User Guide
Page 3
... Intended Audience This manual is designed to help you quickly pinpoint the information you require. You can also enter text directly into a "hand" with which page-range you can help you get up your screen. • Embedded hyperlinks are actually cross-references to configure the P-792H v2 using the web...Internet access. • Support Disc Refer to the included CD for Reading User's Guides On-Screen When reading a ZyXEL User's Guide On-Screen, keep the following in all ZyXEL User's Guide PDFs. • If you know the page number or know vaguely which you want to related text....
... Intended Audience This manual is designed to help you quickly pinpoint the information you require. You can also enter text directly into a "hand" with which page-range you can help you get up your screen. • Embedded hyperlinks are actually cross-references to configure the P-792H v2 using the web...Internet access. • Support Disc Refer to the included CD for Reading User's Guides On-Screen When reading a ZyXEL User's Guide On-Screen, keep the following in all ZyXEL User's Guide PDFs. • If you know the page number or know vaguely which you want to related text....
User Guide
Page 5
About This User's Guide Disclaimer Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to differences in this manual is accurate. P-792H v2 User's Guide 5
About This User's Guide Disclaimer Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to differences in this manual is accurate. P-792H v2 User's Guide 5
User Guide
Page 12
...40 3.5 Any IP Table ...40 3.6 Packet Statistics ...41 Chapter 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client... ...55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 What You Can Do in the WAN Screens 59 6.1.2...
...40 3.5 Any IP Table ...40 3.6 Packet Statistics ...41 Chapter 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client... ...55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 What You Can Do in the WAN Screens 59 6.1.2...
User Guide
Page 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
User Guide
Page 44
... INTERNET SETUP to the wizard welcome screen. Check your ISP. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to you still cannot connect, click Manually configure your connection type. 3a The following screen appears if a connection is not detected. If you by your...
... INTERNET SETUP to the wizard welcome screen. Check your ISP. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to you still cannot connect, click Manually configure your connection type. 3a The following screen appears if a connection is not detected. If you by your...
User Guide
Page 45
Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Then click Next. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45 Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP.
Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Then click Next. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45 Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP.
User Guide
Page 46
...IP address only and you want the connected computers to you select Bridge in this screen. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard ... from ISP's DHCP server directly. Leave the defaults in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide Encapsulation Select the encapsulation type your ISP give you one IP address and you were not given information. Table 7 Internet Access...
...IP address only and you want the connected computers to you select Bridge in this screen. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard ... from ISP's DHCP server directly. Leave the defaults in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide Encapsulation Select the encapsulation type your ISP give you one IP address and you were not given information. Table 7 Internet Access...
User Guide
Page 64
...your LAN, or else the computers must know the IP address of a DNS server. Select User-Defined if you connect to the Internet. The P-792H v2 will try to bring up to 8 separate traffic types by your connection up all the time. the ISP assigns you a different one each time ...you have their DNS server addresses manually configured. Chapter 6 WAN Setup Table 12 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Tag VLAN ID for Select this option to add...
...your LAN, or else the computers must know the IP address of a DNS server. Select User-Defined if you connect to the Internet. The P-792H v2 will try to bring up to 8 separate traffic types by your connection up all the time. the ISP assigns you a different one each time ...you have their DNS server addresses manually configured. Chapter 6 WAN Setup Table 12 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Tag VLAN ID for Select this option to add...
User Guide
Page 91
...if you do not configure a DNS server, you click Apply. Apply Cancel Select None if you have the P-792H v2 act as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients. ...DNS server's IP address in this screen. When a computer on the LAN sends a DNS query to the P-792H v2, the P-792H v2 forwards the query to the real DNS server learned through IPCP and relays the response back to configure DNS servers... DNS servers to the right. You must have their DNS server addresses manually configured. P-792H v2 User's Guide 91
...if you do not configure a DNS server, you click Apply. Apply Cancel Select None if you have the P-792H v2 act as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients. ...DNS server's IP address in this screen. When a computer on the LAN sends a DNS query to the P-792H v2, the P-792H v2 forwards the query to the real DNS server learned through IPCP and relays the response back to configure DNS servers... DNS servers to the right. You must have their DNS server addresses manually configured. P-792H v2 User's Guide 91
User Guide
Page 96
... works only when the ISP uses the IPCP DNS server extensions. You can configure the P-792H v2 as a DHCP server or disable it . When a computer sends a DNS query to the P-792H v2, the P-792H v2 acts as a server, the P-792H v2 provides the TCP/IP configuration for the DHCP clients (DHCP Pool). Do not assign static ... pre-configured with the assigned IP address and subnet mask. The DNS server is extremely important because without it, you must be manually configured. If you turn DHCP service off, you DNS server addresses, enter them in the DNS Server fields in the form of an information...
... works only when the ISP uses the IPCP DNS server extensions. You can configure the P-792H v2 as a DHCP server or disable it . When a computer sends a DNS query to the P-792H v2, the P-792H v2 acts as a server, the P-792H v2 provides the TCP/IP configuration for the DHCP clients (DHCP Pool). Do not assign static ... pre-configured with the assigned IP address and subnet mask. The DNS server is extremely important because without it, you must be manually configured. If you turn DHCP service off, you DNS server addresses, enter them in the DNS Server fields in the form of an information...
User Guide
Page 157
... changes (there may be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). P-792H v2 User's Guide 157 This may be static. In this case only the remote secure gateway can also enter a remote secure...gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. The P-792H v2 has to allow access for configuration examples). Finding Out More See Section 12.9 on page 173 for advanced technical information on... has a dynamic WAN IP address and is using IKE key management and not Manual key management.
... changes (there may be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). P-792H v2 User's Guide 157 This may be static. In this case only the remote secure gateway can also enter a remote secure...gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. The P-792H v2 has to allow access for configuration examples). Finding Out More See Section 12.9 on page 173 for advanced technical information on... has a dynamic WAN IP address and is using IKE key management and not Manual key management.
User Guide
Page 161
... gateway must correspond to the remote IPSec router's configured remote IP addresses. Select Subnet to specify IP addresses on the LAN behind your P-792H v2. P-792H v2 User's Guide 161 Select Single for a specific range of IP addresses. When the Local Address Type field is a private DNS server that... P-792H v2 assigns this is configured to Single, this check box if you have IP addresses in a range of the devices behind your P792H v2. Specify the IP addresses of computers on a network by their subnet mask. Manual is ESP. The local IP addresses must have the local and...
... gateway must correspond to the remote IPSec router's configured remote IP addresses. Select Subnet to specify IP addresses on the LAN behind your P-792H v2. P-792H v2 User's Guide 161 Select Single for a specific range of IP addresses. When the Local Address Type field is a private DNS server that... P-792H v2 assigns this is configured to Single, this check box if you have IP addresses in a range of the devices behind your P792H v2. Specify the IP addresses of computers on a network by their subnet mask. Manual is ESP. The local IP addresses must have the local and...
User Guide
Page 167
...Transport mode from the drop-down list box. DH1 refers to the VPN-IKE screen. Click Apply to save your changes. 12.5 Manual Key Setup Manual key management is disabled (NONE) by forcing the two VPN gateways to authenticate packet data. As a result, 3DES is slower. ...an IKE SA automatically renegotiates in increased latency and decreased throughput. This allows faster IPSec setup, but is more secure, yet slower). P-792H v2 User's Guide 167 Select MD5 for minimal security and SHA-1 for data communications, both the sending device and the receiving device must use...
...Transport mode from the drop-down list box. DH1 refers to the VPN-IKE screen. Click Apply to save your changes. 12.5 Manual Key Setup Manual key management is disabled (NONE) by forcing the two VPN gateways to authenticate packet data. As a result, 3DES is slower. ...an IKE SA automatically renegotiates in increased latency and decreased throughput. This allows faster IPSec setup, but is more secure, yet slower). P-792H v2 User's Guide 167 Select MD5 for minimal security and SHA-1 for data communications, both the sending device and the receiving device must use...
User Guide
Page 168
Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide Chapter 12 VPN 12.5.1 Security Parameter Index (SPI) An SPI is... different SAs terminating at the same destination and using the same IPSec protocol. The SPI is used to a single gateway. This is the VPN Setup - Manual Key screen as shown next.
Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide Chapter 12 VPN 12.5.1 Security Parameter Index (SPI) An SPI is... different SAs terminating at the same destination and using the same IPSec protocol. The SPI is used to a single gateway. This is the VPN Setup - Manual Key screen as shown next.
User Guide
Page 169
...Subnet Mask Two active SAs cannot have the same local or remote IP address, but the P-792H v2 drops trailing spaces. Select Subnet to activate this screen. Table 46 Security > VPN > Setup > Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to specify IP addresses on your LAN... IP addresses. Name Type up to 32 characters to Single, enter a (static) IP address on the LAN behind your P-792H v2. You may use any time. Manual is configured to identify this field is active at any character, including spaces, but not both the same. When the Local Address...
...Subnet Mask Two active SAs cannot have the same local or remote IP address, but the P-792H v2 drops trailing spaces. Select Subnet to activate this screen. Table 46 Security > VPN > Setup > Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to specify IP addresses on your LAN... IP addresses. Name Type up to 32 characters to Single, enter a (static) IP address on the LAN behind your P-792H v2. You may use any time. Manual is configured to identify this field is active at any character, including spaces, but not both the same. When the Local Address...
User Guide
Page 170
... N/A. Select Single with which can configure multiple SAs between the same local and remote IP addresses, as long as 0.0.0.0: The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic) to set up to 31 characters) of computers on the network behind the remote IPSec router... than DES. When you select NULL, you 're making the VPN connection. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must be used to encrypt and decrypt the message or to generate and verify a message authentication...
... N/A. Select Single with which can configure multiple SAs between the same local and remote IP addresses, as long as 0.0.0.0: The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic) to set up to 31 characters) of computers on the network behind the remote IPSec router... than DES. When you select NULL, you 're making the VPN connection. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must be used to encrypt and decrypt the message or to generate and verify a message authentication...
User Guide
Page 171
...) With DES, type a unique key 8 characters long. The SHA1 algorithm is outbound traffic but trailing spaces are truncated. See Section P-792H v2 User's Guide 171 Any characters may be used , including spaces, but no outbound or inbound traffic is slower. Any characters may be .... MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are truncated. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Apply Click Apply ...
...) With DES, type a unique key 8 characters long. The SHA1 algorithm is outbound traffic but trailing spaces are truncated. See Section P-792H v2 User's Guide 171 Any characters may be used , including spaces, but no outbound or inbound traffic is slower. Any characters may be .... MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are truncated. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Apply Click Apply ...
User Guide
Page 174
... mechanism for packet structure (including implementation algorithms). Key Management Key management allows you are running IPSec on a host computer behind the P-792H v2. The VPN device at the receiving end. An IPSec VPN using ESP protocol with authentication, the packet contents (in this section if... data payload) are performed over the combination of the incoming packet by a NAT device. 174 P-792H v2 User's Guide The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to use of the VPN device at the receiving end doesn't know about ...
... mechanism for packet structure (including implementation algorithms). Key Management Key management allows you are running IPSec on a host computer behind the P-792H v2. The VPN device at the receiving end. An IPSec VPN using ESP protocol with authentication, the packet contents (in this section if... data payload) are performed over the combination of the incoming packet by a NAT device. 174 P-792H v2 User's Guide The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to use of the VPN device at the receiving end doesn't know about ...
User Guide
Page 237
See Section 18.1 on your P-792H v2. P-792H v2 User's Guide 237 Apply Click this eliminates the need to manually configure port forwarding for the UPnP enabled application. this to save your previously saved settings. 18.3 Installing UPnP in Windows Example...UPnP) Feature Select this check box to allow UPnP-enabled applications to automatically configure the P-792H v2 so that anyone could use a UPnP application to open the web configurator's login screen without entering the P-792H v2's IP address (although you must still enter the password to display the screen shown next...
See Section 18.1 on your P-792H v2. P-792H v2 User's Guide 237 Apply Click this eliminates the need to manually configure port forwarding for the UPnP enabled application. this to save your previously saved settings. 18.3 Installing UPnP in Windows Example...UPnP) Feature Select this check box to allow UPnP-enabled applications to automatically configure the P-792H v2 so that anyone could use a UPnP application to open the web configurator's login screen without entering the P-792H v2's IP address (although you must still enter the password to display the screen shown next...
User Guide
Page 243
P-792H v2 User's Guide 243 Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings.
P-792H v2 User's Guide 243 Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings.