User Guide
Page 3
..., or transmitted in any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of others. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any license under... is a registered trademark of their respective owners. Copyright 3 Published by ZyXEL Communications Corporation. All rights reserved. P-334U/P-335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication are used for identification purposes ...
..., or transmitted in any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of others. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any license under... is a registered trademark of their respective owners. Copyright 3 Published by ZyXEL Communications Corporation. All rights reserved. P-334U/P-335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication are used for identification purposes ...
User Guide
Page 15
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
P-334U/P-335U User's Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
User Guide
Page 21
P-334U/P-335U User's Guide Figure 80 Content Filter: Filter 134 Figure 81 Content Filter: Schedule 135 Figure 82 VPN: Example ...139 Figure 83 VPN: IKE SA and ... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
P-334U/P-335U User's Guide Figure 80 Content Filter: Filter 134 Figure 81 Content Filter: Schedule 135 Figure 82 VPN: Example ...139 Figure 83 VPN: IKE SA and ... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
User Guide
Page 26
P-334U/P-335U User's Guide Table 37 Advanced LAN ...108 Table 38 DHCP Server General 111 Table 39 DHCP Server Advanced 113 Table 40 Client List ...114 Table ... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
P-334U/P-335U User's Guide Table 37 Advanced LAN ...108 Table 38 DHCP Server General 111 Table 39 DHCP Server Advanced 113 Table 40 Client List ...114 Table ... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
User Guide
Page 29
...Start Guide is designed to help you through the configuration of your ZyXEL Device. Note: Use the web configurator or command interpreter interface to configure your ZyXEL Device using a right angle bracket ( > ). P-334U/P-335U User's Guide Preface Congratulations on getting started. • Web ...Enter" means for improvement to techwriters@zyxel.com.tw or send regular mail to Settings and then click Control Panel. • "e.g.," is a shorthand for "for an online glossary of the P-334U or P-335U 802.11a/g Wireless Router. This manual is designed to guide you get up...
...Start Guide is designed to help you through the configuration of your ZyXEL Device. Note: Use the web configurator or command interpreter interface to configure your ZyXEL Device using a right angle bracket ( > ). P-334U/P-335U User's Guide Preface Congratulations on getting started. • Web ...Enter" means for improvement to techwriters@zyxel.com.tw or send regular mail to Settings and then click Control Panel. • "e.g.," is a shorthand for "for an online glossary of the P-334U or P-335U 802.11a/g Wireless Router. This manual is designed to guide you get up...
User Guide
Page 35
...Amber Blinking On OTIST None Green Blinking Off Blinking On USB (P-335U only) None Green Off Off On Blinking DESCRIPTION The ZyXEL Device is not receiving power. The ZyXEL Device is receiving power and functioning properly. The ZyXEL Device is not ready, or has failed. The LED remains ..., but is sending/receiving data through the wireless LAN. P-334U/P-335U User's Guide The following table describes the LEDs. The ZyXEL Device is sending/receiving data. OTIST is not activated or WLAN settings are manually configured after OTIST is sending/receiving data. The print server is ...
...Amber Blinking On OTIST None Green Blinking Off Blinking On USB (P-335U only) None Green Off Off On Blinking DESCRIPTION The ZyXEL Device is not receiving power. The ZyXEL Device is receiving power and functioning properly. The ZyXEL Device is not ready, or has failed. The LED remains ..., but is sending/receiving data through the wireless LAN. P-334U/P-335U User's Guide The following table describes the LEDs. The ZyXEL Device is sending/receiving data. OTIST is not activated or WLAN settings are manually configured after OTIST is sending/receiving data. The print server is ...
User Guide
Page 44
...table describes the labels in the Status screen. This field displays the computer host name. 44 Chapter 2 Introducing the Web Configurator P-334U/P-335U User's Guide Figure 9 Summary: BW MGMT Monitor 2.4.3 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132)...Summary: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually configured. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. Click the DHCP Table (Details...) hyperlink in this screen. Read-only ...
...table describes the labels in the Status screen. This field displays the computer host name. 44 Chapter 2 Introducing the Web Configurator P-334U/P-335U User's Guide Figure 9 Summary: BW MGMT Monitor 2.4.3 Summary: DHCP Table DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132)...Summary: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually configured. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. Click the DHCP Table (Details...) hyperlink in this screen. Read-only ...
User Guide
Page 63
...to continue. Click Back to return to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require...be copied to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. Table 19 Example of hexadecimal characters, for LAN Servers with Fixed IP Addresses...screen. Figure 29 Wizard Step 3: WAN MAC Address Chapter 3 Connection Wizard 63 P-334U/P-335U User's Guide Table 18 Wizard Step 3: WAN IP and DNS Server Addresses LABEL First DNS...
...to continue. Click Back to return to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require...be copied to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. Table 19 Example of hexadecimal characters, for LAN Servers with Fixed IP Addresses...screen. Figure 29 Wizard Step 3: WAN MAC Address Chapter 3 Connection Wizard 63 P-334U/P-335U User's Guide Table 18 Wizard Step 3: WAN IP and DNS Server Addresses LABEL First DNS...
User Guide
Page 77
...Security Technology) allows you to transfer your network administrator instructs you had to configure the settings on the AP and then manually configure the exact same settings on the external authentication server and your changes back to do so with additional information. ...shared between the external authentication server and the ZyXEL Device. The key must be shared between the external accounting server and the ZyXEL Device. Note: OTIST replaces the pre-configured wireless settings on a periodic basis. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 ...
...Security Technology) allows you to transfer your network administrator instructs you had to configure the settings on the AP and then manually configure the exact same settings on the external authentication server and your changes back to do so with additional information. ...shared between the external authentication server and the ZyXEL Device. The key must be shared between the external accounting server and the ZyXEL Device. Note: OTIST replaces the pre-configured wireless settings on a periodic basis. P-334U/P-335U User's Guide Table 27 Wireless: WPA/WPA2 ...
User Guide
Page 80
... range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for an OTIST-enabled AP. 80 Chapter 4 Wireless LAN After reviewing the settings, click OK. Figure 44 No AP...it to set up showing you see this screen to search for non-OTIST devices in the wireless network. P-334U/P-335U User's Guide 4.4.2 Starting OTIST Note: You must all within three minutes (at the time of writing). You ... (Client) • In the wireless client, you the security settings to the ZyXEL utility main screen. Click OK to go back to transfer.
... range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for an OTIST-enabled AP. 80 Chapter 4 Wireless LAN After reviewing the settings, click OK. Figure 44 No AP...it to set up showing you see this screen to search for non-OTIST devices in the wireless network. P-334U/P-335U User's Guide 4.4.2 Starting OTIST Note: You must all within three minutes (at the time of writing). You ... (Client) • In the wireless client, you the security settings to the ZyXEL utility main screen. Click OK to go back to transfer.
User Guide
Page 81
...wireless client(s). 5 If you configure OTIST to configure this key changes each time you manually have the wireless client search for an OTIST-enabled AP, there is assigned at the...Media Access Control) address. The screen appears as shown. Therefore, if a new wireless client joins your ZyXEL Device's MAC filter settings, click Network > Wireless LAN > MAC Filter. To change the SSID or the...The MAC address is no timeout; Chapter 4 Wireless LAN 81 Figure 45 Start OTIST? P-334U/P-335U User's Guide 2 If an OTIST-enabled wireless client loses its wireless connection for more than ten ...
...wireless client(s). 5 If you configure OTIST to configure this key changes each time you manually have the wireless client search for an OTIST-enabled AP, there is assigned at the...Media Access Control) address. The screen appears as shown. Therefore, if a new wireless client joins your ZyXEL Device's MAC filter settings, click Network > Wireless LAN > MAC Filter. To change the SSID or the...The MAC address is no timeout; Chapter 4 Wireless LAN 81 Figure 45 Start OTIST? P-334U/P-335U User's Guide 2 If an OTIST-enabled wireless client loses its wireless connection for more than ten ...
User Guide
Page 88
...search again. Click Scan if you want to the Internet. Make sure the AP or peer computer is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to any available network that means there is ...SSID is "SSID_Example3" and the pre-shared key is labeled AP. P-334U/P-335U User's Guide 5.3.1 Connecting to a Wireless LAN The following diagram. If no entry displays in the following sections show you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect ...
...search again. Click Scan if you want to the Internet. Make sure the AP or peer computer is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to any available network that means there is ...SSID is "SSID_Example3" and the pre-shared key is labeled AP. P-334U/P-335U User's Guide 5.3.1 Connecting to a Wireless LAN The following diagram. If no entry displays in the following sections show you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect ...
User Guide
Page 91
Figure 56 ZyXEL Utility: Profile Security 5 This screen varies depending on the encryption method you selected in the list. You can also configure your profile for a wireless network that is not in the previous screen. Select Infrastructure and either manually enter or select the AP's SSID in the ...In this example, WPA-PSK). Enter the pre-shared key and leave the encryption type at the default setting. P-334U/P-335U User's Guide you want to search again. Figure 55 ZyXEL Utility: Add New Profile 3 Give the profile a descriptive name (of up to 32 printable ASCII characters). Figure 57...
Figure 56 ZyXEL Utility: Profile Security 5 This screen varies depending on the encryption method you selected in the list. You can also configure your profile for a wireless network that is not in the previous screen. Select Infrastructure and either manually enter or select the AP's SSID in the ...In this example, WPA-PSK). Enter the pre-shared key and leave the encryption type at the default setting. P-334U/P-335U User's Guide you want to search again. Figure 55 ZyXEL Utility: Add New Profile 3 Give the profile a descriptive name (of up to 32 printable ASCII characters). Figure 57...
User Guide
Page 97
IP Address Enter your LAN or manually entering a MAC address. DNS Servers First DNS Server Second DNS... offer new IP services for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. Chapter 6 WAN 97 P-334U/P-335U User's Guide Table 31 Ethernet Encapsulation LABEL DESCRIPTION Get automatically Select.... Gateway IP Address Enter a Gateway IP Address (if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). The field to the right. If you do not want to use the factory ...
IP Address Enter your LAN or manually entering a MAC address. DNS Servers First DNS Server Second DNS... offer new IP services for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. Chapter 6 WAN 97 P-334U/P-335U User's Guide Table 31 Ethernet Encapsulation LABEL DESCRIPTION Get automatically Select.... Gateway IP Address Enter a Gateway IP Address (if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). The field to the right. If you do not want to use the factory ...
User Guide
Page 100
...copied to a private server, creating a Virtual Private Network (VPN) using the ZyXEL Device's MAC address, copying the MAC address from a remote client to the rom file (ZyNOS configuration file). P-334U/P-335U User's Guide Table 32 PPPoE Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server... Third DNS Server Select From ISP if your LAN or manually entering a MAC address. If you want to use the ...
...copied to a private server, creating a Virtual Private Network (VPN) using the ZyXEL Device's MAC address, copying the MAC address from a remote client to the rom file (ZyNOS configuration file). P-334U/P-335U User's Guide Table 32 PPPoE Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server... Third DNS Server Select From ISP if your LAN or manually entering a MAC address. If you want to use the ...
User Guide
Page 103
... WAN Screen To change the setting or upload a different ROM file. Click Reset to the ZyXEL Device. The screen appears as shown. If set to 0.0.0.0, User-Defined changes to other hosts... through RIP broadcasts. Select From ISP if your LAN or manually entering a MAC address. Select None if you click Apply. Once it . Chapter 6 WAN 103...its RIP broadcasts. The field to use the factory assigned default MAC Address. P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS...
... WAN Screen To change the setting or upload a different ROM file. Click Reset to the ZyXEL Device. The screen appears as shown. If set to 0.0.0.0, User-Defined changes to other hosts... through RIP broadcasts. Select From ISP if your LAN or manually entering a MAC address. Select None if you click Apply. Once it . Chapter 6 WAN 103...its RIP broadcasts. The field to use the factory assigned default MAC Address. P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers First DNS Server Second DNS...
User Guide
Page 111
...ZyXEL Device provides the TCP/IP configuration for the clients. This field specifies the size, or count of the contiguous addresses in this screen. Chapter 8 DHCP Server 111 When set as a server, fill in the following screen displays. This field specifies the first of the IP address pool. P-334U/P-335U... the Enable DHCP Server check box selected unless your LAN, or else the computers must be manually configured. You can configure the ZyXEL Device as a server, the ZyXEL Device provides TCP/IP configuration for the clients. Figure 68 DHCP Server General The following table ...
...ZyXEL Device provides the TCP/IP configuration for the clients. This field specifies the size, or count of the contiguous addresses in this screen. Chapter 8 DHCP Server 111 When set as a server, fill in the following screen displays. This field specifies the first of the IP address pool. P-334U/P-335U... the Enable DHCP Server check box selected unless your LAN, or else the computers must be manually configured. You can configure the ZyXEL Device as a server, the ZyXEL Device provides TCP/IP configuration for the clients. Figure 68 DHCP Server General The following table ...
User Guide
Page 113
...Chapter 8 DHCP Server 113 DNS Servers Assigned by clicking the DHCP Table (Details...) hyperlink in order to have the ZyXEL Device act as a DNS proxy. Select None if you must have another DHCP sever on your changes back to the... right (read -only client list by DHCP Server The ZyXEL Device passes a DNS (Domain Name System) server IP address (in the field to a MAC address (and host name). P-334U/P-335U User's Guide The following screen displays. When you clear... this information to the LAN DHCP clients when you have their DNS server addresses manually configured.
...Chapter 8 DHCP Server 113 DNS Servers Assigned by clicking the DHCP Table (Details...) hyperlink in order to have the ZyXEL Device act as a DNS proxy. Select None if you must have another DHCP sever on your changes back to the... right (read -only client list by DHCP Server The ZyXEL Device passes a DNS (Domain Name System) server IP address (in the field to a MAC address (and host name). P-334U/P-335U User's Guide The following screen displays. When you clear... this information to the LAN DHCP clients when you have their DNS server addresses manually configured.
User Guide
Page 120
...Some services use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in from the server on the WAN) to dynamically take turns using... the service. P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000...28060-28062,28070-28081 11;name=Need for that service closes, another LAN computer's IP address. When the ZyXEL Device's WAN port receives a response with another computer on the server side. The problem is that port ...
...Some services use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in from the server on the WAN) to dynamically take turns using... the service. P-334U/P-335U User's Guide Figure 74 Game List Example version=1 1;name=Battlefield 1942;port=14567,22000,23000...28060-28062,28070-28081 11;name=Need for that service closes, another LAN computer's IP address. When the ZyXEL Device's WAN port receives a response with another computer on the server side. The problem is that port ...
User Guide
Page 150
...) IP address, in this IPSec rule's range of computers on the LAN behind your ZyXEL Device. Two active SAs cannot have the local and remote IP address(es) both . You can have more information. Manual is a subnet address, enter a subnet mask on the LAN behind the NAT router....single IP address, enter a (static) IP address on the LAN behind your ZyXEL Device. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is configured to enable NAT traversal. P-334U/P-335U User's Guide Table 52 Security > VPN > Rule Setup: IKE (Basic)...
...) IP address, in this IPSec rule's range of computers on the LAN behind your ZyXEL Device. Two active SAs cannot have the local and remote IP address(es) both . You can have more information. Manual is a subnet address, enter a subnet mask on the LAN behind the NAT router....single IP address, enter a (static) IP address on the LAN behind your ZyXEL Device. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is configured to enable NAT traversal. P-334U/P-335U User's Guide Table 52 Security > VPN > Rule Setup: IKE (Basic)...