ZyXEL Communications P-2802H-I Series, User Manual

Share

Page: 189 / 418

ZyXEL Communications P-2802H-I Series User Manual Download Page 189

Chapter 14 VPN Screens

P-2802H(W)(L)-I Series User’s Guide

189

14.6 Keep Alive

When you initiate an IPSec tunnel with keep alive enabled, the ZyXEL Device automatically
renegotiates the tunnel when the IPSec SA lifetime period expires (see

Section 14.12 on page

for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on”

connection after you initiate it. Both IPSec routers must have a ZyXEL Device-compatible
keep alive feature enabled in order for this feature to work.
If the ZyXEL Device has its maximum number of simultaneous IPSec tunnels connected to it
and they all have keep alive enabled, then no other tunnels can take a turn connecting to the
ZyXEL Device because the ZyXEL Device never drops the tunnels that are already connected.
When there is outbound traffic with no inbound traffic, the ZyXEL Device automatically
drops the tunnel after two minutes.

14.7 VPN, NAT, and NAT Traversal

NAT is incompatible with the AH protocol in both transport

and tunnel

mode. An IPSec VPN

using the AH protocol digitally signs the outbound packet, both data payload and headers,
with a hash value appended to the packet, but a NAT device between the IPSec endpoints
rewrites the source or destination address. As a result, the VPN device at the receiving end
finds a mismatch between the hash value and the data and assumes that the data has been
maliciously altered.

Remote

Address

This is the IP address(es) of computer(s) on the remote network behind the remote

IPSec router.
This field displays

N/A

when the

Secure Gateway Address

field displays

0.0.0.0

. In

this case only the remote IPSec router can initiate the VPN.
The same (static) IP address is displayed twice when the

Remote Address Type

field in the

VPN Setup - Edit

screen is configured to

Single

.

The beginning and ending (static) IP addresses, in a range of computers are

displayed when the

Remote Address Type

field in the

VPN Setup - Edit

screen is

configured to

Range

.

A (static) IP address and a subnet mask are displayed when the

Remote Address

Type

field in the

VPN Setup - Edit

screen is configured to

Subnet

.

Encap.

This field displays

Tunnel

or

Transport

mode (

Tunnel

is the default selection).

IPSec Algorithm This field displays the security protocols used for an SA.

Both

AH

and

ESP

increase ZyXEL Device processing requirements and

communications latency (delay).

Secure

Gateway IP

This is the static WAN IP address or URL of the remote IPSec router. This field

displays

0.0.0.0

when you configure the

Secure Gateway Address

field in the

VPN-

IKE

screen to

0.0.0.0.

Modify

Click the

Edit

icon to go to the screen where you can edit the VPN configuration.

Click the

Remove

icon to remove an existing VPN configuration.

Apply

Click this

to save your changes and apply them to the ZyXEL Device.

Cancel

Click this return your settings to their last saved values.

Table 71

VPN Setup

LABEL

DESCRIPTION

«
...
187
188
189
190
191
...
»

Summary of Contents for P-2802H-I Series

Page 1: ...www zyxel com P 2802H W L I Series VDSL VoIP IAD User s Guide Version 3 70 6 2007 Edition 1...

Page 2: ......

Page 3: ...rk and configuring for Internet access Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information Supporting Disk Refer to the included CD for...

Page 4: ...font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press t...

Page 5: ...Guide 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook comput...

Page 6: ...s device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North Amer...

Page 7: ...Safety Warnings P 2802H W L I Series User s Guide 7...

Page 8: ...Safety Warnings P 2802H W L I Series User s Guide 8...

Page 9: ...Setup 89 Wireless LAN 101 Network Address Translation NAT Screens 117 Voice 129 Firewalls 155 Content Filtering 175 Introduction to IPSec 179 VPN Screens 185 Certificates 211 Static Route 235 Quality...

Page 10: ...Contents Overview P 2802H W L I Series User s Guide 10...

Page 11: ...its for Managing the ZyXEL Device 37 1 4 Applications for the ZyXEL Device 37 1 4 1 Secure Internet Access 37 1 4 2 Wireless LAN Application 38 1 4 3 Making Calls via Internet Telephony Service Provid...

Page 12: ...oIP Wizard Setup 65 Part III Advanced 71 Chapter 5 Status Screens 73 5 1 Status Screen 73 5 2 Any IP Table 76 5 3 WLAN Status W models only 77 5 4 Packet Statistics 77 5 5 VoIP Statistics 79 Chapter 6...

Page 13: ...03 8 2 5 One Touch Intelligent Security Technology OTIST 104 8 3 Additional Wireless Terms 104 8 4 General WLAN Screen 104 8 4 1 No Security 105 8 4 2 WEP Encryption Screen 106 8 4 3 WPA 2 PSK 107 8 4...

Page 14: ...Message Waiting Indication 133 10 2 9 Custom Tones IVR 133 10 3 Quality of Service QoS 134 10 3 1 Type of Service ToS 134 10 3 2 DiffServ 134 10 3 3 VLAN Tagging 135 10 4 SIP Settings Screen 135 10 5...

Page 15: ...11 6 1 Configuring Firewall Rules 163 11 6 2 Customized Services 166 11 6 3 Configuring A Customized Service 166 11 7 Example Firewall Rule 167 11 8 Firewall Thresholds 171 11 8 1 Threshold Values 172...

Page 16: ...3 14 12 IKE Phases 198 14 12 1 Negotiation Mode 199 14 12 2 Diffie Hellman DH Key Groups 199 14 12 3 Perfect Forward Secrecy PFS 200 14 13 Configuring Advanced IKE Settings 200 14 14 Manual Key Setup...

Page 17: ...6 Static Route 235 16 1 Static Route 235 16 2 Configuring Static Route 235 16 2 1 Static Route Edit 236 Chapter 17 Quality of Service QoS 239 17 1 QoS Overview 239 17 1 1 IEEE 802 1Q Tag 239 17 1 2 IP...

Page 18: ...19 8 3 Configuring SNMP 267 19 9 Configuring DNS 268 19 10 Configuring ICMP 269 Chapter 20 Universal Plug and Play UPnP 271 20 1 Introducing Universal Plug and Play 271 20 1 1 How do I know if I m usi...

Page 19: ...Backup Example 310 23 7 3 Configuration Backup Using GUI based FTP Clients 310 23 7 4 Backup Configuration Using TFTP 310 23 7 5 TFTP Command Configuration Backup Example 311 23 7 6 Configuration Back...

Page 20: ...Specifications 325 Part V Appendices and Index 335 Appendix A Setting up Your Computer s IP Address 337 Appendix B Pop up Windows JavaScripts and Java Permissions 349 Appendix C IP Addresses and Subn...

Page 21: ...on with Ethernet 57 Figure 16 Connection Test 58 Figure 17 Connection Test Failed 58 Figure 18 Connection Test Successful 59 Figure 19 Wireless LAN Setup Wizard 1 59 Figure 20 Wireless LAN 60 Figure 2...

Page 22: ...igure 57 OTIST Settings 113 Figure 58 OTIST In Progress on the ZyXEL Device 113 Figure 59 OTIST In Progress on the Wireless Device 113 Figure 60 Start OTIST 113 Figure 61 MAC Address Filter 114 Figure...

Page 23: ...ent Filter Keyword 175 Figure 101 Content Filter Schedule 176 Figure 102 Content Filter Trusted 177 Figure 103 Encryption and Decryption 180 Figure 104 IPSec Architecture 181 Figure 105 Transport and...

Page 24: ...252 Figure 146 Secure and Insecure Remote Management From the WAN 255 Figure 147 HTTPS Implementation 257 Figure 148 Remote Management WWW 258 Figure 149 Security Alert Dialog Box Internet Explorer 2...

Page 25: ...188 Network Temporarily Disconnected 308 Figure 189 Configuration Upload Error 308 Figure 190 Reset Warning Message 308 Figure 191 Reset In Process Message 309 Figure 192 Restart Screen 309 Figure 19...

Page 26: ...Figure 221 Security Settings Java 353 Figure 222 Java Sun 354 Figure 223 Network Number and Host ID 356 Figure 224 Subnetting Example Before Subnetting 358 Figure 225 Subnetting Example After Subnett...

Page 27: ...guration 67 Table 15 Status Screen 74 Table 16 Any IP Table 76 Table 17 WLAN Status 77 Table 18 Packet Statistics 78 Table 19 VoIP Statistics 79 Table 20 Internet Access Setup 85 Table 21 Advanced Int...

Page 28: ...Dial 149 Table 58 Phone Book Incoming Call Policy 151 Table 59 PSTN Line General 153 Table 60 Firewall General 161 Table 61 Firewall Rules 162 Table 62 Firewall Edit Rule 164 Table 63 Customized Servi...

Page 29: ...Traffic Type 239 Table 99 Internal Layer2 and Layer3 QoS Mapping 241 Table 100 QoS General 242 Table 101 Bandwidth Management Rule Setup 243 Table 102 QoS Class Configuration 244 Table 103 QoS Monito...

Page 30: ...ients 311 Table 144 Diagnostic General 315 Table 145 Diagnostic DSL Line 316 Table 146 Hardware Specifications 325 Table 147 Firmware Specifications 325 Table 148 Voice Features 329 Table 149 Wireless...

Page 31: ...Menu 1 General Setup 380 Table 170 Menu 3 380 Table 171 Menu 4 Internet Access Setup 383 Table 172 Menu 12 385 Table 173 Menu 15 SUA Server Setup 389 Table 174 Menu 21 1 Filter Set 1 391 Table 175 Men...

Page 32: ...List of Tables P 2802H W L I Series User s Guide 32...

Page 33: ...33 PART I Introduction Introducing the ZyXEL Device 35 Introducing the Web Configurator 43...

Page 34: ...34...

Page 35: ...r for all data passing between the Internet and LAN You can configure firewall and or content filtering for secure Internet access You can also use QoS to efficiently manage traffic on your network At...

Page 36: ...works over ISDN Integrated Services Digital Network 1 Only use firmware for your ZyXEL Device s specific model Refer to the label on the bottom of your ZyXEL Device All screens displayed in this user...

Page 37: ...totally re configure the ZyXEL Device You could simply restore your last configuration 1 4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited 1 4 1...

Page 38: ...ding 1 4 2 Wireless LAN Application Add a wireless LAN to your existing network without expensive network cables Wireless clients can move freely anywhere in the coverage area and use resources on the...

Page 39: ...sing a SIP proxy server Peer to peer calls are also called Point to Point or IP to IP calls You must know the peer s IP address in order to do this The following figure shows a basic example of how yo...

Page 40: ...WER Green On Your device is receiving power and functioning properly Blinking Your device is rebooting and performing a self test Red On Your device is not ready or there is a malfunction None Off You...

Page 41: ...for three seconds and release it The WLAN LED should flash while the device uses OTIST to send wireless settings to OTIST clients W models only WLAN Green On Your device is ready but is not sending re...

Page 42: ...User s Guide 42 To set the device back to the factory default settings press the RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to bl...

Page 43: ...our device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See Appendix B on page 349 if you need to make s...

Page 44: ...ongly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click Ignore to proceed to the main menu if you do not want to change the pass...

Page 45: ...lick Apply See Chapter 3 on page 53 for more information Click Go to Advanced setup if you want to configure features that are not available in the wizards Select the check box if you always want to g...

Page 46: ...status bar 2 2 1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner The icons provide the following functions A B C D Table 4 Web Configurator...

Page 47: ...and WLAN authentication security settings OTIST Use this screen to assign your wireless security settings to wireless clients MAC Filter Use this screen to configure the ZyXEL Device to give exclusiv...

Page 48: ...is screen to configure a list of addresses of directory servers that contain lists of valid and revoked certificates Advanced Static Route IP Static Route Use this screen to configure IP static routes...

Page 49: ...Setting Use this screen to change your ZyXEL Device s time and date Logs View Log Use this screen to display your device s logs Log Settings Use this screen to select which logs and or immediate aler...

Page 50: ...Chapter 2 Introducing the Web Configurator P 2802H W L I Series User s Guide 50...

Page 51: ...51 PART II Wizard Internet and Wireless Setup Wizard 53 VoIP Wizard And Example 65...

Page 52: ...52...

Page 53: ...d setup screens to configure your system for Internet access with the information given to you by your ISP See the advanced menu chapters for background information on these fields 3 2 Internet Access...

Page 54: ...Click INTERNET WIRELESS SETUP to configure the system for Internet access and wireless connection Figure 12 Wizard Welcome 3 Enter your Internet access information in the wizard screen exactly as you...

Page 55: ...SP Parameters LABEL DESCRIPTION Mode Select Routing default from the drop down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account Select Bri...

Page 56: ...exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password associated with...

Page 57: ...c IP Address Select Static IP Address if your ISP gave you an IP address to use IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the ap...

Page 58: ...ated or click Restart the Internet Wireless Setup Wizard to verify your Internet access settings Figure 17 Connection Test Failed 3 3 Wireless Connection Wizard Setup After you configure the Internet...

Page 59: ...k box to turn on the wireless LAN Enable OTIST Select the check box to enable OTIST if you want to transfer your ZyXEL Device s SSID and WEP or WPA PSK security settings to wireless clients that suppo...

Page 60: ...ces is called a channel Select a channel ID that is not already in use by a neighboring device Security Select Automatically assign a WPA key Recommended only available if you enable OTIST if you want...

Page 61: ...ess LAN setup screen to set up a Pre Shared Key Figure 21 Manually Assign a WPA PSK key The following table describes the labels in this screen 3 3 2 Manually Assign a WEP Key Choose Manually assign a...

Page 62: ...rrect Click Finish to complete and save the wizard setup Table 12 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations...

Page 63: ...ess and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the co...

Page 64: ...Chapter 3 Internet and Wireless Setup Wizard P 2802H W L I Series User s Guide 64...

Page 65: ...ho is also using a VoIP device Make sure your telephone is connected to the PHONE 1 port before you start with our example In the following figure A represents your phone and B represents the phone of...

Page 66: ...ider Your VoIP service provider supplies you with the following information When you are finished click Apply Table 13 Sample SIP Account Information INFORMATION FROM VOIP SERVICE PROVIDER EXAMPLE VAL...

Page 67: ...rver Address Type the IP address or domain name of the SIP server in this field It doesn t matter whether the SIP server is a proxy redirect or register server You can use up to 95 ASCII characters SI...

Page 68: ...IP account registration was successful Click Return to Wizard Main Page if you want to use another configuration wizard Click Go to Advanced Setup page or Finish to close the wizard and go to the main...

Page 69: ...ered they need to provide you with their SIP number You can use your VoIP service provider s dialing plan to call SIP numbers You can also use your VoIP service provider s dialing plan to call regular...

Page 70: ...Chapter 4 VoIP Wizard And Example P 2802H W L I Series User s Guide 70...

Page 71: ...etwork Address Translation NAT Screens 117 Voice 129 Firewalls 155 Content Filtering 175 Introduction to IPSec 179 VPN Screens 185 Certificates 211 Static Route 235 Quality of Service QoS 239 Dynamic...

Page 72: ...72...

Page 73: ...device system resources interfaces LAN and WAN and SIP accounts You can also register and unregister SIP accounts The Status screen also provides detailed information from Any IP and DHCP and statist...

Page 74: ...licable LAN Information IP Address This field displays the current IP address of the ZyXEL Device LAN port Click this to go to the screen where you can change it IP Subnet Mask This field displays the...

Page 75: ...should restart the device See Section 23 6 on page 309 or turn off the device unplug the power for a few seconds Interface Status Interface This column displays each interface the ZyXEL Device has Sta...

Page 76: ...oes not cancel your SIP account but it deletes the mapping between your SIP identity and your IP address or domain name The second field displays Registered If the SIP account is not registered with t...

Page 77: ...so provided are system up time and poll interval s The Poll Interval s field is configurable MAC Address This field displays the MAC address of the computer that is using the ZyXEL Device but is in a...

Page 78: ...m Speed This is the downstream speed of your ZyXEL Device Node Link This field displays the remote node index number and link type Link types are DHCP Ethernet and PPPoE Status This field displays Dow...

Page 79: ...LAN is disabled TxPkts This field displays the number of packets transmitted on this interface RxPkts This field displays the number of packets received on this interface Collisions This is the number...

Page 80: ...if the SIP account has never dialed a number Call Statistics Phone This field displays each phone port in the ZyXEL Device Hook This field indicates whether the phone is on the hook or off the hook On...

Page 81: ...nt the ZyXEL Device to update this screen and click Set Interval Set Interval Click this to make the ZyXEL Device update the screen based on the amount of time you specified in Poll Interval Stop Clic...

Page 82: ...Chapter 5 Status Screens P 2802H W L I Series User s Guide 82...

Page 83: ...rk services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort for...

Page 84: ...ring up the connection when turned on and whenever the connection is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone c...

Page 85: ...time you connect to the Internet Select Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address f...

Page 86: ...eout Apply Click Apply to save the changes Cancel Click Cancel to begin configuring this screen afresh Advanced Setup Click this button to display the Advanced WAN Setup screen and edit more details o...

Page 87: ...escribes the labels in this screen Back Click Back to return to the previous screen Apply Click Apply to save the changes Cancel Click Cancel to begin configuring this screen afresh Table 21 Advanced...

Page 88: ...Chapter 6 WAN Setup P 2802H W L I Series User s Guide 88...

Page 89: ...e area usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 7 4 on page 94 to configure the LAN screens 7 1 1 L...

Page 90: ...DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses enter them in the DNS Server fi...

Page 91: ...sy to remember for instance 192 168 1 1 for your ZyXEL Device but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP...

Page 92: ...pient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network l...

Page 93: ...mputer to the ZyXEL Device and access the Internet The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment In a residential hous...

Page 94: ...IP routing table so it can properly forward packets intended for the computer After all the routing information is updated the computer can access the ZyXEL Device and the Internet as if it is in the...

Page 95: ...d Out Only RIP Version Select the RIP version from RIP 1 RIP 2B and RIP 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a multicast grou...

Page 96: ...sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN Allow between LAN and WAN Select this check box to forward NetBIOS packets from the L...

Page 97: ...ed From ISP if your ISP dynamically assigns DNS server information and the ZyXEL Device s WAN IP address Select UserDefined if you have the IP address of a DNS server Enter the DNS server s IP address...

Page 98: ...name IP Address This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your comput...

Page 99: ...ith the ZyXEL Device itself as the gateway for each LAN network When you use IP alias you can also configure firewall rules to control access between the LAN s logical networks subnets Make sure that...

Page 100: ...broadcast its routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP...

Page 101: ...eless network Figure 48 Example of a Wireless Network The wireless network is the part in the blue circle In this wireless network devices A and B use the access point AP to interact with the other de...

Page 102: ...To get the MAC address for each device in the wireless network see the device s User s Guide or other documentation You can use the MAC address filter to tell the ZyXEL Device which devices are allowe...

Page 103: ...ppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server Therefore there is no authentication Suppose the wireless network has two devices Device A only supports WEP...

Page 104: ...Network Wireless LAN to open the Wireless LAN General screen Table 29 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are...

Page 105: ...change the ZyXEL Device s SSID or WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the ZyXEL De...

Page 106: ...is within range Figure 50 Wireless No Security The following table describes the labels in this screen 8 4 2 WEP Encryption Screen In order to configure and enable WEP encryption click Network Wireles...

Page 107: ...le 32 Wireless Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a Passphrase up to 32 printable characters and click Generate The Zy...

Page 108: ...sswords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS...

Page 109: ...if you want the ZyXEL Device to support WPA and WPA2 simultaneously ReAuthentication Timer in seconds Specify how often wireless stations have to resend usernames and passwords in order to stay conne...

Page 110: ...uthentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password...

Page 111: ...elect a preamble type from the drop down list menu Choices are Long Short or Dynamic The default setting is Long See the appendix for more information 802 11 Mode Select 802 11b Only to allow only IEE...

Page 112: ...creen appears in the ZyXEL Device Table 36 Network Wireless LAN OTIST LABEL DESCRIPTION Setup Key Type a key password 8 ASCII characters long Note If you change the OTIST setup key in the ZyXEL Device...

Page 113: ...nsferring OTIST settings The following screens appear in the ZyXEL Device and in the wireless devices Figure 58 OTIST In Progress on the ZyXEL Device Figure 59 OTIST In Progress on the Wireless Device...

Page 114: ...k Wireless LAN OTIST screen or hold in the RESET button on the ZyXEL Device for three seconds to transfer the settings again 4 If you change the SSID or the keys on the ZyXEL Devices after using OTIST...

Page 115: ...l be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device MAC addresses not listed will be denied access to the ZyXEL Device Set This is the index number of the MAC add...

Page 116: ...Chapter 8 Wireless LAN P 2802H W L I Series User s Guide 116...

Page 117: ...ddress of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers...

Page 118: ...l incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 9 1 3 How NAT Works Each...

Page 119: ...instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload m...

Page 120: ...Table 39 on page 120 Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device 9 3 NAT Ge...

Page 121: ...ions such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sess...

Page 122: ...9 4 1 Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this s...

Page 123: ...ult Server IP address the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup Click Network NAT Port Forwarding to open the following scr...

Page 124: ...t Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add Click this button to add a rule to the table b...

Page 125: ...ive Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number...

Page 126: ...only do this for Many to One and Server mapping types Global End IP This is the ending Inside Global IP Address IGA This field is N A for One to one Many to One and Server mapping types Type 1 1 One t...

Page 127: ...rvers of different services behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End I...

Page 128: ...e SIP data stream to a public IP address You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG Use this screen to enable and disable the SIP VoIP ALG in the ZyXEL D...

Page 129: ...ol SIP is an application layer control signaling protocol that handles the setting up altering and tearing down of voice and multimedia sessions over the Internet SIP signaling is separate from the me...

Page 130: ...talking A hangs up and sends a BYE request 11 B replies with an OK response confirming receipt of the BYE request and the call is terminated 10 2 3 SIP Servers SIP is a client server protocol A SIP cl...

Page 131: ...SIP redirect server accepts SIP requests translates the destination address to an IP address and sends the translated IP address back to the device that sent the request Then the client device that o...

Page 132: ...ng A codec coder decoder codes analog voice signals into digital signals and decodes the digital signals back into analog voice signals The ZyXEL Device supports the following codecs G 711 is a Pulse...

Page 133: ...esponse is a feature that allows you to use your telephone to interact with the ZyXEL Device The ZyXEL Device allows you to record custom tones for the Caller Ringing Tone and On Hold Tone functions T...

Page 134: ...source for example at the ZyXEL Device so a server can decide the best method of delivery that is the least cost fastest route and so on 10 3 2 DiffServ DiffServ is a class of service CoS model that...

Page 135: ...uses a SIP account to make outgoing VoIP calls and check if an incoming call s destination number matches your SIP account s SIP number In order to make or receive a VoIP call you need to enable and c...

Page 136: ...can use up to 95 printable ASCII characters It does not matter whether the SIP server is a proxy redirect or register server SIP Server Port Enter the SIP server s listening port number if your VoIP...

Page 137: ...account exactly as it was given to you You can use up to 95 printable ASCII characters Password Enter the user name for registering this SIP account exactly as it was given to you You can use up to 95...

Page 138: ...s Guide 138 Figure 76 VoIP SIP Settings Advanced Each field is described in the following table Table 49 VoIP SIP Settings Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account y...

Page 139: ...in the Start Port and End Port fields To enter a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Po...

Page 140: ...evices must also use G 711 T 38 Fax Relay Select this if the ZyXEL Device should send fax messages as UDP or TCP IP packets through IP networks This provides better quality but it may have inter opera...

Page 141: ...t speaking Table 50 SIP QoS LABEL DESCRIPTION SIP TOS Priority Setting Enter the priority for SIP voice transmissions The ZyXEL Device creates Type of Service priority tags with this priority to voice...

Page 142: ...IPTION Phone Port Settings Select the phone port you want to see in this screen If you change this field the screen automatically refreshes Outgoing Call Use If you select both SIP accounts the ZyXEL...

Page 143: ...does not have power regardless of the settings you configure the phone s connected to the PHONE port s can still be used for making PSTN calls Only one phone can be in use at a time Apply Click this...

Page 144: ...to tell the ZyXEL Device to make the phone call immediately regardless of this setting Active VAD Select this if the ZyXEL Device should stop transmitting when you are not speaking This reduces the b...

Page 145: ...the flash key is not available you can tap press and immediately release the hook by hand to achieve the same effect However using the flash key is preferred since the timing is much more precise With...

Page 146: ...one and then answer the phone after it rings Put the first call on hold and answer the second call Press the flash key and then 2 10 11 2 3 European Call Transfer Do the following to transfer an incom...

Page 147: ...caller is still on hold there will be a remind ring 10 11 3 2 USA Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone directory number If...

Page 148: ...ach field is described in the following table 10 13 Speed Dial Speed dial provides shortcuts for dialing frequently used VoIP phone numbers You also have to create speed dial entries if you want to ma...

Page 149: ...ies Select the speed dial number you want to use for this phone number Number Enter the SIP number you want the ZyXEL Device to call when you dial the speed dial number Name Enter a name to identify t...

Page 150: ...eed dial number Destination This field is blank if the speed dial entry uses one of your SIP accounts Otherwise this field shows the IP address or domain name of the SIP server or other party This fie...

Page 151: ...uld wait for you to answer an incoming call before it considers the call is unanswered Advanced Setup The ZyXEL Device checks these rules before it checks the rules in the Forward to Number section Th...

Page 152: ...nected to the PHONE port s can still be used for making PSTN calls Only one phone can be in use at a time You can also use the PSTN Line screen to specify phone numbers that should always use the regu...

Page 153: ...registered These numbers tell the ZyXEL Device that you want to make a regular phone call Relay to PSTN Line Enter phone numbers for regular calls not VoIP calls that you want to dial without the pref...

Page 154: ...Chapter 10 Voice P 2802H W L I Series User s Guide 154...

Page 155: ...walls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assure the integr...

Page 156: ...ermined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network 5 For local services that are enabled protect against misuse Protect by configur...

Page 157: ...one of these rules to allow a WAN computer to manage the ZyXEL Device You also need to configure the remote management settings to allow a WAN computer to manage the ZyXEL Device You may define additi...

Page 158: ...ble to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the informati...

Page 159: ...is to use IP alias IP alias allows you to partition your network into logical sections over the same Ethernet interface Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL De...

Page 160: ...Alias 11 5 General Firewall Policy Click Security Firewall to display the following screen Activate the firewall by selecting the Active Firewall check box as seen in the following screen Refer to Se...

Page 161: ...ets See Section 11 4 1 on page 158 for an example Packet Direction This is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based...

Page 162: ...ction The firewall rules that you configure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules...

Page 163: ...n existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up by one when you take this action Order Click the...

Page 164: ...s screen Table 62 Firewall Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule Action for Matched Packet Use the drop down list box to select whether to discard Drop den...

Page 165: ...n on services available Highlight a service from the Available Services box on the left then click Add to add it to the Selected Services box on the right To remove a service highlight it in the Selec...

Page 166: ...ibes the labels in this screen 11 6 3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action di...

Page 167: ...PTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configuration Type Clic...

Page 168: ...omes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index numbe...

Page 169: ...ple Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom services...

Page 170: ...ll Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService conn...

Page 171: ...ached the established state the TCP three way handshake has not yet been completed Under normal circumstances the application that initiates a session sends a SYN synchronize packet to the receiving s...

Page 172: ...r of servers in your LAN network 4 Network bandwidth 5 Type of traffic for certain servers Reduce the threshold values if your network is slower than average for any of these factors especially if you...

Page 173: ...ow this number Maximum Incomplete High This is the number of existing half open sessions that causes the firewall to start deleting half open sessions When the number of existing half open sessions ri...

Page 174: ...Chapter 11 Firewalls P 2802H W L I Series User s Guide 174...

Page 175: ...Device performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 12 2 Configuring Keyword Blocking Use this screen t...

Page 176: ...ains the list of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the...

Page 177: ...he check box to have the content filtering to be active on the selected day Start TIme Enter the time when you want the content filtering to take effect in hour minute format End Time Enter the time w...

Page 178: ...Chapter 12 Content Filtering P 2802H W L I Series User s Guide 178...

Page 179: ...ata communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authentication at the...

Page 180: ...s the following VPN applications Linking Two or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improved performance whe...

Page 181: ...ption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provid...

Page 182: ...3 2 Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to internal systems Tunnel mode is fundamentally...

Page 183: ...including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the r...

Page 184: ...Chapter 13 Introduction to IPSec P 2802H W L I Series User s Guide 184...

Page 185: ...ty authentication sequence integrity replay resistance and non repudiation but not for confidentiality for which the ESP was designed In applications where confidentiality is not required or not sanct...

Page 186: ...using a private secret key DES applies a 56 bit key to each 64 bit block of data MD5 default MD5 Message Digest 5 produces a 128 bit digest to authenticate packet data 3DES Triple DES 3DES is a varia...

Page 187: ...Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS enter 0 0 0 0 as the secure gateway s address In this case only the remote secure gateway...

Page 188: ...Name This field displays the identification name for this VPN policy Local Address This is the IP address es of computer s on your local network behind your ZyXEL Device The same static IP address is...

Page 189: ...nd assumes that the data has been maliciously altered Remote Address This is the IP address es of computer s on the remote network behind the remote IPSec router This field displays N A when the Secur...

Page 190: ...E SA For NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE keying mode Enable NAT traversal on both IPSec endpoints Set the NAT router to forward UDP...

Page 191: ...om remote IPSec routers that have dynamic WAN IP addresses Telecommuters can use separate passwords to simultaneously connect to the ZyXEL Device from IPSec routers with dynamic IP addresses seeSectio...

Page 192: ...Peer ID Type and Content Fields PEER ID TYPE CONTENT IP Type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the ZyXEL Device automatically...

Page 193: ...ase 1 IKE negotiation seeSection 14 12 on page 198for more on IKE phases It is called pre shared because you have to share it with another party before you can communicate with them over a secure conn...

Page 194: ...is check box to activate this VPN policy This option determines whether a VPN rule is applied before a packet leaves the firewall Keep Alive Select either Yes or No from the drop down list box Select...

Page 195: ...r remote IP address but not both You can configure multiple SAs between the same local and remote IP addresses as long as only one is active at any time Local Address Type Use the drop down menu to ch...

Page 196: ...igure the local Content field to 0 0 0 0 or leave it blank It is recommended that you type an IP address other than 0 0 0 0 in the local Content field or use the DNS or E mail ID type in the following...

Page 197: ...N s full IP address range as the local IP address then you cannot configure any other active rules with the Secure Gateway Address field set to 0 0 0 0 Security Protocol VPN Protocol Select ESP if you...

Page 198: ...ES that uses a 168 bit key As a result 3DES is more secure than DES It also requires more processing power resulting in increased latency and decreased throughput This implementation of AES uses a 128...

Page 199: ...e someone attempts to send traffic 14 12 1 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association SA will be established for each connection through IKE negot...

Page 200: ...rity This may be unnecessary for data that does not require such security so PFS is disabled None by default in the ZyXEL Device Disabling PFS means new authentication and encryption keys are derived...

Page 201: ...art of the 16 to 62 character range for the key For example in 0x0123456789ABCDEF 0x denotes that the key is hexadecimal and 0123456789ABCDEF is the key itself Both ends of the VPN tunnel must use the...

Page 202: ...resulting in increased latency and decreased throughput This implementation of AES uses a 128 bit key AES is faster than 3DES Select NULL to set up a tunnel without encryption When you select NULL yo...

Page 203: ...the fields in this screen Table 79 VPN Setup Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy Name Type up to 32 characters to identify this VPN polic...

Page 204: ...d to Single this field is N A When the Local Address Type field is configured to Range enter the end static IP address in a range of computers on the LAN behind your ZyXEL Device When the Local Addres...

Page 205: ...thentication Algorithm fields described next Encryption Algorithm Select DES 3DES or NULL from the drop down list box When DES is used for data communications both sender and receiver must know the sa...

Page 206: ...ffic Figure 114 VPN SA Monitor The following table describes the fields in this screen Table 80 VPN SA Monitor LABEL DESCRIPTION No This is the security association index number Name This field displa...

Page 207: ...figure to use one VPN rule to simultaneously access a ZyXEL Device at headquarters HQ in the figure The telecommuters do not have domain names mapped to the WAN IP addresses of their IPSec routers Th...

Page 208: ...elecommuters IPSec routers should not overlap See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a ZyXEL Device located...

Page 209: ...ZyXEL Device Rule 1 Local ID Type IP Peer ID Type IP Local ID Content 192 168 2 12 Peer ID Content 192 168 2 12 Local IP Address 192 168 2 12 Secure Gateway Address telecommuter1 com Remote Address 1...

Page 210: ...PN Screens P 2802H W L I Series User s Guide 210 14 19 VPN and Remote Management If a VPN tunnel uses Telnet FTP WWW then you should configure remote management Remote Management to allow access for t...

Page 211: ...n in general works as follows 1 Tim wants to send a private message to Jenny Tim generates a public key pair What is encrypted with one key can only be decrypted using the other 2 Tim keeps the privat...

Page 212: ...e public keys and you never need to transmit private keys 15 2 Self signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates 15 3 Configuration...

Page 213: ...plays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certification request to a certification authority which then issues a certifica...

Page 214: ...tificate that one or more features is configured to use Do the following to delete a certificate that shows SELF in the Type field 1 Make sure that no other features such as HTTPS VPN SSH are configur...

Page 215: ...ntax for data including digital signatures that may be encrypted The ZyXEL Device currently allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 7 This Pr...

Page 216: ...ation authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique subject information Common Name Selec...

Page 217: ...ertification authority s enrollment protocol and the certification authority s certificate from the drop down list boxes and enter the certification authority s server address You also need to fill in...

Page 218: ...screen with a Return button that takes you back to the My Certificate Create screen Click Return and check your information in the My Certificate Create screen Make sure that the certification authori...

Page 219: ...Chapter 15 Certificates P 2802H W L I Series User s Guide 219 Figure 122 My Certificate Details...

Page 220: ...tion about the certificate Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certifica...

Page 221: ...ing the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text...

Page 222: ...e subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or...

Page 223: ...certificate A window displays asking you to confirm that you want to delete the certificates Note that subsequent certificates move up by one when you take this action Import Click Import to open a s...

Page 224: ...con to open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or not you want the...

Page 225: ...a Certification Authority signed the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate was created and s...

Page 226: ...isplays the domain names or IP addresses of the servers MD5 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the MD5 algorithm You can use this value to veri...

Page 227: ...nformation about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject...

Page 228: ...e message digests calculated using the MD5 or SHA1 algorithms The following procedure describes how to use a certificate s fingerprint to verify that you have the remote host s actual certificate 1 Br...

Page 229: ...labels in this screen 15 14 Trusted Remote Host Certificate Details Click Security Certificates Trusted Remote Hosts to open the Trusted Remote Hosts screen Click the details icon to open the Trusted...

Page 230: ...hierarchy of certification authorities that validate a certificate s issuing certification authority For a trusted host the list consists of the end entity s own certificate and the default self sign...

Page 231: ...that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject Type CA means that this is a certification authority s cert...

Page 232: ...Apply to save your changes back to the ZyXEL Device You can only change the name of the certificate Cancel Click Cancel to quit configuring this screen and return to the Trusted Remote Hosts screen T...

Page 233: ...creen where you can configure information about a directory server so that the ZyXEL Device can access it Table 94 Directory Servers LABEL DESCRIPTION Table 95 Directory Server Add and Edit LABEL DESC...

Page 234: ...certification authority Password Type the password up to 31 ASCII characters from the entity maintaining the directory server usually a certification authority Back Click Back to return to the Directo...

Page 235: ...instance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that th...

Page 236: ...es this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Netmask This parameter specifies the IP network subnet mask...

Page 237: ...tion Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical...

Page 238: ...Chapter 16 Static Route P 2802H W L I Series User s Guide 238...

Page 239: ...quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latenc...

Page 240: ...going 17 1 3 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field a...

Page 241: ...the network is congested 17 2 Configuring QoS General Screen Click Advanced QoS to open the screen as shown next Use this screen to enable or disable QoS and select to have the ZyXEL Device automatic...

Page 242: ...allocate using QoS The recommendation is to set this speed to match the interface s actual transmission speed For example set the WAN interface speed to 100000 kbps if your Internet connection has an...

Page 243: ...ifier No This field displays the index number of the classifier Active Select the check box to enable this classifier Name This is the name of the classifier Interface This shows the interface from wh...

Page 244: ...n Active Select the check box to enable this classifier Name Enter a descriptive name of up to 20 printable English keyboard characters including spaces Interface Select from which interface traffic o...

Page 245: ...nation IP address in dotted decimal notation and the destination subnet mask Refer to the appendix for more information on IP subnetting Port Select the check box and enter the port number of the dest...

Page 246: ...classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device Figure 139 QoS Example Figure 140 QoS Class Example VoIP 1 Ethernet Priority Select this option and sele...

Page 247: ...Chapter 17 Quality of Service QoS P 2802H W L I Series User s Guide 247 Figure 141 QoS Class Example VoIP 2 Figure 142 QoS Class Example Boss 1...

Page 248: ...ice QoS P 2802H W L I Series User s Guide 248 Figure 143 QoS Class Example Boss 2 17 4 QoS Monitor To view the ZyXEL Device s QoS packet statistics click Advanced QoS Monitor The screen appears as sho...

Page 249: ...ster while traffic in lower index queues is dropped if the network is congested Pass This shows how many packets mapped to this priority queue are transmitted successfully Drop This shows how many pac...

Page 250: ...Chapter 17 Quality of Service QoS P 2802H W L I Series User s Guide 250...

Page 251: ...t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to ha...

Page 252: ...Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type...

Page 253: ...IP address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS se...

Page 254: ...Chapter 18 Dynamic DNS Setup P 2802H W L I Series User s Guide 254...

Page 255: ...from which computers The following figure shows secure and insecure management of the ZyXEL Device coming in from the WAN HTTPS access is secure HTTP and Telnet access are not secure Figure 146 Secure...

Page 256: ...e management screen You have disabled that service in one of the remote management screens The IP address in the Secured Client IP field does not match the client IP address If it does not match the Z...

Page 257: ...s that the SSL server the ZyXEL Device must always authenticate itself to the SSL client the computer which requests the HTTPS connection with the ZyXEL Device whereas the SSL client only should authe...

Page 258: ...d to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address...

Page 259: ...er listens on port 443 by default If you change the HTTPS proxy server port to a different number on the ZyXEL Device for example 8443 then you must notify people who need to access the ZyXEL Device w...

Page 260: ...cate is from the ZyXEL Device If Accept this certificate temporarily for this session is selected then click OK to continue in Netscape Select Accept this certificate permanently to import the ZyXEL D...

Page 261: ...k the common name specified in the certificate that your ZyXEL Device sends to HTTPS clients 2a Click Remote MGMT Write down the name of the certificate displayed in the Server Host Key field 2b Click...

Page 262: ...tory default certificate is a common default certificate for all ZyXEL Device models Figure 153 Replace Certificate Click Apply in the Replace Certificate screen to create a certificate using your ZyX...

Page 263: ...formation in the My Certificates screen Figure 155 Common ZyXEL Device Certificate 19 5 Telnet You can use Telnet to access the ZyXEL Device Specify which interfaces allow Telnet access and from which...

Page 264: ...rom which IP address the access can come Table 106 Remote Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port numb...

Page 265: ...s only available if TCP IP is configured Table 107 Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number...

Page 266: ...t Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol b...

Page 267: ...power on 1 warmStart defined in RFC 1215 A trap is sent after booting software reboot 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requ...

Page 268: ...er may access the ZyXEL Device using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow a...

Page 269: ...n unsupported ports are probed If you want your device to respond to pings and requests for unauthorized services you may also need to configure the firewall anti probing settings to match Table 110 R...

Page 270: ...unauthorized services Select this option to prevent hackers from finding the ZyXEL Device by probing for unused ports If you select this option the ZyXEL Device will not respond to port request s for...

Page 271: ...network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 20 1 2 NAT Traversal UPnP NAT traversal automates the...

Page 272: ...on 20 1 on page 271 for more information Figure 162 Configuring UPnP The following table describes the fields in this screen Table 112 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and...

Page 273: ...and Control Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details Figure 163 Add Remove Programs Windows Setup...

Page 274: ...when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections win...

Page 275: ...de 275 Figure 166 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 167 Networking Services 6 Click OK to go back to...

Page 276: ...vice Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Dou...

Page 277: ...pter 20 Universal Plug and Play UPnP P 2802H W L I Series User s Guide 277 Figure 169 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappin...

Page 278: ...erties Advanced Settings Figure 171 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatical...

Page 279: ...Status Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do n...

Page 280: ...Series User s Guide 280 Figure 174 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and sel...

Page 281: ...ide 281 Figure 175 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Devic...

Page 282: ...Chapter 20 Universal Plug and Play UPnP P 2802H W L I Series User s Guide 282...

Page 283: ...283 PART IV Maintenance Troubleshooting and Specifications System 285 Logs 289 Tools 303 Diagnostic 315 Troubleshooting 317 Product Specifications 325...

Page 284: ...284...

Page 285: ...2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the...

Page 286: ...ype how many minutes a management session either via the web configurator or telnet can be left idle before the session times out The default is 5 minutes After it times out you have to log in with yo...

Page 287: ...he ZyXEL Device synchronizes the time with the time server Current Date This field displays the date of your ZyXEL Device Each time you reload this page the ZyXEL Device synchronizes the date with the...

Page 288: ...if you selected Daylight Savings The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March E...

Page 289: ...ention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by t...

Page 290: ...lay The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from all of the log categories that you s...

Page 291: ...il server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via E mail Mail Subject Type a title that you want to be in the subject line of...

Page 292: ...specify a time of day when the E mail should be sent If you select Weekly then also specify which day of the week the E mail should be sent If you select When Log is Full an alert is sent when the lo...

Page 293: ...fail 6 means RCPT TO fail 7 means DATA fail 8 means mail data send fail Subject Firewall Alert From Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To...

Page 294: ...to the router via ftp NAT Session Table is Full The maximum number of NAT session table entries has been exceeded and the table is full Starting Connectivity Monitor Starting Connectivity Monitor Tim...

Page 295: ...PF The firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked TCP UDP IGMP ESP GRE OSPF The router blocked a packet that didn t have a corresponding NAT tab...

Page 296: ...Packet Direction type d code d ICMP access matched the default policy and was blocked or forwarded according to the user s setting Firewall rule NOT match ICMP Packet Direction rule d type d code d IC...

Page 297: ...nection s Internet Protocol Control Protocol stage is opening ppp LCP Closing The PPP connection s Link Control Protocol stage is closing ppp IPCP Closing The PPP connection s Internet Protocol Contro...

Page 298: ...ttack vulnerability ICMP type d code d The firewall detected an ICMP vulnerability attack traceroute ICMP type d code d The firewall detected an ICMP traceroute attack Table 129 802 1X Logs LOG MESSAG...

Page 299: ...Server to authenticate user There is no authentication server to authenticate a user Local User Database does not find user s credential A user was not authenticated by the local user database becaus...

Page 300: ...SAGE DESCRIPTION Facility 8 Severity Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system...

Page 301: ...ted phone port to initiate a VoIP call to the listed destination VoIP Call Established Ph Phone Port Outgoing Call Number Someone used a phone connected to the listed phone port to make a VoIP call to...

Page 302: ...se refer to RFC 2408 for detailed information on each type Table 138 RFC 2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE SA Security Association PROP Proposal TRANS Transform KE Key Exchange ID Ide...

Page 303: ...alternately upload the factory default configuration file if you want to return the device to the original default settings The firmware determines the device s available features and functionality Y...

Page 304: ...ZyXEL Device that is on your computer local network or FTP site and so the name but not the extension may vary After uploading new firmware see the Status screen to confirm that you have uploaded the...

Page 305: ...pload is in progress Figure 182 Firmware Upgrade The following table describes the labels in this screen After you see the Firmware Upload in Progress screen wait two minutes before logging into the Z...

Page 306: ...es log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click Return to go back to the Firmware screen Figure 185 Err...

Page 307: ...nfiguration to your computer 23 5 2 Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device 1 Do not turn...

Page 308: ...he IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix A on page 337 for details on how to set up your computer s IP address If the u...

Page 309: ...EL Device s configuration Figure 192 Restart Screen 23 7 Using FTP or TFTP to Back Up Configuration This section covers how to use FTP or TFTP to save your device s configuration file to your computer...

Page 310: ...ecommended To use TFTP your computer must have both telnet and TFTP clients To backup the configuration file follow the procedure shown next 331 Enter PASS command Password 230 Logged in ftp bin 200 T...

Page 311: ...t binary transfer mode 23 7 5 TFTP Command Configuration Backup Example The following is an example TFTP command tftp i host get rom 0 config rom where i specifies binary image transfer mode use this...

Page 312: ...Configuration process is complete the device automatically restarts 23 8 1 Restore Using FTP Session Example Figure 194 Restore Using FTP Session Example Refer to Section 23 3 on page 304 to read abou...

Page 313: ...mpt 23 9 2 FTP Session Example of Firmware File Upload Figure 195 FTP Session Example of Firmware File Upload More commands found in GUI based FTP clients are listed earlier in this chapter Refer to S...

Page 314: ...tive and the device in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to t...

Page 315: ...en the screen shown next Figure 196 Diagnostic General The following table describes the fields in this screen 24 2 DSL Line Diagnostic Click Maintenance Diagnostic DSL Line to open the screen shown n...

Page 316: ...the DSL connection status Reset VDSL Line Click this button to reinitialize the VDSL line The large text box above then displays the progress and results of this operation for example Start to reset V...

Page 317: ...you are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure t...

Page 318: ...gin screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 7 3 1 on page 91 use the new IP address...

Page 319: ...Device 1 Make sure you have entered the user name and password correctly The default password is 1234 These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web c...

Page 320: ...ake sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 5 on page 40 2 Turn the ZyXEL Device off and on 3 If the problem continues contact your ISP V The Internet connection...

Page 321: ...is connected to the corresponding PHONE port You can also check the VoIP status in the Status screen If the VoIP settings are correct use speed dial to make peer to peer calls If you can make a call u...

Page 322: ...ts in order to control which SIP account you are using when placing or receiving calls 25 5 1 Outgoing Calls The following figure represents the default behavior of your ZyXEL Device when two SIP acco...

Page 323: ...and phone port 2 ring In either case you are not sure which SIP account the call is coming from Figure 200 Incoming Calls Default In the next example phone port 1 is configured to use SIP account 1 a...

Page 324: ...Chapter 25 Troubleshooting P 2802H W L I Series User s Guide 324...

Page 325: ...rt 1 RJ 11 FXS POTS port for making calls over the PSTN line RESET Button Restores factory defaults Antenna One attached external dipole antenna 2dBi Operation Temperature 0 C 40 C Storage Temperature...

Page 326: ...ime and date from an external server when you turn on your ZyXEL Device You can also set the time manually These dates and times are then used in logs Logs Use logs for troubleshooting You can send lo...

Page 327: ...cally join a network obtain an IP address and convey their capabilities to each other PPPoE Support RFC2516 PPPoE Point to Point Protocol over Ethernet emulates a dial up connection It allows your ISP...

Page 328: ...SNMP and DNS VoIP Auto provisioning via TFTP HTTP Remote Firmware Upgrade Syslog Other Features Dynamic DNS SPTGEN QoS Firewall Stateful Packet Inspection Prevent Denial of Service attacks such as Pi...

Page 329: ...Phone standards and settings differ from one country to another so the settings on your ZyXEL Device must be configured to match those of the country you are in The country code feature allows you to...

Page 330: ...l on a VoIP account even while someone else is using the account for a phone call Voice Activity Detection Silence Suppression Voice Activity Detection VAD reduces the bandwidth that a call uses by no...

Page 331: ...ected Access WPA is a subset of the IEEE 802 11i security standard Key differences between WPA and WEP are user authentication and improved data encryption WPA2 WPA 2 is a wireless security standard t...

Page 332: ...ol PPP RFC 1723 RIP 2 Routing Information Protocol RFC 1901 SNMPv2c Simple Network Management Protocol version 2c RFC 2236 Internet Group Management Protocol Version 2 RFC 2408 Internet Security Assoc...

Page 333: ...6A Output Power DC 18Volts 1A Power Consumption 12 Watt max Safety Standards UL CUL UL 60950 1 EUROPEAN PLUG STANDARDS AC Power Adapter Model MU18 2180100 C5 Input Power AC 100 240Volts 50 60Hz 0 6A O...

Page 334: ...Chapter 26 Product Specifications P 2802H W L I Series User s Guide 334...

Page 335: ...may not apply to your ZyXEL Device Setting up Your Computer s IP Address 337 Pop up Windows JavaScripts and Java Permissions 349 IP Addresses and Subnetting 355 Wireless LANs 363 Services 373 Command...

Page 336: ...336...

Page 337: ...of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components...

Page 338: ...nd then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Micro...

Page 339: ...mic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 203 Windows 95 98...

Page 340: ...OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying...

Page 341: ...L I Series User s Guide 341 Figure 205 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 206 Windows XP Control Panel 3...

Page 342: ...eral tab in Win XP and click Properties Figure 208 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynami...

Page 343: ...onfigure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a...

Page 344: ...w 9 Click OK to close the Local Area Connection Properties window 10 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then...

Page 345: ...P 2802H W L I Series User s Guide 345 Figure 211 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 212 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings...

Page 346: ...Click Save if prompted to save changes to your configuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Pa...

Page 347: ...g From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Cl...

Page 348: ...Appendix A Setting up Your Computer s IP Address P 2802H W L I Series User s Guide 348...

Page 349: ...Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up bloc...

Page 350: ...any web pop up blockers you may have enabled Figure 216 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop...

Page 351: ...s Guide 351 Figure 217 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add t...

Page 352: ...display properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 219 Internet Options Security 2 Click the...

Page 353: ...Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java per...

Page 354: ...issions P 2802H W L I Series User s Guide 354 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected...

Page 355: ...eet share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the...

Page 356: ...t in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subne...

Page 357: ...lowed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a f...

Page 358: ...re shows the company network before subnetting Figure 224 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks T...

Page 359: ...2 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need...

Page 360: ...9 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subn...

Page 361: ...HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255...

Page 362: ...you entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique addre...

Page 363: ...ependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 226 Peer to Peer Communication in an Ad hoc N...

Page 364: ...s wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired ne...

Page 365: ...ally overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 chann...

Page 366: ...the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS...

Page 367: ...more reliable communication in noisy networks Select Dynamic to have the AP automatically use short preamble when all wireless stations support it otherwise the AP uses long preamble The AP and the wi...

Page 368: ...nnected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the network...

Page 369: ...n it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dyn...

Page 370: ...a default encryption key in the Wireless screen You may still configure and store keys here but they will not be used while Dynamic WEP is enabled EAP MD5 cannot be used with Dynamic WEP Key Exchange...

Page 371: ...and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has...

Page 372: ...ynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA WEP No Yes WPA TKIP No Yes WPA PSK WEP Yes Yes WPA PSK TKIP Yes Yes Table 166 Wireless Security Relational Matrix continued AUTHENTICA...

Page 373: ...his service is used Table 167 Examples of Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM TCP 5190...

Page 374: ...ssenger service uses this protocol NetBIOS TCP UDP TCP UDP TCP UDP TCP UDP 137 138 139 445 The Network Basic Input Output System is used for communication between computers in a LAN NEW ICQ TCP 5190 A...

Page 375: ...messages from one e mail server to another SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for u...

Page 376: ...t file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP UDP 7000 user defined A videoconferencing solution The UDP por...

Page 377: ...field identification number field name parameter values allowed input where input is your input conforming to parameter values allowed The figure shown next is an example of an Internal SPTGEN text f...

Page 378: ...230 on page 377 Figure 231 Invalid Parameter Entered Command Line Example The ZyXEL Device will display the following if you enter parameter s that are valid Figure 232 Valid Parameter Entered Command...

Page 379: ...igure 234 Internal SPTGEN FTP Upload Example Example Internal SPTGEN Screens This section covers ZyXEL Device Internal SPTGEN screens c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22...

Page 380: ...Ethernet Setup FIN FN PVA INPUT 30100001 Input Protocol filters Set 1 2 30100002 Input Protocol filters Set 2 256 30100003 Input Protocol filters Set 3 256 30100004 Input Protocol filters Set 4 256 30...

Page 381: ...30200013 IP Policies Set 1 1 12 256 30200014 IP Policies Set 2 1 12 256 30200015 IP Policies Set 3 1 12 256 30200016 IP Policies Set 4 1 12 256 Menu 3 2 1 IP Alias Setup FIN FN PVA INPUT 30201001 IP...

Page 382: ...1020 IP Alias 2 Incoming protocol filters Set 2 256 30201021 IP Alias 2 Incoming protocol filters Set 3 256 30201022 IP Alias 2 Incoming protocol filters Set 4 256 30201023 IP Alias 2 Outgoing protoco...

Page 383: ...r Action 0 Allow 1 Deny 0 30501003 Address 1 00 00 00 00 00 00 30501004 Address 2 00 00 00 00 00 00 30501005 Address 3 00 00 00 00 00 00 Continued 30501034 Address 32 00 00 00 00 00 00 Table 170 Menu...

Page 384: ...protocol filter set 3 256 40000019 ISP incoming protocol filter set 4 256 40000020 ISP outgoing protocol filter set 1 256 40000021 ISP outgoing protocol filter set 2 256 40000022 ISP outgoing protocol...

Page 385: ...0 0 0 0 120102004 IP Static Route set 2 Destination IP subnetmask 0 120102005 IP Static Route set 2 Gateway 0 0 0 0 120102006 IP Static Route set 2 Metric 0 120102007 IP Static Route set 2 Private 0...

Page 386: ...set 6 Active 0 No 1 Yes 0 120106003 IP Static Route set 6 Destination IP address 0 0 0 0 120106004 IP Static Route set 6 Destination IP subnetmask 0 120106005 IP Static Route set 6 Gateway 0 0 0 0 120...

Page 387: ...Static Route set 10 Name 120110002 IP Static Route set 10 Active 0 No 1 Yes 0 120110003 IP Static Route set 10 Destination IP address 0 0 0 0 120110004 IP Static Route set 10 Destination IP subnetmas...

Page 388: ...ivate 0 No 1 Yes 0 Menu 12 1 14 IP Static Route Setup FIN FN PVA INPUT 120114001 IP Static Route set 14 Name Str 120114002 IP Static Route set 14 Active 0 No 1 Yes 0 120114003 IP Static Route set 14 D...

Page 389: ...Server 2 Protocol 0 All 6 TCP 17 U DP 0 150000004 SUA Server 2 Port Start 0 150000005 SUA Server 2 Port End 0 150000006 SUA Server 2 Local IP address 0 0 0 0 150000007 SUA Server 3 Active 0 No 1 Yes...

Page 390: ...Active 0 No 1 Yes 0 150000038 SUA Server 9 Protocol 0 All 6 TCP 17 U DP 0 150000039 SUA Server 9 Port Start 0 150000040 SUA Server 9 Port End 0 150000041 SUA Server 9 Local IP address 0 0 0 0 15000004...

Page 391: ...ress 0 0 0 0 210101009 IP Filter Set 1 Rule 1 Src Subnet Mask 0 210101010 IP Filter Set 1 Rule 1 Src Port 0 210101011 IP Filter Set 1 Rule 1 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 0...

Page 392: ...ilter Set 1 Rule 3 Dest Subnet Mask 0 210103006 IP Filter Set 1 Rule 3 Dest Port 139 210103007 IP Filter Set 1 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 1 210103008 IP Filter S...

Page 393: ...set 1 rule 5 FIN FN PVA INPUT 210105001 IP Filter Set 1 Rule 5 Type 2 TCP IP 2 210105002 IP Filter Set 1 Rule 5 Active 0 No 1 Yes 1 210105003 IP Filter Set 1 Rule 5 Protocol 17 210105004 IP Filter Se...

Page 394: ...0 210106010 IP Filter Set 1 Rule 6 Src Port 0 210106011 IP Filter Set 1 Rule 6 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 0 210106013 IP Filter Set 1 Rule 6 Act Match 1 check next 2 for...

Page 395: ...le 2 FIN FN PVA INPUT 210202001 IP Filter Set 2 Rule 2 Type 0 none 2 TCP IP 2 210202002 IP Filter Set 2 Rule 2 Active 0 No 1 Yes 1 210202003 IP Filter Set 2 Rule 2 Protocol 6 210202004 IP Filter Set 2...

Page 396: ...0203008 IP Filter Set 2 Rule 3 Src IP address 0 0 0 0 210203009 IP Filter Set 2 Rule 3 Src Subnet Mask 0 210203010 IP Filter Set 2 Rule 3 Src Port 0 210203011 IP Filter Set 2 Rule 3 Src Port Comp 0 no...

Page 397: ...le 5 FIN FN PVA INPUT 210205001 IP Filter Set 2 Rule 5 Type 0 none 2 TCP IP 2 210205002 IP Filter Set 2 Rule 5 Active 0 No 1 Yes 1 210205003 IP Filter Set 2 Rule 5 Protocol 17 210205004 IP Filter Set...

Page 398: ...l 3 less 4 g reater 1 210206008 IP Filter Set 2 Rule 6 Src IP address 0 0 0 0 210206009 IP Filter Set 2 Rule 6 Src Subnet Mask 0 210206010 IP Filter Set 2 Rule 6 Src Port 0 210206011 IP Filter Set 2 R...

Page 399: ...0200009 Accounting Server Port 1823 230200010 Accounting Server Shared Secret 1234 Menu 23 4 System security IEEE802 1x FIN FN PVA INPUT 230400001 Wireless Port Control 0 Authentication Required 1 No...

Page 400: ...41100003 TELNET Server Secured IP address 0 0 0 0 241100004 FTP Server Port 21 241100005 FTP Server Access 0 all 1 none 2 Lan 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Serv...

Page 401: ...notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only a...

Page 402: ...must not be co located or operating in conjunction with any other antenna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To...

Page 403: ...t of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warrantie...

Page 404: ...Appendix G Legal Information P 2802H W L I Series User s Guide 404...

Page 405: ...rt E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail Zy...

Page 406: ...80 8448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular...

Page 407: ...Shinagawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Do...

Page 408: ...ul Okrzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovity...

Page 409: ...r Mail ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69...

Page 410: ...Appendix H Customer Support P 2802H W L I Series User s Guide 410...

Page 411: ...ate details 218 factory default 213 certificates 211 advantages 212 and cryptology 211 and directory servers 212 232 and public key cryptology 211 and public private keys 211 and remote hosts 226 crea...

Page 412: ...ntiated Services DSCP 240 DSCPs 134 DSL line reinitialize 316 DTMF 133 DTMF detection and generation 330 Dual Tone MultiFrequency 133 dynamic DNS 251 327 Dynamic Host Configuration Protocol 327 dynami...

Page 413: ...phases 198 importing certificates 214 importing trusted CAs 223 importing trusted remote hosts 229 Independent Basic Service Set 363 Initialization Vector IV 371 inside header 182 install UPnP 273 Wi...

Page 414: ...how it works 118 mapping types 119 what it does 118 NAT Network Address Translation 117 NAT mode 121 NAT sessions 328 NAT traversal 190 271 negotiation mode 199 Network Address Translation see NAT O...

Page 415: ...307 restore configuration 312 RF Radio Frequency 332 RFC 1631 117 RFC 1889 132 330 RFC 1890 330 RFC 2327 330 RFC 2516 327 RFC 3261 330 Ringer Equivalence Number 330 RIP 92 direction 92 Routing Informa...

Page 416: ...file upload 313 TFTP and FTP over WAN 304 TFTP restrictions 304 three way conference 146 147 TLS 331 ToS 134 trademarks 401 transparent bridging 328 transport mode 182 Triangle 158 Triangle Route Solu...

Page 417: ...I Series User s Guide 417 Wi Fi Protected Access WPA 331 wireless LAN MAC address filtering 331 WLAN interference 365 security parameters 371 Z ZyNOS 304 ZyNOS ZyXEL Network Operating System 304 ZyNO...

Page 418: ...Index P 2802H W L I Series User s Guide 418...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands