User Guide
Page 3
... Terminal (SMT). Send all User Guide-related comments, questions or suggestions for improvement to help you use e-mail instead. E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 You should have at least a basic knowledge of individual screens and supplementary information. User Guide Feedback Help us help for.... • Web Configurator Online Help Embedded web help you ! About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to www.zyxel.com for additional support documentation and product certifications.
... Terminal (SMT). Send all User Guide-related comments, questions or suggestions for improvement to help you use e-mail instead. E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 You should have at least a basic knowledge of individual screens and supplementary information. User Guide Feedback Help us help for.... • Web Configurator Online Help Embedded web help you ! About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to www.zyxel.com for additional support documentation and product certifications.
User Guide
Page 13
... Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 38
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 55
... and port numbers of packets received for the alert. If you connect your computer directly to the ZyWALL, you must be manually configured. Date/Time This is using a manually entered static (fixed) IP address. DHCP Table Click DHCP Table to dial up . VPN Click ... is the reason for each port. N/A displays when the service subscription has expired. In bridge mode, the ZyWALL cannot get the IP address afresh. ZyWALL 2 Plus User's Guide 55 Message This is the date the category-based content filtering service subscription expires. Latest Alerts This...
... and port numbers of packets received for the alert. If you connect your computer directly to the ZyWALL, you must be manually configured. Date/Time This is using a manually entered static (fixed) IP address. DHCP Table Click DHCP Table to dial up . VPN Click ... is the reason for each port. N/A displays when the service subscription has expired. In bridge mode, the ZyWALL cannot get the IP address afresh. ZyWALL 2 Plus User's Guide 55 Message This is the date the category-based content filtering service subscription expires. Latest Alerts This...
User Guide
Page 60
... manage the list of the trusted CAs. Global Setting Use this screen to view and manage the list of the directory servers. 60 ZyWALL 2 Plus User's Guide Directory Servers Use this screen to change your traffic redirect properties and parameters. Static DHCP Use this screen to configure the...-up connection. WAN Use this screen to view a summary list of the firewall rules, and allows you to configure VPN connections using manual key management and view the rule summary. IP Alias Use this screen to enable content filtering and block certain web features. VPN VPN Rules...
... manage the list of the trusted CAs. Global Setting Use this screen to view and manage the list of the directory servers. 60 ZyWALL 2 Plus User's Guide Directory Servers Use this screen to change your traffic redirect properties and parameters. Static DHCP Use this screen to configure the...-up connection. WAN Use this screen to view a summary list of the firewall rules, and allows you to configure VPN connections using manual key management and view the rule summary. IP Alias Use this screen to enable content filtering and block certain web features. VPN VPN Rules...
User Guide
Page 63
... a call) if you're using PPPoE encapsulation. Refresh Click this port. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 Collisions This is the total time the ZyWALL has been on this port. Read-only information here relates to update all network clients using Ethernet encapsulation and ... DHCP status. RxPkts This is down list box to your LAN, or else the computer must be manually configured. If DHCP service is disabled, you 're using the ZyWALL's DHCP server. The DHCP table shows current DHCP client information (including IP Address, Host Name and MAC...
... a call) if you're using PPPoE encapsulation. Refresh Click this port. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 Collisions This is the total time the ZyWALL has been on this port. Read-only information here relates to update all network clients using Ethernet encapsulation and ... DHCP status. RxPkts This is down list box to your LAN, or else the computer must be manually configured. If DHCP service is disabled, you 're using the ZyWALL's DHCP server. The DHCP table shows current DHCP client information (including IP Address, Host Name and MAC...
User Guide
Page 133
... assigned at the factory and consists of six pairs of hexadecimal characters, for the default IP pool range. You can alternatively have the ZyWALL relay DHCP information from another DHCP server on page 613 for example, 00:A0:C5:00:00:02. See Chapter 46 on your ...1597, Address Allocation for Private Internets and RFC 1466, Guidelines for most networks, unless you must be manually configured. If you disable the ZyWALL's DHCP service, you have another DHCP server. ZyWALL 2 Plus User's Guide 133 RIP Direction controls the sending and receiving of RIP packets. When set to Both ...
... assigned at the factory and consists of six pairs of hexadecimal characters, for the default IP pool range. You can alternatively have the ZyWALL relay DHCP information from another DHCP server on page 613 for example, 00:A0:C5:00:00:02. See Chapter 46 on your ...1597, Address Allocation for Private Internets and RFC 1466, Guidelines for most networks, unless you must be manually configured. If you disable the ZyWALL's DHCP service, you have another DHCP server. ZyWALL 2 Plus User's Guide 133 RIP Direction controls the sending and receiving of RIP packets. When set to Both ...
User Guide
Page 136
...being that they generally do not match those specified in the DHCP Server Address field. Multicasting can reduce the load on the WAN. 136 ZyWALL 2 Plus User's Guide IGMP (Internet Group Multicast Protocol) is set to Both and the Version set using . When set to Relay, fill ... see sections 4 and 5 of the contiguous addresses in order to find a computer on non-router machines since they are instructed by the ZyWALL or manually set to RIP-1. DHCP Setup DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to obtain ...
...being that they generally do not match those specified in the DHCP Server Address field. Multicasting can reduce the load on the WAN. 136 ZyWALL 2 Plus User's Guide IGMP (Internet Group Multicast Protocol) is set to Both and the Version set using . When set to Relay, fill ... see sections 4 and 5 of the contiguous addresses in order to find a computer on non-router machines since they are instructed by the ZyWALL or manually set to RIP-1. DHCP Setup DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to obtain ...
User Guide
Page 154
...Control) address. The MAC address is assigned at the factory and consists of six pairs of www.zyxel.com is 204.217.0.2. DNS Server Address Assignment Use DNS (Domain Name System) to map a ... DNS server addresses in the following three blocks of your ISP gives you DNS server addresses, manually enter them in the form of an information sheet, when you are isolated from the ISP....a small organization and your network administrator for example, 00:A0:C5:00:00:02. 154 ZyWALL 2 Plus User's Guide On the other DNS servers. " Regardless of IP addresses specifically for your ISP ...
...Control) address. The MAC address is assigned at the factory and consists of six pairs of www.zyxel.com is 204.217.0.2. DNS Server Address Assignment Use DNS (Domain Name System) to map a ... DNS server addresses in the following three blocks of your ISP gives you DNS server addresses, manually enter them in the form of an information sheet, when you are isolated from the ISP....a small organization and your network administrator for example, 00:A0:C5:00:00:02. 154 ZyWALL 2 Plus User's Guide On the other DNS servers. " Regardless of IP addresses specifically for your ISP ...
User Guide
Page 167
... RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. ZyWALL 2 Plus User's Guide 167 Dial Backup Port Speed Use the drop-down list box to Both or Out ... Setup screen and edit the details of String your WAN device connected to Both or In Only, the ZyWALL will broadcast its routing table periodically. Chapter 8 WAN Screens Table 36 NETWORK > WAN > Dial Backup ... RIP-2 format; Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 bps. Consult the manual of your ISP for the dial backup connection. TCP/IP Options Get IP Address Type the login name assigned...
... RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. ZyWALL 2 Plus User's Guide 167 Dial Backup Port Speed Use the drop-down list box to Both or Out ... Setup screen and edit the details of String your WAN device connected to Both or In Only, the ZyWALL will broadcast its routing table periodically. Chapter 8 WAN Screens Table 36 NETWORK > WAN > Dial Backup ... RIP-2 format; Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 bps. Consult the manual of your ISP for the dial backup connection. TCP/IP Options Get IP Address Type the login name assigned...
User Guide
Page 169
... a one second wait, for CLID authentication. Answer Type the AT Command string to answer a call . ZyWALL 2 Plus User's Guide 169 Figure 112 NETWORK > WAN > Dial Backup > Edit The following table describes the labels in this..., "~~~+++~~ath" can be used if your dial backup port for specific AT commands. This lets the ZyWALL capture the CLID in the AT response string that precedes the CLID (Calling Line Identification) in the Dial... call. CLID is sent out. Chapter 8 WAN Screens " Consult the manual of your WAN device connected to your modem has a slow response time.
... a one second wait, for CLID authentication. Answer Type the AT Command string to answer a call . ZyWALL 2 Plus User's Guide 169 Figure 112 NETWORK > WAN > Dial Backup > Edit The following table describes the labels in this..., "~~~+++~~ath" can be used if your dial backup port for specific AT commands. This lets the ZyWALL capture the CLID in the AT response string that precedes the CLID (Calling Line Identification) in the Dial... call. CLID is sent out. Chapter 8 WAN Screens " Consult the manual of your WAN device connected to your modem has a slow response time.
User Guide
Page 176
...must be manually configured. See the Static DHCP screen for a list of dynamically assigned IP addresses (and their IP and MAC addresses do not match those specified in the IP Pool Starting Address and Pool Size fields. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) 176 ZyWALL 2 Plus User's... Guide When set to stop the ZyWALL from the Home screen for a list of the IP address pool. DHCP Server Address Type the IP address of the DHCP...
...must be manually configured. See the Static DHCP screen for a list of dynamically assigned IP addresses (and their IP and MAC addresses do not match those specified in the IP Pool Starting Address and Pool Size fields. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) 176 ZyWALL 2 Plus User's... Guide When set to stop the ZyWALL from the Home screen for a list of the IP address pool. DHCP Server Address Type the IP address of the DHCP...
User Guide
Page 186
... information. When set to Server. IP Pool Starting This field specifies the first of IP addresses in the From and To fields. 186 ZyWALL 2 Plus User's Guide DHCP WINS Server 1, 2 Type the IP address of the WINS (Windows Internet Naming Service) server that you want to ...the IP address pool. it recognizes both formats when receiving). Select Relay to RIP-1. These IP addresses are dynamically assigned by the ZyWALL or manually set to have received an IP address from a server. This allows packets even when their corresponding MAC addresses). the difference being ...
... information. When set to Server. IP Pool Starting This field specifies the first of IP addresses in the From and To fields. 186 ZyWALL 2 Plus User's Guide DHCP WINS Server 1, 2 Type the IP address of the WINS (Windows Internet Naming Service) server that you want to ...the IP address pool. it recognizes both formats when receiving). Select Relay to RIP-1. These IP addresses are dynamically assigned by the ZyWALL or manually set to have received an IP address from a server. This allows packets even when their corresponding MAC addresses). the difference being ...
User Guide
Page 244
Reset Click Reset to begin configuring this button to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide Refresh Click this screen. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER > Cache The following table describes the labels in ... URL cache before the URL entry is discarded from the cache. (hour) Modify Click the delete icon to remove the URL entry from the cache manually. Table 63 SECURITY > CONTENT FILTER > Cache LABEL DESCRIPTION URL Cache Setup Maximum TTL Type the maximum time to live (TTL) (1 to which requested ...
Reset Click Reset to begin configuring this button to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide Refresh Click this screen. Chapter 12 Content Filtering Screens Figure 157 SECURITY > CONTENT FILTER > Cache The following table describes the labels in ... URL cache before the URL entry is discarded from the cache. (hour) Modify Click the delete icon to remove the URL entry from the cache manually. Table 63 SECURITY > CONTENT FILTER > Cache LABEL DESCRIPTION URL Cache Setup Maximum TTL Type the maximum time to live (TTL) (1 to which requested ...
User Guide
Page 253
...• Use the SA Monitor screen (see Section 14.3 on page 271) to manage the ZyWALL's list of VPN rules (tunnels) that use IKE SAs. • Use the VPN Rules (Manual) screens (see Section 14.4 on page 256) to transport traffic over the Internet or any insecure...of leased site-to display and manage active VPN connections. Internet Protocol Security (IPSec) is used to manage the ZyWALL's list of VPN rules (tunnels) that use manual keys. ZyWALL 2 Plus User's Guide 253 CHAPTER 14 IPSec VPN Screens 14.1 Overview A virtual private network (VPN) provides secure communications between...
...• Use the SA Monitor screen (see Section 14.3 on page 271) to manage the ZyWALL's list of VPN rules (tunnels) that use IKE SAs. • Use the VPN Rules (Manual) screens (see Section 14.4 on page 256) to transport traffic over the Internet or any insecure...of leased site-to display and manage active VPN connections. Internet Protocol Security (IPSec) is used to manage the ZyWALL's list of VPN rules (tunnels) that use manual keys. ZyWALL 2 Plus User's Guide 253 CHAPTER 14 IPSec VPN Screens 14.1 Overview A virtual private network (VPN) provides secure communications between...
User Guide
Page 257
...authentication, encryption and other state (click Y to change it to N or N to change it to the other settings needed to a remote network. ZyWALL 2 Plus User's Guide 257 A network policy specifies which you do not need (but may want to configure a VPN gateway policy. When you delete a gateway,...recycle bin. You can use again later) to Y). Use this icon to display a screen in which devices (behind the IPSec routers) can also manually move it is the network behind the remote IPsec router. Chapter 14 IPSec VPN Screens Table 64 SECURITY > VPN > VPN Rules (IKE) (continued...
...authentication, encryption and other state (click Y to change it to N or N to change it to the other settings needed to a remote network. ZyWALL 2 Plus User's Guide 257 A network policy specifies which you do not need (but may want to configure a VPN gateway policy. When you delete a gateway,...recycle bin. You can use again later) to Y). Use this icon to display a screen in which devices (behind the IPSec routers) can also manually move it is the network behind the remote IPsec router. Chapter 14 IPSec VPN Screens Table 64 SECURITY > VPN > VPN Rules (IKE) (continued...
User Guide
Page 259
...of the IPSec router with which you configure an active rule with the Primary Remote Gateway field set to 0.0.0.0, the ranges of the ZyWALL. ZyWALL 2 Plus User's Guide 259 If the WAN connection goes down . If you 're making the VPN connection. Enable IPSec High Availability Turn ...NAT traversal with ESP protocol using traffic redirect. Gateway Policy Information My ZyWALL When the ZyWALL is read-only and displays the ZyWALL's IP address. In order to have the ZyWALL use any other active rules with manual key management. In order for more than one ) or leave ...
...of the IPSec router with which you configure an active rule with the Primary Remote Gateway field set to 0.0.0.0, the ranges of the ZyWALL. ZyWALL 2 Plus User's Guide 259 If the WAN connection goes down . If you 're making the VPN connection. Enable IPSec High Availability Turn ...NAT traversal with ESP protocol using traffic redirect. Gateway Policy Information My ZyWALL When the ZyWALL is read-only and displays the ZyWALL's IP address. In order to have the ZyWALL use any other active rules with manual key management. In order for more than one ) or leave ...
User Guide
Page 271
... policy is the VPN policy index number. Manual Key Edit screen is not active. Manual Key - ZyWALL 2 Plus User's Guide 271 Click SECURITY > VPN > VPN Rules (Manual) to Figure 170 on your ZyWALL. You may want to Single Address. In this screen. Manual Key - Figure 176 SECURITY > VPN > VPN Rules (Manual) The following table describes the labels in...
... policy is the VPN policy index number. Manual Key Edit screen is not active. Manual Key - ZyWALL 2 Plus User's Guide 271 Click SECURITY > VPN > VPN Rules (Manual) to Figure 170 on your ZyWALL. You may want to Single Address. In this screen. Manual Key - Figure 176 SECURITY > VPN > VPN Rules (Manual) The following table describes the labels in...
User Guide
Page 272
... delete icon to remove the VPN policy. Manual key management is useful if you want to configure VPN rules that you have problems with IKE key management. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide Chapter 14 IPSec VPN Screens Table... 69 SECURITY > VPN > VPN Rules (Manual) (continued) LABEL DESCRIPTION IPSec Algorithm This field displays the security protocols used for an...
... delete icon to remove the VPN policy. Manual key management is useful if you want to configure VPN rules that you have problems with IKE key management. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide Chapter 14 IPSec VPN Screens Table... 69 SECURITY > VPN > VPN Rules (Manual) (continued) LABEL DESCRIPTION IPSec Algorithm This field displays the security protocols used for an...