Home » ZyXEL Manuals » Networking » ZyXEL ZYWALL USG 100 » Manual Viewer

ZyXEL ZYWALL USG 100 User Guide - Page 75

L2TP VPN with Android, iOS, and Windows, 4.6.1 L2TP VPN Example - static ip

Get ZyXEL ZYWALL USG 100 PDF manuals and user guides

View all ZyXEL ZYWALL USG 100 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 75 highlights

Chapter 4 Create Secure Connections Across the Internet • Using RDP requires Internet Explorer • Sun's Runtime Environment (JRE) version 1.6 or later installed and enabled. • Changing the HTTP/HTTPS configuration disconnects SSL VPN network extension sessions. Users need to re-connect if this happens. 4.6 L2TP VPN with Android, iOS, and Windows L2TP VPN uses the L2TP and IPSec client software included in remote users' Android, iOS, or Windows operating systems for secure connections to the network behind the ZyWALL. 1 L2TP VPN uses one of the ZyWALL's IPSec VPN connections. Edit Default_L2TP_VPN_GW as follows: • Set My Address to the WAN interface domain name or IP address you want to use. • Replace the default Pre-Shared Key. 2 Create a host-type address object containing the My Address IP address configured in the Default_L2TP_VPN_GW and set the Default_L2TP_VPN_Connection's Local Policy to use it. 3 In Configuration > VPN > L2TP VPN enable the connection and set the VPN connection L2TP VPN uses, the L2TP client IP address pool, the authentication method, and the allowed users. 4 Configure a policy route to let remote users access resources on the network behind the ZyWALL. • Set the policy route's Source Address to the address object that you want to allow the remote users to access (LAN1_SUBNET in the following example). • Set the Destination Address to the IP address pool that the ZyWALL assigns to the remote users (L2TP_POOL in the following example). • Set the next hop to be the VPN tunnel you are using for L2TP. 4.6.1 L2TP VPN Example Here a sales representative uses a laptop to securely connect to the ZyWALL's network. Figure 32 L2TP VPN Example 172.16.1.2 LAN1_SUBNET: 192.168.1.x L2TP_POOL: 192.168.10.10~192.168.10.20 • The ZyWALL has a WAN interface with a static IP address of 172.16.1.2. • The remote user has a dynamic public IP address and connects through the Internet. • You configure an IP address pool object named L2TP_POOL to assign the remote users IP addresses from 192.168.10.10 to 192.168.10.20 for use in the L2TP VPN tunnel. • The VPN rule allows the remote user to access the LAN1_SUBNET (the 192.168.1.x subnet). ZyWALL USG100-PLUS User's Guide 75

Section	Page
ZyWALL USG100-PLUS	1
Videos	2
Contents	3
Introduction	5
1.1 Overview	5
1.2 Default Zones, Interfaces, and Ports	7
1.3 Management Overview	7
1.4 Web Configurator	8
1.4.1 Web Configurator Access	9
1.4.2 Web Configurator Introduction Video	10
1.4.3 Web Configurator Screens Overview	11
1.4.4 Navigation Panel	11
1.4.5 Tables and Lists	16
1.5 Stopping the ZyWALL	19
1.6 Rack-mounting	19
1.7 Front Panel	20
1.7.1 Front Panel LEDs	20
How to Set Up Your Network	21
2.1 Wizard Overview	21
2.2 How to Configure Interfaces, Port Roles, and Zones	21
2.2.1 Configure a WAN Ethernet Interface	22
2.2.2 Configure Port Roles	23
2.2.3 Configure Zones	23
2.3 How to Configure a Cellular Interface	24
2.4 How to Configure Ethernet, PPP, VLAN, Bridge and Policy Routing	26
2.5 How to Set Up IPv6 Interfaces For Pure IPv6 Routing	27
2.5.1 Setting Up the WAN IPv6 Interface	27
2.5.2 Setting Up the LAN Interface	28
2.5.3 Pure IPv6 Routing Video Example	29
2.5.4 Prefix Delegation and Router Advertisement Settings	29
2.5.5 Test	32
2.5.6 Prefix Delegation and Router Advertisement Settings Video Example	33
2.5.7 What Can Go Wrong?	34
2.6 How to Set Up an IPv6 6to4 Tunnel	34
2.6.1 Configuration Concept	34
2.6.2 Setting Up the LAN IPv6 Interface	35
2.6.3 Setting Up the 6to4 Tunnel	36
2.6.4 Testing the 6to4 Tunnel	36
2.6.5 Set Up an IPv6 6to4 Tunnel Video Example	37
2.6.6 What Can Go Wrong?	37
2.7 How to Set Up an IPv6-in-IPv4 Tunnel	38
2.7.1 Configuration Concept	38
2.7.2 Setting Up the IPv6-in-IPv4 Tunnel	38
2.7.3 Setting Up the LAN IPv6 Interface	39
2.7.4 Setting Up the Policy Route	40
2.7.5 Testing the IPv6-in-IPv4 Tunnel	41
2.7.6 Set Up an IPv6-in-IPv4 Tunnel Video Example	42
2.7.7 What Can Go Wrong?	42
Protecting Your Network	45
3.1 Firewall	45
3.1.1 What Can Go Wrong	46
3.2 User-aware Access Control	46
3.2.1 What Can Go Wrong	46
3.3 Endpoint Security (EPS)	47
3.3.1 What Can Go Wrong	47
3.4 Device and Service Registration	47
3.5 Anti-Virus Policy Configuration	48
3.5.1 What Can Go Wrong	49
3.6 IDP Profile Configuration	50
3.6.1 Procedure To Create a New Profile	50
3.7 ADP Profile Configuration	51
3.7.1 Procedure To Create a New ADP Profile	51
3.8 Content Filter Profile Configuration	54
3.8.1 Content Filtering Video Example	56
3.9 Viewing Content Filter Reports	56
3.10 Anti-Spam Policy Configuration	60
Create Secure Connections Across the Internet	63
4.1 IPSec VPN	63
4.1.1 Test the VPN Connection	63
4.1.2 Configure Security Policies for the VPN Tunnel	63
4.1.3 What Can Go Wrong	64
4.2 VPN Concentrator Example	65
4.2.1 What Can Go Wrong	67
4.3 Hub-and-spoke IPSec VPN Without VPN Concentrator	67
4.3.1 What Can Go Wrong	68
4.4 ZyWALL IPSec VPN Client Configuration Provisioning	69
4.4.1 Overview of What to Do	69
4.4.2 Configuration Steps	70
4.4.3 ZyWALL IPSec VPN Client Configuration Provisioning Video Example	72
4.4.4 What Can Go Wrong	72
4.5 SSL VPN	73
4.5.1 SSL VPN Video Example	74
4.5.2 What Can Go Wrong	74
4.6 L2TP VPN with Android, iOS, and Windows	75
4.6.1 L2TP VPN Example	75
4.6.2 Configuring Policy Routing	77
4.6.3 Configuring L2TP VPN on the ZyWALL Video Example	80
4.6.4 Configuring L2TP VPN in Android	80
4.6.5 Configuring L2TP VPN in iOS	81
4.6.6 Configuring L2TP VPN in Windows	81
4.6.7 What Can Go Wrong	90
4.7 One-Time Password Version 2 (OTPv2)	90
4.7.1 What Can Go Wrong	91
Managing Traffic	93
5.1 How to Configure Bandwidth Management	93
5.1.1 Bandwidth Allocation Example	94
5.1.2 Setting the Interface’s Bandwidth	94
5.1.3 SIP Bandwidth Management	94
5.1.4 SIP Any-to-WAN and WAN-to-Any Bandwidth Management Example	94
5.1.5 HTTP Any-to-WAN Bandwidth Management Example	95
5.1.6 FTP WAN-to-DMZ Bandwidth Management Example	97
5.1.7 FTP LAN-to-DMZ Bandwidth Management Example	98
5.1.8 Bandwidth Management Video Example	100
5.1.9 What Can Go Wrong?	100
5.2 How to Configure a Trunk for WAN Load Balancing	100
5.2.1 Set Up Available Bandwidth on Ethernet Interfaces	101
5.2.2 Configure the WAN Trunk	102
5.3 How to Use Multiple Static Public WAN IP Addresses for LAN-to-WAN Traffic	103
5.3.1 Create the Public IP Address Range Object	103
5.3.2 Configure the Policy Route	104
5.4 How to Configure DNS Inbound Load Balancing	104
5.4.1 What Can Go Wrong?	105
5.5 How to Allow Public Access to a Web Server	106
5.5.1 Configure NAT	106
5.5.2 Set Up a Firewall Rule	107
5.5.3 What Can Go Wrong	108
5.6 How to Manage Voice Traffic	108
5.6.1 How to Allow Incoming H.323 Peer-to-peer Calls	108
5.6.2 How to Use an IPPBX on the DMZ	110
5.6.3 What Can Go Wrong	112
5.7 How to Limit Web Surfing and MSN to Specific People	113
5.7.1 Set Up Web Surfing Policies	113
5.7.2 Set Up MSN Policies	114
5.7.3 AppPatrol Video Example	117
5.7.4 What Can Go Wrong	117
Maintenance	119
6.1 How to Allow Management Service from WAN	119
6.1.1 Check Service Control	119
6.1.2 Check Firewall Settings	120
6.2 How to Use a RADIUS Server to Authenticate User Accounts based on Groups	122
6.3 How to Use SSH for Secure Telnet Access	123
6.3.1 Example 1: Microsoft Windows	123
6.3.2 Example 2: Linux	124
6.4 How to Manage ZyWALL Configuration Files	124
6.4.1 What Can Go Wrong	125
6.5 How to Manage ZyWALL Firmware	125
6.5.1 What Can Go Wrong	126
6.6 How to Download and Upload a Shell Script	126
6.6.1 What Can Go Wrong	127
6.7 How to Save System Logs to a USB Storage Device	127
6.7.1 What Can Go Wrong?	130
6.8 How to Get the ZyWALL’s Diagnostic File	130
6.9 How to Capture Packets on the ZyWALL	131
6.9.1 Example of Viewing a Packet Capture (CAP) File	133
6.10 How to Get the ZyWALL’s Core Dump File	134
6.11 How to Use Packet Flow Explore for Troubleshooting	135

Match case Limit results 1 per page

Chapter 4 Create Secure Connections Across the Internet

ZyWALL USG100-PLUS User’s Guide

•

Using RDP requires Internet Explorer

•

Sun’s Runtime Environment (JRE) version 1.6 or later installed and enabled.

•

Changing the HTTP/HTTPS configuration disconnects SSL VPN network extension sessions. Users

need to re-connect if this happens.

4.6

L2TP VPN with Android, iOS, and Windows

L2TP VPN uses the L2TP and IPSec client software included in remote users’ Android, iOS, or

Windows operating systems for secure connections to the network behind the ZyWALL.

L2TP VPN uses one of the ZyWALL’s IPSec VPN connections. Edit

Default_L2TP_VPN_GW

follows:

• Set

My Address

to the WAN interface domain name or IP address you want to use.

•

Replace the default

Pre-Shared Key

Create a host-type address object containing the

My Address

IP address configured in the

Default_L2TP_VPN_GW

and set the

Default_L2TP_VPN_Connection

’s

Local Policy

to use it.

Configuration > VPN > L2TP VPN

enable the connection and set the VPN connection L2TP

VPN uses, the L2TP client IP address pool, the authentication method, and the allowed users.

Configure a policy route to let remote users access resources on the network behind the ZyWALL.

•

Set the policy route’s

Source Address

to the address object that you want to allow the remote

users to access (

LAN1_SUBNET

in the following example).

•

Set the

Destination Address

to the IP address pool that the ZyWALL assigns to the remote

users (

L2TP_POOL

in the following example).

•

Set the next hop to be the VPN tunnel you are using for L2TP.

4.6.1

L2TP VPN Example

Here a sales representative uses a laptop to securely connect to the ZyWALL’s network.

Figure 32

L2TP VPN Example

•

The ZyWALL has a WAN interface with a static IP address of 172.16.1.2.

•

The remote user has a dynamic public IP address and connects through the Internet.

•

You configure an IP address pool object named

L2TP_POOL

to assign the remote users IP

addresses from 192.168.10.10 to 192.168.10.20 for use in the L2TP VPN tunnel.

•

The VPN rule allows the remote user to access the

LAN1_SUBNET

(the 192.168.1.x subnet).

172.16.1.2

L2TP_POOL:

192.168.10.10~192.168.10.20

LAN1_SUBNET:

192.168.1.x