ZyXEL P-2812HNU-51c User Manual Page 270
- Page / 522
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Chapter 12 IPSec VPN
P-2812HNU-51c User’s Guide
270
• Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2).
• Set the IKE SA lifetime. This field allows you to determine how long an IKE SA
should stay up before it times out. An IKE SA times out when the IKE SA lifetime
period expires. If an IKE SA times out when an IPSec SA is already established,
the IPSec SA stays connected.
In phase 2 you must:
• Choose an encryption algorithm.
• Choose an authentication algorithm
• Choose a Diffie-Hellman public-key cryptography key group.
• Set the IPSec SA lifetime. This field allows you to determine how long the IPSec
SA should stay up before it times out. The P-2812HNU-51c automatically
renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period
expires. If an IPSec SA times out, then the IPSec router must renegotiate the
SA the next time someone attempts to send traffic.
12.5.4 Negotiation Mode
The phase 1 Negotiation Mode you select determines how the Security
Association (SA) will be established for each connection through IKE negotiations.
• Main Mode ensures the highest level of security when the communicating
parties are negotiating authentication (phase 1). It uses 6 messages in three
round trips: SA negotiation, Diffie-Hellman exchange and an exchange of
nonces (a nonce is a random number). This mode features identity protection
(your identity is not revealed in the negotiation).
• Aggressive Mode is quicker than Main Mode because it eliminates several
steps when the communicating parties are negotiating authentication (phase 1).
However the trade-off is that faster speed limits its negotiating power and it also
does not provide identity protection. It is useful in remote access situations
where the address of the initiator is not know by the responder and both parties
want to use pre-shared key authentication.
12.5.5 IPSec and NAT
Read this section if you are running IPSec on a host computer behind the P-
2812HNU-51c.
NAT is incompatible with the AH protocol in both Transport and Tunnel mode.
An IPSec VPN using the AH protocol digitally signs the outbound packet, both data
payload and headers, with a hash value appended to the packet. When using AH
protocol, packet contents (the data payload) are not encrypted.
A NAT device in between the IPSec endpoints will rewrite either the source or
destination address with one of its own choosing. The VPN device at the receiving
end will verify the integrity of the incoming packet by computing its own hash
- P-2812HNU-51c 1
- About This User's Guide 3
- Customer Support 4
- Document Conventions 5
- Icons Used in Figures 6
- Safety Warnings 7
- Contents Overview 10
- P-2812HNU-51c User’s Guide 10
- Table of Contents 11
- User’s Guide 21
- CHAPTER 1 23
- 1.4.1 Internet Access 24
- ADSL / VDSL 25
- 1.4.1.3 3G WAN 26
- 1.4.2 VoIP Internet Calls 27
- 1.4.3 USB File Sharing 27
- 1.4.4 Wireless Connection 28
- 1.5 The RESET Button 29
- 1.6 LEDs (Lights) 30
- Table 1 LED Descriptions 31
- CHAPTER 2 33
- 2.2.2 Configuring the AP 34
- Figure 10 AP: Status 35
- Figure 22 Profile: Activate 42
- Interface Groups 43
- 2.3.1 Configuring PVCs 44
- Chapter 2 Tutorials 46
- Chapter 2 Tutorials 51
- Management from the WAN 60
- DSL Connections Status 69
- 2.4.3 Testing the Connection 71
- CHAPTER 3 73
- Figure 23 Password Screen 74
- Figure 24 Main Screen 74
- 3.2.1 Navigation Panel 75
- LINK TAB FUNCTION 76
- 3.2.2 Main Window 78
- 3.2.3 Status Bar 78
- Technical Reference 79
- CHAPTER 4 81
- 4.2 Status Screen 82
- Table 7 Status Screen 83
- 4.2.1 3G Status: NeedPIN 87
- 4.2.2 3G Status: NeedPUK 88
- 4.2.3 WAN Service Statistics 89
- 4.2.4 Route Info 90
- Chapter 4 Status Screens 91
- 4.3 VoIP Status 92
- Table 12 VoIP Status 93
- 4.3.1 WLAN Station List 94
- 4.3.2 LAN Statistics 95
- 4.3.3 Client List 96
- CHAPTER 5 97
- 5.2 What You Need to Know 99
- Table 17 NAT Types 100
- 5.3 Before You Begin 101
- Table 18 Layer 2 Interface 102
- Chapter 5 WAN Setup 103
- Chapter 5 WAN Setup 104
- LABEL DESCRIPTION 104
- 5.5.1.1 WAN Interface 108
- 5.5.1.2 Service Type 109
- PPPoE or PPPoA 111
- Configuration screen 114
- 5.5.1.5 Default Gateway 118
- 5.5.1.6 DNS Server 119
- 5.6 The 3G Backup Screen 122
- Figure 50 3G Backup 123
- Table 30 3G Backup 123
- 5.7 Technical Reference 125
- RFC 1483 126
- Multiplexing 126
- Traffic Shaping 127
- ATM Traffic Classes 128
- IP Address Assignment 128
- Full Cone NAT 129
- Restricted Cone NAT 129
- Port Restricted Cone NAT 130
- Symmetric NAT 131
- Introduction to VLANs 132
- Multicast 133
- DNS Server Address Assignment 133
- 3G Comparison Table 135
- CHAPTER 6 137
- 6.2 What You Need To Know 138
- 6.3 The LAN IP Screen 139
- Table 32 LAN > IP 140
- 6.4 The LAN IPv6 Screen 142
- 6.5 Technical Reference 143
- DHCP Setup 144
- IP Pool Setup 144
- LAN TCP/IP 144
- IP Address and Subnet Mask 144
- Private IP Addresses 145
- IP Alias 146
- Ethernet 147
- Interface 147
- Chapter 6 LAN Setup 148
- CHAPTER 7 149
- 7.2 What You Need to Know 150
- Network Names 151
- Radio Channels 151
- Wireless Security 151
- 7.3 Before You Begin 152
- 7.4 The General Screen 153
- Chapter 7 Wireless LAN 154
- 7.4.1 No Security 155
- 7.4.2 WEP Encryption 156
- 7.4.3 WPA(2)-PSK 157
- 7.4.4 WPA(2) Authentication 158
- Chapter 7 Wireless LAN 159
- 7.4.5 MAC Filter 160
- 7.5 The More AP Screen 162
- 7.6 The WPS Screen 163
- 7.7 The WPS Station Screen 165
- 7.8 The WDS Screen 166
- 7.11 Technical Reference 171
- 7.11.3.1 SSID 173
- 7.11.3.2 MAC Address Filter 173
- 7.11.3.3 User Authentication 174
- 7.11.3.4 Encryption 174
- 7.11.4 WiFi Protected Setup 175
- 7.11.4.2 PIN Configuration 176
- Figure 77 How WPS works 179
- REGISTRARENROLLEE 180
- SECURITY INFO 180
- REGISTRAR 180
- ENROLLEE 180
- EXISTING CONNECTION 180
- CHAPTER 8 183
- Port Forwarding 184
- 8.4 The Trigger Port Screen 187
- Computer 188
- Real Audio Server 188
- Figure 84 Trigger Port 189
- Table 52 NAT Trigger Port 189
- 8.5 The DMZ Host Screen 192
- 8.6 The ALG Screen 192
- 8.7 Technical Reference 193
- Port Forwarding Example 194
- CHAPTER 9 195
- SIP Accounts 196
- How to Find Out More 196
- 9.2 Before You Begin 197
- 9.3 The SIP Settings Screen 197
- Chapter 9 Voice 198
- Chapter 9 Voice 199
- 9.4.1 Dial Plan Rules 210
- 9.5 The Phone Region Screen 211
- 9.6 The Speed Dial Screen 212
- 9.8 Outgoing Calls Screen 215
- 9.9 Incoming Calls Screen 216
- 9.10 Technical Reference 216
- SIP Identities 217
- SIP Number 217
- SIP Service Domain 217
- SIP Registration 218
- Authorization Requirements 218
- SIP Servers 218
- SIP User Agent 218
- SIP Proxy Server 219
- SIP Redirect Server 219
- SIP Register Server 220
- Pulse Code Modulation 221
- SIP Call Progression 221
- Voice Coding 223
- Listening to Custom Tones 225
- Deleting Custom Tones 225
- Type of Service (ToS) 226
- DiffServ 226
- DSCP and Per-Hop Behavior 226
- 9.10.2.1 The Flash Key 227
- European Call Hold 228
- European Call Waiting 228
- European Call Transfer 229
- European Three-Way Conference 229
- USA Call Hold 230
- USA Call Waiting 230
- USA Call Transfer 230
- USA Three-Way Conference 230
- CHAPTER 10 233
- 10.1.2 What You Need to Know 234
- 10.1.3 Before You Begin 235
- Chapter 10 File Sharing 238
- CHAPTER 11 239
- 11.2 What You Need to Know 240
- 11.3 Before You Begin 240
- 11.4 The Print Server Screen 241
- Figure 106 Printers Folder 242
- 11.6.1 Mac OS 10.3 and 10.4 245
- 13 Open the Utilities folder 246
- Figure 116 Utilities Folder 247
- 11.6.2 Mac OS 10.5 and 10.6 248
- Figure 120 Mac OS X HD 249
- Figure 124 Print & Fax 250
- Figure 125 Add Printer 251
- Figure 126 Printer List 251
- USB Printers 252
- CHAPTER 12 253
- 12.2 What You Need to Know 254
- 12.3 The IPSec Screen 255
- Chapter 12 IPSec VPN 257
- Chapter 12 IPSec VPN 258
- 12.3.2 Manual Key Setup 261
- 12.4 Viewing VPN Status 266
- 12.5.1 IPSec Architecture 267
- 12.5.2 Encapsulation 268
- 12.5.3 IKE Phases 269
- 12.5.4 Negotiation Mode 270
- 12.5.5 IPSec and NAT 270
- Table 77 VPN and NAT 271
- 12.5.7 ID Type and Content 272
- 12.5.8 Pre-Shared Key 274
- CHAPTER 13 275
- 13.3 The Firewall Screen 276
- Chapter 13 Firewall 277
- Chapter 13 Firewall 280
- CHAPTER 14 281
- Table 86 Local Certificates 282
- 14.3.2 Import Certificate 284
- Chapter 14 Certificate 285
- 14.3.3 Certificate Details 286
- 14.4 The Trusted CA Screen 289
- Figure 146 Trusted CA 290
- Table 91 Trusted CA 290
- Table 92 Trusted CA: View 291
- 2812HNU-51c 292
- CHAPTER 15 293
- 15.2 The Static Route Screen 294
- 15.2.1 Static Route Edit 295
- Chapter 15 Static Route 296
- CHAPTER 16 297
- Chapter 16 Policy Forwarding 299
- Chapter 16 Policy Forwarding 300
- CHAPTER 17 301
- 17.2 The DNS Route Screen 302
- 17.2.1 DNS Route Edit 303
- Chapter 17 DNS Route 304
- CHAPTER 18 305
- Table 100 Advanced > RIP 306
- CHAPTER 19 307
- 19.2 What You Need to Know 308
- Traffic Policing 309
- Figure 158 QoS General 310
- Table 101 QoS General 310
- 19.4 The Queue Setup Screen 311
- 19.4.1 Adding a QoS Queue 312
- Figure 161 QoS Class Setup 314
- Table 104 QoS Class Setup 314
- 19.5.1 QoS Class Edit 315
- 19.6.1 Adding a QoS Policer 320
- 19.7 The QoS Monitor Screen 323
- 19.8 Technical Reference 324
- IP Precedence 325
- Token Bucket 327
- Two Rate Three Color Marker 328
- CHAPTER 20 329
- 20.3 The Dynamic DNS Screen 330
- CHAPTER 21 331
- Figure 167 TR-069 332
- Table 112 TR-069 332
- 21.3 The TR-064 Screen 333
- 21.4 The SNMP Screen 334
- Figure 169 SNMP 335
- Table 115 SNMP 335
- Figure 170 Service Control 336
- Table 116 Service Control 336
- 21.6 The IP Address Screen 337
- 21.6.1 Adding an IP Address 338
- CHAPTER 22 339
- 22.3 The UPnP Screen 340
- 22.4.1 Windows 7 341
- 22.4.2 Windows XP 342
- Networking Services 343
- System Tray Icon 345
- Network Co nnections 347
- CHAPTER 23 349
- 23.2.1 Adding a Schedule 350
- 23.3 The URL Filter Screen 351
- 23.3.1 Adding URL Filter 352
- CHAPTER 24 353
- Figure 179 Interface Group 354
- Chapter 24 Interface Group 355
- Chapter 24 Interface Group 358
- CHAPTER 25 359
- CHAPTER 26 363
- Chapter 26 System Settings 365
- Chapter 26 System Settings 366
- CHAPTER 27 367
- 27.3 The Log Settings Screen 368
- Chapter 27 Logs 370
- CHAPTER 28 371
- 28.2 The Firmware Screen 372
- Figure 191 Error Message 373
- Backup Configuration 374
- Restore Configuration 375
- 28.4 The Restart Screen 376
- Chapter 28 Tools 377
- Chapter 28 Tools 378
- CHAPTER 29 379
- 29.4 The 802.1ag Screen 381
- Chapter 29 Diagnostic 382
- CHAPTER 30 385
- I forgot the password 386
- 30.3 Internet Access 388
- 30.4 Phone Calls and VoIP 391
- 30.5 USB Device Connection 391
- 30.7 UPnP 392
- Chapter 30 Troubleshooting 394
- CHAPTER 31 395
- 31.2 Firmware Specifications 396
- STANDARD DESCRIPTION 399
- APPENDIX A 401
- The Command Line Interface 402
- Command Syntax and Parameters 402
- APPENDIX B 417
- Windows XP/NT/2000 418
- Properties 419
- Verifying Settings 420
- Windows Vista 421
- Windows 7 425
- Mac OS X: 10.3 and 10.4 429
- Mac OS X: 10.5 and 10.6 432
- Linux: Ubuntu 8 (GNOME) 435
- Linux: openSUSE 10.3 (KDE) 440
- APPENDIX C 445
- JavaScripts 448
- Java Permissions 450
- JAVA (Sun) 451
- Mozilla Firefox 452
- APPENDIX D 455
- Subnet Masks 456
- Network Size 457
- Notation 458
- Subnetting 458
- Example: Four Subnets 460
- Example: Eight Subnets 461
- Subnet Planning 462
- Configuring IP Addresses 462
- IP Address Conflicts 464
- APPENDIX E 467
- Figure 228 RTS/CTS 470
- Fragmentation Threshold 471
- Preamble Type 471
- IEEE 802.11g Wireless LAN 471
- Wireless Security Overview 472
- IEEE 802.1x 472
- Types of RADIUS Messages 473
- Types of EAP Authentication 474
- Dynamic WEP Key Exchange 475
- WPA and WPA2 476
- User Authentication 477
- Security Parameters Summary 480
- Antenna Overview 481
- Antenna Characteristics 481
- Types of Antennas for WLAN 481
- Positioning Antennas 482
- APPENDIX F 483
- Link-local Address 484
- Global Address 484
- Unspecified Address 484
- Loopback Address 484
- Multicast Address 484
- Subnet Masking 485
- Interface ID 485
- Stateless Autoconfiguration 486
- Identity Association 486
- DHCP Relay Agent 487
- Prefix Delegation 487
- Multicast Listener Discovery 488
- Appendix F IPv6 492
- APPENDIX G 493
- Appendix G Common Services 494
- Appendix G Common Services 495
- APPENDIX H 497
- GNU GENERAL PUBLIC LICENSE 502
- The MIT License 507
- OpenSSL License 508
- Original SSLeay License 509
- APPENDIX I 511
- Industry Canada Statement 512
- IMPORTANT NOTE 513
- Notices 513
- ZyXEL Limited Warranty 514
Related products and manuals for Networking ZyXEL P-2812HNU-51c
Networking ZyXEL ZYWALL P1 User Manual
(72 pages)
(72 pages)
Networking ZyXEL zyxel Prestige100 User Manual
(130 pages)
(130 pages)
Networking ZyXEL P-660HW-T1 User Manual
(465 pages)
(465 pages)
Networking ZyXEL P-660R-11V3 User Manual
(222 pages)
(222 pages)
Networking ZyXEL 3G User Manual
(88 pages)
(88 pages)
Networking ZyXEL NWA-3160 User Manual
(372 pages)
(372 pages)
Networking ZyXEL ZyAIR G-160 User Manual
(59 pages)
(59 pages)
Networking ZyXEL 802.11g User Manual
(496 pages)
(496 pages)
Networking ZyXEL GS-4012F/4024 User Manual
(326 pages)
(326 pages)
Networking ZyXEL AMG1202-T10A User Manual
(12 pages)
(12 pages)
Networking ZyXEL PMG1006-B20A User Manual
(34 pages)
(34 pages)
Networking ZyXEL G-162 User Manual
(72 pages)
(72 pages)
Networking ZyXEL P-660RU-Tx User Manual
(238 pages)
(238 pages)
Networking ZyXEL ZyAIR G210H User Manual
(100 pages)
(100 pages)
Networking ZyXEL ZYAIR B-500 User Manual
(14 pages)
(14 pages)
Networking ZyXEL ZyWALL SSL 10 User Manual
(97 pages)
(97 pages)
Networking ZyXEL NWA3160 User Manual
(314 pages)
(314 pages)
Networking ZyXEL 802.11g User Manual
(19 pages)
(19 pages)
Networking ZyXEL 802.11g User Manual
(13 pages)
(13 pages)
© 2020, manymanuals.com. All rights reserved. | 0.633 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals