User Guide
Page 3
...to open the Adobe Reader search utility and enter a word or phrase. It contains information on your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you require. Tips for support documents. This can download it around within a page, press the [SPACE] bar. Click them...you want to configure the P-793H v2 using the web configurator. You can grab the page and move around freely on setting up and running right away. P-793H v2 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is designed to help you ...
...to open the Adobe Reader search utility and enter a word or phrase. It contains information on your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you require. Tips for support documents. This can download it around within a page, press the [SPACE] bar. Click them...you want to configure the P-793H v2 using the web configurator. You can grab the page and move around freely on setting up and running right away. P-793H v2 User's Guide 3 About This User's Guide About This User's Guide Intended Audience This manual is designed to help you ...
User Guide
Page 5
About This User's Guide Disclaimer Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to differences in this manual is accurate. P-793H v2 User's Guide 5
About This User's Guide Disclaimer Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to differences in this manual is accurate. P-793H v2 User's Guide 5
User Guide
Page 12
... 3.5 Any IP Table ...54 3.6 Packet Statistics ...55 Chapter 4 Internet Setup Wizard ...57 4.1 Overview ...57 4.2 Internet Access Wizard Setup 57 4.2.1 Manual Configuration 60 Chapter 5 Tutorials ...67 5.1 Overview ...67 5.2 Configuring Point-to-point Connection 67 5.2.1 Set Up the Server ...68 5.2.2 Set Up the... Client ...69 5.2.3 Connect the P-793H v2s 69 5.3 Configuring a Point-to-2points Connection 70 5.3.1 Set up the Server ...70 5.3.2 Set up the Clients ...71 5.3.3 Connect the P-793H v2s 72 Part II: Technical Reference 73 Chapter 6 WAN Setup...75 6.1 ...
... 3.5 Any IP Table ...54 3.6 Packet Statistics ...55 Chapter 4 Internet Setup Wizard ...57 4.1 Overview ...57 4.2 Internet Access Wizard Setup 57 4.2.1 Manual Configuration 60 Chapter 5 Tutorials ...67 5.1 Overview ...67 5.2 Configuring Point-to-point Connection 67 5.2.1 Set Up the Server ...68 5.2.2 Set Up the... Client ...69 5.2.3 Connect the P-793H v2s 69 5.3 Configuring a Point-to-2points Connection 70 5.3.1 Set up the Server ...70 5.3.2 Set up the Clients ...71 5.3.3 Connect the P-793H v2s 72 Part II: Technical Reference 73 Chapter 6 WAN Setup...75 6.1 ...
User Guide
Page 15
... ...163 11.2 VPN Setup Screen ...163 11.3 The VPN Edit Screen ...166 11.4 Configuring Advanced IKE Settings 171 11.5 Manual Key Setup ...173 11.5.1 Security Parameter Index (SPI 174 11.6 Configuring Manual Key 174 11.7 Viewing SA Monitor ...177 11.8 Configuring VPN Global Setting 179 11.9 IPSec VPN Technical Reference 179 11... Chapter 13 Static Route ...203 13.1 Overview ...203 13.2 The Static Route Screen 204 13.2.1 Static Route Edit 205 Chapter 14 802.1Q/1P...207 P-793H v2 User's Guide 15
... ...163 11.2 VPN Setup Screen ...163 11.3 The VPN Edit Screen ...166 11.4 Configuring Advanced IKE Settings 171 11.5 Manual Key Setup ...173 11.5.1 Security Parameter Index (SPI 174 11.6 Configuring Manual Key 174 11.7 Viewing SA Monitor ...177 11.8 Configuring VPN Global Setting 179 11.9 IPSec VPN Technical Reference 179 11... Chapter 13 Static Route ...203 13.1 Overview ...203 13.2 The Static Route Screen 204 13.2.1 Static Route Edit 205 Chapter 14 802.1Q/1P...207 P-793H v2 User's Guide 15
User Guide
Page 24
... Security > VPN > Setup ...164 Figure 72 Security > VPN > Setup > Edit 166 Figure 73 Security > VPN > Setup > Edit > Advanced Setup 171 Figure 74 Security > VPN > Setup > Manual Key 174 Figure 75 Security > VPN > Monitor ...178 Figure 76 Security > VPN > Global Setting 179 Figure 77 IPSec Architecture ...180 Figure 78 NAT Router Between... IPSec Encapsulation 183 Figure 80 Two Phases to Set Up the IPSec SA 184 Figure 81 VPN Host using Intranet DNS Server Example 186 24 P-793H v2 User's Guide
... Security > VPN > Setup ...164 Figure 72 Security > VPN > Setup > Edit 166 Figure 73 Security > VPN > Setup > Edit > Advanced Setup 171 Figure 74 Security > VPN > Setup > Manual Key 174 Figure 75 Security > VPN > Monitor ...178 Figure 76 Security > VPN > Global Setting 179 Figure 77 IPSec Architecture ...180 Figure 78 NAT Router Between... IPSec Encapsulation 183 Figure 80 Two Phases to Set Up the IPSec SA 184 Figure 81 VPN Host using Intranet DNS Server Example 186 24 P-793H v2 User's Guide
User Guide
Page 32
... Security > VPN > Setup ...164 Table 42 Security > VPN > Setup > Edit 166 Table 43 Security > VPN > Setup > Edit > Advanced Setup 171 Table 44 Security > VPN > Setup > Manual Key 175 Table 45 Security > VPN > Monitor ...178 Table 46 Security > VPN > Global Setting 179 Table 47 VPN and NAT ...181 Table 48 VPN and... > System > General 265 Table 79 Maintenance > System > Time Setting 266 Table 80 Maintenance > Logs > View Log 270 Table 81 Maintenance > Logs > Log Settings 272 32 P-793H v2 User's Guide
... Security > VPN > Setup ...164 Table 42 Security > VPN > Setup > Edit 166 Table 43 Security > VPN > Setup > Edit > Advanced Setup 171 Table 44 Security > VPN > Setup > Manual Key 175 Table 45 Security > VPN > Monitor ...178 Table 46 Security > VPN > Global Setting 179 Table 47 VPN and NAT ...181 Table 48 VPN and... > System > General 265 Table 79 Maintenance > System > Time Setting 266 Table 80 Maintenance > Logs > View Log 270 Table 81 Maintenance > Logs > Log Settings 272 32 P-793H v2 User's Guide
User Guide
Page 58
... and enter your Internet setup information as provided to you still cannot connect, click Manually configure your ISP. Check your connection type. 3a The following screen appears if a connection is not detected. Figure 13 Wizard Welcome 3 Your P-793H v2 attempts to detect your DSL connection and your hardware connections and click Restart the... wizard welcome screen. Chapter 4 Internet Setup Wizard 2 Click INTERNET SETUP to configure the system for more details. Figure 14 Auto Detection: No DSL Connection 58 P-793H v2 User's Guide If you by your Internet connection.
... and enter your Internet setup information as provided to you still cannot connect, click Manually configure your ISP. Check your connection type. 3a The following screen appears if a connection is not detected. Figure 13 Wizard Welcome 3 Your P-793H v2 attempts to detect your DSL connection and your hardware connections and click Restart the... wizard welcome screen. Chapter 4 Internet Setup Wizard 2 Click INTERNET SETUP to configure the system for more details. Figure 14 Auto Detection: No DSL Connection 58 P-793H v2 User's Guide If you by your Internet connection.
User Guide
Page 59
Click Next and refer to Section 4.2.1 on page 60 on how to manually configure the P-793H v2 for Internet access. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 16 Auto Detection: Failed P-793H v2 User's Guide 59 Then click Next. Figure 15 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected.
Click Next and refer to Section 4.2.1 on page 60 on how to manually configure the P-793H v2 for Internet access. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 16 Auto Detection: Failed P-793H v2 User's Guide 59 Then click Next. Figure 15 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected.
User Guide
Page 60
...from ISP's DHCP server directly. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 60 P-793H v2 User's Guide If you select Bridge, you were not given information. Leave the defaults in any fields for which you cannot use Firewall, ...17 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-793H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen ...
...from ISP's DHCP server directly. If you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 60 P-793H v2 User's Guide If you select Bridge, you were not given information. Leave the defaults in any fields for which you cannot use Firewall, ...17 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-793H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen ...
User Guide
Page 80
...set to 0.0.0.0, UserDefined changes to None after you have the IP address of a DNS server. You must have their DNS server addresses manually configured. Subnet Mask Select Obtain an IP Address Automatically if you click Apply. If you chose User-Defined, but leave the IP address...IEEE 802.1p priority level (from 1 to traffic through this option to add the VLAN tag (specified below . This option is disconnected. 80 P-793H v2 User's Guide Chapter 6 WAN Setup Table 12 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Tag VLAN ID for outgoing traffic (remote...
...set to 0.0.0.0, UserDefined changes to None after you have the IP address of a DNS server. You must have their DNS server addresses manually configured. Subnet Mask Select Obtain an IP Address Automatically if you click Apply. If you chose User-Defined, but leave the IP address...IEEE 802.1p priority level (from 1 to traffic through this option to add the VLAN tag (specified below . This option is disconnected. 80 P-793H v2 User's Guide Chapter 6 WAN Setup Table 12 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Tag VLAN ID for outgoing traffic (remote...
User Guide
Page 107
... systems that the P-793H v2 itself is used, the following table describes the labels in this case. Select UserDefined if you select DNS Relay for one of the IP address pool. Click this to the right (read-only). if you have their DNS server addresses manually configured. Remote DHCP... Server If Relay is selected in the field to restore your ISP dynamically assigns DNS server information (and the P-793H v2's WAN IP address).
... systems that the P-793H v2 itself is used, the following table describes the labels in this case. Select UserDefined if you select DNS Relay for one of the IP address pool. Click this to the right (read-only). if you have their DNS server addresses manually configured. Remote DHCP... Server If Relay is selected in the field to restore your ISP dynamically assigns DNS server information (and the P-793H v2's WAN IP address).
User Guide
Page 112
... with the assigned IP address and subnet mask. If your ISP did not give you sign up. When a computer sends a DNS query to the P-793H v2, the P-793H v2 acts as a DHCP server or disable it . Chapter 7 LAN Setup 7.6.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132)...to the client machines along with a pool of IPCP (IP Control Protocol) after the connection is extremely important because without it, you must be manually configured. It does not mean you must have another DHCP server on your LAN computers. 7.6.3 DNS Server Addresses DNS (Domain Name System) maps a...
... with the assigned IP address and subnet mask. If your ISP did not give you sign up. When a computer sends a DNS query to the P-793H v2, the P-793H v2 acts as a DHCP server or disable it . Chapter 7 LAN Setup 7.6.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132)...to the client machines along with a pool of IPCP (IP Control Protocol) after the connection is extremely important because without it, you must be manually configured. It does not mean you must have another DHCP server on your LAN computers. 7.6.3 DNS Server Addresses DNS (Domain Name System) maps a...
User Guide
Page 163
The P-793H v2 has to allow access for configuration examples). The Secure Gateway IP Address may be useful for telecommuters initiating a VPN tunnel to ...in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. This may be static. Chapter 11 VPN You can initiate SAs. In this case only the remote secure gateway can also... If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. P-793H v2 User's Guide 163
The P-793H v2 has to allow access for configuration examples). The Secure Gateway IP Address may be useful for telecommuters initiating a VPN tunnel to ...in the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. This may be static. Chapter 11 VPN You can initiate SAs. In this case only the remote secure gateway can also... If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. P-793H v2 User's Guide 163
User Guide
Page 167
... field is configured to specify IP addresses on the LAN behind your P-793H v2. When the Local Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the LAN behind your P793H v2. Manual is configured to Subnet, this is a subnet mask on a network by their...
... field is configured to specify IP addresses on the LAN behind your P-793H v2. When the Local Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on the LAN behind your P793H v2. Manual is configured to Subnet, this is a subnet mask on a network by their...
User Guide
Page 173
... with IKE key management. Authentication Algorithm SA Life Time (Seconds) Select NULL to set up a tunnel without saving your changes back to the P-793H v2 and return to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number (more processing power, resulting in the Active Protocol field. Click Cancel... to update the encryption and authentication keys. Triple DES (3DES) is not so secure. Click Apply to save your changes. 11.5 Manual Key Setup Manual key management is faster than MD5, but is a variation on DES that uses a 168-bit key. This implementation of time before ...
... with IKE key management. Authentication Algorithm SA Life Time (Seconds) Select NULL to set up a tunnel without saving your changes back to the P-793H v2 and return to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number (more processing power, resulting in the Active Protocol field. Click Cancel... to update the encryption and authentication keys. Triple DES (3DES) is not so secure. Click Apply to save your changes. 11.5 Manual Key Setup Manual key management is faster than MD5, but is a variation on DES that uses a 168-bit key. This implementation of time before ...
User Guide
Page 174
... IP address uniquely identify a particular Security Association (SA). Figure 74 Security > VPN > Setup > Manual Key 174 P-793H v2 User's Guide This data allows for the multiplexing of SAs to distinguish different SAs terminating at the same... destination and using the same IPSec protocol. The SPI (Security Parameter Index) along with the SPI to the local VPN gateway. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 11.6 Configuring Manual...
... IP address uniquely identify a particular Security Association (SA). Figure 74 Security > VPN > Setup > Manual Key 174 P-793H v2 User's Guide This data allows for the multiplexing of SAs to distinguish different SAs terminating at the same... destination and using the same IPSec protocol. The SPI (Security Parameter Index) along with the SPI to the local VPN gateway. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 11.6 Configuring Manual...
User Guide
Page 175
...down list box. When the Local Address Type field is configured to the P-793H v2 's DHCP clients that services the VPN, type its IP address here. P-793H v2 User's Guide 175 IPSec Key Mode Select IKE or Manual from the drop-down menu to the remote IPSec router's configured remote IP addresses... table describes the fields in this is a subnet mask on the LAN behind your P793H v2. Manual is a useful option for IPSec VPN) If there is a (static) IP address on the LAN behind your P-793H v2. DNS Server (for troubleshooting if you have the local and remote IP address(es) both...
...down list box. When the Local Address Type field is configured to the P-793H v2 's DHCP clients that services the VPN, type its IP address here. P-793H v2 User's Guide 175 IPSec Key Mode Select IKE or Manual from the drop-down menu to the remote IPSec router's configured remote IP addresses... table describes the fields in this is a subnet mask on the LAN behind your P793H v2. Manual is a useful option for IPSec VPN) If there is a (static) IP address on the LAN behind your P-793H v2. DNS Server (for troubleshooting if you have the local and remote IP address(es) both...
User Guide
Page 176
...local IP addresses. It also requires more secure than DES. The ESP protocol (RFC 2406) provides encryption as well as 0.0.0.0: The P-793H v2 uses the current P-793H v2 WAN IP address (static or dynamic) to set up to generate and verify a message authentication code. End / Subnet Mask When the ... to specify IP addresses on DES that uses a 168-bit key. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must select options from the drop-down menu to use ESP (Encapsulation Security Payload).
...local IP addresses. It also requires more secure than DES. The ESP protocol (RFC 2406) provides encryption as well as 0.0.0.0: The P-793H v2 uses the current P-793H v2 WAN IP address (static or dynamic) to set up to generate and verify a message authentication code. End / Subnet Mask When the ... to specify IP addresses on DES that uses a 168-bit key. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must select options from the drop-down menu to use ESP (Encapsulation Security Payload).
User Guide
Page 177
...Refresh to be used , including spaces, but no outbound or inbound traffic is the group of security settings related to the P-793H v2. Authentication Key Type a unique authentication key to display active VPN connections. When there is outbound traffic but trailing spaces are ...truncated. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Use this...
...Refresh to be used , including spaces, but no outbound or inbound traffic is the group of security settings related to the P-793H v2. Authentication Key Type a unique authentication key to display active VPN connections. When there is outbound traffic but trailing spaces are ...truncated. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Use this...
User Guide
Page 180
... digitally signs the outbound packet, both Transport and Tunnel mode. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in both data 180 P-793H v2 User's Guide NAT is shown as DES (Data Encryption Standard) and Triple DES algorithms. The Authentication Algorithms, HMAC-MD5... set up a VPN. 11.9.2 IPSec and NAT Read this section if you are running IPSec on a host computer behind the P-793H v2. Chapter 11 VPN 11.9.1 IPSec Architecture The overall IPSec architecture is incompatible with the AH protocol in order to use of encryption techniques...
... digitally signs the outbound packet, both Transport and Tunnel mode. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in both data 180 P-793H v2 User's Guide NAT is shown as DES (Data Encryption Standard) and Triple DES algorithms. The Authentication Algorithms, HMAC-MD5... set up a VPN. 11.9.2 IPSec and NAT Read this section if you are running IPSec on a host computer behind the P-793H v2. Chapter 11 VPN 11.9.1 IPSec Architecture The overall IPSec architecture is incompatible with the AH protocol in order to use of encryption techniques...