User Guide
Page 3
...335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. Disclaimer ZyXEL does not assume any liability arising out of the application or use of ZyXEL Communications Corporation. All rights reserved. Trademarks ZyNOS (ZyXEL Network Operating System) is subject to make changes in ...publication may be properties of others. Neither does it convey any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without notice. Other trademarks mentioned in any form or by any license under its patent rights nor the ...
...335U User's Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. Disclaimer ZyXEL does not assume any liability arising out of the application or use of ZyXEL Communications Corporation. All rights reserved. Trademarks ZyNOS (ZyXEL Network Operating System) is subject to make changes in ...publication may be properties of others. Neither does it convey any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without notice. Other trademarks mentioned in any form or by any license under its patent rights nor the ...
User Guide
Page 15
...'s Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13.1.2.3 Authentication...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
...'s Guide Chapter 13 IPSec VPN ...139 13.1 IPSec VPN Overview 139 13.1.1 IKE SA (IKE Phase 1) Overview 140 13.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..140 13.1.2 IKE SA Setup 140 13.1.2.1 IKE SA Proposal 141 13.1.2.2 Diffie-Hellman (DH) Key Exchange 141 13.1.2.3 Authentication...IKE 148 13.5 Advanced VPN Rule Setup (IKE 153 13.6 IPSec SA Using Manual Keys 159 13.6.1 IPSec SA Proposal Using Manual Keys 160 13.6.2 Authentication and the Security Parameter Index (SPI 160 13.7 VPN Rule Setup (Manual 160 13.8 VPN SA Monitor 164 13.9 VPN Global Setting 165 13.10 ...
User Guide
Page 21
... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
... 148 Figure 92 Security > VPN > Rule Setup: IKE (Basic 149 Figure 93 Security > VPN > Rule Setup: IKE (Advanced 154 Figure 94 Security > VPN > Rule Setup: Manual 161 Figure 95 Security > VPN > SA Monitor 164 Figure 96 Security > VPN > Global Setting 165 Figure 97 Telecommuters Sharing One VPN Rule Example 166 Figure...
User Guide
Page 26
... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
... 148 Table 52 Security > VPN > Rule Setup: IKE (Basic 149 Table 53 Security > VPN > Rule Setup: IKE (Advanced 155 Table 54 Security > VPN > Rule Setup: Manual 161 Table 55 SECURITY > VPN > SA Monitor 165 Table 56 Security > VPN > Global Setting 165 Table 57 Telecommuters Sharing One VPN Rule Example 166 Table...
User Guide
Page 29
... E-mail all interfaces. For example, "In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your ZyXEL Device using a right angle bracket ( > ). Related Documentation • Supporting Disk Refer to the included CD for support documents. • Quick ...help for descriptions of individual screens and supplementary information. • ZyXEL Glossary and Web Site Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation. This manual is designed to help you to type one predefined choice. ...
... E-mail all interfaces. For example, "In Windows, click Start > Settings > Control Panel" means first click the Start button, then point your ZyXEL Device using a right angle bracket ( > ). Related Documentation • Supporting Disk Refer to the included CD for support documents. • Quick ...help for descriptions of individual screens and supplementary information. • ZyXEL Glossary and Web Site Please refer to www.zyxel.com for an online glossary of networking terms and additional support documentation. This manual is designed to help you to type one predefined choice. ...
User Guide
Page 35
...connection is not connected. The ZyXEL Device is not receiving power. The ZyXEL Device is sending/receiving data through the wireless LAN. The ZyXEL Device has a successful 100Mb Ethernet connection. The LED remains on unless the WLAN settings are manually configured after OTIST is not ...sending/receiving data through the IEEE 802.11b or g wireless LAN. Power to Know Your ZyXEL Device 35 The ZyXEL Device is too low. The print server has a successful connection...
...connection is not connected. The ZyXEL Device is not receiving power. The ZyXEL Device is sending/receiving data through the wireless LAN. The ZyXEL Device has a successful 100Mb Ethernet connection. The LED remains on unless the WLAN settings are manually configured after OTIST is not ...sending/receiving data through the IEEE 802.11b or g wireless LAN. Power to Know Your ZyXEL Device 35 The ZyXEL Device is too low. The print server has a successful connection...
User Guide
Page 44
...This field displays the computer host name. 44 Chapter 2 Introducing the Web Configurator You can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. Read-only information here relates to your LAN, ... DHCP server on your DHCP status. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. Figure 10 Summary: DHCP Table The following table describes the labels in the Status screen....: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually configured.
...This field displays the computer host name. 44 Chapter 2 Introducing the Web Configurator You can configure the ZyXEL Device as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. Read-only information here relates to your LAN, ... DHCP server on your DHCP status. If DHCP service is the index number of all network clients using the ZyXEL Device's DHCP server. Figure 10 Summary: DHCP Table The following table describes the labels in the Status screen....: DHCP Table LABEL # IP Address Host Name DESCRIPTION This is disabled, you must be manually configured.
User Guide
Page 63
...you change the setting or upload a different "rom" file. Once it is advisable to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require MAC address authentication. P-334U/P-335U User's Guide Table...168.1.32; 192.168.1.65-192.168.1.254. 255.255.255.0 192.168.1.1(ZyXEL Device LAN IP) This screen allows users to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is successfully configured, the address will not change unless...
...you change the setting or upload a different "rom" file. Once it is advisable to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on your ISP does not presently require MAC address authentication. P-334U/P-335U User's Guide Table...168.1.32; 192.168.1.65-192.168.1.254. 255.255.255.0 192.168.1.1(ZyXEL Device LAN IP) This screen allows users to clone the MAC address from a computer on your LAN even if your LAN or manually entering a MAC address. It is successfully configured, the address will not change unless...
User Guide
Page 77
... key is not sent over the network. You need not change this value unless your network administrator instructs you didn't configure one manually. Chapter 4 Wireless LAN 77 The key must have OTIST generate a WPA-PSK key for this meant that support OTIST and are.... Traditionally this screen. 4.4 OTIST In a wireless network, the wireless clients must be shared between the external accounting server and the ZyXEL Device. Port Number Enter the port number of the external accounting server in dotted decimal notation. P-334U/P-335U User's Guide Table 27...
... key is not sent over the network. You need not change this value unless your network administrator instructs you didn't configure one manually. Chapter 4 Wireless LAN 77 The key must have OTIST generate a WPA-PSK key for this meant that support OTIST and are.... Traditionally this screen. 4.4 OTIST In a wireless network, the wireless clients must be shared between the external accounting server and the ZyXEL Device. Port Number Enter the port number of the external accounting server in dotted decimal notation. P-334U/P-335U User's Guide Table 27...
User Guide
Page 80
... wireless client(s) Adapter screen all be within range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for it can use the key in this screen each time you enabled OTIST in the wireless network. Click OK to go back to the... ZyXEL utility main screen. You can 't find an OTIST-enabled AP (with OTIST Found • If there is complete. Click Yes for non-OTIST devices in ...
... wireless client(s) Adapter screen all be within range and have OTIST enabled. 1 In the AP, a web configurator screen pops up WEP or WPA-PSK encryption manually for it can use the key in this screen each time you enabled OTIST in the wireless network. Click OK to go back to the... ZyXEL utility main screen. You can 't find an OTIST-enabled AP (with OTIST Found • If there is complete. Click Yes for non-OTIST devices in ...
User Guide
Page 81
... ALL wireless clients again. 4.5 MAC Filter The MAC filter screen allows you change your wireless network, you need to run OTIST again or enter them manually in the OTIST button (for about two seconds) for the AP to generate a WPA-PSK key, this screen. Figure 45 Start OTIST? Therefore,... if a new wireless client joins your ZyXEL Device's MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. The MAC address is no timeout; Chapter 4 Wireless ...
... ALL wireless clients again. 4.5 MAC Filter The MAC filter screen allows you change your wireless network, you need to run OTIST again or enter them manually in the OTIST button (for about two seconds) for the AP to generate a WPA-PSK key, this screen. Figure 45 Start OTIST? Therefore,... if a new wireless client joins your ZyXEL Device's MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. The MAC address is no timeout; Chapter 4 Wireless ...
User Guide
Page 88
...Connecting to a Wireless LAN The following diagram. After you how to any available network that means there is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to a specific network or peer computer. The wireless ...is configured for and connect to join a wireless network using the ZyXEL utility, as in the Available Network List, that has no wireless network available within range. This example illustrates how to manually connect your wireless client to an access point (AP) which is...
...Connecting to a Wireless LAN The following diagram. After you how to any available network that means there is no wireless security configured. • Manually connect to a network. • Configure a profile to have the wireless client automatically connect to a specific network or peer computer. The wireless ...is configured for and connect to join a wireless network using the ZyXEL utility, as in the Available Network List, that has no wireless network available within range. This example illustrates how to manually connect your wireless client to an access point (AP) which is...
User Guide
Page 91
...this example, WPA-PSK). P-334U/P-335U User's Guide you want to search again. Select Infrastructure and either manually enter or select the AP's SSID in the previous screen. Figure 56 ZyXEL Utility: Profile Security 5 This screen varies depending on the encryption method you selected in the Scan Info table ... to 32 printable ASCII characters). Enter the pre-shared key and leave the encryption type at the default setting. Figure 57 ZyXEL Utility: Profile Encryption Chapter 5 Wireless Tutorial 91 You can also configure your profile for a wireless network that is not in the list.
...this example, WPA-PSK). P-334U/P-335U User's Guide you want to search again. Select Infrastructure and either manually enter or select the AP's SSID in the previous screen. Figure 56 ZyXEL Utility: Profile Security 5 This screen varies depending on the encryption method you selected in the Scan Info table ... to 32 printable ASCII characters). Enter the pre-shared key and leave the encryption type at the default setting. Figure 57 ZyXEL Utility: Profile Encryption Chapter 5 Wireless Tutorial 91 You can also configure your profile for a wireless network that is not in the list.
User Guide
Page 97
...IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with existing access control systems (for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. Enter the DNS server's IP address in this option and enter the...benefits of multiple network services, a function known as dynamic service selection. Gateway IP Address Enter a Gateway IP Address (if your LAN or manually entering a MAC address. WAN MAC Address The MAC address section allows users to None after you a fixed IP address. IP Address and ...
...IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with existing access control systems (for a dial-up connection using the ZyXEL Device's MAC address, copying the MAC address from ISP default selection. Enter the DNS server's IP address in this option and enter the...benefits of multiple network services, a function known as dynamic service selection. Gateway IP Address Enter a Gateway IP Address (if your LAN or manually entering a MAC address. WAN MAC Address The MAC address section allows users to None after you a fixed IP address. IP Address and ...
User Guide
Page 100
..., the second User-Defined changes to None after you click Apply. WAN MAC Address The MAC address section allows users to save your LAN or manually entering a MAC address. Apply Click Apply to configure the WAN port's MAC address by using TCP/IP-based networks. If you do not want... Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). IP Address and enter the IP address of a DNS server. It will be copied to -Point Tunneling Protocol (PPTP) ...
..., the second User-Defined changes to None after you click Apply. WAN MAC Address The MAC address section allows users to save your LAN or manually entering a MAC address. Apply Click Apply to configure the WAN port's MAC address by using TCP/IP-based networks. If you do not want... Encapsulation LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). IP Address and enter the IP address of a DNS server. It will be copied to -Point Tunneling Protocol (PPTP) ...
User Guide
Page 103
... unless you have the IP address of a DNS server. Select From ISP if your LAN or manually entering a MAC address. Select this option and enter the MAC address you click Apply. If No... Apply to save your changes back to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on the LAN whose MAC you click... Apply. The MAC address section allows users to the ZyXEL Device. Chapter 6 WAN 103 P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers...
... unless you have the IP address of a DNS server. Select From ISP if your LAN or manually entering a MAC address. Select this option and enter the MAC address you click Apply. If No... Apply to save your changes back to configure the WAN port's MAC address by either using the ZyXEL Device's MAC address, copying the MAC address from a computer on the LAN whose MAC you click... Apply. The MAC address section allows users to the ZyXEL Device. Chapter 6 WAN 103 P-334U/P-335U User's Guide Table 33 PPTP Encapsulation LABEL Private DNS Servers...
User Guide
Page 111
You can configure the ZyXEL Device as a DHCP server. If DHCP service is disabled and you must have another DHCP server on your LAN, or else the computers must be manually configured. When set as a server, fill in the IP address pool. Chapter 8 DHCP Server 111 Table 38 ... Enable DHCP Server check box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computer must be manually configured. 8.2 DHCP Server General Screen Click Network > DHCP Server. P-334U/P-335U User's Guide CHAPTER 8 DHCP Server 8.1 DHCP DHCP (Dynamic Host ...
You can configure the ZyXEL Device as a DHCP server. If DHCP service is disabled and you must have another DHCP server on your LAN, or else the computers must be manually configured. When set as a server, fill in the IP address pool. Chapter 8 DHCP Server 111 Table 38 ... Enable DHCP Server check box selected unless your ISP instructs you must have another DHCP server on your LAN, or else the computer must be manually configured. 8.2 DHCP Server General Screen Click Network > DHCP Server. P-334U/P-335U User's Guide CHAPTER 8 DHCP Server 8.1 DHCP DHCP (Dynamic Host ...
User Guide
Page 113
... DNS Relay to None after you set to 0.0.0.0, User-Defined changes to a MAC address (and host name). if you must have their DNS server addresses manually configured. Apply Reset Click Apply to save your LAN, or else the computers must know the IP address of the three servers; Click Reset to... System) server IP address (in the WAN > Internet Connection screen) and relays the response back to the LAN DHCP clients when you click Apply. The ZyXEL Device tells the DHCP clients on the LAN that the ISP assigns. Select None if you do not configure a DNS server, you chose User-Defined...
... DNS Relay to None after you set to 0.0.0.0, User-Defined changes to a MAC address (and host name). if you must have their DNS server addresses manually configured. Apply Reset Click Apply to save your LAN, or else the computers must know the IP address of the three servers; Click Reset to... System) server IP address (in the WAN > Internet Connection screen) and relays the response back to the LAN DHCP clients when you click Apply. The ZyXEL Device tells the DHCP clients on the LAN that the ISP assigns. Select None if you do not configure a DNS server, you chose User-Defined...
User Guide
Page 120
...service with another computer on the LAN to use the service in the forwarding port with a specific port number and protocol (a "trigger" port). The ZyXEL Device records the IP address of a computer on a different LAN computer, you set a forwarding port in NAT to forward a service (coming in ...from the server on the WAN) to the IP address of a LAN computer that port forwarding only forwards a service to manually replace the LAN computer's IP address in the same manner. With regular port forwarding you have to a single LAN IP address. Trigger port forwarding...
...service with another computer on the LAN to use the service in the forwarding port with a specific port number and protocol (a "trigger" port). The ZyXEL Device records the IP address of a computer on a different LAN computer, you set a forwarding port in NAT to forward a service (coming in ...from the server on the WAN) to the IP address of a LAN computer that port forwarding only forwards a service to manually replace the LAN computer's IP address in the same manner. With regular port forwarding you have to a single LAN IP address. Trigger port forwarding...
User Guide
Page 150
...(continued) LABEL DESCRIPTION NAT Traversal Select this check box to 0.0.0.0. A DNS server allows clients on the VPN to find other active rules with manual key management. Local Address End /Mask When the local IP address is active at any other computers and servers on the VPN by their (...private) domain names. IPSec Keying Mode Select IKE or Manual from the drop-down list box. DNS Server (for an IPSec router behind your ZyXEL Device. Local Policy Local IP addresses must also have the same local or remote IP address, ...
...(continued) LABEL DESCRIPTION NAT Traversal Select this check box to 0.0.0.0. A DNS server allows clients on the VPN to find other active rules with manual key management. Local Address End /Mask When the local IP address is active at any other computers and servers on the VPN by their (...private) domain names. IPSec Keying Mode Select IKE or Manual from the drop-down list box. DNS Server (for an IPSec router behind your ZyXEL Device. Local Policy Local IP addresses must also have the same local or remote IP address, ...