Home » ZyXEL Manuals » Networking » ZyXEL VSG1432-B101 » Manual Viewer

ZyXEL VSG1432-B101 User Guide - Page 255

IPSec Settings > Add/Edit: Manual

Get ZyXEL VSG1432-B101 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 255 highlights

Chapter 21 IPSec Table 88 IPSec Settings > Add/Edit: Manual LABEL DESCRIPTION Tunnel access from local IP addresses Specify the IP addresses of the devices behind the ZyXEL Device that can use the VPN tunnel. The local IP addresses must correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time. IP Address for VPN Use the drop-down list box to choose Single Address or Subnet. Select Single Address for a single IP address. Select Subnet to specify IP addresses on a network by their subnet mask. When the local IP address type is configured to Single Address, enter a (static) IP address on the LAN behind your ZyXEL Device. IP Subnetmask When the local IP address type is configured to Subnet, enter a (static) IP address on the LAN behind your ZyXEL Device. When the local IP address type is configured to Single Address, this field is not available. Tunnel access from remote IP addresses When the local IP address type is configured to Subnet, enter a subnet mask on the LAN behind your ZyXEL Device. Specify the IP addresses of the devices behind the remote IPSec router that can use the VPN tunnel. The remote IP addresses must correspond to the remote IPSec router's configured local IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time. IP Address for VPN Use the drop-down list box to choose Single Address or Subnet. Select Single Address with a single IP address. Select Subnet to specify IP addresses on a network by their subnet mask. When the remote IP address type is configured to Single Address, enter a (static) IP address on the network behind the remote IPSec router. IP Subnetmask When the remote IP address type is configured to Subnet, enter a (static) IP address on the network behind the remote IPSec router. When the remote IP address type is configured to Single Address, this field is not available. Protocol Key Exchange Method When the remote IP address type is configured to Subnet, enter a subnet mask on the network behind the remote IPSec router. This field displays ESP and the ZyXEL Device uses ESP (Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. Select Auto(IKE) or Manual from the drop-down list box. Auto(IKE) provides more protection so it is generally recommended. Manual is a useful option for troubleshooting if you have problems using Auto(IKE) key management. VSG1432-B101 Series User's Guide 255

Section	Page
VSG1432-B101 Series	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	21
Introducing the VSG1432-B101	23
1.1 Overview	23
1.2 Ways to Manage the ZyXEL Device	23
1.3 Good Habits for Managing the ZyXEL Device	23
1.4 Applications for the ZyXEL Device	24
1.4.1 Internet Access	24
1.4.2 ZyXEL Device’s USB Support	25
1.5 Hardware Setup	26
1.6 Hardware Connections	28
1.7 LEDs (Lights)	29
1.8 The RESET Button	31
1.9 Wireless Access	31
1.9.1 Using the WLAN/WPS Button	31
The Web Configurator	33
2.1 Overview	33
2.1.1 Accessing the Web Configurator	33
2.2 Web Configurator Layout	36
2.2.1 Title Bar	36
2.2.2 Main Window	37
2.2.3 Navigation Panel	37
Quick Start	41
3.1 Overview	41
3.2 Quick Start Setup	41
Tutorials	43
4.1 Overview	43
4.2 Setting Up an ADSL PPPoE Connection	43
4.3 Setting Up a Secure Wireless Network	46
4.3.1 Configuring the Wireless Network Settings	46
4.3.2 Using WPS	48
4.3.3 Without WPS	52
4.4 Setting Up Multiple Wireless Groups	53
4.5 Setting Up NAT Port Forwarding	56
4.6 Configuring Static Route for Routing to Another Network	58
4.7 Configuring QoS Queue and Class Setup	60
4.8 Access the ZyXEL Device Using DDNS	63
4.8.1 Registering a DDNS Account on www.dyndns.org	64
4.8.2 Configuring DDNS on Your ZyXEL Device	64
4.8.3 Testing the DDNS Setting	65
4.9 Access Your Shared Files From a Computer	65
Technical Reference	67
Network Map and Status Screens	69
5.1 Overview	69
5.2 The Network Map Screen	69
5.3 The Status Screen	71
Broadband	75
6.1 Overview	75
6.1.1 What You Need to Know	75
6.1.2 Before You Begin	76
6.2 The Broadband Screen	77
6.2.1 Add/Edit Broadband	78
6.2.2 PPPoE Encapsulation	78
6.3 Technical Reference	86
6.3.1 Encapsulation	86
6.3.2 Multiplexing	87
6.3.3 VPI and VCI	87
6.3.4 IP Address Assignment	87
6.3.5 NAT	88
6.3.6 Traffic Shaping	88
6.3.7 ATM Traffic Classes	89
6.3.8 Introduction to VLANs	89
Wireless	91
7.1 Overview	91
7.1.1 What You Can Do in this Chapter	91
7.1.2 What You Need to Know	92
7.2 The General Screen	92
7.2.1 No Security	95
7.2.2 Basic (WEP Encryption)	96
7.2.3 More Secure (WPA(2)-PSK)	98
7.2.4 WPA(2) Authentication	99
7.3 The More AP Screen	101
7.3.1 Edit More AP	102
7.4 MAC Authentication	103
7.5 The WPS Screen	105
7.6 The WMM Screen	106
7.7 The WDS Screen	107
7.7.1 WDS Scan	109
7.8 The Others Screen	110
7.9 Technical Reference	111
7.9.1 Wireless Network Overview	111
7.9.2 Additional Wireless Terms	113
7.9.3 Wireless Security Overview	114
7.9.4 Signal Problems	117
7.9.5 BSS	117
7.9.6 MBSSID	118
7.9.7 Preamble Type	119
7.9.8 Wireless Distribution System (WDS)	119
7.9.9 WiFi Protected Setup (WPS)	120
Home Networking	127
8.1 Overview	127
8.1.1 What You Can Do in this Chapter	127
8.1.2 What You Need To Know	128
8.1.3 Before You Begin	129
8.2 The LAN Setup Screen	130
8.3 The Static DHCP Screen	132
8.4 The UPnP Screen	133
8.5 Installing UPnP in Windows Example	134
8.6 Using UPnP in Windows XP Example	137
8.7 Technical Reference	142
8.7.1 LANs, WANs and the ZyXEL Device	143
8.7.2 DHCP Setup	143
8.7.3 DNS Server Addresses	143
8.7.4 LAN TCP/IP	144
Static Routing	147
9.1 Overview	147
9.2 The Routing Screen	148
9.2.1 Add/Edit Static Route	149
Quality of Service (QoS)	151
10.1 Overview	151
10.1.1 What You Can Do in this Chapter	151
10.2 What You Need to Know	152
10.3 The Quality of Service General Screen	153
10.4 The Queue Setup Screen	154
10.4.1 Adding a QoS Queue	156
10.5 The Class Setup Screen	157
10.5.1 Add/Edit QoS Class	159
10.6 The QoS Policer Setup Screen	163
10.6.1 Add/Edit a QoS Policer	164
10.7 The QoS Monitor Screen	165
10.8 Technical Reference	166
Policy Forwarding	171
11.1 Overview	171
11.2 The Policy Forwarding Screen	171
11.2.1 Add/Edit Policy Forwarding	172
Network Address Translation (NAT)	175
12.1 Overview	175
12.1.1 What You Can Do in this Chapter	175
12.1.2 What You Need To Know	175
12.2 The Port Forwarding Screen	176
12.2.1 Add/Edit Port Forwarding	178
12.3 The Applications Screen	179
12.3.1 Add New Application	180
12.4 The Port Triggering Screen	181
12.4.1 Add/Edit Port Triggering Rule	183
12.5 The DMZ Screen	185
12.6 The ALG Screen	186
12.7 The Sessions Screen	186
12.8 Technical Reference	187
12.8.1 NAT Definitions	187
12.8.2 What NAT Does	188
12.8.3 How NAT Works	189
12.8.4 NAT Application	190
Dynamic DNS Setup	193
13.1 Overview	193
13.1.1 What You Can Do in this Chapter	194
13.1.2 What You Need To Know	194
13.2 The DNS Entry Screen	195
13.2.1 Add/Edit DNS Entry	196
13.3 The Dynamic DNS Screen	196
IGMP	199
14.1 Overview	199
14.1.1 What You Can Do in this Chapter	199
14.1.2 What You Need to Know	199
14.2 The IGMP General Screen	202
14.3 IGMP Filter Configuration	204
14.3.1 IGMP Host Limitation Edit	206
14.3.2 IGMP Service Add	207
14.3.3 IGMP Host Limitation Add	208
14.4 IGMP ACL Configuration	209
14.4.1 IGMP ACL Add	210
Interface Group	211
15.1 Overview	211
15.1.1 What You Can Do in this Chapter	211
15.2 The Interface Group Screen	211
15.2.1 Interface Group Configuration	213
Firewall	215
16.1 Overview	215
16.1.1 What You Can Do in this Chapter	215
16.1.2 What You Need to Know	216
16.2 The Firewall Screen	217
16.3 The Protocol Screen	217
16.3.1 Add a Protocol	219
16.4 The Access Control Screen	220
16.4.1 Add/Edit an ACL Rule	222
MAC Filter	225
17.1 Overview	225
17.2 The MAC Filter Screen	225
Parental Control	227
18.1 Overview	227
18.2 The Parental Control Screen	227
18.2.1 Add/Edit Parental Control Rule	228
Scheduler Rules	231
19.1 Overview	231
19.2 The Scheduler Rules Screen	231
19.2.1 Add/Edit a Schedule	232
Certificates	233
20.1 Overview	233
20.1.1 What You Can Do in this Chapter	233
20.2 What You Need to Know	233
20.3 The Local Certificates Screen	234
20.3.1 Create Certificate Request	235
20.3.2 Load Signed Certificate	236
20.3.3 Import Certificate	237
20.3.4 Certificate Details	239
20.4 The Trusted CA Screen	241
20.4.1 View Trusted CA Certificate	242
20.4.2 Import Trusted CA Certificate	243
IPSec	245
21.1 Overview	245
21.1.1 What You Can Do in this Chapter	245
21.1.2 What You Need to Know	246
21.2 The IPSec Status Screen	247
21.3 The IPSec Settings Screen	248
21.3.1 Add/Edit IPSec Setting	249
21.3.2 Configuring Manual Key	254
21.4 Technical Reference	256
21.4.1 IPSec Architecture	257
21.4.2 Encapsulation	258
21.4.3 IKE Phases	259
21.4.4 Negotiation Mode	260
21.4.5 IPSec and NAT	260
21.4.6 VPN, NAT, and NAT Traversal	261
21.4.7 ID Type and Content	262
21.4.8 Pre-Shared Key	263
21.4.9 Diffie-Hellman (DH) Key Groups	264
Service Control	265
22.1 Overview	265
22.2 The Service Control Screen	265
ARP Table	267
23.1 Overview	267
23.1.1 How ARP Works	267
23.2 ARP Table Screen	268
Logs	269
24.1 Overview	269
24.1.1 What You Can Do in this Chapter	269
24.1.2 What You Need To Know	269
24.2 The System Log Screen	270
24.3 The Security Log Screen	271
Traffic Status	273
25.1 Overview	273
25.1.1 What You Can Do in this Chapter	273
25.2 The WAN Status Screen	274
25.3 The LAN Status Screen	276
IGMP Status	279
26.1 Overview	279
26.1.1 What You Can Do in this Chapter	279
26.2 The IGMP Group Screen	279
26.3 IGMP Statistics Screen	280
Users Configuration	283
27.1 Overview	283
27.2 The Users Configuration Screen	283
27.2.1 Add/Edit a Users Account	285
Remote Management	287
28.1 Overview	287
28.1.1 What You Can Do in this Chapter	287
28.2 The TR-069 Clients Screen	287
28.3 The TR-064 Screen	289
Time Settings	291
29.1 Overview	291
29.2 The Time Setting Screen	291
Logs Setting	295
30.1 Overview	295
30.2 The Log Settings Screen	295
30.2.1 Example E-mail Log	297
Firmware Upgrade	299
31.1 Overview	299
31.2 The Firmware Screen	299
Configuration	301
32.1 Overview	301
32.2 The Configuration Screen	301
32.3 The Reboot Screen	304
Diagnostic	305
33.1 Overview	305
33.2 The Diagnostic Screen	305
Troubleshooting	307
34.1 Power, Hardware Connections, and LEDs	307
34.2 ZyXEL Device Access and Login	308
34.3 Internet Access	310
34.4 Wireless Internet Access	312
Product Specifications	315
35.1 Hardware Specifications	315
35.2 Firmware Specifications	316
Setting up Your Computer’s IP Address	321
IP Addresses and Subnetting	345
Pop-up Windows, JavaScripts and Java Permissions	355
Wireless LANs	365
Services	381
Open Software Announcements	385
Legal Information	397

Match case Limit results 1 per page

Chapter 21 IPSec

VSG1432-B101 Series User’s Guide

255

Tunnel access

from local IP

addresses

Specify the IP addresses of the devices behind the ZyXEL Device that

can use the VPN tunnel. The local IP addresses must correspond to the

remote IPSec router's configured remote IP addresses.

Two active SAs cannot have the local and remote IP address(es) both

the same. Two active SAs can have the same local or remote IP

address, but not both. You can configure multiple SAs between the

same local and remote IP addresses, as long as only one is active at

any time.

Use the drop-down list box to choose

Single Address

Subnet

Select

Single Address

for a single IP address. Select

Subnet

specify IP addresses on a network by their subnet mask.

IP Address

for VPN

When the local IP address type is configured to

Single Address

, enter

a (static) IP address on the LAN behind your ZyXEL Device.

When the local IP address type is configured to

Subnet

, enter a

(static) IP address on the LAN behind your ZyXEL Device.

Subnetmask

When the local IP address type is configured to

Single Address

, this

field is not available.

When the local IP address type is configured to

Subnet

, enter a subnet

mask on the LAN behind your ZyXEL Device.

Tunnel access

from remote IP

addresses

Specify the IP addresses of the devices behind the remote IPSec router

that can use the VPN tunnel. The remote IP addresses must correspond

to the remote IPSec router's configured local IP addresses.

Two active SAs cannot have the local and remote IP address(es) both

the same. Two active SAs can have the same local or remote IP

address, but not both. You can configure multiple SAs between the

same local and remote IP addresses, as long as only one is active at

any time.

Use the drop-down list box to choose

Single Address

Subnet

Select

Single Address

with a single IP address. Select

Subnet

specify IP addresses on a network by their subnet mask.

IP Address

for VPN

When the remote IP address type is configured to

Single Address

enter a (static) IP address on the network behind the remote IPSec

router.

When the remote IP address type is configured to

Subnet

, enter a

(static) IP address on the network behind the remote IPSec router.

Subnetmask

When the remote IP address type is configured to

Single Address

this field is not available.

When the remote IP address type is configured to

Subnet

, enter a

subnet mask on the network behind the remote IPSec router.

Protocol

This field displays

ESP

and the ZyXEL Device uses ESP (Encapsulation

Security Payload) for VPN. The ESP protocol (RFC 2406) provides

encryption as well as some of the services offered by

Key Exchange

Method

Select

Auto(IKE)

Manual

from the drop-down list box.

Auto(IKE)

provides more protection so it is generally recommended.

Manual

is a

useful option for troubleshooting if you have problems using

Auto(IKE)

key management.

Table 88

IPSec Settings > Add/Edit: Manual

LABEL

DESCRIPTION