218 | ZyXEL Communications wireless n gigbit router zyxel specs

Chapter 15 IPSec VPN

Table 70 Security > VPN > General > Rule Setup: Manual (continued)

LABEL	DESCRIPTION
Authentication	Select which hash algorithm to use to authenticate packet data in the
Algorithm	IPSec SA. Choices are SHA1 and MD5. SHA1 is generally considered
	stronger than MD5, but it is also slower.

Authentication	Type a unique authentication key to be used by IPSec if applicable.
Key	Enter 16 characters for MD5 authentication or 20 characters for SHA-1
	authentication. Any characters may be used, including spaces, but
	trailing spaces are truncated.

Apply	Click Apply to save your changes back to the NBG-460N.

Reset	Click Reset to begin configuring this screen afresh.

Cancel	Click Cancel to exit the screen without making any changes.

15.5 The SA Monitor Screen

In the Web Configurator, click Security > VPN > SA Monitor. Use this screen to display and manage active VPN connections.

A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections.

Figure 135 Security > VPN > SA Monitor

The following table describes the labels in this screen.

Table 71 Security > VPN > SA Monitor

LABEL	DESCRIPTION
#	This is the security association index number.

Name	This field displays the identification name for this VPN policy.

Encapsulation	This field displays Tunnel or Transport mode.

IPSec Algorithm	This field displays the security protocols used for an SA.
	Both AH and ESP increase NBG-460N processing requirements and
	communications latency (delay).

Refresh	Click Refresh to display the current active VPN connection(s).

218

NBG-460N User’s Guide

Image 218

ZyXEL Communications wireless n gigbit router zyxel manual SA Monitor Screen, 218, Trailing spaces are truncated

Contents

NBG-460N Page Related Documentation About This Users GuideIntended Audience User Guide Feedback About This Users Guide Document Conventions Syntax Conventions NBG-460N Computer Server Telephone Switch Router ModemIcons Used in Figures Dslam Safety Warnings Safety Warnings NBG-460N User’s Guide Contents Overview Contents Overview NBG-460N User’s Guide Table of Contents Chapter Connection Wizard Part II Network WAN 177 Part IV Management 235 Part V Maintenance and Troubleshooting 261 Part VI Appendices and Index Table of Contents NBG-460N User’s Guide Part Page Applications Getting to Know Your NBG-460NOverview LAN Wireless ApplicationsRouter Mode NBG460N AP Mode 3 AP + Bridge Bridge AP + Bridge Application Bridge Application Bridge Loop Two Bridges Connected to Hub Ways to Manage the NBG-460N Features Available in Router Mode vs. AP ModeFeature Router AP Mode Bridge Router vs. AP vs. Bridge LEDs PowerGood Habits for Managing the NBG-460N Front Panel LEDs WAN Wireless LAN Off Wireless LAN is not ready or has failedThis feature Off Device is in normal power mode Wlan Getting to Know Your NBG-460N NBG-460N User’s Guide WPS Button WPS Button NBG-460N User’s Guide Accessing the Web Configurator Introducing the Web ConfiguratorWeb Configurator Overview Change Password Screen Procedure to Use the Reset Button Resetting the NBG-460NNavigating the Web Configurator Icon Description Status Screen in Router ModeStatus Screen Icon Key Scheduler Label DescriptionDhcp Is enabled and N/A when the Wlan is disabled Wlan is disabledWhen the line is disconnected Memory Usage Link TAB Function Navigation PanelScreens Summary LAN VPN NATDdns Mgmt Summary Bandwidth Management Monitor Mode As a Router or a Access Point LanguageSummary Any IP Table Logs View Log Summary Dhcp Table Summary BW Mgmt Monitor Summary Packet Statistics Host Name field Stop Click Stop to stop refreshing statistics Summary VPN MonitorIntervals field This is the security association index number Association Time Summary Wireless Station StatusThis is the index number of an associated wireless station NBG-460N’s Wlan network Introducing the Web Configurator NBG-460N User’s Guide Wizard Setup Connection Wizard Connection Wizard System Information System Name Domain Name Underscores are accepted This option is only available if WPS is not enabled Connection Wizard Wireless LANUse the same Ssid in order to access the network Ssid Basic WEP Security Wizard Basic WEP Security Ascii Extend WPA-PSK or WPA2-PSK SecurityWEP HEX Key Connection Wizard Internet ConfigurationPre-Shared Do this Connection Description Type Ethernet ConnectionPPPoE Connection Pptp ISP Parameter for Internet Access Pptp Connection ISP Parameters for Internet Access Wizard Pptp Connection Use fixed IP address Your IP AddressWAN IP Address Assignment Provided by your ISP 10.0.0.0 172.16.0.0 192.168.0.0 IP Address and Subnet MaskPrivate IP Address Ranges DNS Server Address Assignment WAN IP and DNS Server Address Assignment Choose an IP address WAN MAC AddressWAN IP Address Assignment Connection Wizard Bandwidth management Wizard WAN MAC Address Connection Wizard Complete Wizard Bandwidth Management Connection Wizard Complete Connection Wizard NBG-460N User’s Guide Internet How to Connect to the Internet from an APTutorials Push Button Configuration NBG460N Example WPS Process PIN Method WPA-PSK SSIDExample3Channel Security Pre-Shared Key ThisismyWPA-PSKpre-sharedkey Configure Your Notebook Tutorial Status AP Mode Connecting a Wireless Client to a Wireless Network Using AP + Bridge Mode and WDS Link Status Configuring Your Bridge Mode Settings WPA2-PSK Pre-Shared Key ThisismyWPA2-PSKpre-sharedkey Site-To-Site VPN Tunnel Tutorial Site-To-Site VPN Tunnel SettingsSetting BOB’S NBG-460N JACK’S NBG-460N Configuring Bob’s NBG-460N VPN Settings Tutorial Property Configuring Jack’s NBG-460N VPN Settings Tutorial Authentication Method Tutorial Property Tutorial Authentication Method Checking the VPN Connection Pinging Jack’s Local IP Address Configuring Bandwidth Management by Application Bandwidth Management for your Network Configuring Bandwidth Management by Custom Application Configuring Bandwidth Allocation by IP or IP Range Fields Services Real Audio Rtsp VDO Live FTP Refer to Appedix F on the Bandwidth Mgnt AP Mode Setting your NBG-460N to AP Mode Status AP Mode Status Screen This shows the LAN port’s Dhcp role Client or None Display Network Wireless LAN WPS screenSystem Setting Configuration Mode Schedules Menu AP Mode Or connected Reset the factory defaults to your NBG-460N Maintenance System GeneralSetting Logs View Log Mask or to get the LAN IP address from a Dhcp server Sys OP General Configuring Your SettingsLAN Settings Wlan and Maintenance Settings Table below describes the labels in the screen Logging in to the Web Configurator in AP Mode Network Page Wireless LAN Example of a Wireless Network What You Should Know Wireless Security OverviewWhat You Can Do Ssid 100 Types of Encryption for Each Type of AuthenticationNo Authentication Radius Server Weakest Stronges t 101 General Wireless LAN ScreenPrintable 7-bit Ascii characters for the wireless LAN WPA-PSK and WPA2-PSK are available in this field No Security102 Select Static WEP , WPA-PSK , WPA , WPA2-PSK or WPA2 to add WEP Encryption 103 WEP keys and displays them in the Key fields below Select 64-bit WEP or 128-bit WEP to enable data encryption104 Correct WEP key 105AP or peer computer Hex 106 Server, the reauthentication timer on the Radius server hasSecurity Mode field Priority 4 WPA/WPA2 107 Has priority Server, the reauthentication timer on the Radius server108 MAC Filter Screen 109 110 MAC 111 Wireless LAN Advanced ScreenQuality of Service QoS Screen RTS/CTS WMM QoS Policy 112On page 123 for more information You want to apply WMM QoS 113 Application Priority ConfigurationConfiguration screen User-Defined 114Mail WPS Screen 115 116 WPS Station ScreenScheduling Screen Push Button Following times fields 117Whole day Day WDS Screen 118 119 Security Mode Static WEPBetween the NBG-460N and any wireless clients 120 ASCII/HEX Roaming Security Mode WPA2-PSKTechnical Reference 121 122 Roaming Example Quality of Service 123 124 WiFi Protected SetupIPod Touch Web Configurator WMM QoS Priorities Login Screen 125 System Status 126 127 WAN connection is not working 128 MBM 129 WPS in ProgressPort Forwarding Turn the rule OFF 130Rule is turned on 131 Accessing the iPod Touch Web ConfiguratorAccessing the iPod Touch Web Configurator 132 133 LAN and WAN 134 Configuring Your Internet ConnectionWhat You Need To Know WAN MAC Address Multicast135 Iptv STB Port 136 You have two STBs 137You have one STB 192.168.1.20 138 NetBIOS over TCP/IPAuto-Bridge 139 Internet ConnectionEthernet Encapsulation Defined changes to None after you click Apply 140Address WAN MAC 141 Setting or upload a different ROM filePPPoE Encapsulation Select Clone the computers MAC address IP Address and enter All of the LANs computers will have access 142 Computer’s 143DNS Servers First DNS Different ROM file Pptp Encapsulation 144 145 Pptp connection Select Clone the computers MAC address IP Address Advanced WAN Screen146 147 Select Igmp V-1,IGMP V-2 or None Igmp When the NBG-460N gets a WAN IP address that is notTo be in Router Mode for the Iptv STB port to work 148 LAN 149 LAN TCP/IP IP Pool SetupLAN IP Screen 150 LAN TCP/IP LAN IP Alias151 152 Any IP SetupAdvanced LAN Screen IP address that you assign. Unless you are implementing LANs, WANs and the ZyXEL Device 153 Any IP 154 155 156 Dhcp 157 158 Dhcp General ScreenDhcp Advanced Screen 159 Select the Enable Dhcp Server check box. When you clearMust have their DNS server addresses manually configured 160 NBG-460Ns system DNS server configured in the WAN InternetClient List Screen Select DNS Relay to have the NBG-460N act as a DNS proxy. Host names. After you click Apply, the MAC address and IP 161This is the index number of the host computer Them 162 Network Address Translation NAT 163 Default Server Setup Enable NetworkSelect the check box to enable NAT General NAT Screen NAT Application Screen 165 166 Fields under Add Application Rule Wake On LAN is enabled167 168 Configuring Servers Behind Port Forwarding ExampleGame List Example NAT Advanced Screen 169 Can establish through the NBG-460N Users may not be able to access the Internet170 171 LAN that requested the serviceTrigger Port Forwarding Example Traffic to a server on the WAN Two Points To Remember About Trigger Ports 172 173 Dynamic DNSDynDNS Wildcard 174 Enable Dynamic Select this check box to use dynamic DNSDynamic DNS Screen 175 WAN IP address 176 Part 177 178 Firewall 179 180 About the NBG-460N FirewallTriangle Routes Triangle Routes and IP Alias 181 182 Services ScreenGeneral Firewall Screen 183 Icmp 184 Add Firewall Rule screen Pool Add Firewall Rule Screen185 Single IP is selected as the Address Type Address Type Click Clear All to empty the Blocked Services186 187 188 189 Content FilteringContent Filtering Profiles Keyword Blocking URL Checking Restrict Web Features190 Days and Times Filter Screen 191 Web Proxy 192Cookies Allowed 193 Which content filtering will be enforcedSchedule Screen Not affected Domain Name or IP Address URL Checking Customizing Keyword Blocking URL Checking194 Full Path URL Checking IPSec VPN 195 IKE SA IKE Phase 1 Overview 196 IP Addresses of the NBG-460N and Remote IPSec Router IPSec SA IKE Phase 2 Overview197 Local Network and Remote Network General Screen 198 VPN Rule Setup Basic 199 Feature to work 200 Secure Gateway Address field set to Enabled201 202 With dynamic WAN IP addresses Your computer in the Local Content field. The NBG-460N203 204 Address field refer to the Secure Gateway Address field VPN Rule Setup Advanced 205 Security VPN General Rule Setup IKE Advanced 206 Select No to disable it 207 208 209 210 211 212 Each IPSec SA. It is more secure but takes more time VPN Rule Setup Manual213 Security VPN General Rule Setup Manual 214 215 216 SPI 217Secure Trailing spaces are truncated SA Monitor Screen218 219 VPN and Remote ManagementIKE SA Proposal Diffie-Hellman DH Key Exchange 220 221 AuthenticationVPN Example Matching ID Type and Content Remote Ipsec Router 222 Negotiation ModeVPN Example Mismatching ID Type and Content 15.6.6 VPN, NAT, and NAT Traversal 223 224 IPSec ProtocolEncapsulation 225 IPSec SA Proposal and Perfect Forward SecrecyAdditional IPSec VPN Topics SA Life Time Private DNS Server Encryption and Authentication Algorithms226 227 Private DNS Server Example 228 Management 229 230 Lanwan Static Route231 IP Static Route Screen 232 Static Route Setup Screen 233 234 FTP Bandwidth Management235 Chat, Email General Configuration Screen 236 Mbps 237Management check box Connected to the WAN port has an upstream speed of 10 Mbps Advanced Configuration238 Wlan Bandwidth 239 Low Wlan to WAN Rule Configuration with the Pre-defined Service240 To Wlan Rule Configuration User Defined Service Rule Configuration 241 Monitor Screen 242 Service Description Predefined Bandwidth Management ServicesMedia Bandwidth Management Setup Services Technical References 244 Default Bandwidth Management Classes and PrioritiesBandwidth Management Priority with Default Classes Class Type Priority Bandwidth Management Priorities Bandwidth Management Priorities245 246 Remote Management 247 Remote Management and NAT System TimeoutRemote Management Limitations 248 249 Specify to access the NBG-460N using this serviceWWW Screen Remote management 250 Telnet ScreenFTP Screen DNS Screen 251 252 You specify to send DNS queries to the NBG-460N 253 Universal Plug-and-Play UPnPNAT Traversal UPnP Screen 254 Using UPnP in Windows XP Example 255 256 Network Connections Internet Connection Properties Advanced Settings 257 Web Configurator Easy Access 258 259 Network Connections My Network Places 260 Network Connections My Network Places Properties Example Maintenance Troubleshooting 261 262 263 SystemSystem General Screen 264 Time Setting Screen 265 266 Select User Defined Time Server Address and enter the IP 267 268 Logs 269 270 Log categories that you selected in the Log SettingsView Log Screen Display Time and date Log Settings271 Messages will not be sent via e-mail Mail Log Settings Mail Server272 Smtp 273Sent via e-mail 274 System Maintenance LogsLog Descriptions LOG Message Description System Error Logs 275 276 Access Control LogsTCP Reset Logs Firewall Attack Alerts screen 277 Packet Filter Logs 278 Icmp Logs UPnP packets can pass through the firewall Content Filtering Logs279 280 Attack Logs 281 IPSec Logs 282 IKE Logs 283 284 802.1X Logs 285PKI Logs Packet Direction Description ACL Setting Notes286 Type Code Description Syslog Logs 287Icmp Notes LOG Display Payload Type 288RFC-2408 Isakmp Payload Types 289 ToolsFirmware Upload Screen Maintenance Tools Firmware 290 Upload Error Message Network Temporarily Disconnected Restore Configuration Configuration ScreenBackup Configuration Maintenance Restore Configuration Configuration Restore Successful 293 294 Back to Factory DefaultsRestart Screen Green Indicate either Ready or MAC Address errorWake On LAN 295 Maintenance Tools Green 296 Configuration Mode 297 Category Link TAB Advanced Configuration Options298 Sys Op Mode 299 300 Router Maintenance Sys OP Mode General 301 302 Firewall or bandwidth management 303 LanguageLanguage Screen 304 305 TroubleshootingPower, Hardware Connections, and LEDs NBG-460N Access and Login 306 307 Advanced Suggestions Internet Access 308 309 Internet connection is slow or intermittent Resetting the NBG-460N to Its Factory Defaults 310 Wireless Router/AP Troubleshooting 311 Advanced Features 312 313 Product Specifications and Wall- Mounting InstructionsHardware Features PWR, LAN1-4, WAN, WLAN, WPS Bluetooth enabled devices, and other wireless LANs Firmware FeaturesSuch as microwave ovens, wireless phones 314 315 316 Feature SpecificationsFeature Specification Standards Supported Protocol MBM Media Bandwidth Management Wall-mounting Instructions317 318 Masonry Plug and M4 Tap Screw Appendices Index 319 320 321 Disable pop-up BlockersInternet Explorer Pop-up Blockers Enable pop-up Blockers with Exceptions 322 Select Settings…to open the Pop-up Blocker Settings screen 323 JavaScripts 324 325 Internet Options Security Java Permissions 326 327 Java Sun 328 Java Sun 329 Introduction to IP AddressesStructure Subnet Mask Identifying Network Number Subnet Masks330 1ST 2ND 3RD 4TH Octet Subnet Masks 331Network Size Binary 1ST 2ND 3RD 4TH Decimal Octet Maximum Host Numbers Notation332 Alternative Subnet Mask Notation Subnetting 333 Example Four Subnets 334 335 IP/SUBNET Mask Network Number Last Octet BIT Value 336 Example Eight SubnetsSubnet Planning 16-bit Network Number Subnet Planning Configuring IP Addresses337 NO. Borrowed Subnet Mask NO. Hosts PER Host Bits Subnets 338 Private IP Addresses Setting up Your Computer’s IP Address 339 340 Installing ComponentsWindows 95/98/Me Configuring 341 Verifying Settings 342 Windows 2000/NT/XP 343 344 Windows XP Control Panel 345 Windows XP Local Area Connection Properties 346 Windows XP Internet Protocol TCP/IP Properties 347 Windows XP Advanced TCP/IP Properties 348 Macintosh OS 8/9 349 350 Macintosh OS 8/9 TCP/IP Macintosh OS 351 352 Using the K Desktop Environment KDELinux 353 Red Hat 9.0 KDE Ethernet Device General Using Configuration Files 354 Red Hat 9.0 Static IP Address Setting in ifconfig-eth0 Red Hat 9.0 DNS Settings in resolv.conf Verifying Settings 356 357 Wireless LAN TopologiesAd-hoc Wireless LAN Configuration Basic Service Set 358 Channel 359 360 RTS/CTS Preamble Type Ieee 802.11g Wireless LANFragmentation Threshold 361 Ieee 802.11g Ieee362 Data Rate Modulation Mbps Types of Radius Messages Types of Authentication363 EAP-MD5 Message-Digest Algorithm EAP-TLS Transport Layer Security EAP-TTLS Tunneled Transport Layer Service364 Peap Protected EAP 365 Comparison of EAP Authentication TypesWPA2 Encryption User Authentication 366 367 27.0.2 WPA2-PSK Application Example27.0.3 WPA2 with Radius Application Example Security Parameters Summary Wireless Security Relational MatrixAuthentication Encryptio Enter METHOD/ KEY 368 Services 369 Name Protocol Ports Description Examples of Services370 371 372 373 CopyrightCertifications Disclaimer 374 FCC Radiation Exposure Statement Viewing Certifications ZyXEL Limited Warranty375 376 Registration Classes and priorities Index377 CTS Clear to Send Encapsulating Security Payload. See ESP 378Essid Ethernet PPPoE. see also PPP over Ethernet 379IKE SA Language Link type 40 Mbssid 380MAC Radius QoS QoS priorities Quality of Service QoS381 Wireless security 98 overview 382 383 Xbox Live ZyNOS 39 384