Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications wireless n gigbit router zyxel manual 208

Models: wireless n gigbit router zyxel

1 384

Download 384 pages 30.66 Kb

Page 208

Chapter 15 IPSec VPN

Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued)

LABEL	DESCRIPTION
Local Policy	Local IP addresses must be static and correspond to the remote IPSec
	router's configured remote IP addresses.
	Two active SAs can have the same configured local or remote IP
	address, but not both. You can configure multiple SAs between the
	same local and remote IP addresses, as long as only one is active at
	any time.
	In order to have more than one active rule with the Secure Gateway
	Address field set to 0.0.0.0, the ranges of the local IP addresses
	cannot overlap between rules.
	If you configure an active rule with 0.0.0.0 in the Secure Gateway
	Address field and the LAN’s full IP address range as the local IP
	address, then you cannot configure any other active rules with the
	Secure Gateway Address field set to 0.0.0.0.

Local Address	For a single IP address, enter a (static) IP address on the LAN behind
	your NBG-460N.
	For a specific range of IP addresses, enter the beginning (static) IP
	address, in a range of computers on your LAN behind your NBG-
	460N.
	To specify IP addresses on a network by their subnet mask, enter a
	(static) IP address on the LAN behind your NBG-460N.

Local Address End	When the local IP address is a single address, type it a second time
/Mask	here.
	When the local IP address is a range, enter the end (static) IP
	address, in a range of computers on the LAN behind your NBG-460N.
	When the local IP address is a subnet address, enter a subnet mask
	on the LAN behind your NBG-460N.

Local Port Start	0 is the default and signifies any port. Type a port number from 0 to
	65535. Some of the most common IP ports are: 21, FTP; 53, DNS;
	23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.

Local Port End	Enter a port number in this field to define a port range. This port
	number must be greater than that specified in the previous field. If
	Local Port Start is left at 0, Local Port End will also remain at 0.

Remote Policy	Remote IP addresses must be static and correspond to the remote
	IPSec router's configured local IP addresses. The remote fields do not
	apply when the Secure Gateway IP Address field is configured to
	0.0.0.0. In this case only the remote IPSec router can initiate the
	VPN.
	Two active SAs cannot have the local and remote IP address(es) both
	the same. Two active SAs can have the same local or remote IP
	address, but not both. You can configure multiple SAs between the
	same local and remote IP addresses, as long as only one is active at
	any time.

208

NBG-460N User’s Guide

Image 208

ZyXEL Communications wireless n gigbit router zyxel manual 208

Contents

NBG-460N Page About This Users Guide Intended AudienceRelated Documentation User Guide FeedbackAbout This Users Guide Document Conventions Syntax ConventionsTelephone Switch Router Modem Icons Used in FiguresNBG-460N Computer Server DslamSafety Warnings Safety Warnings NBG-460N User’s Guide Contents Overview Contents Overview NBG-460N User’s Guide Table of Contents Chapter Connection Wizard Part II Network WAN 177 Part IV Management 235 Part V Maintenance and Troubleshooting 261 Part VI Appendices and Index Table of Contents NBG-460N User’s Guide Part Page Overview Getting to Know Your NBG-460NApplications Wireless Applications Router ModeLAN NBG460NAP Mode 3 AP + BridgeBridge AP + Bridge ApplicationBridge Application Bridge Loop Two Bridges Connected to Hub Features Available in Router Mode vs. AP Mode Feature Router AP Mode BridgeWays to Manage the NBG-460N Router vs. AP vs. BridgePower Good Habits for Managing the NBG-460NLEDs Front Panel LEDsWireless LAN Off Wireless LAN is not ready or has failed This feature Off Device is in normal power modeWAN WlanGetting to Know Your NBG-460N NBG-460N User’s Guide WPS Button WPS Button NBG-460N User’s Guide Web Configurator Overview Introducing the Web ConfiguratorAccessing the Web Configurator Change Password Screen Navigating the Web Configurator Resetting the NBG-460NProcedure to Use the Reset Button Status Screen Icon Key Status Screen in Router ModeIcon Description Dhcp Label DescriptionScheduler Wlan is disabled When the line is disconnectedIs enabled and N/A when the Wlan is disabled Memory UsageNavigation Panel Screens SummaryLink TAB Function LANNAT DdnsVPN MgmtMode As a Router or a Access Point Language Summary Any IP TableSummary Bandwidth Management Monitor Logs View LogSummary Dhcp Table Summary BW Mgmt MonitorSummary Packet Statistics Host Name fieldSummary VPN Monitor Intervals fieldStop Click Stop to stop refreshing statistics This is the security association index numberSummary Wireless Station Status This is the index number of an associated wireless stationAssociation Time NBG-460N’s Wlan networkIntroducing the Web Configurator NBG-460N User’s Guide Wizard Setup Connection WizardConnection Wizard System Information System NameDomain Name Underscores are acceptedConnection Wizard Wireless LAN Use the same Ssid in order to access the networkThis option is only available if WPS is not enabled SsidBasic WEP Security Wizard Basic WEP SecurityExtend WPA-PSK or WPA2-PSK Security WEPAscii HEXConnection Wizard Internet Configuration Pre-SharedKey Do thisEthernet Connection PPPoE ConnectionConnection Description Type PptpISP Parameter for Internet Access Pptp ConnectionISP Parameters for Internet Access Wizard Pptp ConnectionYour IP Address WAN IP Address AssignmentUse fixed IP address Provided by your ISPPrivate IP Address Ranges IP Address and Subnet Mask10.0.0.0 172.16.0.0 192.168.0.0 DNS Server Address Assignment WAN IP and DNS Server Address AssignmentWAN IP Address Assignment WAN MAC AddressChoose an IP address Connection Wizard Bandwidth management Wizard WAN MAC AddressConnection Wizard Complete Wizard Bandwidth ManagementConnection Wizard Complete Connection Wizard NBG-460N User’s Guide Tutorials How to Connect to the Internet from an APInternet Push Button Configuration NBG460N Example WPS Process PIN Method SSIDExample3 Channel SecurityWPA-PSK Pre-Shared Key ThisismyWPA-PSKpre-sharedkeyConfigure Your Notebook Tutorial Status AP ModeConnecting a Wireless Client to a Wireless Network Using AP + Bridge Mode and WDS Link StatusConfiguring Your Bridge Mode Settings WPA2-PSK Pre-Shared Key ThisismyWPA2-PSKpre-sharedkeySetting BOB’S NBG-460N JACK’S NBG-460N Site-To-Site VPN Tunnel SettingsSite-To-Site VPN Tunnel Tutorial Configuring Bob’s NBG-460N VPN Settings Tutorial PropertyConfiguring Jack’s NBG-460N VPN Settings Tutorial Authentication MethodTutorial Property Tutorial Authentication Method Checking the VPN Connection Pinging Jack’s Local IP AddressConfiguring Bandwidth Management by Application Bandwidth Management for your NetworkConfiguring Bandwidth Management by Custom Application Configuring Bandwidth Allocation by IP or IP RangeFields Services Real Audio Rtsp VDO Live FTP Refer to Appedix F on the Bandwidth Mgnt AP Mode Setting your NBG-460N to AP ModeStatus AP Mode Status ScreenDisplay Network Wireless LAN WPS screen System Setting Configuration ModeThis shows the LAN port’s Dhcp role Client or None SchedulesMenu AP Mode Or connectedMaintenance System General Setting Logs View LogReset the factory defaults to your NBG-460N Mask or to get the LAN IP address from a Dhcp serverLAN Settings Configuring Your SettingsSys OP General Wlan and Maintenance Settings Table below describes the labels in the screenLogging in to the Web Configurator in AP Mode Network Page Wireless LAN Example of a Wireless NetworkWhat You Can Do Wireless Security OverviewWhat You Should Know Ssid Types of Encryption for Each Type of Authentication No Authentication Radius Server100 Weakest Stronges tPrintable 7-bit Ascii characters for the wireless LAN General Wireless LAN Screen101 No Security 102WPA-PSK and WPA2-PSK are available in this field Select Static WEP , WPA-PSK , WPA , WPA2-PSK or WPA2 to addWEP Encryption 103104 Select 64-bit WEP or 128-bit WEP to enable data encryptionWEP keys and displays them in the Key fields below 105 AP or peer computerCorrect WEP key HexServer, the reauthentication timer on the Radius server has Security Mode field106 Priority4 WPA/WPA2 107108 Server, the reauthentication timer on the Radius serverHas priority MAC Filter Screen 109110 MACWireless LAN Advanced Screen Quality of Service QoS Screen111 RTS/CTS112 On page 123 for more informationWMM QoS Policy You want to apply WMM QoSConfiguration screen Application Priority Configuration113 Mail 114User-Defined WPS Screen 115WPS Station Screen Scheduling Screen116 Push Button117 Whole dayFollowing times fields DayWDS Screen 118Between the NBG-460N and any wireless clients Security Mode Static WEP119 120 ASCII/HEXSecurity Mode WPA2-PSK Technical ReferenceRoaming 121122 Roaming ExampleQuality of Service 123WiFi Protected Setup IPod Touch Web Configurator124 WMM QoS PrioritiesLogin Screen 125System Status 126127 WAN connection is not working128 MBMPort Forwarding WPS in Progress129 Rule is turned on 130Turn the rule OFF Accessing the iPod Touch Web Configurator Accessing the iPod Touch Web Configurator131 132 133 LAN and WANWhat You Need To Know Configuring Your Internet Connection134 135 MulticastWAN MAC Address Iptv STB Port 136137 You have one STBYou have two STBs 192.168.1.20Auto-Bridge NetBIOS over TCP/IP138 Ethernet Encapsulation Internet Connection139 140 AddressDefined changes to None after you click Apply WAN MACSetting or upload a different ROM file PPPoE Encapsulation141 Select Clone the computers MAC address IP Address and enterAll of the LANs computers will have access 142143 DNS Servers First DNSComputer’s Different ROM filePptp Encapsulation 144145 Pptp connection146 Advanced WAN ScreenSelect Clone the computers MAC address IP Address 147 Select Igmp V-1,IGMP V-2 or NoneWhen the NBG-460N gets a WAN IP address that is not To be in Router Mode for the Iptv STB port to workIgmp 148LAN 149IP Pool Setup LAN IP ScreenLAN TCP/IP 150151 LAN IP AliasLAN TCP/IP Any IP Setup Advanced LAN Screen152 IP address that you assign. Unless you are implementingLANs, WANs and the ZyXEL Device 153Any IP 154155 156 Dhcp 157Dhcp Advanced Screen Dhcp General Screen158 Must have their DNS server addresses manually configured Select the Enable Dhcp Server check box. When you clear159 NBG-460Ns system DNS server configured in the WAN Internet Client List Screen160 Select DNS Relay to have the NBG-460N act as a DNS proxy.161 This is the index number of the host computerHost names. After you click Apply, the MAC address and IP Them162 Network Address Translation NAT 163Enable Network Select the check box to enable NATDefault Server Setup General NAT ScreenNAT Application Screen 165166 167 Wake On LAN is enabledFields under Add Application Rule Game List Example Configuring Servers Behind Port Forwarding Example168 NAT Advanced Screen 169170 Users may not be able to access the InternetCan establish through the NBG-460N LAN that requested the service Trigger Port Forwarding Example171 Traffic to a server on the WANTwo Points To Remember About Trigger Ports 172DynDNS Wildcard Dynamic DNS173 Dynamic DNS Screen Enable Dynamic Select this check box to use dynamic DNS174 175 WAN IP address176 Part 177178 Firewall 179Triangle Routes About the NBG-460N Firewall180 Triangle Routes and IP Alias 181General Firewall Screen Services Screen182 183 Icmp184 Add Firewall Rule screenAdd Firewall Rule Screen 185Pool Single IP is selected as the Address Type186 Click Clear All to empty the Blocked ServicesAddress Type 187 188 Content Filtering Profiles Content Filtering189 Restrict Web Features 190Keyword Blocking URL Checking Days and TimesFilter Screen 191192 CookiesWeb Proxy AllowedWhich content filtering will be enforced Schedule Screen193 Not affectedCustomizing Keyword Blocking URL Checking 194Domain Name or IP Address URL Checking Full Path URL CheckingIPSec VPN 195IKE SA IKE Phase 1 Overview 196IPSec SA IKE Phase 2 Overview 197IP Addresses of the NBG-460N and Remote IPSec Router Local Network and Remote NetworkGeneral Screen 198VPN Rule Setup Basic 199Feature to work 200201 EnabledSecure Gateway Address field set to 202 203 Your computer in the Local Content field. The NBG-460NWith dynamic WAN IP addresses 204 Address field refer to the Secure Gateway Address fieldVPN Rule Setup Advanced 205Security VPN General Rule Setup IKE Advanced 206Select No to disable it 207208 209 210 211 212 213 VPN Rule Setup ManualEach IPSec SA. It is more secure but takes more time Security VPN General Rule Setup Manual 214215 216 Secure 217SPI 218 SA Monitor ScreenTrailing spaces are truncated IKE SA Proposal VPN and Remote Management219 Diffie-Hellman DH Key Exchange 220Authentication VPN Example Matching ID Type and Content221 Remote Ipsec RouterVPN Example Mismatching ID Type and Content Negotiation Mode222 15.6.6 VPN, NAT, and NAT Traversal 223Encapsulation IPSec Protocol224 IPSec SA Proposal and Perfect Forward Secrecy Additional IPSec VPN Topics225 SA Life Time226 Encryption and Authentication AlgorithmsPrivate DNS Server 227 Private DNS Server Example228 Management 229230 231 Static RouteLanwan IP Static Route Screen 232Static Route Setup Screen 233234 Bandwidth Management 235FTP Chat, EmailGeneral Configuration Screen 236Management check box 237Mbps Advanced Configuration 238Connected to the WAN port has an upstream speed of 10 Mbps Wlan Bandwidth239 LowRule Configuration with the Pre-defined Service 240Wlan to WAN To WlanRule Configuration User Defined Service Rule Configuration 241Monitor Screen 242Predefined Bandwidth Management Services Media Bandwidth Management Setup ServicesService Description Technical ReferencesDefault Bandwidth Management Classes and Priorities Bandwidth Management Priority with Default Classes244 Class Type Priority245 Bandwidth Management PrioritiesBandwidth Management Priorities 246 Remote Management 247System Timeout Remote Management LimitationsRemote Management and NAT 248Specify to access the NBG-460N using this service WWW Screen249 Remote managementFTP Screen Telnet Screen250 DNS Screen 251252 You specify to send DNS queries to the NBG-460NNAT Traversal Universal Plug-and-Play UPnP253 UPnP Screen 254Using UPnP in Windows XP Example 255256 Network ConnectionsInternet Connection Properties Advanced Settings 257Web Configurator Easy Access 258259 Network Connections My Network Places260 Network Connections My Network Places Properties ExampleMaintenance Troubleshooting 261262 System General Screen System263 264 Time Setting Screen 265266 Select User Defined Time Server Address and enter the IP267 268 Logs 269Log categories that you selected in the Log Settings View Log Screen270 Display271 Log SettingsTime and date 272 Mail Log Settings Mail ServerMessages will not be sent via e-mail Sent via e-mail 273Smtp System Maintenance Logs Log Descriptions274 LOG Message DescriptionSystem Error Logs 275Access Control Logs TCP Reset Logs276 Firewall Attack Alerts screen277 Packet Filter Logs278 Icmp Logs279 Content Filtering LogsUPnP packets can pass through the firewall 280 Attack Logs281 IPSec Logs282 IKE Logs283 284 PKI Logs 285802.1X Logs ACL Setting Notes 286Packet Direction Description Type Code DescriptionIcmp Notes 287Syslog Logs RFC-2408 Isakmp Payload Types 288LOG Display Payload Type Firmware Upload Screen Tools289 Maintenance Tools Firmware 290Upload Error Message Network Temporarily DisconnectedConfiguration Screen Backup ConfigurationRestore Configuration Maintenance Restore ConfigurationConfiguration Restore Successful 293Restart Screen Back to Factory Defaults294 Indicate either Ready or MAC Address error Wake On LANGreen 295Maintenance Tools Green 296Configuration Mode 297298 Advanced Configuration OptionsCategory Link TAB Sys Op Mode 299300 RouterMaintenance Sys OP Mode General 301302 Firewall or bandwidth managementLanguage Screen Language303 304 Power, Hardware Connections, and LEDs Troubleshooting305 NBG-460N Access and Login 306307 Advanced SuggestionsInternet Access 308309 Internet connection is slow or intermittentResetting the NBG-460N to Its Factory Defaults 310Wireless Router/AP Troubleshooting 311Advanced Features 312Product Specifications and Wall- Mounting Instructions Hardware Features313 PWR, LAN1-4, WAN, WLAN, WPSFirmware Features Such as microwave ovens, wireless phonesBluetooth enabled devices, and other wireless LANs 314315 Feature Specifications Feature Specification316 Standards Supported317 Wall-mounting InstructionsProtocol MBM Media Bandwidth Management 318 Masonry Plug and M4 Tap ScrewAppendices Index 319320 Internet Explorer Pop-up Blockers Disable pop-up Blockers321 Enable pop-up Blockers with Exceptions 322Select Settings…to open the Pop-up Blocker Settings screen 323JavaScripts 324325 Internet Options SecurityJava Permissions 326327 Java Sun328 Java SunStructure Introduction to IP Addresses329 Subnet Masks 330Subnet Mask Identifying Network Number 1ST 2ND 3RD 4TH Octet331 Network SizeSubnet Masks Binary 1ST 2ND 3RD 4TH Decimal OctetNotation 332Maximum Host Numbers Alternative Subnet Mask NotationSubnetting 333Example Four Subnets 334335 IP/SUBNET Mask Network Number Last Octet BIT ValueSubnet Planning Example Eight Subnets336 Configuring IP Addresses 33716-bit Network Number Subnet Planning NO. Borrowed Subnet Mask NO. Hosts PER Host Bits Subnets338 Private IP AddressesSetting up Your Computer’s IP Address 339Windows 95/98/Me Installing Components340 Configuring 341Verifying Settings 342Windows 2000/NT/XP 343344 Windows XP Control Panel345 Windows XP Local Area Connection Properties346 Windows XP Internet Protocol TCP/IP Properties347 Windows XP Advanced TCP/IP Properties348 Macintosh OS 8/9 349350 Macintosh OS 8/9 TCP/IPMacintosh OS 351Linux Using the K Desktop Environment KDE352 353 Red Hat 9.0 KDE Ethernet Device GeneralUsing Configuration Files 354Red Hat 9.0 Static IP Address Setting in ifconfig-eth0 Red Hat 9.0 DNS Settings in resolv.confVerifying Settings 356Ad-hoc Wireless LAN Configuration Wireless LAN Topologies357 Basic Service Set 358Channel 359360 RTS/CTSIeee 802.11g Wireless LAN Fragmentation ThresholdPreamble Type 361Ieee 362Ieee 802.11g Data Rate Modulation MbpsTypes of Authentication 363Types of Radius Messages EAP-MD5 Message-Digest AlgorithmEAP-TTLS Tunneled Transport Layer Service 364EAP-TLS Transport Layer Security Peap Protected EAPComparison of EAP Authentication Types WPA2365 EncryptionUser Authentication 36627.0.3 WPA2 with Radius Application Example 27.0.2 WPA2-PSK Application Example367 Wireless Security Relational Matrix Authentication Encryptio Enter METHOD/ KEYSecurity Parameters Summary 368Services 369370 Examples of ServicesName Protocol Ports Description 371 372 Copyright Certifications373 Disclaimer374 FCC Radiation Exposure Statement375 ZyXEL Limited WarrantyViewing Certifications 376 RegistrationIndex 377Classes and priorities CTS Clear to SendEssid 378Encapsulating Security Payload. See ESP 379 IKE SAEthernet PPPoE. see also PPP over Ethernet Language Link type 40MAC 380Mbssid 381 QoS QoS priorities Quality of Service QoSRadius Wireless security 98 overview 382383 Xbox Live ZyNOS 39384