User Guide
Page 3
...• If you don't already have the latest version of the User's Guide PDF. P-793H v2 User's Guide 3 You can help you get up your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! Click them to jump to the corresponding section of Adobe Reader, you ...directly into a "hand" with which page-range you want to configure the P-793H v2 using the web configurator. Tips for support documents. About This User's Guide About This User's Guide Intended Audience This manual is designed to help you quickly pinpoint the information you require. It contains ...
...• If you don't already have the latest version of the User's Guide PDF. P-793H v2 User's Guide 3 You can help you get up your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you! Click them to jump to the corresponding section of Adobe Reader, you ...directly into a "hand" with which page-range you want to configure the P-793H v2 using the web configurator. Tips for support documents. About This User's Guide About This User's Guide Intended Audience This manual is designed to help you quickly pinpoint the information you require. It contains ...
User Guide
Page 5
P-793H v2 User's Guide 5 Every effort has been made to differences in this manual is accurate. About This User's Guide Disclaimer Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device.
P-793H v2 User's Guide 5 Every effort has been made to differences in this manual is accurate. About This User's Guide Disclaimer Graphics in this book may differ slightly from the product due to ensure that the information in operating systems, operating system versions, or if you installed updated firmware/software for your device.
User Guide
Page 12
...VPN Status ...54 3.5 Any IP Table ...54 3.6 Packet Statistics ...55 Chapter 4 Internet Setup Wizard ...57 4.1 Overview ...57 4.2 Internet Access Wizard Setup 57 4.2.1 Manual Configuration 60 Chapter 5 Tutorials ...67 5.1 Overview ...67 5.2 Configuring Point-to-point Connection 67 5.2.1 Set Up the Server ...68 5.2.2 Set Up the Client ...69 ...5.3 Configuring a Point-to-2points Connection 70 5.3.1 Set up the Server ...70 5.3.2 Set up the Clients ...71 5.3.3 Connect the P-793H v2s 72 Part II: Technical Reference 73 Chapter 6 WAN Setup...75 6.1 Overview ...75 6.1.1 What You Can Do in the WAN...
...VPN Status ...54 3.5 Any IP Table ...54 3.6 Packet Statistics ...55 Chapter 4 Internet Setup Wizard ...57 4.1 Overview ...57 4.2 Internet Access Wizard Setup 57 4.2.1 Manual Configuration 60 Chapter 5 Tutorials ...67 5.1 Overview ...67 5.2 Configuring Point-to-point Connection 67 5.2.1 Set Up the Server ...68 5.2.2 Set Up the Client ...69 ...5.3 Configuring a Point-to-2points Connection 70 5.3.1 Set up the Server ...70 5.3.2 Set up the Clients ...71 5.3.3 Connect the P-793H v2s 72 Part II: Technical Reference 73 Chapter 6 WAN Setup...75 6.1 Overview ...75 6.1.1 What You Can Do in the WAN...
User Guide
Page 15
... ...163 11.2 VPN Setup Screen ...163 11.3 The VPN Edit Screen ...166 11.4 Configuring Advanced IKE Settings 171 11.5 Manual Key Setup ...173 11.5.1 Security Parameter Index (SPI 174 11.6 Configuring Manual Key 174 11.7 Viewing SA Monitor ...177 11.8 Configuring VPN Global Setting 179 11.9 IPSec VPN Technical Reference 179 11... Chapter 13 Static Route ...203 13.1 Overview ...203 13.2 The Static Route Screen 204 13.2.1 Static Route Edit 205 Chapter 14 802.1Q/1P...207 P-793H v2 User's Guide 15
... ...163 11.2 VPN Setup Screen ...163 11.3 The VPN Edit Screen ...166 11.4 Configuring Advanced IKE Settings 171 11.5 Manual Key Setup ...173 11.5.1 Security Parameter Index (SPI 174 11.6 Configuring Manual Key 174 11.7 Viewing SA Monitor ...177 11.8 Configuring VPN Global Setting 179 11.9 IPSec VPN Technical Reference 179 11... Chapter 13 Static Route ...203 13.1 Overview ...203 13.2 The Static Route Screen 204 13.2.1 Static Route Edit 205 Chapter 14 802.1Q/1P...207 P-793H v2 User's Guide 15
User Guide
Page 24
... Security > VPN > Setup ...164 Figure 72 Security > VPN > Setup > Edit 166 Figure 73 Security > VPN > Setup > Edit > Advanced Setup 171 Figure 74 Security > VPN > Setup > Manual Key 174 Figure 75 Security > VPN > Monitor ...178 Figure 76 Security > VPN > Global Setting 179 Figure 77 IPSec Architecture ...180 Figure 78 NAT Router Between... IPSec Encapsulation 183 Figure 80 Two Phases to Set Up the IPSec SA 184 Figure 81 VPN Host using Intranet DNS Server Example 186 24 P-793H v2 User's Guide
... Security > VPN > Setup ...164 Figure 72 Security > VPN > Setup > Edit 166 Figure 73 Security > VPN > Setup > Edit > Advanced Setup 171 Figure 74 Security > VPN > Setup > Manual Key 174 Figure 75 Security > VPN > Monitor ...178 Figure 76 Security > VPN > Global Setting 179 Figure 77 IPSec Architecture ...180 Figure 78 NAT Router Between... IPSec Encapsulation 183 Figure 80 Two Phases to Set Up the IPSec SA 184 Figure 81 VPN Host using Intranet DNS Server Example 186 24 P-793H v2 User's Guide
User Guide
Page 32
... Security > VPN > Setup ...164 Table 42 Security > VPN > Setup > Edit 166 Table 43 Security > VPN > Setup > Edit > Advanced Setup 171 Table 44 Security > VPN > Setup > Manual Key 175 Table 45 Security > VPN > Monitor ...178 Table 46 Security > VPN > Global Setting 179 Table 47 VPN and NAT ...181 Table 48 VPN and... > System > General 265 Table 79 Maintenance > System > Time Setting 266 Table 80 Maintenance > Logs > View Log 270 Table 81 Maintenance > Logs > Log Settings 272 32 P-793H v2 User's Guide
... Security > VPN > Setup ...164 Table 42 Security > VPN > Setup > Edit 166 Table 43 Security > VPN > Setup > Edit > Advanced Setup 171 Table 44 Security > VPN > Setup > Manual Key 175 Table 45 Security > VPN > Monitor ...178 Table 46 Security > VPN > Global Setting 179 Table 47 VPN and NAT ...181 Table 48 VPN and... > System > General 265 Table 79 Maintenance > System > Time Setting 266 Table 80 Maintenance > Logs > View Log 270 Table 81 Maintenance > Logs > Log Settings 272 32 P-793H v2 User's Guide
User Guide
Page 58
... access. Follow the directions in the wizard and enter your Internet setup information as provided to you still cannot connect, click Manually configure your connection type. 3a The following screen appears if a connection is not detected. Figure 14 Auto Detection: No DSL Connection 58... by your hardware connections and click Restart the INTERNET SETUP Wizard to return to the wizard welcome screen. Figure 13 Wizard Welcome 3 Your P-793H v2 attempts to detect your DSL connection and your Internet connection. Chapter 4 Internet Setup Wizard 2 Click INTERNET SETUP to configure the system for...
... access. Follow the directions in the wizard and enter your Internet setup information as provided to you still cannot connect, click Manually configure your connection type. 3a The following screen appears if a connection is not detected. Figure 14 Auto Detection: No DSL Connection 58... by your hardware connections and click Restart the INTERNET SETUP Wizard to return to the wizard welcome screen. Figure 13 Wizard Welcome 3 Your P-793H v2 attempts to detect your DSL connection and your Internet connection. Chapter 4 Internet Setup Wizard 2 Click INTERNET SETUP to configure the system for...
User Guide
Page 59
Figure 15 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 16 Auto Detection: Failed P-793H v2 User's Guide 59 Click Next and refer to Section 4.2.1 on page 60 on how to manually configure the P-793H v2 for Internet access. Then click Next. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type.
Figure 15 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 16 Auto Detection: Failed P-793H v2 User's Guide 59 Click Next and refer to Section 4.2.1 on page 60 on how to manually configure the P-793H v2 for Internet access. Then click Next. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type.
User Guide
Page 60
... the Encapsulation drop-down list box if your ISP give you one IP address and you . Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-793H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen...The following table describes the fields in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 60 P-793H v2 User's Guide Choices vary depending on the P-793H v2. If you were not given information. Leave the defaults in any fields for which you select Routing in this screen...
... the Encapsulation drop-down list box if your ISP give you one IP address and you . Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-793H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen...The following table describes the fields in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 60 P-793H v2 User's Guide Choices vary depending on the P-793H v2. If you were not given information. Leave the defaults in any fields for which you select Routing in this screen...
User Guide
Page 80
...the ISP assigns you a different one each time you do not want to configure DNS servers. This option is available if you want the P-793H v2 to use as a default for outgoing traffic (remote node 1). Connection (PPPoA and PPPoE encapsulation only) Nailed-Up Connection Select Nailed-Up Connection...is disconnected. 80 P-793H v2 User's Guide If you chose User-Defined, but leave the IP address set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you must have their DNS server addresses manually configured. Select None if...
...the ISP assigns you a different one each time you do not want to configure DNS servers. This option is available if you want the P-793H v2 to use as a default for outgoing traffic (remote node 1). Connection (PPPoA and PPPoE encapsulation only) Nailed-Up Connection Select Nailed-Up Connection...is disconnected. 80 P-793H v2 User's Guide If you chose User-Defined, but leave the IP address set a second choice to User-Defined, and enter the same IP address, the second User-Defined changes to None after you must have their DNS server addresses manually configured. Select None if...
User Guide
Page 107
... you do not want to configure DNS servers. DNS Server DNS Servers The P-793H v2 passes a DNS (Domain Name System) server IP Assigned by DHCP address to have their DNS server addresses manually configured. Enter the IP address of a computer in this case. When a computer... on your ISP dynamically assigns DNS server information (and the P-793H v2's WAN IP address). Chapter 7 LAN Setup The following items...
... you do not want to configure DNS servers. DNS Server DNS Servers The P-793H v2 passes a DNS (Domain Name System) server IP Assigned by DHCP address to have their DNS server addresses manually configured. Enter the IP address of a computer in this case. When a computer... on your ISP dynamically assigns DNS server information (and the P-793H v2's WAN IP address). Chapter 7 LAN Setup The following items...
User Guide
Page 112
...server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is extremely important because without it, you must be manually configured. If you turn DHCP service off, you must have another DHCP server on your LAN computers. 7.6.3 DNS Server Addresses DNS (Domain...server extensions through IPCP and relays the response back to the computer. When a computer sends a DNS query to the P-793H v2, the P-793H v2 acts as a server, the P-793H v2 provides the TCP/IP configuration for the DHCP clients (DHCP Pool). Do not assign static IP addresses from a server...
...server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is extremely important because without it, you must be manually configured. If you turn DHCP service off, you must have another DHCP server on your LAN computers. 7.6.3 DNS Server Addresses DNS (Domain...server extensions through IPCP and relays the response back to the computer. When a computer sends a DNS query to the P-793H v2, the P-793H v2 acts as a server, the P-793H v2 provides the TCP/IP configuration for the DHCP clients (DHCP Pool). Do not assign static IP addresses from a server...
User Guide
Page 163
... Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. P-793H v2 User's Guide 163 Chapter 11 VPN You can initiate SAs. This may be static. In this case only the remote secure gateway can also ...the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. The P-793H v2 has to allow access for configuration examples). The Secure Gateway IP Address may be configured as the secure gateway's address.
... Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as 0.0.0.0 only when using DDNS. P-793H v2 User's Guide 163 Chapter 11 VPN You can initiate SAs. This may be static. In this case only the remote secure gateway can also ...the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. The P-793H v2 has to allow access for configuration examples). The Secure Gateway IP Address may be configured as the secure gateway's address.
User Guide
Page 167
..., but not both the same. When the Local Address Type field is configured to the remote IPSec router's configured remote IP addresses. Select IKE or Manual from the drop-down list box. The local IP addresses must correspond to Single, enter a (static) IP address on the VPN by their (private)... IPSec VPN) Select this check box if you have the same negotiation mode. You may use the VPN tunnel. Manual is configured to find other computers and servers on the LAN behind your P-793H v2. If there is a (static) IP address on the LAN behind your P793H v2. Local A DNS server ...
..., but not both the same. When the Local Address Type field is configured to the remote IPSec router's configured remote IP addresses. Select IKE or Manual from the drop-down list box. The local IP addresses must correspond to Single, enter a (static) IP address on the VPN by their (private)... IPSec VPN) Select this check box if you have the same negotiation mode. You may use the VPN tunnel. Manual is configured to find other computers and servers on the LAN behind your P-793H v2. If there is a (static) IP address on the LAN behind your P793H v2. Local A DNS server ...
User Guide
Page 173
...the Active Protocol field. Select Tunnel mode or Transport mode from the drop-down list box. Click Apply to save your changes. 11.5 Manual Key Setup Manual key management is useful if you use the same secret key, which can be used to set up a tunnel without saving your changes ...back to the P-793H v2 and return to 3,000,000 seconds (almost 35 days). Authentication Algorithm SA Life Time (Seconds) Select NULL to authenticate packet ...
...the Active Protocol field. Select Tunnel mode or Transport mode from the drop-down list box. Click Apply to save your changes. 11.5 Manual Key Setup Manual key management is useful if you use the same secret key, which can be used to set up a tunnel without saving your changes ...back to the P-793H v2 and return to 3,000,000 seconds (almost 35 days). Authentication Algorithm SA Life Time (Seconds) Select NULL to authenticate packet ...
User Guide
Page 174
This data allows for the multiplexing of SAs to the local VPN gateway. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 11.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. The local ... the same IPSec protocol. The SPI is transmitted from the remote VPN gateway to a single gateway. Figure 74 Security > VPN > Setup > Manual Key 174 P-793H v2 User's Guide This is the VPN Setup - Chapter 11 VPN 11.5.1 Security Parameter Index (SPI) An SPI is used to establish the ...
This data allows for the multiplexing of SAs to the local VPN gateway. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 11.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. The local ... the same IPSec protocol. The SPI is transmitted from the remote VPN gateway to a single gateway. Figure 74 Security > VPN > Setup > Manual Key 174 P-793H v2 User's Guide This is the VPN Setup - Chapter 11 VPN 11.5.1 Security Parameter Index (SPI) An SPI is used to establish the ...
User Guide
Page 175
... option for a single IP address. You can have the local and remote IP address(es) both . Manual is configured to specify IP addresses on the LAN behind your P-793H v2. The P-793H v2 assigns this additional DNS server to Single, enter a (static) IP address on the LAN behind your... drops trailing spaces. P-793H v2 User's Guide 175 Chapter 11 VPN The following table describes the fields in this VPN policy. Table 44 Security > VPN > Setup > Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to Range, enter the end (static) IP address, in this...
... option for a single IP address. You can have the local and remote IP address(es) both . Manual is configured to specify IP addresses on the LAN behind your P-793H v2. The P-793H v2 assigns this additional DNS server to Single, enter a (static) IP address on the LAN behind your... drops trailing spaces. P-793H v2 User's Guide 175 Chapter 11 VPN The following table describes the fields in this VPN policy. Table 44 Security > VPN > Setup > Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to Range, enter the end (static) IP address, in this...
User Guide
Page 176
...specify IP addresses on a network by AH. End / Subnet Mask When the Remote Address Type field is configured as 0.0.0.0: The P-793H v2 uses the current P-793H v2 WAN IP address (static or dynamic) to use ESP (Encapsulation Security Payload). The following applies if this field is configured to... When the Remote Address Type field is configured to set up the VPN tunnel. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must know the same secret key, which you're making the VPN connection. When the Remote...
...specify IP addresses on a network by AH. End / Subnet Mask When the Remote Address Type field is configured as 0.0.0.0: The P-793H v2 uses the current P-793H v2 WAN IP address (static or dynamic) to use ESP (Encapsulation Security Payload). The following applies if this field is configured to... When the Remote Address Type field is configured to set up the VPN tunnel. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must know the same secret key, which you're making the VPN connection. When the Remote...
User Guide
Page 177
... to a specific VPN tunnel. A Security Association (SA) is generally considered stronger than MD5, but trailing spaces are truncated. See Section P-793H v2 User's Guide 177 Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure ... active VPN connections. Use Refresh to display and manage active VPN connections. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Use this screen...
... to a specific VPN tunnel. A Security Association (SA) is generally considered stronger than MD5, but trailing spaces are truncated. See Section P-793H v2 User's Guide 177 Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure ... active VPN connections. Use Refresh to display and manage active VPN connections. Chapter 11 VPN Table 44 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no inbound traffic, the SA times out automatically after two minutes. Use this screen...
User Guide
Page 180
The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in both data 180 P-793H v2 User's Guide Figure 77 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe ... AH protocol in order to set up a VPN. 11.9.2 IPSec and NAT Read this section if you are running IPSec on a host computer behind the P-793H v2. Key Management Key management allows you to determine whether to use of encryption techniques such as follows. NAT is shown as DES (Data Encryption...
The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in both data 180 P-793H v2 User's Guide Figure 77 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe ... AH protocol in order to set up a VPN. 11.9.2 IPSec and NAT Read this section if you are running IPSec on a host computer behind the P-793H v2. Key Management Key management allows you to determine whether to use of encryption techniques such as follows. NAT is shown as DES (Data Encryption...