Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications 2602H-6XC manual What are Local ID and Peer ID?, When should I use FQDN?

Models: 2602H-6XC

1 159

Download 159 pages 63.33 Kb

Page 126

Prestige 2602H-6xC Support Notes

What are Local ID and Peer ID?

Local ID and Peer ID are used in IKE phase 1 negotiation. It’s in FQDN(Fully Qualified Domain Name) format, IKE standard takes it as one type of Phase 1 ID.

Phase 1 ID is an identification for each VPN peer. The type of Phase 1 ID may be IP/FQDN(DNS)/Ueser FQDN(E-mail). The content of Phase 1 ID depends on the Phase 1 ID type. The following is an example for how to configure phase 1 ID.

ID type Content

------------------------------------

IP 202.132.154.1 DNS www.zyxel.com

E-mail support@zyxel.com.tw

Please note that, in Prestige, if "DNS" or "E-mail" type is choosen, you can still use a random string as the content, such as "this_is_Prestige". It's not neccessary to follow the format exactly.

By default, Prestige takes IP as phase 1 ID type for itself and it's remote peer. But if it's remote peer is using DNS or E-mail, you have to ajust the settings to pass phase 1 ID checking.

When should I use FQDN?

If yoour VPN connection is Prestige to Prestige, and both of them have static IP address, and there is no NAT router in between, you can ignore this option. Just leave Local/Peer ID type as IP, then skip this option.

If either side of VPN tunneling end point is using dynamic IP address, you may need to configure ID for the one with dynamic IP address. And in this case, "Aggressive mode" is recommended to be applied in phase 1 negotiation .

Is my Prestige ready for IPSec VPN?

IPSec VPN is available for Prestige since ZyNOS V3.50. It is free upgrade, no registration is needed.

By upgrading the firmware and also configurations (romfile) to ZyNOS V3.50, the IPSec VPN capability

126

All contents copyright (c) 2005 ZyXEL Communications Corporation.

Image 126

ZyXEL Communications 2602H-6XC manual What are Local ID and Peer ID?, When should I use FQDN?

Contents

Prestige 2602H-6xC Version MarchPrestige 2602H-6xC Support Notes 100Prestige 2602H-6xC Support Notes VoIP FAQ IPSec FAQ Prestige 2602H-6xC Support Notes 147 What is the difference between Open System and Shared Key132 159All PCs must have an Ethernet adapter card installed Ethernet connectionFollow these steps to configure Windows TCP/IP TCP/IP InstallationTCP/IP Configuration Setting up the Prestige routerPrestige 2602H-6xC Support Notes Setup the Prestige as a Dhcp Relay Setup the Prestige as a Dhcp Client Configure an Internal Server Behind SUA IntroductionService Port Number SmtpConfigure a Pptp server Behind SUA Example 1723 Prestige 2602H-6xC Support Notes Using NAT / Multi-NAT How NAT worksMany to Many Overload One to OneMany to One Many to Many No OverloadFollowing table summarizes these types NAT Type IP Mapping DirectionApplying NAT in the SMT Menus None Full FeatureField Options Description SUA OnlyConfiguring NAT Table Applying NAT in Menu 4 and MenuAddress Mapping Sets and NAT Server Sets Menu 15.1.1 Address Mapping Rules Set Name= SUA Field Description Option/Example SUAField Description Option Following table describes the fields in this screen One-to-One,Many-to-One and Server typesPrestige 2602H-6xC Support Notes Internet Access Only Prestige 2602H-6xC Support Notes Internet Access with an Internal Server Prestige 2602H-6xC Support Notes Type One-to-One Start= Menu 15.1.1 Address Mapping Rules Support Non NAT Friendly Applications Type Many-to-Many No Overload 192.168.1.10 NAT Type IP Mapping SUA/PATAbout Filter & Filter Examples How does ZyXEL filter work? Filter StructureFilter Types and SUA Prestige 2602H-6xC Support Notes Menu Protocol and device rule cannot be active together Filter for blocking the web service Create a filter set in Menu Rule one for a. http packet, TCP06/Port number Rule 2 for b.DNS request, TCP06/Port numberRule 3 for c. DNS packet UDP17/Port number Configuration Create a filter set in Menu 21, e.g., set Filter RulesAddr= field, for one workstation it is One rule for blocking all packets from this clientEnter the client IP in this field Set to Drop to drop all the packets from this clientBefore you Begin Detailed format of the Ethernet VersionConfigurations Key Settings Menu 3.1 General Ethernet Setup Input Filter Sets Filter for blocking the NetBIOS packets Action Not Matched= Check Next Rule Port # Comp= None TCP Estab= N/A More= No Log= None Menu 21.1.6 TCP/IP Filter Rule Filter # 1,6 Menu Filter Rules Summary Equal Rules Summary Using the Dynamic DNS Ddns Key Settings for using Ddns function Option Service Provider Active Host User DescriptionPassword Enable Wildcard Network Management Using SnmpWrites Set GetGetNext TrapZyXEL Snmp Implementation WarmStart defined in RFC-1215 Configure the Prestige for Snmp Prestige Setup Key SettingsUsing syslog NMS managersUnix Setup L02 Call Terminated C02 Call Terminated Example Packet triggered logFilter log PPP Log Format SdcmdSyslogSend SYSLOGPPPLOG, SYSLOGNOTICE, StringUsing IP Alias What is IP Alias ?Dhcp Setup TCP/IP Setup Using Call Scheduling IP AliasEdit the Schedule sets in menu Select a Schedule Set number and give it a nameMenu 26.1 Schedule Set Setup is as follows Start Date EnableDisable How OftenTime Service in Prestige Using IP Multicast IP Multicast Setup Enable Igmp in Prestiges LAN in menuEnable Igmp in Prestiges remote node in menu MulticastSMT Menu 2 WAN Backup Setup Using Prestige traffic redirectYou can deploy the backup gateway on LAN of Prestige Traffic Redirect on LAN portKey Settings Prestige 2602H-6xC Support Notes Using Universal Plug n Play UPnP What is UPnPUsing UPnP in ZyXEL devices UPnP OperationsEnable UPnP function in ZyXEL device Prestige 2602H-6xC Support Notes Finally, your video conversation is achieved Setup SIP Account VoIP Application NotesPrestige 2602H-6xC Support Notes SIP Number Configure its settings on the PrestigeSIP Account Identity is SIP-Number@SIP-Srevice-DomainSIP Phone port settings SettingsReset AdvancedPhone Port Settings SpeakingVolume ListeningDialing IntervalPhone book Speed dial Speed Dial Add NewEntry NameDelete What is ZyNOS?How do I access the embedded web configurator? EditPrestige 2602H-6xC Support Notes How do I upload or backup Romfile via web configurator? Why cant I make Telnet to Prestige from WAN?What should I do if I forget the system password? What is SUA? When should I use SUA?What is the difference between NAT and SUA? How many network users can the SUA/NAT support? Why cant I configure device filters or protocol filters?What is the Prestige Integrated Access Device? What are Device filters and Protocol filters?Will the Prestige work with my Internet connection? What is PPPoE?How do I know I am using PPPoE? What do I need to use the Prestige?Which Internet Applications can I use with the Prestige? Why does my provider use PPPoE?How can I configure the Prestige? What network interface does the Prestige support?Default IP address is 192.168.1.1, Password How does e-mail work through the Prestige?What Dhcp capability does the Prestige support? How does the Prestige support TFTP? Can the Prestige support Tftp over WAN?How fast can the data go? What is Multi-NAT? When do I need Multi-NAT?What IP/Port mapping does Multi-NAT support? What is the difference between SUA and Multi-NAT? What is BOOTP/DHCP?What is DDNS? When do I need Ddns service? What is Voice over IP? Why use VoIP?How does Voice over IP work? What is voice quality? What is the relationship between codec and VoIP?What is the difference between H.323 and SIP? What advantage does Voice over IP can provide?What codec does Prestige support? What is codec?What is the relation of codec and VoIP? Which codec should I choose?Unable to register with the SIP server? Can register but can not establish a call?What is a network firewall? What makes Prestige firewall secure?What are the basic types of firewalls? What kind of firewall is the Prestige?What is Teardrop attack? What is Denials of Service DoSattack?What is Ping of Death attack? What is SYN Flood attack?What is IP Spoofing attack? What is Land attack?What is Brute-force attack? What are the default ACL firewall rules in Prestige?How can I protect against IP spoofing attacks? What is VPN? Can I override block or allow certain URLs by wording?Security Why do I need VPN?What is PPTP? CostWhat is L2TP? What is IPSec?What secure protocols does IPSec support? What is Pre-Shared Key? What is SA?What is IKE? What is Phase 1 ID for?When should I use FQDN? What are Local ID and Peer ID?Is my Prestige ready for IPSec VPN? How many VPN connections does Prestige support? How do I configure Prestige VPN?What types of authentication does Prestige VPN support? What VPN protocols are supported by Prestige?Does Prestige support dynamic secure gateway IP? Is the host behind NAT allowed to use IPSec? Does Prestige VPN support NetBIOS broadcast?Will ZyXEL support Secure Remote Management? NAT Condition Supported IPSec ProtocolWhere can I configure Phase 1 ID in Prestige? How can I keep a tunnel alive? Can Prestige support IPSec passthrough?Trouble Shooting Online Trace ExampleTCP TCP/IP RAW Data RAW Data Time 12387.260 sec FE EF D0 Length Type of Service = 0x00 Total Length Idetification MAC Addr = 00A0C5921312 Network Type Offline Trace = 0080C84CEA63 Flags = 0x12 .A..S Size 247/ 96 Time 12865.120 sec Checksum = 0xAB57 43863 Debug PPPoE Connection Example- a trace with system crashes Prestige 2602H-6xC Support Notes Prestige 2602H-6xC Support Notes LAN/WAN Packet Trace Trace LAN packet Trace WAN packetSource MAC Addr 0080C84CEA63 Network Type 0x0800 TCP/IP 13067 Frame Type TCP Ethernet Header FA F0 @...y MAC Addr = 00A0C5012345 Network Type 0020 9B CLI Command List