How can I keep a tunnel alive? | ZyXEL Communications 2602HWL-D3A

Prestige 2602HWL-D3A Support Notes

VPN client: 10.1.33.33

NAT router WAN IP: 202.132.154.2

Prestige WAN: 202.132.154.3

Since the VPN client is behind a NAT router, it must have a private IP address in most case. This may cause the VPN client to send it's private IP address as the content of it's phase 1 ID. So you have to configure Prestige's secure gateway's phase 1 ID as the private IP address of the VPN client.

How can I keep a tunnel alive?

To keep a tunnel alive, you can check "keep alive" option when configuring your VPN tunnel. With this option, whenever phase 2 SA lifetime is due, IKE negotiation procedure will be invoked automatically even without traffic to make the connection stay.

But to reduce the consumption of system resource, if VPN tunnels get disconnected either manually, by idle timer, or because of power cycle, packet triggering is still necessary to make the tunnel up.

Single, Range, Subnet, which types of IP address do Prestige 10/10II/10W/50/100 support in VPN/IPSec?

The mentioned Prestige series support all of the types. In other words, you can specify a single PC, a range of PCs or even a network of PCs to utilize the VPN/IPSec service.

Can Prestige support IPSec passthrough?

Yes, Prestige can support IPSec passthrough. Prestige series don't only support IPSec/VPN gateway, it can also be a NAT router supporting IPSec passthrough.

If the VPN connection is initiated from the security gateway behind Prestige, no configuration is necessary for NAT nor Firewall.

If the VPN connection is initiated from the security gateway outside of Prestige, NAT port forwarding and Firewall forwarding are necessary.

To configure NAT port forwarding, please go to WEB interface, Setup/ "SUA/NAT", put the secure gateway's IP address in default server.

To configure Firewall forwarding, please go to WEB interface, Setup/Firewall, select Packet Direction to WAN to LAN, and create a firewall rule the forwards IKE(UDP:500).

202

All contents copyright (c) 2007 ZyXEL Communications Corporation.

Image 202

ZyXEL Communications 2602HWL-D3A manual How can I keep a tunnel alive?, Can Prestige support IPSec passthrough?

Contents

Prestige 2602HWL-D3A Version Oct Prestige 2602HWL-D3A Support Notes FAQ Pstn L Ifeline FAQ IP FAQ Ontent F Ilter FAQ Ireless FAQ Application Notes TCP/IP Installation All PCs must have an Ethernet adapter card installedEthernet connection Follow these steps to configure Windows TCP/IP TCP/IP Configuration∙ Setting up the Prestige router Prestige 2602HWL-D3A Support Notes Setup the Prestige as a Dhcp Relay ∙ What is Dhcp Relay? ∙ Setup the Prestige as a Dhcp Client Edit IP Alias= No Press Enter to Confirm or ESC to Cancel Configure an Internal Server Behind SUA Service Port Number Configure a Pptp server Behind SUA ∙ Example 1723 192.168.1.10 Prestige 2602HWL-D3A Support Notes Using NAT / Multi-NAT ∙ What is Multi-NAT? Many to Many Overload One to OneMany to One Many to Many No Overload NAT Type IP Mapping Direction Following table summarizes these typesApplying NAT in the SMT Menus None Full FeatureField Options Description SUA Only Table Applying NAT in Menu 4 and Menu Configuring NATAddress Mapping Sets and NAT Server Sets Prestige 2602HWL-D3A Support Notes Field Description Option/Example SUA Field Description Option Following table describes the fields in this screen Enter 2 to go to Menu 15.2.1-NAT Server Setup Internet Access Only See the following figure Prestige 2602HWL-D3A Support Notes Internet Access with an Internal Server Types are used Type One-to-One Start= Name= Example3 Support Non NAT Friendly Applications Type Many-to-Many No Overload Start= ∙ SUA NAT Type IP Mapping About Filter & Filter Examples How does ZyXEL filter work? ∙ Filter Structure ∙ Filter Types and SUA Prestige 2602HWL-D3A Support Notes Menu Protocol and device rule cannot be active together Filter for blocking the web service Create a filter set in Menu Rule one for a. http packet, TCP06/Port number Rule 2 for b.DNS request, TCP06/Port number Rule 3 for c. DNS packet UDP17/Port number Configuration Create a filter set in Menu 21, e.g., set Filter for blocking a specific client Addr= field, for one workstation it is One rule for blocking all packets from this clientEnter the client IP in this field Set to Drop to drop all the packets from this client Before you Begin Detailed format of the Ethernet Version Configurations Action Matched= Drop Action Not Matched= Forward Value= 0080c810234a Filter for blocking the NetBIOS packets Action Not Matched= Check Next Rule Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes Menu 21.1.6 TCP/IP Filter Rule Filter # 1,6 Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes Menu 3.1 General Ethernet Setup Input Filter Sets Using the Dynamic DNS Ddns Key Settings for using Ddns function Password Enable Wildcard Network Management Using Snmp Writes ∙ Set ∙ Get∙ GetNext ∙ Trap ZyXEL Snmp Implementation ∙ warmStart defined in RFC-1215 Configure the Prestige for Snmp Using syslog ∙ Unix Setup ∙ Packet triggered log L02 Call Terminated C02 Call Terminated Example∙ Filter log ∙ PPP Log Format SdcmdSyslogSend SYSLOGPPPLOG, SYSLOGNOTICE, String Using IP Alias ∙ What is IP Alias ? Dhcp Setup TCP/IP Setup Using Call Scheduling IP Alias Edit the Schedule sets in menu Select a Schedule Set number and give it a name Menu 26.1 Schedule Set Setup is as follows Enable Start Date How Often Forced On Forced Down ∙ Time Service in Prestige Using IP Multicast ∙ IP Multicast Setup Enable Igmp in Prestiges LAN in menu Enable Igmp in Prestiges remote node in menu Multicast SMT Menu 2 WAN Backup Setup Using Prestige traffic redirectYou can deploy the backup gateway on LAN of Prestige Traffic Redirect on LAN port WAN IP Using Universal Plug n Play UPnP ∙ 1. What is UPnP UPnP Operations ∙ 2. Using UPnP in ZyXEL devices Enable UPnP function in ZyXEL device Changes through UPnP Prestige 2602HWL-D3A Support Notes Finally, your video conversation is achieved Infrastructure mode What is Infrastructure mode? Configuration Prestige Wireless using SMT Prestige 2602HWL-D3A Support Notes ∙ Configuration Wireless Station to Infrastructure mode Double click on the AP you want to associated with Wireless MAC address filtering MAC Filter Overview Configured in this list will be blocked Key Settings Option DescriptionsFilter Action Prestige 2602HWL-D3A Support Notes WEP configuration Wired Equivalent Privacy Introduction Setting up the Access Point Key settings Access point will decrypt the data by its Key Setting up the Station Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes Configuring Ieee 802.1x Introduction Authentication Server AuthenticatorSupplicant ∙ Authentication Port State and Authentication Control ∙ Re-Authentication Eapol Exchange between 802.1x Authenticator and Supplicant Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes If you use WEB Configuration Wireless Port Control= No Authentication Required ∙ Using Internal Authentication Server If you use WEB Configurator Key settingsPassword User Name ∙ Using External Radius Authentication Server Prestige 2602HWL-D3A Support Notes Key settings for authentication server Server Address Port Shared Secret Site Survey Preparation Survey on Site Prestige 2602HWL-D3A Support Notes Pstn Lifeline Application Notes Usage of Pstn Lifeline Lifeline configuration Relay to Pstn How to connect Lifeline and DSL connectionFirgure 1 Splitter type VoIP Application Notes Setup SIP Account Local AccountNumber Port Reset PasswordSetup Address SIP Server Phone port settings Speaking VolumeAdvanced voice settings configuration Listening Each fields detail description of the page is listed below SIP Account URL Type TimerDtmf Mode Expiration Indication MessageWaiting Time Each fields detail description of the page is listed below Name Speed DialSIP Number Type Region Voice Common SettingsSettings Immediate Services from your voice service provider Call Service ModeVoice QoS setup Priority Call Forwarding setupVoice Vlan Busy Forward to Number Unconditional Forward to NumberNo Answer Forward to Number Unconditional Table NumberForward to Busy Forward Call Waiting setup Number Setup sectionCall Hold setup Condition Scenario Prestige 2602HWL-D3A Support Notes Dial B phone number directly to make another call Three Way Conference setupGet a dial tone Three-way conversation Call Transfer setup Dial to B Off hook B conversation Prestige 2602HWL-D3A Support Notes Application scenario 3 Attendant Transfer Call Fallback Prestige 2602HWL-D3A Support Notes Call Park Call Flow Call Pickup Call Flow Call Return Distinctive Ringing Each filed is described in the following table Do Not Disturb DND Hot Line Auto Dial Setting Advanced Ras voice config fxs saveMusic on hold Trunking Trunking Peer to Peer Configuration details Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes Trunking SIP to FXO VoIP Trunking General On Device B No special configuration needed Trunking FXO to SIP Prestige 2602HWL-D3A Support Notes Trunking FXO to FXO Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes What is ZyNOS? How do I access the embedded web configurator? Prestige 2602HWL-D3A Support Notes How do I upload or backup Romfile via web configurator? Why cant I make Telnet to Prestige from WAN? What is SUA? When should I use SUA? What should I do if I forget the system password?What is the difference between NAT and SUA? How many network users can the SUA/NAT support? Why cant I configure device filters or protocol filters?What is the Prestige Integrated Access Device? What are Device filters and Protocol filters? Will the Prestige work with my Internet connection? What is PPPoE?How do I know I am using PPPoE? What do I need to use the Prestige? Which Internet Applications can I use with the Prestige? Why does my provider use PPPoE?How can I configure the Prestige? What network interface does the Prestige support? How does e-mail work through the Prestige? Default IP address is 192.168.1.1, PasswordWhat Dhcp capability does the Prestige support? Can the Prestige support Tftp over WAN? How does the Prestige support TFTP?How fast can the data go? What is Multi-NAT? When do I need Multi-NAT? What IP/Port mapping does Multi-NAT support? Server What is BOOTP/DHCP? What is the difference between SUA and Multi-NAT?What is DDNS? When do I need Ddns service? Can I connect more than one phone on the phone port? What does Lifeline mean?Do I need Lifeline? Can I receive incoming Pstn call through P2602HWL- 6xC? What is the relationship between codec and VoIP? What is Voice over IP?Why use VoIP? Can I make an outgoing Pstn call through P2602HWL 6xC? What is codec? What is the difference between H.323 and SIP?What is voice quality? What advantage does Voice over IP can provide? Which codec should I choose? What is the relation of codec and VoIP?What codec does Prestige support? What do I need in order to use SIP? Unable to register with the SIP server? Can register but can not establish a call? What makes Prestige firewall secure? What is a network firewall?What are the basic types of firewalls? What kind of firewall is the Prestige? What is Teardrop attack? What is Denials of Service DoSattack?What is Ping of Death attack? What is SYN Flood attack? What is IP Spoofing attack? What is Land attack?What is Brute-force attack? What are the default ACL firewall rules in Prestige? How can I protect against IP spoofing attacks? Can I override block or allow certain URLs by wording? What is VPN?Why do I need VPN? Security What is IPSec? What is PPTP?What is L2TP? Cost What is IKE? What is SA?What secure protocols does IPSec support? What are the differences between IKE and manual key VPN? What is Pre-Shared Key?What is Phase 1 ID for? What are Local ID and Peer ID? Is my Prestige ready for IPSec VPN? When should I use FQDN?How do I configure Prestige VPN? How many VPN connections does Prestige support? What VPN protocols are supported by Prestige? What types of authentication does Prestige VPN support?What types of encryption does Prestige VPN support? Does Prestige support dynamic secure gateway IP? Will ZyXEL support Secure Remote Management? Does Prestige VPN support NetBIOS broadcast?Where can I configure Phase 1 ID in Prestige? Is the host behind NAT allowed to use IPSec? We presume your environment may look like this How can I keep a tunnel alive? Can Prestige support IPSec passthrough? What is a Wireless LAN ? What are the advantages of Wireless LANs ? What is an Access Point ? What are the disadvantages of Wireless LANs ?Where can you find wireless 802.11 networks ? What is Ieee 802.11 ? What is 802.11g ? What is 802.11b ?What is 802.11a ? How fast is 802.11b ? Can radio signals pass through walls ? What is Wi-Fi ?Does the 802.11 interfere with Bluetooth devices ? What types of devices use the 2.4GHz Band ? How many Access Points are required in a given area ? What is Ad Hoc mode ?What is Infrastructure mode ? What is Direct-Sequence Spread Spectrum Technology Dsss ? What is Server Set ID Ssid ? What is Frequency-hopping Spread Spectrum Technology Fhss ?Why the 2.4 Ghz Frequency range ? What is an Essid ? What is a WEP key ? What is WEP ?What is the difference between 40-bit and 64-bit WEP ? Can the Ssid be encrypted ? What is 802.1x ? What is Wireless Sniffer?What are Insertion Attacks? What is Radius ? What is AAA ?What is WPA ? Trouble Shooting What is WPA-PSK? Online Trace Example TCP/IP 0001 RAW Data Urgent Ptr TCP Data Length=6 Captured=6 0000 20 20 20 20 20 Prestige 2602HWL-D3A Support Notes Be 2F FE EF D0 7637 Checksum = 0x7A12 31250 Urgent Ptr Offline Trace TCP 0000 80 C8 A0-C5 0010 00 ED 0020 1B-18 FA F0 04-05 Prestige 224 Header Length Flags = 0x18 .AP Window Size 8760 Checksum Debug PPPoE Connection Example- a trace with system crashes Prestige 2602HWL-D3A Support Notes Prestige 2602HWL-D3A Support Notes LAN/WAN Packet Trace Trace LAN packet Trace WAN packet Example RAW Data Size 60 Time 12090.210 sec Frame Type TCP = 0xE8ED 0030 22 38 E8 ED 00 00 20 20-20 20 20 FB be 2F FE EF D0 CLI Command List