User Guide
Page 3
...mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Trademarks ZyNOS (ZyXEL Network Operating System) is subject to make changes in any form or by ZyXEL Communications Corporation. Other trademarks mentioned in ... system, translated into any language, or transmitted in any products described herein without notice. Published by ZyXEL Communications Corporation. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any license under its patent...
...mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Trademarks ZyNOS (ZyXEL Network Operating System) is subject to make changes in any form or by ZyXEL Communications Corporation. Other trademarks mentioned in ... system, translated into any language, or transmitted in any products described herein without notice. Published by ZyXEL Communications Corporation. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any license under its patent...
User Guide
Page 15
...'s Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13.1.2.3 Authentication...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
...'s Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13.1.2.3 Authentication...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
User Guide
Page 21
... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
User Guide
Page 26
... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
User Guide
Page 29
...to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications ...ZyXEL Device using a right angle bracket ( > ). They contain connection information and instructions on your ZyXEL... Device. User Guide Feedback Help us help you ! Thank you ! P-334U/P-335U User's Guide Preface Congratulations on getting started. • Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. • ZyXEL... Glossary and Web Site Please refer to www.zyxel.com for an online glossary of ...
...to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications ...ZyXEL Device using a right angle bracket ( > ). They contain connection information and instructions on your ZyXEL... Device. User Guide Feedback Help us help you ! Thank you ! P-334U/P-335U User's Guide Preface Congratulations on getting started. • Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. • ZyXEL... Glossary and Web Site Please refer to www.zyxel.com for an online glossary of ...
User Guide
Page 35
... is sending/receiving data. The ZyXEL Device is not receiving power. The ZyXEL Device has a successful 100Mb Ethernet connection. The LED remains on unless the WLAN settings are manually configured after OTIST is not ready or has failed. The print server is not sending/receiving data through the IEEE ...802.11b or g wireless LAN. The ZyXEL Device is in IEEE 802.11b or g wireless LAN mode...
... is sending/receiving data. The ZyXEL Device is not receiving power. The ZyXEL Device has a successful 100Mb Ethernet connection. The LED remains on unless the WLAN settings are manually configured after OTIST is not ready or has failed. The print server is not sending/receiving data through the IEEE ...802.11b or g wireless LAN. The ZyXEL Device is in IEEE 802.11b or g wireless LAN mode...
User Guide
Page 44
...Web Configurator Figure 10 Summary: DHCP Table The following table describes the labels in the Status screen. You can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. Read-only information here relates to your LAN, or else the ...computer must have another DHCP server on your DHCP status. Table 5 Summary: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually ...
...Web Configurator Figure 10 Summary: DHCP Table The following table describes the labels in the Status screen. You can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. Read-only information here relates to your LAN, or else the ...computer must have another DHCP server on your DHCP status. Table 5 Summary: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually ...
User Guide
Page 63
... change the setting or upload a different "rom" file. The MAC address is advisable to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require MAC address authentication. It will be copied to continue...192.168.1.32; 192.168.1.65-192.168.1.254. 255.255.255.0 192.168.1.1(ZyXEL Device LAN IP) This screen allows users to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is assigned at the factory and consists of six pairs...
... change the setting or upload a different "rom" file. The MAC address is advisable to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require MAC address authentication. It will be copied to continue...192.168.1.32; 192.168.1.65-192.168.1.254. 255.255.255.0 192.168.1.1(ZyXEL Device LAN IP) This screen allows users to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is assigned at the factory and consists of six pairs...
User Guide
Page 77
... key out to wireless clients that you had to configure the settings on the AP and then manually configure the exact same settings on the external accounting server and your ZyXEL Device. The re-keying process is the WPA/WPA2 equivalent of the external accounting server in order...network administrator instructs you didn't configure one manually. The key must have OTIST generate a WPA-PSK key for this meant that support OTIST and are within transmission range. Apply Click Apply to save your network administrator instructs you to the ZyXEL Device. You can also choose to ...
... key out to wireless clients that you had to configure the settings on the AP and then manually configure the exact same settings on the external accounting server and your ZyXEL Device. The re-keying process is the WPA/WPA2 equivalent of the external accounting server in order...network administrator instructs you didn't configure one manually. The key must have OTIST generate a WPA-PSK key for this meant that support OTIST and are within transmission range. Apply Click Apply to save your network administrator instructs you to the ZyXEL Device. You can also choose to ...
User Guide
Page 80
... wireless client(s) Adapter screen all be within range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for an OTIST-enabled AP. 80 Chapter 4 Wireless LAN Click Yes for it can use the key in Progress (Client) • In the wireless client...
... wireless client(s) Adapter screen all be within range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for an OTIST-enabled AP. 80 Chapter 4 Wireless LAN Click Yes for it can use the key in Progress (Client) • In the wireless client...
User Guide
Page 81
...and ALL wireless clients again. 4.5 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to generate a...AP for up to configure this key changes each time you run OTIST again or enter them manually in the OTIST button (for about two seconds) for the AP to transfer settings. 4 If... client joins your ZyXEL Device's MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. You need to run OTIST on the AP after using OTIST, you manually have the wireless client...
...and ALL wireless clients again. 4.5 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to generate a...AP for up to configure this key changes each time you run OTIST again or enter them manually in the OTIST button (for about two seconds) for the AP to transfer settings. 4 If... client joins your ZyXEL Device's MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. You need to run OTIST on the AP after using OTIST, you manually have the wireless client...
User Guide
Page 88
...peer computer. Before you connect to the access point, you how to join a wireless network using the Site Survey screen. 1 Open the ZyXEL utility and click the Site Survey tab to open the screen shown next. 2 The wireless client automatically searches for WPA-PSK security and ...the steps below to connect to a network using the ZyXEL utility, as in the Available Network List, that has no wireless network available within range. The wireless client is labeled C and the access point is no wireless security configured. • Manually connect to a network. • Configure a profile...
...peer computer. Before you connect to the access point, you how to join a wireless network using the Site Survey screen. 1 Open the ZyXEL utility and click the Site Survey tab to open the screen shown next. 2 The wireless client automatically searches for WPA-PSK security and ...the steps below to connect to a network using the ZyXEL utility, as in the Available Network List, that has no wireless network available within range. The wireless client is labeled C and the access point is no wireless security configured. • Manually connect to a network. • Configure a profile...
User Guide
Page 91
Figure 55 ZyXEL Utility: Add New Profile 3 Give the profile a descriptive name (of up to 32 printable ASCII characters). Select Infrastructure and either manually enter or select the AP's SSID in the Scan Info table and click Select. 4 Choose the same encryption method as the AP to which you ...want to search again. Enter the pre-shared key and leave the encryption type at the default setting. Figure 56 ZyXEL Utility: Profile...
Figure 55 ZyXEL Utility: Add New Profile 3 Give the profile a descriptive name (of up to 32 printable ASCII characters). Select Infrastructure and either manually enter or select the AP's SSID in the Scan Info table and click Select. 4 Choose the same encryption method as the AP to which you ...want to search again. Enter the pre-shared key and leave the encryption type at the default setting. Figure 56 ZyXEL Utility: Profile...
User Guide
Page 97
...the service provider to let you a fixed IP address. IP Subnet Mask Enter the IP Subnet Mask in this screen afresh. 6.3.2 PPPoE Encapsulation The ZyXEL Device supports PPPoE (Point-to the right displays the (read-only) DNS server IP address that works with a broadband modem (DSL, cable, ...RFC 2516) specifying how a personal computer (PC) interacts with existing access control systems (for example Radius). IP Address Enter your LAN or manually entering a MAC address. DNS Servers First DNS Server Second DNS Server Third DNS Server Select From ISP if your changes back to access it...
...the service provider to let you a fixed IP address. IP Subnet Mask Enter the IP Subnet Mask in this screen afresh. 6.3.2 PPPoE Encapsulation The ZyXEL Device supports PPPoE (Point-to the right displays the (read-only) DNS server IP address that works with a broadband modem (DSL, cable, ...RFC 2516) specifying how a personal computer (PC) interacts with existing access control systems (for example Radius). IP Address Enter your LAN or manually entering a MAC address. DNS Servers First DNS Server Second DNS Server Third DNS Server Select From ISP if your changes back to access it...
User Guide
Page 100
...WAN MAC Address Select this screen afresh. 6.3.3 PPTP Encapsulation Point-to use the factory assigned default MAC Address. PPTP supports on your LAN or manually entering a MAC address. The screen shown next is successfully configured, the address will not change the setting or upload a different ROM file...., such as the Internet. WAN MAC Address The MAC address section allows users to configure the WAN port's MAC address by using the ZyXEL Device's MAC address, copying the MAC address from a remote client to the rom file (ZyNOS configuration file). The field to the right...
...WAN MAC Address Select this screen afresh. 6.3.3 PPTP Encapsulation Point-to use the factory assigned default MAC Address. PPTP supports on your LAN or manually entering a MAC address. The screen shown next is successfully configured, the address will not change the setting or upload a different ROM file...., such as the Internet. WAN MAC Address The MAC address section allows users to configure the WAN port's MAC address by using the ZyXEL Device's MAC address, copying the MAC address from a remote client to the rom file (ZyNOS configuration file). The field to the right...
User Guide
Page 103
...MAC Address. Once it . It will not change unless you have the IP address of a DNS server. Click Apply to save your LAN or manually entering a MAC address. P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS Server Third DNS Server WAN...MAC Address Factory default Clone the computer's MAC address Set WAN MAC Address Apply Reset DESCRIPTION This parameter determines if the ZyXEL Device will include the route to the ZyXEL Device. If you must know the IP address of the computer on your changes back to this remote node in ...
...MAC Address. Once it . It will not change unless you have the IP address of a DNS server. Click Apply to save your LAN or manually entering a MAC address. P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS Server Third DNS Server WAN...MAC Address Factory default Clone the computer's MAC address Set WAN MAC Address Apply Reset DESCRIPTION This parameter determines if the ZyXEL Device will include the route to the ZyXEL Device. If you must know the IP address of the computer on your changes back to this remote node in ...
User Guide
Page 111
You can configure the ZyXEL Device as a DHCP server or disable it to do otherwise. Leave the Enable DHCP Server check box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computers must be manually configured. Clear it . P-334U/P-335U User..., you must have another DHCP server on your LAN, or else the computer must be manually configured. 8.2 DHCP Server General Screen Click Network > DHCP Server. When set as a server, the ZyXEL Device provides TCP/IP configuration for the clients. This field specifies the size, or count ...
You can configure the ZyXEL Device as a DHCP server or disable it to do otherwise. Leave the Enable DHCP Server check box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computers must be manually configured. Clear it . P-334U/P-335U User..., you must have another DHCP server on your LAN, or else the computer must be manually configured. 8.2 DHCP Server General Screen Click Network > DHCP Server. When set as a server, the ZyXEL Device provides TCP/IP configuration for the clients. This field specifies the size, or count ...
User Guide
Page 113
... if you do not configure a DNS server, you must have their DNS server addresses manually configured. DNS Servers Assigned by clicking the DHCP Table (Details...) hyperlink in this information to the ZyXEL Device. First DNS Server Select From ISP if your changes back to the LAN DHCP ...screen) and relays the response back to the right. When a computer on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in the field to the computer. Table 39 DHCP Server Advanced LABEL DESCRIPTION # This ...
... if you do not configure a DNS server, you must have their DNS server addresses manually configured. DNS Servers Assigned by clicking the DHCP Table (Details...) hyperlink in this information to the ZyXEL Device. First DNS Server Select From ISP if your changes back to the LAN DHCP ...screen) and relays the response back to the right. When a computer on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in the field to the computer. Table 39 DHCP Server Advanced LABEL DESCRIPTION # This ...
User Guide
Page 120
Trigger port forwarding solves this problem by allowing computers on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with a specific port number and protocol (a "trigger" port). The problem is that service closes, another...do not need to configure a new IP address each time you set a forwarding port in NAT to forward a service (coming in the same manner. The ZyXEL Device records the IP address of a LAN computer that sent the request. P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942...
Trigger port forwarding solves this problem by allowing computers on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with a specific port number and protocol (a "trigger" port). The problem is that service closes, another...do not need to configure a new IP address each time you set a forwarding port in NAT to forward a service (coming in the same manner. The ZyXEL Device records the IP address of a LAN computer that sent the request. P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942...
User Guide
Page 150
... remote IPSec router can initiate the VPN. IPSec Keying Mode Select IKE or Manual from the drop-down list box. You can configure multiple SAs between rules. In order to the IPSec router behind your ZyXEL Device. If you have problems using Transport or Tunnel mode, but not both... field and the LAN's full IP address range as only one active rule with manual key management. Note: The remote IPSec router must be static and correspond to 0.0.0.0, the ranges of local addresses. The ZyXEL Device assigns this additional DNS server to the remote IPSec router's configured remote IP...
... remote IPSec router can initiate the VPN. IPSec Keying Mode Select IKE or Manual from the drop-down list box. You can configure multiple SAs between rules. In order to the IPSec router behind your ZyXEL Device. If you have problems using Transport or Tunnel mode, but not both... field and the LAN's full IP address range as only one active rule with manual key management. Note: The remote IPSec router must be static and correspond to 0.0.0.0, the ranges of local addresses. The ZyXEL Device assigns this additional DNS server to the remote IPSec router's configured remote IP...