212 | ZyXEL Communications wireless n gigbit router zyxel specification

Chapter 15 IPSec VPN

Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued)

LABEL	DESCRIPTION
Pre-Shared Key	Type your pre-shared key in this field. A pre-shared key identifies a
	communicating party during a phase 1 IKE negotiation. It is called
	"pre-shared" because you have to share it with another party before
	you can communicate with them over a secure connection.
	Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62
	hexadecimal ("0-9", "A-F") characters. You must precede a
	hexadecimal key with a "0x” (zero x), which is not counted as part of
	the 16 to 62 character range for the key. For example, in
	"0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal
	and “0123456789ABCDEF” is the key itself.
	Both ends of the VPN tunnel must use the same pre-shared key. You
	will receive a “PYLD_MALFORMED” (payload malformed) packet if the
	same pre-shared key is not used on both ends.

IKE Phase 2

Encapsulation	Select Tunnel mode or Transport mode.
Mode

IPSec Protocol	Select the security protocols used for an SA.
	Both AH and ESP increase processing requirements and
	communications latency (delay).
	If you select ESP here, you must select options from the Encryption
	Algorithm and Authentication Algorithm fields (described below).

Encryption	Select which key size and encryption algorithm to use in the IKE SA.
Algorithm	Choices are:
	DES - a 56-bit key with the DES encryption algorithm
	3DES - a 168-bit key with the DES encryption algorithm
	The NBG-460N and the remote IPSec router must use the same
	algorithms and keys. Longer keys require more processing power,
	resulting in increased latency and decreased throughput.

Authentication	Select which hash algorithm to use to authenticate packet data in the
Algorithm	IPSec SA. Choices are SHA1 and MD5. SHA1 is generally considered
	stronger than MD5, but it is also slower.

SA Life Time	Define the length of time before an IPSec SA automatically
	renegotiates in this field. The minimum value is 180 seconds.
	A short SA Life Time increases security by forcing the two VPN
	gateways to update the encryption and authentication keys.
	However, every time the VPN tunnel renegotiates, all users accessing
	remote resources are temporarily disconnected.

212

NBG-460N User’s Guide

Image 212

ZyXEL Communications wireless n gigbit router zyxel manual 212, You can communicate with them over a secure connection

Contents

NBG-460N Page About This Users Guide Intended AudienceRelated Documentation User Guide Feedback About This Users Guide Document Conventions Syntax Conventions Telephone Switch Router Modem Icons Used in FiguresNBG-460N Computer Server Dslam Safety Warnings Safety Warnings NBG-460N User’s Guide Contents Overview Contents Overview NBG-460N User’s Guide Table of Contents Chapter Connection Wizard Part II Network WAN 177 Part IV Management 235 Part V Maintenance and Troubleshooting 261 Part VI Appendices and Index Table of Contents NBG-460N User’s Guide Part Page Applications Getting to Know Your NBG-460NOverview Wireless Applications Router ModeLAN NBG460N AP Mode 3 AP + Bridge Bridge AP + Bridge Application Bridge Application Bridge Loop Two Bridges Connected to Hub Features Available in Router Mode vs. AP Mode Feature Router AP Mode BridgeWays to Manage the NBG-460N Router vs. AP vs. Bridge Power Good Habits for Managing the NBG-460NLEDs Front Panel LEDs Wireless LAN Off Wireless LAN is not ready or has failed This feature Off Device is in normal power modeWAN Wlan Getting to Know Your NBG-460N NBG-460N User’s Guide WPS Button WPS Button NBG-460N User’s Guide Accessing the Web Configurator Introducing the Web ConfiguratorWeb Configurator Overview Change Password Screen Procedure to Use the Reset Button Resetting the NBG-460NNavigating the Web Configurator Icon Description Status Screen in Router ModeStatus Screen Icon Key Scheduler Label DescriptionDhcp Wlan is disabled When the line is disconnectedIs enabled and N/A when the Wlan is disabled Memory Usage Navigation Panel Screens SummaryLink TAB Function LAN NAT DdnsVPN Mgmt Mode As a Router or a Access Point Language Summary Any IP TableSummary Bandwidth Management Monitor Logs View Log Summary Dhcp Table Summary BW Mgmt Monitor Summary Packet Statistics Host Name field Summary VPN Monitor Intervals fieldStop Click Stop to stop refreshing statistics This is the security association index number Summary Wireless Station Status This is the index number of an associated wireless stationAssociation Time NBG-460N’s Wlan network Introducing the Web Configurator NBG-460N User’s Guide Wizard Setup Connection Wizard Connection Wizard System Information System Name Domain Name Underscores are accepted Connection Wizard Wireless LAN Use the same Ssid in order to access the networkThis option is only available if WPS is not enabled Ssid Basic WEP Security Wizard Basic WEP Security Extend WPA-PSK or WPA2-PSK Security WEPAscii HEX Connection Wizard Internet Configuration Pre-SharedKey Do this Ethernet Connection PPPoE ConnectionConnection Description Type Pptp ISP Parameter for Internet Access Pptp Connection ISP Parameters for Internet Access Wizard Pptp Connection Your IP Address WAN IP Address AssignmentUse fixed IP address Provided by your ISP 10.0.0.0 172.16.0.0 192.168.0.0 IP Address and Subnet MaskPrivate IP Address Ranges DNS Server Address Assignment WAN IP and DNS Server Address Assignment Choose an IP address WAN MAC AddressWAN IP Address Assignment Connection Wizard Bandwidth management Wizard WAN MAC Address Connection Wizard Complete Wizard Bandwidth Management Connection Wizard Complete Connection Wizard NBG-460N User’s Guide Internet How to Connect to the Internet from an APTutorials Push Button Configuration NBG460N Example WPS Process PIN Method SSIDExample3 Channel SecurityWPA-PSK Pre-Shared Key ThisismyWPA-PSKpre-sharedkey Configure Your Notebook Tutorial Status AP Mode Connecting a Wireless Client to a Wireless Network Using AP + Bridge Mode and WDS Link Status Configuring Your Bridge Mode Settings WPA2-PSK Pre-Shared Key ThisismyWPA2-PSKpre-sharedkey Site-To-Site VPN Tunnel Tutorial Site-To-Site VPN Tunnel SettingsSetting BOB’S NBG-460N JACK’S NBG-460N Configuring Bob’s NBG-460N VPN Settings Tutorial Property Configuring Jack’s NBG-460N VPN Settings Tutorial Authentication Method Tutorial Property Tutorial Authentication Method Checking the VPN Connection Pinging Jack’s Local IP Address Configuring Bandwidth Management by Application Bandwidth Management for your Network Configuring Bandwidth Management by Custom Application Configuring Bandwidth Allocation by IP or IP Range Fields Services Real Audio Rtsp VDO Live FTP Refer to Appedix F on the Bandwidth Mgnt AP Mode Setting your NBG-460N to AP Mode Status AP Mode Status Screen Display Network Wireless LAN WPS screen System Setting Configuration ModeThis shows the LAN port’s Dhcp role Client or None Schedules Menu AP Mode Or connected Maintenance System General Setting Logs View LogReset the factory defaults to your NBG-460N Mask or to get the LAN IP address from a Dhcp server Sys OP General Configuring Your SettingsLAN Settings Wlan and Maintenance Settings Table below describes the labels in the screen Logging in to the Web Configurator in AP Mode Network Page Wireless LAN Example of a Wireless Network What You Should Know Wireless Security OverviewWhat You Can Do Ssid Types of Encryption for Each Type of Authentication No Authentication Radius Server100 Weakest Stronges t 101 General Wireless LAN ScreenPrintable 7-bit Ascii characters for the wireless LAN No Security 102WPA-PSK and WPA2-PSK are available in this field Select Static WEP , WPA-PSK , WPA , WPA2-PSK or WPA2 to add WEP Encryption 103 WEP keys and displays them in the Key fields below Select 64-bit WEP or 128-bit WEP to enable data encryption104 105 AP or peer computerCorrect WEP key Hex Server, the reauthentication timer on the Radius server has Security Mode field106 Priority 4 WPA/WPA2 107 Has priority Server, the reauthentication timer on the Radius server108 MAC Filter Screen 109 110 MAC Wireless LAN Advanced Screen Quality of Service QoS Screen111 RTS/CTS 112 On page 123 for more informationWMM QoS Policy You want to apply WMM QoS 113 Application Priority ConfigurationConfiguration screen User-Defined 114Mail WPS Screen 115 WPS Station Screen Scheduling Screen116 Push Button 117 Whole dayFollowing times fields Day WDS Screen 118 119 Security Mode Static WEPBetween the NBG-460N and any wireless clients 120 ASCII/HEX Security Mode WPA2-PSK Technical ReferenceRoaming 121 122 Roaming Example Quality of Service 123 WiFi Protected Setup IPod Touch Web Configurator124 WMM QoS Priorities Login Screen 125 System Status 126 127 WAN connection is not working 128 MBM 129 WPS in ProgressPort Forwarding Turn the rule OFF 130Rule is turned on 131 Accessing the iPod Touch Web ConfiguratorAccessing the iPod Touch Web Configurator 132 133 LAN and WAN 134 Configuring Your Internet ConnectionWhat You Need To Know WAN MAC Address Multicast135 Iptv STB Port 136 137 You have one STBYou have two STBs 192.168.1.20 138 NetBIOS over TCP/IPAuto-Bridge 139 Internet ConnectionEthernet Encapsulation 140 AddressDefined changes to None after you click Apply WAN MAC Setting or upload a different ROM file PPPoE Encapsulation141 Select Clone the computers MAC address IP Address and enter All of the LANs computers will have access 142 143 DNS Servers First DNSComputer’s Different ROM file Pptp Encapsulation 144 145 Pptp connection Select Clone the computers MAC address IP Address Advanced WAN Screen146 147 Select Igmp V-1,IGMP V-2 or None When the NBG-460N gets a WAN IP address that is not To be in Router Mode for the Iptv STB port to workIgmp 148 LAN 149 IP Pool Setup LAN IP ScreenLAN TCP/IP 150 LAN TCP/IP LAN IP Alias151 Any IP Setup Advanced LAN Screen152 IP address that you assign. Unless you are implementing LANs, WANs and the ZyXEL Device 153 Any IP 154 155 156 Dhcp 157 158 Dhcp General ScreenDhcp Advanced Screen 159 Select the Enable Dhcp Server check box. When you clearMust have their DNS server addresses manually configured NBG-460Ns system DNS server configured in the WAN Internet Client List Screen160 Select DNS Relay to have the NBG-460N act as a DNS proxy. 161 This is the index number of the host computerHost names. After you click Apply, the MAC address and IP Them 162 Network Address Translation NAT 163 Enable Network Select the check box to enable NATDefault Server Setup General NAT Screen NAT Application Screen 165 166 Fields under Add Application Rule Wake On LAN is enabled167 168 Configuring Servers Behind Port Forwarding ExampleGame List Example NAT Advanced Screen 169 Can establish through the NBG-460N Users may not be able to access the Internet170 LAN that requested the service Trigger Port Forwarding Example171 Traffic to a server on the WAN Two Points To Remember About Trigger Ports 172 173 Dynamic DNSDynDNS Wildcard 174 Enable Dynamic Select this check box to use dynamic DNSDynamic DNS Screen 175 WAN IP address 176 Part 177 178 Firewall 179 180 About the NBG-460N FirewallTriangle Routes Triangle Routes and IP Alias 181 182 Services ScreenGeneral Firewall Screen 183 Icmp 184 Add Firewall Rule screen Add Firewall Rule Screen 185Pool Single IP is selected as the Address Type Address Type Click Clear All to empty the Blocked Services186 187 188 189 Content FilteringContent Filtering Profiles Restrict Web Features 190Keyword Blocking URL Checking Days and Times Filter Screen 191 192 CookiesWeb Proxy Allowed Which content filtering will be enforced Schedule Screen193 Not affected Customizing Keyword Blocking URL Checking 194Domain Name or IP Address URL Checking Full Path URL Checking IPSec VPN 195 IKE SA IKE Phase 1 Overview 196 IPSec SA IKE Phase 2 Overview 197IP Addresses of the NBG-460N and Remote IPSec Router Local Network and Remote Network General Screen 198 VPN Rule Setup Basic 199 Feature to work 200 Secure Gateway Address field set to Enabled201 202 With dynamic WAN IP addresses Your computer in the Local Content field. The NBG-460N203 204 Address field refer to the Secure Gateway Address field VPN Rule Setup Advanced 205 Security VPN General Rule Setup IKE Advanced 206 Select No to disable it 207 208 209 210 211 212 Each IPSec SA. It is more secure but takes more time VPN Rule Setup Manual213 Security VPN General Rule Setup Manual 214 215 216 SPI 217Secure Trailing spaces are truncated SA Monitor Screen218 219 VPN and Remote ManagementIKE SA Proposal Diffie-Hellman DH Key Exchange 220 Authentication VPN Example Matching ID Type and Content221 Remote Ipsec Router 222 Negotiation ModeVPN Example Mismatching ID Type and Content 15.6.6 VPN, NAT, and NAT Traversal 223 224 IPSec ProtocolEncapsulation IPSec SA Proposal and Perfect Forward Secrecy Additional IPSec VPN Topics225 SA Life Time Private DNS Server Encryption and Authentication Algorithms226 227 Private DNS Server Example 228 Management 229 230 Lanwan Static Route231 IP Static Route Screen 232 Static Route Setup Screen 233 234 Bandwidth Management 235FTP Chat, Email General Configuration Screen 236 Mbps 237Management check box Advanced Configuration 238Connected to the WAN port has an upstream speed of 10 Mbps Wlan Bandwidth 239 Low Rule Configuration with the Pre-defined Service 240Wlan to WAN To Wlan Rule Configuration User Defined Service Rule Configuration 241 Monitor Screen 242 Predefined Bandwidth Management Services Media Bandwidth Management Setup ServicesService Description Technical References Default Bandwidth Management Classes and Priorities Bandwidth Management Priority with Default Classes244 Class Type Priority Bandwidth Management Priorities Bandwidth Management Priorities245 246 Remote Management 247 System Timeout Remote Management LimitationsRemote Management and NAT 248 Specify to access the NBG-460N using this service WWW Screen249 Remote management 250 Telnet ScreenFTP Screen DNS Screen 251 252 You specify to send DNS queries to the NBG-460N 253 Universal Plug-and-Play UPnPNAT Traversal UPnP Screen 254 Using UPnP in Windows XP Example 255 256 Network Connections Internet Connection Properties Advanced Settings 257 Web Configurator Easy Access 258 259 Network Connections My Network Places 260 Network Connections My Network Places Properties Example Maintenance Troubleshooting 261 262 263 SystemSystem General Screen 264 Time Setting Screen 265 266 Select User Defined Time Server Address and enter the IP 267 268 Logs 269 Log categories that you selected in the Log Settings View Log Screen270 Display Time and date Log Settings271 Messages will not be sent via e-mail Mail Log Settings Mail Server272 Smtp 273Sent via e-mail System Maintenance Logs Log Descriptions274 LOG Message Description System Error Logs 275 Access Control Logs TCP Reset Logs276 Firewall Attack Alerts screen 277 Packet Filter Logs 278 Icmp Logs UPnP packets can pass through the firewall Content Filtering Logs279 280 Attack Logs 281 IPSec Logs 282 IKE Logs 283 284 802.1X Logs 285PKI Logs ACL Setting Notes 286Packet Direction Description Type Code Description Syslog Logs 287Icmp Notes LOG Display Payload Type 288RFC-2408 Isakmp Payload Types 289 ToolsFirmware Upload Screen Maintenance Tools Firmware 290 Upload Error Message Network Temporarily Disconnected Configuration Screen Backup ConfigurationRestore Configuration Maintenance Restore Configuration Configuration Restore Successful 293 294 Back to Factory DefaultsRestart Screen Indicate either Ready or MAC Address error Wake On LANGreen 295 Maintenance Tools Green 296 Configuration Mode 297 Category Link TAB Advanced Configuration Options298 Sys Op Mode 299 300 Router Maintenance Sys OP Mode General 301 302 Firewall or bandwidth management 303 LanguageLanguage Screen 304 305 TroubleshootingPower, Hardware Connections, and LEDs NBG-460N Access and Login 306 307 Advanced Suggestions Internet Access 308 309 Internet connection is slow or intermittent Resetting the NBG-460N to Its Factory Defaults 310 Wireless Router/AP Troubleshooting 311 Advanced Features 312 Product Specifications and Wall- Mounting Instructions Hardware Features313 PWR, LAN1-4, WAN, WLAN, WPS Firmware Features Such as microwave ovens, wireless phonesBluetooth enabled devices, and other wireless LANs 314 315 Feature Specifications Feature Specification316 Standards Supported Protocol MBM Media Bandwidth Management Wall-mounting Instructions317 318 Masonry Plug and M4 Tap Screw Appendices Index 319 320 321 Disable pop-up BlockersInternet Explorer Pop-up Blockers Enable pop-up Blockers with Exceptions 322 Select Settings…to open the Pop-up Blocker Settings screen 323 JavaScripts 324 325 Internet Options Security Java Permissions 326 327 Java Sun 328 Java Sun 329 Introduction to IP AddressesStructure Subnet Masks 330Subnet Mask Identifying Network Number 1ST 2ND 3RD 4TH Octet 331 Network SizeSubnet Masks Binary 1ST 2ND 3RD 4TH Decimal Octet Notation 332Maximum Host Numbers Alternative Subnet Mask Notation Subnetting 333 Example Four Subnets 334 335 IP/SUBNET Mask Network Number Last Octet BIT Value 336 Example Eight SubnetsSubnet Planning Configuring IP Addresses 33716-bit Network Number Subnet Planning NO. Borrowed Subnet Mask NO. Hosts PER Host Bits Subnets 338 Private IP Addresses Setting up Your Computer’s IP Address 339 340 Installing ComponentsWindows 95/98/Me Configuring 341 Verifying Settings 342 Windows 2000/NT/XP 343 344 Windows XP Control Panel 345 Windows XP Local Area Connection Properties 346 Windows XP Internet Protocol TCP/IP Properties 347 Windows XP Advanced TCP/IP Properties 348 Macintosh OS 8/9 349 350 Macintosh OS 8/9 TCP/IP Macintosh OS 351 352 Using the K Desktop Environment KDELinux 353 Red Hat 9.0 KDE Ethernet Device General Using Configuration Files 354 Red Hat 9.0 Static IP Address Setting in ifconfig-eth0 Red Hat 9.0 DNS Settings in resolv.conf Verifying Settings 356 357 Wireless LAN TopologiesAd-hoc Wireless LAN Configuration Basic Service Set 358 Channel 359 360 RTS/CTS Ieee 802.11g Wireless LAN Fragmentation ThresholdPreamble Type 361 Ieee 362Ieee 802.11g Data Rate Modulation Mbps Types of Authentication 363Types of Radius Messages EAP-MD5 Message-Digest Algorithm EAP-TTLS Tunneled Transport Layer Service 364EAP-TLS Transport Layer Security Peap Protected EAP Comparison of EAP Authentication Types WPA2365 Encryption User Authentication 366 367 27.0.2 WPA2-PSK Application Example27.0.3 WPA2 with Radius Application Example Wireless Security Relational Matrix Authentication Encryptio Enter METHOD/ KEYSecurity Parameters Summary 368 Services 369 Name Protocol Ports Description Examples of Services370 371 372 Copyright Certifications373 Disclaimer 374 FCC Radiation Exposure Statement Viewing Certifications ZyXEL Limited Warranty375 376 Registration Index 377Classes and priorities CTS Clear to Send Encapsulating Security Payload. See ESP 378Essid 379 IKE SAEthernet PPPoE. see also PPP over Ethernet Language Link type 40 Mbssid 380MAC Radius QoS QoS priorities Quality of Service QoS381 Wireless security 98 overview 382 383 Xbox Live ZyNOS 39 384