ZyXEL Prestige 202H User Manual

Prestige 202H ISDN Router User’s Guide Version 3.40 August 2003

Prestige 202H User’s Guide x Table of Contents Chapter 13 Introducing the Prestige Firewall...

Prestige 202H User’s Guide 10-8 Dial-in Setup dial-in user profile for each telecommuter. Additionally, you need to configure the Default Dial-in Use

Prestige 202H User’s Guide Dial-in Setup 10-9 Configuring Menu 13: Figure 10-6 Configuring Menu 13 for Remote Access Configuring Menu 14.1 F

Prestige 202H User’s Guide 10-10 Dial-in Setup 10.7 LAN-to-LAN Server Application Example Your Prestige can also be used as a dial-in server for LAN-

Prestige 202H User’s Guide Dial-in Setup 10-11 LAN 1 Figure 10-9 LAN 1 LAN-to-LAN Application LAN 2 Figure 10-10 LAN 2 LAN-to-LAN Application Go to

Prestige 202H User’s Guide 10-12 Dial-in Setup Figure 10-11 Testing Callback With Your Connection 10.7.2 Configuring With CLID in LAN-to-LAN Applicat

Prestige 202H User’s Guide Dial-in Setup 10-13 Prestige on LAN 2 Figure 10-12 Callback With CLID Configuration Menu 13 Figure 10-13 Configuring CLI

Prestige 202H User’s Guide 10-14 Dial-in Setup Go to Menu 24.8 (Prestige on LAN 2) and type "sys trcl call" to test your connection with ca

Prestige 202H User’s Guide Dial-in Setup 11-1 Chapter 11 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prest

Prestige 202H User’s Guide 11-2 Dial-in Setup 11.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from

Prestige 202H User’s Guide Dial-in Setup 11-3 Figure 11-1 How NAT Works 11.1.4 NAT Application The following figure illustrates a possible NAT app

Prestige 202H User’s Guide Table of Contents xi 18.5 Example Filter...

Prestige 202H User’s Guide 11-4 Dial-in Setup Figure 11-2 NAT Application With IP Alias 11.1.5 NAT Mapping Types NAT supports five types of IP/port

Prestige 202H User’s Guide Dial-in Setup 11-5 5. Server: This type allows you to specify inside servers of different services behind the NAT to be

Prestige 202H User’s Guide 11-6 Dial-in Setup 1. Choose SUA Only if you have just one public WAN IP address for your Prestige. 2. Choose Full Feature

Prestige 202H User’s Guide Dial-in Setup 11-7 Figure 11-4 Applying NAT to the Remote Node Table 11-3 Applying NAT to the Remote Node FIELD DESCRIPT

Prestige 202H User’s Guide 11-8 Dial-in Setup Figure 11-5 Menu 15 NAT Setup 11.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Map

Prestige 202H User’s Guide Dial-in Setup 11-9 Figure 11-7 Menu 15.1.255 SUA Address Mapping Rules Table 11-4 Menu 15.1.255 SUA Address Mapping Rule

Prestige 202H User’s Guide 11-10 Dial-in Setup screen. Note also that the [?] in the Set Name field means that this is a required field and you must

Prestige 202H User’s Guide Dial-in Setup 11-11 Table 11-5 Fields in Menu 15.1.1 FIELD DESRIPTION EXAMPLE Action The default is Edit. Edit means you

Prestige 202H User’s Guide 11-12 Dial-in Setup Table 11-6 Menu 15.1.1.1 Address Mapping Rule FIELD DESCRIPTION EXAMPLE Type Press [SPACE BAR] and t

Prestige 202H User’s Guide Dial-in Setup 11-13 In addition to the servers for specified services, NAT supports a default server. A service request

Prestige 202H User’s Guide xii Table of Contents 23.3 Applying Schedule Sets ...

Prestige 202H User’s Guide 11-14 Dial-in Setup Step 2. Enter 2 to display Menu 15.2 - NAT Server Sets as shown next. Figure 11-10 Menu 15.2 NAT Serv

Prestige 202H User’s Guide Dial-in Setup 11-15 Step 6. Press [ENTER] at the “Press ENTER to confirm …” prompt to save your configuration after you

Prestige 202H User’s Guide 11-16 Dial-in Setup Figure 11-13 NAT Example 1 Figure 11-14 Menu 4 Internet Access & NAT Example From menu 4,

Prestige 202H User’s Guide Dial-in Setup 11-17 11.5.2 Example 2: Internet Access with an Inside Server Figure 11-15 NAT Example 2 In this case, yo

Prestige 202H User’s Guide 11-18 Dial-in Setup Figure 11-16 Menu 15.2 Specifying an Inside Server 11.5.3 Example 3: Multiple Public IP Addresses With

Prestige 202H User’s Guide Dial-in Setup 11-19 Figure 11-17 NAT Example 3 Step 1. In this case you need to configure Address Mapping Set 1 from M

Prestige 202H User’s Guide 11-20 Dial-in Setup Figure 11-18 Example 3: Menu 11.3 The following figure shows how to configure the first rule Figure

Prestige 202H User’s Guide Dial-in Setup 11-21 Figure 11-20 Example 3: Final Menu 15.1.1 Step 7. Menu 15.1.1 should look as above. Now configur

Prestige 202H User’s Guide 11-22 Dial-in Setup 11.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping usi

Prestige 202H User’s Guide Dial-in Setup 11-23 Figure 11-22 Example 4: Menu 15.1.1.1 Address Mapping Rule After you’ve configured your rule, you sh

Prestige 202H User’s Guide Table of Contents xiii 27.1 SA Monitor Overview...

Firewall III Part III: Firewall This part introduces firewalls in general and the Prestige firewall. It also explains customized services and

Prestige 202H User’s Guide Firewalls 12-1 Chapter 12 Firewalls This chapter gives some background information on firewalls and explains how to get s

Prestige 202H User’s Guide 12-2 Firewalls i. Information hiding prevents the names of internal systems from being made known via DNS to outside syst

Prestige 202H User’s Guide Firewalls 12-3 Figure 12-1 Prestige Firewall Application 12.4 Denial of Service Denials of Service (DoS) attacks are a

Prestige 202H User’s Guide 12-4 Firewalls Table 12-1 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 12.4.2 Types of DoS Attacks

Prestige 202H User’s Guide Firewalls 12-5 Figure 12-2 Three-Way Handshake Under normal circumstances, the application that initiates a session send

Prestige 202H User’s Guide 12-6 Firewalls 2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the t

Prestige 202H User’s Guide Firewalls 12-7 Table 12-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP comm

Prestige 202H User’s Guide 12-8 Firewalls  Denies all sessions originating from the WAN to the LAN. Figure 12-5 Stateful Inspection The previous f

Prestige 202H User’s Guide Firewalls 12-9 access list entry is designed to permit inbound packets of the same connection as the outbound packet just

Prestige 202H User’s Guide xiv List of Figures List of Figures Figure 1-1 Internet Access Application...

Prestige 202H User’s Guide 12-10 Firewalls 12.5.3 TCP Security The Prestige uses state information embedded in TCP packets. The first packet of any n

Prestige 202H User’s Guide Firewalls 12-11 work properly, this connection must be allowed to pass through even though a connection from the Internet

Prestige 202H User’s Guide 12-12 Firewalls 3. Never give out a password or any sensitive information to an unsolicited telephone call or e-mail. 4.

Prestige 202H User’s Guide Firewalls 12-13 3. To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific insid

Prestige 202H User’s Guide Introducing the Prestige Firewall 13-1 Chapter 13 Introducing the Prestige Firewall This chapter shows you how to get st

Prestige 202H User’s Guide 13-2 Introducing the Prestige Firewall Figure 13-2 Menu 21.2 Firewall Setup Configure the firewall rules using the web

Prestige 202H User’s Guide Introducing the Prestige Firewall 13-3 Table 13-1 View Firewall Log FIELD DESCRIPTION EXAMPLES # This is the index num

Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-1 Chapter 14 Configuring Firewall with the Web Configurator This chapt

Prestige 202H User’s Guide List of Figures xv Figure 6-6 Menu 3.2.1 IP Alias Setup...

Prestige 202H User’s Guide 14-2 Configuring Firewall with the Web Configurator Figure 14-2 Firewall Functions The following table describes the fi

Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-3 Table 14-1 Predefined Services Rule Summary Click this link to set

Prestige 202H User’s Guide 14-4 Configuring Firewall with the Web Configurator 14.3.1 Alerts Alerts are reports on events, such as attacks, that yo

Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-5 The following table describes the fields in this screen. Table 14-2

Prestige 202H User’s Guide 14-6 Configuring Firewall with the Web Configurator 14.3.2 SMTP Error Messages If there are difficulties in sending e-ma

Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-7 Figure 14-5 E-mail Log 14.4 Attack Alert Attack alerts are real-tim

Prestige 202H User’s Guide 14-8 Configuring Firewall with the Web Configurator 2. The minimum capacity of server backlog in your LAN network. 3.

Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-9 2. If the Blocking Time timeout is greater than 0, then the Prestige

Prestige 202H User’s Guide 14-10 Configuring Firewall with the Web Configurator Table 14-4 Attack Alert Denial of Service Thresholds One Minute Low

Prestige 202H User’s Guide Configuring Firewall with the Web Configurator 14-11 Table 14-4 Attack Alert TCP Maximum Incomplete This is the number

Prestige 202H User’s Guide xvi List of Figures Figure 11-1 How NAT Works ...

Prestige 202H User’s Guide Creating Custom Rules 15-1 Chapter 15 Creating Custom Rules This chapter contains instructions for defining both Local N

Prestige 202H User’s Guide 15-2 Creating Custom Rules 2. Is the intent of the rule to forward or block traffic? 3. What is the direction connecti

Prestige 202H User’s Guide Creating Custom Rules 15-3 Source Address What is the connection’s source address; is it on the LAN or WAN? Is it a sing

Prestige 202H User’s Guide 15-4 Creating Custom Rules 15.3.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connectio

Prestige 202H User’s Guide Creating Custom Rules 15-5 Figure 15-3 Firewall Rules Summary: First Screen Table 15-1 Firewall Rules Summary: First Sc

Prestige 202H User’s Guide 15-6 Creating Custom Rules Table 15-1 Firewall Rules Summary: First Screen FIELD DESCRIPTION EXAMPLE The following field

Prestige 202H User’s Guide Creating Custom Rules 15-7 Table 15-2 Predefined Services SERVICE DESCRIPTION AIM(TCP:5190) AOL’s Internet Messenger se

Prestige 202H User’s Guide 15-8 Creating Custom Rules Table 15-2 Predefined Services NNTP(TCP:119) Network News Transport Protocol is the deliver

Prestige 202H User’s Guide Creating Custom Rules 15-9 Table 15-2 Predefined Services TACACS(UDP:49) Login Host Protocol used for (Terminal Access

Prestige 202H User’s Guide List of Figures xvii Figure 12-5 Stateful Inspection...

Prestige 202H User’s Guide 15-10 Creating Custom Rules Figure 15-4 Creating/Editing A Firewall Rule The following table describes the fields in th

Prestige 202H User’s Guide Creating Custom Rules 15-11 Table 15-3 Creating/Editing A Firewall Rule FIELD DESCRIPTION EXAMPLE Source Address: Click

Prestige 202H User’s Guide 15-12 Creating Custom Rules Figure 15-5 Adding/Editing Source and Destination Addresses The following table describes t

Prestige 202H User’s Guide Creating Custom Rules 15-13 15.6.1 Configuring Timeout Values The factors influencing choices for timeout values are the

Prestige 202H User’s Guide 15-14 Creating Custom Rules Idle Timeout This is the length of time of inactivity a TCP connection remains open before

Prestige 202H User’s Guide Customized Services 16-1 Chapter 16 Customized Services This chapter covers creating, viewing and editing custom servic

Prestige 202H User’s Guide 16-2 Customized Services The following table describes the fields in this screen. Table 16-1 Customized Services FIELD DES

Prestige 202H User’s Guide Customized Services 16-3 The next table describes the fields in this screen. Table 16-2 Creating/Editing A Custom Port F

Prestige 202H User’s Guide 16-4 Customized Services Figure 16-3 Configure Source IP Step 5. Click Edit Available Service in the edit rule screen an

Prestige 202H User’s Guide Customized Services 16-5 Step 5. Follow the procedures outlined earlier in this chapter to configure all your rules. Co

Prestige 202H User’s Guide xviii List of Figures Figure 18-5 NetBIOS_WAN Filter Rules Summary...

Prestige 202H User’s Guide 16-6 Customized Services Step 6. On completing the configuration procedure for these Internet firewall rules, the Rule Su

Prestige 202H User’s Guide Firewall Logs 17-1 Chapter 17 Firewall Logs This chapter contains information about using the log screen to view the res

Prestige 202H User’s Guide 17-2 Firewall Logs The following table describes the fields in this screen. Table 17-1 Log Screen FIELD DESCRIPTION EXAMP

Advanced Management IV Part IV: Advanced Management This part discusses Filtering, SNMP, System Information and Diagnosis, Firmware and Config

Prestige 202H User’s Guide Filter Configuration 18-1 Chapter 18 Filter Configuration This chapter shows you how to create and apply filters. 18.1 F

Prestige 202H User’s Guide 18-2 Filter Configuration Figure 18-1 Outgoing Packet Filtering Process Two sets of factory filter rules have been conf

Prestige 202H User’s Guide Filter Configuration 18-3 StartFetch FirstFilter SetFetch FirstFilter RuleActive?ExecuteFilter RuleFetch NextFilter Rule

Prestige 202H User’s Guide 18-4 Filter Configuration For incoming packets, your Prestige applies data filters only. Packets are processed dependin

Prestige 202H User’s Guide Filter Configuration 18-5 Figure 18-4 Menu 21.1 Filter Set Configuration Step 3. Select the filter set you wish to conf

Prestige 202H User’s Guide List of Figures xix Figure 21-1 Menu 24.5 System Maintenance – Backup Configuration ...

Prestige 202H User’s Guide 18-6 Filter Configuration Figure 18-5 NetBIOS_WAN Filter Rules Summary Figure 18-6 NetBIOS _LAN Filter Rules Summary Me

Prestige 202H User’s Guide Filter Configuration 18-7 Figure 18-7 Telnet WAN Filter Rules Summary Figure 18-8 FTP_WAN Filter Rules Summary 18.2.1

Prestige 202H User’s Guide 18-8 Filter Configuration TABLE 18-1 FILTER RULES SUMMARY MENU ABBREVIATIONS FIELD DESCRIPTION # The filter rule numbe

Prestige 202H User’s Guide Filter Configuration 18-9 18.3 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.x – F

Prestige 202H User’s Guide 18-10 Filter Configuration Figure 18-9 Menu 21.1.7.1 TCP/IP Filter Rule Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIE

Prestige 202H User’s Guide Filter Configuration 18-11 Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Port # Type the destin

Prestige 202H User’s Guide 18-12 Filter Configuration Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Action Not Matched Sel

Prestige 202H User’s Guide Filter Configuration 18-13 Packetinto IP FilterMatchedMatchedYesAction MatchedAction Not MatchedMore?NoFilter Active?Che

Prestige 202H User’s Guide 18-14 Filter Configuration 18.3.2 Generic Filter Rule This section shows you how to configure a generic filter rule. Th

Prestige 202H User’s Guide Filter Configuration 18-15 Table 18-4 Menu 21.1.5.1 Generic Filter Rule FIELD DESCRIPTION EXAMPLE Filter Type Press [SP

Prestige 202H User’s Guide ii Copyright Copyright Copyright © 2003 by ZyXEL Communications Corporation. The contents of this publication may not be r

Prestige 202H User’s Guide xx List of Figures Figure 22-8 Menu 24: System Maintenance...

Prestige 202H User’s Guide 18-16 Filter Configuration 18.4 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rul

Prestige 202H User’s Guide Filter Configuration 18-17 Figure 18-13 Sample Telnet Filter Step 1. Enter 21 from the main menu to open Menu 21 - Fil

Prestige 202H User’s Guide 18-18 Filter Configuration Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make

Prestige 202H User’s Guide Filter Configuration 18-19 When you press [ENTER] to confirm, the following screen appears. Note that there is only one

Prestige 202H User’s Guide 18-20 Filter Configuration Table 18-5 Filter Sets Table FILTER SETS DESCRIPTION Input Filter Sets: Apply filters for

Prestige 202H User’s Guide Filter Configuration 18-21 Figure 18-17 Filtering Remote Node Traffic Menu 11.5 - Remote Nod

Prestige 202H User’s Guide SNMP Configuration 19-1 Chapter 19 SNMP Configuration This chapter explains SNMP Configuration menu 22. 19.1 SNMP Overvi

Prestige 202H User’s Guide 19-2 SNMP Configuration An agent is a management software module that resides in a managed device (the Prestige). An agent

Prestige 202H User’s Guide SNMP Configuration 19-3 Figure 19-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration para

Prestige 202H User’s Guide List of Tables xxi List of Tables Table 2-1 LED Functions...

Prestige 202H User’s Guide 19-4 SNMP Configuration Table 19-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION 1 coldStart (defined in RFC-1215) A trap is

Prestige 202H User’s Guide System Information and Diagnosis 20-1 Chapter 20 System Information and Diagnosis This chapter covers the information a

Prestige 202H User’s Guide 20-2 System Information and Diagnosis Figure 20-2 Menu 24.1 System Maintenance Status Table 20-1 Menu 24.1 System Maint

Prestige 202H User’s Guide System Information and Diagnosis 20-3 Table 20-1 Menu 24.1 System Maintenance Status FIELD DESCRIPTION Own CLID Shows y

Prestige 202H User’s Guide 20-4 System Information and Diagnosis Figure 20-3 Menu 24.2 System Information and Console Port Speed 20.3.1 System Inf

Prestige 202H User’s Guide System Information and Diagnosis 20-5 Table 20-2 Menu 24.2.1 System Maintenance Information FIELD DESCRIPTION IP Address

Prestige 202H User’s Guide 20-6 System Information and Diagnosis Figure 20-6 Menu 24.3 System Maintenance Log and Trace Step 3. Enter 1 from Menu

Prestige 202H User’s Guide System Information and Diagnosis 20-7 Figure 20-8 Menu 24.3.2 System Maintenance Unix Syslog You need to configure the

Prestige 202H User’s Guide 20-8 System Information and Diagnosis Table 20-3 Menu 24.3.2 System Maintenance Unix Syslog FIELD DESCRIPTION Firewall l

Prestige 202H User’s Guide System Information and Diagnosis 20-9 3. Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_

Prestige 202H User’s Guide xxii List of Tables Table 11-3 Applying NAT to the Remote Node...

Prestige 202H User’s Guide 20-10 System Information and Diagnosis Figure 20-9 Menu 24.3.3 System Maintenance Accounting Server FIELD DESCRIPTION EX

Prestige 202H User’s Guide System Information and Diagnosis 20-11 Figure 20-10 Menu 24.3.4 Call Triggering Packet. 20.7 Diagnostic The diagnostic

Prestige 202H User’s Guide 20-12 System Information and Diagnosis Menu 24.4 - System Maintenance – Diagnostic ISDN

Prestige 202H User’s Guide System Information and Diagnosis 20-13 Table 20-4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Internet Setup T

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-1 Chapter 21 Firmware and Configuration File Maintenance This chapter tel

Prestige 202H User’s Guide 21-2 Firmware and Configuration File Maintenance Table 21-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-3 21.2.1 Backup Configuration Follow the instructions as shown in the nex

Prestige 202H User’s Guide 21-4 Firmware and Configuration File Maintenance Figure 21-2 FTP Session Example 21.2.4 GUI-based FTP Clients The follow

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-5 3. There is already another remote management session of the same type

Prestige 202H User’s Guide List of Tables xxiii Table 19-1 Menu 22 SNMP Configuration ...

Prestige 202H User’s Guide 21-6 Firmware and Configuration File Maintenance 21.2.8 GUI-based TFTP Clients The following table describes some of the

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-7 Step 2. The following screen indicates that the Xmodem download has st

Prestige 202H User’s Guide 21-8 Firmware and Configuration File Maintenance WARNING! DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANE

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-9 Step 8. Enter “quit” to exit the ftp prompt. The Prestige will automat

Prestige 202H User’s Guide 21-10 Firmware and Configuration File Maintenance Figure 21-11 Restore Configuration Example Step 4. After a successful

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-11 Figure 21-13 - System Maintenance Upload Firmware Enter 1 in menu 24.7

Prestige 202H User’s Guide 21-12 Firmware and Configuration File Maintenance You can see the following screen when you enter 2 in menu 24.7. Figure

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-13 21.4.4 FTP Session Example of Firmware File Upload Figure 21-16 FTP Se

Prestige 202H User’s Guide 21-14 Firmware and Configuration File Maintenance 21.4.6 TFTP Upload Command Example The following is an example TFTP co

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-15 21.4.9 Example Xmodem Firmware Upload Using HyperTerminal Click Transf

Prestige 202H User’s Guide xxiv List of Tables Table 26-11 Telecommuter and Headquarters Configuration Example ...

Prestige 202H User’s Guide 21-16 Firmware and Configuration File Maintenance Figure 21-19 Menu 24.7.2 as Seen Using the Console Port Step 2. After

Prestige 202H User’s Guide Firmware and Configuration File Maintenance 21-17 Figure 21-20 Example Xmodem Upload After the configuration upload pro

Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-1 Chapter 22 SMT Menus 24.8 to 24.10 This chapter leads you through System Maintenance SMT m

Prestige 202H User’s Guide 22-2 SMT Menus 24.8 to 24.10 Menu 24.9 - System Maintenance - Call Control 1. Call Control Parameters 2. Black List 3.

Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-3 Menu 24.9.1 - Call Control Parameters Dialer Timeout:

Prestige 202H User’s Guide 22-4 SMT Menus 24.8 to 24.10 Menu 24.9.2 - Blacklist Phone Number 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14

Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-5 hours, meaning no budget control. You can reset the accumulated connection time in this men

Prestige 202H User’s Guide 22-6 SMT Menus 24.8 to 24.10 Table 22-3 Menu 24.9.4 Call History FIELD DESCRIPTION Phone Number This is the telephone

Prestige 202H User’s Guide SMT Menus 24.8 to 24.10 22-7 Enter 10 to go to Menu 24.10 - System Maintenance - Time and Date Setting to update the tim

Prestige 202H User’s Guide Preface xxv Preface Congratulations on your purchase of the Prestige 202H ISDN router. About This User's Manual Th

Prestige 202H User’s Guide 22-8 SMT Menus 24.8 to 24.10 Table 22-4 Time and Date Setting Fields FIELD DESCRIPTION Time Server Address Enter the IP

Prestige 202H User’s Guide Call Scheduling 23-1 Chapter 23 Call Scheduling Call scheduling allows you to dictate when a remote node should be calle

Prestige 202H User’s Guide 23-2 Call Scheduling To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] or [DEL] in the

Prestige 202H User’s Guide Call Scheduling 23-3 Table 23-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION OPTIONS Weekday: Day If you selected We

Prestige 202H User’s Guide 23-4 Call Scheduling Figure 23-3 Applying Schedule Set(s) Menu 11.1 - Remote Node Profile Rem Node Name= ? Edit PPP

Prestige 202H User’s Guide Remote Management 24-1 Chapter 24 Remote Management This chapter provides information on configuring remote management (

Prestige 202H User’s Guide 24-2 Remote Management  Use the Prestige’s LAN IP address when configuring from the LAN. 24.1.3 System Timeout There is

Prestige 202H User’s Guide Remote Management 24-3 Figure 24-2 Remote Management The following table describes the labels in this screen. Table 24-1

Prestige 202H User’s Guide Introduction to VPN/IPSec 25-1 Chapter 25 Introduction to VPN/IPSec This chapter introduces the basics of IPSec VPNs.

Prestige 202H User’s Guide xxvi Preface • A single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER] means the Enter

Prestige 202H User’s Guide 25-2 Introduction to VPN/IPSec Figure 25-1 Encryption and Decryption  Data Confidentiality The IPSec sender can encry

Prestige 202H User’s Guide Introduction to VPN/IPSec 25-3 Figure 25-2 VPN Application 25.2 IPSec Architecture The overall IPSec architecture is sh

Prestige 202H User’s Guide 25-4 Introduction to VPN/IPSec Figure 25-3 IPSec Architecture 25.2.1 IPSec Algorithms The ESP (Encapsulating Security P

Prestige 202H User’s Guide Introduction to VPN/IPSec 25-5 25.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunne

Prestige 202H User’s Guide 25-6 Introduction to VPN/IPSec 25.4 IPSec and NAT Read this section if you are running IPSec on a host computer behind

Prestige 202H User’s Guide VPN/IPSec Setup 26-1 Chapter 26 VPN/IPSec Setup This chapter shows you how to set up VNP/IPSec on your Prestige. 26.1

Prestige 202H User’s Guide 26-2 VPN/IPSec Setup From the main menu, enter 27 to display the first VPN/IPSec menu (shown next). Figure 26-2 Menu 27 VP

Prestige 202H User’s Guide VPN/IPSec Setup 26-3 Table 26-1 AH and ESP ESP AH Select DES for minimal security and 3DES for maximum. Select NULL to s

Prestige 202H User’s Guide 26-4 VPN/IPSec Setup 26.4.1 Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and d

Prestige 202H User’s Guide VPN/IPSec Setup 26-5 Menu 27.1 – IPSec Summary # Name A Local Addr Start - Local Addr End Encap IPSec Algorithm

Getting Started I Part I: Getting Started This part is structured as a step-by-step guide to help you connect, install and setup your router to

Prestige 202H User’s Guide 26-6 VPN/IPSec Setup Table 26-2 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Local Addr End When the Addr Type field

Prestige 202H User’s Guide VPN/IPSec Setup 26-7 Table 26-2 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Remote Addr Start When the Addr Type f

Prestige 202H User’s Guide 26-8 VPN/IPSec Setup Table 26-2 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Select Rule Type the VPN rule index num

Prestige 202H User’s Guide VPN/IPSec Setup 26-9 Table 26-3 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= IP Type the IP address of you

Prestige 202H User’s Guide 26-10 VPN/IPSec Setup Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2 Peer ID content: [email protected]

Prestige 202H User’s Guide VPN/IPSec Setup 26-11 Figure 26-5 Menu 27.1.1 IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE

Prestige 202H User’s Guide 26-12 VPN/IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Local

Prestige 202H User’s Guide VPN/IPSec Setup 26-13 Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Secure Gateway Addr Type the WAN IP a

Prestige 202H User’s Guide 26-14 VPN/IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End Enter a port number in this field

Prestige 202H User’s Guide VPN/IPSec Setup 26-15 Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End Enter a port number in this fiel

Prestige 202H User’s Guide 26-16 VPN/IPSec Setup Figure 26-6 Two Phases to Set Up the IPSec SA In phase 1 you must:  Choose a negotiation mode.  A

Prestige 202H User’s Guide VPN/IPSec Setup 26-17 especially when used with "main mode" IKE and a group pre-shared key as described above.

Prestige 202H User’s Guide 26-18 VPN/IPSec Setup 26.11 Configuring IKE Settings This may be unnecessary for data that does not require such security

Prestige 202H User’s Guide VPN/IPSec Setup 26-19 Table 26-8 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLEEncryption Algorithm When DES is used

Prestige 202H User’s Guide 26-20 VPN/IPSec Setup Table 26-8 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLEPerfect Forward Secrecy (PFS) Perfect Fo

Prestige 202H User’s Guide VPN/IPSec Setup 26-21 Figure 26-8 Menu 27.1.1.2 Manual Setup Table 26-10 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EX

Prestige 202H User’s Guide 26-22 VPN/IPSec Setup Table 26-10 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Key Enter the authentication key t

Prestige 202H User’s Guide VPN/IPSec Setup 26-23 Table 26-11 Telecommuter and Headquarters Configuration Example TELECOMMUTER HEADQUARTERS My IP

Prestige 202H User’s Guide 26-24 VPN/IPSec Setup 26.13.2 Telecommuters Using Unique VPN Rules Example With aggressive negotiation mode (see section

Prestige 202H User’s Guide SA Monitor 27-1 Chapter 27 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu

Prestige 202H User’s Guide Getting to Know Your Prestige 1-1 Chapter 1 Getting to Know Your Prestige This chapter covers the key features and main

Prestige 202H User’s Guide 27-2 SA Monitor Table 27-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EXAMPLE # This is the security association index numbe

Prestige 202H User’s Guide IPSec Log 28-1 Chapter 28 IPSec Log This chapter interprets common IPSec log messages. 28.1 IPSec Logs To view the IPSec a

Prestige 202H User’s Guide 28-2 IPSec Log Figure 28-2 Example VPN Responder IPSec Log This menu is useful for troubleshooting. A log index number, th

Prestige 202H User’s Guide IPSec Log 28-3 Table 28-1 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Start Phase 2: Quick Mode Phase 2 negotia

Prestige 202H User’s Guide 28-4 IPSec Log The following table shows sample log messages during packet transmission. Table 28-2 Sample IPSec Logs Duri

Prestige 202H User’s Guide IPSec Log 28-5 Table 28-3 RFC-2408 ISAKMP Payload TypesLOG DISPLAY PAYLOAD TYPE NONCE Nonce NOTFY Notification DEL Delete

Appendices and Index V Part V: Appendices and Index This part provides appendices and an index of key terms.

Prestige 202H User’s Guide Troubleshooting A Appendix A Troubleshooting This Appendix covers potential problems and the corresponding remedies. Pro

Prestige 202H User’s Guide B Troubleshooting Problems With the ISDN Line Chart 2 Troubleshooting the ISDN Line PROBLEM CORRECTIVE ACTION The ISDN in

Prestige 202H User’s Guide FCC iii Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Op

Prestige 202H User’s Guide 1-2 Getting to Know Your Prestige Auto-negotiating 10/100 Mbps Ethernet LAN The LAN interfaces automatically detect if the

Prestige 202H User’s Guide Troubleshooting C Problems Connecting to a Remote Node or ISP Chart 4 Troubleshooting a Connection to a Remote Node or IS

Prestige 202H User’s Guide D Troubleshooting Problems With Remote Management Chart 7 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION When NAT is ena

Prestige 202H User’s Guide Power Adaptor Specifications E Appendix B Power Adapter Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Mo

Prestige 202H User’s Guide F Power Adapter Specifications EUROPEAN PLUG STANDARDS AC Power Adapter Model DV-121AACCP-5716 Input Power AC230Volts/

Prestige 202H User’s Guide Index G Index Number 4-Port Switch ... 1-1 A Action for Matched Packets

Prestige 202H User’s Guide H Index Customer Support ... vi D data compression...

Prestige 202H User’s Guide Index I Activating... 13-1 Address Type...

Prestige 202H User’s Guide J Index Logging ...1-3 Logging Option...

Prestige 202H User’s Guide Index K Remote Node ... 8-1, 8-8, 20-2, 20-12 Remote Node Profile...

Prestige 202H User’s Guide L Index T Target Utility ...8-7 TCP Maximum Incomplete ... 14-8,

Prestige 202H User’s Guide Getting to Know Your Prestige 1-3 Outgoing Data Call Bumping Support Call bumping is a feature that allows the router t

Prestige 202H User’s Guide 1-4 Getting to Know Your Prestige PAP and CHAP Security The router supports PAP (Password Authentication Protocol) and CHA

Prestige 202H User’s Guide Getting to Know Your Prestige 1-5 Figure 1-1 Internet Access Application Internet Single User Account For a SOHO (Sm

Prestige 202H User’s Guide 1-6 Getting to Know Your Prestige 1.3.3 Remote Access Server Your router allows remote users to dial-in and gain access to

Prestige 202H User’s Guide Getting to Know Your Prestige 1-7 Figure 1-4 Secure Internet Access and VPN Application

Prestige 202H User’s Guide Hardware Installation 2-1 Chapter 2 Hardware Installation This chapter shows you how to make the cable connections to y

Prestige 202H User’s Guide 2-2 Hardware Installation 2.2 Rear Panel and Connections The next figure shows the rear panel connectors of your router.

Prestige 202H User’s Guide Hardware Installation 2-3 2.3 Turn On Your Router At this point, you should have connected the console port, the ISDN p

Prestige 202H User’s Guide iv Information for Canadian Users Information for Canadian Users The Industry Canada label identifies certified equipmen

Prestige 202H User’s Guide Introducing the SMT 3-1 Chapter 3 Introducing the SMT This chapter explains how to access the System Management Terminal

Prestige 202H User’s Guide 3-2 Introducing the SMT Please note that if there is no activity for longer than 5 minutes after you log in, the router au

Prestige 202H User’s Guide Introducing the SMT 3-3 Table 3-1 Main Menu Commands OPERATION KEYSTROKES DESCRIPTION N/A fields <N/A> Some of

Prestige 202H User’s Guide 3-4 Introducing the SMT Table 3-2 Main Menu Summary NO. Menu Title FUNCTION 3 Ethernet Setup Use this menu to apply LA

Prestige 202H User’s Guide Introducing the SMT 3-5 Menu 3Ethernet SetupMenu 4Internet Access SetupMenu 11Remote Node SetupMenu 12Static Routing S

Prestige 202H User’s Guide 3-6 Introducing the SMT Figure 3-3 Menu 23.1 System Password Step 2. Enter 1 in Menu 23 to open Menu 23.1 - System Securi

Prestige 202H User’s Guide Introducing the SMT 3-7 speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity, on

Prestige 202H User’s Guide 3-8 Introducing the SMT Step 5. Click Transfer, then Send File to display the following screen. Figure 3-6 Example Xmod

Prestige 202H User’s Guide SMT Menu 1 General Setup 4-1 Chapter 4 SMT Menu 1 General Setup Menu 1 - General Setup contains administrative and syste

Prestige 202H User’s Guide Warranty v ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any

Prestige 202H User’s Guide 4-2 SMT Menu 1 General Setup 4.3 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or

Prestige 202H User’s Guide SMT Menu 1 General Setup 4-3 4.4 Configuring Dynamic DNS To configure Dynamic DNS, go to Menu 1: General Setup and pres

Prestige 202H User’s Guide ISDN Setup 5-1 Chapter 5 ISDN Setup This chapter tells you how to configure the ISDN Setup menus for your Internet conn

Prestige 202H User’s Guide 5-2 ISDN Setup Table 5-1 Menu 2 ISDN Setup FIELD DESCRIPTION ♦ Switch/Unused ♦ Switch/Switch ♦ Switch/Leased ♦ Lease

Prestige 202H User’s Guide ISDN Setup 5-3 PABX Number (with S/T Bus Number) for Loopback Enter the S/T bus number if the router is connected to an

Prestige 202H User’s Guide 5-4 ISDN Setup 5.2.1 Configuring Advanced Setup Figure 5-3 Menu 2 ISDN Setup for DSS1 When you are finished, press [ENTE

Prestige 202H User’s Guide ISDN Setup 5-5 5.3 NetCAPI 5.3.1 Overview Your Prestige supports NetCAPI. NetCAPI is ZyXEL's implementation of CAPI

Prestige 202H User’s Guide 5-6 ISDN Setup The following figure illustrates the configuration used in this example. Figure 5-5 Configuration Exampl

Prestige 202H User’s Guide ISDN Setup 5-7 If you did not install RVS-Lite and want to use other programs such as AVM Fritz to access the ISDN route

Prestige 202H User’s Guide vi Customer Support Customer Support When you contact your customer support representative please have the following infor

Prestige 202H User’s Guide 5-8 ISDN Setup Table 5-2 Configuring NetCAPI FIELD DESCRIPTION Max Number of Registered Users When you want to use NetCAP

Prestige 202H User’s Guide Ethernet Setup 6-1 Chapter 6 Ethernet Setup This chapter shows you how to configure the LAN settings for your Prestige.

Prestige 202H User’s Guide 6-2 Ethernet Setup 6.2 Ethernet TCP/IP and DHCP Server The Prestige has built-in DHCP server capability that assigns IP a

Prestige 202H User’s Guide Ethernet Setup 6-3 6.2.3 Private IP Addresses Every computer on the Internet must have a unique IP address. If your netw

Prestige 202H User’s Guide 6-4 Ethernet Setup 6.2.5 DHCP Configuration DHCP (Dynamic Host Configuration Protocol) allows the individual clients (comp

Prestige 202H User’s Guide Ethernet Setup 6-5 6.3 Configuring TCP/IP Ethernet and DHCP You will now use Menu 3.2-TCP/IP and DHCP Ethernet Setup t

Prestige 202H User’s Guide 6-6 Ethernet Setup Table 6-2 Menu 3.2 TCP/IP and DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE Primary DNS Server Secondar

Prestige 202H User’s Guide Ethernet Setup 6-7 Figure 6-4 Physical Network Î Figure 6-5 Partitioned Logical Networks Use menu 3.2.1 to configure I

Prestige 202H User’s Guide 6-8 Ethernet Setup Table 6-4 IP Menu 3.2.1 – IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias 1 or 2 Choose Yes to config

Prestige 202H User’s Guide Internet Access Setup 7-1 Chapter 7 Internet Access Setup This chapter shows you how to configure your router for Intern

Prestige 202H User’s Guide Table of Contents vii Table of Contents Copyright...

Prestige 202H User’s Guide 7-2 Internet Access Setup 7.2 Internet Access Setup The table following this menu contains instructions on how to configur

Prestige 202H User’s Guide Internet Access Setup 7-3 Table 7-2 Menu 4 Internet Access Setup FIELD DESCRIPTION NAT Choose from None, Full Feature or

Advanced Applications II Part II: Advanced Applications This part describes the advanced applications of your Prestige, such as Remote Node Conf

Prestige 202H User’s Guide Remote Node Configuration 8-1 Chapter 8 Remote Node Configuration This chapter covers the configuration of remote nodes.

Prestige 202H User’s Guide 8-2 Remote Node Configuration Step 2. When Menu 11 appears as shown in the following figure, enter the number of the remo

Prestige 202H User’s Guide Remote Node Configuration 8-3 Table 8-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Node Name This is a

Prestige 202H User’s Guide 8-4 Remote Node Configuration Table 8-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Call Back This field is ap

Prestige 202H User’s Guide Remote Node Configuration 8-5 Table 8-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Telco Options: Transfer

Prestige 202H User’s Guide 8-6 Remote Node Configuration 8.3 Outgoing Authentication Protocol Generally speaking, you should employ the strongest aut

Prestige 202H User’s Guide Remote Node Configuration 8-7 Table 8-2 BTR vs MTR for BOD BTR AND MTR SETTING No. of Channel(s) Used Max No. of Channe

Prestige 202H User’s Guide viii Table of Contents Chapter 4 SMT Menu 1 General Setup...

Prestige 202H User’s Guide 8-8 Remote Node Configuration Menu 11.2 - Remote Node PPP Options Encapsulation= Standard PPP Compression= No BACP= Enable

Prestige 202H User’s Guide Remote Node Configuration 8-9 Table 8-3 Menu 11.2 Remote Node PPP Options Target Utility (Kbps) Enter the two threshold

Prestige 202H User’s Guide 8-10 Remote Node Configuration LAN 1 Setup Figure 8-5 LAN 1 Setup LAN 2 Setup Figure 8-6 LAN 2 Setup Menu 11.1 - Remote No

Prestige 202H User’s Guide Remote Node Configuration 8-11 Additionally, you may also need to define static routes if some services reside beyond th

Prestige 202H User’s Guide 8-12 Remote Node Configuration Menu 11.3 - Remote Node Network Layer Options Rem IP Addr: Rem Subnet

Prestige 202H User’s Guide Remote Node Configuration 8-13 Table 8-6 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Metric Metric repr

Prestige 202H User’s Guide 8-14 Remote Node Configuration Figure 8-7 Sample IP Addresses for LAN-to-LAN Connection 8.9 Configuring Filter Use Menu 1

Prestige 202H User’s Guide Remote Node Configuration 8-15 Figure 8-8 Menu 11.5 Remote Node Filter Menu 11.5 - Remote Node Filter

Prestige 202H User’s Guide Remote Node TCP/IP Configuration 9-1 Chapter 9 Static Route Setup This chapter shows how to set up static routes. 9.1 S

Prestige 202H User’s Guide Table of Contents ix 8.8 Configuring Network Layer Options ...

Prestige 202H User’s Guide 9-2 Remote Node TCP/IP Configuration To configure an IP static route, use Menu 12 – IP Static Route Setup, as displayed

Prestige 202H User’s Guide Remote Node TCP/IP Configuration 9-3 Table 9-1 Menu 12.1 Edit IP Static Route FIELD DESCRIPTION IP Subnet Mask Enter th

Prestige 202H User’s Guide Dial-in Setup 10-1 Chapter 10 Dial-in Setup This chapter shows you how to configure your Prestige to receive calls from

Prestige 202H User’s Guide 10-2 Dial-in Setup 10.3 Setting Up Default Dial-in From the Main Menu, enter 13 to go to Menu 13 – Default Dial-in Setup.

Prestige 202H User’s Guide Dial-in Setup 10-3 Table 10-2 Menu 13 Default Dial-in Setup FIELD DESCRIPTION EXAMPLE Recv Authen This field sets the a

Prestige 202H User’s Guide 10-4 Dial-in Setup Table 10-2 Menu 13 Default Dial-in Setup FIELD DESCRIPTION EXAMPLE Dial-in User If set to Yes, the Pres

Prestige 202H User’s Guide Dial-in Setup 10-5 but not the remote nodes. You can specify up to 4 filter sets separated by comma, e.g., 1, 5, 9, 12,

Prestige 202H User’s Guide 10-6 Dial-in Setup Figure 10-3 Menu 14 Dial-in User Setup Step 2. Select one of the users by number, this will bring you

Prestige 202H User’s Guide Dial-in Setup 10-7 Table 10-3 Edit Dial-in User FIELD DESCRIPTION EXAMPLE Callback This field determines if your Presti