ZyXEL Communications max208m 150

Chapter 8 Security

8.12.8 Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section

8.12.3on page 146 for more on IKE phases). It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection.

8.12.9Diffie-Hellman (DH) Key Groups

Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys.

150
150	WiMAX Device Configuration User’s Guide

Contents

Copyright © ZyXEL Communications Corporation Page About This User's Guide Document Conventions Page Safety Warnings Contents Overview Page Table of Contents Part I: User’s Guide Chapter System Status WiMAX Network Setting The VoIP General Screens The VoIP Account Screens The VoIP Line Screens Maintenance Page Page Page Introduction to the Series 1.1 About Your WiMAX Device FEATURE FREQUENCY NUMBER OF Figure 1.2 Good Habits for Managing the WiMAX Device Introduction to the Web Configurator 2.1 Overview Table LABEL DESCRIPTION LABELDESCRIPTION 2.2 The Main Screen MENU Page Setup Wizard 3.1 Overview Page Page By Range Start Frequency Page Setup Wizard PHONE Page N mixed None WEP WPA Personal WEP Wizard Setup Tutorials 4.1 Overview 4.2WiMAX Connection Settings 4.3 Setting Up a Small Network for the LAN Network Setting > LAN > DHCP Server Network Setting > WAN Operation Mode 4.4 Making a Telephone Call Over the Internet 4Click VoIP > Account > SIP SIP Account VoIP > Account > Status Connect Register Status 4.5 Blocking Web Access from the WiMAX Device 4.6 Restricting Wireless Access to the WiMAX Device Network Setting Security Firewall MAC Filter Blacklist 4.7 Allowing Internet Users to use Internal Servers Port Forwarding 4.8 Access the WiMAX Device with a Domain Name http://www.dyndns.org UserName1 •Hostname: mywimax.dyndns.org •Service Type: Host with IP address 4.9Configuring Static Route for Routing to Another Network DEVICE / COMPUTER IP ADDRESS 4.10 Remotely Managing Your WiMAX Device 4.11Changing Certificate to Communicate with Other Networks 4.12Using Virtual Networks User Get IP Method WAN IP Address WAN IP Subnet Mask Gateway IP Address Link Type PVID Tag/Untag VID Ports Page LAN1 Page Page Page Page Page Name VID Ports Filter Setting LAN1 Page Page System Status 5.1 Overview 5.2 System Status Table 11 Status Scanning Disconnected Network Entry Normal Disabled Page WiMAX 6.1 Overview AAA Site Survey 6.2 Connection Settings WiMAX > Profile > Connection Settings By CINR 6.3 Frequency Settings WiMAX > Profile > Frequency Settings List By Range WiMAX > Wide Scan screen Setting 6.4 Authentication Settings Page EAP-TLS 6.5 Channel Plan Settings WiMAX > ND&S > Channel Plan Settings 6.6 CAPL Settings WiMAX > ND&S > CAPL Settings: Add 6.7 RAPL Settings 6.8 Home NSP Settings 6.9 Connect Table 20 Connect WiMAX > Profile > Frequency Settings WiMAX > Wide Scan WiMAX > Wide Scan Join Wide Scan Result 6.10 Wide Scan WiMAX > Wide Scan Table 21 Wide Scan 6.11 Link Status 6.12 Link Statistics 6.13 Connection Info 6.14 Service Flow Page Network Setting 7.1 Overview Primary Secondary DNS Server RIP Direction RX/TX RX Only Page 7.2 WAN Figure 43 WAN Screen Table 26 WAN Ethernet From ISP 7.3 PPPoE 7.4 GRE 7.5 EtherIP 7.6 IP 7.7 DHCP 7.8 WLAN Network Setting > WLAN Table 32 WLAN 802.11B/G mixed Auto Personal 7.9 WPS 7.10 MAC Address Filter 7.11 Static Route 7.12 Static Route Add 7.13 RIP Network Setting > Route > RIP Figure 54 RIP Screen Table 37 RIP 7.14 Port Forwarding 7.15 Port Trigger Network Setting > NAT > Port Trigger Page 7.16DMZ 7.17 ALG 7.18 QoS 7.19 UPnP Network Setting > UPnP Table 45 UPnP 1Click Start > Control Panel 2Double-click Network Connections Network Connections Start Control Panel Properties Internet Connection Properties Settings Page 1Click Start and then Control Panel 3Select My Network Places under Other Places Local Network Invoke 7.20 VLAN Network Setting > VLAN Table 46 VLAN Network Setting > WAN Access Trunk 7.21 DDNS Table 47 DDNS IP Update Policy 7.22 IGMP Proxy 7.23 Content Filter Page Security 8.1 Overview 8.2 IP Filter 8.3 MAC Filter 8.4 DDOS Security > Firewall > DDOS Table 52 DDOS 8.5 PPTP VPN Server 8.6 PPTP VPN Client 8.7 PPTP VPN Client: Add Security > PPTP VPN > PPTP Client > Add MPPE 40 MPPE 128 8.8 L2TP VPN Server Page 8.9 L2TP VPN Client 8.10 L2TP VPN Client: Add Security > L2TP VPN > L2TP Client > Add 8.11 IPSec VPN Page Security > IPSec VPN > Add Local ID Type Pre-Shared Key Content Endpoint DES 3DES AES128 AES192 Remote Endpoint Tunnel Transport Authentication Algorithm 8.12 Technical Reference ESP Outside header Inside header 8.12.3IKE Phases DH1 DH2 Negotiation Mode Main Mode Aggressive Mode Main Mode SECURITY PROTOCOL NAT Traversal LOCAL ID TYPE= CONTENT Local ID type Remote ID type E-mail WIMAX DEVICE A Page The VoIP General Screens 9.1 VoIP Overview Page 9.2 Media 9.3 QoS 9.4 SIP Settings 9.5 Speed Dial 9.6 Technical Reference The VoIP Account Screens 10.1 Overview Page Figure 91 STUN 10.2 Status 10.3 Server Registrar 10.4 SIP G.711 aLaw G.711 muLaw • G.729 NONE than the Min Session Timer 10.5 Feature 10.6 Dialing 10.7 FAX 10.8 Technical Reference Page Page Page The VoIP Line Screens 11.1 Overview 11.2 Phone 11.3 Voice 11.4 Region Page Maintenance 12.1 Overview Page Page TRAP # TRAP NAME Basic Access Authentication Digest Access Authentication Hash Message Authentication Code Operator MP3s 12.2 Password 12.3 HTTP 12.4 Telnet 12.5 SSH 12.6 SNMP 12.7 CWMP Maintenance > Remote MGMT > CWMP Figure 110 CWMP Screen Table 86 CWMP 12.8 OMA-DM Basic Server Auth Type Server Auth Type 12.9 Date/Time 12.10 Time Zone 12.11 Upgrade File 12.12 Upgrade Link 12.13 CWMP Upgrade 12.14 Backup/Restore 12.15 Restore 12.16 Factory Defaults 12.17 Log Setting 12.18 Log Display 12.19 Network Test 12.20 Traceroute 12.21 About 12.22 Reboot Page Troubleshooting 13.1Power, Hardware Connections, and LEDs 13.2 WiMAX Device Access and Login 13.3 Internet Access Strength Indicator 13.4 Wireless Internet Access (for Models with WiFi) 13.5Phone Calls and VoIP (for Models with Phone Ports) 13.6 Reset the WiMAX Device to Its Factory Defaults Product Specifications Page Page Page WiMAX Security Page Page Page Importing Certificates 2Click Continue to this website (not recommended) 3In the Address Bar, click Certificate Error > View certificates 4In the Certificate dialog box, click Install Certificate 5In the Certificate Import Wizard, click Next Select Certificate Store 9In the Completing the Certificate Import Wizard screen, click Finish Security Warning Website Identification Page 1Open Internet Explorer and click TOOLS > Internet Options 2In the Internet Options dialog box, click Content > Certificates Certificates Root Certificate Store 2Select Accept this certificate permanently and click OK Page Info > Security 1Open Firefox and click TOOLS > Options 2In the Options dialog box, click ADVANCED > Encryption > View Certificates Select File Page Certificate Manager Web Sites 4In the Delete Web Site Certificates dialog box, click OK Install Security information 1Open Opera and click TOOLS > Preferences 2In Preferences, click ADVANCED > Security > Manage certificates 3In the Certificates Manager, click Authorities > Import Import certificate Open 5In the Install authority certificate dialog box, click Install 2In Preferences, ADVANCED > Security > Manage certificates Certificates manager Authorities 2Click Continue Forever Figure KDE SSL Information 2In the Certificate Import Result - Kleopatra dialog box, click OK Kleopatra 1Open Konqueror and click Settings > Configure Konqueror Configure Crypto Peer SSL Certificates Remove Page Common Services Page Page Page Open Software Announcements Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Legal Information 注意 Page Regulatory Information European Union Page Page Page Page AAA68 CA 69 CCMP 207 70 68 67 Page STUN 158 TTLS 207 ALG 93