User Guide
Page 13
... Types 119 9.2 SUA (Single User Account) Versus NAT 120 9.3 NAT General Setup ...120 9.4 Port Forwarding ...121 9.4.1 Default Server IP Address 122 P-2802H(W)(L)-I Series User's Guide 13
... Types 119 9.2 SUA (Single User Account) Versus NAT 120 9.3 NAT General Setup ...120 9.4 Port Forwarding ...121 9.4.1 Default Server IP Address 122 P-2802H(W)(L)-I Series User's Guide 13
User Guide
Page 14
... Flash Key ...145 10.11.2 Europe Type Supplementary Phone Services 145 10.11.3 USA Type Supplementary Services 147 10.12 Phone Region Screen 148 10.13 Speed Dial ...148 10.14 Incoming Call Policy Screen 150 10.15 PSTN Line ("L" models only 152 14 P-2802H(W)(L)-I Series User's Guide
... Flash Key ...145 10.11.2 Europe Type Supplementary Phone Services 145 10.11.3 USA Type Supplementary Services 147 10.12 Phone Region Screen 148 10.13 Speed Dial ...148 10.14 Incoming Call Policy Screen 150 10.15 PSTN Line ("L" models only 152 14 P-2802H(W)(L)-I Series User's Guide
User Guide
Page 15
... 152 Chapter 11 Firewalls...155 11.1 Firewall Overview ...155 11.1.1 Stateful Inspection Firewall 155 11.1.2 About the ZyXEL Device Firewall 155 11.1.3 Guidelines For Enhancing Security With Your Firewall 156 11.2 General Firewall Policy Overview 156... 177 Chapter 13 Introduction to IPSec...179 13.1 VPN Overview ...179 13.1.1 IPSec ...179 13.1.2 Security Association 179 13.1.3 Other Terminology 179 13.1.4 VPN Applications 180 13.2 IPSec Architecture ...180 13.2.1 IPSec Algorithms ...181 13.2.2 Key Management 181 13.3 Encapsulation ...181 13.3.1 Transport Mode ...182 13.3.2 Tunnel Mode...
... 152 Chapter 11 Firewalls...155 11.1 Firewall Overview ...155 11.1.1 Stateful Inspection Firewall 155 11.1.2 About the ZyXEL Device Firewall 155 11.1.3 Guidelines For Enhancing Security With Your Firewall 156 11.2 General Firewall Policy Overview 156... 177 Chapter 13 Introduction to IPSec...179 13.1 VPN Overview ...179 13.1.1 IPSec ...179 13.1.2 Security Association 179 13.1.3 Other Terminology 179 13.1.4 VPN Applications 180 13.2 IPSec Architecture ...180 13.2.1 IPSec Algorithms ...181 13.2.2 Key Management 181 13.3 Encapsulation ...181 13.3.1 Transport Mode ...182 13.3.2 Tunnel Mode...
User Guide
Page 16
Table of Contents 13.4 IPSec and NAT ...182 Chapter 14 VPN Screens...185 14.1 VPN/IPSec Overview ...185 14.2 IPSec Algorithms ...185 14.2.1 AH (Authentication Header) Protocol 185 14.2.2 ....12 IKE Phases ...198 14.12.1 Negotiation Mode 199 14.12.2 Diffie-Hellman (DH) Key Groups 199 14.12.3 Perfect Forward Secrecy (PFS 200 14.13 Configuring Advanced IKE Settings 200 14.14 Manual Key Setup ...202 14.14.1 Security Parameter Index (SPI 202 14.15 Configuring Manual Key 203 14...
Table of Contents 13.4 IPSec and NAT ...182 Chapter 14 VPN Screens...185 14.1 VPN/IPSec Overview ...185 14.2 IPSec Algorithms ...185 14.2.1 AH (Authentication Header) Protocol 185 14.2.2 ....12 IKE Phases ...198 14.12.1 Negotiation Mode 199 14.12.2 Diffie-Hellman (DH) Key Groups 199 14.12.3 Perfect Forward Secrecy (PFS 200 14.13 Configuring Advanced IKE Settings 200 14.14 Manual Key Setup ...202 14.14.1 Security Parameter Index (SPI 202 14.15 Configuring Manual Key 203 14...
User Guide
Page 17
... Details ...224 15.11 Trusted Remote Hosts 226 15.12 Verifying a Trusted Remote Host's Certificate 228 15.12.1 Trusted Remote Host Certificate Fingerprints 228 15.13 Trusted Remote Hosts Import 229 15.14 Trusted Remote Host Certificate Details 229 15.15 Directory Servers ...232 15.16 Directory Server Add and Edit...
... Details ...224 15.11 Trusted Remote Hosts 226 15.12 Verifying a Trusted Remote Host's Certificate 228 15.12.1 Trusted Remote Host Certificate Fingerprints 228 15.13 Trusted Remote Hosts Import 229 15.14 Trusted Remote Host Certificate Details 229 15.15 Directory Servers ...232 15.16 Directory Server Add and Edit...
User Guide
Page 21
... Certificate Screen ...45 Figure 9 Wizard or Advanced Screen ...45 Figure 10 Main Screen ...46 Figure 11 Select a Mode ...54 Figure 12 Wizard Welcome ...54 Figure 13 Internet Access Wizard Setup: ISP Parameters 55 Figure 14 Internet Connection with PPPoE 56 Figure 15 Internet Connection with Ethernet 57 Figure 16 Connection Test...
... Certificate Screen ...45 Figure 9 Wizard or Advanced Screen ...45 Figure 10 Main Screen ...46 Figure 11 Select a Mode ...54 Figure 12 Wizard Welcome ...54 Figure 13 Internet Access Wizard Setup: ISP Parameters 55 Figure 14 Internet Connection with PPPoE 56 Figure 15 Internet Connection with Ethernet 57 Figure 16 Connection Test...
User Guide
Page 27
... Wizard 1 59 Table 10 Wireless LAN Setup Wizard 2 60 Table 11 Manually Assign a WPA-PSK key 61 Table 12 Manually Assign a WEP key 62 Table 13 Sample SIP Account Information 66 Table 14 VoIP Wizard Configuration ...67 Table 15 Status Screen ...74 Table 16 Any IP Table ...76 Table 17 WLAN...
... Wizard 1 59 Table 10 Wireless LAN Setup Wizard 2 60 Table 11 Manually Assign a WPA-PSK key 61 Table 12 Manually Assign a WEP key 62 Table 13 Sample SIP Account Information 66 Table 14 VoIP Wizard Configuration ...67 Table 15 Status Screen ...74 Table 16 Any IP Table ...76 Table 17 WLAN...
User Guide
Page 55
... your changes. 4 The next wizard screen varies depending on page 58 for wireless connection wizard setup " When you see depends on the ZyXEL Device. Exit Click Exit to get an IP address from the Encapsulation drop-down list box. See Section 3.3 on what protocol you chose... above. Chapter 3 Internet and Wireless Setup Wizard Figure 13 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in the Mode field. All screens shown are Ethernet and PPPoE....
... your changes. 4 The next wizard screen varies depending on page 58 for wireless connection wizard setup " When you see depends on the ZyXEL Device. Exit Click Exit to get an IP address from the Encapsulation drop-down list box. See Section 3.3 on what protocol you chose... above. Chapter 3 Internet and Wireless Setup Wizard Figure 13 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in the Mode field. All screens shown are Ethernet and PPPoE....
User Guide
Page 62
... P-2802H(W)(L)-I Series User's Guide Exit Click Exit to close the wizard screen without saving. 5 Click Apply to the next screen. Both the ZyXEL Device and the wireless stations must use the same WEP key for a 64-bit, 128-bit or 256-bit WEP key respectively. Figure 23...Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to display the previous screen. Back Click Back to encrypt data. Enter any 5, 13 or 29 ASCII characters or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for data transmission. Chapter 3 Internet and Wireless Setup Wizard Figure 22 ...
... P-2802H(W)(L)-I Series User's Guide Exit Click Exit to close the wizard screen without saving. 5 Click Apply to the next screen. Both the ZyXEL Device and the wireless stations must use the same WEP key for a 64-bit, 128-bit or 256-bit WEP key respectively. Figure 23...Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to display the previous screen. Back Click Back to encrypt data. Enter any 5, 13 or 29 ASCII characters or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for data transmission. Chapter 3 Internet and Wireless Setup Wizard Figure 22 ...
User Guide
Page 66
... your SIP server domain. Your VoIP service provider supplies you are finished, click Apply. Figure 27 Wizard: Welcome 3 Fill in your VoIP service provider. Table 13 Sample SIP Account Information INFORMATION FROM VOIP SERVICE EXAMPLE VALUES PROVIDER DESCRIPTION SIP account address [email protected] 11223344 is the IP address or...
... your SIP server domain. Your VoIP service provider supplies you are finished, click Apply. Figure 27 Wizard: Welcome 3 Fill in your VoIP service provider. Table 13 Sample SIP Account Information INFORMATION FROM VOIP SERVICE EXAMPLE VALUES PROVIDER DESCRIPTION SIP account address [email protected] 11223344 is the IP address or...
User Guide
Page 67
....com). SIP Server Address Type the IP address or domain name of the SIP server in this SIP account with the user name above. Table 13 Sample SIP Account Information INFORMATION FROM VOIP SERVICE EXAMPLE VALUES PROVIDER Username VoIPUser Password Password Figure 28 VoIP Wizard Configuration Chapter 4 VoIP Wizard And Example...
....com). SIP Server Address Type the IP address or domain name of the SIP server in this SIP account with the user name above. Table 13 Sample SIP Account Information INFORMATION FROM VOIP SERVICE EXAMPLE VALUES PROVIDER Username VoIPUser Password Password Figure 28 VoIP Wizard Configuration Chapter 4 VoIP Wizard And Example...
User Guide
Page 107
...drop-down list box. Table 32 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the Security Mode list. Both the ZyXEL Device and the wireless stations must use the same WEP key for a 64-bit, 128-bit or 256-bit WEP key respectively. 8.4.3 ... Chapter 8 Wireless LAN The following table describes the wireless LAN security labels in this screen. The ZyXEL Device automatically generates a WEP key. If you want to manually set the WEP key, enter any 5, 13 or 29 characters (ASCII string) or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for data ...
...drop-down list box. Table 32 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the Security Mode list. Both the ZyXEL Device and the wireless stations must use the same WEP key for a 64-bit, 128-bit or 256-bit WEP key respectively. 8.4.3 ... Chapter 8 Wireless LAN The following table describes the wireless LAN security labels in this screen. The ZyXEL Device automatically generates a WEP key. If you want to manually set the WEP key, enter any 5, 13 or 29 characters (ASCII string) or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for data ...
User Guide
Page 148
... a phone number directly to make peer-to its last-saved value. 10.13 Speed Dial Speed dial provides shortcuts for dialing frequently used (VoIP) phone numbers... VoIP service provider supports. use them to set every field in which region of the world the ZyXEL Device is located. Table 56 VoIP > Phone > Region LABEL DESCRIPTION Region Settings Select the place ...in this screen to call SIP numbers that depend on which the ZyXEL Device is in. Contact your changes and to apply them . Call Service Mode Select the mode for ...
... a phone number directly to make peer-to its last-saved value. 10.13 Speed Dial Speed dial provides shortcuts for dialing frequently used (VoIP) phone numbers... VoIP service provider supports. use them to set every field in which region of the world the ZyXEL Device is located. Table 56 VoIP > Phone > Region LABEL DESCRIPTION Region Settings Select the place ...in this screen to call SIP numbers that depend on which the ZyXEL Device is in. Contact your changes and to apply them . Call Service Mode Select the mode for ...
User Guide
Page 179
...technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication. 13.1.1 IPSec Internet Protocol Security (IPSec) is a mathematical operation that transforms "ciphertext" to plaintext. A secure VPN is a ...Security Association (SA) is a contract between two parties indicating what security parameters, such as keys and algorithms they will use. 13.1.3 Other Terminology 13.1.3.1 Encryption Encryption is a mathematical operation that transforms data from "plaintext" (readable) to "ciphertext" (scrambled text) using a ...
...technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication. 13.1.1 IPSec Internet Protocol Security (IPSec) is a mathematical operation that transforms "ciphertext" to plaintext. A secure VPN is a ...Security Association (SA) is a contract between two parties indicating what security parameters, such as keys and algorithms they will use. 13.1.3 Other Terminology 13.1.3.1 Encryption Encryption is a mathematical operation that transforms data from "plaintext" (readable) to "ciphertext" (scrambled text) using a ...
User Guide
Page 180
This service depends on the data integrity service. 13.1.4 VPN Applications The ZyXEL Device supports the following VPN applications. • Linking Two or More Private Networks Together Connect branch offices and business partners over the ... IPSec architecture is shown as follows. 180 P-2802H(W)(L)-I Series User's Guide Chapter 13 Introduction to IPSec Figure 103 Encryption and Decryption 13.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 13.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to...
This service depends on the data integrity service. 13.1.4 VPN Applications The ZyXEL Device supports the following VPN applications. • Linking Two or More Private Networks Together Connect branch offices and business partners over the ... IPSec architecture is shown as follows. 180 P-2802H(W)(L)-I Series User's Guide Chapter 13 Introduction to IPSec Figure 103 Encryption and Decryption 13.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 13.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to...
User Guide
Page 181
...RFC 2404, provide an authentication mechanism for the AH and ESP protocols. Please seeSection 14.2 on page 185for more information. 13.2.2 Key Management Key management allows you to determine whether to use of operation for packet structure (including implementation algorithms). The ...Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to IPSec 13.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe...
...RFC 2404, provide an authentication mechanism for the AH and ESP protocols. Please seeSection 14.2 on page 185for more information. 13.2.2 Key Management Key management allows you to determine whether to use of operation for packet structure (including implementation algorithms). The ...Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to IPSec 13.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe...
User Guide
Page 182
... into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process. 13.3.2 Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely. With ESP, protection is applied only to internal systems. Tunnel mode... not used to protect upper layer protocols and only affects the data in the IP packet. With the use of the final system behind the ZyXEL Device. When using the AH protocol digitally signs the outbound packet, both Transport and Tunnel mode. Tunnel mode communications have two sets of IP ...
... into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process. 13.3.2 Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely. With ESP, protection is applied only to internal systems. Tunnel mode... not used to protect upper layer protocols and only affects the data in the IP packet. With the use of the final system behind the ZyXEL Device. When using the AH protocol digitally signs the outbound packet, both Transport and Tunnel mode. Tunnel mode communications have two sets of IP ...
User Guide
Page 183
... because integrity checks are signed with authentication, the packet contents (in this case, the entire original packet) are encrypted. Transport mode ESP with NAT. Chapter 13 Introduction to IPSec A NAT device in between the IPSec endpoints will verify the integrity of the incoming packet by a NAT device. The VPN device at...
... because integrity checks are signed with authentication, the packet contents (in this case, the entire original packet) are encrypted. Transport mode ESP with NAT. Chapter 13 Introduction to IPSec A NAT device in between the IPSec endpoints will verify the integrity of the incoming packet by a NAT device. The VPN device at...
User Guide
Page 191
...is the IP address, domain name, or e-mail address. In order to access computers that use separate passwords to simultaneously connect to the ZyXEL Device from remote IPSec routers that have dynamic WAN IP addresses. Telecommuters can only distinguish between up to 12 different incoming SAs that connect...groups (DH1 and DH2) when you to headquarters. The type of the ID type and content configuration, the ZyXEL Device does not allow you configure a VPN rule (seeSection 14.13 on page 199), the ID type and content are created from remote IPSec routers that have dynamic WAN IP ...
...is the IP address, domain name, or e-mail address. In order to access computers that use separate passwords to simultaneously connect to the ZyXEL Device from remote IPSec routers that have dynamic WAN IP addresses. Telecommuters can only distinguish between up to 12 different incoming SAs that connect...groups (DH1 and DH2) when you to headquarters. The type of the ID type and content configuration, the ZyXEL Device does not allow you configure a VPN rule (seeSection 14.13 on page 199), the ID type and content are created from remote IPSec routers that have dynamic WAN IP ...