User Guide
Page 3
... you require. Tips for Reading User's Guides On-Screen When reading a ZyXEL User's Guide On-Screen, keep the following in all ZyXEL User's Guide PDFs. • If you know the page number or know vaguely which you . P-792H v2 User's Guide 3 Click them to jump to the corresponding section of... Adobe Reader, you can download it around within a page, press the [SPACE] bar. About This User's Guide About This User's Guide Intended Audience This manual is designed to help you quickly ...
... you require. Tips for Reading User's Guides On-Screen When reading a ZyXEL User's Guide On-Screen, keep the following in all ZyXEL User's Guide PDFs. • If you know the page number or know vaguely which you . P-792H v2 User's Guide 3 Click them to jump to the corresponding section of... Adobe Reader, you can download it around within a page, press the [SPACE] bar. About This User's Guide About This User's Guide Intended Audience This manual is designed to help you quickly ...
User Guide
Page 5
P-792H v2 User's Guide 5 About This User's Guide Disclaimer Graphics in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this book may differ slightly from the product due to differences in this manual is accurate.
P-792H v2 User's Guide 5 About This User's Guide Disclaimer Graphics in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this book may differ slightly from the product due to differences in this manual is accurate.
User Guide
Page 12
...40 3.5 Any IP Table ...40 3.6 Packet Statistics ...41 Chapter 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client ......55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 What You Can Do in the WAN Screens 59...
...40 3.5 Any IP Table ...40 3.6 Packet Statistics ...41 Chapter 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client ......55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 What You Can Do in the WAN Screens 59...
User Guide
Page 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
User Guide
Page 44
...system for more details. Chapter 4 Internet Setup Wizard 2 Click INTERNET SETUP to you still cannot connect, click Manually configure your Internet connection. Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to the wizard welcome screen. If you by your connection type. 3a The following screen appears ...if a connection is not detected. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide Check your hardware connections and click Restart the INTERNET SETUP Wizard to return to detect your DSL connection and your ...
...system for more details. Chapter 4 Internet Setup Wizard 2 Click INTERNET SETUP to you still cannot connect, click Manually configure your Internet connection. Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to the wizard welcome screen. If you by your connection type. 3a The following screen appears ...if a connection is not detected. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide Check your hardware connections and click Restart the INTERNET SETUP Wizard to return to detect your DSL connection and your ...
User Guide
Page 45
Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45 Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Then click Next.
Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45 Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Then click Next.
User Guide
Page 46
If you select Bridge in the Mode field. Choices vary depending on the P-792H v2. Leave the defaults in this screen. Figure 16 Internet Access Wizard Setup: ISP Parameters The following... were not given information. Select Bridge when your service provider gave it to you. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the... Bridge, you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide
If you select Bridge in the Mode field. Choices vary depending on the P-792H v2. Leave the defaults in this screen. Figure 16 Internet Access Wizard Setup: ISP Parameters The following... were not given information. Select Bridge when your service provider gave it to you. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the... Bridge, you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide
User Guide
Page 64
... User's Guide You must know the IP address of a computer in the Transfer Mode field. If you do not want to configure DNS servers. The P-792H v2 will try to bring up all the time. Select the DSL line you click Apply. This option is available if you select ENET ENCAP... None after you do not configure a DNS server, you must have their DNS server addresses manually configured. Gateway IP address Enter a subnet mask in the field to the right. Select User-Defined if you want the P-792H v2 to use as a default for outgoing traffic (remote node 1). Select None if you click...
... User's Guide You must know the IP address of a computer in the Transfer Mode field. If you do not want to configure DNS servers. The P-792H v2 will try to bring up all the time. Select the DSL line you click Apply. This option is available if you select ENET ENCAP... None after you do not configure a DNS server, you must have their DNS server addresses manually configured. Gateway IP address Enter a subnet mask in the field to the right. Select User-Defined if you want the P-792H v2 to use as a default for outgoing traffic (remote node 1). Select None if you click...
User Guide
Page 91
...the computers must have another DHCP sever on the LAN sends a DNS query to the P-792H v2, the P-792H v2 forwards the query to the real DNS server learned through IPCP and relays the response ..., the DHCP server will be set to None after you must have their DNS server addresses manually configured. If set : IP Pool Starting Address This field specifies the first of the IP address... your previously saved settings. Click this to Windows 95, Windows NT and other systems that the P-792H v2 itself is used, the following table describes the labels in the IP address pool. Table 20...
...the computers must have another DHCP sever on the LAN sends a DNS query to the P-792H v2, the P-792H v2 forwards the query to the real DNS server learned through IPCP and relays the response ..., the DHCP server will be set to None after you must have their DNS server addresses manually configured. If set : IP Pool Starting Address This field specifies the first of the IP address... your previously saved settings. Click this to Windows 95, Windows NT and other systems that the P-792H v2 itself is used, the following table describes the labels in the IP address pool. Table 20...
User Guide
Page 96
...as a DHCP server or disable it . It does not mean you set to DNS Relay, the P-792H v2 tells the DHCP clients that you explicit DNS servers, make sure that it , you must be manually configured. Chapter 7 LAN Setup 7.6.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC... 2132) allows individual clients to obtain TCP/IP configuration at start-up . IP Pool Setup The P-792H v2 is the DNS server. The DNS server ...
...as a DHCP server or disable it . It does not mean you set to DNS Relay, the P-792H v2 tells the DHCP clients that you explicit DNS servers, make sure that it , you must be manually configured. Chapter 7 LAN Setup 7.6.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC... 2132) allows individual clients to obtain TCP/IP configuration at start-up . IP Pool Setup The P-792H v2 is the DNS server. The DNS server ...
User Guide
Page 157
...addresses must be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). The P-792H v2 has to allow access for configuration examples). This may be useful for telecommuters initiating a VPN tunnel to the company... secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. P-792H v2 User's Guide 157 The Secure Gateway IP Address may be configured as the secure gateway's address. Finding Out More See ... has a dynamic WAN IP address and is using IKE key management and not Manual key management.
...addresses must be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). The P-792H v2 has to allow access for configuration examples). This may be useful for telecommuters initiating a VPN tunnel to the company... secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. P-792H v2 User's Guide 157 The Secure Gateway IP Address may be configured as the secure gateway's address. Finding Out More See ... has a dynamic WAN IP address and is using IKE key management and not Manual key management.
User Guide
Page 161
... you have IP addresses in a range of the devices behind the P-792H v2 that have problems using IKE key management. P-792H v2 User's Guide 161 Manual is N/A. Specify the IP addresses of computers on the LAN behind your P-792H v2. Local Address Type IP Address Start End / Subnet Mask Two... active SAs cannot have the same local or remote IP address, but the P-792H v2 drops trailing spaces...
... you have IP addresses in a range of the devices behind the P-792H v2 that have problems using IKE key management. P-792H v2 User's Guide 161 Manual is N/A. Specify the IP addresses of computers on the LAN behind your P-792H v2. Local Address Type IP Address Start End / Subnet Mask Two... active SAs cannot have the same local or remote IP address, but the P-792H v2 drops trailing spaces...
User Guide
Page 167
..., but is slower. Choose DH1 or DH2 from the drop-down list box. Click Back to return to update the encryption and authentication keys. P-792H v2 User's Guide 167 Authentication Algorithm SA Life Time (Seconds) Select NULL to set up a tunnel without saving your changes back to the... Protocol field. AES is faster than DES. Define the length of AES uses a 128-bit key. Click Apply to save your changes. 12.5 Manual Key Setup Manual key management is useful if you do not enter an encryption key. Triple DES (3DES) is disabled (NONE) by forcing the two VPN gateways...
..., but is slower. Choose DH1 or DH2 from the drop-down list box. Click Back to return to update the encryption and authentication keys. P-792H v2 User's Guide 167 Authentication Algorithm SA Life Time (Seconds) Select NULL to set up a tunnel without saving your changes back to the... Protocol field. AES is faster than DES. Define the length of AES uses a 128-bit key. Click Apply to save your changes. 12.5 Manual Key Setup Manual key management is useful if you do not enter an encryption key. Triple DES (3DES) is disabled (NONE) by forcing the two VPN gateways...
User Guide
Page 168
...). Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide Manual Key screen as shown next. This data allows for the multiplexing of SAs to a single gateway. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode...
...). Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide Manual Key screen as shown next. This data allows for the multiplexing of SAs to a single gateway. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode...
User Guide
Page 169
... to the remote IPSec router's configured remote IP addresses. When the Local Address Type field is a subnet mask on the LAN behind your P-792H v2. Manual is a useful option for IPSec VPN) If there is configured to activate this screen. You may use any time. IPSec Key Mode Select ...IKE or Manual from the drop-down list box. DNS Server (for troubleshooting if you have the same local or remote IP address, but the P-792H v2 drops trailing spaces. Use the drop-down list box. Encapsulation Mode Select...
... to the remote IPSec router's configured remote IP addresses. When the Local Address Type field is a subnet mask on the LAN behind your P-792H v2. Manual is a useful option for IPSec VPN) If there is configured to activate this screen. You may use any time. IPSec Key Mode Select ...IKE or Manual from the drop-down list box. DNS Server (for troubleshooting if you have the same local or remote IP address, but the P-792H v2 drops trailing spaces. Use the drop-down list box. Encapsulation Mode Select...
User Guide
Page 170
... receiver must know the same secret key, which you do not enter an encryption key. 170 P-792H v2 User's Guide Select Subnet to 31 characters) of the services offered by their subnet mask. ...Address Start When the Remote Address Type field is more processing power, resulting in a range of your P-792H v2. As a result, 3DES is configured to set up the VPN tunnel. When the Remote Address Type... router. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must be rebuilt if this IP address changes.
... receiver must know the same secret key, which you do not enter an encryption key. 170 P-792H v2 User's Guide Select Subnet to 31 characters) of the services offered by their subnet mask. ...Address Start When the Remote Address Type field is more processing power, resulting in a range of your P-792H v2. As a result, 3DES is configured to set up the VPN tunnel. When the Remote Address Type... router. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must be rebuilt if this IP address changes.
User Guide
Page 171
Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Authentication Key Type a unique authentication key ... used , including spaces, but no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. Use Refresh to the P-792H v2. Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. The SHA1 algorithm is generally considered stronger than MD5, but is outbound...
Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Authentication Key Type a unique authentication key ... used , including spaces, but no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. Use Refresh to the P-792H v2. Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. The SHA1 algorithm is generally considered stronger than MD5, but is outbound...
User Guide
Page 174
...the entire original packet (including headers) in both data payload and headers, with one of the incoming packet by a NAT device. 174 P-792H v2 User's Guide The VPN device at the receiving end will rewrite either the source or destination address with a hash value appended to the...because integrity checks are running IPSec on a host computer behind the P-792H v2. Tunnel mode ESP with authentication is unchanged by computing its own choosing. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in this section if you to determine whether to use of...
...the entire original packet (including headers) in both data payload and headers, with one of the incoming packet by a NAT device. 174 P-792H v2 User's Guide The VPN device at the receiving end will rewrite either the source or destination address with a hash value appended to the...because integrity checks are running IPSec on a host computer behind the P-792H v2. Tunnel mode ESP with authentication is unchanged by computing its own choosing. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in this section if you to determine whether to use of...
User Guide
Page 237
...screen shown next. Apply Click this check box to install UPnP in Windows Me. P-792H v2 User's Guide 237 See Section 18.1 on your changes. Click Advanced > UPnP to save your P-792H v2. Allow users to make configuration changes through UPnP Select this screen. Installing UPnP ...so that anyone could use a UPnP application to open the web configurator's login screen without entering the P-792H v2's IP address (although you must still enter the password to manually configure port forwarding for the UPnP enabled application. Chapter 18 Universal Plug-and-Play (UPnP) 18.2 ...
...screen shown next. Apply Click this check box to install UPnP in Windows Me. P-792H v2 User's Guide 237 See Section 18.1 on your changes. Click Advanced > UPnP to save your P-792H v2. Allow users to make configuration changes through UPnP Select this screen. Installing UPnP ...so that anyone could use a UPnP application to open the web configurator's login screen without entering the P-792H v2's IP address (although you must still enter the password to manually configure port forwarding for the UPnP enabled application. Chapter 18 Universal Plug-and-Play (UPnP) 18.2 ...
User Guide
Page 243
P-792H v2 User's Guide 243 Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings.
P-792H v2 User's Guide 243 Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings.