User Guide
Page 3
Contents Overview Contents Overview User's Guide ...13 Introduction ...15 The WPS Button ...21 ZyXEL NetUSB Share Center Utility ...23 Introducing the Web Configurator ...29 Monitor and Summary ...33 NBG5715 Modes ...39 Easy Mode ...41 Router Mode ...51 Tutorials ...57 Technical Reference ...65 WAN ...67 Wireless LAN ...75 LAN ...91 DHCP Server ...95 NAT ...99 Dynamic DNS ...109 Static Route ...111 Firewall ...115 IPSec VPN ...121 Bandwidth Management ...143 Remote Management ...149 Universal Plug-and-Play (UPnP) ...153 Maintenance ...159 Troubleshooting ...167 NBG5715 User's Guide 3
Contents Overview Contents Overview User's Guide ...13 Introduction ...15 The WPS Button ...21 ZyXEL NetUSB Share Center Utility ...23 Introducing the Web Configurator ...29 Monitor and Summary ...33 NBG5715 Modes ...39 Easy Mode ...41 Router Mode ...51 Tutorials ...57 Technical Reference ...65 WAN ...67 Wireless LAN ...75 LAN ...91 DHCP Server ...95 NAT ...99 Dynamic DNS ...109 Static Route ...111 Firewall ...115 IPSec VPN ...121 Bandwidth Management ...143 Remote Management ...149 Universal Plug-and-Play (UPnP) ...153 Maintenance ...159 Troubleshooting ...167 NBG5715 User's Guide 3
User Guide
Page 6
... You Can Do in this Chapter ...33 5.3 The Log Screen ...33 5.3.1 View Log ...34 5.4 DHCP Table ...34 5.5 Packet Statistics ...35 5.6 VPN Monitor ...36 5.7 WLAN_2.4G/5G Station Status ...37 Chapter 6 NBG5715 Modes ...39 6.1 Overview ...39 6.1.1 Web Configurator Modes ...39 Chapter 7 Easy Mode ...41 7.1 Overview ...41 7.2 What You Can Do in this Chapter... 7.5.7 WPS ...48 7.6 Status Screen in Easy Mode ...49 Chapter 8 Router Mode...51 8.1 Overview ...51 8.2 Router Mode Status Screen ...51 8.2.1 Navigation Panel ...54 Chapter 9 Tutorials ...57 6 NBG5715 User's Guide
... You Can Do in this Chapter ...33 5.3 The Log Screen ...33 5.3.1 View Log ...34 5.4 DHCP Table ...34 5.5 Packet Statistics ...35 5.6 VPN Monitor ...36 5.7 WLAN_2.4G/5G Station Status ...37 Chapter 6 NBG5715 Modes ...39 6.1 Overview ...39 6.1.1 Web Configurator Modes ...39 Chapter 7 Easy Mode ...41 7.1 Overview ...41 7.2 What You Can Do in this Chapter... 7.5.7 WPS ...48 7.6 Status Screen in Easy Mode ...49 Chapter 8 Router Mode...51 8.1 Overview ...51 8.2 Router Mode Status Screen ...51 8.2.1 Navigation Panel ...54 Chapter 9 Tutorials ...57 6 NBG5715 User's Guide
User Guide
Page 9
...(IKE Phase 1) Overview 122 18.3.2 IPSec SA (IKE Phase 2) Overview 123 18.4 The General Screen ...123 18.5 Edit VPN Rule ...124 18.5.1 IKEKey Setup ...125 18.5.2 Manual Key Setup ...130 18.5.3 Configuring Manual Key ...131 18.6 The SA......136 18.7.2 Encapsulation ...136 18.7.3 IKE Phases ...137 18.7.4 Negotiation Mode ...138 18.7.5 IPSec and NAT ...139 18.7.6 VPN, NAT, and NAT Traversal 139 18.7.7 ID Type and Content ...140 18.7.8 Pre-Shared Key ...141 18.7.9 Diffie-Hellman ....5 Advance Screen ...144 19.5.1 Rule Configuration: User Defined Service Rule Configuration 146 NBG5715 User's Guide 9
...(IKE Phase 1) Overview 122 18.3.2 IPSec SA (IKE Phase 2) Overview 123 18.4 The General Screen ...123 18.5 Edit VPN Rule ...124 18.5.1 IKEKey Setup ...125 18.5.2 Manual Key Setup ...130 18.5.3 Configuring Manual Key ...131 18.6 The SA......136 18.7.2 Encapsulation ...136 18.7.3 IKE Phases ...137 18.7.4 Negotiation Mode ...138 18.7.5 IPSec and NAT ...139 18.7.6 VPN, NAT, and NAT Traversal 139 18.7.7 ID Type and Content ...140 18.7.8 Pre-Shared Key ...141 18.7.9 Diffie-Hellman ....5 Advance Screen ...144 19.5.1 Rule Configuration: User Defined Service Rule Configuration 146 NBG5715 User's Guide 9
User Guide
Page 33
... the Summary table of the Status screen to view the bandwidth consumed, packets sent/received as well as the status of clients connected to the NBG5715. 5.2 What You Can Do in this Chapter • Use the Log screens to see the logs for the activity on the... screen to view the active VPN connections (Section 5.6 on page 36). • Use the WLAN_2.4G/5G Station Status screen to view the 2.4G wireless stations that are currently associated to the NBG5715 (Section 5.7 on page 37). 5.3 The Log Screen The Web Configurator allows you to Expert Mode after login, then click...
... the Summary table of the Status screen to view the bandwidth consumed, packets sent/received as well as the status of clients connected to the NBG5715. 5.2 What You Can Do in this Chapter • Use the Log screens to see the logs for the activity on the... screen to view the active VPN connections (Section 5.6 on page 36). • Use the WLAN_2.4G/5G Station Status screen to view the 2.4G wireless stations that are currently associated to the NBG5715 (Section 5.7 on page 37). 5.3 The Log Screen The Web Configurator allows you to Expert Mode after login, then click...
User Guide
Page 36
... collisions on . This is the total time the NBG5715 has been for refreshing statistics in this port. Enter the time interval in seconds for each session. This screen displays read-only information about the active VPN connections. A Security Association (SA) is the group...to update the screen. Click the Refresh button to stop refreshing statistics. 5.6 VPN Monitor Click Monitor > VPN Monitor or the VPN Monitor (Details...) hyperlink in the Status screen. Figure 17 Summary: Security Associations 36 NBG5715 User's Guide TxPkts RxPkts Collisions Tx B/s Rx B/s Up Time System Up ...
... collisions on . This is the total time the NBG5715 has been for refreshing statistics in this port. Enter the time interval in seconds for each session. This screen displays read-only information about the active VPN connections. A Security Association (SA) is the group...to update the screen. Click the Refresh button to stop refreshing statistics. 5.6 VPN Monitor Click Monitor > VPN Monitor or the VPN Monitor (Details...) hyperlink in the Status screen. Figure 17 Summary: Security Associations 36 NBG5715 User's Guide TxPkts RxPkts Collisions Tx B/s Rx B/s Up Time System Up ...
User Guide
Page 37
...or wireless router) using the same SSID, channel and security settings. View the wireless stations that a wireless client (for this VPN policy. NBG5715 User's Guide 37 MAC Address This field displays the MAC address of computer(s) on your local network behind the remote IPSec router.... Connection Name Remote Gateway This field displays the identification name for example, your NBG5715. Table 12 Summary: Security Associations LABEL Status DESCRIPTION This field displays whether the VPN connection is the index number of the remote IPSec router. Remote Address This is...
...or wireless router) using the same SSID, channel and security settings. View the wireless stations that a wireless client (for this VPN policy. NBG5715 User's Guide 37 MAC Address This field displays the MAC address of computer(s) on your local network behind the remote IPSec router.... Connection Name Remote Gateway This field displays the identification name for example, your NBG5715. Table 12 Summary: Security Associations LABEL Status DESCRIPTION This field displays whether the VPN connection is the index number of the remote IPSec router. Remote Address This is...
User Guide
Page 54
... Up when the WLAN is enabled or Down when the WLAN is disabled. Use this screen to view the active VPN connections. 8.2.1 Navigation Panel Use the sub-menus on the navigation panel to the NBG5715. Use this screen to view the wireless stations that are currently associated to configure... transmission rate when the WLAN 2.4G/5G is enabled and N/A when the WLAN is disconnected. Click Details... Click Details... to go to the NBG5715. Chapter 8 Router Mode Table 22 Status Screen: Router Mode (continued) LABEL Status DESCRIPTION For the LAN and WAN ports, this displays the port...
... Up when the WLAN is enabled or Down when the WLAN is disabled. Use this screen to view the active VPN connections. 8.2.1 Navigation Panel Use the sub-menus on the navigation panel to the NBG5715. Use this screen to view the wireless stations that are currently associated to configure... transmission rate when the WLAN 2.4G/5G is enabled and N/A when the WLAN is disconnected. Click Details... Click Details... to go to the NBG5715. Chapter 8 Router Mode Table 22 Status Screen: Router Mode (continued) LABEL Status DESCRIPTION For the LAN and WAN ports, this displays the port...
User Guide
Page 55
... IP Use this screen to configure LAN IP address and subnet mask. VPN Monitor Use this screen to view the active VPN connections. MAC Filter Use the MAC filter screen to configure the NBG5715 to block access to configure WPS. Advanced This screen allows you to prioritize...Multimedia Quality of Service (WMM QoS). Wireless LAN 5G General Use this screen to schedule the times the Wireless LAN is enabled. NBG5715 User's Guide 55 WPS Station Use this screen to configure other advanced properties. Scheduling Use this screen to configure advanced wireless settings....
... IP Use this screen to configure LAN IP address and subnet mask. VPN Monitor Use this screen to view the active VPN connections. MAC Filter Use the MAC filter screen to configure the NBG5715 to block access to configure WPS. Advanced This screen allows you to prioritize...Multimedia Quality of Service (WMM QoS). Wireless LAN 5G General Use this screen to schedule the times the Wireless LAN is enabled. NBG5715 User's Guide 55 WPS Station Use this screen to configure other advanced properties. Scheduling Use this screen to configure advanced wireless settings....
User Guide
Page 56
...WWW Use this screen to configure forward incoming service requests to the server(s) on your NBG5715. Language Language This screen allows you prefer. 56 NBG5715 User's Guide IPSec VPN General Use this screen to configure IP static routes. Password Password Setup Use this screen... to view information related to your NBG5715. Management Bandwidth MGMT General Advance Use this screen to ...
...WWW Use this screen to configure forward incoming service requests to the server(s) on your NBG5715. Language Language This screen allows you prefer. 56 NBG5715 User's Guide IPSec VPN General Use this screen to configure IP static routes. Password Password Setup Use this screen... to view information related to your NBG5715. Management Bandwidth MGMT General Advance Use this screen to ...
User Guide
Page 121
... and auditing. Figure 76 IPSec VPN: Overview VPN Tunnel X Y The VPN tunnel connects the NBG5715 (X) and the remote IPSec router (Y). A secure VPN is a standards-based VPN that uses TCP/IP for secure data communications across a public network like the Internet. NBG5715 User's Guide 121 The following figure...and remote network (B). 18.2 What You Can Do in this Chapter • Use the General screen to display and manage the NBG5715's VPN rules (tunnels) (Section 18.4 on page 135). Internet Protocol Security (IPSec) is a combination of leased site-to provide confidentiality,...
... and auditing. Figure 76 IPSec VPN: Overview VPN Tunnel X Y The VPN tunnel connects the NBG5715 (X) and the remote IPSec router (Y). A secure VPN is a standards-based VPN that uses TCP/IP for secure data communications across a public network like the Internet. NBG5715 User's Guide 121 The following figure...and remote network (B). 18.2 What You Can Do in this Chapter • Use the General screen to display and manage the NBG5715's VPN rules (tunnels) (Section 18.4 on page 135). Internet Protocol Security (IPSec) is a combination of leased site-to provide confidentiality,...
User Guide
Page 122
...to establish an IKE SA. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG5715 and the remote IPSec router will use the same negotiation mode. Figure 77 VPN: IKE SA and IPSec SA IPSec SA X Y IKE SA In this example, a computer in network A... first. 18.3.1 IKE SA (IKE Phase 1) Overview The IKE SA provides a secure connection between the NBG5715 and remote IPSec router. Chapter 18 IPSec VPN 18.3 What You Need To Know A VPN tunnel is used in various examples in the rest of this section. The following figure illustrates this. The...
...to establish an IKE SA. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG5715 and the remote IPSec router will use the same negotiation mode. Figure 77 VPN: IKE SA and IPSec SA IPSec SA X Y IKE SA In this example, a computer in network A... first. 18.3.1 IKE SA (IKE Phase 1) Overview The IKE SA provides a secure connection between the NBG5715 and remote IPSec router. Chapter 18 IPSec VPN 18.3 What You Need To Know A VPN tunnel is used in various examples in the rest of this section. The following figure illustrates this. The...
User Guide
Page 123
...no longer manage the NBG5715. 18.4 The General Screen The following figure helps explain the main fields in the web configurator. Similarly, the remote network consists of the remote IPSec router (for the remote IPSec router as well. In this case, you can still set a VPN rule's local and ... devices connected to the NBG5715 and may be called the local policy. This is a read-only menu of devices connected to the remote IPSec router and may be static. Note: It is not available anymore. Click Security > IPSec VPN to the remote IPSec router. Edit a VPN rule by clicking the ...
...no longer manage the NBG5715. 18.4 The General Screen The following figure helps explain the main fields in the web configurator. Similarly, the remote network consists of the remote IPSec router (for the remote IPSec router as well. In this case, you can still set a VPN rule's local and ... devices connected to the NBG5715 and may be called the local policy. This is a read-only menu of devices connected to the remote IPSec router and may be static. Note: It is not available anymore. Click Security > IPSec VPN to the remote IPSec router. Edit a VPN rule by clicking the ...
User Guide
Page 124
...Encap. This is active or not. Select this screen afresh. 18.5 Edit VPN Rule Click on when the rule is turned on a policy's Edit icon in the IPSec VPN > General screen to the NBG5715. Allow Through IPSec Tunnel Apply Cancel Click the Remove icon to send NetBIOS ...a subnet mask of computer(s) on the remote network behind your changes back to edit the VPN policy. 124 NBG5715 User's Guide This field displays Tunnel or Transport mode (Tunnel is the VPN policy index number. This field displays the security protocol, encryption algorithm and authentication algorithm used for...
...Encap. This is active or not. Select this screen afresh. 18.5 Edit VPN Rule Click on when the rule is turned on a policy's Edit icon in the IPSec VPN > General screen to the NBG5715. Allow Through IPSec Tunnel Apply Cancel Click the Remove icon to send NetBIOS ...a subnet mask of computer(s) on the remote network behind your changes back to edit the VPN policy. 124 NBG5715 User's Guide This field displays Tunnel or Transport mode (Tunnel is the VPN policy index number. This field displays the security protocol, encryption algorithm and authentication algorithm used for...
User Guide
Page 125
You only configure VPN manual key when you select IKE in the IPSec Keying Mode field on the IPSec VPN > General > Edit screen. Figure 80 Security > IPSec VPN > General > Edit: IKE NBG5715 User's Guide 125 Chapter 18 IPSec VPN Note: The NBG5715 uses the system default gateway interface¡¦s WAN IP address as its WAN IP address to set up a VPN tunnel. 18.5.1 IKEKey Setup IKEprovides more protection so it is generally recommended.
You only configure VPN manual key when you select IKE in the IPSec Keying Mode field on the IPSec VPN > General > Edit screen. Figure 80 Security > IPSec VPN > General > Edit: IKE NBG5715 User's Guide 125 Chapter 18 IPSec VPN Note: The NBG5715 uses the system default gateway interface¡¦s WAN IP address as its WAN IP address to set up a VPN tunnel. 18.5.1 IKEKey Setup IKEprovides more protection so it is generally recommended.
User Guide
Page 126
.... Two active SAs can have keep alive enabled in order for IPSec VPN) You can configure multiple SAs between rules. For a single IP address, enter a (static) IP address on the LAN behind your NBG5715. 126 NBG5715 User's Guide IKE provides more than one is a range, enter the... subnet address, enter a subnet mask on the LAN behind the NAT router. Select this VPN policy. The NBG5715 assigns this additional DNS server to activate this check box to work. Chapter 18 IPSec VPN The following table describes the labels in a range of local addresses. Table 55 Security >...
.... Two active SAs can have keep alive enabled in order for IPSec VPN) You can configure multiple SAs between rules. For a single IP address, enter a (static) IP address on the LAN behind your NBG5715. 126 NBG5715 User's Guide IKE provides more than one is a range, enter the... subnet address, enter a subnet mask on the LAN behind the NAT router. Select this VPN policy. The NBG5715 assigns this additional DNS server to activate this check box to work. Chapter 18 IPSec VPN The following table describes the labels in a range of local addresses. Table 55 Security >...
User Guide
Page 127
... have the local and remote IP address(es) both . The NBG5715 uses its IP address. NBG5715 User's Guide 127 Select E-mail to 0.0.0.0. If the WAN connection goes down, the NBG5715 uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using...IKE (continued) LABEL Remote Policy DESCRIPTION Remote IP addresses must be rebuilt if My IP Address changes after setup. Local ID Type The VPN tunnel has to be static and correspond to have the NBG5715 use that you have the same local or remote IP address, but not both the same.
... have the local and remote IP address(es) both . The NBG5715 uses its IP address. NBG5715 User's Guide 127 Select E-mail to 0.0.0.0. If the WAN connection goes down, the NBG5715 uses the dial backup IP address for the VPN tunnel when using dial backup or the LAN IP address when using...IKE (continued) LABEL Remote Policy DESCRIPTION Remote IP addresses must be rebuilt if My IP Address changes after setup. Local ID Type The VPN tunnel has to be static and correspond to have the NBG5715 use that you have the same local or remote IP address, but not both the same.
User Guide
Page 128
... Address field set to identify the remote IPSec router by an e-mail address. 128 NBG5715 User's Guide The NBG5715 has to identify the remote IPSec router by a domain name. Select E-mail to rebuild the VPN tunnel each time the remote secure gateway's WAN IP address changes (there may be ...a delay until the DDNS servers are truncated. The NBG5715 automatically uses the IP address in the following situations. Type the WAN IP...
... Address field set to identify the remote IPSec router by an e-mail address. 128 NBG5715 User's Guide The NBG5715 has to identify the remote IPSec router by a domain name. Select E-mail to rebuild the VPN tunnel each time the remote secure gateway's WAN IP address changes (there may be ...a delay until the DDNS servers are truncated. The NBG5715 automatically uses the IP address in the following situations. Type the WAN IP...
User Guide
Page 129
... is hexadecimal and "0123456789ABCDEF" is called "pre-shared" because you want the NBG5715 to authenticate packet data. Choices are SHA1 and MD5. Choices are : DES - Chapter 18 IPSec VPN Table 55 Security > IPSec VPN > General > Edit: IKE (continued) LABEL Peer Content DESCRIPTION The configuration of... with a "0x" (zero x), which you type an IP address other than MD5, but it blank, the NBG5715 will make the VPN connection. However, every time the VPN tunnel renegotiates, all users accessing remote resources are truncated. For Domain Name or E-mail, type a domain name or...
... is hexadecimal and "0123456789ABCDEF" is called "pre-shared" because you want the NBG5715 to authenticate packet data. Choices are SHA1 and MD5. Choices are : DES - Chapter 18 IPSec VPN Table 55 Security > IPSec VPN > General > Edit: IKE (continued) LABEL Peer Content DESCRIPTION The configuration of... with a "0x" (zero x), which you type an IP address other than MD5, but it blank, the NBG5715 will make the VPN connection. However, every time the VPN tunnel renegotiates, all users accessing remote resources are truncated. For Domain Name or E-mail, type a domain name or...
User Guide
Page 130
... bit random number. Define the length of SAs to the NBG5715. Key Group Back Apply Cancel A short SA Life Time increases security by forcing the two VPN gateways to generate and verify a message authentication code. The local VPN gateway then uses the network, encryption and key values that... the administrator associated with the DES encryption algorithm Authentication Algorithm SA Life Time The NBG5715 and the remote IPSec ...
... bit random number. Define the length of SAs to the NBG5715. Key Group Back Apply Cancel A short SA Life Time increases security by forcing the two VPN gateways to generate and verify a message authentication code. The local VPN gateway then uses the network, encryption and key values that... the administrator associated with the DES encryption algorithm Authentication Algorithm SA Life Time The NBG5715 and the remote IPSec ...
User Guide
Page 131
... Manual Keys In IPSec SA using manual keys, you can only specify one encryption algorithm and one authentication algorithm. NBG5715 User's Guide 131 Chapter 18 IPSec VPN Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 18.5.2.2 IPSec SA Using Manual Keys You might set up an IPSec... SA using manual keys when you want to provide the encryption key and the authentication key the NBG5715 and remote IPSec router ...
... Manual Keys In IPSec SA using manual keys, you can only specify one encryption algorithm and one authentication algorithm. NBG5715 User's Guide 131 Chapter 18 IPSec VPN Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 18.5.2.2 IPSec SA Using Manual Keys You might set up an IPSec... SA using manual keys when you want to provide the encryption key and the authentication key the NBG5715 and remote IPSec router ...