User Guide
Page 3
About This User's Guide About This User's Guide Intended Audience This manual is designed to help you quickly pinpoint the information you ! Tips for Reading User's Guides On-Screen When reading a ZyXEL User's Guide On-Screen, keep the following in mind: • If you don't already have the latest ...version of the User's Guide PDF. Click them to jump to the corresponding section of Adobe Reader, you want to configure the P-792H v2 using the web configurator...
About This User's Guide About This User's Guide Intended Audience This manual is designed to help you quickly pinpoint the information you ! Tips for Reading User's Guides On-Screen When reading a ZyXEL User's Guide On-Screen, keep the following in mind: • If you don't already have the latest ...version of the User's Guide PDF. Click them to jump to the corresponding section of Adobe Reader, you want to configure the P-792H v2 using the web configurator...
User Guide
Page 5
Every effort has been made to ensure that the information in this book may differ slightly from the product due to differences in this manual is accurate. P-792H v2 User's Guide 5 About This User's Guide Disclaimer Graphics in operating systems, operating system versions, or if you installed updated firmware/software for your device.
Every effort has been made to ensure that the information in this book may differ slightly from the product due to differences in this manual is accurate. P-792H v2 User's Guide 5 About This User's Guide Disclaimer Graphics in operating systems, operating system versions, or if you installed updated firmware/software for your device.
User Guide
Page 12
...40 3.5 Any IP Table ...40 3.6 Packet Statistics ...41 Chapter 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client ......55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 What You Can Do in the WAN Screens 59...
...40 3.5 Any IP Table ...40 3.6 Packet Statistics ...41 Chapter 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client ......55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 What You Can Do in the WAN Screens 59...
User Guide
Page 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
User Guide
Page 44
...and enter your Internet setup information as provided to you still cannot connect, click Manually configure your ISP. See Section 4.2.1 on page 46 for Internet access. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide Check your connection type. 3a The following screen appears if... a connection is not detected. Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to detect your DSL connection and your hardware connections and click Restart the INTERNET SETUP Wizard to return to the wizard...
...and enter your Internet setup information as provided to you still cannot connect, click Manually configure your ISP. See Section 4.2.1 on page 46 for Internet access. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide Check your connection type. 3a The following screen appears if... a connection is not detected. Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to detect your DSL connection and your hardware connections and click Restart the INTERNET SETUP Wizard to return to the wizard...
User Guide
Page 45
Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45 Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Then click Next.
Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45 Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Then click Next.
User Guide
Page 46
... and you want multiple computers to share an Internet account. Choices vary depending on the P-792H v2. If you select in the Mode field. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your...Firewall, DHCP server and NAT on what you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide If you select Bridge, you select Bridge in this screen. Figure 16 Internet Access Wizard Setup: ISP Parameters The following ...
... and you want multiple computers to share an Internet account. Choices vary depending on the P-792H v2. If you select in the Mode field. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your...Firewall, DHCP server and NAT on what you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide If you select Bridge, you select Bridge in this screen. Figure 16 Internet Access Wizard Setup: ISP Parameters The following ...
User Guide
Page 64
...do not want to configure DNS servers. Select User-Defined if you have their DNS server addresses manually configured. Enter the DNS server's IP address in dotted decimal notation. The P-792H v2 will try to bring up all the time. Subnet Mask Select Obtain an IP Address ... tag (specified below . otherwise select Static IP Address and type your ISP dynamically assigns DNS server information (and the P-792H v2's WAN IP address) and you want the P-792H v2 to use as a default for outgoing traffic (remote node 1). Gateway IP address Enter a subnet mask in the...
...do not want to configure DNS servers. Select User-Defined if you have their DNS server addresses manually configured. Enter the DNS server's IP address in dotted decimal notation. The P-792H v2 will try to bring up all the time. Subnet Mask Select Obtain an IP Address ... tag (specified below . otherwise select Static IP Address and type your ISP dynamically assigns DNS server information (and the P-792H v2's WAN IP address) and you want the P-792H v2 to use as a default for outgoing traffic (remote node 1). Gateway IP address Enter a subnet mask in the...
User Guide
Page 91
... select DNS Relay for one of a computer in order to the right (read-only). Apply Cancel Select None if you click Apply. Click this screen. P-792H v2 User's Guide 91 If set to None, the DHCP server will be set: IP Pool Starting Address This field specifies the first of the... sends a DNS query to the P-792H v2, the P-792H v2 forwards the query to the real DNS server learned through IPCP and relays the response back to Windows 95, Windows NT and other systems that choice changes to None after you must have their DNS server addresses manually configured. You can assign IP...
... select DNS Relay for one of a computer in order to the right (read-only). Apply Cancel Select None if you click Apply. Click this screen. P-792H v2 User's Guide 91 If set to None, the DHCP server will be set: IP Pool Starting Address This field specifies the first of the... sends a DNS query to the P-792H v2, the P-792H v2 forwards the query to the real DNS server learned through IPCP and relays the response back to Windows 95, Windows NT and other systems that choice changes to None after you must have their DNS server addresses manually configured. You can assign IP...
User Guide
Page 96
...DNS Server Addresses DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa. If your ISP gives you must be manually configured. See the product specifications in the DHCP Setup screen. • Some ISPs choose to the client machines along with a pool of a computer before... service off, you must have another DHCP server on your ISP gives you set to the computer. IP Pool Setup The P-792H v2 is up . The P-792H v2 supports the IPCP DNS server extensions through IPCP negotiation. You can leave the DNS servers out of IPCP (IP Control Protocol...
...DNS Server Addresses DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa. If your ISP gives you must be manually configured. See the product specifications in the DHCP Setup screen. • Some ISPs choose to the client machines along with a pool of a computer before... service off, you must have another DHCP server on your ISP gives you set to the computer. IP Pool Setup The P-792H v2 is up . The P-792H v2 supports the IPCP DNS server extensions through IPCP negotiation. You can leave the DNS servers out of IPCP (IP Control Protocol...
User Guide
Page 157
...using DDNS. The Secure Gateway IP Address may be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). P-792H v2 User's Guide 157 In this case only the remote secure gateway can also enter a remote secure gateway's domain name in the web configurator. ...in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. Figure 71 IPSec Summary Fields Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address My IP Address...
...using DDNS. The Secure Gateway IP Address may be a delay until the DDNS servers are updated with the remote gateway's new WAN IP address). P-792H v2 User's Guide 157 In this case only the remote secure gateway can also enter a remote secure gateway's domain name in the web configurator. ...in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. Figure 71 IPSec Summary Fields Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address My IP Address...
User Guide
Page 161
...routers between the same local and remote IP addresses, as long as only one is configured to the P-792H v2's DHCP clients that services the VPN, type its IP address here. Select IKE or Manual from the drop-down list box. IKE provides more protection so it is ESP. Local A DNS ...Use the drop-down list box. Manual is configured to the remote IPSec router's configured remote IP addresses. Select Single for troubleshooting if you want to set up to 32 characters to Single, enter a (static) IP address on your LAN behind your P792H v2. P-792H v2 User's Guide 161 Chapter 12 ...
...routers between the same local and remote IP addresses, as long as only one is configured to the P-792H v2's DHCP clients that services the VPN, type its IP address here. Select IKE or Manual from the drop-down list box. IKE provides more protection so it is ESP. Local A DNS ...Use the drop-down list box. Manual is configured to the remote IPSec router's configured remote IP addresses. Select Single for troubleshooting if you want to set up to 32 characters to Single, enter a (static) IP address on your LAN behind your P792H v2. P-792H v2 User's Guide 161 Chapter 12 ...
User Guide
Page 167
...-IKE screen without encryption. This allows faster IPSec setup, but is slower. Click Cancel to return to update the encryption and authentication keys. P-792H v2 User's Guide 167 As a result, 3DES is more secure than 3DES. Authentication Algorithm SA Life Time (Seconds) Select NULL to set... Select Tunnel mode or Transport mode from 60 to generate and verify a message authentication code. DH2 refers to save your changes. 12.5 Manual Key Setup Manual key management is a variation on DES that uses a 168-bit key. Click Back to return to Diffie-Hellman Group 1 a 768 bit...
...-IKE screen without encryption. This allows faster IPSec setup, but is slower. Click Cancel to return to update the encryption and authentication keys. P-792H v2 User's Guide 167 As a result, 3DES is more secure than 3DES. Authentication Algorithm SA Life Time (Seconds) Select NULL to set... Select Tunnel mode or Transport mode from 60 to generate and verify a message authentication code. DH2 refers to save your changes. 12.5 Manual Key Setup Manual key management is a variation on DES that uses a 168-bit key. Click Back to return to Diffie-Hellman Group 1 a 768 bit...
User Guide
Page 168
... as shown next. The SPI is the VPN Setup - Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. The local VPN gateway then...SAs to distinguish different SAs terminating at the same destination and using the same IPSec protocol. Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide This is transmitted from the remote VPN gateway to establish the tunnel. Chapter 12 VPN 12.5.1 Security Parameter Index (...
... as shown next. The SPI is the VPN Setup - Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. The local VPN gateway then...SAs to distinguish different SAs terminating at the same destination and using the same IPSec protocol. Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide This is transmitted from the remote VPN gateway to establish the tunnel. Chapter 12 VPN 12.5.1 Security Parameter Index (...
User Guide
Page 169
...and correspond to activate this VPN policy. When the Local Address Type field is configured to specify IP addresses on the LAN behind your P-792H v2. P-792H v2 User's Guide 169 Name Type up to 32 characters to Single, this field is a private DNS server that have problems using ... Two active SAs cannot have the same local or remote IP address, but the P-792H v2 drops trailing spaces. Chapter 12 VPN The following table describes the fields in this IPSec rule's range of local addresses. Manual is configured to choose Single, Range, or Subnet. SPI Type a number (base ...
...and correspond to activate this VPN policy. When the Local Address Type field is configured to specify IP addresses on the LAN behind your P-792H v2. P-792H v2 User's Guide 169 Name Type up to 32 characters to Single, this field is a private DNS server that have problems using ... Two active SAs cannot have the same local or remote IP address, but the P-792H v2 drops trailing spaces. Chapter 12 VPN The following table describes the fields in this IPSec rule's range of local addresses. Manual is configured to choose Single, Range, or Subnet. SPI Type a number (base ...
User Guide
Page 170
...following applies if this IP address changes. Security Protocol IPSec Protocol Select ESP if you do not enter an encryption key. 170 P-792H v2 User's Guide Encryption Algorithm Select DES, 3DES or NULL from the Encryption Algorithm and Authentication Algorithm fields (described next). You ...IP address, in a range of the IPSec Address router with a single IP address. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must select options from the drop-down menu to choose Single, Range, or Subnet. Two active...
...following applies if this IP address changes. Security Protocol IPSec Protocol Select ESP if you do not enter an encryption key. 170 P-792H v2 User's Guide Encryption Algorithm Select DES, 3DES or NULL from the Encryption Algorithm and Authentication Algorithm fields (described next). You ...IP address, in a range of the IPSec Address router with a single IP address. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must select options from the drop-down menu to choose Single, Range, or Subnet. Two active...
User Guide
Page 171
...the SA lifetime period expires. Cancel Click Cancel to begin configuring this tab. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. MD5 (Message Digest... characters may be used , including spaces, but trailing spaces are truncated. A Security Association (SA) is read-only. See Section P-792H v2 User's Guide 171 Any characters may be used to a specific VPN tunnel. Enter 16 characters for MD5 authentication or 20 characters ...
...the SA lifetime period expires. Cancel Click Cancel to begin configuring this tab. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. MD5 (Message Digest... characters may be used , including spaces, but trailing spaces are truncated. A Security Association (SA) is read-only. See Section P-792H v2 User's Guide 171 Any characters may be used to a specific VPN tunnel. Enter 16 characters for MD5 authentication or 20 characters ...
User Guide
Page 174
...will rewrite either the source or destination address with authentication is the outbound address of the incoming packet by a NAT device. 174 P-792H v2 User's Guide When using ESP in Tunnel mode encapsulates the entire original packet (including headers) in the middle, so it ...IPSec and NAT Read this case, the entire original packet) are running IPSec on a host computer behind the P-792H v2. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in both data payload and headers, with a hash value appended to the received packet doesn't match.
...will rewrite either the source or destination address with authentication is the outbound address of the incoming packet by a NAT device. 174 P-792H v2 User's Guide When using ESP in Tunnel mode encapsulates the entire original packet (including headers) in the middle, so it ...IPSec and NAT Read this case, the entire original packet) are running IPSec on a host computer behind the P-792H v2. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in both data payload and headers, with a hash value appended to the received packet doesn't match.
User Guide
Page 237
...reserve a NAT forwarding port in order to communicate with another UPnP enabled device; Allow users to make configuration changes through the P-792H v2, for more information. See Section 18.1 on your previously saved settings. 18.3 Installing UPnP in Windows Example This section...DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this to restore your P-792H v2. Be aware that they can communicate through UPnP Select this eliminates the need to manually configure port forwarding for the UPnP enabled application. Chapter 18 Universal Plug-and-Play (...
...reserve a NAT forwarding port in order to communicate with another UPnP enabled device; Allow users to make configuration changes through the P-792H v2, for more information. See Section 18.1 on your previously saved settings. 18.3 Installing UPnP in Windows Example This section...DESCRIPTION Active the Universal Plug and Play (UPnP) Feature Select this to restore your P-792H v2. Be aware that they can communicate through UPnP Select this eliminates the need to manually configure port forwarding for the UPnP enabled application. Chapter 18 Universal Plug-and-Play (...
User Guide
Page 243
Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-792H v2 User's Guide 243
Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-792H v2 User's Guide 243