User Guide
Page 3
...Industrial Park, Hsinchu, 300, Taiwan. About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to www.zyxel.com for additional support documentation and product certifications. Send all User Guide-related comments, questions or suggestions for improvement ...following address, or use the web configurator to configure the ZyWALL. • Supporting Disk Refer to the included CD for descriptions of TCP/IP networking concepts and topology. E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 You should have at least a basic ...
...Industrial Park, Hsinchu, 300, Taiwan. About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to www.zyxel.com for additional support documentation and product certifications. Send all User Guide-related comments, questions or suggestions for improvement ...following address, or use the web configurator to configure the ZyWALL. • Supporting Disk Refer to the included CD for descriptions of TCP/IP networking concepts and topology. E-mail: techwriters@zyxel.com.tw ZyWALL 2 Plus User's Guide 3 You should have at least a basic ...
User Guide
Page 13
... Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
... Forwarding Screen 268 14.2.4 The Network Policy Move Screen 270 14.3 The VPN Rules (Manual) Screen 271 14.3.1 The VPN Rules (Manual) Edit Screen 272 14.4 The SA Monitor Screen 275 14.5 The Global Setting Screen 275 14.5.1 Configuring the Global Setting Screen 277 14.6 Telecommuter VPN/IPSec Examples 278 ZyWALL 2 Plus User's Guide 13
User Guide
Page 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
... Policy > Port Forwarding 269 Figure 175 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Figure 176 SECURITY > VPN > VPN Rules (Manual 271 Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 Figure 178 SECURITY > VPN > SA Monitor 275 Figure 179 Overlap in a Dynamic VPN Rule 276 Figure 180 Overlap in IP... 316 Figure 208 SECURITY > CERTIFICATES > Trusted Remote Hosts > Import 318 Figure 209 SECURITY > CERTIFICATES > Directory Servers 319 Figure 210 SECURITY > CERTIFICATES > Directory Server > Add 320 ZyWALL 2 Plus User's Guide 29
User Guide
Page 38
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
... Policy > Port Forwarding 269 Table 68 SECURITY > VPN > VPN Rules (IKE) > Move Network Policy 270 Table 69 SECURITY > VPN > VPN Rules (Manual 271 Table 70 SECURITY > VPN > VPN Rules (Manual) > Edit 273 Table 71 SECURITY > VPN > SA Monitor 275 Table 72 SECURITY > VPN > Global Setting 278 Table 73 Telecommuters Sharing One VPN... SECURITY > CERTIFICATES > My Certificates > Export 302 Table 80 SECURITY > CERTIFICATES > My Certificates > Import 304 Table 81 SECURITY > CERTIFICATES > My Certificates > Import: PKCS#12 304 38 ZyWALL 2 Plus User's Guide
User Guide
Page 55
... also need to assign your service subscription. You do not need to change the configuration of the incoming packets. ZyWALL 2 Plus User's Guide 55 DHCP relay displays when the ZyWALL is set to automatically give IP address information to the computers connected to disconnect the PPTP, PPPoE or dial backup... it last started up the PPTP, PPPoE or dial backup connection. Date/Time This is using a manually entered static (fixed) IP address. If you connect your computer directly to the ZyWALL, you can update your computer a static IP address in the View Log screen, such as the ...
... also need to assign your service subscription. You do not need to change the configuration of the incoming packets. ZyWALL 2 Plus User's Guide 55 DHCP relay displays when the ZyWALL is set to automatically give IP address information to the computers connected to disconnect the PPTP, PPPoE or dial backup... it last started up the PPTP, PPPoE or dial backup connection. Date/Time This is using a manually entered static (fixed) IP address. If you connect your computer directly to the ZyWALL, you can update your computer a static IP address in the View Log screen, such as the ...
User Guide
Page 60
...Remote Hosts the trusted remote hosts. Static DHCP Use this screen to partition your anti-probing settings. VPN Rules (Manual) Use this screen to configure VPN connections using manual key management and view the rule summary. IP Alias Use this screen to change the LAN/DMZ/WLAN port ... Summary (continued) LINK TAB FUNCTION WAN Route This screen allows you to view and manage the list of the directory servers. 60 ZyWALL 2 Plus User's Guide Directory Servers Use this screen to configure the threshold for external database content filtering and view reports.
...Remote Hosts the trusted remote hosts. Static DHCP Use this screen to partition your anti-probing settings. VPN Rules (Manual) Use this screen to configure VPN connections using manual key management and view the rule summary. IP Alias Use this screen to change the LAN/DMZ/WLAN port ... Summary (continued) LINK TAB FUNCTION WAN Route This screen allows you to view and manage the list of the directory servers. 60 ZyWALL 2 Plus User's Guide Directory Servers Use this screen to configure the threshold for external database content filtering and view reports.
User Guide
Page 63
... client information (including IP Address, Host Name and MAC Address) of seconds or None from a server. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 RxPkts This is the number of received packets on this port. Collisions This is the number of collisions on this port. Chapter...the WAN and dial backup ports, this displays the port speed and duplex setting if you must be manually configured. Table 7 HOME > Show Statistics LABEL DESCRIPTION Port These are the ZyWALL's interfaces. For the LAN, DMZ and WLAN ports, this port. If DHCP service is the total...
... client information (including IP Address, Host Name and MAC Address) of seconds or None from a server. Figure 11 HOME > DHCP Table ZyWALL 2 Plus User's Guide 63 RxPkts This is the number of received packets on this port. Collisions This is the number of collisions on this port. Chapter...the WAN and dial backup ports, this displays the port speed and duplex setting if you must be manually configured. Table 7 HOME > Show Statistics LABEL DESCRIPTION Port These are the ZyWALL's interfaces. For the LAN, DMZ and WLAN ports, this port. If DHCP service is the total...
User Guide
Page 133
... RIP2B uses subnet broadcasting while RIP-2M uses multicasting. the difference being that the ZyWALL sends (it will ignore any RIP packets and will incorporate the RIP information that are in RIP-2 format; ZyWALL 2 Plus User's Guide 133 Chapter 6 LAN Screens " Regardless of your LAN. when set to...if one router uses multicasting, then all routers on your network must be manually configured. For more information. RIP Version controls the format and the broadcasting method of RIP packets. DHCP The ZyWALL can reduce the load on page 613 for Management of DNS servers to the...
... RIP2B uses subnet broadcasting while RIP-2M uses multicasting. the difference being that the ZyWALL sends (it will ignore any RIP packets and will incorporate the RIP information that are in RIP-2 format; ZyWALL 2 Plus User's Guide 133 Chapter 6 LAN Screens " Regardless of your LAN. when set to...if one router uses multicasting, then all routers on your network must be manually configured. For more information. RIP Version controls the format and the broadcasting method of RIP packets. DHCP The ZyWALL can reduce the load on page 613 for Management of DNS servers to the...
User Guide
Page 136
...RIP-2 format; it recognizes both formats when receiving). If you must have the ZyWALL forward DHCP requests to another DHCP server on non-router machines since they are dynamically assigned by the ZyWALL or manually set to Server. Select Relay to have another DHCP server. When you select None... a LAN. When set to RIP-1. Select None to stop the ZyWALL from devices on the WAN. 136 ZyWALL 2 Plus User's Guide This is done by your LAN, or else the computers must use . However it may sometimes be manually configured. By default, RIP direction is set to Both and the...
...RIP-2 format; it recognizes both formats when receiving). If you must have the ZyWALL forward DHCP requests to another DHCP server on non-router machines since they are dynamically assigned by the ZyWALL or manually set to Server. Select Relay to have another DHCP server. When you select None... a LAN. When set to RIP-1. Select None to stop the ZyWALL from devices on the WAN. 136 ZyWALL 2 Plus User's Guide This is done by your LAN, or else the computers must use . However it may sometimes be manually configured. By default, RIP direction is set to Both and the...
User Guide
Page 154
...vice versa, for instance, the IP address of www.zyxel.com is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. 154 ZyWALL 2 Plus User's Guide For more information on page 365). The ZyWALL can provide you sign up. A DNS server could ...address. always follow the guidelines above. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields. 2 If your ISP dynamically assigns the DNS server IP addresses (along with the ZyWALL's WAN IP address), set the DNS server fields to get the DNS server addresses in...
...vice versa, for instance, the IP address of www.zyxel.com is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. 154 ZyWALL 2 Plus User's Guide For more information on page 365). The ZyWALL can provide you sign up. A DNS server could ...address. always follow the guidelines above. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields. 2 If your ISP dynamically assigns the DNS server IP addresses (along with the ZyWALL's WAN IP address), set the DNS server fields to get the DNS server addresses in...
User Guide
Page 167
... RIP information that it . Dial Backup Port Speed Use the drop-down list box to select the speed of RIP packets. Consult the manual of the RIP packets that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Automatically from the ISP for specific AT commands. Select... within one router uses multicasting, then all routers on RIP (Routing Information Protocol), which allows a router to exchange routing information with other routers. ZyWALL 2 Plus User's Guide 167 Choose RIP-1, RIP-2B or RIP-2M. Both RIP-2B and RIP-2M sends the routing data in the following field. When ...
... RIP information that it . Dial Backup Port Speed Use the drop-down list box to select the speed of RIP packets. Consult the manual of the RIP packets that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Automatically from the ISP for specific AT commands. Select... within one router uses multicasting, then all routers on RIP (Routing Information Protocol), which allows a router to exchange routing information with other routers. ZyWALL 2 Plus User's Guide 167 Choose RIP-1, RIP-2B or RIP-2M. Both RIP-2B and RIP-2M sends the routing data in the following field. When ...
User Guide
Page 169
"~" represents a one second wait, for CLID authentication. Called ID Type the keyword preceding the dialed number. ZyWALL 2 Plus User's Guide 169 Figure 112 NETWORK > WAN > Dial Backup > Edit The following table describes the labels in this check box to display the Advanced ... Type the keyword preceding the connection speed. Chapter 8 WAN Screens " Consult the manual of your WAN device connected to drop a call. Drop DTR When Select this screen. CLID is sent out. This lets the ZyWALL capture the CLID in the AT response string that precedes the CLID (Calling Line ...
"~" represents a one second wait, for CLID authentication. Called ID Type the keyword preceding the dialed number. ZyWALL 2 Plus User's Guide 169 Figure 112 NETWORK > WAN > Dial Backup > Edit The following table describes the labels in this check box to display the Advanced ... Type the keyword preceding the connection speed. Chapter 8 WAN Screens " Consult the manual of your WAN device connected to drop a call. Drop DTR When Select this screen. CLID is sent out. This lets the ZyWALL capture the CLID in the AT response string that precedes the CLID (Calling Line ...
User Guide
Page 176
...to establish membership in a Multicast group - Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) 176 ZyWALL 2 Plus User's Guide If you would like to the RIP multicast address and so will not receive the RIP packets. Unless you must have received an IP... or DHCP Table. Drop packets that do not match those specified in the IP address pool. These IP addresses are instructed by the ZyWALL or manually set to Server. See the DHCP Table available from devices on your LAN, or else the computers must use . Set the...
...to establish membership in a Multicast group - Multicast Select IGMP V-1 or IGMP V-2 or None. IGMP version 2 (RFC 2236) is an improvement over TCP/IP) 176 ZyWALL 2 Plus User's Guide If you would like to the RIP multicast address and so will not receive the RIP packets. Unless you must have received an IP... or DHCP Table. Drop packets that do not match those specified in the IP address pool. These IP addresses are instructed by the ZyWALL or manually set to Server. See the DHCP Table available from devices on your LAN, or else the computers must use . Set the...
User Guide
Page 186
...you select None, you want to send to Relay, fill in the From and To fields. 186 ZyWALL 2 Plus User's Guide Exempt packets in this to RIP-1. Select Relay to have the ZyWALL forward DHCP requests to allow traffic only from devices on the WLAN with source IP addresses within a .../MAC address combinations. The WINS server keeps a mapping table of the computer names on non-router machines since they are instructed by the ZyWALL or manually set to establish membership in a Multicast group - By default, RIP direction is probably adequate for a list of IP addresses in the...
...you select None, you want to send to Relay, fill in the From and To fields. 186 ZyWALL 2 Plus User's Guide Exempt packets in this to RIP-1. Select Relay to have the ZyWALL forward DHCP requests to allow traffic only from devices on the WLAN with source IP addresses within a .../MAC address combinations. The WINS server keeps a mapping table of the computer names on non-router machines since they are instructed by the ZyWALL or manually set to establish membership in a Multicast group - By default, RIP direction is probably adequate for a list of IP addresses in the...
User Guide
Page 244
...Category This field shows the site category to the ZyWALL. URL This is the index number of hours left before discarding it. Reset Click Reset to begin configuring this button to remove the URL entry from the cache manually. Remaining Time This is discarded from the cache. ...(hour) Modify Click the delete icon to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide Refresh Click this screen. URL Cache Entry Flush ...
...Category This field shows the site category to the ZyWALL. URL This is the index number of hours left before discarding it. Reset Click Reset to begin configuring this button to remove the URL entry from the cache manually. Remaining Time This is discarded from the cache. ...(hour) Modify Click the delete icon to clear all web site addresses from the cache. 244 ZyWALL 2 Plus User's Guide Refresh Click this screen. URL Cache Entry Flush ...
User Guide
Page 253
... 14.4 on page 271) to configure a VPN rule that offers flexible solutions for communication. ZyWALL 2 Plus User's Guide 253 You may want to manage the ZyWALL's list of VPN rules (tunnels) that use manual keys. IPSec is used to transport traffic over the Internet or any insecure network that use ...IKE SAs. • Use the VPN Rules (Manual) screens (see Section 14.3 on page 275) to manage the ZyWALL's list of VPN rules (tunnels) that uses TCP/IP for secure data communications across a public network like ...
... 14.4 on page 271) to configure a VPN rule that offers flexible solutions for communication. ZyWALL 2 Plus User's Guide 253 You may want to manage the ZyWALL's list of VPN rules (tunnels) that use manual keys. IPSec is used to transport traffic over the Internet or any insecure network that use ...IKE SAs. • Use the VPN Rules (Manual) screens (see Section 14.3 on page 275) to manage the ZyWALL's list of VPN rules (tunnels) that uses TCP/IP for secure data communications across a public network like ...
User Guide
Page 257
... state (click Y to change it to N or N to change it to Y). The recycle bin appears when you delete a gateway, the ZyWALL automatically moves the associated network policy(ies) to a gateway policy. When you have any network policies that you can associate a network policy to ...network. The gateway policy identifies the IPSec routers at either end of a gateway or network policy. ZyWALL 2 Plus User's Guide 257 A network policy specifies which devices (behind the IPSec routers) can also manually move or edit icon and set it is turned on (Y) or not (N). This field displays ...
... state (click Y to change it to N or N to change it to Y). The recycle bin appears when you delete a gateway, the ZyWALL automatically moves the associated network policy(ies) to a gateway policy. When you have any network policies that you can associate a network policy to ...network. The gateway policy identifies the IPSec routers at either end of a gateway or network policy. ZyWALL 2 Plus User's Guide 257 A network policy specifies which devices (behind the IPSec routers) can also manually move or edit icon and set it is turned on (Y) or not (N). This field displays ...
User Guide
Page 259
... See Section 14.9 on page 283 for you cannot configure any character, including spaces, but not with AH protocol nor with manual key management. You can select My Address and enter the ZyWALL's static WAN IP address (if it has one) or leave the field set to use when the... backup or the LAN IP address when using Transport or Tunnel mode, but the ZyWALL drops trailing spaces. If the WAN connection goes down . When the ZyWALL is read-only and displays the ZyWALL's IP address. ZyWALL 2 Plus User's Guide 259 Chapter 14 IPSec VPN Screens The following table describes the labels in...
... See Section 14.9 on page 283 for you cannot configure any character, including spaces, but not with AH protocol nor with manual key management. You can select My Address and enter the ZyWALL's static WAN IP address (if it has one) or leave the field set to use when the... backup or the LAN IP address when using Transport or Tunnel mode, but the ZyWALL drops trailing spaces. If the WAN connection goes down . When the ZyWALL is read-only and displays the ZyWALL's IP address. ZyWALL 2 Plus User's Guide 259 Chapter 14 IPSec VPN Screens The following table describes the labels in...
User Guide
Page 271
...is displayed twice when the Local Network Address Type field in the VPN - In this screen. Edit screen is configured to Single Address. ZyWALL 2 Plus User's Guide 271 Use this screen to Subnet Address. A (static) IP address and a subnet mask are displayed when the Remote Network Address... the VPN policy index number. Name This field displays the identification name for a graphical representation of computer(s) on your ZyWALL. Table 69 SECURITY > VPN > VPN Rules (Manual) LABEL DESCRIPTION # This is the IP address(es) of VPN rules (tunnels) that this VPN policy is active ...
...is displayed twice when the Local Network Address Type field in the VPN - In this screen. Edit screen is configured to Single Address. ZyWALL 2 Plus User's Guide 271 Use this screen to Subnet Address. A (static) IP address and a subnet mask are displayed when the Remote Network Address... the VPN policy index number. Name This field displays the identification name for a graphical representation of computer(s) on your ZyWALL. Table 69 SECURITY > VPN > VPN Rules (Manual) LABEL DESCRIPTION # This is the IP address(es) of VPN rules (tunnels) that this VPN policy is active ...
User Guide
Page 272
...that you have problems with IKE key management. A window displays asking you to delete the VPN rule. Manual key management is useful if you want to confirm that use manual keys. When a VPN policy is the static WAN IP address of the remote IPSec router. Add ...VPN Rules (Manual) Edit Screen Click the edit icon on the VPN Rules (Manual) screen to edit the VPN policy. Address Modify Click the edit icon to open the following screen. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide Both AH and ESP increase ZyWALL processing requirements ...
...that you have problems with IKE key management. A window displays asking you to delete the VPN rule. Manual key management is useful if you want to confirm that use manual keys. When a VPN policy is the static WAN IP address of the remote IPSec router. Add ...VPN Rules (Manual) Edit Screen Click the edit icon on the VPN Rules (Manual) screen to edit the VPN policy. Address Modify Click the edit icon to open the following screen. Figure 177 SECURITY > VPN > VPN Rules (Manual) > Edit 272 ZyWALL 2 Plus User's Guide Both AH and ESP increase ZyWALL processing requirements ...