ZyXEL Communications Prestige 653HWI series Скачать руководство пользователя страница 217 | Manualshive

Страница: 217 / 564

background image

Prestige 653HWI Series User’s Guide

VPN Screens

17-25

17.16 Telecommuter VPN/IPSec Examples

The following examples show how multiple telecommuters can make VPN connections to a single Prestige at
headquarters from remote IPSec routers that use dynamic WAN IP addresses.

17.16.1

Telecommuters Sharing One VPN Rule Example

Multiple telecommuters can use one VPN rule to simultaneously access a Prestige at headquarters. They
must all use the same IPSec parameters (including the pre-shared key) but the local IP addresses (or ranges of
addresses) cannot overlap. See the following table and figure for an example.

Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is
compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to
use a different VPN rule for each telecommuter and identify them by unique IDs (see

section 17.16.2

for an

example)

Table 17-12 Telecommuter and Headquarters Configuration Example

TELECOMMUTER

HEADQUARTERS

My IP Address

:

0.0.0.0 (dynamic IP address
assigned by the ISP)

Public static IP address

Secure Gateway
IP Address

:

Public static IP address or domain
name.

0.0.0.0 With this IP address only the
telecommuter can initiate the IPSec tunnel.

«
...
215
216
217
218
219
...
»

Содержание Prestige 653HWI series

Страница 1: ...Prestige 653HWI Series ADSL Security Gateway with IEEE802 11g and ISDN Backup User s Guide Version 3 40 December 2003...

Страница 2: ...by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does...

Страница 3: ...requency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio tele...

Страница 4: ...the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event b...

Страница 5: ...xel com ftp zyxel com WORLDWIDE sales zyxel com tw 886 3 578 2439 ftp europe zyxel com ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan support zyxel com...

Страница 6: ...1 2 2 Accessing the Prestige Web Configurator 2 1 2 3 Navigating the Prestige Web Configurator 2 2 2 4 Resetting the Prestige 2 3 Chapter 3 Wizard Setup 3 1 3 1 Wizard Setup Introduction 3 1 3 2 Encap...

Страница 7: ...view 7 1 7 2 ISDN 7 1 7 3 NetCAPI 7 1 7 4 Metric 7 2 7 5 PPPoE Encapsulation 7 2 7 6 Traffic Shaping 7 3 7 7 Configuring WAN Functions 7 4 7 8 Configuring WAN DSL Setup 7 6 7 9 ISDN Connection Setup 7...

Страница 8: ...2 1 12 3 Attack Alert 12 2 Chapter 13 Creating Custom Rules 13 1 13 1 Rules Overview 13 1 13 2 Rule Logic Overview 13 1 13 3 Connection Direction 13 3 13 4 Logs 13 5 13 5 Rule Summary 13 5 13 6 Predef...

Страница 9: ...nagement 17 27 Remote Management UPnP and Logs VI Chapter 18 Remote Management Configuration 18 1 18 1 Remote Management Overview 18 1 18 2 Telnet 18 2 18 3 FTP 18 3 18 4 Web 18 3 18 5 Configuring Rem...

Страница 10: ...nging the System Password 23 6 Chapter 24 Menu 1 General Setup 24 1 24 1 General Setup 24 1 24 2 Procedure To Configure Menu 1 24 1 Chapter 25 Menu 2 WAN Backup Setup 25 1 25 1 Introduction to WAN Bac...

Страница 11: ...ing in General 31 1 31 2 Bridge Ethernet Setup 31 1 Chapter 32 Network Address Translation NAT 32 1 32 1 Using NAT 32 1 32 2 Applying NAT 32 1 32 3 NAT Setup 32 3 32 4 Configuring a Server behind NAT...

Страница 12: ...38 10 Chapter 39 System Maintenance 39 1 39 1 Command Interpreter Mode 39 1 39 2 Call Control Support 39 2 39 3 Time and Date Setting 39 4 Chapter 40 Remote Management 40 1 40 1 Remote Management Ove...

Страница 13: ...GEN FTP Upload Example 45 4 Appendices and Index XII Appendix A Troubleshooting A 1 Appendix B IP Subnetting B 1 Appendix C Wireless LAN and IEEE 802 11 C 1 Appendix D Antenna Selection and Positionin...

Страница 14: ...N Configuration 3 13 Figure 3 8 Wizard Screen 4 3 14 Figure 4 1 Password 4 1 Figure 5 1 LAN and WAN IP Addresses 5 1 Figure 5 2 LAN 5 4 Figure 6 1 RTS Threshold 6 2 Figure 6 2 Prestige Wireless Securi...

Страница 15: ...ting A Firewall Rule 13 11 Figure 13 5 Adding Editing Source and Destination Addresses 13 13 Figure 13 6 Timeout 13 14 Figure 14 1 Customized Services 14 1 Figure 14 2 Creating Editing A Customized Se...

Страница 16: ...21 12 Figure 21 9 Bandwidth Manager Class Configuration 21 14 Figure 21 10 Bandwidth Management Statistics 21 17 Figure 21 11 Bandwidth Manager Monitor 21 18 Figure 22 1 System Status 22 2 Figure 22...

Страница 17: ...p 29 2 Figure 29 2 Menu 11 1 Remote Node Profile 29 3 Figure 29 3 Menu 11 3 Remote Node Network Layer Options 29 6 Figure 29 4 Sample IP Addresses for a TCP IP LAN to LAN Connection 29 8 Figure 29 5 M...

Страница 18: ...ring Process 34 2 Figure 34 2 Filter Rule Process 34 3 Figure 34 3 Menu 21 Filter Set Configuration 34 4 Figure 34 4 NetBIOS_WAN Filter Rules Summary 34 5 Figure 34 5 NetBIOS_LAN Filter Rules Summary...

Страница 19: ...Screen 38 7 Figure 38 7 Telnet into Menu 24 6 38 8 Figure 38 8 Restore Using FTP Session Example 38 9 Figure 38 9 System Maintenance Restore Configuration 38 9 Figure 38 10 System Maintenance Starting...

Страница 20: ...e 42 3 Applying Schedule Set s to a Remote Node PPPoE 42 4 Figure 43 1 VPN SMT Menu Tree 43 1 Figure 43 2 Menu 27 VPN IPSec Setup 43 2 Figure 43 3 Menu 27 1 IPSec Summary 43 2 Figure 43 4 Menu 27 1 1...

Страница 21: ...ble 7 4 ISDN Dial In Setup 7 14 Table 7 5 Configuring NetCAPI 7 16 Table 7 6 WAN Backup Setup 7 22 Table 8 1 NAT Definitions 8 1 Table 8 2 NAT Mapping Types 8 5 Table 8 3 Services and Port Numbers 8 7...

Страница 22: ...commuter and Headquarters Configuration Example 17 25 Table 18 1 Remote Management 18 3 Table 19 1 Configuring UPnP 19 2 Table 20 1 Log Settings 20 3 Table 20 2 View Logs 20 4 Table 20 3 SMTP Error Me...

Страница 23: ...IP Static Route 30 3 Table 31 1 Remote Node Network Layer Options Bridge Fields 31 3 Table 31 2 Menu 12 3 1 Edit Bridge Static Route 31 3 Table 32 1 Applying NAT in Menus 4 11 3 32 3 Table 32 2 SUAAdd...

Страница 24: ...and Date Setting 39 5 Table 40 1 Menu 24 11 Remote Management Control 40 2 Table 41 1 Menu 25 1 IP Routing Policy Setup 41 3 Table 41 2 Menu 25 1 1 IP Routing Policy 41 4 Table 42 1 Menu 26 1 Schedule...

Страница 25: ...es B 1 Chart B 2 Allowed IP Address Range By Class B 2 Chart B 3 Natural Masks B 2 Chart B 4 Alternative Subnet Mask Notation B 3 Chart B 5 Subnet 1 B 4 Chart B 6 Subnet 2 B 4 Chart B 7 Subnet 1 B 5 C...

Страница 26: ...on features configurable by web configurator The SMT parts of this guide contain background information solely on features not configurable by web configurator Use the web configurator System Managem...

Страница 27: ...ed field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return key ESC means the Escape key and SPACE BAR means the Space Bar M...

Страница 28: ...pstream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple button click in a web browser can start an...

Страница 29: ...I Getting Started This part is structured as a step by step guide to help you access your Prestige It covers key features and applications accessing the web configurator and configuring the wizard scr...

Страница 30: ......

Страница 31: ...f working anywhere within the coverage area Models includes in this series at the time of writing are P653HWI 11 P653HWI 13 P653HWI 17 Models ending in 1 for example P653HWI 11 denote a device that wo...

Страница 32: ...DoS Denial of Service protection By default when the firewall is activated all incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN The Prestige firewall supports T...

Страница 33: ...p keep network communications private Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet thus acting as an auxiliary if your re...

Страница 34: ...erface BRI Support The router supports a single BRI The BRI offers two 64 Kbps channels which can be used independently for two destinations or be bundled to speed up data transfer Incoming Call Suppo...

Страница 35: ...on the Internet 10 100M Auto negotiating Ethernet Fast Ethernet Interface s This auto negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately wi...

Страница 36: ...IP configuration at start up from a centralized DHCP server The Prestige has built in DHCP server capability enabled by default It can assign IP addresses an IP default gateway and DNS servers to DHCP...

Страница 37: ...iplexing Encapsulation The Prestige supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 encapsulation over ATM MAC encapsulated routing ENET encapsulation as well as PPP over Ethernet RFC...

Страница 38: ...ce requirements making it easy to position anywhere in your busy office 1 3 Applications for the Prestige Here are some example uses for which the Prestige is well suited 1 3 1 Internet Access The Pre...

Страница 39: ...that allows multiple users on the LAN Local Area Network to access the Internet concurrently for the cost of a single IP address 1 3 2 Firewall for Secure Broadband Internet Access The Prestige provi...

Страница 40: ...Application 1 3 3 VPN Application The Prestige s VPN feature makes it an ideal cost effective way to connect branch offices and business partners over the Internet without the need and expense for le...

Страница 41: ...o Know Your Prestige 1 11 Figure 1 3 VPN Application 1 3 4 LAN to LAN Application You can use the Prestige to connect two geographically dispersed networks over the ADSL line A typical LAN to LAN appl...

Страница 42: ...Prestige 653HWI Series User s Guide 1 12 Getting To Know Your Prestige Figure 1 4 Prestige LAN to LAN Application...

Страница 43: ...igator 7 0 and later versions with JavaScript enabled It is recommended that you set your screen resolution to 1024 by 768 pixels 2 2 Accessing the Prestige Web Configurator Step 1 Make sure your Pres...

Страница 44: ...configurator from the SITE MAP screen Select a language from the Language drop down list box Click Wizard Setup to begin a series of screens to configure your Prestige for the first time Click a link...

Страница 45: ...l be reset to 1234 also 2 4 1 Using The Reset Button Step 1 Make sure the SYS LED is on not blinking Step 2 Press the RESET button for five seconds and then release it When the SYS LED begins to blink...

Страница 46: ...cing the Web Configurator Figure 2 3 Example Xmodem Upload Step 5 After successful firmware upload enter atgo to restart the router Type the configuration file s location or click Browse to search for...

Страница 47: ...outed Ethernet frames into bridged ATM cells ENET ENCAP requires that you specify a gateway IP address in the Ethernet Encapsulation Gateway field in the second wizard screen You can get this informat...

Страница 48: ...VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 3 3 2 LLC based Multiplexing In this case one VC carr...

Страница 49: ...Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET E...

Страница 50: ...Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the ne...

Страница 51: ...e IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet for example only between your two branch offices you can assign any IP addresses...

Страница 52: ...s reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern 3 9 NAT NAT Network Address Trans...

Страница 53: ...t Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address text box below Connection Select Connec...

Страница 54: ...C 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Network Address Translation Select None SUA Only or...

Страница 55: ...Internet The Single User Account feature can be used with either a dynamic or static IP address Select Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP A...

Страница 56: ...ress Translation Select None SUA Only or Full Feature from the drop sown list box Refer to the NAT chapter for more details Back Click Back to go back to the first wizard screen Next Click Next to con...

Страница 57: ...ault setting selects Connection on Demand with 0 as the idle time out which means the Internet session will not timeout Select Nailed Up Connection when you want your connection up all the time The Pr...

Страница 58: ...f 192 168 1 1 for other server machines for example server for mail FTP telnet web etc that you may have 3 12 Wizard Setup Configuration Third Screen Step 1 Verify the settings in the screen shown nex...

Страница 59: ...168 1 1 factory default If you changed the Prestige s LAN IP address you must use the new IP address if you want to access the web configurator again LAN Subnet Mask Enter a subnet mask in dotted deci...

Страница 60: ...s The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Secondary DNS Server As above Back Click Back to go back to the previous screen Finish Click Finish to sa...

Страница 61: ...ate to www zyxel com Internet access is just the beginning Refer to the rest of this User s Guide for more detailed information on the complete range of Prestige features If you cannot access the Inte...

Страница 62: ......

Страница 63: ...Password LAN Wireless LAN and WAN II Part II Password LAN Wireless LAN and WAN This part covers the password LAN Local Area Network wireless LAN and WAN setup...

Страница 64: ......

Страница 65: ...for accessing the Prestige 4 2 Configuring Password To change your Prestige s password recommended click Password The screen appears as shown Figure 4 1 Password The following table describes the fie...

Страница 66: ...4 2 Password Setup Table 4 1 Password LABEL DESCRIPTION Retype to Confirm Type the new password again in this field Apply Click Apply to save your changes back to the Prestige Cancel Click Cancel to b...

Страница 67: ...e IP addresses 5 1 1 LANs WANs and the Prestige The actual physical connection determines whether the Prestige ports are LAN or WAN ports There are two separate IP networks one inside the LAN network...

Страница 68: ...roxy works only when the ISP uses the IPCP DNS server extensions It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances If your ISP gives you explicit DNS servers...

Страница 69: ...h RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting 5 4 4 Multicast Traditionally IP packets are transmi...

Страница 70: ...Setup WAN interfaces in the web configurator LAN WAN Select None to disable IP multicasting on these interfaces 5 5 Configuring LAN Click LAN to open the following screen Figure 5 2 LAN The following...

Страница 71: ...Pool This field specifies the size or count of the IP address pool Primary DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP addres...

Страница 72: ...ige 653HWI Series User s Guide 5 6 LAN Setup Table 5 1 LAN LABEL DESCRIPTION Apply Click this button to save these settings back to the Prestige Cancel Click this button to reset the fields in this sc...

Страница 73: ...rk RADIUS server for remote user authentication and accounting 6 1 2 Channel The range of radio frequencies used by IEEE 802 11g wireless devices is called a channel Channels available depend on your...

Страница 74: ...equest To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS R...

Страница 75: ...ill be fragmented before they reach RTS CTS size 6 2 Levels of Security Wireless security is vital to your network to protect wireless communication between wireless stations access points and the wir...

Страница 76: ...less stations and the access points must use the same WEP key for data encryption and decryption Your Prestige allows you to configure up to four 64 bit or 128 bit WEP keys but only one key can be ena...

Страница 77: ...e data unit size turns off the RTS CTS handshake Setting this attribute to zero turns on the RTS CTS handshake Enter a value between 0 and 2432 Fragmentation Threshold The threshold number of bytes fo...

Страница 78: ...access to up to 32 devices Allow Association or exclude up to 32 devices from accessing the Prestige Deny Association Every Ethernet device has a unique MAC Media Access Control address The MAC addre...

Страница 79: ...Prestige 653HWI Series User s Guide Wireless LAN Setup 6 7 Figure 6 4 MAC Address Filter The following table describes the fields in this menu...

Страница 80: ...el Click Cancel to begin configuring this screen afresh 6 5 Network Authentication You can set the Prestige and your network to authenticate a wireless station before the wireless station can communic...

Страница 81: ...per response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting Account...

Страница 82: ...s station sends a start message to the Prestige Step 2 The Prestige sends a request identity message to the wireless station for identity information Step 3 The wireless station replies with identity...

Страница 83: ...e wired network ReAuthentication Timer Specify how often wireless stations have to reenter user names and passwords in order to stay connected This field is activated only when you select Authenticati...

Страница 84: ...heck the user database on the Prestige for a client s user name and password If the user name is not found the Prestige checks the user database on the specified RADIUS server Select RADIUS first then...

Страница 85: ...Prestige 653HWI Series User s Guide Wireless LAN Setup 6 13 Figure 6 7 Local User Database The following table describes the fields in this screen...

Страница 86: ...to 31 characters long for this user profile Back Click Back to go to the main wireless LAN setup screen Apply Click Apply to save these settings back to the Prestige Cancel Click Cancel to begin confi...

Страница 87: ...over the network This key must be the same on the external authentication server and Prestige Accounting Server Active Select Yes from the drop down list box to enable user authentication through an...

Страница 88: ......

Страница 89: ...r file transfer G3 G4 Fax Autoanswer host mode telephony etc on Windows 95 98 NT platforms 7 3 1 CAPI CAPI is an interface standard that allows applications to access ISDN services Several application...

Страница 90: ...mary default route Should the DSL route fail to connect to the Internet the Prestige first tries the traffic redirect route In the same manner the Prestige uses the dial backup route if the traffic re...

Страница 91: ...ctions Peak Cell Rate PCR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum spe...

Страница 92: ...up Figure 7 1 Example of Traffic Shaping 7 7 Configuring WAN Functions To change your Prestige s WAN remote node settings click WAN to access the WAN Functions screen Figure 7 2 WAN Functions The foll...

Страница 93: ...e regular WAN connection is dropped ISDN Dial in Setup Click ISDN Dial in Setup to edit your Prestige s Dial in settings for remote management NetCAPI Setup Click NetCAPI Setup to edit your Prestige s...

Страница 94: ...Prestige 653HWI Series User s Guide 7 6 WAN Setup 7 8 Configuring WAN DSL Setup To edit your DSL settings click WAN DSL Setup The screen differs by the encapsulation Figure 7 3 WAN DSL Setup...

Страница 95: ...Choices are VC or LLC Virtual Circuit ID VPI Virtual Path Identifier and VCI Virtual Channel Identifier define a virtual circuit Refer to the appendix for more information VPI The valid range for the...

Страница 96: ...eld A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet The Single User Account featur...

Страница 97: ...bnetting appendix in the to calculate a subnet mask If you are implementing subnetting ENET ENCAP Gateway ENET ENCAP encapsulation only You must specify a gateway IP address supplied by your ISP when...

Страница 98: ...3HWI Series User s Guide 7 10 WAN Setup 7 9 ISDN Connection Setup To edit your Prestige s advanced WAN backup settings click WAN ISDN Connection Setup The screen appears as shown Figure 7 4 ISDN Conne...

Страница 99: ...d IP Address Automatically Some implementations especially the UNIX derivatives require the WAN link to have a separate IP network number from the LAN and each end must have a unique address within th...

Страница 100: ...Allocate Budget Type the amount of time in minutes that the dial backup connection can be used during the time configured in the Period field Set an amount that is less than the time period configured...

Страница 101: ...s Guide WAN Setup 7 13 7 10 ISDN Dial In Setup To edit your Prestige s Dial In Setup click WAN ISDN Dial In Setup The screen appears as shown Figure 7 5 ISDN Dial In Setup The following table describe...

Страница 102: ...gle connection to boost the effective throughput between two nodes This option is only available if the transfer type is 64K Options for this field are Off BOD and Always Budget Allocate Budget Type t...

Страница 103: ...s Guide WAN Setup 7 15 7 11 Configuring NetCAPI To edit your Prestige s NetCAPI settings click WAN NetCAPI Setup The screen appears as shown Figure 7 6 Configuring NetCAPI The following table describe...

Страница 104: ...ddress of ISDN DATA If the incoming call does not match the subaddress of ISDN DATA then the call will be routed to NetCAPI Start IP Refers to the first IP address of a group of NetCAPI clients Each g...

Страница 105: ...rent client workstations at the same time e g one workstation sending a fax another workstation doing a file transfer RVS COM has to be installed on each client workstation in order to share the ISDN...

Страница 106: ...rt connection see the Compact Guide 7 13 Traffic Redirect on the LAN Traffic redirect forwards LAN traffic to a backup gateway when the Prestige cannot connect to the Internet An example is shown in t...

Страница 107: ...cted to the LAN or DMZ Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in...

Страница 108: ...Prestige 653HWI Series User s Guide 7 20 WAN Setup Figure 7 10 Traffic Redirect LAN Setup...

Страница 109: ...ide WAN Setup 7 21 7 15 Configuring WAN Backup To change your Prestige s WAN backup settings click WAN then WAN Backup The screen appears as shown Figure 7 11 WAN Backup Setup The following table desc...

Страница 110: ...n it periodically checks to whether or not it can use a higher priority connection Type the number of seconds 30 recommended for the Prestige to wait between checks Allow more time if your destination...

Страница 111: ...Figure 7 2 Metric This field sets this route s priority between the two backup routes the Prestige uses The metric represents the cost of transmission A router determines the best route for transmissi...

Страница 112: ......

Страница 113: ...NAT Dynamic DNS and Time Zone III Part III NAT Dynamic DNS and Time Zone This part covers NAT Network Address Translation dynamic DNS Domain Name Sever and Time Zone setup...

Страница 114: ......

Страница 115: ...local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side...

Страница 116: ...d If you do not define any servers for Many to One and Many to Many Overload mapping see Table 8 2 NAT offers the additional benefit of firewall protection With no servers defined your Prestige filter...

Страница 117: ...AT Works 8 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct W...

Страница 118: ...maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported...

Страница 119: ...SMT ABBREVIATION One to One ILA1 IGA1 1 1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 M 1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 M M Ov Many to Many No Overload ILA1 IGA1 ILA2 IGA2...

Страница 120: ...ports a default server IP address A default server receives packets from ports that are not specified in this screen If you do not assign a Default Server IP Address the Prestige discards all packets...

Страница 121: ...r further information about port numbers Table 8 3 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 F...

Страница 122: ...ers Behind NAT Example 8 4 Selecting the NAT Mode You must create a firewall rule in addition to setting up SUA NAT to allow traffic from the WAN to be forwarded through the Prestige Click NAT to open...

Страница 123: ...Server Set screen Full Feature Select this radio button if you have multiple public WAN IP addresses for your Prestige Edit Details Click this link to go to the NAT Address Mapping Rules screen Apply...

Страница 124: ...er the port number again in the End Port No field To forward a series of ports enter the start port number here and the end port number in the End Port No field End Port No Enter a port number in this...

Страница 125: ...stige takes the corresponding action and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rul...

Страница 126: ...field is N A for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numbers do not change for the One to one NAT...

Страница 127: ...count feature that previous ZyXEL routers supported only 3 Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses 4 Many to Many No Overload Ma...

Страница 128: ...his field is N A for One to One Many to One and Server mapping types Server Mapping Set Only available when Type is set to Server Select a number from 1 to 10 from the drop down menu to choose a serve...

Страница 129: ...riends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a...

Страница 130: ...ect the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your Prestige by your Dynamic DNS provider E mail Address Type your e mail address User Type your user nam...

Страница 131: ...this screen to configure the Prestige s time and date settings 10 1 Configuring Time Zone To change your Prestige s time and date click Time Zone The screen appears as shown Use this screen to config...

Страница 132: ...me zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Select this option if you use daylight savings time Daylight saving is a...

Страница 133: ...k Apply Time Current Time This field displays the time of your Prestige Each time you reload this page the Prestige synchronizes the time with the time server New Time This field displays the last upd...

Страница 134: ......

Страница 135: ...rs IV Part IV Firewall and Content Filters This part introduces firewalls in general and the Prestige firewall It also explains customized services and logs and gives example firewall rules and an ove...

Страница 136: ......

Страница 137: ...ewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented...

Страница 138: ...ching that some proxies support See section 11 5 for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for enterprise...

Страница 139: ...otocols that perform specific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traff...

Страница 140: ...oversize packet is then sent to an unsuspecting system Systems may crash hang or reboot 1 b Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through...

Страница 141: ...Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows the SYN ACK it...

Страница 142: ...adcast the ICMP echo request packet to all hosts on the network If there are numerous hosts this will create a large amount of ICMP echo request and response traffic If a hacker chooses to spoof the s...

Страница 143: ...ming from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through th...

Страница 144: ...and the packet s application layer protocol is configured for a firewall rule inspection 1 The packet travels from the firewall s LAN to the WAN 2 The packet is evaluated against the interface s exis...

Страница 145: ...ection are inspected to update the state table entry and to modify the temporary inbound access list entries as required and are forwarded through the interface 9 When the connection terminates or tim...

Страница 146: ...s any subsequent packet from the Internet or from the LAN its connection information is extracted and checked against the cache A packet is only allowed to pass through if it corresponds to a valid co...

Страница 147: ...on a case by case basis You can use the web configurator s Custom Ports feature to do this 11 6 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via SMT or web config...

Страница 148: ...ormation to people outside your company Be careful of files e mailed to you from strangers One common way of getting BackOrifice on a system is to include it as a Trojan horse with other files 7 Chang...

Страница 149: ...ate of connections it handles so that for example a legitimate incoming packet can be matched with the outbound request for that packet and allowed in Conversely an incoming packet masquerading as a r...

Страница 150: ...Prestige 653HWI Series User s Guide 11 14 Firewalls 6 The firewall can block specific URL traffic that might occur in the future The URL can be saved in an Access Control List ACL database...

Страница 151: ...ow management see the Remote Management chapter and the firewall is enabled The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it The firewall allows remo...

Страница 152: ...to the chapter on logs for details 12 3 2 Threshold Values Tune these parameters when something is not working and after you have checked the firewall counters These default values should work fine fo...

Страница 153: ...detected in the last one minute sample period TCP Maximum Incomplete and Blocking Time An unusually high number of half open sessions with the same destination host address could indicate that a Denia...

Страница 154: ...ses the firewall to stop deleting half open sessions The Prestige continues to delete half open sessions as necessary until the rate of new connection attempts drops below this number 80 is the defaul...

Страница 155: ...umber TCP Maximum Incomplete This is the number of existing half open TCP sessions default 10 with the same destination host IP address that causes the firewall to start dropping half open sessions to...

Страница 156: ......

Страница 157: ...For example you may create rules to Block certain types of traffic such as IRC Internet Relay Chat from the LAN to the Internet Allow certain types of traffic such as Lotus Notes database synchroniza...

Страница 158: ...rvice 2 Is it possible to modify the rule to be more specific For example if IRC is blocked for all users will a rule that blocks just certain users be more effective 3 Does a rule that allows Interne...

Страница 159: ...a single IP a range of IPs or a subnet 13 3 Connection Direction This section talks about configuring firewall rules for connections going from LAN to WAN and WAN to LAN in your firewall 13 3 1 LAN to...

Страница 160: ...13 1 LAN to WAN Traffic 13 3 2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections WAN to LAN If you wish to allow certain WAN users to have access to your LAN you...

Страница 161: ...An attack automatically generates a log Logs can be sent to an e mail account or syslog server that you specify in the Log Settings screen see the chapter on logs 13 5 Rule Summary The fields in the...

Страница 162: ...n for packets not matching following rules Use the drop down list box to select whether to Block silently discard or Forward allow the passage of packets that do not match the following rules Default...

Страница 163: ...None Rules Reorder You may reorder your rules using this function Use the drop sown list box to select the number of the rule you want to move The ordering of your rules is important as rules are appl...

Страница 164: ...t be possible by e mail H 323 TCP 1720 Net Meeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS HTTPS is a secured http session oft...

Страница 165: ...a channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login...

Страница 166: ...and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer...

Страница 167: ...ure 13 4 Creating Editing A Firewall Rule The following table describes the fields in this screen Table 13 3 Creating Editing A Firewall Rule LABEL DESCRIPTION Source Address Click SrcAdd to add a new...

Страница 168: ...down list box to select whether to Block silently discard or Forward allow the passage of packets that match this rule Log This field determines if a log is created for packets that match the rule Mat...

Страница 169: ...50 a subnet or any IP address Select an option from the drop down list box that includes Single Address Range Address Subnet Address and Any Address Start IP Address Type the single IP address or the...

Страница 170: ...default 30 for the Prestige to wait for a TCP session to reach the established state before dropping the session FIN Wait Timeout Type the number of seconds default 60 for a TCP session to remain open...

Страница 171: ...ing Custom Rules 13 15 Table 13 5 Timeout LABEL DESCRIPTION Back Click Back to return to the previous screen Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel...

Страница 172: ......

Страница 173: ...rt numbers not predefined by the Prestige see Figure 13 4 For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website For further information on the...

Страница 174: ...e of your customized service Protocol This shows the IP protocol TCP UDP or Both that defines your customized service Port This is the port number or range that defines your customized service Back Cl...

Страница 175: ...e your customized service Back Click Back to return to the Firewall Customized Services screen Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to return to...

Страница 176: ...dit rule screen and then click a rule number to bring up the Firewall Customized Services Config screen Configure as follows Figure 14 4 Customized Service for MyService Example Customized services sh...

Страница 177: ...utlined earlier in this chapter to configure all your rules Configure the rule configuration screen like the one below and apply it Figure 14 5 Syslog Rule Configuration Example This is your MyService...

Страница 178: ...firewall rules the Rule Summary screen should look like the following Don t forget to click Apply when you have finished configuring your rule s to save your settings back to the Prestige Figure 14 6...

Страница 179: ...You can set a schedule for when the Prestige performs content filtering You can also specify trusted IP addresses on the LAN for which the Prestige will not perform content filtering 15 2 Configuring...

Страница 180: ...ect this check box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the keywords that you have configured the Prestige to block Delete Hig...

Страница 181: ...ou will get a message telling you that the content filter is blocking this request Back Click Back to return to the previous screen Apply Click Apply to save your changes back to the Prestige Cancel C...

Страница 182: ...to the previous screen Apply Click Apply to save your changes Cancel Click Cancel to return to the previously saved settings 15 4 Configuring Trusted Computers To exclude a range of users on the LAN...

Страница 183: ...P address of a specific range of users on your LAN that you want to exclude from content filtering Leave this field blank if you want to exclude an individual computer Back Click Back to return to the...

Страница 184: ......

Страница 185: ...VPN IPSec V Part V VPN IPSec This part provides information about configuring VPN IPSec for secure communications...

Страница 186: ......

Страница 187: ...ions for secure data communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and auth...

Страница 188: ...lications Linking Two or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improved performance when compared to leased li...

Страница 189: ...he default standards for packet structure including implementation algorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES al...

Страница 190: ...he original IP header in the hashing process 16 3 2 Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access t...

Страница 191: ...ding headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the receiv...

Страница 192: ......

Страница 193: ...rity authentication sequence integrity replay resistance and non repudiation but not for confidentiality for which the ESP was designed In applications where confidentiality is not required or not san...

Страница 194: ...d is configured as 0 0 0 0 then the Prestige will use the current Prestige WAN IP address static or dynamic to set up the VPN tunnel The Prestige has to rebuild the VPN tunnel if the My IP Address cha...

Страница 195: ...y management and not Manual key management 17 5 VPN Summary Screen The following figure helps explain the main fields in the web configurator Figure 17 1 IPSec Summary Fields Local and remote IP addre...

Страница 196: ...This field displays whether the VPN policy is active or not A Y signifies that this VPN policy is active Local Address This is the IP address es of computers on your local network behind your Prestig...

Страница 197: ...und traffic the Prestige automatically drops the tunnel after two minutes 17 7 ID Type and Content With aggressive negotiation mode see section 17 10 1 the Prestige identifies incoming SAs by ID type...

Страница 198: ...e Gateway field DNS Type a domain name up to 31 characters by which to identify the remote IPSec router E mail Type an e mail address up to 31 characters by which to identify the remote IPSec router T...

Страница 199: ...IGE B Local ID type IP Local ID type IP Local ID content 1 1 1 10 Local ID content 1 1 1 10 Peer ID type E mail Peer ID type IP Peer ID content aa yahoo com Peer ID content N A 17 8 Pre Shared Key A p...

Страница 200: ...Prestige 653HWI Series User s Guide 17 8 VPN Screens Figure 17 3 VPN IKE...

Страница 201: ...through a secure gateway must have the same negotiation mode Local Local IP addresses must be static and correspond to the remote IPSec router s configured remote IP addresses Two active SAs cannot h...

Страница 202: ...rop down menu to choose Single Range or Subnet Select Single with a single IP address Select Range for a specific range of IP addresses Select Subnet to specify IP addresses on a network by their subn...

Страница 203: ...omain name Select E mail to identify the remote IPSec router by an e mail address Content When you select IP in the Peer ID Type field type the IP address of the computer with which you will make the...

Страница 204: ...ame secret key which can be used to encrypt and decrypt the message or to generate and verify a message authentication code The DES encryption algorithm uses a 56 bit key Triple DES 3DES is a variatio...

Страница 205: ...riod expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In phase 2 you must Choose which protocol to use ESP or AH for the IKE key exchange Choose an e...

Страница 206: ...llows two parties to establish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 768 bit Group 1 DH1 and 1024 bit Group 2 DH...

Страница 207: ...ens 17 15 Figure 17 5 VPN IKE Advanced The following table describes the fields in this screen Table 17 8 VPN IKE Advanced LABEL DESCRIPTION VPN IKE Protocol Enter 1 for ICMP 6 for TCP 17 for UDP etc...

Страница 208: ...MTP 110 POP3 End Enter a port number in this field to define a port range This port number must be greater than that specified in the previous field If Remote Start Port is left at 0 End will also rem...

Страница 209: ...egotiates in this field It may range from 60 to 3 000 000 seconds almost 35 days A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication key...

Страница 210: ...is disabled NONE by default in phase 2 IPSec SA setup This allows faster IPSec setup but is not so secure Choose DH1 or DH2 from the drop down list box to enable PFS DH1 refers to Diffie Hellman Grou...

Страница 211: ...ical outgoing and incoming SPIs 17 13Configuring Manual Key You only configure VPN Manual Key when you select Manual in the Key Management field on the VPN IKE screen This is the VPN Manual Key screen...

Страница 212: ...dress Type field is configured to Single enter a static IP address on the LAN behind your Prestige When the Local Address Type field is configured to Range enter the beginning static IP address in a r...

Страница 213: ...nd static IP address in a range of computers on the network behind the remote IPSec router When the Remote Address Type field is configured to Subnet enter a subnet mask on the network behind the remo...

Страница 214: ...elect SHA1 or MD5 from the drop down list box MD5 Message Digest 5 and SHA1 Secure Hash Algorithm are hash algorithms used to authenticate packet data The SHA1 algorithm is generally considered strong...

Страница 215: ...describes the fields in this screen Table 17 10 SA Monitor LABEL DESCRIPTION No This is the security association index number Name This field displays the identification name for this VPN policy Enca...

Страница 216: ...N Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP broadcast packets that enable a computer to find other computers It may sometimes be necessary to allo...

Страница 217: ...anges of addresses cannot overlap See the following table and figure for an example Having everyone use the same pre shared key may create a vulnerability If the pre shared key is compromised all of t...

Страница 218: ...parate VPN rule to simultaneously access a Prestige at headquarters They can use different IPSec parameters including the pre shared key and the local IP addresses or ranges of addresses can overlap S...

Страница 219: ...If a VPN tunnel uses a remote management service port Telnet FTP WWW SNMP DNS or ICMP and terminates at the Prestige s LAN or WAN port configure remote management to allow access for that service If...

Страница 220: ...Prestige 653HWI Series User s Guide 17 28 VPN Screens If the VPN tunnel terminates at the Prestige s WAN IP address configure remote management for WAN server access or LAN WAN or LAN WAN DMZ...

Страница 221: ...UPnP and Logs VI Part VI Remote Management UPnP and Logs This part contains information on how to configure the Prestige for remote management setting up Universal Plug and Play UPnP and setting up an...

Страница 222: ......

Страница 223: ...Disable When you Choose WAN only or ALL LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access...

Страница 224: ...P address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the LAN 18 1 3 System Timeout There is a system timeout of five minutes three hundred seconds for either...

Страница 225: ...Click Remote Management to open the following screen Figure 18 2 Remote Management The following table describes the fields in this screen Table 18 1 Remote Management LABEL DESCRIPTION Server Type E...

Страница 226: ...IPTION Secured Client IP The default 0 0 0 0 allows any client to use this service to remotely manage the Prestige Type an IP address to restrict access to a client with a matching IP address Apply Cl...

Страница 227: ...cting the icon of a UPnP device will allow you to access the information and properties of that device 19 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to opera...

Страница 228: ...tested UPnP broadcasts are only allowed on the LAN See later sections for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows 19 2 1 Configuring UPn...

Страница 229: ...application Allow UPnP to pass through Firewall Select this check box to allow traffic from UPnP enabled applications to bypass the firewall Clear this check box to have the firewall block all UPnP ap...

Страница 230: ...rt the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP Step 1 Click start and Control Panel Step 2 Double click Network Connections Step 3...

Страница 231: ...ple This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN...

Страница 232: ...ere automatically created Step 4 You may edit or delete the port mappings or click Add to manually add port mappings When the UPnP enabled device is disconnected from your computer all port mappings w...

Страница 233: ...ou can access the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do not know the IP address of the Prestige Follow the steps...

Страница 234: ...enabled device displays under Local Network Step 5 Right click on the icon for your Prestige and select Invoke The web configurator login screen displays Step 6 Right click on the icon for your Presti...

Страница 235: ...lerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System...

Страница 236: ...Prestige 653HWI Series User s Guide 20 2 Logs Screens Figure 20 1 Log Settings The following table describes the fields in this screen...

Страница 237: ...enable UNIX syslog Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box T...

Страница 238: ...ogs screen to see the logs for the categories that you selected in the Log Settings screen see section 20 2 Log entries in red indicate alerts The log wraps around and deletes the old entries after it...

Страница 239: ...ngs page make sure that you have first filled in the Address Info fields in Log Settings see section 20 2 Refresh Click Refresh to renew the log screen Clear Log Click Clear Log to delete all the logs...

Страница 240: ...forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1...

Страница 241: ...Bandwidth Management VII Part VII Bandwidth Management This part provides information on the functions and configuration of Bandwidth Management...

Страница 242: ......

Страница 243: ...dropped packets at the next routing device For example you can set the WAN interface speed to 1000kbps if the ADSL connection has an upstream speed of 1000kbps All configuration screens display measur...

Страница 244: ...available bandwidth 21 4 Bandwidth Management Usage Examples These examples show bandwidth management allotments on a WAN interface that is configured for 640Kbps 21 4 1 Application based Bandwidth M...

Страница 245: ...nt Example The following example uses bandwidth classes based on LAN subnets and applications specific applications in each subnet are allotted bandwidth Table 21 1 Application and Subnet based Bandwi...

Страница 246: ...er a bandwidth class s priority number is the higher the priority Assign real time applications like those using audio or video a higher priority number to provide smoother operation 21 5 2 Fairness b...

Страница 247: ...estige distributes the available bandwidth equally among classes with the same priority level 21 6 1 Reserving Bandwidth for Non Bandwidth Class Traffic Do the following three steps to configure the P...

Страница 248: ...e bandwidth Each class gets up to its budgeted bandwidth The administration class only uses 1 Mbps of its budgeted 2 Mbps Sales and Marketing are first to get extra bandwidth because they have the hig...

Страница 249: ...ss can also borrow bandwidth from a higher parent class grandparent class if the child class s parent class is also configured to borrow bandwidth from its parent class This can go on for as many leve...

Страница 250: ...idth Borrowing Example The Bill class can borrow unused bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled The Bill class can also borrow unused bandwidth from t...

Страница 251: ...on individual child classes the Prestige functions as follows 1 The Prestige sends traffic according to each bandwidth class s bandwidth budget 2 The Prestige assigns a parent class s unused bandwidt...

Страница 252: ...ive Select an interface s check box to enable bandwidth management on that interface Speed kbps Enter the amount of bandwidth for this interface that you want to allocate using bandwidth management Th...

Страница 253: ...restige Cancel Click Cancel to begin configuring this screen afresh 21 9 Configuring Class Setup The class setup screen displays the configured bandwidth classes by individual interface Select an inte...

Страница 254: ...LABEL DESCRIPTION Interface Select an interface from the drop down list box for which you wish to set up classes Back Click Back to go to the main BW Manager screen Add Child Class Click Add Child cl...

Страница 255: ...lass 21 9 1 Bandwidth Manager Class Configuration Configure a bandwidth management class in the Class Configuration screen You must use the Bandwidth Manager Summary screen to enable bandwidth managem...

Страница 256: ...dwidth Manager Class Configuration The following table describes the labels in this screen Table 21 4 Bandwidth Manager Class Configuration LABEL DESCRIPTION Class Name Use the auto generated name or...

Страница 257: ...ble 21 2 Bandwidth Filter The Prestige uses a bandwidth filter to identify the traffic that belongs to a bandwidth class Active Select the check box to have the Prestige use this bandwidth filter when...

Страница 258: ...ns any source port number Protocol ID Enter the protocol ID service type number for example 1 for ICMP 6 for TCP or 17 for UDP A blank protocol ID means any protocol number Back Click Back to go to th...

Страница 259: ...lass the statistics page is showing Budget kbps This field displays the amount of bandwidth allocated to the class Tx Packets This field displays the total number of packets transmitted Tx Bytes This...

Страница 260: ...1 10 Configuring Monitor To view the Prestige s bandwidth usage and allotments click BW Manager then Monitor The screen appears as shown Figure 21 11 Bandwidth Manager Monitor The following table desc...

Страница 261: ...ige 653HWI Series User s Guide Bandwidth Management 21 19 Table 21 7 Bandwidth Manager Monitor LABEL DESCRIPTION Back Click Back to go to the main BW Manager screen Refresh Click Refresh to update the...

Страница 262: ......

Страница 263: ...Maintenance VIII Part VIII Maintenance This part covers the maintenance screens...

Страница 264: ......

Страница 265: ...rt traffic statistics 22 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 22 2 System Status Scree...

Страница 266: ...Prestige 653HWI Series User s Guide 22 2 Maintenance Figure 22 1 System Status...

Страница 267: ...tion IP Address This is the DSL port IP address IP Subnet Mask This is the DSL port IP subnet mask Default Gateway This is the IP address of the default gateway if applicable VPI VCI This is the Virtu...

Страница 268: ...er of packets sent and number of packets received for each port 22 2 1 System Statistics Click Show Statistics in the System Status screen to open the following screen Read only information here inclu...

Страница 269: ...us For the DSL port this displays the port speed and duplex setting if you re using Ethernet encapsulation and down line is down idle line ppp idle dial starting to trigger a call and drop dropping a...

Страница 270: ...en configured as a server the Prestige provides the TCP IP configuration for the clients If set to None DHCP service will be disabled and you must have another DHCP server on your LAN or else the comp...

Страница 271: ...LAN 22 4 1 Association List This screen displays the MAC address es of the wireless clients that are currently logged in to the network Click Wireless LAN and then Association List to open the screen...

Страница 272: ...tige Back Click Back to return to the previous screen Refresh Click Refresh to renew the information in the table 22 4 2 Channel Usage Table This screen displays the state of the channels within the P...

Страница 273: ...Ad hoc network is using the channel within the Prestige s transmission range Back Click Back to return to the previous screen Refresh Click Refresh to renew the information in the table 22 5 Diagnost...

Страница 274: ...IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that you entered Reset System Click this button to reboot...

Страница 275: ...The following table describes the fields in this screen Table 22 7 Diagnostic DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line The large text box above then...

Страница 276: ...packet to the DSLAM ATM switch and then returns it loops it back to the Prestige The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network Upstream Noise Margin Click...

Страница 277: ...intenance 22 13 Figure 22 8 Diagnostic ISDN Line The following table describes the fields in this screen Table 22 8 Diagnostic ISDN Line LABEL DESCRIPTION Reset IDSN Line This command re initializes t...

Страница 278: ...the B2 channel It is only applicable if the B2 channel is currently in use Back Click this button to go back to the main Diagnostic screen 22 6 Firmware Screen Find firmware at www zyxel com in a fil...

Страница 279: ...pressed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes Reset Click this button to clear all user entered configuration inf...

Страница 280: ...Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the System Status screen If the upload was not successful the following screen will appear Click...

Страница 281: ...Management Terminal configuration for general setup WAN backup LAN setup wireless LAN setup Internet access remote node static route NAT and enabling the firewall See the web configurator parts of thi...

Страница 282: ......

Страница 283: ...arity 8 data bits 1 stop bit data flow set to none 9600 bps port speed Press ENTER to display the SMT password screen The default password is 1234 23 1 2 Procedure for SMT Configuration via Telnet The...

Страница 284: ...f there is no activity for longer than five minutes after you log in your Prestige will automatically log you out Figure 23 1 Login Screen 23 1 4 Prestige SMT Menu Overview The following figure gives...

Страница 285: ...ge 653 SMT Menu Overview 23 2 Navigating the SMT Interface The SMT System Management Terminal is the interface that you use to configure your Prestige Several operations that you should be familiar wi...

Страница 286: ...ext field respectively Entering information Type in or press SPACE BAR then press ENTER You need to fill in two types of fields The first requires you to type in the appropriate information The second...

Страница 287: ...tatic routes 14 Dial in User Setup Use this menu to set up local user profiles on the Prestige 15 NAT Setup Use this menu to specify inside servers when NAT is enabled 21 Filter and Firewall Setup Use...

Страница 288: ...by following the steps shown next Step 1 Enter 23 in the main menu to display Menu 23 System Security Step 2 Enter 1 to display Menu 23 1 System Security Change Password as shown next Step 3 Type your...

Страница 289: ...2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the...

Страница 290: ...eave this field blank the ISP may assign a domain name via DHCP You can go to menu 24 8 and type sys domainname to see the current domain name used by your gateway If you want to clear this field just...

Страница 291: ...lt Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Yes Host Enter the domain name assigned to your Prestige by your Dynamic DNS provider me dyndns org EMAIL Enter...

Страница 292: ......

Страница 293: ...backup connections 25 2 ISDN Dial Backup To set up the ISDN port for use in the event that the regular WAN connection is dropped first make sure you have set up the port connection and then configure...

Страница 294: ...ddress of a reliable nearby computer for example your ISP s DNS server address When using a WAN backup connection the Prestige periodically pings the addresses configured here and uses the other WAN b...

Страница 295: ...u 2 1 Traffic Redirect Setup Select No default if you do not want to configure this feature Dial Backup Press SPACE BAR to select Yes or No Select Yes and press ENTER to configure Menu 2 2 Dial Backup...

Страница 296: ...uses hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the link is down The smaller the numbe...

Страница 297: ...Data Enter the telephone number s assigned to your ISDN line by your telephone company Some switch types only have one telephone number Note that the router only accepts digits please do not include...

Страница 298: ...y If you place a call from a device on either A B adapter you must dial the prefix by hand PABX Number with S T Bus Number for Loopback Enter the S T bus number if the router is connected to an ISDN P...

Страница 299: ...ction There are two types of ISDN Data Link Connection namely point to multipoint and point to point When you select point to multipoint the TE1 value will be assigned by negotiation with the switch W...

Страница 300: ...eck the ISDN line If the loop back test fails please note the error message that you receive and take the appropriate troubleshooting action Figure 25 6 Loopback Test 25 6 NetCAPI Setup Menu Select Ye...

Страница 301: ...N DATA number If the incoming phone number does not match the ISDN DATA number then the call will be routed to NetCAPI Select Called Party Subaddress if you want to direct all incoming calls to the Pr...

Страница 302: ...e the Remote Node Profile 9 settings are used for a backup ISDN connection Remote Node Profile 10 enables Dial In access to the Prestige for remote management Enter 9 or 10 in Menu 11 Remote Node Setu...

Страница 303: ...lds for PPPoA and PPPoE encapsulation only Enter the login name that your ISP gives you If you are using PPPoE encapsulation then this field must be of the form user domain where domain identifies you...

Страница 304: ...ccessing this remote node 0 default Period hr Enter the time period in hours for how often the budget should be reset For example to allow calls to this remote node for a maximum of 10 minutes every h...

Страница 305: ...psulation otherwise select Standard PPP Standard PPP default Compression Press SPACE BAR and then ENTER to select Yes to enable or No to disable Stac compression No default BACP Your Prestige negotiat...

Страница 306: ...s separated by a for subtracting and adding the second port Default 32 48 25 9 Editing TCP IP Options Move the cursor to the Edit IP field in Menu 11 1 Remote Node Profile Backup ISP then press SPACE...

Страница 307: ...you have multiple public WAN IP addresses for your Prestige SUA Only Select SUA Only if you have just one public WAN IP address for your Prestige The SMT uses Address Mapping Set 255 menu 15 1 see se...

Страница 308: ...rom the server to the Expect field the Prestige returns the set s Send string to the server For instance a typical login sequence starts with the server printing a banner a login prompt for you to ent...

Страница 309: ...e server If there are errors in the script and it gets stuck at a set for longer than the Dial Timeout in menu 2 default 60 seconds the Prestige will timeout and drop the line To debug a script go to...

Страница 310: ...ckup ISP Use menu 11 5 to specify the filter set s to apply to the incoming and outgoing traffic between this remote node and the Prestige to prevent certain packets from triggering calls You can spec...

Страница 311: ...ure 25 13 Menu 11 5 Dial Backup Remote Node Filter Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Call Filter Sets pr...

Страница 312: ......

Страница 313: ...e Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 26 2 Menu 3 1 LAN Port...

Страница 314: ...press ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 26 3 Menu 3 2 TCP IP and DHCP Ethernet Setup Follow the instructions in the following table on how to configure the...

Страница 315: ...or count of the IP address pool 32 Primary DNS Server Secondary DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the s...

Страница 316: ...enable IP Multicasting or select None to disable it None default IP Policies Create policies using SMT menu 25 see the IP Policy Routing chapter and apply them on the Prestige LAN interface here You c...

Страница 317: ...enu 3 5 to set up your Prestige as the wireless access point To edit menu 3 5 enter 3 from the main menu to display Menu 3 LAN Setup When menu 3 appears press 5 and then press ENTER to display Menu 3...

Страница 318: ...2 2432 Frag Threshold The threshold number of bytes for the fragmentation boundary for directed messages It is the maximum data fragment size that can be sent Enter a value between 256 and 2432 2432 W...

Страница 319: ...press ENTER Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table To deny access to the Prestige press SPACE BAR to select Deny Association and Menu 3 5...

Страница 320: ...d will be allowed to access the router The default action Allowed Association permits association with the Prestige MAC addresses not listed will be denied access to the router MAC Address Filter Addr...

Страница 321: ...Policy Routing IPPR provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator Policy based routing is appl...

Страница 322: ...igure 28 2 Partitioned Logical Networks Use menu 3 2 1 to configure IP Alias on your Prestige 28 4 IP Alias Setup Use menu 3 2 to configure the first network Move the cursor to Edit IP Alias field and...

Страница 323: ...Outgoing protocol filters N A IP Alias 2 No IP Address N A IP Subnet Mask N A RIP Direction N A Version N A Incoming protocol filters N A Outgoing protocol filters N A Enter here to CONFIRM or ESC to...

Страница 324: ...Choices are RIP 1 RIP 2B or RIP 2M RIP 1 Incoming Protocol Filters Enter the filter set s you wish to apply to the incoming traffic between this node and the Prestige Outgoing Protocol Filters Enter...

Страница 325: ...using ENET ENCAP encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup as shown next Figure 28 6 Menu 4 Internet Access Setup The following table contains instructions on how...

Страница 326: ...s value specifies the number of idle seconds that elapse before the Prestige automatically disconnects the PPPoE session 0 NAT Press SPACE BAR to select None SUA Only or Full Feature Please see the NA...

Страница 327: ...configuring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as well as configure specific settings in three subme...

Страница 328: ...ation Here are some examples of more suitable combinations in such an application Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combination b...

Страница 329: ...CAP is selected then the Rem Login Rem Password My Login My Password and Authen fields are not applicable N A ENET ENCAP Multiplexing Press SPACE BAR and then ENTER to select the method of multiplexin...

Страница 330: ...hentication Protocol only Authen PAP accept PAP Password Authentication Protocol only Route This field determines the protocol used in routing Options are IP and None IP Bridge When bridging is enable...

Страница 331: ...ode before the Prestige automatically disconnects the remote node 0 means that the session will not timeout When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to...

Страница 332: ...configure in menu 4 all other nodes are set to Static Dynamic Rem IP Addr This is the IP address you entered in the previous menu Rem Subnet Mask Type the subnet mask assigned to the remote node My W...

Страница 333: ...ype a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number 2 Private This determines if the Presti...

Страница 334: ...figure while Rem IP Addr indicates the peer WAN IP 172 16 0 2 in the following figure Figure 29 4 Sample IP Addresses for a TCP IP LAN to LAN Connection 29 4 Remote Node Filter Move the cursor to the...

Страница 335: ...Node ATM Layer Options In menu 11 1 move the cursor to the Edit ATM Options field and then press SPACE BAR to select Yes Press ENTER to display Menu 11 6 Remote Node ATM Layer Options There are two ve...

Страница 336: ...VPI and VCI numbers need be specified for all protocols The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 1 to 31 is reserved for local management of ATM traffic Menu 11 6 Remote...

Страница 337: ...dit IP No Incoming Telco Option Rem Login Rem Password Allocated Budget min Rem CLID Period hr Call Back No Schedules Outgoing Carrier Access Code My Login My Password Authen CHAP PAP Session Options...

Страница 338: ......

Страница 339: ...t is directly connected to a remote node Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance th...

Страница 340: ...Setup shown next Figure 30 3 Menu 12 1 IP Static Route Setup Step 3 Now type the route number of a static route you want to configure Menu 12 1 IP Static Route Setup 1 ________ 2 ________ 3 ________ 4...

Страница 341: ...to be identical to the host ID IP Subnet Mask Type the subnet mask for this destination Follow the discussion on IP Subnet Mask in this manual Gateway IP Address Type the IP address of the gateway The...

Страница 342: ...this remote node in its RIP broadcasts If set to Yes this route is kept private and is not included in RIP broadcasts If No the route to this remote node will be propagated to other hosts through RIP...

Страница 343: ...tocol and it also demands more CPU cycles and memory For efficiency reasons do not turn on bridging unless you need to support protocols other than IP on your network For IP enable the routing if you...

Страница 344: ...Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies Press ENTER to Confirm or ESC to...

Страница 345: ...our configuration or press ESC to cancel and go back to the previous screen 31 2 2 Bridge Static Route Setup Similar to network layer static routes a bridging static route tells the Prestige the route...

Страница 346: ...to IP Address If available type the IP address of the destination computer that you want to bridge the packets to Gateway Node Press SPACE BAR and then ENTER to select the number of the remote node o...

Страница 347: ...Server See section 32 3 1 for a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of cli...

Страница 348: ...emote node that you want to configure Step 3 Move the cursor to the Edit IP Bridge field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu...

Страница 349: ...mapping sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN and the DMZ You can see two NAT address mapping sets in menu 15 1 You can only conf...

Страница 350: ...ets Enter 1 to bring up Menu 15 1 Address Mapping Sets Figure 32 4 Menu 15 1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen see also section 32 1 1 The fields in thi...

Страница 351: ...the End IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the...

Страница 352: ...bed later and the values are displayed here Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify When a rule matches the current pa...

Страница 353: ...all the rules after the selected one will be advanced one rule None disables the Select Rule item Edit Select Rule When you choose Edit Insert Before or Delete in the previous field the cursor jumps t...

Страница 354: ...ocal IP address ILA 0 0 0 0 End This is the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for One to...

Страница 355: ...Server behind NAT Follow these steps to configure a server behind NAT Step 1 Enter 15 in the main menu to go to Menu 15 NAT Setup Step 2 Enter 2 to display Menu 15 2 NAT Server Sets as shown next Fig...

Страница 356: ...d In the following figure you have a computer acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 Step 6 Press ENTER at the Press ENTER to confirm prompt to save your configurat...

Страница 357: ...net Figure 32 10 Multiple Servers Behind NAT Example 32 5 General NAT Examples The following are some examples of NAT configuration 32 5 1 Example 1 Internet Access Only In the following Internet acce...

Страница 358: ...ion 32 5 The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case Menu 4 Internet Access Setup ISP s Name MyISP E...

Страница 359: ...and also go to menu 15 2 to specify the Inside Server behind the NAT as shown in the next figure Figure 32 14 Menu 15 2 1 Specifying an Inside Server Menu 15 2 1 NAT Server Setup Used for SUA Only Ru...

Страница 360: ...er Four rules need to be configured two bi directional and two unidirectional as follows Rule 1 Map the first IGA to the first inside FTP server for FTP traffic in both directions 1 1 mapping giving b...

Страница 361: ...direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA See Figure 32 17 Step 6 Repeat t...

Страница 362: ...re it as shown Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0...

Страница 363: ...ping as port numbers do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Figure 32 19 NAT Example 4 Menu 15 2 1 NAT Server Setup Rule Star...

Страница 364: ...ve configured your rule you should be able to check the settings in menu 15 1 1 as shown next Figure 32 21 Example 4 Menu 15 1 1 Address Mapping Rules Menu 15 1 1 1 Address Mapping Rule Type Many to...

Страница 365: ...r the most comprehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following chapters...

Страница 366: ...tacks when it is active The default Policy sets 1 allow all sessions originating from the LAN to the WAN and 2 deny all sessions originating from the WAN to the LAN You may define additional Policy ru...

Страница 367: ...MP system security system information and diagnosis firmware and configuration file maintenance system maintenance remote management IP Policy Routing and call scheduling See the web configurator part...

Страница 368: ......

Страница 369: ...re divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the Ethernet side Call filtering is us...

Страница 370: ...gures that follow The following figure illustrates the logic flow when executing a filter rule Data Outgoing Packet Drop packet Built in default Call Filters User defined Call Filters if applicable In...

Страница 371: ...le Fetch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet intoFilter Filter Set Forward Drop No Check Next Rule Figure 34 2 Filter Rule Process You can appl...

Страница 372: ...Step 1 Enter 21 in the main menu to display Menu 21 Filter and Firewall Setup Step 2 Enter 1 to display Menu 21 1 Filter Set Configuration as shown next Figure 34 3 Menu 21 Filter Set Configuration St...

Страница 373: ...0 0 DA 0 0 0 0 DP 139 N D N 4 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 5 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 6 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D F Enter Filter Rule Number 1...

Страница 374: ...e Edit Comments field and press ENTER Step 5 Press ENTER at the message Press ENTER to confirm to display Menu 21 1 1 Filter Rules Summary that is if you selected filter set 1 in menu 21 1 See Figure...

Страница 375: ...GEN for Generic IP for TCP IP Filter Rules These parameters are displayed here Menu 21 1 4 Filter Rules Summary A Type Filter Rules M m n 1 Y Gen Off 12 Len 2 Mask ffff Value 8863 N F N 2 Y Gen Off 1...

Страница 376: ...ched F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule n Action Not Matched F means to forward the packet immedi...

Страница 377: ...a the Prestige will warn you and will not allow you to save 34 5 1 TCP IP Filter Rule This section shows you how to configure a TCP IP filter rule TCP IP rules allow you to base the rule on the fields...

Страница 378: ...n IP source route The majority of IP packets do not have source route No default Destination IP Addr Type the destination IP address of the packet you want to filter This field is ignored if it is 0 0...

Страница 379: ...ging option from the following None No packets will be logged Action Matched Only packets that match the rule parameters will be logged Action Not Matched Only packets that do not match the rule param...

Страница 380: ...r Active Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matche...

Страница 381: ...sk and Value fields are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example FF...

Страница 382: ...y to the data portion before comparison Value Type the value in Hexadecimal to compare with the data portion More If Yes a matching packet is passed to the next filter rule before an action is taken o...

Страница 383: ...he exact address and port on the wire Therefore the Prestige applies the protocol filters to the native IP address and port number before NAT for outgoing packets and after NAT for incoming packets On...

Страница 384: ...Telnet Filter Step 1 Enter 1 in the menu 21 to display Menu 21 1 Filter Set Configuration Step 2 Enter the index number of the filter set you want to configure in this case 6 Step 3 Type a descriptive...

Страница 385: ...Mask 0 0 0 0 Port Port Comp Equal TCP Estab No More No Log None Action Matched Drop Action Not Matched Forward Press ENTER to Confirm or ESC to Cancel Press SPACE BAR to choose this filter rule type T...

Страница 386: ...ion shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in menu 21 but have not been applied to filter traffic Menu 21 1 6 Filter R...

Страница 387: ...ou want to apply as appropriate You can choose up to four filter sets from twelve by typing their numbers separated by commas for example 3 4 6 11 The factory default filter set NetBIOS_LAN is inserte...

Страница 388: ...PPoA or PPPoE encapsulation Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 6 device filters Output Filter Sets protocol filters 2 device filters Call Filter Sets Protocol filters Devi...

Страница 389: ...s SNMP is a member of the TCP IP protocol suite Your Prestige supports SNMP agent functionality which allows a manager station to manage and monitor the Prestige through the network The Prestige suppo...

Страница 390: ...esponse protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object vari...

Страница 391: ...r Prestige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it receives regardless of source 0 0 0 0 Trap Community Type...

Страница 392: ...ined in RFC 1215 A trap is sent with the port number 5 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP gets or sets requirements with wrong community pa...

Страница 393: ...you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the Pre...

Страница 394: ...nistrator instructs you to do so with additional information 1812 Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server a...

Страница 395: ...ey must be the same on the external accounting server and Prestige When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or pre...

Страница 396: ...how often a client has to re enter username and password to stay connected to the wired network This field is activated only when you select Authentication Required in the Wireless Port Control field...

Страница 397: ...Prestige for a client s user name and password If the user name is not found the Prestige checks the user database on the specified RADIUS server Select RADIUS first then Local to have the Prestige fi...

Страница 398: ...rs long for this user profile When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the p...

Страница 399: ...Status is a tool that can be used to monitor your Prestige Specifically it gives you information on your ADSL telephone line status number of packets sent and received To get to System Status type 24...

Страница 400: ...mber of received packets from this remote node Errors The number of error packets on this connection Tx B s This shows the transmission rate in bytes per second Rx B s This shows the receiving rate in...

Страница 401: ...e WAN Line Status This shows the current status of the xDSL line which can be Up or Down Upstream Speed This shows the upstream transfer rate in kbps Downstream Speed This shows the downstream transfe...

Страница 402: ...S is a registered trademark of ZyXEL Communications Corporation ADSL Chipset Vendor Displays the vendor of the ADSL chipset and DSL version Standard This refers to the operational protocol the Prestig...

Страница 403: ...rt Speed Once you change the Prestige consol port speed you must also set the speed parameter for the communication software you are using to connect to the Prestige 37 3 Log and Trace There are two l...

Страница 404: ...yslog and Accounting The Prestige uses the UNIX syslog facility to log the CDR Call Detail Record and system messages to a syslog server Syslog and accounting can be configured in Menu 24 3 2 System M...

Страница 405: ...rd CDR logs all data phone line activity if set to Yes Packet Triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the UNIX syslog server when this field is set...

Страница 406: ...001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4 Jul 19 11 29 06 192 168 102 2 ZYXEL Packet Trigger Protocol 1 Data 45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d...

Страница 407: ...nitialize the ISDN link to the telephone company ISDN Connection Test You can test to see if your ISDN line is working properly by using this option This command triggers the Prestige to perform a loo...

Страница 408: ......

Страница 409: ...fer to the label on the bottom of your Prestige ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Prestige ftp get rom 0 config cfg Th...

Страница 410: ...upload files in menus 24 5 24 6 24 7 1 and 24 7 2 depending on whether you use the console port or Telnet Option 5 from Menu 24 System Maintenance allows you to backup the current Prestige configurati...

Страница 411: ...ation file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt 38 2 3 Example o...

Страница 412: ...enabled this option Normal The server requires a unique User ID and Password to login Transfer Type You must use binary mode when uploading the configuration or firmware file Transfer files in either...

Страница 413: ...4 System Maintenance Step 3 Enter command sys stdio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default w...

Страница 414: ...tige The filename for the firmware is ras and for the configuration file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file Refer to section 38 2 5 to read about configur...

Страница 415: ...restore a previously saved configuration Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a b...

Страница 416: ...file config rom on your computer to the Prestige See earlier in this chapter for more information on filename conventions Step 8 Enter quit to exit the ftp prompt The Prestige will automatically rest...

Страница 417: ...play menu 24 6 and enter y at the following screen Figure 38 9 System Maintenance Restore Configuration Step 2 The following screen indicates that the Xmodem download has started Figure 38 10 System M...

Страница 418: ...the previous Restore Configuration section or by following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File for console port WARNING DO NOT INTERRUPT THE FILE TRANSF...

Страница 419: ...after the upload system configuration file process is complete For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using T...

Страница 420: ...he configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt The P...

Страница 421: ...active and the Prestige in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get...

Страница 422: ...should be similar 38 4 9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer then Send File to display the following screen Figure 38 17 Example Xmodem Upload After the configuration up...

Страница 423: ...ge 38 4 11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Menu 24 7 2 System Maintenance Upload System Configuration File To uplo...

Страница 424: ...ation File Maintenance Figure 38 19 Example Xmodem Upload After the configuration upload process has completed restart the Prestige by entering atgo Type the configuration file s location or click Bro...

Страница 425: ...ting menu 24 8 See the included disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help...

Страница 426: ...ng calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Control as shown in the next table Figure 39 3 Menu 24 9 System Maintenan...

Страница 427: ...s selected Table 39 1 Menu 24 9 1 System Maintenance Budget Management FIELD DESCRIPTION EXAMPLE Remote Node Enter the index number of the remote node you want to reset just one in this case 1 Connect...

Страница 428: ...em Maintenance Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen Figure 39 6 Menu 24 10 System Maintenance Time and Date Setting Menu 24 10 S...

Страница 429: ...unsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field displa...

Страница 430: ......

Страница 431: ...ls on configuring firewall rules 40 2 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to display Menu 24 11 Re...

Страница 432: ...the SPACE BAR Choices are LAN only WAN only All or Disable The default is LAN only LAN only Secured Client IP The default 0 0 0 0 allows any client to use this service to remotely manage the Prestige...

Страница 433: ...of the same type running at one time 5 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you begin a web session it will not begin if ther...

Страница 434: ......

Страница 435: ...ry of the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive traffic on high bandwidth high cost paths while using low cost paths for...

Страница 436: ...the index of the policy set you want to configure to open Menu 25 1 IP Routing Policy Setup Menu 25 1 shows the summary of a policy set including the criteria and the action of a single policy and whe...

Страница 437: ...0 25 P 6 T NM PR 0 GW 192 168 1 1 T MT PR 0 2 N __________________________________________________________________________ __________________________________________________________________________ 3...

Страница 438: ...xample UDP TCP ICMP etc Type of Service Prioritize incoming network traffic by choosing from Don t Care Normal Min Delay Max Thruput Min Cost or Max Reliable Precedence Precedence value of the incomin...

Страница 439: ...gateway must be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming network traffic by choosing...

Страница 440: ...em IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies 2 4 7 9 Press...

Страница 441: ...packets to a remote network using another policy See the next figure Figure 41 6 Example of IP Policy Routing To force Web packets coming from clients with IP addresses of 192 168 1 33 to 192 168 1 6...

Страница 442: ...with protocol TCP and port FTP access through another gateway 192 168 1 100 Menu 25 1 1 IP Routing Policy Policy Set Name set1 Active Yes Criteria IP Protocol 6 Type of Service Don t Care Packet leng...

Страница 443: ...ote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies 1 2 Edit IP Alias No Press ENTER to Confirm or ESC to C...

Страница 444: ......

Страница 445: ...n next Figure 42 1 Menu 26 Schedule Setup Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remo...

Страница 446: ...n t be triggered up until the end of the Duration Table 42 1 Menu 26 1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Active Press SPACE BAR to select Yes or No Choose Yes and press ENTER to activate th...

Страница 447: ...take effect in hour minute format 09 00 Duration Enter the maximum length of time this connection is allowed in hour minute format 08 00 Action Forced On means that the connection is maintained whethe...

Страница 448: ...ofile Rem Node Name ChangeMe Route IP Active Yes Bridge No Encapsulation PPPoE Edit IP Bridge No Multiplexing VC based Edit ATM Options No Service Name Telco Option Incoming Allocated Budget min 0 Rem...

Страница 449: ...TGEN This part provides information about configuring VPN IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges See the web configurator parts of this guide for b...

Страница 450: ......

Страница 451: ...se main submenus 1 Define VPN policies in menu 27 1 submenus including security policies endpoint IP addresses peer IPSec router IP address and key management 2 Menu 27 2 SA Monitor allows you to mana...

Страница 452: ...mmary FIELD DESCRIPTION EXAMPLE This is the VPN policy index number 1 Menu 27 VPN IPSec Setup 1 IPSec Summary 2 SA Monitor Enter Menu Selection Number Menu 27 1 IPSec Summary Name A Local Addr Start L...

Страница 453: ...to Range this is the end static IP address in a range of computers on the LAN behind your Prestige When the Addr Type field in Menu 27 1 1 IPSec Setup is configured to SUBNET this is a subnet mask on...

Страница 454: ...he Secure Gateway Addr field in SMT 27 1 1 to 0 0 0 0 172 16 2 40 Remote Addr End When the Addr Type field in Menu 27 1 1 IPSec Setup is configured to Single this is the same static IP address as in t...

Страница 455: ...e When a VPN rule is deleted subsequent rules do not move up in the page list Use Go To Rule to view the page where your desired rule is listed Select Next Page or Previous Page to view the next or pr...

Страница 456: ...to have the Prestige automatically re initiate the SA after the SA lifetime times out even if there is no traffic The remote IPSec router must also have keep alive enabled in order for this feature t...

Страница 457: ...this IP address changes 0 0 0 0 Peer ID type Press SPACE BAR to choose IP DNS or E mail and press ENTER Select IP to identify the remote IPSec router by its IP address Select DNS to identify the remot...

Страница 458: ...GLE with a single IP address Select RANGE for a specific range of IP addresses Select SUBNET to specify IP addresses on a network by their subnet mask SINGLE IP Addr Start When the Addr Type field is...

Страница 459: ...ngle IP address Use RANGE for a specific range of IP addresses Use SUBNET to specify IP addresses on a network by their subnet mask SUBNET IP Addr Start When the Addr Type field is configured to Singl...

Страница 460: ...eplay detection by setting this field to Yes Press SPACE BAR to select Yes or No Choose Yes and press ENTER to enable replay detection No Key Management Press SPACE BAR to choose either IKE or Manual...

Страница 461: ...ared keys are best for small networks with fewer than ten nodes Enter your pre shared key here Enter up to 31 characters Any character may be used including spaces but trailing spaces are truncated Bo...

Страница 462: ...lly renegotiates in this field It may range from 60 to 3 000 000 seconds almost 35 days A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authenticat...

Страница 463: ...save your configuration or press ESC at any time to cancel 43 5 Manual Setup You only configure Menu 27 1 1 2 Manual Setup when you select Manual in the Key Management field in Menu 27 1 1 IPSec Setup...

Страница 464: ...and then press ENTER Fill in the Key1 field below when you choose DES and fill in fields Key1 to Key3 when you choose 3DES Select NULL to set up a tunnel without encryption When you select NULL you d...

Страница 465: ...may be used including spaces but trailing spaces are truncated 123456789a bcde AH Setup The AH Setup fields are N A if you chose an ESP Active Protocol SPI Decimal The SPI must be from one to four uni...

Страница 466: ......

Страница 467: ...le and does not timeout until the SA lifetime period expires See the web configurator part on keep alive to have the Prestige renegotiate an IPSec SA when the SA lifetime expires even if there is no t...

Страница 468: ...Encryption methods include 56 bit DES and 168 bit 3DES NULL denotes a tunnel without encryption An incoming SA may have an AH in addition to ESP The Authentication Header provides strong integrity an...

Страница 469: ...re save and upload multiple menus at the same time using just one configuration text file eliminating the need to navigate and configure individual SMT menus for each Prestige 45 2 The Configuration T...

Страница 470: ...than 0 or 1 in the Input column of Field Identification Number 1000000 refer to Figure 45 1 Menu 1 General Setup 10000000 Configured 0 No 1 Yes 1 10000001 System Name Str Prestige 10000002 Location St...

Страница 471: ...2 Please wait for the system to write SPT text file ROM t Bootbase Version V2 02 2 22 2001 13 33 11 RAM Size 8192 Kbytes FLASH Intel 8M 2 c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1...

Страница 472: ...nal SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 192 168 1 1 none 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp p...

Страница 473: ...Appendices and Index XII Part XII Appendices and Index This part contains additional background information and an index or key terms...

Страница 474: ......

Страница 475: ...e you should contact your vendor 1 Make sure the Prestige is connected to your computer s serial port VT100 terminal emulation 9600 bps is the default speed on leaving the factory Try other speeds in...

Страница 476: ...the System Information and Diagnosis chapter SMT Problems with the LAN Interface Chart A 4 Troubleshooting the LAN Interface PROBLEM CORRECTIVE ACTION I cannot access the Prestige from the LAN If the...

Страница 477: ...ROBLEM CORRECTIVE ACTION I cannot access the Internet Make sure the Prestige is turned on and connected to the network If the DSL LED is off refer to Chart A 3 Troubleshooting the DSL LED Verify your...

Страница 478: ...figurator PROBLEM CORRECTIVE ACTION I cannot access the web configurator Refer to Chart A 7 Troubleshooting the Password Make sure that there is not an SMT console session running Check that you have...

Страница 479: ...en remote management may not be possible Use the Prestige s WAN IP address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the LAN Refer to Chart A 4 Troubleshoot...

Страница 480: ......

Страница 481: ...dress the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three oc...

Страница 482: ...host ID using a logical AND operation A subnet mask has 32 bits each bit of the mask corresponds to a bit of the IP address If a bit in the subnet mask is a 1 then the corresponding bit in the IP addr...

Страница 483: ...26 1100 0000 255 255 255 224 27 1110 0000 255 255 255 240 28 1111 0000 255 255 255 248 29 1111 1000 255 255 255 252 30 1111 1100 The first mask shown is the class C natural mask Normally if no mask is...

Страница 484: ...1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask 255 255 255 128 Subnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129...

Страница 485: ...0000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host ID 192 168 1 62 Chart B 8 Subn...

Страница 486: ...110 The following table shows class C IP address last octet values for each subnet Chart B 11 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 6...

Страница 487: ...three host ID octets see Chart B 1 available for subnetting The following table is a summary for class B subnet planning Chart B 13 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNET...

Страница 488: ...e 653HWI Series User s Guide B 8 IP Subnetting Chart B 13 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 14 255 255 255 252 30 16384 2 15 255 255 255 254 31 3...

Страница 489: ...ve from meeting to meeting accessing up to date information that facilitates the ability to communicate decisions on the fly 5 It provides campus wide networking coverage allowing enterprises the roam...

Страница 490: ...k Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple access points APs link the WLAN to the wired network and allow users to efficiently share network resources The Access Poi...

Страница 491: ...Prestige 653HWI Series User s Guide Wireless LAN and IEEE 802 11 C 3 Diagram C 2 ESS Provides Campus Wide Coverage...

Страница 492: ......

Страница 493: ...Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For an unobstruct...

Страница 494: ...ns In point to point application position both transmitting and receiving antenna at the same height and in a direct line of sight to each other to attend the best performance For omni directional ant...

Страница 495: ...er similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the ca...

Страница 496: ...col LAC L2TP Access Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up conne...

Страница 497: ...Prestige 653HWI Series User s Guide PPPoE E 3 Diagram E 2 Prestige as a PPPoE Client...

Страница 498: ......

Страница 499: ...etween circuit end points Diagram F 1 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires The cable connects two points and wires within the cable provide indiv...

Страница 500: ......

Страница 501: ...2 No 223 NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model AA 121A25 Input Power AC120Volts 60Hz 19W Output Power AC 16Volts 1 25A Power Consumption 14W Safety Standards UL CUL UL 1310 CSA C22 2 N...

Страница 502: ...Prestige 653HWI Series User s Guide G 2 Power Adaptor Specifications Power Consumption 14W Safety Standards ITS GS CE EN 60950...

Страница 503: ...n Number not seen in SMT screens FN Field Name PVA Parameter Values Allowed INPUT An example of what you may enter The following are Internal SPTGEN screens associated with the SMT screens of your Pre...

Страница 504: ...Output protocol filters Set 2 256 30100011 Output protocol filters Set 3 256 30100012 Output protocol filters Set 4 256 30100013 Output device filters Set 1 256 30100014 Output device filters Set 2 2...

Страница 505: ...1 12 256 30200016 IP Policies Set 4 1 12 256 MENU 3 2 1 IP ALIAS SETUP SMT MENU 3 2 1 FIN FN PVA INPUT 30201001 IP Alias 1 0 No 1 Yes 0 30201002 IP Address 0 0 0 0 30201003 IP Subnet Mask 0 30201004...

Страница 506: ...ction 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Rip 1 1 Rip 2B 2 Rip 2M 0 30201019 IP Alias 2 Incoming protocol filters Set 1 256 30201020 IP Alias 2 Incoming protocol filters Set 2 256...

Страница 507: ...0 WEP Key3 30500011 WEP Key4 MENU 3 5 1 WLAN MAC ADDRESS FILTER SMT MENU 3 5 1 30501001 Mac Filter Active 0 No 1 Yes 0 30501002 Filter Action 0 Allow 1 Deny 0 30501003 Address 1 00 00 00 00 00 00 3050...

Страница 508: ...et 1 6 40000017 ISP incoming protocol filter set 2 256 40000018 ISP incoming protocol filter set 3 256 40000019 ISP incoming protocol filter set 4 256 40000020 ISP outgoing protocol filter set 1 256 4...

Страница 509: ...Static Route set 1 Gateway 0 0 0 0 120101006 IP Static Route set 1 Metric 0 120101007 IP Static Route set 1 Private 0 No 1 Yes 0 MENU 12 1 2 IP STATIC ROUTE SETUP SMT MENU 12 1 2 FIN FN PVA INPUT 1201...

Страница 510: ...ute set 4 Active 0 No 1 Yes 0 120104003 IP Static Route set 4 Destination IP address 0 0 0 0 120104004 IP Static Route set 4 Destination IP subnetmask 0 120104005 IP Static Route set 4 Gateway 0 0 0 0...

Страница 511: ...12 1 7 IP STATIC ROUTE SETUP SMT MENU 12 1 7 FIN FN PVA INPUT 120107001 IP Static Route set 7 Name Str 120107002 IP Static Route set 7 Active 0 No 1 Yes 0 120107003 IP Static Route set 7 Destination I...

Страница 512: ...0109006 IP Static Route set 9 Metric 0 120109007 IP Static Route set 9 Private 0 No 1 Yes 0 MENU 12 1 10 IP STATIC ROUTE SETUP SMT MENU 12 1 10 FIN FN PVA INPUT 120110001 IP Static Route set 10 Name 1...

Страница 513: ...e set 12 Destination IP address 0 0 0 0 120112004 IP Static Route set 12 Destination IP subnetmask 0 120112005 IP Static Route set 12 Gateway 0 0 0 0 120112006 IP Static Route set 12 Metric 0 12011200...

Страница 514: ...PVA INPUT 120115001 IP Static Route set 15 Name Str 120115002 IP Static Route set 15 Active 0 No 1 Yes 0 120115003 IP Static Route set 15 Destination IP address 0 0 0 0 120115004 IP Static Route set...

Страница 515: ...150000006 SUA Server 2 Local IP address 0 0 0 0 150000007 SUA Server 3 Active 0 No 1 Yes 0 150000008 SUA Server 3 Protocol 0 All 6 TCP 17 U DP 0 150000009 SUA Server 3 Port Start 0 150000010 SUA Serv...

Страница 516: ...000030 SUA Server 7 Port End 0 150000031 SUA Server 7 Local IP address 0 0 0 0 150000032 SUA Server 8 Active 0 No 1 Yes 0 150000033 SUA Server 8 Protocol 0 All 6 TCP 17 U DP 0 150000034 SUA Server 8 P...

Страница 517: ...T 1 SMT MENU 21 FIN FN PVA INPUT 210100001 Filter Set 1 Name Str MENU 21 1 1 1 FILTER SET 1 RULE 1 SMT MENU 21 1 1 1 FIN FN PVA INPUT 210101001 IP Filter Set 1 Rule 1 Type 2 TCP IP 2 210101002 IP Filt...

Страница 518: ...2 FIN FN PVA INPUT 210102001 IP Filter Set 1 Rule 2 Type 2 TCP IP 2 210102002 IP Filter Set 1 Rule 2 Active 0 No 1 Yes 1 210102003 IP Filter Set 1 Rule 2 Protocol 6 210102004 IP Filter Set 1 Rule 2 De...

Страница 519: ...3 Dest IP address 0 0 0 0 210103005 IP Filter Set 1 Rule 3 Dest Subnet Mask 0 210103006 IP Filter Set 1 Rule 3 Dest Port 139 210103007 IP Filter Set 1 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal...

Страница 520: ...lter Set 1 Rule 4 Src IP address 0 0 0 0 210104009 IP Filter Set 1 Rule 4 Src Subnet Mask 0 210104010 IP Filter Set 1 Rule 4 Src Port 0 210104011 IP Filter Set 1 Rule 4 Src Port Comp 0 none 1 equal 2...

Страница 521: ...5 Act Match 1 check next 2 forward 3 dr op 3 210105014 IP Filter Set 1 Rule 5 Act Not Match 1 Check Next 2 Forward 3 Drop 1 MENU 21 1 1 6 SET 1 RULE 6 SMT MENU 21 1 1 6 FIN FN PVA INPUT 210106001 IP F...

Страница 522: ...Nam Str NetBIOS_WAN MENU 21 1 2 1 FILTER SET 2 RULE 1 SMT MENU 21 1 2 1 FIN FN PVA INPUT 210201001 IP Filter Set 2 Rule 1 Type 0 none 2 TCP IP 2 210201002 IP Filter Set 2 Rule 1 Active 0 No 1 Yes 1 21...

Страница 523: ...IP Filter Set 2 Rule 2 Active 0 No 1 Yes 1 210202003 IP Filter Set 2 Rule 2 Protocol 6 210202004 IP Filter Set 2 Rule 2 Dest IP address 0 0 0 0 210202005 IP Filter Set 2 Rule 2 Dest Subnet Mask 0 2102...

Страница 524: ...Mask 0 210203006 IP Filter Set 2 Rule 3 Dest Port 139 210203007 IP Filter Set 2 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 great er 1 210203008 IP Filter Set 2 Rule 3 Src IP address 0...

Страница 525: ...210204009 IP Filter Set 2 Rule 4 Src Subnet Mask 0 210204010 IP Filter Set 2 Rule 4 Src Port 0 210204011 IP Filter Set 2 Rule 4 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 great er 0 210204013...

Страница 526: ...Filter Set 2 Rule 5 Act Match 1 check next 2 forward 3 dr op 3 210205014 IP Filter Set 2 Rule 5 Act Not Match 1 check next 2 forward 3 dr op 1 MENU 21 1 2 6 FILTER SET 2 RULE 6 SMT MENU 21 1 2 5 FIN F...

Страница 527: ...4 MENU 23 2 SYSTEM SECURITY RADIUS SERVER SMT MENU 23 2 FIN FN PVA INPUT 230200001 Authentication Server Configured 0 No 1 Yes 1 230200002 Authentication Server Active 0 No 1 Yes 1 230200003 Authentic...

Страница 528: ...100005 FTP Server Access 0 all 1 none 2 Lan 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Server Port 80 241100008 WEB Server Access 0 all 1 none 2 Lan 3 Wan 0 241100009 WEB Se...

Страница 529: ...requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropr...

Страница 530: ...K If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and the...

Страница 531: ...omatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 3 Click the DNS Configuration tab If you do not know your D...

Страница 532: ...d and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer whe...

Страница 533: ...Windows 2000 NT XP 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dia...

Страница 534: ...Win XP and click Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have...

Страница 535: ...IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab...

Страница 536: ...and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Cli...

Страница 537: ...s User s Guide Setting up Your Computer s IP Address I 9 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 2 Select Ethernet built in from...

Страница 538: ...in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save chan...

Страница 539: ...elect Using DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in...

Страница 540: ......

Страница 541: ...lephone sets Install the POTS splitter at the point where the telephone line enters your residence as shown in the following figure Diagram J 1 Connecting a POTS Splitter Step 1 Connect the side label...

Страница 542: ...ilter Step 3 Connect another cable from the double jack end of the Y Connector to the Prestige Step 4 Connect the phone side of the microfilter to your telephone as shown in the following figure Diagr...

Страница 543: ...The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Login Fail Someone has failed to log on to the router s SMT interface...

Страница 544: ...rbid ActiveX Destination Contains Java applet Web Block The Prestige blocked access to an IP address or domain name that contains a Java applet because the content filter is set to forbid Java applets...

Страница 545: ...detected a TCP SMTP illegal command attack NetBIOS TCP The firewall detected a TCP NetBIOS attack ip spoofing no routing entry Protocol The firewall detected an IP spoofing attack while the Prestige...

Страница 546: ...IP Protocol Direction Access did not match a firewall rule s destination IP address and the Prestige logged it src IP Protocol Direction Access did not match a firewall rule s source IP address and t...

Страница 547: ...pport the ICMP packet s protocol 2 The ICMP packet is an echo reply for which there was no corresponding echo request Router reply ICMP packet The router sent an ICMP response packet This packet autom...

Страница 548: ...etwork on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect dat...

Страница 549: ...nder IPSec Log The following figure shows a typical log from the VPN connection peer Index Date Time Log 001 01 Jan 08 02 22 Send Main Mode request to 192 168 100 101 002 01 Jan 08 02 22 Send SA 003 0...

Страница 550: ...Prestige has received an IKE negotiation request from the peer Recv Symbol IKE uses the ISAKMP protocol refer to RFC2408 ISAKMP to transmit data Each ISAKMP packet contains payloads of different type...

Страница 551: ...es exchange policy details including local and remote IP address ranges If these ranges differ then the connection fails Local remote IPs of incoming request conflict with rule d If the security gatew...

Страница 552: ...e incoming packet did not match vs My Local IP address The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router The...

Страница 553: ...on settings are incorrect Please check them Rule d idle time out disconnect If an SA has no packets transmitted for a period of time configurable via CI command the Prestige drops the connection The f...

Страница 554: ......

Страница 555: ...tication 25 11 29 4 29 5 Authentication Protocol Outgoing 29 5 auto negotiation 1 4 B Backup 38 2 Bandwidth Borrowing 21 7 Bandwidth Class 21 1 Bandwidth Filter 21 1 21 15 Bandwidth Management 1 4 21...

Страница 556: ...iting 14 2 Introduction 14 1 Customer Support v Customized Services 14 2 D data compression 1 3 Data decryption 6 4 Data encryption 6 4 Data Filtering 34 1 Data Link Connection 25 7 Default Policy Log...

Страница 557: ...ter Structure 34 4 Generic Filter Rule 34 13 Remote Node 29 8 Remote Node Filter 29 8 Remote Node Filters 34 19 Sample 34 17 SUA 34 15 TCP IP Filter Rule 34 9 Filter Configuration 34 1 Filter Log 37 7...

Страница 558: ...2 IEEE 802 11 C 1 IGMP 5 3 IGMP support 25 16 29 7 IKE 13 8 IKE Setup 43 11 Incoming Call Support 1 4 Independent Basic Service Set C 2 Infrastructure Configuration C 2 Install UPnP 19 3 Windows Me 19...

Страница 559: ...ISDN Interface 1 3 ISDN Remote Node Profile 25 10 ISDN Setup 25 8 ISDN DCP 7 1 K Key Fields For Configuring Rules 13 2 L LAN 37 3 LAN Configuration 5 4 LAN Interface Troubleshooting A 2 LAN Setup 5 1...

Страница 560: ...NetCAPI Server 7 11 NetCAPI Setup 25 8 Network Address Translation 28 6 Network Address Translation NAT 1 4 8 1 32 1 Network Authentication 6 8 Network Management 1 7 8 7 Networking Compatibility 1 6...

Страница 561: ...ewall 12 1 33 1 Troubleshooting A 5 Remote Management and NAT 18 2 Remote Management Limitations 18 1 40 2 Remote Management Setup 40 1 Remote Node 29 1 37 2 Network Layer 29 5 Remote Node Profile 29...

Страница 562: ...rce Address 13 3 13 11 Source Based Routing 41 1 Splitters J 1 SPTGEN Screens H 1 SQL NET 13 9 SSH 13 9 Stac data compression 1 3 Start Up Troubleshooting A 1 Stateful Inspection 1 2 11 1 11 2 11 7 11...

Страница 563: ...15 Setup 25 3 Traffic Shaping 7 3 Traffic Shaping Example 7 4 Transmission Rates 1 1 Transport Mode 16 5 Troubleshooting A 1 Tunnel Mode 16 5 Type of Service 41 1 41 3 41 4 41 5 U UDP ICMP Security 11...

Страница 564: ...Web Configurator Navigation 2 2 WEP 6 4 WEP 6 4 WEP Encryption 27 2 Windows 2000 NT XP I 5 Windows 95 98 Me I 1 WIRED EQUIVALENT PRIVACY 6 3 Wireless Channel 6 1 Wireless LAN C 1 6 1 27 1 Benefits C 1...

Отзывы:

Нет отзывов

Похожие инструкции для Prestige 653HWI series

Бренд: Linksys Страницы: 13

Бренд: CTC Union Страницы: 4

Бренд: Planet Страницы: 57

Бренд: PheeNet Страницы: 14

Бренд: Ubee Страницы: 7

Бренд: Valcom Страницы: 4

Бренд: Nortel Страницы: 134

Remote Office 9150

Бренд: Nortel Страницы: 570

ACCESS MANAGER 3.1 SP1 - ADMINISTRATION

Бренд: Novell Страницы: 42

Бренд: Novatel Страницы: 88

Бренд: tilgin Страницы: 20

Бренд: tilgin Страницы: 20

Бренд: Fluke Страницы: 20

Бренд: 2Wire Страницы: 2

Бренд: 2Wire Страницы: 82

Бренд: ZyXEL Communications Страницы: 2

Бренд: ZyXEL Communications Страницы: 2

Security Web Gateway Appliance

Бренд: IBM Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды