User Guide
Page 12
...Monitor 39 3.5.4 Summary: DHCP Table 40 3.5.5 Summary: Packet Statistics 41 3.5.6 Summary: VPN Monitor 42 3.5.7 Summary: Wireless Station Status 43 Chapter 4 Connection Wizard ...45 4.1 Wizard Setup ...45 4.2 Connection Wizard: STEP 1: System Information 46 4.2.1 System Name ...46 ...NBG-460N and Wireless Client 63 5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N 67 5.2.3 Configure Your Notebook 68 5.3 Site-To-Site VPN Tunnel Tutorial 70 5.3.1 Configuring Bob's NBG-460N VPN Settings 71 5.3.2 Configuring Jack's NBG-460N VPN Settings 73 5.3.3 Checking the VPN...
...Monitor 39 3.5.4 Summary: DHCP Table 40 3.5.5 Summary: Packet Statistics 41 3.5.6 Summary: VPN Monitor 42 3.5.7 Summary: Wireless Station Status 43 Chapter 4 Connection Wizard ...45 4.1 Wizard Setup ...45 4.2 Connection Wizard: STEP 1: System Information 46 4.2.1 System Name ...46 ...NBG-460N and Wireless Client 63 5.2.2 Enable and Configure Wireless Security without WPS on your NBG-460N 67 5.2.3 Configure Your Notebook 68 5.3 Site-To-Site VPN Tunnel Tutorial 70 5.3.1 Configuring Bob's NBG-460N VPN Settings 71 5.3.2 Configuring Jack's NBG-460N VPN Settings 73 5.3.3 Checking the VPN...
User Guide
Page 16
...(IKE Phase 2) Overview 187 15.4 The General Screen ...188 15.4.1 VPN Rule Setup (Basic 189 15.4.2 VPN Rule Setup (Advanced 194 15.4.3 VPN Rule Setup (Manual 201 15.5 The SA Monitor Screen 205 15.6 Technical Reference ...206 15.6.1 VPN and Remote Management 206 15.6.2 IKE SA Proposal ...207 15.6.3 Diffie-Hellman....6.10 Additional IPSec VPN Topics 212 Part IV: Management 215 Chapter 16 Static Route ...217 16.1 Overview ...217 16.2 What You Can Do ...217 16.3 IP Static Route Screen ...218 16.3.1 Static Route Setup Screen 219 Chapter 17 Bandwidth Management...221 16 NBG-460N User's Guide
...(IKE Phase 2) Overview 187 15.4 The General Screen ...188 15.4.1 VPN Rule Setup (Basic 189 15.4.2 VPN Rule Setup (Advanced 194 15.4.3 VPN Rule Setup (Manual 201 15.5 The SA Monitor Screen 205 15.6 Technical Reference ...206 15.6.1 VPN and Remote Management 206 15.6.2 IKE SA Proposal ...207 15.6.3 Diffie-Hellman....6.10 Additional IPSec VPN Topics 212 Part IV: Management 215 Chapter 16 Static Route ...217 16.1 Overview ...217 16.2 What You Can Do ...217 16.3 IP Static Route Screen ...218 16.3.1 Static Route Setup Screen 219 Chapter 17 Bandwidth Management...221 16 NBG-460N User's Guide
User Guide
Page 70
... Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the screen below. Table 23 Site-To-Site VPN Tunnel Settings SETTING BOB'S NBG-460N Active YES IPSec Keying IKE Mode JACK'S NBG-460N YES IKE 70 NBG-460N User's Guide Chapter 5 Tutorials 7 ... are able to access the web site, your wireless connection is successfully configured. 5.3 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to setup a VPN connection between their NBG-460Ns to configure their offices. Bob and Jack each have no connection, see the Troubleshooting section of this ...
... Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the screen below. Table 23 Site-To-Site VPN Tunnel Settings SETTING BOB'S NBG-460N Active YES IPSec Keying IKE Mode JACK'S NBG-460N YES IKE 70 NBG-460N User's Guide Chapter 5 Tutorials 7 ... are able to access the web site, your wireless connection is successfully configured. 5.3 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to setup a VPN connection between their NBG-460Ns to configure their offices. Bob and Jack each have no connection, see the Troubleshooting section of this ...
User Guide
Page 71
...: Property NBG-460N User's Guide 71 This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to enable the VPN rule after it has been created. Chapter 5 Tutorials Table 23 Site-To-Site VPN Tunnel Settings (continued) SETTING BOB'S NBG-460N JACK'S NBG-460N Local Address... Encryption Algorithm 3DES 3DES Authentication Algorithm SHA1 SHA1 5.3.1 Configuring Bob's NBG-460N VPN Settings To configure these settings Bob uses the NBG-460N Web Configurator. 1 Log into the NBG-460N Web Configurator and click VPN > Modify icon. Make sure IKE is selected as the IPSec ...
...: Property NBG-460N User's Guide 71 This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to enable the VPN rule after it has been created. Chapter 5 Tutorials Table 23 Site-To-Site VPN Tunnel Settings (continued) SETTING BOB'S NBG-460N JACK'S NBG-460N Local Address... Encryption Algorithm 3DES 3DES Authentication Algorithm SHA1 SHA1 5.3.1 Configuring Bob's NBG-460N VPN Settings To configure these settings Bob uses the NBG-460N Web Configurator. 1 Log into the NBG-460N Web Configurator and click VPN > Modify icon. Make sure IKE is selected as the IPSec ...
User Guide
Page 73
... authentication algorithm as shown below. Figure 46 Tutorial: VPN Summary 5.3.2 Configuring Jack's NBG-460N VPN Settings To configure these settings Jack uses the NBG-460N Web Configurator. 1 Log into the NBG-460N Web Configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to the VPN Summary screen. Figure 45 Tutorial: IPSec Algorithm 12...
... authentication algorithm as shown below. Figure 46 Tutorial: VPN Summary 5.3.2 Configuring Jack's NBG-460N VPN Settings To configure these settings Jack uses the NBG-460N Web Configurator. 1 Log into the NBG-460N Web Configurator and click VPN > Modify icon. This displays the VPN Rule Setup (basic) screen. 2 Select the Active checkbox to the VPN Summary screen. Figure 45 Tutorial: IPSec Algorithm 12...
User Guide
Page 189
Reset Click Reset to begin configuring this check box to send NetBIOS packets through the VPN connection. Chapter 15 IPSec VPN Table 64 Security > VPN > General LABEL DESCRIPTION Allow NetBIOS Traffic Through IPSec Tunnel Select this screen afresh. 15.4.1 VPN Rule Setup (Basic) Click the Edit icon in the General screen to display the Rule Setup screen. This figure helps explain the main fields. Figure 120 IPSec Fields Summary NBG-460N User's Guide 189 Apply Click Apply to save your changes back to the NBG-460N.
Reset Click Reset to begin configuring this check box to send NetBIOS packets through the VPN connection. Chapter 15 IPSec VPN Table 64 Security > VPN > General LABEL DESCRIPTION Allow NetBIOS Traffic Through IPSec Tunnel Select this screen afresh. 15.4.1 VPN Rule Setup (Basic) Click the Edit icon in the General screen to display the Rule Setup screen. This figure helps explain the main fields. Figure 120 IPSec Fields Summary NBG-460N User's Guide 189 Apply Click Apply to save your changes back to the NBG-460N.
User Guide
Page 190
...for this feature to have the NBG-460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. Chapter 15 IPSec VPN Use this screen. Keep Alive Select this VPN policy. Table 65 Security > VPN > General > Rule Setup: IKE (Basic) LABEL DESCRIPTION ...Property Active Select this check box to activate this check box to work. 190 NBG-460N User's Guide The remote IPSec router...
...for this feature to have the NBG-460N automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. Chapter 15 IPSec VPN Use this screen. Keep Alive Select this VPN policy. Table 65 Security > VPN > General > Rule Setup: IKE (Basic) LABEL DESCRIPTION ...Property Active Select this check box to activate this check box to work. 190 NBG-460N User's Guide The remote IPSec router...
User Guide
Page 191
... . Two active SAs cannot have NAT traversal enabled. Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this check box to find other computers and servers on the LAN behind your NBG-460N. In order for troubleshooting if you to set the NAT router to...
... . Two active SAs cannot have NAT traversal enabled. Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this check box to find other computers and servers on the LAN behind your NBG-460N. In order for troubleshooting if you to set the NAT router to...
User Guide
Page 192
... it a second time End /Mask here. Local ID Type The VPN tunnel has to have the NBG-460N use that you have configured (in a range of computers on the network behind the remote IPSec router. Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Address For a single IP...
... it a second time End /Mask here. Local ID Type The VPN tunnel has to have the NBG-460N use that you have configured (in a range of computers on the network behind the remote IPSec router. Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION Remote Address For a single IP...
User Guide
Page 193
...in the following situations. • When there is a NAT router between the two IPSec routers. • When you want the NBG-460N to distinguish between VPN connection requests that come in the following situations: • When there is for identification purposes only and can be able to distinguish... NBG-460N automatically uses the IP address in the Local Content field. Peer ID Type Select IP to identify the remote IPSec router by its IP address. If you configure this NBG460N in from the drop-down list box. Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup:...
...in the following situations. • When there is a NAT router between the two IPSec routers. • When you want the NBG-460N to distinguish between VPN connection requests that come in the following situations: • When there is for identification purposes only and can be able to distinguish... NBG-460N automatically uses the IP address in the Local Content field. Peer ID Type Select IP to identify the remote IPSec router by its IP address. If you configure this NBG460N in from the drop-down list box. Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup:...
User Guide
Page 194
...more processing power, resulting in the Rule Setup screen to save your pre-shared key in "0x0123456789ABCDEF", "0x" denotes that the key is hexadecimal and "0123456789ABCDEF" is not used for an SA. Apply Reset Cancel The NBG-460N and the remote IPSec router must use... you must select options from 16 to exit the screen without making any changes. 15.4.2 VPN Rule Setup (Advanced) Click the Advanced... Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION IPSec Protocol Select the security protocols used on both...
...more processing power, resulting in the Rule Setup screen to save your pre-shared key in "0x0123456789ABCDEF", "0x" denotes that the key is hexadecimal and "0123456789ABCDEF" is not used for an SA. Apply Reset Cancel The NBG-460N and the remote IPSec router must use... you must select options from 16 to exit the screen without making any changes. 15.4.2 VPN Rule Setup (Advanced) Click the Advanced... Chapter 15 IPSec VPN Table 65 Security > VPN > General > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION IPSec Protocol Select the security protocols used on both...
User Guide
Page 195
Chapter 15 IPSec VPN Use this screen to configure a VPN rule. Figure 122 Security > VPN > General > Rule Setup: IKE (Advanced) NBG-460N User's Guide 195
Chapter 15 IPSec VPN Use this screen to configure a VPN rule. Figure 122 Security > VPN > General > Rule Setup: IKE (Advanced) NBG-460N User's Guide 195
User Guide
Page 196
...can configure multiple SAs between the two IPSec routers. Note: The remote IPSec router must be static and correspond to the NBG-460N's DHCP clients that services the VPN, type its IP address here. You can have IP addresses in this additional DNS server to the remote IPSec router's ... out, even if there is the default and signifies any time. 196 NBG-460N User's Guide A DNS server allows clients on the VPN to Denial of local addresses. In order for UDP, etc. 0 is no traffic. As a VPN setup is processing intensive, the system is a private DNS server that have the...
...can configure multiple SAs between the two IPSec routers. Note: The remote IPSec router must be static and correspond to the NBG-460N's DHCP clients that services the VPN, type its IP address here. You can have IP addresses in this additional DNS server to the remote IPSec router's ... out, even if there is the default and signifies any time. 196 NBG-460N User's Guide A DNS server allows clients on the VPN to Denial of local addresses. In order for UDP, etc. 0 is no traffic. As a VPN setup is processing intensive, the system is a private DNS server that have the...
User Guide
Page 197
.... Local Address End When the local IP address is active at 0. Some of computers on the LAN behind your NBG-460N. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Address For a single IP address, enter a (static) IP address... on the LAN behind your NBG-460N. When the local IP address is a subnet address, enter a subnet mask on the ...
.... Local Address End When the local IP address is active at 0. Some of computers on the LAN behind your NBG-460N. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Local Address For a single IP address, enter a (static) IP address... on the LAN behind your NBG-460N. When the local IP address is a subnet address, enter a subnet mask on the ...
User Guide
Page 198
... dynamic domain names that come in this NBG-460N by an e-mail address. 198 NBG-460N User's Guide Type the WAN IP address or the domain name (up the VPN tunnel if you configure the Local Content field to identify this NBG-460N by its current WAN IP address (static...0, Remote Port End will also remain at 0. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Remote Port End Enter a port number in from IPSec routers with which to identify this NBG-460N in the DDNS screen) to identify this field as 0.0.0.0.
... dynamic domain names that come in this NBG-460N by an e-mail address. 198 NBG-460N User's Guide Type the WAN IP address or the domain name (up the VPN tunnel if you configure the Local Content field to identify this NBG-460N by its current WAN IP address (static...0, Remote Port End will also remain at 0. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Remote Port End Enter a port number in from IPSec routers with which to identify this NBG-460N in the DDNS screen) to identify this field as 0.0.0.0.
User Guide
Page 199
...from 180 to 0.0.0.0 or leave it is recommended that you type an IP address other than MD5, but it blank, the NBG-460N will make the VPN connection. Choices are truncated. It may range from the drop-down list box. Select which Diffie-Hellman key group (DHx)...Algorithm • When there is for encryption keys. Choices are : DH1 - Choices are SHA1 and MD5. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Peer Content The configuration of time before an IKE SA automatically renegotiates in this field to...
...from 180 to 0.0.0.0 or leave it is recommended that you type an IP address other than MD5, but it blank, the NBG-460N will make the VPN connection. Choices are truncated. It may range from the drop-down list box. Select which Diffie-Hellman key group (DHx)...Algorithm • When there is for encryption keys. Choices are : DH1 - Choices are SHA1 and MD5. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Peer Content The configuration of time before an IKE SA automatically renegotiates in this field to...
User Guide
Page 200
... from 16 to authenticate packet data in the IPSec SA. Select which is also slower. Choices are temporarily disconnected. 200 NBG-460N User's Guide Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. Select Tunnel mode or...
... from 16 to authenticate packet data in the IPSec SA. Select which is also slower. Choices are temporarily disconnected. 200 NBG-460N User's Guide Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. Select Tunnel mode or...
User Guide
Page 201
... IKE key management. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Perfect Forward Secrecy (PFS) Select whether or not you want to establish a VPN tunnel quickly, for example, for troubleshooting. NBG-460N User's Guide 201 There are : ...None - disable PFS DH1 - Click Cancel to exit the screen without making any changes. 15.4.3 VPN Rule Setup (Manual) Use this as a temporary ...
... IKE key management. Chapter 15 IPSec VPN Table 66 Security > VPN > General > Rule Setup: IKE (Advanced) (continued) LABEL DESCRIPTION Perfect Forward Secrecy (PFS) Select whether or not you want to establish a VPN tunnel quickly, for example, for troubleshooting. NBG-460N User's Guide 201 There are : ...None - disable PFS DH1 - Click Cancel to exit the screen without making any changes. 15.4.3 VPN Rule Setup (Manual) Use this as a temporary ...
User Guide
Page 202
... use the SPI, instead of pre-shared keys, ID type and content. Figure 123 Security > VPN > General > Rule Setup: Manual 202 The following table describes the labels in this VPN policy. Chapter 15 IPSec VPN 15.4.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG-460N and remote IPSec router use the same SPI.
... use the SPI, instead of pre-shared keys, ID type and content. Figure 123 Security > VPN > General > Rule Setup: Manual 202 The following table describes the labels in this VPN policy. Chapter 15 IPSec VPN 15.4.3.3 Authentication and the Security Parameter Index (SPI) For authentication, the NBG-460N and remote IPSec router use the same SPI.
User Guide
Page 204
This port number must be rebuilt if My IP Address changes after setup. If the WAN connection goes down list box. Type the WAN IP address or the domain name (up the VPN tunnel if you have the NBG-460N use that dynamic domain name's IP address. Remote Address End / Mask To specify IP addresses...
This port number must be rebuilt if My IP Address changes after setup. If the WAN connection goes down list box. Type the WAN IP address or the domain name (up the VPN tunnel if you have the NBG-460N use that dynamic domain name's IP address. Remote Address End / Mask To specify IP addresses...