User Guide
Page 3
..., or transmitted in any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of others. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any license under...any products described herein without notice. Copyright 3 All rights reserved. Published by ZyXEL Communications Corporation. P-334U/P-335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication are used for identification purposes only...
..., or transmitted in any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of others. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any license under...any products described herein without notice. Copyright 3 All rights reserved. Published by ZyXEL Communications Corporation. P-334U/P-335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication are used for identification purposes only...
User Guide
Page 15
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
User Guide
Page 21
P-334U/P-335U User's Guide Figure 80 Content Filter: Filter 134 Figure 81 Content Filter: Schedule 135 Figure 82 VPN: Example ...139 Figure 83 VPN: IKE SA and ... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
P-334U/P-335U User's Guide Figure 80 Content Filter: Filter 134 Figure 81 Content Filter: Schedule 135 Figure 82 VPN: Example ...139 Figure 83 VPN: IKE SA and ... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
User Guide
Page 26
P-334U/P-335U User's Guide Table 37 Advanced LAN ...108 Table 38 DHCP Server General 111 Table 39 DHCP Server Advanced 113 Table 40 Client List ...114 Table ... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
P-334U/P-335U User's Guide Table 37 Advanced LAN ...108 Table 38 DHCP Server General 111 Table 39 DHCP Server Advanced 113 Table 40 Client List ...114 Table ... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
User Guide
Page 29
..."In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your P-334U or P-335U for support documents. • Quick Start Guide The Quick Start Guide is designed to guide you through the configuration of the P-334U ...configurator or command interpreter interface to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. They contain connection information and instructions on your purchase of your ZyXEL Device. This manual is " or "in other words". "Select" or...
..."In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your P-334U or P-335U for support documents. • Quick Start Guide The Quick Start Guide is designed to guide you through the configuration of the P-334U ...configurator or command interpreter interface to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. They contain connection information and instructions on your purchase of your ZyXEL Device. This manual is " or "in other words". "Select" or...
User Guide
Page 35
...The LED remains on unless the WLAN settings are manually configured after OTIST is not sending/receiving data through the wireless LAN. OTIST is not sending/receiving data through the wireless LAN. Power to the ZyXEL Device is sending/receiving data. The print server ...On Blinking None Off A/G Green On Amber Blinking On OTIST None Green Blinking Off Blinking On USB (P-335U only) None Green Off Off On Blinking DESCRIPTION The ZyXEL Device is sending/receiving data. The WAN connection is not connected. The print server has a successful ...
...The LED remains on unless the WLAN settings are manually configured after OTIST is not sending/receiving data through the wireless LAN. OTIST is not sending/receiving data through the wireless LAN. Power to the ZyXEL Device is sending/receiving data. The print server ...On Blinking None Off A/G Green On Amber Blinking On OTIST None Green Blinking Off Blinking On USB (P-335U only) None Green Off Off On Blinking DESCRIPTION The ZyXEL Device is sending/receiving data. The WAN connection is not connected. The print server has a successful ...
User Guide
Page 44
You can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. The.... This field displays the IP address relative to obtain TCP/IP configuration at start-up from a server. P-334U/P-335U User's Guide Figure 9 Summary: BW MGMT Monitor 2.4.3 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC ... a DHCP server or disable it. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. This field displays the computer host name. 44 Chapter 2 Introducing the Web Configurator Read-...
You can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. The.... This field displays the IP address relative to obtain TCP/IP configuration at start-up from a server. P-334U/P-335U User's Guide Figure 9 Summary: BW MGMT Monitor 2.4.3 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC ... a DHCP server or disable it. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. This field displays the computer host name. 44 Chapter 2 Introducing the Web Configurator Read-...
User Guide
Page 63
... to return to continue. Click Exit to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require MAC...be copied to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is successfully configured, the address will not change unless you must use...consists of six pairs of Network Properties for example, 00:A0:C5:00:00:02. P-334U/P-335U User's Guide Table 18 Wizard Step 3: WAN IP and DNS Server Addresses LABEL First DNS Server ...
... to return to continue. Click Exit to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require MAC...be copied to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is successfully configured, the address will not change unless you must use...consists of six pairs of Network Properties for example, 00:A0:C5:00:00:02. P-334U/P-335U User's Guide Table 18 Wizard Step 3: WAN IP and DNS Server Addresses LABEL First DNS Server ...
User Guide
Page 77
... characters) as the key to be shared between the external authentication server and the ZyXEL Device. The key is 1813. Reset Click Reset to configure the settings on the AP and then manually configure the exact same settings on each wireless client. Chapter 4 Wireless LAN 77 ...4.4 OTIST In a wireless network, the wireless clients must have OTIST generate a WPA-PSK key for an AP and all clients. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer is also supported in WPA-PSK/WPA2...
... characters) as the key to be shared between the external authentication server and the ZyXEL Device. The key is 1813. Reset Click Reset to configure the settings on the AP and then manually configure the exact same settings on each wireless client. Chapter 4 Wireless LAN 77 ...4.4 OTIST In a wireless network, the wireless clients must have OTIST generate a WPA-PSK key for an AP and all clients. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 LABEL DESCRIPTION Group Key Update Timer The Group Key Update Timer is also supported in WPA-PSK/WPA2...
User Guide
Page 80
... up showing you the security settings to transfer. It closes when the transfer is more than one AP to the ZyXEL utility main screen. Figure 42 OTIST in Progress (AP) Figure 43 OTIST in Progress (Client) • In the...OTIST-enabled AP within three minutes (at the time of writing). Click Yes for it can start the utility. P-334U/P-335U User's Guide 4.4.2 Starting OTIST Note: You must all within range, you see a screen asking you see this screen .... 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for an OTIST-enabled AP. 80 Chapter 4 Wireless LAN
... up showing you the security settings to transfer. It closes when the transfer is more than one AP to the ZyXEL utility main screen. Figure 42 OTIST in Progress (AP) Figure 43 OTIST in Progress (Client) • In the...OTIST-enabled AP within three minutes (at the time of writing). Click Yes for it can start the utility. P-334U/P-335U User's Guide 4.4.2 Starting OTIST Note: You must all within range, you see a screen asking you see this screen .... 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for an OTIST-enabled AP. 80 Chapter 4 Wireless LAN
User Guide
Page 81
...ALL wireless clients again. 4.5 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to transfer settings. 4 If you manually have the wireless client search for example, 00:A0:C5:00:00:02. Chapter 4 ...Wireless LAN 81 You need to run OTIST. P-334U/P-335U User's Guide 2 If an OTIST-enabled wireless client loses its wireless connection for...
...ALL wireless clients again. 4.5 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices (Allow) or exclude up to transfer settings. 4 If you manually have the wireless client search for example, 00:A0:C5:00:00:02. Chapter 4 ...Wireless LAN 81 You need to run OTIST. P-334U/P-335U User's Guide 2 If an OTIST-enabled wireless client loses its wireless connection for...
User Guide
Page 88
...is "SSID_Example3" and the pre-shared key is labeled AP. Make sure the AP or peer computer is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to the AP or peer computer. 88 Chapter 5... network using the Site Survey screen. 1 Open the ZyXEL utility and click the Site Survey tab to join a wireless network using the ZyXEL utility, as in the Available Network List, that has no wireless network available within range. P-334U/P-335U User's Guide 5.3.1 Connecting to a Wireless LAN The ...
...is "SSID_Example3" and the pre-shared key is labeled AP. Make sure the AP or peer computer is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to the AP or peer computer. 88 Chapter 5... network using the Site Survey screen. 1 Open the ZyXEL utility and click the Site Survey tab to join a wireless network using the ZyXEL utility, as in the Available Network List, that has no wireless network available within range. P-334U/P-335U User's Guide 5.3.1 Connecting to a Wireless LAN The ...
User Guide
Page 91
...encryption method you want to search again. You can also configure your profile for a wireless network that is not in the previous screen. Figure 55 ZyXEL Utility: Add New Profile 3 Give the profile a descriptive name (of up to 32 printable ASCII characters). Enter the pre-shared key and leave ...the encryption type at the default setting. Select Infrastructure and either manually enter or select the AP's SSID in the Scan Info table and click Select. 4 Choose the same encryption method as the AP to which ...
...encryption method you want to search again. You can also configure your profile for a wireless network that is not in the previous screen. Figure 55 ZyXEL Utility: Add New Profile 3 Give the profile a descriptive name (of up to 32 printable ASCII characters). Enter the pre-shared key and leave ...the encryption type at the default setting. Select Infrastructure and either manually enter or select the AP's SSID in the Scan Info table and click Select. 4 Choose the same encryption method as the AP to which ...
User Guide
Page 97
...enter the IP address of a computer in this field if you click Apply. P-334U/P-335U User's Guide Table 31 Ethernet Encapsulation LABEL DESCRIPTION Get automatically Select this option If the... computer (PC) interacts with existing access control systems (for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. Select User-Defined if... field to None after you selected Use Fixed IP Address. IP Address Enter your LAN or manually entering a MAC address. If you want to configure DNS servers. Clone the computer's MAC ...
...enter the IP address of a computer in this field if you click Apply. P-334U/P-335U User's Guide Table 31 Ethernet Encapsulation LABEL DESCRIPTION Get automatically Select this option If the... computer (PC) interacts with existing access control systems (for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. Select User-Defined if... field to None after you selected Use Fixed IP Address. IP Address Enter your LAN or manually entering a MAC address. If you want to configure DNS servers. Clone the computer's MAC ...
User Guide
Page 100
...6.3.3 PPTP Encapsulation Point-to configure DNS servers. Reset Click Reset to use . PPTP supports on your LAN or manually entering a MAC address. P-334U/P-335U User's Guide Table 32 PPPoE Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From ISP ... click Apply. WAN MAC Address The MAC address section allows users to a private server, creating a Virtual Private Network (VPN) using the ZyXEL Device's MAC address, copying the MAC address from a computer on -demand, multi-protocol and virtual private networking over public networks, such as...
...6.3.3 PPTP Encapsulation Point-to configure DNS servers. Reset Click Reset to use . PPTP supports on your LAN or manually entering a MAC address. P-334U/P-335U User's Guide Table 32 PPPoE Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From ISP ... click Apply. WAN MAC Address The MAC address section allows users to a private server, creating a Virtual Private Network (VPN) using the ZyXEL Device's MAC address, copying the MAC address from a computer on -demand, multi-protocol and virtual private networking over public networks, such as...
User Guide
Page 103
... the IP address of the computer on your changes back to save your LAN or manually entering a MAC address. If set to 0.0.0.0, User-Defined changes to None after you are cloning. Select From ISP if your ZyXEL Device's advanced WAN settings, click Network > WAN > Advanced. Select User-Defined if ... the MAC address you do not configure a DNS server, you change unless you must know the IP address of a DNS server. P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS Server Third DNS Server WAN MAC Address Factory default Clone...
... the IP address of the computer on your changes back to save your LAN or manually entering a MAC address. If set to 0.0.0.0, User-Defined changes to None after you are cloning. Select From ISP if your ZyXEL Device's advanced WAN settings, click Network > WAN > Advanced. Select User-Defined if ... the MAC address you do not configure a DNS server, you change unless you must know the IP address of a DNS server. P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS Server Third DNS Server WAN MAC Address Factory default Clone...
User Guide
Page 111
...box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computers must be manually configured. When set as a server, the ZyXEL Device provides TCP/IP configuration for the clients. This field specifies the first of the IP address pool. This field... specifies the size, or count of the contiguous addresses in the IP address pool. P-334U/P-335U User's Guide CHAPTER 8 DHCP Server 8.1 DHCP ...
...box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computers must be manually configured. When set as a server, the ZyXEL Device provides TCP/IP configuration for the clients. This field specifies the first of the IP address pool. This field... specifies the size, or count of the contiguous addresses in the IP address pool. P-334U/P-335U User's Guide CHAPTER 8 DHCP Server 8.1 DHCP ...
User Guide
Page 113
...> DHCP Server > Client List. Select User-Defined if you click Apply. The ZyXEL Device's LAN IP address displays in this information to None after you select the Enable DHCP Server check box. P-334U/P-335U User's Guide The following screen displays. If you set to 0.0.0.0, User-Defined changes...have another DHCP sever on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in order to have their DNS server addresses manually configured. Select None if you select DNS Relay for one of a ...
...> DHCP Server > Client List. Select User-Defined if you click Apply. The ZyXEL Device's LAN IP address displays in this information to None after you select the Enable DHCP Server check box. P-334U/P-335U User's Guide The following screen displays. If you set to 0.0.0.0, User-Defined changes...have another DHCP sever on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in order to have their DNS server addresses manually configured. Select None if you select DNS Relay for one of a ...
User Guide
Page 120
...the server side. In order to use the application. 120 Chapter 9 Network Address Translation (NAT) The ZyXEL Device records the IP address of a LAN computer that sends traffic to the WAN to the LAN ... server on the WAN) to the IP address of a computer on the client side (LAN). P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900...the same manner. After that port forwarding only forwards a service to manually replace the LAN computer's IP address in the forwarding port with a specific port number and protocol (a "...
...the server side. In order to use the application. 120 Chapter 9 Network Address Translation (NAT) The ZyXEL Device records the IP address of a LAN computer that sends traffic to the WAN to the LAN ... server on the WAN) to the IP address of a computer on the client side (LAN). P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000-23009,27900,28900...the same manner. After that port forwarding only forwards a service to manually replace the LAN computer's IP address in the forwarding port with a specific port number and protocol (a "...
User Guide
Page 150
...'s range of the local IP addresses cannot overlap between the two IPSec routers. IPSec Keying Mode Select IKE or Manual from the drop-down list box. The ZyXEL Device assigns this check box to enable NAT traversal. Local Address End /Mask When the local IP address is ...configured to 0.0.0.0. P-334U/P-335U User's Guide Table 52 Security > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this additional DNS server to the ZyXEL Device's DHCP clients that services the VPN, type its IP address here. ...
...'s range of the local IP addresses cannot overlap between the two IPSec routers. IPSec Keying Mode Select IKE or Manual from the drop-down list box. The ZyXEL Device assigns this check box to enable NAT traversal. Local Address End /Mask When the local IP address is ...configured to 0.0.0.0. P-334U/P-335U User's Guide Table 52 Security > VPN > Rule Setup: IKE (Basic) (continued) LABEL DESCRIPTION NAT Traversal Select this additional DNS server to the ZyXEL Device's DHCP clients that services the VPN, type its IP address here. ...