Home » ZyXEL Manuals » Wireless » ZyXEL VMG8324 » Manual Viewer

ZyXEL VMG8324 User Guide - Page 225

VPN, VMG8324-B10A / VMG8324-B30A Series User's Guide

Add to My Manuals
Save this manual to your list of manuals

Page 225 highlights

Chapter 20 VPN Table 104 Security > IPSec VPN: Add/Edit LABEL Local ID Content DESCRIPTION When you select IP in the Local ID Type field, type the IP address of your computer in this field. If you configure this field to 0.0.0.0 or leave it blank, the Device automatically uses the Pre-Shared Key (refer to the Pre-Shared Key field description). It is recommended that you type an IP address other than 0.0.0.0 in this field or use the DNS or E-mail type in the following situations. Remote ID Type • When there is a NAT router between the two IPSec routers. • When you want the remote IPSec router to be able to distinguish between VPN connection requests that come in from IPSec routers with dynamic WAN IP addresses. When you select DNS or E-mail in the Local ID Type field, type a domain name or email address by which to identify this Device in this field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. Select IP to identify the remote IPSec router by its IP address. Select E-mail to identify the remote IPSec router by an e-mail address. Select DNS to identify the remote IPSec router by a domain name. Remote ID Content Select ASN1DN to identify the remote IPSec router by the subject field in a certificate. This is used only with certificate-based authentication. The configuration of the remote content depends on the remote ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the Device will use the address in the Remote IPSec Gateway Address field (refer to the Remote IPSec Gateway Address field description). For DNS or E-mail, type a domain name or e-mail address by which to identify the remote IPSec router. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. It is recommended that you type an IP address other than 0.0.0.0 or use the DNS or Email ID type in the following situations: Advanced IKE Settings NAT_Traversal Phase 1 Mode • When there is a NAT router between the two IPSec routers. • When you want the Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. Click more to display advanced settings. Click less to display basic settings only. Select Enable if you want to set up a VPN tunnel when there are NAT routers between the Device and remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router. Otherwise, select Disable. Select the negotiation mode to use to negotiate the IKE SA. Choices are: Main - this encrypts the Device's and remote IPSec router's identities but takes more time to establish the IKE SA. Aggressive - this is faster but does not encrypt the identities. The Device and the remote IPSec router must use the same negotiation mode. VMG8324-B10A / VMG8324-B30A Series User's Guide 225

Section	Page
VMG8324-B10A and VMG8324- B30A Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	15
Introducing the Device	17
1.1 Overview	17
1.2 Ways to Manage the Device	17
1.3 Good Habits for Managing the Device	17
1.4 Applications for the Device	18
1.4.1 Internet Access	18
1.4.2 Device’s USB Support	19
1.5 LEDs (Lights)	20
1.6 The RESET Button	22
1.7 Wireless Access	22
1.7.1 Using the Wi-Fi and WPS Buttons	22
1.8 Wall-mounting Instructions	23
The Web Configurator	25
2.1 Overview	25
2.1.1 Accessing the Web Configurator	25
2.2 Web Configurator Layout	27
2.2.1 Title Bar	27
2.2.2 Main Window	28
2.2.3 Navigation Panel	29
Quick Start	33
3.1 Overview	33
3.2 Quick Start Setup	33
Technical Reference	35
Network Map and Status Screens	37
4.1 Overview	37
4.2 The Network Map Screen	37
4.3 The Status Screen	38
Broadband	43
5.1 Overview	43
5.1.1 What You Can Do in this Chapter	43
5.1.2 What You Need to Know	44
5.1.3 Before You Begin	47
5.2 The Broadband Screen	47
5.2.1 Add/Edit Internet Connection	49
5.3 The 3G Backup Screen	57
5.4 The Advanced Screen	61
5.5 The 802.1x Screen	62
5.5.1 Edit 802.1X Settings	63
5.6 The WAN Status Screen	63
5.7 Technical Reference	64
Wireless	71
6.1 Overview	71
6.1.1 What You Can Do in this Chapter	71
6.1.2 What You Need to Know	72
6.2 The General Screen	72
6.2.1 No Security	75
6.2.2 Basic (WEP Encryption)	75
6.2.3 Basic (802.1X)	76
6.2.4 More Secure (WPA(2)-PSK)	79
6.2.5 WPA(2) Authentication	80
6.3 The More AP Screen	81
6.3.1 Edit More AP	83
6.4 MAC Authentication	85
6.5 The WPS Screen	86
6.6 The WMM Screen	87
6.7 The WDS Screen	88
6.7.1 WDS Scan	89
6.8 The Others Screen	90
6.9 The Channel Status Screen	92
6.10 Technical Reference	92
6.10.1 Wireless Network Overview	92
6.10.2 Additional Wireless Terms	94
6.10.3 Wireless Security Overview	94
6.10.4 Signal Problems	96
6.10.5 BSS	97
6.10.6 MBSSID	97
6.10.7 Preamble Type	98
6.10.8 Wireless Distribution System (WDS)	98
6.10.9 WiFi Protected Setup (WPS)	98
Home Networking	107
7.1 Overview	107
7.1.1 What You Can Do in this Chapter	107
7.1.2 What You Need To Know	108
7.1.3 Before You Begin	109
7.2 The LAN Setup Screen	109
7.3 The Static DHCP Screen	113
7.4 The UPnP Screen	114
7.5 Installing UPnP in Windows Example	115
7.6 Using UPnP in Windows XP Example	118
7.7 The Additional Subnet Screen	124
7.8 The STB Vendor ID Screen	125
7.9 The 5th Ethernet Port Screen	125
7.10 The LAN VLAN Screen	126
7.11 The Wake on LAN Screen	127
7.12 Technical Reference	128
7.12.1 LANs, WANs and the Device	128
7.12.2 DHCP Setup	128
7.12.3 DNS Server Addresses	128
7.12.4 LAN TCP/IP	129
Routing	131
8.1 Overview	131
8.2 The Routing Screen	132
8.2.1 Add/Edit Static Route	133
8.3 The DNS Route Screen	134
8.3.1 The DNS Route Add Screen	134
8.4 The Policy Forwarding Screen	135
8.4.1 Add/Edit Policy Forwarding	136
8.5 RIP	137
8.5.1 The RIP Screen	137
Quality of Service (QoS)	139
9.1 Overview	139
9.1.1 What You Can Do in this Chapter	139
9.2 What You Need to Know	139
9.3 The Quality of Service General Screen	141
9.4 The Queue Setup Screen	142
9.4.1 Adding a QoS Queue	143
9.5 The Class Setup Screen	144
9.5.1 Add/Edit QoS Class	146
9.6 The QoS Policer Setup Screen	149
9.6.1 Add/Edit a QoS Policer	150
9.7 The QoS Monitor Screen	151
9.8 Technical Reference	152
Network Address Translation (NAT)	157
10.1 Overview	157
10.1.1 What You Can Do in this Chapter	157
10.1.2 What You Need To Know	157
10.2 The Port Forwarding Screen	158
10.2.1 Add/Edit Port Forwarding	160
10.3 The Applications Screen	161
10.3.1 Add New Application	162
10.4 The Port Triggering Screen	162
10.4.1 Add/Edit Port Triggering Rule	164
10.5 The DMZ Screen	165
10.6 The ALG Screen	166
10.7 The Address Mapping Screen	166
10.7.1 Add/Edit Address Mapping Rule	167
10.8 The Address Mapping Screen	168
10.9 The Sessions Screen	169
10.10 Technical Reference	169
10.10.1 NAT Definitions	170
10.10.2 What NAT Does	171
10.10.3 How NAT Works	172
10.10.4 NAT Application	173
Dynamic DNS Setup	175
11.1 Overview	175
11.1.1 What You Can Do in this Chapter	175
11.1.2 What You Need To Know	176
11.2 The DNS Entry Screen	176
11.2.1 Add/Edit DNS Entry	177
11.3 The Dynamic DNS Screen	177
Interface Group	179
12.1 Overview	179
12.1.1 What You Can Do in this Chapter	179
12.2 The Interface Group Screen	179
12.2.1 Interface Group Configuration	180
12.2.2 Interface Grouping Criteria	182
USB Service	185
13.1 Overview	185
13.1.1 What You Can Do in this Chapter	185
13.1.2 What You Need To Know	185
13.1.3 Before You Begin	187
13.2 The File Sharing Screen	188
13.2.1 The Add New Share Screen	189
13.2.2 The Add New User Screen	190
13.3 The Media Server Screen	190
13.4 Printer Server	191
13.4.1 Before You Begin	191
13.4.2 The Printer Server Screen	192
Power Management	193
14.1 Overview	193
14.1.1 What You Can Do in this Chapter	193
14.1.2 What You Need To Know	193
14.2 The Power Management Screen	193
14.3 The Auto Switch Off Screen	194
14.3.1 The Auto Switch Off Add/Edit Screen	195
14.3.2 The Add/Edit Rule Screen	195
Firewall	197
15.1 Overview	197
15.1.1 What You Can Do in this Chapter	197
15.1.2 What You Need to Know	198
15.2 The Firewall Screen	199
15.3 The Protocol Screen	199
15.3.1 Add/Edit a Service	200
15.4 The Access Control Screen	201
15.4.1 Add/Edit an ACL Rule	202
15.5 The DoS Screen	204
MAC Filter	205
16.1 Overview	205
16.2 The MAC Filter Screen	205
Parental Control	207
17.1 Overview	207
17.2 The Parental Control Screen	207
17.2.1 Add/Edit a Parental Control Rule	208
Scheduler Rule	211
18.1 Overview	211
18.2 The Scheduler Rule Screen	211
18.2.1 Add/Edit a Schedule	212
Certificates	213
19.1 Overview	213
19.1.1 What You Can Do in this Chapter	213
19.2 What You Need to Know	213
19.3 The Local Certificates Screen	213
19.3.1 Create Certificate Request	214
19.3.2 Load Signed Certificate	215
19.4 The Trusted CA Screen	216
19.4.1 View Trusted CA Certificate	218
19.4.2 Import Trusted CA Certificate	219
VPN	221
20.1 Overview	221
20.2 The IPSec VPN General Screen	221
20.3 The IPSec VPN Add/Edit Screen	222
20.4 The IPSec VPN Monitor Screen	228
20.5 Technical Reference	228
20.5.1 IPSec Architecture	228
20.5.2 Encapsulation	229
20.5.3 IKE Phases	230
20.5.4 Negotiation Mode	231
20.5.5 IPSec and NAT	232
20.5.6 VPN, NAT, and NAT Traversal	232
20.5.7 ID Type and Content	233
20.5.8 Pre-Shared Key	234
20.5.9 Diffie-Hellman (DH) Key Groups	234
Voice	235
21.1 Overview	235
21.1.1 What You Can Do in this Chapter	235
21.1.2 What You Need to Know About VoIP	236
21.2 Before You Begin	236
21.3 The SIP Account Screen	236
21.3.1 The SIP Account Add/Edit Screen	237
21.4 The SIP Service Provider Screen	241
21.4.1 The SIP Service Provider Add/Edit Screen	242
21.4.2 Dial Plan Rules	248
21.5 The Phone Screen	249
21.6 The Call Rule Screen	249
21.7 The Call History Summary Screen	250
21.8 The Call History Outgoing Calls Screen	251
21.9 The Call History Incoming Calls Screen	251
21.10 Technical Reference	252
21.10.1 Quality of Service (QoS)	260
21.10.2 Phone Services Overview	260
Log	267
22.1 Overview	267
22.1.1 What You Can Do in this Chapter	267
22.1.2 What You Need To Know	267
22.2 The System Log Screen	268
22.3 The Security Log Screen	269
Traffic Status	271
23.1 Overview	271
23.1.1 What You Can Do in this Chapter	271
23.2 The WAN Status Screen	271
23.3 The LAN Status Screen	273
23.4 The NAT Status Screen	274
VoIP Status	275
24.1 The VoIP Status Screen	275
ARP Table	277
25.1 Overview	277
25.1.1 How ARP Works	277
25.2 ARP Table Screen	277
Routing Table	279
26.1 Overview	279
26.2 The Routing Table Screen	279
IGMP/MLD Status	281
27.1 Overview	281
27.2 The IGMP/MLD Group Status Screen	281
xDSL Statistics	283
28.1 The xDSL Statistics Screen	283
3G Statistics	287
29.1 Overview	287
29.2 The 3G Statistics Screen	287
User Account	289
30.1 Overview	289
30.2 The User Account Screen	289
Remote Management	291
31.1 Overview	291
31.2 The Remote MGMT Screen	291
31.3 The Trust Domain Screen	292
31.4 The Add Trust Domain Screen	293
TR-069 Client	295
32.1 Overview	295
32.2 The TR-069 Client Screen	295
TR-064	297
33.1 Overview	297
33.2 The TR-064 Screen	297
SNMP	299
34.1 Overview	299
34.2 The SNMP Screen	299
Time Settings	301
35.1 Overview	301
35.2 The Time Screen	301
E-mail Notification	305
36.1 Overview	305
36.2 The Email Notification Screen	305
36.2.1 Email Notification Edit	306
Logs Setting	307
37.1 Overview	307
37.2 The Log Settings Screen	307
37.2.1 Example E-mail Log	308
Firmware Upgrade	311
38.1 Overview	311
38.2 The Firmware Screen	311
Configuration	313
39.1 Overview	313
39.2 The Configuration Screen	313
39.3 The Reboot Screen	315
Diagnostic	317
40.1 Overview	317
40.1.1 What You Can Do in this Chapter	317
40.2 What You Need to Know	317
40.3 Ping & TraceRoute & NsLookup	318
40.4 802.1ag	319
40.5 OAM Ping	320
Troubleshooting	323
41.1 Power, Hardware Connections, and LEDs	323
41.2 Device Access and Login	324
41.3 Internet Access	326
41.4 Wireless Internet Access	327
41.5 USB Device Connection	328
41.6 UPnP	328
Customer Support	329
Setting up Your Computer’s IP Address	335
IP Addresses and Subnetting	357
Pop-up Windows, JavaScripts and Java Permissions	365
Wireless LANs	375
IPv6	389
Services	397
Legal Information	401

Match case Limit results 1 per page

Chapter 20 VPN

VMG8324-B10A / VMG8324-B30A Series User’s Guide

225

Local ID Content

When you select IP in the

Local ID Type

field, type the IP address of your computer in

this field. If you configure this field to 0.0.0.0 or leave it blank, the Device automatically

uses the

Pre-Shared Key

(refer to the

Pre-Shared Key

field description).

It is recommended that you type an IP address other than 0.0.0.0 in this field or use the

DNS

E-mail

type in the following situations.

•

When there is a NAT router between the two IPSec routers.

•

When you want the remote IPSec router to be able to distinguish between VPN

connection requests that come in from IPSec routers with dynamic WAN IP addresses.

When you select

DNS

E-mail

in the

Local ID Type

field, type a domain name or e-

mail address by which to identify this Device in this field. Use up to 31 ASCII characters

including spaces, although trailing spaces are truncated. The domain name or e-mail

address is for identification purposes only and can be any string.

Remote ID Type

Select

to identify the remote IPSec router by its IP address.

Select

E-mail

to identify the remote IPSec router by an e-mail address.

Select

DNS

to identify the remote IPSec router by a domain name.

Select

ASN1DN

to identify the remote IPSec router by the subject field in a certificate.

This is used only with certificate-based authentication.

Remote ID

Content

The configuration of the remote content depends on the remote ID type.

For

, type the IP address of the computer with which you will make the VPN connection.

If you configure this field to 0.0.0.0 or leave it blank, the Device will use the address in

the

Remote IPSec Gateway Address

field (refer to the

Remote IPSec Gateway

Address

field description).

For

DNS

E-mail

, type a domain name or e-mail address by which to identify the

remote IPSec router. Use up to 31 ASCII characters including spaces, although trailing

spaces are truncated. The domain name or e-mail address is for identification purposes

only and can be any string.

It is recommended that you type an IP address other than 0.0.0.0 or use the

DNS

E-

mail

ID type in the following situations:

•

When there is a NAT router between the two IPSec routers.

•

When you want the Device to distinguish between VPN connection requests that come

in from remote IPSec routers with dynamic WAN IP addresses.

Advanced IKE

Settings

Click

to display advanced settings. Click

less

to display basic settings only.

NAT_Traversal

Select

Enable

if you want to set up a VPN tunnel when there are NAT routers between the

Device and remote IPSec router. The remote IPSec router must also enable NAT traversal,

and the NAT routers have to forward UDP port 500 packets to the remote IPSec router

behind the NAT router. Otherwise, select

Disable

Phase 1

Mode

Select the negotiation mode to use to negotiate the IKE SA. Choices are:

Main

- this encrypts the Device’s and remote IPSec router’s identities but takes more

time to establish the IKE SA.

Aggressive

- this is faster but does not encrypt the identities.

The Device and the remote IPSec router must use the same negotiation mode.

Table 104

Security > IPSec VPN: Add/Edit

LABEL

DESCRIPTION