User Guide
Page 9
Contents Overview Contents Overview Introduction ...29 Getting to Know Your NBG420N 31 The WPS Button ...35 Introducing the Web Configurator 37 Connection Wizard ...49 AP Mode ...65 Tutorials ...73 Network ...87 Wireless LAN ...89 WAN ......117 LAN ...127 DHCP ...133 Network Address Translation (NAT 137 Dynamic DNS ...147 Security ...151 Firewall ...153 Content Filtering ...161 IPSec VPN ...165 Management ...193 Static Route Screens ...195 Bandwidth Management ...199 Remote Management ...209 Universal Plug-and-Play (UPnP 215 Maintenance and Troubleshooting 227 System ...229...
Contents Overview Contents Overview Introduction ...29 Getting to Know Your NBG420N 31 The WPS Button ...35 Introducing the Web Configurator 37 Connection Wizard ...49 AP Mode ...65 Tutorials ...73 Network ...87 Wireless LAN ...89 WAN ......117 LAN ...127 DHCP ...133 Network Address Translation (NAT 137 Dynamic DNS ...147 Security ...151 Firewall ...153 Content Filtering ...161 IPSec VPN ...165 Management ...193 Static Route Screens ...195 Bandwidth Management ...199 Remote Management ...209 Universal Plug-and-Play (UPnP 215 Maintenance and Troubleshooting 227 System ...229...
User Guide
Page 12
...Summary: Any IP Table 44 3.5.3 Summary: Bandwidth Management Monitor 44 3.5.4 Summary: DHCP Table 45 3.5.5 Summary: Packet Statistics 46 3.5.6 Summary: VPN Monitor 47 3.5.7 Summary: Wireless Station Status 47 Chapter 4 Connection Wizard ...49 4.1 Wizard Setup ...49 4.2 Connection Wizard: STEP 1: System... Wizard: STEP 4: Bandwidth management 62 4.6 Connection Wizard Complete 62 Chapter 5 AP Mode...65 5.1 AP Mode Overview ...65 5.2 Setting your NBG420N to AP Mode 65 5.3 The Status Screen in AP Mode 66 5.3.1 Navigation Panel ...68 5.4 Configuring Your Settings ...69 5.4.1 LAN Settings ...
...Summary: Any IP Table 44 3.5.3 Summary: Bandwidth Management Monitor 44 3.5.4 Summary: DHCP Table 45 3.5.5 Summary: Packet Statistics 46 3.5.6 Summary: VPN Monitor 47 3.5.7 Summary: Wireless Station Status 47 Chapter 4 Connection Wizard ...49 4.1 Wizard Setup ...49 4.2 Connection Wizard: STEP 1: System... Wizard: STEP 4: Bandwidth management 62 4.6 Connection Wizard Complete 62 Chapter 5 AP Mode...65 5.1 AP Mode Overview ...65 5.2 Setting your NBG420N to AP Mode 65 5.3 The Status Screen in AP Mode 66 5.3.1 Navigation Panel ...68 5.4 Configuring Your Settings ...69 5.4.1 LAN Settings ...
User Guide
Page 13
... Wireless Client 73 6.1.3 Enable and Configure Wireless Security without WPS on your NBG420N 76 6.1.4 Configure Your Notebook 78 6.2 Site-To-Site VPN Tunnel Tutorial 80 6.2.1 Configuring Bob's NBG420N VPN Settings 81 6.2.2 Configuring Jack's NBG420N VPN Settings 83 6.2.3 Checking the VPN Connection 84 Part II: Network 87 Chapter 7 Wireless LAN...89 7.1 Wireless Network Overview 89 7.2 Wireless ... ...107 7.10 iPod Touch Web Configurator 108 7.10.1 Login Screen ...109 7.10.2 System Status ...110 7.10.3 WPS in Progress ...112 7.10.4 Port Forwarding ...113 NBG420N User's Guide 13
... Wireless Client 73 6.1.3 Enable and Configure Wireless Security without WPS on your NBG420N 76 6.1.4 Configure Your Notebook 78 6.2 Site-To-Site VPN Tunnel Tutorial 80 6.2.1 Configuring Bob's NBG420N VPN Settings 81 6.2.2 Configuring Jack's NBG420N VPN Settings 83 6.2.3 Checking the VPN Connection 84 Part II: Network 87 Chapter 7 Wireless LAN...89 7.1 Wireless Network Overview 89 7.2 Wireless ... ...107 7.10 iPod Touch Web Configurator 108 7.10.1 Login Screen ...109 7.10.2 System Status ...110 7.10.3 WPS in Progress ...112 7.10.4 Port Forwarding ...113 NBG420N User's Guide 13
User Guide
Page 15
... Wildcard 147 12.2 Dynamic DNS Screen ...147 Part III: Security 151 Chapter 13 Firewall...153 13.1 Introduction to ZyXEL's Firewall 153 13.1.1 What is a Firewall 153 13.1.2 Stateful Inspection Firewall 153 13.1.3 About the NBG420N Firewall 153 13.1.4 Guidelines For Enhancing Security With Your Firewall 154 13.2 Triangle Routes ...154 13.2.1 Triangle... 164 14.6.1 Domain Name or IP Address URL Checking 164 14.6.2 Full Path URL Checking 164 14.6.3 File Name URL Checking 164 Chapter 15 IPSec VPN...165 NBG420N User's Guide 15
... Wildcard 147 12.2 Dynamic DNS Screen ...147 Part III: Security 151 Chapter 13 Firewall...153 13.1 Introduction to ZyXEL's Firewall 153 13.1.1 What is a Firewall 153 13.1.2 Stateful Inspection Firewall 153 13.1.3 About the NBG420N Firewall 153 13.1.4 Guidelines For Enhancing Security With Your Firewall 154 13.2 Triangle Routes ...154 13.2.1 Triangle... 164 14.6.1 Domain Name or IP Address URL Checking 164 14.6.2 Full Path URL Checking 164 14.6.3 File Name URL Checking 164 Chapter 15 IPSec VPN...165 NBG420N User's Guide 15
User Guide
Page 16
... SA (IKE Phase 2) Overview 167 15.2 The General Screen ...167 15.2.1 VPN Rule Setup (Basic 168 15.2.2 VPN Rule Setup (Advanced 173 15.2.3 VPN Rule Setup (Manual 179 15.3 The SA Monitor Screen 183 15.4 VPN and Remote Management 184 15.5 IPSec VPN Technical Reference 185 Part IV: Management 193 Chapter 16 Static Route Screens... Rule Configuration 205 17.10 Bandwidth Management Monitor 206 Chapter 18 Remote Management...209 18.1 Remote Management Overview 209 18.1.1 Remote Management Limitations 209 16 NBG420N User's Guide
... SA (IKE Phase 2) Overview 167 15.2 The General Screen ...167 15.2.1 VPN Rule Setup (Basic 168 15.2.2 VPN Rule Setup (Advanced 173 15.2.3 VPN Rule Setup (Manual 179 15.3 The SA Monitor Screen 183 15.4 VPN and Remote Management 184 15.5 IPSec VPN Technical Reference 185 Part IV: Management 193 Chapter 16 Static Route Screens... Rule Configuration 205 17.10 Bandwidth Management Monitor 206 Chapter 18 Remote Management...209 18.1 Remote Management Overview 209 18.1.1 Remote Management Limitations 209 16 NBG420N User's Guide
User Guide
Page 19
... Figure 7 Any IP Table ...44 Figure 8 Summary: BW MGMT Monitor 45 Figure 9 Summary: DHCP Table ...45 Figure 10 Summary: Packet Statistics 46 Figure 11 Summary: VPN Monitor ...47 Figure 12 Summary: Wireless Association List 47 Figure 13 Select Wizard or Advanced Mode 49 Figure 14 Select a Language ...50 Figure 15 Welcome... Internet 73 Figure 36 Example WPS Process: PBC Method 75 Figure 37 Example WPS Process: PIN Method 76 Figure 38 Network > Wireless LAN > General 77 NBG420N User's Guide 19
... Figure 7 Any IP Table ...44 Figure 8 Summary: BW MGMT Monitor 45 Figure 9 Summary: DHCP Table ...45 Figure 10 Summary: Packet Statistics 46 Figure 11 Summary: VPN Monitor ...47 Figure 12 Summary: Wireless Association List 47 Figure 13 Select Wizard or Advanced Mode 49 Figure 14 Select a Language ...50 Figure 15 Welcome... Internet 73 Figure 36 Example WPS Process: PBC Method 75 Figure 37 Example WPS Process: PIN Method 76 Figure 38 Network > Wireless LAN > General 77 NBG420N User's Guide 19
User Guide
Page 20
...Figure 41 Security Settings ...79 Figure 42 Confirm Save ...79 Figure 43 Link Status ...80 Figure 44 Site-To-Site VPN Tunnel ...80 Figure 45 Property ...81 Figure 46 Local Policy ...81 Figure 47 Remote Policy ...82 Figure 48 Authentication... Method ...82 Figure 49 IPSec Algorithm ...82 Figure 50 VPN Summary ...83 Figure 51 Property ...83 Figure 52 Local Policy ...83 Figure 53 Remote Policy ...83 Figure 54 ...Network > WAN > Internet Connection: PPTP Encapsulation 123 Figure 81 Network > WAN > Advanced 125 20 NBG420N User's Guide
...Figure 41 Security Settings ...79 Figure 42 Confirm Save ...79 Figure 43 Link Status ...80 Figure 44 Site-To-Site VPN Tunnel ...80 Figure 45 Property ...81 Figure 46 Local Policy ...81 Figure 47 Remote Policy ...82 Figure 48 Authentication... Method ...82 Figure 49 IPSec Algorithm ...82 Figure 50 VPN Summary ...83 Figure 51 Property ...83 Figure 52 Local Policy ...83 Figure 53 Remote Policy ...83 Figure 54 ...Network > WAN > Internet Connection: PPTP Encapsulation 123 Figure 81 Network > WAN > Advanced 125 20 NBG420N User's Guide
User Guide
Page 21
... IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange 185 Figure 113 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication 186 Figure 114 VPN/NAT Example ...188 Figure 115 VPN: Transport and Tunnel Mode Encapsulation 189 Figure 116 Private DNS Server Example 191 Figure 117 Example of Static Routing Topology 195 Figure 118... MGMT > Advanced 203 Figure 123 Bandwidth Management Rule Configuration: Pre-defined Service 205 Figure 124 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration 206 NBG420N User's Guide 21
... IKE SA: Main Negotiation Mode, Steps 3 - 4: DH Key Exchange 185 Figure 113 IKE SA: Main Negotiation Mode, Steps 5 - 6: Authentication 186 Figure 114 VPN/NAT Example ...188 Figure 115 VPN: Transport and Tunnel Mode Encapsulation 189 Figure 116 Private DNS Server Example 191 Figure 117 Example of Static Routing Topology 195 Figure 118... MGMT > Advanced 203 Figure 123 Bandwidth Management Rule Configuration: Pre-defined Service 205 Figure 124 Management > Bandwidth MGMT > Advanced: User-defined Service Rule Configuration 206 NBG420N User's Guide 21
User Guide
Page 25
... Management 62 Table 23 Web Configurator Status Screen 67 Table 24 Screens Summary ...68 Table 25 Network > LAN > IP ...70 Table 26 Site-To-Site VPN Tunnel Settings 80 Table 27 Types of Encryption for Each Type of Tables Table 1 Features Available in Router Mode vs. List of Tables List of... Filter 102 Table 35 Network > Wireless LAN > Advanced 103 Table 36 Network > Wireless LAN > QoS 104 Table 37 WPS ...106 Table 38 WPS Station ...107 NBG420N User's Guide 25
... Management 62 Table 23 Web Configurator Status Screen 67 Table 24 Screens Summary ...68 Table 25 Network > LAN > IP ...70 Table 26 Site-To-Site VPN Tunnel Settings 80 Table 27 Types of Encryption for Each Type of Tables Table 1 Features Available in Router Mode vs. List of Tables List of... Filter 102 Table 35 Network > Wireless LAN > Advanced 103 Table 36 Network > Wireless LAN > QoS 104 Table 37 WPS ...106 Table 38 WPS Station ...107 NBG420N User's Guide 25
User Guide
Page 26
... Security > Content Filter > Schedule 163 Table 62 Security > VPN > General ...168 Table 63 SECURITY > VPN > Rule Setup: IKE (Basic 170 Table 64 Security > VPN > Rule Setup: IKE (Advanced 175 Table 65 Security > VPN > Rule Setup: Manual 180 Table 66 Security > VPN > SA Monitor 184 Table 67 VPN Example: Matching ID Type and Content 186 Table 68... Rule Configuration . 206 Table 79 Management > Remote MGMT > WWW 210 Table 80 Management > Remote MGMT > Telnet 211 Table 81 Management > Remote MGMT > FTP 212 26 NBG420N User's Guide
... Security > Content Filter > Schedule 163 Table 62 Security > VPN > General ...168 Table 63 SECURITY > VPN > Rule Setup: IKE (Basic 170 Table 64 Security > VPN > Rule Setup: IKE (Advanced 175 Table 65 Security > VPN > Rule Setup: Manual 180 Table 66 Security > VPN > SA Monitor 184 Table 67 VPN Example: Matching ID Type and Content 186 Table 68... Rule Configuration . 206 Table 79 Management > Remote MGMT > WWW 210 Table 80 Management > Remote MGMT > Telnet 211 Table 81 Management > Remote MGMT > FTP 212 26 NBG420N User's Guide
User Guide
Page 31
... set to the Internet. The following figure shows computers in a WLAN connecting to the NBG420N (A), which has a DSL connection to Router Mode and has router features such as a firewall, IPSec VPN and content filtering are also available. The NBG420N also uses MIMO (Multiple-In, Multiple-Out) antenna technology to deliver high-speed wireless...
... set to the Internet. The following figure shows computers in a WLAN connecting to the NBG420N (A), which has a DSL connection to Router Mode and has router features such as a firewall, IPSec VPN and content filtering are also available. The NBG420N also uses MIMO (Multiple-In, Multiple-Out) antenna technology to deliver high-speed wireless...
User Guide
Page 32
... allocate network bandwidth to specific applications and or subnets. AP Features The following figure shows computers in a WLAN connecting to the NBG420N, which features are not in Router or AP Mode. Firewall YES NO This establishes a network security barrier, protecting your network...table shows which acts as the other computers connected to access the NBG420N when the IP addresses of the computer and the NBG420N are available in the same subnet.) VPN YES NO A virtual private network (VPN) provides secure communications between your network and the Internet. Table 1 ...
... allocate network bandwidth to specific applications and or subnets. AP Features The following figure shows computers in a WLAN connecting to the NBG420N, which features are not in Router or AP Mode. Firewall YES NO This establishes a network security barrier, protecting your network...table shows which acts as the other computers connected to access the NBG420N when the IP addresses of the computer and the NBG420N are available in the same subnet.) VPN YES NO A virtual private network (VPN) provides secure communications between your network and the Internet. Table 1 ...
User Guide
Page 42
...Up when the WLAN is enabled or Down when the WLAN is disabled. Summary Any IP Table Use this screen to configure NBG420N features. VPN Monitor Use this screen to view details of individual services. WLAN Station Status Use this screen to configure advanced wireless settings. WPS... Station Use this screen to view the wireless stations that are currently associated to the NBG420N. 3.5.1 Navigation Panel Use the sub-menus on the navigation panel to view the active VPN connections. WMM QoS allows you to add a wireless station using PPPoE or PPTP encapsulation. ...
...Up when the WLAN is enabled or Down when the WLAN is disabled. Summary Any IP Table Use this screen to configure NBG420N features. VPN Monitor Use this screen to view details of individual services. WLAN Station Status Use this screen to configure advanced wireless settings. WPS... Station Use this screen to view the wireless stations that are currently associated to the NBG420N. 3.5.1 Navigation Panel Use the sub-menus on the navigation panel to view the active VPN connections. WMM QoS allows you to add a wireless station using PPPoE or PPTP encapsulation. ...
User Guide
Page 43
...to configure through which interface(s) and from which IP address(es) users can use Telnet to the NBG420N. Use this screen to configure IP static routes. Use this screen to configure VPN connections and view the rule summary. Use this screen to enable UPnP on their MAC addresses and ...to perform content filtering. Use this screen to configure servers behind the NBG420N. Use this screen to set the days and times...
...to configure through which interface(s) and from which IP address(es) users can use Telnet to the NBG420N. Use this screen to configure IP static routes. Use this screen to configure VPN connections and view the rule summary. Use this screen to enable UPnP on their MAC addresses and ...to perform content filtering. Use this screen to configure servers behind the NBG420N. Use this screen to set the days and times...
User Guide
Page 47
...readonly information about the active VPN connections. Association means that are currently associated to a specific VPN tunnel. Table 8 Summary: Wireless Association List LABEL DESCRIPTION # This is the group of security settings related to the NBG420N in this screen. IPSec... 3 Introducing the Web Configurator 3.5.6 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. A Security Association (SA) is the security association index number. Both AH and ESP increase NBG420N processing requirements and communications latency (delay). Refresh...
...readonly information about the active VPN connections. Association means that are currently associated to a specific VPN tunnel. Table 8 Summary: Wireless Association List LABEL DESCRIPTION # This is the group of security settings related to the NBG420N in this screen. IPSec... 3 Introducing the Web Configurator 3.5.6 Summary: VPN Monitor Click the VPN Monitor (Details...) hyperlink in the Status screen. A Security Association (SA) is the security association index number. Both AH and ESP increase NBG420N processing requirements and communications latency (delay). Refresh...
User Guide
Page 56
... benefits of PPPoE is a network protocol that part of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks. Refer to the appendix for more information on -demand, multi-protocol, and virtual private networking over Ethernet ... as it requires no specific configuration of multiple network services, a function known as the Internet. By implementing PPPoE directly on the NBG420N (rather than individual computers), the computers on PPPoE. Service Name Type the name of the LAN's computers will have Internet access....
... benefits of PPPoE is a network protocol that part of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks. Refer to the appendix for more information on -demand, multi-protocol, and virtual private networking over Ethernet ... as it requires no specific configuration of multiple network services, a function known as the Internet. By implementing PPPoE directly on the NBG420N (rather than individual computers), the computers on PPPoE. Service Name Type the name of the LAN's computers will have Internet access....
User Guide
Page 80
....168.1.35 BOB JACK 10.0.0.7 1.1.1.1 2.2.2.2 The following table describes the VPN settings that must be configured on Bob and Jack's NBG420N routers. Table 26 Site-To-Site VPN Tunnel Settings SETTING BOB'S NBG420N JACK'S NBG420N Active IPSec Keying Mode YES IKE YES IKE Local Address 192.168.1.35..., open your connection is successfully configured. 6.2 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to create a secure connection. Chapter 6 Tutorials Figure 43 Link Status 8 If your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the...
....168.1.35 BOB JACK 10.0.0.7 1.1.1.1 2.2.2.2 The following table describes the VPN settings that must be configured on Bob and Jack's NBG420N routers. Table 26 Site-To-Site VPN Tunnel Settings SETTING BOB'S NBG420N JACK'S NBG420N Active IPSec Keying Mode YES IKE YES IKE Local Address 192.168.1.35..., open your connection is successfully configured. 6.2 Site-To-Site VPN Tunnel Tutorial Bob and Jack want to create a secure connection. Chapter 6 Tutorials Figure 43 Link Status 8 If your Internet browser and enter http:// www.zyxel.com or the URL of any other web site in the...
User Guide
Page 81
...IP address "10.0.0.7" in the Remote Address Start text box. Chapter 6 Tutorials Table 26 Site-To-Site VPN Tunnel Settings (continued) SETTING BOB'S NBG420N JACK'S NBG420N Local ID Type IP IP Local Content Secure Gateway Address 1.1.1.1 2.2.2.2 2.2.2.2 1.1.1.1 Peer ID Type Peer Content ... Encryption Algorithm 3DES 3DES Authentication Algorithm SHA1 SHA1 6.2.1 Configuring Bob's NBG420N VPN Settings To configure these settings Bob uses the NBG420N web configurator. 1 Log into the NBG420N web configurator and click VPN > Modify icon. Figure 46 Local Policy 4 Enter the IP ...
...IP address "10.0.0.7" in the Remote Address Start text box. Chapter 6 Tutorials Table 26 Site-To-Site VPN Tunnel Settings (continued) SETTING BOB'S NBG420N JACK'S NBG420N Local ID Type IP IP Local Content Secure Gateway Address 1.1.1.1 2.2.2.2 2.2.2.2 1.1.1.1 Peer ID Type Peer Content ... Encryption Algorithm 3DES 3DES Authentication Algorithm SHA1 SHA1 6.2.1 Configuring Bob's NBG420N VPN Settings To configure these settings Bob uses the NBG420N web configurator. 1 Log into the NBG420N web configurator and click VPN > Modify icon. Figure 46 Local Policy 4 Enter the IP ...
User Guide
Page 82
... 47 Remote Policy 5 Enter the IP address "1.1.1.1" in the Peer Content text box. This identifies Bob's NBG420N to the VPN Summary screen. This is Jack's WAN IP address. 8 Select IP as shown below. 82 NBG420N User's Guide Figure 49 IPSec Algorithm 12 Click Apply to save the new rule and click... VPN to return to Jack's NBG420N. 7 Enter the IP address "2.2.2.2" in the Local Content text box. Chapter 6 Tutorials End/Mask ...
... 47 Remote Policy 5 Enter the IP address "1.1.1.1" in the Peer Content text box. This identifies Bob's NBG420N to the VPN Summary screen. This is Jack's WAN IP address. 8 Select IP as shown below. 82 NBG420N User's Guide Figure 49 IPSec Algorithm 12 Click Apply to save the new rule and click... VPN to return to Jack's NBG420N. 7 Enter the IP address "2.2.2.2" in the Local Content text box. Chapter 6 Tutorials End/Mask ...
User Guide
Page 83
...Mask text box. This is the IP address of Jack's computer. Figure 50 VPN Summary Chapter 6 Tutorials 6.2.2 Configuring Jack's NBG420N VPN Settings To configure these settings Jack uses the NBG420N web configurator. 1 Log into the NBG420N web configurator and click VPN > Modify icon. This is the IP address of Jack's computer. This .... This is the same as Bob only wants Jack to access this single IP address. NBG420N User's Guide 83 This value is selected as Jack only wants Bob to enable the VPN rule after it has been created. Make sure IKE is the same as the IPSec Keying...
...Mask text box. This is the IP address of Jack's computer. Figure 50 VPN Summary Chapter 6 Tutorials 6.2.2 Configuring Jack's NBG420N VPN Settings To configure these settings Jack uses the NBG420N web configurator. 1 Log into the NBG420N web configurator and click VPN > Modify icon. This is the IP address of Jack's computer. This .... This is the same as Bob only wants Jack to access this single IP address. NBG420N User's Guide 83 This value is selected as Jack only wants Bob to enable the VPN rule after it has been created. Make sure IKE is the same as the IPSec Keying...