Home » ZyXEL Manuals » Wireless » ZyXEL VMG8324 » Manual Viewer

ZyXEL VMG8324 User Guide - Page 227

bitDH Group1, 1024bitDH Group2, 1536bitDH Group5, 2048bitDH Group14, 3072bitDH Group15, 4096bitDH

Add to My Manuals
Save this manual to your list of manuals

Page 227 highlights

Chapter 20 VPN Table 104 Security > IPSec VPN: Add/Edit LABEL Perfect Forward Secrecy (PFS) DESCRIPTION Select whether or not you want to enable Perfect Forward Secrecy (PFS) PFS changes the root key that is used to generate encryption keys for each IPSec SA. The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. Choices are: None - do not use any random number. 768bit(DH Group1) - use a 768-bit random number 1024bit(DH Group2) - use a 1024-bit random number 1536bit(DH Group5) - use a 1536-bit random number 2048bit(DH Group14) - use a 2048-bit random number 3072bit(DH Group15) - use a 3072-bit random number Key Life Time 4096bit(DH Group16) - use a 4096-bit random number Define the length of time before an IPSec SA automatically renegotiates in this field. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. The following fields are available if you select Manual in the Key Exchange Method field. Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA. Choices are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm Encryption Key EPS_NULL - no encryption key or algorithm This field is applicable when you select an Encryption Algorithm. Enter the encryption key, which depends on the encryption algorithm. DES - type a unique key 16 hexadecimal characters long 3DES - type a unique key 48 hexadecimal characters long Authentication Select which hash algorithm to use to authenticate packet data. Choices are MD5, SHA1. Algorithm SHA is generally considered stronger than MD5, but it is also slower. Authentication Enter the authentication key, which depends on the authentication algorithm. Key MD5 - type a unique key 32 hexadecimal characters long SHA1 - type a unique key 40 hexadecimal characters long SPI Type a unique SPI (Security Parameter Index) in hexadecimal characters. The SPI is used to identify the Device during authentication. OK Cancel The Device and remote IPSec router must use the same SPI. Click OK to save your changes. Click Cancel to restore your previously saved settings. VMG8324-B10A / VMG8324-B30A Series User's Guide 227

Section	Page
VMG8324-B10A and VMG8324- B30A Series	1
Contents Overview	3
Table of Contents	5
User’s Guide	15
Introducing the Device	17
1.1 Overview	17
1.2 Ways to Manage the Device	17
1.3 Good Habits for Managing the Device	17
1.4 Applications for the Device	18
1.4.1 Internet Access	18
1.4.2 Device’s USB Support	19
1.5 LEDs (Lights)	20
1.6 The RESET Button	22
1.7 Wireless Access	22
1.7.1 Using the Wi-Fi and WPS Buttons	22
1.8 Wall-mounting Instructions	23
The Web Configurator	25
2.1 Overview	25
2.1.1 Accessing the Web Configurator	25
2.2 Web Configurator Layout	27
2.2.1 Title Bar	27
2.2.2 Main Window	28
2.2.3 Navigation Panel	29
Quick Start	33
3.1 Overview	33
3.2 Quick Start Setup	33
Technical Reference	35
Network Map and Status Screens	37
4.1 Overview	37
4.2 The Network Map Screen	37
4.3 The Status Screen	38
Broadband	43
5.1 Overview	43
5.1.1 What You Can Do in this Chapter	43
5.1.2 What You Need to Know	44
5.1.3 Before You Begin	47
5.2 The Broadband Screen	47
5.2.1 Add/Edit Internet Connection	49
5.3 The 3G Backup Screen	57
5.4 The Advanced Screen	61
5.5 The 802.1x Screen	62
5.5.1 Edit 802.1X Settings	63
5.6 The WAN Status Screen	63
5.7 Technical Reference	64
Wireless	71
6.1 Overview	71
6.1.1 What You Can Do in this Chapter	71
6.1.2 What You Need to Know	72
6.2 The General Screen	72
6.2.1 No Security	75
6.2.2 Basic (WEP Encryption)	75
6.2.3 Basic (802.1X)	76
6.2.4 More Secure (WPA(2)-PSK)	79
6.2.5 WPA(2) Authentication	80
6.3 The More AP Screen	81
6.3.1 Edit More AP	83
6.4 MAC Authentication	85
6.5 The WPS Screen	86
6.6 The WMM Screen	87
6.7 The WDS Screen	88
6.7.1 WDS Scan	89
6.8 The Others Screen	90
6.9 The Channel Status Screen	92
6.10 Technical Reference	92
6.10.1 Wireless Network Overview	92
6.10.2 Additional Wireless Terms	94
6.10.3 Wireless Security Overview	94
6.10.4 Signal Problems	96
6.10.5 BSS	97
6.10.6 MBSSID	97
6.10.7 Preamble Type	98
6.10.8 Wireless Distribution System (WDS)	98
6.10.9 WiFi Protected Setup (WPS)	98
Home Networking	107
7.1 Overview	107
7.1.1 What You Can Do in this Chapter	107
7.1.2 What You Need To Know	108
7.1.3 Before You Begin	109
7.2 The LAN Setup Screen	109
7.3 The Static DHCP Screen	113
7.4 The UPnP Screen	114
7.5 Installing UPnP in Windows Example	115
7.6 Using UPnP in Windows XP Example	118
7.7 The Additional Subnet Screen	124
7.8 The STB Vendor ID Screen	125
7.9 The 5th Ethernet Port Screen	125
7.10 The LAN VLAN Screen	126
7.11 The Wake on LAN Screen	127
7.12 Technical Reference	128
7.12.1 LANs, WANs and the Device	128
7.12.2 DHCP Setup	128
7.12.3 DNS Server Addresses	128
7.12.4 LAN TCP/IP	129
Routing	131
8.1 Overview	131
8.2 The Routing Screen	132
8.2.1 Add/Edit Static Route	133
8.3 The DNS Route Screen	134
8.3.1 The DNS Route Add Screen	134
8.4 The Policy Forwarding Screen	135
8.4.1 Add/Edit Policy Forwarding	136
8.5 RIP	137
8.5.1 The RIP Screen	137
Quality of Service (QoS)	139
9.1 Overview	139
9.1.1 What You Can Do in this Chapter	139
9.2 What You Need to Know	139
9.3 The Quality of Service General Screen	141
9.4 The Queue Setup Screen	142
9.4.1 Adding a QoS Queue	143
9.5 The Class Setup Screen	144
9.5.1 Add/Edit QoS Class	146
9.6 The QoS Policer Setup Screen	149
9.6.1 Add/Edit a QoS Policer	150
9.7 The QoS Monitor Screen	151
9.8 Technical Reference	152
Network Address Translation (NAT)	157
10.1 Overview	157
10.1.1 What You Can Do in this Chapter	157
10.1.2 What You Need To Know	157
10.2 The Port Forwarding Screen	158
10.2.1 Add/Edit Port Forwarding	160
10.3 The Applications Screen	161
10.3.1 Add New Application	162
10.4 The Port Triggering Screen	162
10.4.1 Add/Edit Port Triggering Rule	164
10.5 The DMZ Screen	165
10.6 The ALG Screen	166
10.7 The Address Mapping Screen	166
10.7.1 Add/Edit Address Mapping Rule	167
10.8 The Address Mapping Screen	168
10.9 The Sessions Screen	169
10.10 Technical Reference	169
10.10.1 NAT Definitions	170
10.10.2 What NAT Does	171
10.10.3 How NAT Works	172
10.10.4 NAT Application	173
Dynamic DNS Setup	175
11.1 Overview	175
11.1.1 What You Can Do in this Chapter	175
11.1.2 What You Need To Know	176
11.2 The DNS Entry Screen	176
11.2.1 Add/Edit DNS Entry	177
11.3 The Dynamic DNS Screen	177
Interface Group	179
12.1 Overview	179
12.1.1 What You Can Do in this Chapter	179
12.2 The Interface Group Screen	179
12.2.1 Interface Group Configuration	180
12.2.2 Interface Grouping Criteria	182
USB Service	185
13.1 Overview	185
13.1.1 What You Can Do in this Chapter	185
13.1.2 What You Need To Know	185
13.1.3 Before You Begin	187
13.2 The File Sharing Screen	188
13.2.1 The Add New Share Screen	189
13.2.2 The Add New User Screen	190
13.3 The Media Server Screen	190
13.4 Printer Server	191
13.4.1 Before You Begin	191
13.4.2 The Printer Server Screen	192
Power Management	193
14.1 Overview	193
14.1.1 What You Can Do in this Chapter	193
14.1.2 What You Need To Know	193
14.2 The Power Management Screen	193
14.3 The Auto Switch Off Screen	194
14.3.1 The Auto Switch Off Add/Edit Screen	195
14.3.2 The Add/Edit Rule Screen	195
Firewall	197
15.1 Overview	197
15.1.1 What You Can Do in this Chapter	197
15.1.2 What You Need to Know	198
15.2 The Firewall Screen	199
15.3 The Protocol Screen	199
15.3.1 Add/Edit a Service	200
15.4 The Access Control Screen	201
15.4.1 Add/Edit an ACL Rule	202
15.5 The DoS Screen	204
MAC Filter	205
16.1 Overview	205
16.2 The MAC Filter Screen	205
Parental Control	207
17.1 Overview	207
17.2 The Parental Control Screen	207
17.2.1 Add/Edit a Parental Control Rule	208
Scheduler Rule	211
18.1 Overview	211
18.2 The Scheduler Rule Screen	211
18.2.1 Add/Edit a Schedule	212
Certificates	213
19.1 Overview	213
19.1.1 What You Can Do in this Chapter	213
19.2 What You Need to Know	213
19.3 The Local Certificates Screen	213
19.3.1 Create Certificate Request	214
19.3.2 Load Signed Certificate	215
19.4 The Trusted CA Screen	216
19.4.1 View Trusted CA Certificate	218
19.4.2 Import Trusted CA Certificate	219
VPN	221
20.1 Overview	221
20.2 The IPSec VPN General Screen	221
20.3 The IPSec VPN Add/Edit Screen	222
20.4 The IPSec VPN Monitor Screen	228
20.5 Technical Reference	228
20.5.1 IPSec Architecture	228
20.5.2 Encapsulation	229
20.5.3 IKE Phases	230
20.5.4 Negotiation Mode	231
20.5.5 IPSec and NAT	232
20.5.6 VPN, NAT, and NAT Traversal	232
20.5.7 ID Type and Content	233
20.5.8 Pre-Shared Key	234
20.5.9 Diffie-Hellman (DH) Key Groups	234
Voice	235
21.1 Overview	235
21.1.1 What You Can Do in this Chapter	235
21.1.2 What You Need to Know About VoIP	236
21.2 Before You Begin	236
21.3 The SIP Account Screen	236
21.3.1 The SIP Account Add/Edit Screen	237
21.4 The SIP Service Provider Screen	241
21.4.1 The SIP Service Provider Add/Edit Screen	242
21.4.2 Dial Plan Rules	248
21.5 The Phone Screen	249
21.6 The Call Rule Screen	249
21.7 The Call History Summary Screen	250
21.8 The Call History Outgoing Calls Screen	251
21.9 The Call History Incoming Calls Screen	251
21.10 Technical Reference	252
21.10.1 Quality of Service (QoS)	260
21.10.2 Phone Services Overview	260
Log	267
22.1 Overview	267
22.1.1 What You Can Do in this Chapter	267
22.1.2 What You Need To Know	267
22.2 The System Log Screen	268
22.3 The Security Log Screen	269
Traffic Status	271
23.1 Overview	271
23.1.1 What You Can Do in this Chapter	271
23.2 The WAN Status Screen	271
23.3 The LAN Status Screen	273
23.4 The NAT Status Screen	274
VoIP Status	275
24.1 The VoIP Status Screen	275
ARP Table	277
25.1 Overview	277
25.1.1 How ARP Works	277
25.2 ARP Table Screen	277
Routing Table	279
26.1 Overview	279
26.2 The Routing Table Screen	279
IGMP/MLD Status	281
27.1 Overview	281
27.2 The IGMP/MLD Group Status Screen	281
xDSL Statistics	283
28.1 The xDSL Statistics Screen	283
3G Statistics	287
29.1 Overview	287
29.2 The 3G Statistics Screen	287
User Account	289
30.1 Overview	289
30.2 The User Account Screen	289
Remote Management	291
31.1 Overview	291
31.2 The Remote MGMT Screen	291
31.3 The Trust Domain Screen	292
31.4 The Add Trust Domain Screen	293
TR-069 Client	295
32.1 Overview	295
32.2 The TR-069 Client Screen	295
TR-064	297
33.1 Overview	297
33.2 The TR-064 Screen	297
SNMP	299
34.1 Overview	299
34.2 The SNMP Screen	299
Time Settings	301
35.1 Overview	301
35.2 The Time Screen	301
E-mail Notification	305
36.1 Overview	305
36.2 The Email Notification Screen	305
36.2.1 Email Notification Edit	306
Logs Setting	307
37.1 Overview	307
37.2 The Log Settings Screen	307
37.2.1 Example E-mail Log	308
Firmware Upgrade	311
38.1 Overview	311
38.2 The Firmware Screen	311
Configuration	313
39.1 Overview	313
39.2 The Configuration Screen	313
39.3 The Reboot Screen	315
Diagnostic	317
40.1 Overview	317
40.1.1 What You Can Do in this Chapter	317
40.2 What You Need to Know	317
40.3 Ping & TraceRoute & NsLookup	318
40.4 802.1ag	319
40.5 OAM Ping	320
Troubleshooting	323
41.1 Power, Hardware Connections, and LEDs	323
41.2 Device Access and Login	324
41.3 Internet Access	326
41.4 Wireless Internet Access	327
41.5 USB Device Connection	328
41.6 UPnP	328
Customer Support	329
Setting up Your Computer’s IP Address	335
IP Addresses and Subnetting	357
Pop-up Windows, JavaScripts and Java Permissions	365
Wireless LANs	375
IPv6	389
Services	397
Legal Information	401

Match case Limit results 1 per page

Chapter 20 VPN

VMG8324-B10A / VMG8324-B30A Series User’s Guide

227

Perfect Forward

Secrecy (PFS)

Select whether or not you want to enable Perfect Forward Secrecy (PFS)

PFS changes the root key that is used to generate encryption keys for each IPSec SA. The

longer the key, the more secure the encryption, but also the longer it takes to encrypt and

decrypt information. Both routers must use the same DH key group. Choices are:

None

- do not use any random number.

768bit(DH Group1)

- use a 768-bit random number

1024bit(DH Group2)

- use a 1024-bit random number

1536bit(DH Group5)

- use a 1536-bit random number

2048bit(DH Group14)

- use a 2048-bit random number

3072bit(DH Group15)

- use a 3072-bit random number

4096bit(DH Group16)

- use a 4096-bit random number

Key Life Time

Define the length of time before an IPSec SA automatically renegotiates in this field.

A short SA Life Time increases security by forcing the two VPN gateways to update the

encryption and authentication keys. However, every time the VPN tunnel renegotiates, all

users accessing remote resources are temporarily disconnected.

The following fields are available if you select Manual in the Key Exchange Method field.

Encryption

Algorithm

Select which key size and encryption algorithm to use in the IKE SA. Choices are:

DES

- a 56-bit key with the DES encryption algorithm

3DES

- a 168-bit key with the DES encryption algorithm

EPS_NULL

- no encryption key or algorithm

Encryption

Key

This field is applicable when you select an Encryption Algorithm.

Enter the encryption key, which depends on the encryption algorithm.

DES

- type a unique key 16 hexadecimal characters long

3DES

- type a unique key 48 hexadecimal characters long

Authentication

Algorithm

Select which hash algorithm to use to authenticate packet data. Choices are MD5, SHA1.

SHA is generally considered stronger than MD5, but it is also slower.

Authentication

Key

Enter the authentication key, which depends on the authentication algorithm.

MD5

- type a unique key 32 hexadecimal characters long

SHA1

- type a unique key 40 hexadecimal characters long

SPI

Type a unique SPI (Security Parameter Index) in hexadecimal characters.

The SPI is used to identify the Device during authentication.

The Device and remote IPSec router must use the same SPI.

Click

to save your changes.

Cancel

Click

Cancel

to restore your previously saved settings.

Table 104

Security > IPSec VPN: Add/Edit

LABEL

DESCRIPTION