User Guide
Page 3
...This User's Guide About This User's Guide Intended Audience This manual is designed to help is available at least a basic knowledge of TCP/IP networking concepts and topology. You should have at www.zyxel.com. It contains information on setting up and running right...you get up your comments, questions or suggestions to configure the ZyXEL Device using the web configurator. The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. P-660HN-51 User's Guide 3 Related Documentation • Quick Start Guide The...
...This User's Guide About This User's Guide Intended Audience This manual is designed to help is available at least a basic knowledge of TCP/IP networking concepts and topology. You should have at www.zyxel.com. It contains information on setting up and running right...you get up your comments, questions or suggestions to configure the ZyXEL Device using the web configurator. The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. P-660HN-51 User's Guide 3 Related Documentation • Quick Start Guide The...
User Guide
Page 4
... ZyXEL products. • Forum This contains discussions on ZyXEL... products. Learn from others who use your product. • Knowledge Base If you received your device. • Brief description of answers to previously asked questions about your device. If you cannot contact your vendor, then contact a ZyXEL... office for the region in which you took to use ZyXEL... products and share your vendor. Read the Tech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in this manual... this manual is...
... ZyXEL products. • Forum This contains discussions on ZyXEL... products. Learn from others who use your product. • Knowledge Base If you received your device. • Brief description of answers to previously asked questions about your device. If you cannot contact your vendor, then contact a ZyXEL... office for the region in which you took to use ZyXEL... products and share your vendor. Read the Tech Doc Overview to find out how to efficiently use the User Guide, Quick Start Guide and Command Line Interface Reference Guide in this manual... this manual is...
User Guide
Page 15
... in this Chapter 177 13.1.2 What You Need to Know 178 13.2 The IPSec Settings Screen 179 13.2.1 Add/Edit IPSec Setting 180 13.2.2 Configuring Manual Key 185 13.3 The IPSec Status Screen 188 13.4 Technical Reference ...188 13.4.1 IPSec Architecture 189 13.4.2 Encapsulation ...190 13.4.3 IKE Phases ...191 13.4.4 Negotiation... Routing ...201 15.1 Overview ...201 15.2 The Routing Screen ...202 15.2.1 Add/Edit Static Route 203 Chapter 16 Dynamic DNS Setup ...205 16.1 Overview ...205 P-660HN-51 User's Guide 15
... in this Chapter 177 13.1.2 What You Need to Know 178 13.2 The IPSec Settings Screen 179 13.2.1 Add/Edit IPSec Setting 180 13.2.2 Configuring Manual Key 185 13.3 The IPSec Status Screen 188 13.4 Technical Reference ...188 13.4.1 IPSec Architecture 189 13.4.2 Encapsulation ...190 13.4.3 IKE Phases ...191 13.4.4 Negotiation... Routing ...201 15.1 Overview ...201 15.2 The Routing Screen ...202 15.2.1 Add/Edit Static Route 203 Chapter 16 Dynamic DNS Setup ...205 16.1 Overview ...205 P-660HN-51 User's Guide 15
User Guide
Page 44
... serves as zyxel.com to see if you need to configure the WAN screens. 4.3 Setting Up a Secure Wireless Network This tutorial is the wireless client. Be sure to activate the wireless network. 3 Enter the SSID name in Wireless Network Name. 44 P-660HN-51 User's Guide You can... access the Internet through the AP. The wireless client can set up a wireless network using WPS (Section 4.3.2 on page 46) or manual configuration (Section 4.3.3 on the ZyXEL Device. SSID Security Mode Pre-Shared Key 802.11...
... serves as zyxel.com to see if you need to configure the WAN screens. 4.3 Setting Up a Secure Wireless Network This tutorial is the wireless client. Be sure to activate the wireless network. 3 Enter the SSID name in Wireless Network Name. 44 P-660HN-51 User's Guide You can... access the Internet through the AP. The wireless client can set up a wireless network using WPS (Section 4.3.2 on page 46) or manual configuration (Section 4.3.3 on the ZyXEL Device. SSID Security Mode Pre-Shared Key 802.11...
User Guide
Page 70
.../Edit: Bridge Mode 70 P-660HN-51 User's Guide it is not used to establish membership in the Routing Feature field. This is a network-layer protocol used to carry user data. DNS Server 1 DNS Server 2 Apply Cancel Select Static if you want the ZyXEL Device use the DNS server addresses...to activate NAT on this screen without saving. 5.2.1.1 Bridge This screen displays when you configure manually. Enter the second DNS server address assigned by the ISP. Select this option to have the ZyXEL Device act as an IGMP proxy on this connection as Default Gateway in a Multicast group -...
.../Edit: Bridge Mode 70 P-660HN-51 User's Guide it is not used to establish membership in the Routing Feature field. This is a network-layer protocol used to carry user data. DNS Server 1 DNS Server 2 Apply Cancel Select Static if you want the ZyXEL Device use the DNS server addresses...to activate NAT on this screen without saving. 5.2.1.1 Bridge This screen displays when you configure manually. Enter the second DNS server address assigned by the ISP. Select this option to have the ZyXEL Device act as an IGMP proxy on this connection as Default Gateway in a Multicast group -...
User Guide
Page 90
... you want to use the WPS feature, make sure you have set up a WPS wireless network using Push Button Configuration (PBC). 90 P-660HN-51 User's Guide Set up a wireless network with strong security, without having to set the security mode of the SSID1 profile (see Section ... 6 Wireless 6.5 The WPS Screen Use this screen to activate WPS on the ZyXEL Device. Figure 24 Network Settings > Wireless > WPS The following screen displays. Method 1 Use this section to configure security settings manually. Click Network Settings > Wireless > WPS. Then you to quickly set up each...
... you want to use the WPS feature, make sure you have set up a WPS wireless network using Push Button Configuration (PBC). 90 P-660HN-51 User's Guide Set up a wireless network with strong security, without having to set the security mode of the SSID1 profile (see Section ... 6 Wireless 6.5 The WPS Screen Use this screen to activate WPS on the ZyXEL Device. Figure 24 Network Settings > Wireless > WPS The following screen displays. Method 1 Use this section to configure security settings manually. Click Network Settings > Wireless > WPS. Then you to quickly set up each...
User Guide
Page 93
...to remove this mode, clients cannot connect to the ZyXEL Device wirelessly. In this entry. You can connect ...device by clicking the Edit icon under Modify. The ZyXEL Device acts as a bridge and access point simultaneously....MAC address format (six hexadecimal character pairs, for your ZyXEL Device. The following table describes the labels in the...example 12:34:56:78:9a:bc). The ZyXEL Device functions as a wireless network bridge and establishes...to turn on WDS and enter the peer device's MAC address manually in this screen. Chapter 6 Wireless Click Network Settings > Wireless...
...to remove this mode, clients cannot connect to the ZyXEL Device wirelessly. In this entry. You can connect ...device by clicking the Edit icon under Modify. The ZyXEL Device acts as a bridge and access point simultaneously....MAC address format (six hexadecimal character pairs, for your ZyXEL Device. The following table describes the labels in the...example 12:34:56:78:9a:bc). The ZyXEL Device functions as a wireless network bridge and establishes...to turn on WDS and enter the peer device's MAC address manually in this screen. Chapter 6 Wireless Click Network Settings > Wireless...
User Guide
Page 104
...access point AP 2, which is an industry standard specification, defined by themselves. 104 P-660HN-51 User's Guide Figure 31 WDS Link Example A WDS AP 1 AP 2 6.9.8 WiFi Protected Setup (WPS) Your ZyXEL Device supports WiFi Protected Setup (WPS), which has a wired Internet connection. You ...need to know the MAC addresses of the APs you want to link to configure security settings manually. Then, the two devices connect and set ...
...access point AP 2, which is an industry standard specification, defined by themselves. 104 P-660HN-51 User's Guide Figure 31 WDS Link Example A WDS AP 1 AP 2 6.9.8 WiFi Protected Setup (WPS) Your ZyXEL Device supports WiFi Protected Setup (WPS), which has a wired Internet connection. You ...need to know the MAC addresses of the APs you want to link to configure security settings manually. Then, the two devices connect and set ...
User Guide
Page 119
...computer from the drop list and have the MAC Address and IP Address auto-detected. MAC Address If you select Manual Input in use. P-660HN-51 User's Guide 119 In turn, a device can manually type in the MAC address and IP address of a computer on the network. Table 25 Static DHCP: Add/... new static lease in the Static DHCP screen or the Edit icon next to activate the Static DHCP function. Select Device Info If you select Manual Input, you can leave a network smoothly and automatically when it is a distributed, open networking standard that you will also specify. Apply Click...
...computer from the drop list and have the MAC Address and IP Address auto-detected. MAC Address If you select Manual Input in use. P-660HN-51 User's Guide 119 In turn, a device can manually type in the MAC address and IP address of a computer on the network. Table 25 Static DHCP: Add/... new static lease in the Static DHCP screen or the Edit icon next to activate the Static DHCP function. Select Device Info If you select Manual Input, you can leave a network smoothly and automatically when it is a distributed, open networking standard that you will also specify. Apply Click...
User Guide
Page 125
Chapter 7 Home Networking 4 You may edit or delete the port mappings or click Add to manually add port mappings. System Tray Icon P-660HN-51 User's Guide 125 An icon displays in notification area when connected option and click OK. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in the system tray.
Chapter 7 Home Networking 4 You may edit or delete the port mappings or click Add to manually add port mappings. System Tray Icon P-660HN-51 User's Guide 125 An icon displays in notification area when connected option and click OK. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in the system tray.
User Guide
Page 129
...allows individual clients to its corresponding IP address and vice versa. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the DHCP clients (DHCP Pool). If you turn DHCP service...off, you set up from the DHCP pool to your LAN, or else the computer must be manually configured. Do not assign static IP addresses from a server. The DNS server is pre-configured with ... must know the IP address of IP addresses for the clients. P-660HN-51 User's Guide 129 There are passed to the client machines along with a pool of a computer ...
...allows individual clients to its corresponding IP address and vice versa. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the DHCP clients (DHCP Pool). If you turn DHCP service...off, you set up from the DHCP pool to your LAN, or else the computer must be manually configured. Do not assign static IP addresses from a server. The DNS server is pre-configured with ... must know the IP address of IP addresses for the clients. P-660HN-51 User's Guide 129 There are passed to the client machines along with a pool of a computer ...
User Guide
Page 139
... service that port forwarding only forwards a service to a single LAN IP address. P-660HN-51 User's Guide 139 Apply Click Apply to the IP address of ports on the server side. ...the service in Application Fowarded. Application Forwarded Select a service from the drop-down list box and the ZyXEL Device automatically configures the protocol, start, end, and map port number that service closes, another LAN... the application from the drop-down list box. View Rule Click this NAT rule to manually replace the LAN computer's IP address in from the server on the WAN) to save...
... service that port forwarding only forwards a service to a single LAN IP address. P-660HN-51 User's Guide 139 Apply Click Apply to the IP address of ports on the server side. ...the service in Application Fowarded. Application Forwarded Select a service from the drop-down list box and the ZyXEL Device automatically configures the protocol, start, end, and map port number that service closes, another LAN... the application from the drop-down list box. View Rule Click this NAT rule to manually replace the LAN computer's IP address in from the server on the WAN) to save...
User Guide
Page 180
...computer(s) on the remote network behind your ZyXEL Device. Click the Edit icon to edit VPN policies. You only configure VPN manual key when you select Auto(IKE) in the IPSec > Settings screen to edit the VPN configuration. Auto(IKE) screen. 180 P-660HN-51 User's Guide The following is active or... policy's Edit icon in the Key Exchange Method field on your local network behind the remote IPSec router. This is generally recommended. Note: The ZyXEL Device uses the system default gateway interface's WAN IP address as its WAN IP address to set up a VPN tunnel. 13.2.1.1 Auto(IKE)...
...computer(s) on the remote network behind your ZyXEL Device. Click the Edit icon to edit VPN policies. You only configure VPN manual key when you select Auto(IKE) in the IPSec > Settings screen to edit the VPN configuration. Auto(IKE) screen. 180 P-660HN-51 User's Guide The following is active or... policy's Edit icon in the Key Exchange Method field on your local network behind the remote IPSec router. This is generally recommended. Note: The ZyXEL Device uses the system default gateway interface's WAN IP address as its WAN IP address to set up a VPN tunnel. 13.2.1.1 Auto(IKE)...
User Guide
Page 183
... Otherwise, click Hide Advanced Settings. P-660HN-51 User's Guide 183 A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. Local/Remote ID Content Select ASN1DN (Abstract Syntax Notation one - Otherwise, select Disable. Select Auto(IKE) or Manual from the drop-down list box. ... malformed) packet if the same pre-shared key is a useful option for the pre-shared key. Select E-mail to identify this ZyXEL Device by an e-mail address. Advanced IKE Settings NAT_Traversal Phase 1/Phase 2 When you have to forward UDP port 500 packets to set...
... Otherwise, click Hide Advanced Settings. P-660HN-51 User's Guide 183 A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. Local/Remote ID Content Select ASN1DN (Abstract Syntax Notation one - Otherwise, select Disable. Select Auto(IKE) or Manual from the drop-down list box. ... malformed) packet if the same pre-shared key is a useful option for the pre-shared key. Select E-mail to identify this ZyXEL Device by an e-mail address. Advanced IKE Settings NAT_Traversal Phase 1/Phase 2 When you have to forward UDP port 500 packets to set...
User Guide
Page 184
... VPN gateway to authenticate packet data. As a result, 3DES is more processing power, resulting in this screen without saving. 13.2.1.2 Manual Key Setup Manual key management is transmitted from the dropdown list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are temporarily disconnected. ...-Hellman Group 2 a 1024 bit (1Kb) random number. Click Cancel to generate and verify a message authentication code. The local VPN 184 P-660HN-51 User's Guide Select MD5 for minimal security and SHA1 for key exchange in SA setup. 768bit refers to Diffie-Hellman Group 1 a 768 bit...
... VPN gateway to authenticate packet data. As a result, 3DES is more processing power, resulting in this screen without saving. 13.2.1.2 Manual Key Setup Manual key management is transmitted from the dropdown list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are temporarily disconnected. ...-Hellman Group 2 a 1024 bit (1Kb) random number. Click Cancel to generate and verify a message authentication code. The local VPN 184 P-660HN-51 User's Guide Select MD5 for minimal security and SHA1 for key exchange in SA setup. 768bit refers to Diffie-Hellman Group 1 a 768 bit...
User Guide
Page 185
Chapter 13 IPSec gateway then uses the network, encryption and key values that the administrator associated with the SPI to establish the tunnel. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 13.2.2 Configuring Manual Key You only configure VPN manual key when you select Manual in the Key Exchange Method field on the IPSec > Setting: Add/Edit screen. The following is the IPSec Setting - Manual screen. Figure 79 Settings > Add/Edit: Manual P-660HN-51 User's Guide 185
Chapter 13 IPSec gateway then uses the network, encryption and key values that the administrator associated with the SPI to establish the tunnel. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 13.2.2 Configuring Manual Key You only configure VPN manual key when you select Manual in the Key Exchange Method field on the IPSec > Setting: Add/Edit screen. The following is the IPSec Setting - Manual screen. Figure 79 Settings > Add/Edit: Manual P-660HN-51 User's Guide 185
User Guide
Page 186
...Address, enter a (static) IP address on the LAN behind the remote IPSec router. 186 P-660HN-51 User's Guide The remote IP addresses must correspond to the remote IPSec router's configured local IP... addresses. Specify the IP addresses of the devices behind your ZyXEL Device. You can use the VPN tunnel. Select Subnet to Single Address, enter a (static)...local and remote IP address(es) both . Table 56 IPSec Settings > Add/Edit: Manual LABEL Enable IPSec Connection Name Remote IPSec Gateway Address Tunnel access from remote IP addresses When...
...Address, enter a (static) IP address on the LAN behind the remote IPSec router. 186 P-660HN-51 User's Guide The remote IP addresses must correspond to the remote IPSec router's configured local IP... addresses. Specify the IP addresses of the devices behind your ZyXEL Device. You can use the VPN tunnel. Select Subnet to Single Address, enter a (static)...local and remote IP address(es) both . Table 56 IPSec Settings > Add/Edit: Manual LABEL Enable IPSec Connection Name Remote IPSec Gateway Address Tunnel access from remote IP addresses When...
User Guide
Page 187
... you use the same secret key, which can be used to the IPSec screen. P-660HN-51 User's Guide 187 The SHA1 algorithm is generally considered stronger than MD5, but is a...behind the remote IPSec router. Chapter 13 IPSec Table 56 IPSec Settings > Add/Edit: Manual (continued) LABEL IP Subnetmask DESCRIPTION When the remote IP address type is configured to Single Address... is configured to generate and verify a message authentication code. This field displays ESP and the ZyXEL Device uses ESP (Encapsulation Security Payload) for maximum security. As a result, 3DES is faster...
... you use the same secret key, which can be used to the IPSec screen. P-660HN-51 User's Guide 187 The SHA1 algorithm is generally considered stronger than MD5, but is a...behind the remote IPSec router. Chapter 13 IPSec Table 56 IPSec Settings > Add/Edit: Manual (continued) LABEL IP Subnetmask DESCRIPTION When the remote IP address type is configured to Single Address... is configured to generate and verify a message authentication code. This field displays ESP and the ZyXEL Device uses ESP (Encapsulation Security Payload) for maximum security. As a result, 3DES is faster...
User Guide
Page 189
...Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for the AH and ESP protocols. P-660HN-51 User's Guide 189 13.4.1 IPSec Architecture The overall IPSec architecture is shown as DES (Data Encryption Standard) and Triple DES algorithms. The Authentication Algorithms, HMAC... algorithms). Key Management Key management allows you to determine whether to set up a VPN. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to use of encryption techniques such as follows.
...Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for the AH and ESP protocols. P-660HN-51 User's Guide 189 13.4.1 IPSec Architecture The overall IPSec architecture is shown as DES (Data Encryption Standard) and Triple DES algorithms. The Authentication Algorithms, HMAC... algorithms). Key Management Key management allows you to determine whether to set up a VPN. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to use of encryption techniques such as follows.
User Guide
Page 208
... screen without saving. 16.3 The Dynamic DNS Screen Use this screen. Figure 93 Advanced > DNS Setting > Dynamic DNS 208 P-660HN-51 User's Guide Cancel Click Cancel to save your ZyXEL Device's DDNS. The screen appears as shown. Figure 92 DNS Entry: Add/Edit The following table describes the labels in the...icon next to the entry you want to change your changes. Chapter 16 Dynamic DNS Setup 16.2.1 Add/Edit DNS Entry You can manually add or edit the ZyXEL Device's DNS name and IP address entry. The screen shown next appears. Table 68 DNS Entry: Add/Edit LABEL DESCRIPTION Host ...
... screen without saving. 16.3 The Dynamic DNS Screen Use this screen. Figure 93 Advanced > DNS Setting > Dynamic DNS 208 P-660HN-51 User's Guide Cancel Click Cancel to save your ZyXEL Device's DDNS. The screen appears as shown. Figure 92 DNS Entry: Add/Edit The following table describes the labels in the...icon next to the entry you want to change your changes. Chapter 16 Dynamic DNS Setup 16.2.1 Add/Edit DNS Entry You can manually add or edit the ZyXEL Device's DNS name and IP address entry. The screen shown next appears. Table 68 DNS Entry: Add/Edit LABEL DESCRIPTION Host ...