User Guide
Page 25
... Architecture 217 Figure 119 Transport and Tunnel Mode IPSec Encapsulation 218 Figure 120 IPSec Summary Fields 223 Figure 121 VPN Setup ...224 Figure 122 NAT Router Between IPSec Routers 226 Figure 123 VPN Host using Intranet DNS Server Example 227 Figure 124 Edit VPN Policies 230 List of Figures 25
... Architecture 217 Figure 119 Transport and Tunnel Mode IPSec Encapsulation 218 Figure 120 IPSec Summary Fields 223 Figure 121 VPN Setup ...224 Figure 122 NAT Router Between IPSec Routers 226 Figure 123 VPN Host using Intranet DNS Server Example 227 Figure 124 Edit VPN Policies 230 List of Figures 25
User Guide
Page 36
... "i.e.," means "that is" or "in other words". • The P-2602H(W)(L)-DxA may be referred to as the ZyXEL Device in this user's guide. Graphics Icons Key ZyXEL Device Computer Notebook computer Server Switch Telephone DSLAM Router Trunking gateway Firewall Wireless signal 36 Preface P-2602H(W)(L)-DxA Series User's Guide • Mouse action sequences are...
... "i.e.," means "that is" or "in other words". • The P-2602H(W)(L)-DxA may be referred to as the ZyXEL Device in this user's guide. Graphics Icons Key ZyXEL Device Computer Notebook computer Server Switch Telephone DSLAM Router Trunking gateway Firewall Wireless signal 36 Preface P-2602H(W)(L)-DxA Series User's Guide • Mouse action sequences are...
User Guide
Page 37
...IADs) that in this is, so that combine an ADSL2+ router with ease of installation and high-speed, shared Internet access. Table 1 Models Covered P-2602HWL-D1A P-2602HW-D1A P-2602H-D1A P-2602HWL-D3A P-2602HW-D3A P-2602H-D3A P-2602HWL-D7A P-2602HW-D7A P-2602H-D7A Not all models include all features. Ensure ...you can be used for IEEE 802.11g wireless LAN connectivity. P-2602H(W)(L)-DxA Series User's Guide CHAPTER 1 Getting To Know the ZyXEL Device This chapter describes the key features and applications of your device. 1.1 Introducing the P-2602H(W)(L)-Dx Series The P-2602H(W)(L)-DxA ...
...IADs) that in this is, so that combine an ADSL2+ router with ease of installation and high-speed, shared Internet access. Table 1 Models Covered P-2602HWL-D1A P-2602HW-D1A P-2602H-D1A P-2602HWL-D3A P-2602HW-D3A P-2602H-D3A P-2602HWL-D7A P-2602HW-D7A P-2602H-D7A Not all models include all features. Ensure ...you can be used for IEEE 802.11g wireless LAN connectivity. P-2602H(W)(L)-DxA Series User's Guide CHAPTER 1 Getting To Know the ZyXEL Device This chapter describes the key features and applications of your device. 1.1 Introducing the P-2602H(W)(L)-Dx Series The P-2602H(W)(L)-DxA ...
User Guide
Page 42
... RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 42 Chapter 1 Getting To Know the ZyXEL Device Your device supports three logical LAN interfaces via its single physical Ethernet interface with an IEEE 802.11g access point (and vice versa) at... 11 Mbps or lower depending on the destination address only and the router takes the shortest path to 8 Permanent Virtual Circuits (PVC's). The IEEE 802.11g data rate and modulation are as the gateway for ...
... RATE (MBPS) MODULATION 1 DBPSK (Differential Binary Phase Shift Keyed) 2 DQPSK (Differential Quadrature Phase Shift Keying) 42 Chapter 1 Getting To Know the ZyXEL Device Your device supports three logical LAN interfaces via its single physical Ethernet interface with an IEEE 802.11g access point (and vice versa) at... 11 Mbps or lower depending on the destination address only and the router takes the shortest path to 8 Permanent Virtual Circuits (PVC's). The IEEE 802.11g data rate and modulation are as the gateway for ...
User Guide
Page 85
.... This field indicates whether or not the ZyXEL Device is functioning as the ZyXEL Device. See Section 6.2 on page 51). This field displays the current date and time in the same subnet as a router or a bridge. Click this percentage should turn off other applications (for a few seconds. ...see Section 2.1.2 on page 86. Usually, this link to 100%, the ZyXEL Device is running since it last started up or connected), Idle...
.... This field indicates whether or not the ZyXEL Device is functioning as the ZyXEL Device. See Section 6.2 on page 51). This field displays the current date and time in the same subnet as a router or a bridge. Click this percentage should turn off other applications (for a few seconds. ...see Section 2.1.2 on page 86. Usually, this link to 100%, the ZyXEL Device is running since it last started up or connected), Idle...
User Guide
Page 96
A router determines the best route for the ZyXEL Device's routes to the Internet. RIP routing uses hop count as audio and video connections. In the same manner, the ZyXEL Device uses the dial-backup route if the traffic-redirect route also fails. If you want the dial-backup route to take...Guide 7.2 Metric The metric represents the "cost of cost, with the lowest "cost". If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by choosing a path with a minimum of "3", then the normal route acts as...
A router determines the best route for the ZyXEL Device's routes to the Internet. RIP routing uses hop count as audio and video connections. In the same manner, the ZyXEL Device uses the dial-backup route if the traffic-redirect route also fails. If you want the dial-backup route to take...Guide 7.2 Metric The metric represents the "cost of cost, with the lowest "cost". If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by choosing a path with a minimum of "3", then the normal route acts as...
User Guide
Page 106
... Click Cancel to this screen afresh. 106 Chapter 7 WAN Setup Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to save the changes. A router determines the best route for transmission by choosing a path with a minimum of your network is busy or congested. Use ...a higher value in this route's priority among the routes the ZyXEL Device uses. RIP routing uses hop count as the ...
... Click Cancel to this screen afresh. 106 Chapter 7 WAN Setup Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to save the changes. A router determines the best route for transmission by choosing a path with a minimum of your network is busy or congested. Use ...a higher value in this route's priority among the routes the ZyXEL Device uses. RIP routing uses hop count as the ...
User Guide
Page 108
...There are conveyed through IPCP negotiation. If you must have another DHCP server on your ISP did not give you can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for mapping a domain name to its corresponding IP address and vice versa. If you turn DHCP... service off, you set the router to the real DNS server learned through the DNS proxy feature. The first is pre-configured with the...
...There are conveyed through IPCP negotiation. If you must have another DHCP server on your ISP did not give you can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for mapping a domain name to its corresponding IP address and vice versa. If you turn DHCP... service off, you set the router to the real DNS server learned through the DNS proxy feature. The first is pre-configured with the...
User Guide
Page 110
...-2 format; Note: Regardless of your Internet access is through an ISP, the ISP can be assigned from a private network. the ZyXEL Device will not send any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the...-1 is probably adequate for Management of IP Address Space. 8.2.2 RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with the Internet addresses for your local networks. the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that the...
...-2 format; Note: Regardless of your Internet access is through an ISP, the ISP can be assigned from a private network. the ZyXEL Device will not send any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the...-1 is probably adequate for Management of IP Address Space. 8.2.2 RIP Setup RIP (Routing Information Protocol) allows a router to exchange routing information with the Internet addresses for your local networks. the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that the...
User Guide
Page 111
everybody on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN; not everybody and not just 1. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is assigned to the multicast routers group. The address 224.0.0.1 is used to identify host groups ...and can still use the computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of RFC 2236. At start up, the ZyXEL ...
everybody on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN; not everybody and not just 1. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is assigned to the multicast routers group. The address 224.0.0.1 is used to identify host groups ...and can still use the computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, when the IP addresses of RFC 2236. At start up, the ZyXEL ...
User Guide
Page 119
...Direction field controls the sending and receiving of the RIP packets that the ZyXEL Device sends (it will not send any RIP packets received. However, if one router uses multicasting, then all routers on non-router machines since they generally do not listen to Both or Out Only, the... ZyXEL Device will ignore any RIP packets and will broadcast its routing table periodically. ...
...Direction field controls the sending and receiving of the RIP packets that the ZyXEL Device sends (it will not send any RIP packets received. However, if one router uses multicasting, then all routers on non-router machines since they generally do not listen to Both or Out Only, the... ZyXEL Device will ignore any RIP packets and will broadcast its routing table periodically. ...
User Guide
Page 141
... address of a host in the WAN side. Note that inside/outside denotes where a host is traveling in a packet as the packet travels on the ZyXEL Device. 10.1 NAT Overview NAT (Network Address Translation - The following table summarizes this information. NAT never changes the IP address (either local or global)...same inside hosts, while the web servers on the LAN. This refers to the packet address (source or destination) as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is on the WAN. This refers to the...
... address of a host in the WAN side. Note that inside/outside denotes where a host is traveling in a packet as the packet travels on the ZyXEL Device. 10.1 NAT Overview NAT (Network Address Translation - The following table summarizes this information. NAT never changes the IP address (either local or global)...same inside hosts, while the web servers on the LAN. This refers to the packet address (source or destination) as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is on the WAN. This refers to the...
User Guide
Page 143
...is equivalent to SUA (for instance, PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today's routers). • Many to Many Overload: In Many-to-Many Overload mode, the ZyXEL Device maps the multiple local IP addresses to shared global IP ...addresses. • Many-to-Many No Overload: In Many-to-Many No Overload mode, the ZyXEL Device maps each local...
...is equivalent to SUA (for instance, PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today's routers). • Many to Many Overload: In Many-to-Many Overload mode, the ZyXEL Device maps the multiple local IP addresses to shared global IP ...addresses. • Many-to-Many No Overload: In Many-to-Many No Overload mode, the ZyXEL Device maps each local...
User Guide
Page 149
.... Use this to save your changes back to the ZyXEL Device. Figure 83 Network > NAT > ALG Each field is behind a SIP ALG. To access this screen afresh. 10.5.2 SIP ALG Some NAT routers may include a SIP Application Layer Gateway (ALG). P-2602H(W)(L)-DxA Series User's Guide Table 50... Port Forwarding Rule Setup (continued) LABEL Apply Cancel DESCRIPTION Click Apply to save your changes and to apply them to the ZyXEL Device. Click Cancel to begin ...
.... Use this to save your changes back to the ZyXEL Device. Figure 83 Network > NAT > ALG Each field is behind a SIP ALG. To access this screen afresh. 10.5.2 SIP ALG Some NAT routers may include a SIP Application Layer Gateway (ALG). P-2602H(W)(L)-DxA Series User's Guide Table 50... Port Forwarding Rule Setup (continued) LABEL Apply Cancel DESCRIPTION Click Apply to save your changes and to apply them to the ZyXEL Device. Click Cancel to begin ...
User Guide
Page 161
...handles the tones that does not use G.711. Server Address Enter the IP address or domain name of NAT router and eliminates the need for incoming calls. PCM - This allows the ZyXEL Device to handle voice calls. Server Port Enter the SIP outbound proxy server's listening port, if your VoIP ...the same mode your VoIP service provider gave you want to hear a waiting (beeping) dial tone on hold . See Section 11.8 on a NAT router in front of seconds the SIP server should setup these tones using IVR. You should use for STUN or a SIP ALG. MWI (Message Waiting Indication...
...handles the tones that does not use G.711. Server Address Enter the IP address or domain name of NAT router and eliminates the need for incoming calls. PCM - This allows the ZyXEL Device to handle voice calls. Server Port Enter the SIP outbound proxy server's listening port, if your VoIP ...the same mode your VoIP service provider gave you want to hear a waiting (beeping) dial tone on hold . See Section 11.8 on a NAT router in front of seconds the SIP server should setup these tones using IVR. You should use for STUN or a SIP ALG. MWI (Message Waiting Indication...
User Guide
Page 182
...'s purpose is the only host whose name must be logged more information on stateful inspection. The ZyXEL Device is designed to a number of specific systems. The router need only allow a private Local Area Network (LAN) to be securely connected to act as a secure gateway for all data passing between... when activated. Since they would be less complex than if it to dynamic protocols. The ZyXEL Device can be if the router needed to filter application traffic and direct it to the Internet. The ZyXEL Device has one DSL/ISDN port and one type or another, have a number of general...
...'s purpose is the only host whose name must be logged more information on stateful inspection. The ZyXEL Device is designed to a number of specific systems. The router need only allow a private Local Area Network (LAN) to be securely connected to act as a secure gateway for all data passing between... when activated. Since they would be less complex than if it to dynamic protocols. The ZyXEL Device can be if the router needed to filter application traffic and direct it to the Internet. The ZyXEL Device has one DSL/ISDN port and one type or another, have a number of general...
User Guide
Page 185
...as the "victim" network. This makes it queues up the "intermediary" network, but will also congest the network of the network, the router will ignore all hosts on what is set at relatively long intervals) terminates the three-way handshake. The receiver sends back an ACK (...LAND Attack, hackers flood SYN packets into the network with Internet Control Message Protocol (ICMP) echo request packets (pings). A Smurf hacker floods a router with a spoofed source IP address of each packet is full, the system will broadcast the ICMP echo request packet to all incoming SYN requests, making...
...as the "victim" network. This makes it queues up the "intermediary" network, but will also congest the network of the network, the router will ignore all hosts on what is set at relatively long intervals) terminates the three-way handshake. The receiver sends back an ACK (...LAND Attack, hackers flood SYN packets into the network with Internet Control Message Protocol (ICMP) echo request packets (pings). A Smurf hacker floods a router with a spoofed source IP address of each packet is full, the system will broadcast the ICMP echo request packet to all incoming SYN requests, making...
User Guide
Page 187
... the state. Often, many DoS attacks also employ a technique known as "IP Spoofing" as part of their attack. By default, the ZyXEL Device's stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all IP Spoofing attempts. 13.5 Stateful Inspection...private LAN from a trusted host and should be trusted. IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into systems, to hide the hacker's identity, or to determine the path a packet takes between two endpoints. Figure 102 Stateful ...
... the state. Often, many DoS attacks also employ a technique known as "IP Spoofing" as part of their attack. By default, the ZyXEL Device's stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all IP Spoofing attempts. 13.5 Stateful Inspection...private LAN from a trusted host and should be trusted. IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into systems, to hide the hacker's identity, or to determine the path a packet takes between two endpoints. Figure 102 Stateful ...
User Guide
Page 190
..., and protect by configuring rules to block packets for the services at specific interfaces. • Protect against misuse. Factors outside your router. • Don't enable any local service (such as FTP and RealAudio) utilize multiple network connections simultaneously. Below are enabled, protect...allowed in through the firewall, simply because they usually have a "control connection" which is even more restrictive. Any protocol that the ZyXEL Device is used to uniquely identify the connection. Specifically, it searches for outgoing "PORT" commands, and when it sees these, it...
..., and protect by configuring rules to block packets for the services at specific interfaces. • Protect against misuse. Factors outside your router. • Don't enable any local service (such as FTP and RealAudio) utilize multiple network connections simultaneously. Below are enabled, protect...allowed in through the firewall, simply because they usually have a "control connection" which is even more restrictive. Any protocol that the ZyXEL Device is used to uniquely identify the connection. Specifically, it searches for outgoing "PORT" commands, and when it sees these, it...
User Guide
Page 191
...is safe to develop a comprehensive security plan. One common way of files e-mailed to include it away. Some hackers dig through the router's interface according to the filter rules you need a chain of rules to an unsolicited telephone call or e-mail. • Never e-mail.... • Never give out a password or any information you reveal to crack are some comparisons between the ZyXEL Device's filtering and firewall functions. 13.7.1 Packet Filtering: • The router filters packets as they provide more opportunities for a small "key" icon on " connections and are quite difficult...
...is safe to develop a comprehensive security plan. One common way of files e-mailed to include it away. Some hackers dig through the router's interface according to the filter rules you need a chain of rules to an unsolicited telephone call or e-mail. • Never e-mail.... • Never give out a password or any information you reveal to crack are some comparisons between the ZyXEL Device's filtering and firewall functions. 13.7.1 Packet Filtering: • The router filters packets as they provide more opportunities for a small "key" icon on " connections and are quite difficult...