Screen	264
19.3 The Time Setting Screen	266
Logs	269
20.1 Overview	269
20.1.1 What You Can Do in the Log Screens	269
20.1.2 What You Need To Know About Logs	269
20.2 The View Log Screen	270
20.3 The Log Settings Screen	271
20.4 SMTP Error Messages	273
20.4.1 Example E-mail Log	273
20.5 Log Descriptions	274
Tools	283
21.1 Overview	283
21.1.1 What You Can Do in the Tool Screens	283
21.1.2 What You Need To Know About Tools	284
21.1.3 Before You Begin	285
21.1.4 Tool Examples	285
21.2 The Firmware Screen	291
21.3 The Configuration Screen	293
21.4 The Restart Screen	295
Diagnostic	297
22.1 Overview	297
22.1.1 What You Can Do in the Diagnostic Screens	297
22.2 The General Diagnostic Screen	297
22.3 The DSL Line Diagnostic Screen	298
Introducing the SMT	301
23.1 Accessing the SMT	301
23.2 SMT Menu Items	302
23.3 Navigating the SMT Interface	305
General Setup	307
24.1 Configuring General Setup	307
24.1.1 Configuring Dynamic DNS	308
WAN Setup	311
25.1 WAN Setup	311
25.1.1 2wire-2line Service Mode	313
25.2 Configuring Traffic Redirect	315
LAN Setup	317
26.1 Accessing the LAN Menus	317
26.2 LAN Port Filter Setup	317
26.3 TCP/IP and DHCP Setup Menu	318
26.4 LAN IP Alias	320
Internet Access Setup	321
27.1 Internet Access Setup	321
Remote Node Setup	325
28.1 Introduction to Remote Node Setup	325
28.2 Remote Node Setup	325
28.3 Remote Node Profile	326
28.4 Remote Node Network Layer Options	328
28.5 Remote Node Filter	330
28.6 Remote Node ATM Layer Options	332
28.7 Advance Setup Options	333
Static Route Setup	335
29.1 IP Static Route Setup	335
29.2 Bridge Static Route Setup	337
NAT Setup	339
30.1 Using NAT	339
30.1.1 SUA (Single User Account) Versus NAT	339
30.1.2 Applying NAT	340
30.2 NAT Setup	341
30.2.1 Address Mapping Sets	342
30.3 Configuring a Server behind NAT	345
30.4 General NAT Examples	346
30.4.1 Internet Access Only	347
30.4.2 Example 2: Internet Access with a Default Server	348
30.4.3 Example 3: Multiple Public IP Addresses With Inside Servers	348
30.4.4 Example 4: NAT Unfriendly Application Programs	352
Firewall Setup	355
31.1 Using P-793H v2 SMT Menus	355
31.1.1 Activating the Firewall	355
Filter Configuration	357
32.1 Introduction to Filters	357
32.1.1 The Filter Structure of the P-793H v2	358
32.2 Configuring a Filter Set	360
32.2.1 Configuring a Filter Rule	362
32.2.2 Configuring a TCP/IP Filter Rule	362
32.2.3 Configuring a Generic Filter Rule	366
32.3 Example Filter	367
32.4 Filter Types and NAT	369
32.5 Firewall Versus Filters	370
32.6 Applying a Filter	370
32.6.1 Applying LAN Filters	370
32.6.2 Applying Remote Node Filters	371
System Password	373
System Information & Diagnosis	375
34.1 Introduction to System Status	375
34.2 System Status	375
34.3 System Information and Console Port Speed	377
34.3.1 System Information	378
34.3.2 Console Port Speed	379
34.4 Log and Trace	379
34.4.1 Viewing Error Log	379
34.4.2 Syslog Logging	381
34.5 Diagnostic	384
Firmware and Configuration File Maintenance	387
35.1 Introduction	387
35.2 Filename Conventions	387
35.3 Backup Configuration	388
35.3.1 Backup Configuration	389
35.3.2 Using the FTP Command from the Command Line	389
35.3.3 Example of FTP Commands from the Command Line	390
35.3.4 GUI-based FTP Clients	390
35.3.5 File Maintenance Over WAN	390
35.3.6 Backup Configuration Using TFTP	391
35.3.7 TFTP Command Example	391
35.3.8 GUI-based TFTP Clients	392
35.3.9 Backup Via Console Port	392
35.4 Restore Configuration	393
35.4.1 Restore Using FTP	394
35.4.2 Restore Using FTP Session Example	395
35.4.3 Restore Via Console Port	395
35.5 Uploading Firmware and Configuration Files	396
35.5.1 Firmware File Upload	396
35.5.2 Configuration File Upload	397
35.5.3 FTP File Upload Command from the DOS Prompt Example	398
35.5.4 FTP Session Example of Firmware File Upload	398
35.5.5 TFTP File Upload	399
35.5.6 TFTP Upload Command Example	399
35.5.7 Uploading Via Console Port	400
35.5.8 Uploading Firmware File Via Console Port	400
35.5.9 Example Xmodem Firmware Upload Using HyperTerminal	401
35.5.10 Uploading Configuration File Via Console Port	401
35.5.11 Example Xmodem Configuration Upload Using HyperTerminal	402
Menus 24.8 to 24.11	403
36.1 Command Interpreter Mode	403
36.1.1 Command Syntax	403
36.1.2 Command Usage	404
36.2 Call Control Support	404
36.2.1 Budget Management	405
36.3 Time and Date Setting	406
36.4 Remote Management	409
36.4.1 Remote Management Limitations	409
Schedule Setup	411
37.1 Schedule Set Overview	411
37.2 Schedule Setup	411
37.3 Schedule Set Setup	412
Troubleshooting	415
38.1 Power, Hardware Connections, and LEDs	415
38.2 P-793H v2 Access and Login	416
38.3 Internet Access	418
38.4 Network Connections	419
Product Specifications	421
Wall-mounting Instructions	427
Setting up Your Computer’s IP Address	429
Pop-up Windows, JavaScripts and Java Permissions	453
IP Addresses and Subnetting	463
Services	473
Legal Information	477

Match case Limit results 1 per page

Chapter 12 Certificates

P-793H v2 User’s Guide

200

12.3

Certificates Technical Reference

This section provides technical background information about the topics covered in

this chapter.

12.3.1

Certificates Overview

The P-793H v2 can use certificates (also called digital IDs) to authenticate users.

Certificates are based on public-private key pairs. A certificate contains the

certificate owner’s identity and public key. Certificates provide a way to exchange

public keys for use in authentication.

The P-793H v2 uses certificates based on public-key cryptology to authenticate

users attempting to establish a connection, not to encrypt the data that you send

after establishing a connection. The method used to secure the data that you send

through an established connection depends on the type of connection. For

example, a VPN tunnel might use the triple DES encryption algorithm.

The certification authority uses its private key to sign certificates. Anyone can then

use the certification authority’s public key to verify the certificates.

Advantages of Certificates

Certificates offer the following benefits.

•

The P-793H v2 only has to store the certificates of the certification authorities

that you decide to trust, no matter how many devices you need to authenticate.

•

Key distribution is simple and very secure since you can freely distribute public

keys and you never need to transmit private keys.

12.3.2

Private-Public Certificates

When using public-key cryptology for authentication, each host has two keys. One

key is public and can be made openly available. The other key is private and must

be kept secure.

These keys work like a handwritten signature (in fact, certificates are often

referred to as “digital signatures”). Only you can write your signature exactly as it

should look. When people know what your signature looks like, they can verify

whether something was signed by you, or by someone else. In the same way, your

private key “writes” your digital signature and your public key allows people to

verify whether data was signed by you, or by someone else. This process works as

follows.