User Guide
Page 3
... of the application or use of others. P-334U/P-335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. Other trademarks mentioned in any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without notice. All rights reserved. Trademarks ZyNOS (ZyXEL Network Operating System) is subject to make changes...
... of the application or use of others. P-334U/P-335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. Other trademarks mentioned in any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without notice. All rights reserved. Trademarks ZyNOS (ZyXEL Network Operating System) is subject to make changes...
User Guide
Page 15
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
User Guide
Page 21
P-334U/P-335U User's Guide Figure 80 Content Filter: Filter 134 Figure 81 Content Filter: Schedule 135 Figure 82 VPN: Example ...139 Figure 83 VPN: IKE SA and ... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
P-334U/P-335U User's Guide Figure 80 Content Filter: Filter 134 Figure 81 Content Filter: Schedule 135 Figure 82 VPN: Example ...139 Figure 83 VPN: IKE SA and ... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
User Guide
Page 26
P-334U/P-335U User's Guide Table 37 Advanced LAN ...108 Table 38 DHCP Server General 111 Table 39 DHCP Server Advanced 113 Table 40 Client List ...114 Table ... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
P-334U/P-335U User's Guide Table 37 Advanced LAN ...108 Table 38 DHCP Server General 111 Table 39 DHCP Server Advanced 113 Table 40 Client List ...114 Table ... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
User Guide
Page 29
...the configuration of your purchase of the P-334U or P-335U 802.11a/g Wireless Router. Preface 29 This manual is designed to help you ! They contain connection information and instructions on your P-334U or P-335U for its various applications. User Guide Feedback Help us ...words". For example, "In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your ZyXEL Device. P-334U/P-335U User's Guide Preface Congratulations on getting started. • Web Configurator Online Help Embedded web help for descriptions of individual screens and ...
...the configuration of your purchase of the P-334U or P-335U 802.11a/g Wireless Router. Preface 29 This manual is designed to help you ! They contain connection information and instructions on your P-334U or P-335U for its various applications. User Guide Feedback Help us ...words". For example, "In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your ZyXEL Device. P-334U/P-335U User's Guide Preface Congratulations on getting started. • Web Configurator Online Help Embedded web help for descriptions of individual screens and ...
User Guide
Page 35
...On Amber Blinking On OTIST None Green Blinking Off Blinking On USB (P-335U only) None Green Off Off On Blinking DESCRIPTION The ZyXEL Device is sending/receiving data. The ZyXEL Device is receiving power and functioning properly. The ZyXEL Device is not ready, or has failed. The WAN connection is... security settings are given to a wireless client. The ZyXEL Device is successful. OTIST is in IEEE 802.11a wireless LAN mode, but is sending/receiving data. The LED remains on unless the WLAN settings are manually configured after OTIST is sending/receiving data through the IEEE...
...On Amber Blinking On OTIST None Green Blinking Off Blinking On USB (P-335U only) None Green Off Off On Blinking DESCRIPTION The ZyXEL Device is sending/receiving data. The ZyXEL Device is receiving power and functioning properly. The ZyXEL Device is not ready, or has failed. The WAN connection is... security settings are given to a wireless client. The ZyXEL Device is successful. OTIST is in IEEE 802.11a wireless LAN mode, but is sending/receiving data. The LED remains on unless the WLAN settings are manually configured after OTIST is sending/receiving data through the IEEE...
User Guide
Page 44
... Summary: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually configured. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. The DHCP table shows current DHCP client information (including IP Address, Host ...Name and MAC Address) of the host computer. When configured as a DHCP server or disable it. P-334U/P-335U User's Guide Figure 9 Summary: BW ...
... Summary: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually configured. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. The DHCP table shows current DHCP client information (including IP Address, Host ...Name and MAC Address) of the host computer. When configured as a DHCP server or disable it. P-334U/P-335U User's Guide Figure 9 Summary: BW ...
User Guide
Page 63
...users to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is advisable to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not ...presently require MAC address authentication. If you do not configure a system DNS server, you change the setting or upload a different "rom" file. It will be copied to the previous screen. P-334U/P-335U User's...
...users to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is advisable to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not ...presently require MAC address authentication. If you do not configure a system DNS server, you change the setting or upload a different "rom" file. It will be copied to the previous screen. P-334U/P-335U User's...
User Guide
Page 77
... AP's SSID and WEP or WPA-PSK security settings to configure the settings on the AP and then manually configure the exact same settings on the external authentication server and your ZyXEL Device. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer...
... AP's SSID and WEP or WPA-PSK security settings to configure the settings on the AP and then manually configure the exact same settings on the external authentication server and your ZyXEL Device. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer...
User Guide
Page 80
... complete. After reviewing the settings, click OK. You can use the key in this screen each time you the security settings to the ZyXEL utility main screen. P-334U/P-335U User's Guide 4.4.2 Starting OTIST Note: You must all within range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP...
... complete. After reviewing the settings, click OK. You can use the key in this screen each time you the security settings to the ZyXEL utility main screen. P-334U/P-335U User's Guide 4.4.2 Starting OTIST Note: You must all within range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP...
User Guide
Page 81
... 81 You need to run OTIST again or enter them manually in the OTIST button (for about two seconds) for up to configure this key changes each time you run OTIST on the AP after using OTIST, you to configure the ZyXEL Device to give exclusive access to up to 32 devices... an OTIST-enabled AP, there is assigned at the factory and consists of six pairs of the devices to 32 devices from accessing the ZyXEL Device (Deny). P-334U/P-335U User's Guide 2 If an OTIST-enabled wireless client loses its wireless connection for more than ten seconds, it will search for an OTIST...
... 81 You need to run OTIST again or enter them manually in the OTIST button (for about two seconds) for up to configure this key changes each time you run OTIST on the AP after using OTIST, you to configure the ZyXEL Device to give exclusive access to up to 32 devices... an OTIST-enabled AP, there is assigned at the factory and consists of six pairs of the devices to 32 devices from accessing the ZyXEL Device (Deny). P-334U/P-335U User's Guide 2 If an OTIST-enabled wireless client loses its wireless connection for more than ten seconds, it will search for an OTIST...
User Guide
Page 88
... closer to an access point (AP) which is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to the Internet. P-334U/P-335U User's Guide 5.3.1 Connecting to a Wireless LAN The following sections show you how to...that means there is configured for available wireless networks. After you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect to a network using the ZyXEL utility, as in the Available Network List, that has no wireless network available...
... closer to an access point (AP) which is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to the Internet. P-334U/P-335U User's Guide 5.3.1 Connecting to a Wireless LAN The following sections show you how to...that means there is configured for available wireless networks. After you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect to a network using the ZyXEL utility, as in the Available Network List, that has no wireless network available...
User Guide
Page 91
... name (of up to search again. Figure 57 ZyXEL Utility: Profile Encryption Chapter 5 Wireless Tutorial 91 P-334U/P-335U User's Guide you want to connect (In this example, WPA-PSK). Figure 56 ZyXEL Utility: Profile Security 5 This screen varies depending on... the encryption method you want to 32 printable ASCII characters). Enter the pre-shared key and leave the encryption type at the default setting. Select Infrastructure and either manually...
... name (of up to search again. Figure 57 ZyXEL Utility: Profile Encryption Chapter 5 Wireless Tutorial 91 P-334U/P-335U User's Guide you want to connect (In this example, WPA-PSK). Figure 56 ZyXEL Utility: Profile Security 5 This screen varies depending on... the encryption method you want to 32 printable ASCII characters). Enter the pre-shared key and leave the encryption type at the default setting. Select Infrastructure and either manually...
User Guide
Page 97
... personal computer (PC) interacts with existing access control systems (for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. P-334U/P-335U User's Guide Table 31 Ethernet Encapsulation LABEL DESCRIPTION Get automatically Select this field. Select None if you...your ISP gave you a fixed IP address. Chapter 6 WAN 97 Gateway IP Address Enter a Gateway IP Address (if your LAN or manually entering a MAC address. The field to None after you do not configure a DNS server, you selected Use Fixed IP Address. If ...
... personal computer (PC) interacts with existing access control systems (for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. P-334U/P-335U User's Guide Table 31 Ethernet Encapsulation LABEL DESCRIPTION Get automatically Select this field. Select None if you...your ISP gave you a fixed IP address. Chapter 6 WAN 97 Gateway IP Address Enter a Gateway IP Address (if your LAN or manually entering a MAC address. The field to None after you do not configure a DNS server, you selected Use Fixed IP Address. If ...
User Guide
Page 100
...click Apply. IP Address and enter the IP address of the computer on your LAN or manually entering a MAC address. Reset Click Reset to begin configuring this option and enter the ... multi-protocol and virtual private networking over public networks, such as the Internet. P-334U/P-335U User's Guide Table 32 PPPoE Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server Third ...of data from a remote client to a private server, creating a Virtual Private Network (VPN) using the ZyXEL Device's MAC address, copying the MAC address from a computer on the LAN whose MAC you must know...
...click Apply. IP Address and enter the IP address of the computer on your LAN or manually entering a MAC address. Reset Click Reset to begin configuring this option and enter the ... multi-protocol and virtual private networking over public networks, such as the Internet. P-334U/P-335U User's Guide Table 32 PPPoE Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server Third ...of data from a remote client to a private server, creating a Virtual Private Network (VPN) using the ZyXEL Device's MAC address, copying the MAC address from a computer on the LAN whose MAC you must know...
User Guide
Page 103
... will include the route to this route is successfully configured, the address will not change your LAN or manually entering a MAC address. Select From ISP if your changes back to the ZyXEL Device. If you set a second choice to User-Defined, and enter the same IP address, the .... Select this screen afresh. 6.4 Advanced WAN Screen To change unless you want to other hosts through RIP broadcasts. Chapter 6 WAN 103 P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS Server Third DNS Server WAN MAC Address Factory default Clone...
... will include the route to this route is successfully configured, the address will not change your LAN or manually entering a MAC address. Select From ISP if your changes back to the ZyXEL Device. If you set a second choice to User-Defined, and enter the same IP address, the .... Select this screen afresh. 6.4 Advanced WAN Screen To change unless you want to other hosts through RIP broadcasts. Chapter 6 WAN 103 P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS Server Third DNS Server WAN MAC Address Factory default Clone...
User Guide
Page 111
...configured as a DHCP server. When configured as a server, fill in the following screen displays. P-334U/P-335U User's Guide CHAPTER 8 DHCP Server 8.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC... the Enable DHCP Server check box selected unless your LAN, or else the computers must be manually configured. 8.2 DHCP Server General Screen Click Network > DHCP Server. If not, DHCP service...field specifies the first of the IP address pool. When set as a server, the ZyXEL Device provides TCP/IP configuration for the clients. If DHCP service is disabled and you must...
...configured as a DHCP server. When configured as a server, fill in the following screen displays. P-334U/P-335U User's Guide CHAPTER 8 DHCP Server 8.1 DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC... the Enable DHCP Server check box selected unless your LAN, or else the computers must be manually configured. 8.2 DHCP Server General Screen Click Network > DHCP Server. If not, DHCP service...field specifies the first of the IP address pool. When set as a server, the ZyXEL Device provides TCP/IP configuration for the clients. If DHCP service is disabled and you must...
User Guide
Page 113
...Address) of a computer on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in the field to have their DNS server addresses manually configured. When a computer on your LAN. If you do not want ... LAN DHCP clients when you select the Enable DHCP Server check box. P-334U/P-335U User's Guide The following screen displays. MAC Address Type the MAC address (with colons) of all network clients using the ZyXEL Device's DHCP server. Configure this information to a MAC address (and host name...
...Address) of a computer on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in the field to have their DNS server addresses manually configured. When a computer on your LAN. If you do not want ... LAN DHCP clients when you select the Enable DHCP Server check box. P-334U/P-335U User's Guide The following screen displays. MAC Address Type the MAC address (with colons) of all network clients using the ZyXEL Device's DHCP server. Configure this information to a MAC address (and host name...
User Guide
Page 120
The ZyXEL Device records the IP address of a LAN computer that service closes, another LAN computer's IP address. P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900 2;name=Call of Duty;port...different LAN computer to a single LAN IP address. When the ZyXEL Device's WAN port receives a response with a specific port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic to the LAN IP address of a computer on the LAN to manually replace the LAN computer's IP address in the same manner....
The ZyXEL Device records the IP address of a LAN computer that service closes, another LAN computer's IP address. P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900 2;name=Call of Duty;port...different LAN computer to a single LAN IP address. When the ZyXEL Device's WAN port receives a response with a specific port number and protocol ("incoming" port), the ZyXEL Device forwards the traffic to the LAN IP address of a computer on the LAN to manually replace the LAN computer's IP address in the same manner....
User Guide
Page 150
...same local and remote IP addresses, as long as only one is active at any time. You can use NAT traversal with manual key management. Manual is active at any other computers and servers on the VPN to the remote IPSec router's configured remote IP addresses. If ... computers on the LAN behind the NAT router. P-334U/P-335U User's Guide Table 52 Security > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this case only the remote IPSec router can initiate the VPN. The ZyXEL Device assigns this additional DNS server to 0.0.0.0. When the ...
...same local and remote IP addresses, as long as only one is active at any time. You can use NAT traversal with manual key management. Manual is active at any other computers and servers on the VPN to the remote IPSec router's configured remote IP addresses. If ... computers on the LAN behind the NAT router. P-334U/P-335U User's Guide Table 52 Security > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this case only the remote IPSec router can initiate the VPN. The ZyXEL Device assigns this additional DNS server to 0.0.0.0. When the ...