User Guide
Page 11
... Broadband Internet Access via Cable or DSL Modem 31 1.2.2 Wireless LAN Application 32 1.2.3 Print Server and Router Combined Application (P-335U Only 33 1.2.4 VPN Application (P-335U Only 33 1.3 Ways to Manage the ZyXEL Device 33 1.4 Good Habits for Managing Your ZyXEL Device 34 1.4.1 Front Panel LEDs 34 Chapter 2 Introducing the Web Configurator 37 2.1 Web Configurator Overview...
... Broadband Internet Access via Cable or DSL Modem 31 1.2.2 Wireless LAN Application 32 1.2.3 Print Server and Router Combined Application (P-335U Only 33 1.2.4 VPN Application (P-335U Only 33 1.3 Ways to Manage the ZyXEL Device 33 1.4 Good Habits for Managing Your ZyXEL Device 34 1.4.1 Front Panel LEDs 34 Chapter 2 Introducing the Web Configurator 37 2.1 Web Configurator Overview...
User Guide
Page 15
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13.1.2.3 Authentication 141 13...
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13.1.2.3 Authentication 141 13...
User Guide
Page 29
...additional support documentation. "Select" or "Choose" means for an online glossary of your ZyXEL Device. About This User's Guide This User's Guide is designed to configure your P-334U or P-335U for support documents. • Quick Start Guide The Quick Start Guide is " or ...all features can be configured through the configuration of the P-334U or P-335U 802.11a/g Wireless Router. For example, "In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your ZyXEL Device using a right angle bracket ( > ). Related Documentation •...
...additional support documentation. "Select" or "Choose" means for an online glossary of your ZyXEL Device. About This User's Guide This User's Guide is designed to configure your P-334U or P-335U for support documents. • Quick Start Guide The Quick Start Guide is " or ...all features can be configured through the configuration of the P-334U or P-335U 802.11a/g Wireless Router. For example, "In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your ZyXEL Device using a right angle bracket ( > ). Related Documentation •...
User Guide
Page 30
Graphics Icons Key ZyXEL Device Computer Notebook computer Server DSLAM Firewall Modem Switch Wireless Signal Router 30 Preface P-334U/P-335U User's Guide • The P-334U or P-335U series may be referred to as the "ZyXEL Device" in this User's Guide.
Graphics Icons Key ZyXEL Device Computer Notebook computer Server DSLAM Firewall Modem Switch Wireless Signal Router 30 Preface P-334U/P-335U User's Guide • The P-334U or P-335U series may be referred to as the "ZyXEL Device" in this User's Guide.
User Guide
Page 31
... wired network behind it. See Appendix A on page 245 for a complete list of features. 1.2 Applications for the ZyXEL Device Here are some examples of the ZyXEL Device. 1.1 ZyXEL Device Overview The P-334U or P-335U is the ideal secure wireless firewall router for example). Chapter 1 Getting to a USB v1.1 compliant printer and can do with your...
... wired network behind it. See Appendix A on page 245 for a complete list of features. 1.2 Applications for the ZyXEL Device Here are some examples of the ZyXEL Device. 1.1 ZyXEL Device Overview The P-334U or P-335U is the ideal secure wireless firewall router for example). Chapter 1 Getting to a USB v1.1 compliant printer and can do with your...
User Guide
Page 33
.... Chapter 1 Getting to share a printer. P-334U/P-335U User's Guide 1.2.3 Print Server and Router Combined Application (P-335U Only) The P-335U's built-in print server allows your printer to configure many devices of the ZyXEL Device using the P-335U as a router and print server. Figure 3 Print Server Application 1.2.4 VPN Application (P-335U Only) The P-335U VPN is a text configuration file that allows...
.... Chapter 1 Getting to share a printer. P-334U/P-335U User's Guide 1.2.3 Print Server and Router Combined Application (P-335U Only) The P-335U's built-in print server allows your printer to configure many devices of the ZyXEL Device using the P-335U as a router and print server. Figure 3 Print Server Application 1.2.4 VPN Application (P-335U Only) The P-335U VPN is a text configuration file that allows...
User Guide
Page 60
...previous screen. Click Back to return to section 3.4.9. Click Exit to assign a fixed IP address or give the ZyXEL Device an automatically assigned IP address depending on the Internet must have a unique IP address. Select this option if ...168.0.0 - 10.255.255.255 - 172.31.255.255 - 192.168.255.255 60 Chapter 3 Connection Wizard P-334U/P-335U User's Guide 3.4.4 Your IP Address The following wizard screen allows you to close the wizard screen without problems. However, the ... can assign any IP addresses to continue. If your broadband modem or router. This is the default selection.
...previous screen. Click Back to return to section 3.4.9. Click Exit to assign a fixed IP address or give the ZyXEL Device an automatically assigned IP address depending on the Internet must have a unique IP address. Select this option if ...168.0.0 - 10.255.255.255 - 172.31.255.255 - 192.168.255.255 60 Chapter 3 Connection Wizard P-334U/P-335U User's Guide 3.4.4 Your IP Address The following wizard screen allows you to close the wizard screen without problems. However, the ... can assign any IP addresses to continue. If your broadband modem or router. This is the default selection.
User Guide
Page 62
The WAN IP address should be in the order you specify here) to its corresponding IP address and vice versa. P-334U/P-335U User's Guide 1 The ISP tells you the DNS server addresses, usually in the form of a computer before you can access it. If your ISP gives ... LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your DSL/Cable modem or router. Figure 28 Wizard Step 3: WAN IP and DNS Server Addresses The following wizard screen allows you sign up. The ZyXEL Device uses a system DNS server (in the same subnet as your WAN IP address in...
The WAN IP address should be in the order you specify here) to its corresponding IP address and vice versa. P-334U/P-335U User's Guide 1 The ISP tells you the DNS server addresses, usually in the form of a computer before you can access it. If your ISP gives ... LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your DSL/Cable modem or router. Figure 28 Wizard Step 3: WAN IP and DNS Server Addresses The following wizard screen allows you sign up. The ZyXEL Device uses a system DNS server (in the same subnet as your WAN IP address in...
User Guide
Page 77
...sends a new group key out to associate with it. Accounting Server Active Select Yes from the drop down list box to the ZyXEL Device. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer is 1812. Authentication Server...didn't configure one manually. You can also choose to have the same SSID and security settings as the access point (AP) or wireless router (we will refer to reload the previous configuration for an AP and all clients. Shared Secret Enter a password (up to 31 alphanumeric ...
...sends a new group key out to associate with it. Accounting Server Active Select Yes from the drop down list box to the ZyXEL Device. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer is 1812. Authentication Server...didn't configure one manually. You can also choose to have the same SSID and security settings as the access point (AP) or wireless router (we will refer to reload the previous configuration for an AP and all clients. Shared Secret Enter a password (up to 31 alphanumeric ...
User Guide
Page 85
...that supports IEEE 802.11b/g be able to set up an access point and wireless client for wireless communication using the following parameters. P-334U/P-335U User's Guide CHAPTER 5 Wireless Tutorial This chapter gives you examples of how to associate with a wireless network card or USB/PCI adapter is...SSID Channel Security 802.11 mode SSID_Example3 Auto WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) IEEE 802.11b/g An access point (AP) or wireless router is referred to as "AP" and a computer with the AP. 2 Open the Wireless LAN > General screen in the AP's web configurator. We ...
...that supports IEEE 802.11b/g be able to set up an access point and wireless client for wireless communication using the following parameters. P-334U/P-335U User's Guide CHAPTER 5 Wireless Tutorial This chapter gives you examples of how to associate with a wireless network card or USB/PCI adapter is...SSID Channel Security 802.11 mode SSID_Example3 Auto WPA-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) IEEE 802.11b/g An access point (AP) or wireless router is referred to as "AP" and a computer with the AP. 2 Open the Wireless LAN > General screen in the AP's web configurator. We ...
User Guide
Page 99
... modem (i.e. Use Fixed IP Address Select this option If your ISP did not assign you do not need PPPoE software installed, since the router does that part of "1" for directly connected networks. Remote IP Enter the remote IP subnet mask in this route is down. By implementing... "15"; DNS Servers Chapter 6 WAN 99 PPPoE is the from the PPPoE server. P-334U/P-335U User's Guide The following table describes the labels in this route's priority among the routes the ZyXEL Device uses. Idle Timeout This value specifies the time in seconds that you one) in its ...
... modem (i.e. Use Fixed IP Address Select this option If your ISP did not assign you do not need PPPoE software installed, since the router does that part of "1" for directly connected networks. Remote IP Enter the remote IP subnet mask in this route is down. By implementing... "15"; DNS Servers Chapter 6 WAN 99 PPPoE is the from the PPPoE server. P-334U/P-335U User's Guide The following table describes the labels in this route's priority among the routes the ZyXEL Device uses. Idle Timeout This value specifies the time in seconds that you one) in its ...
User Guide
Page 102
...335U User's Guide The following table describes the labels in seconds that elapses before the ZyXEL Device automatically disconnects from the PPTP server. User Name Type the user name given to make sure that you have entered is correctly. Use Fixed IP Address Select this route's priority among the routes the ZyXEL... metric represents the "cost of data from a remote client to -Point Tunneling Protocol (PPTP) is the ISP default selection. A router determines the best route for a PPTP connection. The number must configure the User Name and Password fields for a PPP connection and ...
...335U User's Guide The following table describes the labels in seconds that elapses before the ZyXEL Device automatically disconnects from the PPTP server. User Name Type the user name given to make sure that you have entered is correctly. Use Fixed IP Address Select this route's priority among the routes the ZyXEL... metric represents the "cost of data from a remote client to -Point Tunneling Protocol (PPTP) is the ISP default selection. A router determines the best route for a PPTP connection. The number must configure the User Name and Password fields for a PPP connection and ...
User Guide
Page 106
P-334U/P-335U User's Guide 7.2.2 IP Address and Subnet Mask Refer to the...(IGMPv2). After that, the ZyXEL Device periodically updates this information. 7.2.3 Multicast Traditionally, IP packets are transmitted in the web configurator (LAN; Figure 65 LAN IP 106 Chapter 7 LAN If you would like to the multicast routers group. The class D IP... 1 is used for this information. The address 224.0.0.1 is used by IP multicast computers. At start up, the ZyXEL Device queries all IP hosts (including gateways). Select None to disable IP multicasting on these interfaces. 7.3 LAN IP Screen...
P-334U/P-335U User's Guide 7.2.2 IP Address and Subnet Mask Refer to the...(IGMPv2). After that, the ZyXEL Device periodically updates this information. 7.2.3 Multicast Traditionally, IP packets are transmitted in the web configurator (LAN; Figure 65 LAN IP 106 Chapter 7 LAN If you would like to the multicast routers group. The class D IP... 1 is used for this information. The address 224.0.0.1 is used by IP multicast computers. At start up, the ZyXEL Device queries all IP hosts (including gateways). Select None to disable IP multicasting on these interfaces. 7.3 LAN IP Screen...
User Guide
Page 128
... 7 Keep the firewall in any way, including attaching a modem to the port. 3 Limit who can access your router. 4 Don't enable any local service (such as SNMP or NTP) that are used to physically separate the network into... gateway for the services at specific interfaces. 6 Protect against misuse. This allows it to the Internet. The ZyXEL Device has one Ethernet WAN port and four Ethernet LAN ports, which needs security from the outside world. Any...to act as e-mail, FTP and the World Wide Web. P-334U/P-335U User's Guide The ZyXEL Device is installed between the Internet and the LAN.
... 7 Keep the firewall in any way, including attaching a modem to the port. 3 Limit who can access your router. 4 Don't enable any local service (such as SNMP or NTP) that are used to physically separate the network into... gateway for the services at specific interfaces. 6 Protect against misuse. This allows it to the Internet. The ZyXEL Device has one Ethernet WAN port and four Ethernet LAN ports, which needs security from the outside world. Any...to act as e-mail, FTP and the World Wide Web. P-334U/P-335U User's Guide The ZyXEL Device is installed between the Internet and the LAN.
User Guide
Page 139
...in two phases. A VPN tunnel is usually established in the ZyXEL Device. Chapter 13 IPSec VPN 139 The first phase establishes an Internet Key Exchange (IKE) SA between the ZyXEL Device and remote IPSec router. P-334U/P-335U User's Guide CHAPTER 13 IPSec VPN This chapter explains how ...to the P-335U. 13.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between ...
...in two phases. A VPN tunnel is usually established in the ZyXEL Device. Chapter 13 IPSec VPN 139 The first phase establishes an Internet Key Exchange (IKE) SA between the ZyXEL Device and remote IPSec router. P-334U/P-335U User's Guide CHAPTER 13 IPSec VPN This chapter explains how ...to the P-335U. 13.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between ...
User Guide
Page 140
...data with a computer in network B. The rest of this section. 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router In the ZyXEL Device, you have to establish an IKE SA. Note: Both routers must use . You can usually provide a static IP address or a domain name for example, ...mode. You can usually provide a static IP address or a domain name for the ZyXEL Device. These modes are two negotiation modes--main mode and aggressive mode. Between routers X and Y, the data is faster. P-334U/P-335U User's Guide Figure 83 VPN: IKE SA and IPSec SA In this case, ...
...data with a computer in network B. The rest of this section. 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router In the ZyXEL Device, you have to establish an IKE SA. Note: Both routers must use . You can usually provide a static IP address or a domain name for example, ...mode. You can usually provide a static IP address or a domain name for the ZyXEL Device. These modes are two negotiation modes--main mode and aggressive mode. Between routers X and Y, the data is faster. P-334U/P-335U User's Guide Figure 83 VPN: IKE SA and IPSec SA In this case, ...
User Guide
Page 141
... verify each other's identity. Each key group is a fixed number of an encryption algorithm, authentication algorithm, and DH key group that the ZyXEL Device and remote IPSec router use in the IKE SA. Chapter 13 IPSec VPN 141 In main mode, this is done in steps 1 and 2, as illustrated below .... The longer the key, the more secure than DH1 keys (768 bits), but also the longer it takes to the remote IPSec router. P-334U/P-335U User's Guide 13.1.2.1 IKE SA Proposal The IKE SA proposal is used to generate encryption keys for information about specific encryption algorithms, authentication ...
... verify each other's identity. Each key group is a fixed number of an encryption algorithm, authentication algorithm, and DH key group that the ZyXEL Device and remote IPSec router use in the IKE SA. Chapter 13 IPSec VPN 141 In main mode, this is done in steps 1 and 2, as illustrated below .... The longer the key, the more secure than DH1 keys (768 bits), but also the longer it takes to the remote IPSec router. P-334U/P-335U User's Guide 13.1.2.1 IKE SA Proposal The IKE SA proposal is used to generate encryption keys for information about specific encryption algorithms, authentication ...
User Guide
Page 142
... pre-shared key. The ID content is only used for the other successfully. Table 49 VPN Example: Matching ID Type and Content ZYXEL DEVICE REMOTE IPSEC ROUTER Local ID type: E-mail Local ID type: IP Local ID content: [email protected] Local ID content: 1.1.1.2 Peer ID type:... in steps 5 and 6, as illustrated below. P-334U/P-335U User's Guide In main mode, the ZyXEL Device and remote IPSec router authenticate each other router in the IKE SA. Note: The ZyXEL Device and the remote IPSec router must match the remote IPSec router's peer and local ID type and ID content, respectively....
... pre-shared key. The ID content is only used for the other successfully. Table 49 VPN Example: Matching ID Type and Content ZYXEL DEVICE REMOTE IPSEC ROUTER Local ID type: E-mail Local ID type: IP Local ID content: [email protected] Local ID content: 1.1.1.2 Peer ID type:... in steps 5 and 6, as illustrated below. P-334U/P-335U User's Guide In main mode, the ZyXEL Device and remote IPSec router authenticate each other router in the IKE SA. Note: The ZyXEL Device and the remote IPSec router must match the remote IPSec router's peer and local ID type and ID content, respectively....
User Guide
Page 143
... much security as main mode because the identity of the ZyXEL Device and the identity of the initiator is another router (A) between router X and router Y. It also finishes the Diffie-Hellman key exchange, authenticates the ZyXEL Device, and sends its proposals to the ZyXEL Device. P-334U/P-335U User's Guide Table 50 VPN Example: Mismatching ID Type and...
... much security as main mode because the identity of the ZyXEL Device and the identity of the initiator is another router (A) between router X and router Y. It also finishes the Diffie-Hellman key exchange, authenticates the ZyXEL Device, and sends its proposals to the ZyXEL Device. P-334U/P-335U User's Guide Table 50 VPN Example: Mismatching ID Type and...
User Guide
Page 144
... to set up NAT traversal. • Enable NAT traversal on the standard(s) the ZyXEL Device and remote IPSec router support. 13.1.3 IPSec SA (IKE Phase 2) Overview Once the ZyXEL Device and remote IPSec router have an IPSec pass-through or if the IPSec protocol is protected by enabling NAT traversal... to try to forward all access attempts (to the local network, the Internet or even the ZyXEL Device) to the IKE SA and IPSec SA packets. P-334U/P-335U User's Guide Most routers like router A now have to do the following things to set a VPN rule's local and remote network settings both to...
... to set up NAT traversal. • Enable NAT traversal on the standard(s) the ZyXEL Device and remote IPSec router support. 13.1.3 IPSec SA (IKE Phase 2) Overview Once the ZyXEL Device and remote IPSec router have an IPSec pass-through or if the IPSec protocol is protected by enabling NAT traversal... to try to forward all access attempts (to the local network, the Internet or even the ZyXEL Device) to the IKE SA and IPSec SA packets. P-334U/P-335U User's Guide Most routers like router A now have to do the following things to set a VPN rule's local and remote network settings both to...