User Guide
Page 2
Graphics in this manual is designed to differences in this book may differ slightly from the product due to help you installed updated firmware/software for Internet access. 2 NBG5715 User's Guide KEEP THIS GUIDE FOR FUTURE REFERENCE. It contains information on setting up and running right away. Every effort has been made to ensure...
Graphics in this manual is designed to differences in this book may differ slightly from the product due to help you installed updated firmware/software for Internet access. 2 NBG5715 User's Guide KEEP THIS GUIDE FOR FUTURE REFERENCE. It contains information on setting up and running right away. Every effort has been made to ensure...
User Guide
Page 5
......5 Part I: User's Guide 13 Chapter 1 Introduction ...15 1.1 Overview ...15 1.2 Applications ...16 1.3 Ways to Manage the NBG5715 ...16 1.4 Good Habits for Managing the NBG5715 16 1.5 LEDs ...17 1.6 Wall Mounting ...19 Chapter 2 The WPS Button...21 2.1 Overview ...21 Chapter 3 ZyXEL NetUSB Share Center...3.1.1 Quick Setup ...23 3.1.2 Installing ZyXEL NetUSB Share Center Utility 23 3.2 The ZyXEL NetUSB Share Center Utility 24 3.2.1 The Menus ...25 3.2.2 The Share Center Configuration Window 26 3.2.3 The Auto-Connect Printer List Window 26 3.3 Manually Connecting to USB Devices 27 3.4 ...
......5 Part I: User's Guide 13 Chapter 1 Introduction ...15 1.1 Overview ...15 1.2 Applications ...16 1.3 Ways to Manage the NBG5715 ...16 1.4 Good Habits for Managing the NBG5715 16 1.5 LEDs ...17 1.6 Wall Mounting ...19 Chapter 2 The WPS Button...21 2.1 Overview ...21 Chapter 3 ZyXEL NetUSB Share Center...3.1.1 Quick Setup ...23 3.1.2 Installing ZyXEL NetUSB Share Center Utility 23 3.2 The ZyXEL NetUSB Share Center Utility 24 3.2.1 The Menus ...25 3.2.2 The Share Center Configuration Window 26 3.2.3 The Auto-Connect Printer List Window 26 3.3 Manually Connecting to USB Devices 27 3.4 ...
User Guide
Page 9
... 18.3.2 IPSec SA (IKE Phase 2) Overview 123 18.4 The General Screen ...123 18.5 Edit VPN Rule ...124 18.5.1 IKEKey Setup ...125 18.5.2 Manual Key Setup ...130 18.5.3 Configuring Manual Key ...131 18.6 The SA Monitor Screen ...135 18.7 Technical Reference ...135 18.7.1 IPSec Architecture ...136 18.7.2 Encapsulation ...136 18.7.3 IKE Phases ...137....2 What You Can Do this Chapter ...143 19.3 What You Need To Know ...143 19.4 General Screen ...144 19.5 Advance Screen ...144 19.5.1 Rule Configuration: User Defined Service Rule Configuration 146 NBG5715 User's Guide 9
... 18.3.2 IPSec SA (IKE Phase 2) Overview 123 18.4 The General Screen ...123 18.5 Edit VPN Rule ...124 18.5.1 IKEKey Setup ...125 18.5.2 Manual Key Setup ...130 18.5.3 Configuring Manual Key ...131 18.6 The SA Monitor Screen ...135 18.7 Technical Reference ...135 18.7.1 IPSec Architecture ...136 18.7.2 Encapsulation ...136 18.7.3 IKE Phases ...137....2 What You Can Do this Chapter ...143 19.3 What You Need To Know ...143 19.4 General Screen ...144 19.5 Advance Screen ...144 19.5.1 Rule Configuration: User Defined Service Rule Configuration 146 NBG5715 User's Guide 9
User Guide
Page 21
Depending on the device itself, or in each device's documentation to find another device that allows one device to configure security settings manually. WPS allows you can either press a button (on the devices you have, you to quickly set up a wireless network with strong ... 9 on a device, it has two minutes to make sure). Figure 5 The WPS Button NBG5715 User's Guide 21 WPS is an industry standard specification, defined by themselves. CHAPTER 2 The WPS Button 2.1 Overview Your NBG5715 supports WiFi Protected Setup (WPS), which is an easy way to set up a secure network by...
Depending on the device itself, or in each device's documentation to find another device that allows one device to configure security settings manually. WPS allows you can either press a button (on the devices you have, you to quickly set up a wireless network with strong ... 9 on a device, it has two minutes to make sure). Figure 5 The WPS Button NBG5715 User's Guide 21 WPS is an industry standard specification, defined by themselves. CHAPTER 2 The WPS Button 2.1 Overview Your NBG5715 supports WiFi Protected Setup (WPS), which is an easy way to set up a secure network by...
User Guide
Page 27
... NBG5715. Note: If you do this screen. Makes sure that you have the print driver installed you want to remove it. Close Click this to connect the USB devices. Table 6 ZyXEL...this devices listed in this with a USB printer but do not yet have first installed the ZyXEL NetUSB Share Center Utility on the computer to which you will be prompted to install one by...over your NBG5715 network. Delete Select an printer from the list and click this to close the window. 3.3 Manually Connecting to USB Devices This example shows you how to connect to the NBG5715. 2 In the ZyXEL NetUSB ...
... NBG5715. Note: If you do this screen. Makes sure that you have the print driver installed you want to remove it. Close Click this to connect the USB devices. Table 6 ZyXEL...this devices listed in this with a USB printer but do not yet have first installed the ZyXEL NetUSB Share Center Utility on the computer to which you will be prompted to install one by...over your NBG5715 network. Delete Select an printer from the list and click this to close the window. 3.3 Manually Connecting to USB Devices This example shows you how to connect to the NBG5715. 2 In the ZyXEL NetUSB ...
User Guide
Page 34
...logs you want to see the logged messages for the clients. Go to the Log Settings screen and select the logs you must be manually configured. Figure 14 Log Settings 5.4 DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain ... DHCP Table (Details...) hyperlink in the View Log screen. Figure 13 View Log You can configure the NBG5715's LAN as a server, the NBG5715 provides the TCP/IP configuration for the NBG5715. Click Apply to display in the Status screen. If DHCP service is disabled, you wish to renew ...
...logs you want to see the logged messages for the clients. Go to the Log Settings screen and select the logs you must be manually configured. Figure 14 Log Settings 5.4 DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain ... DHCP Table (Details...) hyperlink in the View Log screen. Figure 13 View Log You can configure the NBG5715's LAN as a server, the NBG5715 provides the TCP/IP configuration for the NBG5715. Click Apply to display in the Status screen. If DHCP service is disabled, you wish to renew ...
User Guide
Page 68
... the WAN port's MAC address by the ISP each time the NBG5715 tries to access the Internet. IP Address and enter the IP address of www.zyxel.com is used by the NBG5715 to its corresponding IP address and vice versa, for user authentication. If your LAN. WAN IP Address The WAN IP address... IP address, they should also assign you the subnet mask and DNS server IP address(es) (and a gateway IP address if you DNS server addresses, manually enter them in other devices in the DNS server fields. 2 If your ISP gives you use the Ethernet or ENET ENCAP encapsulation method). Chapter 10...
... the WAN port's MAC address by the ISP each time the NBG5715 tries to access the Internet. IP Address and enter the IP address of www.zyxel.com is used by the NBG5715 to its corresponding IP address and vice versa, for user authentication. If your LAN. WAN IP Address The WAN IP address... IP address, they should also assign you the subnet mask and DNS server IP address(es) (and a gateway IP address if you DNS server addresses, manually enter them in other devices in the DNS server fields. 2 If your ISP gives you use the Ethernet or ENET ENCAP encapsulation method). Chapter 10...
User Guide
Page 76
... the QoS screen to ensure Quality of wireless security you should use security compatible with strong security, without having to configure security settings manually (Section 11.7 on their MAC addresses from using the wireless network. SSID Normally, the AP acts like a beacon and regularly broadcasts... SSID to something that is difficult to add a wireless station using twelve hexadecimal characters2; It stands for example, 00A0C5000002 or 76 NBG5715 User's Guide In addition, you can also protect the information that is sent in the wireless network. It can set up in the...
... the QoS screen to ensure Quality of wireless security you should use security compatible with strong security, without having to configure security settings manually (Section 11.7 on their MAC addresses from using the wireless network. SSID Normally, the AP acts like a beacon and regularly broadcasts... SSID to something that is difficult to add a wireless station using twelve hexadecimal characters2; It stands for example, 00A0C5000002 or 76 NBG5715 User's Guide In addition, you can also protect the information that is sent in the wireless network. It can set up in the...
User Guide
Page 78
...WEP, WPA-PSK, or WPA2-PSK. Therefore, there is better to set up stronger encryption with no authentication than to configure security settings manually. Usually, you should set up a wireless network with strong security, without having to set up a secure network by the WiFi Alliance.... clients support WPA and some support WPA2, you can choose WPA or WPA2. If you can choose no user authentication. If users do not enable WDS security, 78 NBG5715 User's Guide Suppose the wireless network has two wireless clients. In this .) Table 27 Types of Authentication NO ...
...WEP, WPA-PSK, or WPA2-PSK. Therefore, there is better to set up stronger encryption with no authentication than to configure security settings manually. Usually, you should set up a wireless network with strong security, without having to set up a secure network by the WiFi Alliance.... clients support WPA and some support WPA2, you can choose WPA or WPA2. If you can choose no user authentication. If users do not enable WDS security, 78 NBG5715 User's Guide Suppose the wireless network has two wireless clients. In this .) Table 27 Types of Authentication NO ...
User Guide
Page 79
...LAN. Enter a descriptive name (up to 32 printable characters found on your computer to confirm. Select a channel from a computer connected to manually select the channel using a site survey tool. Select this check box for the wireless LAN. Note: If you wish to the wireless ...obtain the SSID through scanning using the Channel Section field. The SSID (Service Set IDentity) identifies the Service Set with the least interference. NBG5715 User's Guide 79 Table 28 Network > Wireless LAN 2.4G/5G > General LABEL Wireless LAN Name(SSID) Hide SSID Channel Selection DESCRIPTION Select ...
...LAN. Enter a descriptive name (up to 32 printable characters found on your computer to confirm. Select a channel from a computer connected to manually select the channel using a site survey tool. Select this check box for the wireless LAN. Note: If you wish to the wireless ...obtain the SSID through scanning using the Channel Section field. The SSID (Service Set IDentity) identifies the Service Set with the least interference. NBG5715 User's Guide 79 Table 28 Network > Wireless LAN 2.4G/5G > General LABEL Wireless LAN Name(SSID) Hide SSID Channel Selection DESCRIPTION Select ...
User Guide
Page 95
...) allows individual clients to obtain TCP/IP configuration at the factory and consists of six pairs of your LAN, or else the computer must be manually configured. 13.1.1 What You Can Do in this Chapter • Use the General screen to enable the DHCP server (Section 13.2 on page 95...on page 97). 13.1.2 What You Need To Know The following screen displays. Figure 58 Network > DHCP Server > General NBG5715 User's Guide 95 You can configure the NBG5715's LAN as a server, the NBG5715 provides the TCP/IP configuration for example, 00:A0:C5:00:00:02. The following terms and concepts may help...
...) allows individual clients to obtain TCP/IP configuration at the factory and consists of six pairs of your LAN, or else the computer must be manually configured. 13.1.1 What You Can Do in this Chapter • Use the General screen to enable the DHCP server (Section 13.2 on page 95...on page 97). 13.1.2 What You Need To Know The following screen displays. Figure 58 Network > DHCP Server > General NBG5715 User's Guide 95 You can configure the NBG5715's LAN as a server, the NBG5715 provides the TCP/IP configuration for example, 00:A0:C5:00:00:02. The following terms and concepts may help...
User Guide
Page 96
... DHCP settings, click Network > DHCP Server > Advanced. To change your changes back to the NBG5715. Figure 59 Network > DHCP Server > Advanced 96 NBG5715 User's Guide Enable the DHCP server unless your LAN, or else the computers must have another DHCP server on their MAC addresses. When ...Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on your ISP instructs you must be manually configured. Table 41 Network > DHCP Server > General LABEL DHCP Server DESCRIPTION Select Enable to activate DHCP for LAN. If not, DHCP...
... DHCP settings, click Network > DHCP Server > Advanced. To change your changes back to the NBG5715. Figure 59 Network > DHCP Server > Advanced 96 NBG5715 User's Guide Enable the DHCP server unless your LAN, or else the computers must have another DHCP server on their MAC addresses. When ...Advanced Screen This screen allows you to assign IP addresses on the LAN to specific individual computers based on your ISP instructs you must be manually configured. Table 41 Network > DHCP Server > General LABEL DHCP Server DESCRIPTION Select Enable to activate DHCP for LAN. If not, DHCP...
User Guide
Page 97
...to the right (read -only) DNS server IP address that the ISP assigns. Select DNS Relay to have their DNS server addresses manually configured. The NBG5715's LAN IP address displays in the field to the right. Click Apply to save your ISP dynamically assigns DNS server information (and ... always assign an IP address to a MAC address (and host name). NBG5715 User's Guide 97 If you chose User-Defined, but leave the IP address set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply. Click Network > DHCP Server...
...to the right (read -only) DNS server IP address that the ISP assigns. Select DNS Relay to have their DNS server addresses manually configured. The NBG5715's LAN IP address displays in the field to the right. Click Apply to save your ISP dynamically assigns DNS server information (and ... always assign an IP address to a MAC address (and host name). NBG5715 User's Guide 97 If you chose User-Defined, but leave the IP address set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you click Apply. Click Network > DHCP Server...
User Guide
Page 103
... where you can decide whether you have chosen a pre-defined service in the Service Name field, the protocol will be configured automatically. NBG5715 User's Guide 103 You can modify an existing rule. The pre-defined service port number(s) and protocol will be displayed in the Port Forwarding...> NAT > Port Forwarding Chapter 14 NAT The following table describes the labels in this to use the default server or specify a server manually. Server IP Address This field displays the inside IP address of an individual port forwarding server entry. Click the Remove icon to identify this...
... where you can decide whether you have chosen a pre-defined service in the Service Name field, the protocol will be configured automatically. NBG5715 User's Guide 103 You can modify an existing rule. The pre-defined service port number(s) and protocol will be displayed in the Port Forwarding...> NAT > Port Forwarding Chapter 14 NAT The following table describes the labels in this to use the default server or specify a server manually. Server IP Address This field displays the inside IP address of an individual port forwarding server entry. Click the Remove icon to identify this...
User Guide
Page 107
... take turns using a port number ranging between 6970-7170. 4 The NBG5715 forwards the traffic to a single LAN IP address. Trigger port forwarding solves this problem by allowing computers on the LAN to manually replace the LAN computer's IP address in from the Real Audio server ...Jane's computer IP address. 5 Only Jane can use the service in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). NBG5715 User's Guide 107 After that computer's connection for that service closes, another LAN computer's IP address....
... take turns using a port number ranging between 6970-7170. 4 The NBG5715 forwards the traffic to a single LAN IP address. Trigger port forwarding solves this problem by allowing computers on the LAN to manually replace the LAN computer's IP address in from the Real Audio server ...Jane's computer IP address. 5 Only Jane can use the service in three minutes with UDP (User Datagram Protocol), or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). NBG5715 User's Guide 107 After that computer's connection for that service closes, another LAN computer's IP address....
User Guide
Page 125
Figure 80 Security > IPSec VPN > General > Edit: IKE NBG5715 User's Guide 125 Chapter 18 IPSec VPN Note: The NBG5715 uses the system default gateway interface¡¦s WAN IP address as its WAN IP address to set up a VPN tunnel. 18.5.1 IKEKey Setup IKEprovides more protection so it is generally recommended. You only configure VPN manual key when you select IKE in the IPSec Keying Mode field on the IPSec VPN > General > Edit screen.
Figure 80 Security > IPSec VPN > General > Edit: IKE NBG5715 User's Guide 125 Chapter 18 IPSec VPN Note: The NBG5715 uses the system default gateway interface¡¦s WAN IP address as its WAN IP address to set up a VPN tunnel. 18.5.1 IKEKey Setup IKEprovides more protection so it is generally recommended. You only configure VPN manual key when you select IKE in the IPSec Keying Mode field on the IPSec VPN > General > Edit screen.
User Guide
Page 126
... policy. In order to work. For a single IP address, enter a (static) IP address on the LAN behind your NBG5715. 126 NBG5715 User's Guide The NBG5715 assigns this feature to have the NBG5715 automatically reinitiate the SA after the SA lifetime times out, even if there is a range, enter the end (static) IP...) IP address, in a range of computers on the LAN behind the NAT router. Local Address If you configure an active rule with manual key management. Chapter 18 IPSec VPN The following table describes the labels in this IPSec rule's range of local addresses.
... policy. In order to work. For a single IP address, enter a (static) IP address on the LAN behind your NBG5715. 126 NBG5715 User's Guide The NBG5715 assigns this feature to have the NBG5715 automatically reinitiate the SA after the SA lifetime times out, even if there is a range, enter the end (static) IP...) IP address, in a range of computers on the LAN behind the NAT router. Local Address If you configure an active rule with manual key management. Chapter 18 IPSec VPN The following table describes the labels in this IPSec rule's range of local addresses.
User Guide
Page 130
...use the same algorithms and key , which key size and encryption algorithm to establish the tunnel. 130 NBG5715 User's Guide However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. You must choose a key group for phase 1 IKE setup.... Click Apply to save your previous settings. 18.5.2 Manual Key Setup Manual key management is also slower. Define the length of...
...use the same algorithms and key , which key size and encryption algorithm to establish the tunnel. 130 NBG5715 User's Guide However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. You must choose a key group for phase 1 IKE setup.... Click Apply to save your previous settings. 18.5.2 Manual Key Setup Manual key management is also slower. Define the length of...
User Guide
Page 131
... using manual keys has some characteristics of IKE SA and some characteristics of IPSec SA. There is not as secure as a regular IPSec SA. NBG5715 User's Guide 131 They only establish an IPSec SA. You should only do not establish an IKE SA. Chapter 18 IPSec VPN Current ZyXEL implementation ...assumes identical outgoing and incoming SPIs. 18.5.2.2 IPSec SA Using Manual Keys You might set up an IPSec SA...
... using manual keys has some characteristics of IKE SA and some characteristics of IPSec SA. There is not as secure as a regular IPSec SA. NBG5715 User's Guide 131 They only establish an IPSec SA. You should only do not establish an IKE SA. Chapter 18 IPSec VPN Current ZyXEL implementation ...assumes identical outgoing and incoming SPIs. 18.5.2.2 IPSec SA Using Manual Keys You might set up an IPSec SA...
User Guide
Page 132
... if you have IP addresses in this VPN policy. Select Manual from the drop-down list box. A DNS server allows clients on the VPN to find other computers and servers on the VPN by their (private) domain names. 132 NBG5715 User's Guide Chapter 18 IPSec VPN Figure 81 Security > IPSec... VPN > General > Edit: Manual The following table describes the labels in this additional DNS server to the NBG5715's DHCP clients that services the VPN, type its IP address here...
... if you have IP addresses in this VPN policy. Select Manual from the drop-down list box. A DNS server allows clients on the VPN to find other computers and servers on the VPN by their (private) domain names. 132 NBG5715 User's Guide Chapter 18 IPSec VPN Figure 81 Security > IPSec... VPN > General > Edit: Manual The following table describes the labels in this additional DNS server to the NBG5715's DHCP clients that services the VPN, type its IP address here...