ZyXEL Communications ZyWALL VPN2S Скачать руководство пользователя | Manualshive

Страница: 19 / 63

background image

19/63

www.zyxel.com

For the VPN connection (Phase 2):

3.

Enter the

Connection Name

, select

Site-to-site

as the

Application

Scenario

, and select the name of the phase 1 profile (

Branch

) in the

VPN Gateway

field.

4.

For

Local policy

, choose the subnet that your PC is connected to.

«
...
17
18
19
20
21
...
»

Содержание ZyWALL VPN2S

Страница 1: ...xel com VPN2S VPN2S VPN Firmware V1 12 ABLN 0 b9 Edition 1 5 2018 Handbook Default Login Details LAN Port IP Address https 192 168 1 1 User Name admin Password 1234 Copyright 2018 ZyXEL Communications Corporation ...

Страница 2: ...eries 20 How to configure VPN with PC Server Role 21 Set Up the IPSec VPN Tunnel on the VPN2S 21 Setup the Zywall IPsec VPN client 24 Test VPN2S as Server Role 27 How to setup scheduled rule via firewall on VPN2S 29 Setup the schedule rule on the VPN2S 30 Test scheduled rule via firewall on VPN2S 32 How to Configure Interface Group Bridge Bundle WAN Interface Triple play 32 Set Up the Interface Gr...

Страница 3: ...N2S clients following rules 52 Set Up the policy route to force VPN2S clients following rules 53 How to Configure Content Filter by Category 55 Set up the Content Filter by Category 55 Test the Content Filter 57 How to Configure bypass website by Content Filter white list 58 Set up the Content Filter by Category 58 Set up the Content Filter white list 60 Test bypass website by Content Filter white...

Страница 4: ...ting systems When the VPN tunnel is configured users can securely access the network and allow traffic from L2TP clients to go to the Internet from an Android mobile phone Figure VPN2S connect with Mobile through L2TP VPN Tunnel Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks ...

Страница 5: ... zyxel com Set Up the PPPoE Connection On VPN2S Series Go to Configuration Wan Internet WAN Setup WAN1 Edit change the Encapsulation from default IPoE to PPPoE and fill the username password on PPP information ...

Страница 6: ... VPN Tunnel on VPN2S Go to Configuration VPN IPsec VPN Default_L2TP_VPN_GW and Default_L2TP_VPN_Connection Edit enable both of rule and fill the pre share key on Default_L2TP_VPN_GW Figure Configuration VPN IPsec VPN Default_L2TP_VPN_GW ...

Страница 7: ...7 63 www zyxel com Figure Configuration VPN IPsec VPN Default_L2TP_VPN_Connection ...

Страница 8: ...h will be assigned to l2tp client on IP Address Pool Figure Configuration VPN L2TP VPN Configure the L2TP VPN Tunnel on Android Mobile Version 5 0 2 Go to Setting Wireless Networks VPN Add VPN Profile and fill the name of profile Select L2TP IPSec PSK on Type field enter Server address and pre shared key ...

Страница 9: ...9 63 www zyxel com Test the L2TP over IPSec VPN Tunnel Type the username and password and click CONNECT The L2TP VPN session connected ...

Страница 10: ...10 63 www zyxel com What Could Go Wrong Make sure your Pre shared key on VPN2S and Mobile are the same ...

Страница 11: ... they needed This scenario uses two units of VPN2S to create an IPSec VPN connection Moreover both USGs get their public IPs via PPPoE HQ WAN IP 61 231 53 228 LAN IP 192 168 2 1 Branch WAN IP 36 226 203 74 LAN IP 192 168 3 1 Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks This example was...

Страница 12: ...m Configuration the LAN IP on HQ Site Go to Configuration LAN Home network VLAN Interface Group Add Create the Lan Subnet 192 168 2 X 24 first go to VLAN to separate the LAN2 and then change the subnet to 192 168 2 X 24 ...

Страница 13: ...13 63 www zyxel com Go to Configuration LAN Setup Edit ...

Страница 14: ...to Configuration VPN IPSec VPN Add the profile on Gateway configuration and Connection configuration For the VPN gateway please enter the VPN gateway name select the Interface for public IP enter the peer s domain in the Primary field and enter the Pre Shared Key ...

Страница 15: ...onnection Phase 2 1 Enter the Connection Name select Site to site as the Application Scenario and select the name of the phase 1 profile Branch in the VPN Gateway field 2 For Local policy choose the subnet that your PC is connected to ...

Страница 16: ...Configuration the LAN IP on Branch Site Go to Configuration LAN Home network VLAN Interface Group Add Create the Lan Subnet 192 168 3 X 24 first go to VLAN to separate the LAN2 and then change the subnet to 192 168 3 X 24 ...

Страница 17: ...17 63 www zyxel com Go to Configuration LAN Setup Edit ...

Страница 18: ...o to Configuration VPN IPSec VPN Add the profile on Gateway configuration and Connection configuration For the VPN gateway please enter the VPN gateway name select the Interface for public IP enter the peer s domain in the Primary field and enter the Pre Shared Key ...

Страница 19: ...onnection Phase 2 3 Enter the Connection Name select Site to site as the Application Scenario and select the name of the phase 1 profile Branch in the VPN Gateway field 4 For Local policy choose the subnet that your PC is connected to ...

Страница 20: ...20 63 www zyxel com Test IPSec VPN on VPN2S Series Click the connect button and the Icon will change from Gray to light ...

Страница 21: ...onfigured each site can be accessed securely Set Up the IPSec VPN Tunnel on the VPN2S In the VPN2S go to Wizard Welcome to IPsec VPN Setup use the VPN Settings for Configuration Provisioning wizard to create a VPN rule that can be used with the ZyWALL IPSec VPN Client Click Next Figure Wizard Welcome to IPsec VPN Setup Note All network IP addresses and subnet masks are used as examples in this art...

Страница 22: ... to be the authentication method Click Next Figure Wizard Welcome to IPsec VPN Setup Select the Scenario which will be deployed Remote Access Server Role and click Next Figure Wizard Welcome to IPsec VPN Setup Choose the WAN1 for My Interface and fill pre Shared Key and local IP Address Figure Wizard Welcome to IPsec VPN Setup ...

Страница 23: ...23 63 www zyxel com The configured result will be displayed Click Save And then Go to Configuration VPN IPsec VPN the Server role already created on VPN Figure Configuration VPN IPsec VPN ...

Страница 24: ...e Zywall IPsec VPN client Since the IKE Version 2 is using so the New VPN Gateway need to be added on IKEV2 on IPSec VPN Client Figure IPSec VPN Client Fill Remote Gateway IP address and pre shared key and then move to IKE Advance ...

Страница 25: ...25 63 www zyxel com On the IKE Advance page Select IPV4 Address and fill 0 0 0 0 on local and Remote ID After that create the New VPN Connection ...

Страница 26: ...26 63 www zyxel com On the IKev2 Tunnel please fill in VPN Client address and Remote LAN address ...

Страница 27: ...27 63 www zyxel com Test VPN2S as Server Role Click Open Tunnel The Tunnel established ...

Страница 28: ...28 63 www zyxel com The result is displayed on VPN on VPN2S ...

Страница 29: ...le will illustrate the VPN2S User Access Control allows IT manager arrange Internet access schedule to limit specific or all LAN PC Internet access time Figure User Access Control Note The rules of internet access schedule related with device need to be double checked by IT Manager ...

Страница 30: ...e schedule rule on the VPN2S Go to System Scheduler Rule Add Fill the name of the schedule rule and tick Mon to Fri on the Days field On the Time of Day Range enter 7 00 to 18 00 Click OK Figure Schedule Rule Figure Schedule Rule ...

Страница 31: ...reate the Firewall Rule which related with Schedule rule Check Enable fill the name of rule and check Any to limit all device in the schedule Choose REJECT as your policy Select Internet Access which created on schedule rule Figure Firewall Security Firewall Rules Add ...

Страница 32: ...This example shows how to use the Interface Group There are Internet and VoIP connections The Interface Group VoIP should be bridge to WAN interface VoIP When the Interface Group is configured Internet and VoIP traffic can be isolated and VoIP can be use L2 traffic to the WAN interface Figure Interface Group Bridge Bundle WAN Interface ...

Страница 33: ...l com Set Up the Interface Group Bridge Bundle WAN Interface Group on the VPN2S Sign into the VPN2S Go to LAN Home Network VLAN Interface Group Click Configuration WAN Internet WAN Setup Add to open the follow screen ...

Страница 34: ... www zyxel com Click Configuration LAN Home Network VLAN Interface Group Add to open the follow screen Click Configuration LAN Home Network VLAN Interface Group Add VLAN Group s Add to open the follow screen ...

Страница 35: ... com Click Configuration LAN Home Network VLAN Interface Group Add WAN Interface Used In This Group Add to open the follow screen Click Configuration LAN Home Network VLAN Interface Group Add to open the follow screen ...

Страница 36: ...36 63 www zyxel com How to configure Multi WAN This example shows how to use the Multi WAN there are WAN1 VoIP Mobile ...

Страница 37: ... is WAN backup since most Mobile connection charge the user more cost Figure Multi WAN Set Up the Multi WAN on the VPN2S Sign into the VPN2S Go to Configuration WAN Internet Multi WAN Click Configuration WAN Internet Multi WAN Edit open the follow screen Check the Multi WAN status VoIP connection Click Dashboard open the follow screen ...

Страница 38: ...the follow screen Mobile3G connection Click Dashboard open the follow screen How to Configure NAT Port Forwarding This example shows how to use the Port Forwarding to access local server The example instructs how to configure the Port Forwarding When the Port ...

Страница 39: ...om Internet Figure Multiple Servers Behind NAT Example Set Up the Port Forwarding on the VPN2S Sign into the VPN2S Go to NAT Port Forwarding Click Configuration NAT Port Forwarding Add to open the follow screen Note 1 The TCP port is reserved for TR069 connection request port ...

Страница 40: ...40 63 www zyxel com Click Configuration NAT Port Forwarding open the follow screen Test the Port Forwarding Connect to http 10 214 30 45 55000 will access Server B 192 168 1 43 80 ...

Страница 41: ...41 63 www zyxel com ...

Страница 42: ...example instructs how to configure the Port Triggering When Port Triggering is opened File Server will forward to the open port Trigger Port Forwarding Process Example Note 1 Only one PC can connect to the File Server until the connection is closed or time out 2 The times out in three minutes with UDP or two hours with TCP IP ...

Страница 43: ...43 63 www zyxel com Set Up the Port Triggering on the VPN2S In the VPN2S go to NAT Port Triggering Click Configuration NAT Port Triggering Add to open the follow screen ...

Страница 44: ...o configure the NAT ALG When the NAT ALG is configured will solve major problem for peer to peer communication in NAT Figure FTP ALG Enable the ALG on the VPN2S 1 In the VPN2S go to NAT ALG Click Configuration NAT ALG open the follow screen Note 1 Mack sure ALG works correctly with port forwarding and address mapping rules ...

Страница 45: ...ccessed Web Server Figure Default Server Note 1 Enter IP address and click OK to activate the default server 2 The Interface Group for the default server is by default on firewall LAN zone Use LAN to configure it to other zone if desired 3 Some default ports of services are already used by device service If you need the same ports for the default server please change the ports used by device servi...

Страница 46: ...l com Set Up the Default Server on the VPN2S 1 In the VPN2S go to NAT Default Server Click Configuration NAT Default Server Add to open the follow screen Click Configuration NAT Default Server open the follow screen ...

Страница 47: ...47 63 www zyxel com Test the Default Server Connect to http 10 214 30 45 will access Server B 192 168 1 43 ...

Страница 48: ...nternet but you don t have enough Public So we can use Address Mapping to translate Private IP to Public IP When the Address Mapping is configured each user can be browser Internet Figure NAT Address Mapping Note 1 Address mapping rule sets do not have priority above each other and might not give the desired result if the IP ranges overlap ...

Страница 49: ...ng One to One In the VPN2S go to WAN Internet WAN Setup Click Configuration WAN Internet WAN Setup Choice WAN1 Edit to open the follow screen 2 In the VPN2S go to NAT Address Mapping Click Configuration NAT Address Mapping Add to open the follow screen ...

Страница 50: ...g Many to Many In the VPN2S go to WAN Internet WAN Setup Click Configuration WAN Internet WAN Setup Choice WAN1 Edit to open the follow screen 3 In the VPN2S go to NAT Address Mapping Click Configuration NAT Address Mapping Add to open the follow screen ...

Страница 51: ...g Many to one In the VPN2S go to WAN Internet WAN Setup Click Configuration WAN Internet WAN Setup Choice WAN1 Edit to open the follow screen 4 In the VPN2S go to NAT Address Mapping Click Configuration NAT Address Mapping Add to open the follow screen ...

Страница 52: ...how to create Policy Route You want to LAN users bower Internet use different interface however you won t to use static route Therefore we can use Policy Route to reach this purpose When the Policy Route is configured each LAN user can be used different interface go to Internet Figure NAT Address Mapping ...

Страница 53: ... policy route to force VPN2S clients following rules In the VPN2S go to WAN Internet WAN Setup Click Configuration Routing Policy Route to open the follow screen Click Configuration Routing Policy Route Add to open the follow screen ...

Страница 54: ...54 63 www zyxel com ...

Страница 55: ...ilter is configured each PC can t not access media website Set up the Content Filter by Category In the VPN2S go to Security Service Content Filter Click Configuration Security Service Content Filter to open the follow screen Then check Enable Content Filter and Enable HTTPS Domain Filter for HTTPs traffic Click Configuration Security Service Content Filter Profile Management Add to open the follo...

Страница 56: ...Category Server Click Configuration Security Service Content Filter Profile Management Add Test Against Content Filter Category Server to open the follow screen Youtube is Recreation Entertainment and Streaming Media Downloads Select Block in Recreation ...

Страница 57: ...guration Security Service Content Filter Profile Management Add Managed Categories to open the follow screen To check Entertainment and Streaming Media Downloads in Recreation Test the Content Filter Connect to https www youtube com ...

Страница 58: ...nfigure Content Filter white list When the Content Filter white list is configured each PC cannot access media websites exclude white list web site Set up the Content Filter by Category In the VPN2S go to Security Service Content Filter Click Configuration Security Service Content Filter to open the follow screen Then check Enable Content Filter and Enable HTTPS Domain Filter for HTTPs traffic ...

Страница 59: ...59 63 www zyxel com Click Configuration Security Service Content Filter Profile Management Add to open the follow screen Select Block in Recreation ...

Страница 60: ...list Connect to https www youtube com How to Configure bypass website by Content Filter black list This example shows how to bypass website by Content Filter black list on the VPN2s The example instructs how to configure Content Filter black list When the Content Filter black list is configured each PC cannot access those websites ...

Страница 61: ...ty Service Content Filter Click Configuration Security Service Content Filter to open the follow screen Then check Enable Content Filter and Enable HTTPS Domain Filter for HTTPs traffic Click Configuration Security Service Content Filter Profile Management Add to open the follow screen ...

Страница 62: ...62 63 www zyxel com Select Allow in all Category Set up the Content Filter black list To add Yahoo to black list Test block website by Content Filter black list Connect to https tw yahoo com ...

Страница 63: ...63 63 www zyxel com ...

Отзывы:

Нет отзывов

Похожие инструкции для ZyWALL VPN2S

Бренд: PaloAlto Networks Страницы: 2

Бренд: Philips Страницы: 1

Бренд: EBLOCKER Страницы: 81

Бренд: PaloAlto Networks Страницы: 52

DFL-1100 - Security Appliance

Бренд: D-Link Страницы: 144

Бренд: D-Link Страницы: 5

DFL-200 - Security Appliance

Бренд: D-Link Страницы: 133

D DFL-500 DFL-500

Бренд: D-Link Страницы: 122

DFL-200 - Security Appliance

Бренд: D-Link Страницы: 14

Бренд: D-Link Страницы: 118

CP310 - DFL - Security Appliance

Бренд: D-Link Страницы: 485

DFL-1660-IPS-12

Бренд: D-Link Страницы: 20

DFL-1100 - Security Appliance

Бренд: D-Link Страницы: 24

Бренд: D-Link Страницы: 476

ZyWALL USG Series

Бренд: ZyXEL Communications Страницы: 426

Бренд: KEYTRONIX Страницы: 74

Бренд: Freecom Страницы: 58

Бренд: H3C Страницы: 44

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды