Zyxel P-202H V2 specifications

P-202H Plus v2

ISDN Internet Access Router

User’s Guide

Version 3.40

Edition 1

8/2006

P-202H Plus v2 User’s Guide

Copyright

The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.

P-202H Plus v2 User’s Guide

Federal Communications Commission (FCC) Interference Statement

The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operations.

This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.

Certifications

If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

1 Reorient or relocate the receiving antenna.

2 Increase the separation between the equipment and the receiver.

3 Connect the equipment into an outlet on a circuit different from that to which the receiver

is connected.

4 Consult the dealer or an experienced radio/TV technician for help.

Notices

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

Viewing Certifications

1 Go to http://www.zyxel.com.

2 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

3 Select the certification you wish to view from this page.

3 Certifications

P-202H Plus v2 User’s Guide

Safety Warnings

For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

• Connect ONLY suitable accessories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device.

• Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

• If the power adaptor or cord is damaged, remove it from the power outlet.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

• Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord.

• If you wall mount your device, make sure that no electrical lines, gas or water pipes will be damaged.

This product is recyclable. Dispose of it properly.

Safety Warnings 4

P-202H Plus v2 User’s Guide

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.

ZyXEL Limited Warranty

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.

Registration

Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.

5 ZyXEL Limited Warranty

P-202H Plus v2 User’s Guide

Customer Support

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

METHOD

LOCATION

CORPORATE HEADQUARTERS (WORLDWIDE)

COSTA RICA

CZECH REPUBLIC

DENMARK

FINLAND

FRANCE

GERMANY

HUNGARY

KAZAKHSTAN

NORTH AMERICA

SUPPORT E-MAIL TELEPHONE WEB SITE

SALES E-MAIL FAX FTP SITE

support@zyxel.com.tw +886-3-578-3942 www.zyxel.com

www.europe.zyxel.com

sales@zyxel.com.tw +886-3-578-2439 ftp.zyxel.com

ftp.europe.zyxel.com

soporte@zyxel.co.cr +506-2017878 www.zyxel.co.cr ZyXEL Costa Rica

sales@zyxel.co.cr +506-2015098 ftp.zyxel.co.cr

info@cz.zyxel.com +420-241-091-350 www.zyxel.cz ZyXEL Communications

info@cz.zyxel.com +420-241-091-359

support@zyxel.dk +45-39-55-07-00 www.zyxel.dk ZyXEL Communications A/S

sales@zyxel.dk +45-39-55-07-07

support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy

sales@zyxel.fi +358-9-4780 8448

info@zyxel.fr +33-4-72-52-97-97 www.zyxel.fr ZyXEL France

+33-4-72-52-19-20

support@zyxel.de +49-2405-6909-0 www.zyxel.de ZyXEL Deutschland GmbH.

sales@zyxel.de +49-2405-6909-99

support@zyxel.hu +36-1-3361649 www.zyxel.hu ZyXEL Hungary

info@zyxel.hu +36-1-3259100

http://zyxel.kz/support +7-3272-590-698 www.zyxel.kz ZyXEL Kazakhstan

sales@zyxel.kz +7-3272-590-689

support@zyxel.com 1-800-255-4101

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

ZyXEL Communications Corp. 6 Innovation Road II

Science Park Hsinchu 300 Ta iw a n

Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica

Czech s.r.o. Modranská 621 143 01 Praha 4 - Modrany Ceská Republika

Columbusvej 2860 Soeborg Denmark

Malminkaari 10 00700 Helsinki Finland

1 rue des Vergers Bat. 1 / C 69760 Limonest France

Adenauerstr. 20/A2 D-52146 Wuerselen Germany

48, Zoldlomb Str. H-1025, Budapest Hungary

43, Dostyk ave.,Office 414 Dostyk Business Centre 050010, Almaty Republic of Kazakhstan

1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.

Customer Support 6

P-202H Plus v2 User’s Guide

METHOD

LOCATION

NORWAY

POLAND

RUSSIA

SPAIN

SWEDEN

UKRAINE

UNITED KINGDOM

SUPPORT E-MAIL TELEPHONE WEB SITE

SALES E-MAIL FAX FTP SITE

support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S

sales@zyxel.no +47-22-80-61-81

info@pl.zyxel.com +48 (22) 333 8250 www.pl.zyxel.com ZyXEL Communications

+48 (22) 333 8251

http://zyxel.ru/support +7-095-542-89-29 www.zyxel.ru ZyXEL Russia

sales@zyxel.ru +7-095-542-89-25

support@zyxel.es +34-902-195-420 www.zyxel.es ZyXEL Communications

sales@zyxel.es +34-913-005-345

support@zyxel.se +46-31-744-7700 www.zyxel.se ZyXEL Communications A/S

sales@zyxel.se +46-31-744-7701

support@ua.zyxel.com +380-44-247-69-78 www.ua.zyxel.com ZyXEL Ukraine

sales@ua.zyxel.com +380-44-494-49-32

support@zyxel.co.uk +44-1344 303044

08707 555779 (UK only)

sales@zyxel.co.uk +44-1344 303034 ftp.zyxel.co.uk

www.zyxel.co.uk ZyXEL Communications UK

REGULAR MAIL

Nils Hansens vei 13 0667 Oslo Norway

ul. Okrzei 1A 03-715 Warszawa Poland

Ostrovityanova 37a Str. Moscow, 117279 Russia

Arte, 21 5ª planta 28033 Madrid Spain

Sjöporten 4, 41764 Göteborg Sweden

13, Pimonenko Str. Kiev, 04050 Ukraine

Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)

+” is the (prefix) number you enter to make an international telephone call.

7 Customer Support

P-202H Plus v2 User’s Guide

Copyright ..................................................................................................................2

Certifications ............................................................................................................3

Safety Warnings ....................................................................................................... 4

ZyXEL Limited Warranty.......................................................................................... 5

Customer Support.................................................................................................... 6

Table of Contents ..................................................................................................... 8

List of Figures ........................................................................................................ 20

List of Tables .......................................................................................................... 26

Preface ....................................................................................................................30

Chapter 1

Getting To Know Your ZyXEL Device.................................................................. 32

1.1 Introducing the ZyXEL Device ............................................................................32

1.2 Features .............................................................................................................32

1.3 Applications for the ZyXEL Device .....................................................................36

1.3.1 Internet Access .........................................................................................36

1.3.2 LAN-to-LAN Connection ...........................................................................36

1.3.3 Remote Access Server .............................................................................37

1.3.4 Secure Broadband Internet Access and VPN ...........................................37

1.4 Front Panel LEDs ...............................................................................................38

1.5 Hardware Connection ........................................................................................39

Chapter 2

Introducing the Web Configurator........................................................................ 40

2.1 Web Configurator Overview ...............................................................................40

2.2 Accessing the Web Configurator ........................................................................40

2.3 Resetting the ZyXEL Device ..............................................................................41

2.3.1 Using the Reset Button .............................................................................41

2.4 Navigating the Web Configurator .......................................................................42

2.4.1 Changing Login Password .......................................................................43

Table of Contents 8

P-202H Plus v2 User’s Guide

Chapter 3

Wizard Setup .......................................................................................................... 46

3.1 Introduction ........................................................................................................46

3.1.1 MSN (Multiple Subscriber Number) and Subaddress ...............................46

3.1.2 PABX Outside Line Prefix .........................................................................46

3.2 Wizard Setup ......................................................................................................46

3.2.1 Test Your Internet Connection ..................................................................53

Chapter 4

LAN Setup............................................................................................................... 54

4.1 LAN Overview ...................................................................................................54

4.1.1 LANs, WANs and the ZyXEL Device ........................................................54

4.1.2 DHCP Setup .............................................................................................54

4.1.3 DNS Server Address Assignment .............................................................55

4.2 LAN TCP/IP ........................................................................................................55

4.2.1 IP Address and Subnet Mask ...................................................................55

4.3 Configuring LAN Setup .....................................................................................56

4.1.2.1 IP Pool Setup ..................................................................................55

4.2.1.1 Private IP Addresses .......................................................................56

Chapter 5

WAN Setup.............................................................................................................. 60

5.1 WAN Overview ..................................................................................................60

5.1.1 PPP Multilink .............................................................................................60

5.1.2 Bandwidth on Demand .............................................................................60

5.1.3 IP Address Assignment ............................................................................60

5.2 Internet Access Setup .......................................................................................60

Chapter 6

Network Address Translation (NAT) Screens...................................................... 64

6.1 NAT Overview ...................................................................................................64

6.1.1 NAT Definitions .........................................................................................64

6.1.2 What NAT Does ........................................................................................65

6.1.3 How NAT Works .......................................................................................65

6.1.4 NAT Application ........................................................................................66

6.1.5 NAT Mapping Types .................................................................................66

6.2 SUA (Single User Account) Versus NAT ............................................................67

6.3 Selecting the NAT Mode ...................................................................................67

6.4 SUA Server ........................................................................................................68

6.4.1 Default Server IP Address ........................................................................69

6.4.2 Port Forwarding: Services and Port Numbers ..........................................69

6.4.3 Configuring Servers Behind NAT (Example) ............................................69

6.5 Configuring SUA Server ....................................................................................70

9 Table of Contents

P-202H Plus v2 User’s Guide

6.6 Configuring Address Mapping ...........................................................................71

6.6.1 Address Mapping Rule Edit .....................................................................72

Chapter 7

Dynamic DNS.......................................................................................................... 74

7.1 Dynamic DNS Overview ...................................................................................74

7.1.1 DYNDNS Wildcard ....................................................................................74

7.2 Configuring Dynamic DNS ................................................................................74

Chapter 8

Firewalls.................................................................................................................. 76

8.1 Firewall Overview ..............................................................................................76

8.2 Types of Firewalls ..............................................................................................76

8.2.1 Packet Filtering Firewalls ..........................................................................76

8.2.2 Application-level Firewalls ........................................................................76

8.2.3 Stateful Inspection Firewalls ....................................................................77

8.3 Introduction to ZyXEL’s Firewall .........................................................................77

8.3.1 Denial of Service Attacks ..........................................................................78

8.4 Denial of Service ................................................................................................78

8.4.1 Basics .......................................................................................................78

8.4.2 Types of DoS Attacks ...............................................................................79

8.4.2.1 ICMP Vulnerability ..........................................................................81

8.4.2.2 Illegal Commands (NetBIOS and SMTP) ........................................81

8.4.2.3 Traceroute .......................................................................................82

8.5 Stateful Inspection ..............................................................................................82

8.5.1 Stateful Inspection Process ......................................................................83

8.5.2 Stateful Inspection and the ZyXEL Device ................................................83

8.5.3 TCP Security .............................................................................................84

8.5.4 UDP/ICMP Security ..................................................................................84

8.5.5 Upper Layer Protocols ..............................................................................85

8.6 Guidelines for Enhancing Security with Your Firewall ........................................85

8.6.1 Security In General ...................................................................................85

8.7 Packet Filtering Vs Firewall ................................................................................86

8.7.1 Packet Filtering: ........................................................................................86

8.7.1.1 When To Use Filtering .....................................................................87

8.7.2 Firewall .....................................................................................................87

8.7.2.1 When To Use The Firewall ..............................................................87

Chapter 9

Firewall Configuration ........................................................................................... 88

9.1 Enabling the Firewall ..........................................................................................88

9.2 E-Mail .................................................................................................................88

9.3 Attack Alert .........................................................................................................90

Table of Contents 10

P-202H Plus v2 User’s Guide

9.3.1 Alerts .........................................................................................................90

9.3.2 Threshold Values ......................................................................................90

9.3.3 Half-Open Sessions ..................................................................................91

9.3.4 Configuring Firewall Alert .........................................................................91

9.4 Rules Overview ..................................................................................................93

9.5 Rule Logic Overview .........................................................................................93

9.5.1 Rule Checklist ...........................................................................................94

9.5.2 Security Ramifications ..............................................................................94

9.5.3 Key Fields For Configuring Rules .............................................................94

9.6 Connection Direction ..........................................................................................95

9.6.1 LAN to WAN Rules ...................................................................................95

9.6.2 WAN to LAN Rules ...................................................................................95

9.7 Firewall Rules Summary ...................................................................................95

9.7.1 Configuring Firewall Rules ......................................................................97

9.7.2 Source and Destination Addresses ..........................................................99

9.7.3 Customized Services .............................................................................100

9.7.4 Configuring A Customized Service .......................................................101

9.8 Timeout ............................................................................................................101

9.8.1 Factors Influencing Choices for Timeout Values .....................................102

9.9 Logs Screen .....................................................................................................103

9.10 Example Firewall Rule ...................................................................................104

9.11 Predefined Services .......................................................................................107

9.3.3.1 TCP Maximum Incomplete and Blocking Time ...............................91

9.5.3.1 Action ..............................................................................................94

9.5.3.2 Service ............................................................................................94

9.5.3.3 Source Address ...............................................................................95

9.5.3.4 Destination Address ........................................................................95

Chapter 10

Introduction to IPSec ........................................................................................... 110

10.1 VPN Overview ................................................................................................ 110

10.1.1 IPSec .................................................................................................... 110

10.1.2 Security ................................................................................................. 110

10.1.3 Other Terminology ................................................................................110

10.1.3.1 Encryption ...................................................................................110

10.1.3.2 Data Confidentiality ..................................................................... 111

10.1.3.3 Data Integrity ............................................................................... 111

10.1.3.4 Data Origin Authentication .......................................................... 111

10.1.4 VPN Applications .................................................................................. 111

10.2 IPSec Architecture ......................................................................................... 111

10.2.1 IPSec Algorithms ..................................................................................112

10.2.2 Key Management .................................................................................. 112

10.3 Encapsulation .................................................................................................112

11 Table of Contents

P-202H Plus v2 User’s Guide

10.3.1 Transport Mode ....................................................................................113

10.3.2 Tunnel Mode ......................................................................................... 113

10.4 IPSec and NAT ............................................................................................... 113

Chapter 11

VPN Screens....................................................................................................... 116

11.1 VPN/IPSec Overview .....................................................................................116

11.2 IPSec Algorithms ............................................................................................ 116

11.2.1 AH (Authentication Header) Protocol .................................................... 116

11.2.2 ESP (Encapsulating Security Payload) Protocol ...................................116

11.3 My IP Address ................................................................................................117

11.4 Secure Gateway IP Address ..........................................................................117

11.4.1 Dynamic Secure Gateway Address ...................................................... 118

11.5 VPN Summary Screen ...................................................................................118

11.6 Keep Alive ......................................................................................................120

11.7 ID Type and Content ......................................................................................120

11.7.1 ID Type and Content Examples ............................................................121

11.8 Pre-Shared Key ..............................................................................................122

11.9 VPN Rules ......................................................................................................122

11.10 IKE Phases ..................................................................................................126

11.10.1 Negotiation Mode ................................................................................127

11.10.2 Diffie-Hellman (DH) Key Groups .........................................................128

11.10.3 Perfect Forward Secrecy (PFS) ..........................................................128

11.11 Advanced IKE Settings .................................................................................128

11.12 Manual Key ..................................................................................................131

11.12.1 Security Parameter Index (SPI) ..........................................................131

11.13 Manual Key Screen ......................................................................................132

11.14 SA Monitor Screen .......................................................................................134

11.15 Global Setting Screen ..................................................................................135

11.16 Telecommuter VPN/IPSec Examples ...........................................................136

11.16.1 Telecommuters Sharing One VPN Rule Example ...............................136

11.16.2 Telecommuters Using Unique VPN Rules Example ...........................137

11.17 Logs ..............................................................................................................138

Chapter 12

NetCAPI................................................................................................................. 140

12.1 NetCAPI Overview .........................................................................................140

12.2 CAPI ...............................................................................................................140

12.2.1 ISDN-DCP ............................................................................................140

12.3 Configuring NetCAPI ......................................................................................141

12.3.1 Configuring the ZyXEL Device as a NetCAPI Server ...........................142

12.3.2 RVS-COM .............................................................................................142

12.3.3 Example of Installing a CAPI driver and Communication Software ......143

Table of Contents 12

P-202H Plus v2 User’s Guide

Chapter 13

Supplementary Phone Services.......................................................................... 144

13.1 Overview ........................................................................................................144

13.2 Setting Up Supplemental Phone Service .......................................................145

13.3 The Flash Key ................................................................................................145

13.4 Call Waiting ....................................................................................................145

13.4.1 How to Use Call Waiting .......................................................................145

13.5 Three Way Calling ..........................................................................................146

13.5.1 How to Use Three-Way Calling ............................................................146

13.6 Call Transfer ...................................................................................................146

13.6.1 How to Use Call Transfer ......................................................................146

13.6.2 To Do a Blind Transfer: .........................................................................147

13.7 Call Forwarding ..............................................................................................147

13.8 Reminder Ring ...............................................................................................147

13.9 Multiple Subscriber Number (MSN) ...............................................................148

13.10 Using MSN ...................................................................................................148

13.11 Terminal Portability (Suspend/Resume) .......................................................148

13.11.1 How to Suspend/Resume a Phone Call: .............................................148

13.4.1.1 Placing the Current Call on Hold .................................................145

13.4.1.2 Dropping the Current Call to Switch to an Incoming/Holding Call 145

13.5.1.1 To drop the last call added to the three-way call: ........................146

13.5.1.2 To drop yourself from the conference call: ..................................146

13.11.1.1 To suspend an active phone call ...............................................148

13.11.1.2 To resume your phone call ........................................................148

Chapter 14

Maintenance ......................................................................................................... 150

14.1 Maintenance Overview ...................................................................................150

14.2 System Status ................................................................................................150

14.2.1 System Statistics ...................................................................................152

14.3 DHCP Table Screen .......................................................................................153

14.4 Firmware Screen ...........................................................................................154

14.5 Budget Control ...............................................................................................157

Chapter 15

Introducing the SMT ............................................................................................158

15.1 SMT Introduction ............................................................................................158

15.2 Accessing the ZyXEL Device via Console Port ..............................................158

15.2.1 Initial Screen .........................................................................................158

15.2.2 Entering Password ................................................................................158

15.3 Procedure for SMT Configuration via Telnet ..................................................159

15.4 SMT Menu Overview ......................................................................................159

15.5 Navigating the SMT Interface .........................................................................161

13 Table of Contents

P-202H Plus v2 User’s Guide

15.5.1 System Management Terminal Interface Summary ..............................162

15.6 Changing the System Password ....................................................................163

Chapter 16

Menu 1 General Setup ......................................................................................... 166

16.1 General Setup ................................................................................................166

16.2 Procedure To Configure Menu 1 ....................................................................166

16.2.1 Procedure to Configure Dynamic DNS .................................................167

Chapter 17

Menu 2 ISDN Setup .............................................................................................. 170

17.1 ISDN Setup Overview ....................................................................................170

17.1.1 Supplementary Voice Services .............................................................170

17.1.2 ISDN Call Waiting .................................................................................170

17.1.3 PABX Outside Line Prefix .....................................................................170

17.1.4 Outgoing Calling Party Number ............................................................171

17.2 ISDN Setup ....................................................................................................171

17.2.1 ISDN Advanced Setup ..........................................................................173

17.2.2 Configuring Advanced Setup ................................................................174

17.3 NetCAPI .........................................................................................................175

17.3.1 Configuring NetCAPI ............................................................................175

Chapter 18

Menu 3 Ethernet Setup ........................................................................................ 178

18.1 Ethernet Setup ...............................................................................................178

18.1.1 General Ethernet Setup ........................................................................178

18.2 Ethernet TCP/IP and DHCP Server ...............................................................179

18.3 Configuring TCP/IP Ethernet Setup and DHCP .............................................179

18.3.1 IP Alias Setup .......................................................................................180

Chapter 19

Internet Access Setup ......................................................................................... 184

19.1 Introduction to Internet Access Setup ............................................................184

19.2 Internet Access Setup ....................................................................................184

Chapter 20

Remote Node Configuration ............................................................................... 186

20.1 Introduction to Remote Node Setup ...............................................................186

20.1.1 Minimum Toll Period .............................................................................186

20.2 Remote Node Profile Setup ...........................................................................186

20.3 Outgoing Authentication Protocol ...................................................................189

20.4 PPP Multilink ..................................................................................................190

20.5 Bandwidth on Demand ...................................................................................190

Table of Contents 14

P-202H Plus v2 User’s Guide

20.6 Editing PPP Options .......................................................................................191

20.7 LAN-to-LAN Application .................................................................................192

20.8 Configuring Network Layer Options ...............................................................193

20.9 Remote Node Filter ........................................................................................195

Chapter 21

Static Route Setup ............................................................................................... 198

21.1 Static Route .................................................................................................198

21.2 IP Static Route Setup .....................................................................................198

Chapter 22

Dial-in Setup ......................................................................................................... 202

22.1 Dial-in Users Overview ...................................................................................202

22.2 Default Dial-in User Setup ..............................................................................202

22.2.1 CLID Callback Support For Dial-In Users .............................................202

22.3 Setting Up Default Dial-in ...............................................................................203

22.3.1 Default Dial-in Filter ..............................................................................205

22.4 Callback Overview .........................................................................................205

22.5 Dial-In User Setup ..........................................................................................206

22.6 Telecommuting Application With Windows Example ......................................207

22.7 LAN-to-LAN Server Application Example .......................................................209

22.7.1 Configuring Callback in LAN-to-LAN Application ..................................209

22.7.2 Configuring With CLID in LAN-to-LAN Application ...............................211

Chapter 23

Network Address Translation (NAT)................................................................... 214

23.1 Using NAT ......................................................................................................214

23.1.1 SUA (Single User Account) Versus NAT ..............................................214

23.2 Applying NAT .................................................................................................214

23.3 NAT Setup ......................................................................................................216

23.3.1 Address Mapping Sets ..........................................................................216

23.3.1.1 User-Defined Address Mapping Sets ..........................................218

23.3.1.2 Ordering Your Rules ....................................................................219

23.4 Configuring a Server behind NAT ..................................................................220

23.5 General NAT Examples ..................................................................................222

23.5.1 Example 1: Internet Access Only ..........................................................222

23.5.2 Example 2: Internet Access with an Inside Server ...............................223

23.5.3 Example 3: Multiple Public IP Addresses With Inside Servers .............223

23.5.4 Example 4: NAT Unfriendly Application Programs ...............................227

Chapter 24

Enabling the Firewall ...........................................................................................230

24.1 Remote Management and the Firewall ..........................................................230

15 Table of Contents

P-202H Plus v2 User’s Guide

24.2 Access Methods .............................................................................................230

24.3 Enabling the Firewall ......................................................................................230

24.3.1 Viewing the Firewall Log .......................................................................231

24.3.2 Example E-mail Log ..............................................................................233

Chapter 25

Filter Configuration.............................................................................................. 234

25.1 Introduction to Filters ......................................................................................234

25.1.1 The Filter Structure of the ZyXEL Device .............................................235

25.2 Configuring a Filter Set ..................................................................................236

25.2.1 Filter Rules Summary Menus ...............................................................239

25.2.2 Configuring a Filter Rule .......................................................................240

25.2.3 Configuring a TCP/IP Filter Rule ..........................................................240

25.2.4 Configuring a Generic Filter Rule .........................................................243

25.3 Example Filter ................................................................................................245

25.4 Filter Types and NAT ......................................................................................247

25.5 Firewall Versus Filters ....................................................................................248

25.6 Applying a Filter ............................................................................................248

25.6.1 Applying LAN Filters .............................................................................248

25.6.2 Applying Remote Node Filters ..............................................................249

Chapter 26

SNMP Configuration ............................................................................................ 250

26.1 About SNMP ..................................................................................................250

26.2 Supported MIBs ............................................................................................251

26.3 SNMP Configuration ......................................................................................251

26.4 SNMP Traps ...................................................................................................252

Chapter 27

System Security ................................................................................................... 254

27.1 System Security .............................................................................................254

27.2 System Password ..........................................................................................254

27.3 RADIUS ..........................................................................................................254

27.4 Configuring External Server ...........................................................................255

Chapter 28

System Information and Diagnosis .................................................................... 258

28.1 System Status ................................................................................................258

28.2 System Information and Console Port Speed ................................................260

28.2.1 System Information ...............................................................................260

28.2.2 Console Port Speed ..............................................................................261

28.3 Log and Trace ................................................................................................262

28.3.1 Viewing Error Log .................................................................................262

Table of Contents 16

P-202H Plus v2 User’s Guide

28.3.2 Unix Syslog ...........................................................................................263

28.3.3 Accounting Server ................................................................................266

28.3.4 Call-Triggering Packet ..........................................................................267

28.4 Diagnostic ......................................................................................................268

Chapter 29

Firmware and Configuration File Maintenance ................................................. 270

29.1 Filename Conventions ...................................................................................270

29.2 Backup Configuration .....................................................................................271

29.2.1 Backup Configuration ...........................................................................271

29.2.2 Using the FTP Command from the Command Line ..............................272

29.2.3 Example of FTP Commands from the Command Line .........................272

29.2.4 GUI-based FTP Clients .........................................................................273

29.2.5 Remote Management Limitations .........................................................273

29.2.6 Backup Configuration Using TFTP .......................................................273

29.2.7 TFTP Command Example ....................................................................274

29.2.8 GUI-based TFTP Clients ......................................................................274

29.2.9 Backup Via Console Port ......................................................................275

29.3 Restore Configuration ....................................................................................276

29.3.1 Restore Using FTP ...............................................................................276

29.3.2 Restore Using FTP Session Example ..................................................277

29.3.3 Restore Via Console Port .....................................................................277

29.4 Uploading Firmware and Configuration Files .................................................278

29.4.1 Firmware File Upload ............................................................................278

29.4.2 Configuration File Upload .....................................................................279

29.4.3 FTP File Upload Command from the DOS Prompt Example ................280

29.4.4 FTP Session Example of Firmware File Upload ...................................280

29.4.5 TFTP File Upload ..................................................................................280

29.4.6 TFTP Upload Command Example ........................................................281

29.4.7 Uploading Via Console Port ..................................................................281

29.4.8 Uploading Firmware File Via Console Port ...........................................281

29.4.9 Example Xmodem Firmware Upload Using HyperTerminal ..................282

29.4.10 Uploading Configuration File Via Console Port ..................................282

29.4.11 Example Xmodem Configuration Upload Using HyperTerminal .........283

28.3.2.1 CDR ............................................................................................264

28.3.2.2 Packet triggered ..........................................................................265

28.3.2.3 Filter log .....................................................................................265

28.3.2.4 PPP log ......................................................................................266

28.3.2.5 POTS log .....................................................................................266

Chapter 30

System Maintenance............................................................................................ 284

30.1 Command Interpreter Mode ...........................................................................284

17 Table of Contents

P-202H Plus v2 User’s Guide

30.1.1 Command Syntax .................................................................................284

30.1.2 Command Usage ..................................................................................285

30.2 Call Control Support .......................................................................................285

30.2.1 Call Control Parameters .......................................................................286

30.2.2 Black List ..............................................................................................286

30.2.3 Budget Management ............................................................................287

30.2.4 Call History ...........................................................................................288

30.3 Time and Date Setting ....................................................................................289

30.3.1 Resetting the Time ................................................................................290

Chapter 31

Remote Management ........................................................................................... 292

31.1 Remote Management .....................................................................................292

31.1.1 Remote Management Limitations .........................................................293

31.2 Remote Management and NAT ......................................................................293

31.3 System Timeout .............................................................................................294

Chapter 32

Call Scheduling .................................................................................................... 296

32.1 Introduction to Call Scheduling ......................................................................296

Chapter 33

VPN/IPSec Setup .................................................................................................. 300

33.1 VPN/IPSec Overview .....................................................................................300

33.2 IPSec Summary Screen .................................................................................301

33.3 IPSec Setup ...................................................................................................303

33.4 IKE Setup .......................................................................................................306

33.5 Manual Setup .................................................................................................308

33.5.1 Active Protocol ......................................................................................308

Chapter 34

SA Monitor ............................................................................................................ 312

34.1 SA Monitor Overview .....................................................................................312

34.2 Using SA Monitor ...........................................................................................312

Chapter 35

IPSec Log.............................................................................................................. 314

35.1 IPSec Logs .....................................................................................................314

Chapter 36

Troubleshooting ................................................................................................... 318

36.1 Problems Starting Up the ZyXEL Device .......................................................318

36.2 Problems with the LAN ...................................................................................318

Table of Contents 18

P-202H Plus v2 User’s Guide

36.3 Problems with the ISDN Line .........................................................................319

36.4 Problems with Remote User Dial-in ...............................................................319

36.5 Problems Accessing the ZyXEL Device .........................................................320

Appendix A

Product Specifications ....................................................................................... 322

Appendix B

Wall-mounting Instructions................................................................................. 324

Appendix C

Log Descriptions.................................................................................................. 326

Appendix D

Setting up Your Computer’s IP Address............................................................ 338

Windows 95/98/Me................................................................................................. 338

Windows 2000/NT/XP ............................................................................................ 341

Macintosh OS 8/9................................................................................................... 346

Macintosh OS X ..................................................................................................... 348

Linux....................................................................................................................... 349

36.5.1 Verifying Settings ..................................................................................353

Appendix E

IP Addresses and Subnetting ............................................................................. 354

Introduction to IP Addresses .................................................................................. 354

Subnet Masks ........................................................................................................ 356

Subnetting .............................................................................................................. 356

Example: Two Subnets .......................................................................................... 357

Example: Four Subnets.......................................................................................... 358

Example Eight Subnets.......................................................................................... 359

Subnetting With Class A and Class B Networks. ................................................... 360

Appendix F

Pop-up Windows, JavaScripts and Java Permissions ..................................... 362

Internet Explorer Pop-up Blockers ......................................................................... 362

JavaScripts............................................................................................................. 365

Index...................................................................................................................... 370

19 Table of Contents

P-202H Plus v2 User’s Guide

List of Figures

Figure 1 Internet Access Application ................................................................................... 36

Figure 2 LAN-to-LAN Application Example ......................................................................... 37

Figure 3 Remote Access ..................................................................................................... 37

Figure 4 Secure Internet Access and VPN Application ....................................................... 38

Figure 5 Front Panel ..........................................................................................................38

Figure 6 Password Screen .................................................................................................. 41

Figure 7 Change Password at Login ................................................................................... 41

Figure 8 Web Configurator: Main Screen .......................................................................... 42

Figure 9 Password .............................................................................................................44

Figure 10 Wizard 1: ISDN Line Set Up ............................................................................... 47

Figure 11 Wizard 2: ISP Parameters For Internet Access .................................................. 49

Figure 12 Wizard 3: Summary ........................................................................................... 51

Figure 13 Wizard: LAN Configuration ................................................................................ 51

Figure 14 Wizard 4 ............................................................................................................. 52

Figure 15 LAN and WAN IP Addresses .............................................................................. 54

Figure 16 LAN Setup .......................................................................................................... 57

Figure 17 WAN Setup ........................................................................................................ 61

Figure 18 How NAT Works .................................................................................................. 65

Figure 19 NAT Application With IP Alias ............................................................................. 66

Figure 20 NAT Mode ......................................................................................................... 68

Figure 21 Multiple Servers Behind NAT Example ............................................................... 70

Figure 22 Edit SUA/NAT Server Set ................................................................................... 70

Figure 23 Address Mapping Rules ...................................................................................... 71

Figure 24 Edit Address Mapping Rule .............................................................................. 72

Figure 25 Dynamic DNS ..................................................................................................... 75

Figure 26 Firewall Application ............................................................................................. 78

Figure 27 Three-Way Handshake ....................................................................................... 79

Figure 28 SYN Flood ........................................................................................................... 80

Figure 29 Smurf Attack ....................................................................................................... 81

Figure 30 Stateful Inspection ............................................................................................... 82

Figure 31 Enabling the Firewall ........................................................................................... 88

Figure 32 Firewall > E-mail ................................................................................................ 89

Figure 33 Firewall > Alert ................................................................................................... 92

Figure 34 Firewall > Rule Summary ................................................................................... 96

Figure 35 Firewall > Edit a Rule .......................................................................................... 98

Figure 36 Firewall > Source and Destination Addresses .................................................... 99

Figure 37 Firewall > Customized Services .......................................................................... 100

Figure 38 Firewall > Configure Customized Services ......................................................... 101

List of Figures 20

P-202H Plus v2 User’s Guide

Figure 39 Firewall > Timeout ............................................................................................... 102

Figure 40 Firewall > Logs ................................................................................................... 103

Figure 41 Firewall Example: Edit Rule ................................................................................ 105

Figure 42 Firewall Example: Configure Source IP ............................................................. 105

Figure 43 Firewall Example: Customized Service ............................................................. 105

Figure 44 Firewall Example: Edit Rule: Select Customized Services ................................. 106

Figure 45 Firewall Example: Rule Summary ...................................................................... 107

Figure 46 Encryption and Decryption .................................................................................. 111

Figure 47 IPSec Architecture .............................................................................................. 112

Figure 48 Transport and Tunnel Mode IPSec Encapsulation .............................................. 113

Figure 49 IPSec Summary Fields ....................................................................................... 118

Figure 50 VPN Summary .................................................................................................... 119

Figure 51 Mismatching ID Type and Content Configuration Example ................................ 121

Figure 52 VPN Rule Setup .................................................................................................. 123

Figure 53 Two Phases to Set Up the IPSec SA .................................................................. 127

Figure 54 Advanced Rule Setup ......................................................................................... 129

Figure 55 Rule Setup with Manual Key ............................................................................... 132

Figure 56 SA Monitor .......................................................................................................... 135

Figure 57 Global Setting ..................................................................................................... 135

Figure 58 Telecommuters Sharing One VPN Rule Example ............................................... 137

Figure 59 Telecommuters Using Unique VPN Rules Example ........................................... 138

Figure 60 VPN Logs ............................................................................................................ 139

Figure 61 NetCAPI ..............................................................................................................141

Figure 62 Configuration Example ........................................................................................ 142

Figure 63 System Status ..................................................................................................... 151

Figure 64 System Status > Show Statistics ......................................................................... 152

Figure 65 DHCP Table ........................................................................................................ 154

Figure 66 Firmware Upgrade .............................................................................................. 155

Figure 67 Firmware Upload In Progress ............................................................................. 156

Figure 68 Network Temporarily Disconnected .................................................................... 156

Figure 69 Error Message .................................................................................................... 156

Figure 70 Budget Control .................................................................................................... 157

Figure 71 Initial Screen .......................................................................................................158

Figure 72 Login Screen ....................................................................................................... 159

Figure 73 SMT Main Menu .................................................................................................. 162

Figure 74 Menu 23 System Password ................................................................................ 163

Figure 75 Menu 1 General Setup. ....................................................................................... 166

Figure 76 Menu 1.1 Configure Dynamic DNS .................................................................... 167

Figure 77 ZyXEL Device Behind a PABX ............................................................................ 171

Figure 78 Menu 2 ISDN Setup ........................................................................................... 172

Figure 79 Menu 2.1 ISDN Advanced Setup ....................................................................... 173

Figure 80 Loopback Test ..................................................................................................... 175

Figure 81 Menu 2.2 NetCAPI Setup ................................................................................... 175

21 List of Figures

P-202H Plus v2 User’s Guide

Figure 82 Menu 3 Ethernet Setup ....................................................................................... 178

Figure 83 Menu 3.1 LAN Port Filter Setup. ......................................................................... 178

Figure 84 Menu 3.2 TCP/IP and DHCP Ethernet Setup ..................................................... 179

Figure 85 Physical Network & Partitioned Logical Networks .............................................. 181

Figure 86 Menu 3.2.1 IP Alias Setup .................................................................................. 181

Figure 87 Menu 4 Internet Access Setup ............................................................................ 184

Figure 88 Menu 11 Remote Node Setup ............................................................................. 187

Figure 89 Menu 11.1 Remote Node Profile ......................................................................... 187

Figure 90 Menu 11.2 Remote Node PPP Options .............................................................. 191

Figure 91 TCP/IP LAN-to-LAN Application ......................................................................... 192

Figure 92 Menu 11.3 Remote Node Network Layer Options .............................................. 194

Figure 93 Menu 11.5 Remote Node Filter ........................................................................... 196

Figure 94 Example of Static Routing Topology ................................................................... 198

Figure 95 Menu 12 IP Static Route Setup .......................................................................... 199

Figure 96 Menu12.1 Edit IP Static Route ............................................................................ 199

Figure 97 Menu 13 Default Dial-in Setup ............................................................................ 203

Figure 98 Menu 13.1 Default Dial-in Filter .......................................................................... 205

Figure 99 Menu 14 Dial-in User Setup ................................................................................ 206

Figure 100 Menu 14.1 Edit Dial-in User .............................................................................. 206

Figure 101 Example of Telecommuting ............................................................................... 208

Figure 102 Configuring Menu 13 for Remote Access ......................................................... 208

Figure 103 Edit Dial-in-User Example ................................................................................. 209

Figure 104 Example of a LAN-to-LAN Server Application .................................................. 209

Figure 105 LAN 1 LAN-to-LAN Application ......................................................................... 210

Figure 106 LAN 2 LAN-to-LAN Application ......................................................................... 210

Figure 107 Testing Callback With Your Connection ............................................................ 211

Figure 108 Callback With CLID Configuration .................................................................... 211

Figure 109 Configuring CLID With Callback ....................................................................... 212

Figure 110 Callback and CLID Connection Test ................................................................. 212

Figure 111 Menu 4: Applying NAT for Internet Access ........................................................ 215

Figure 112 Menu 11.3 Applying NAT to the Remote Node .................................................. 215

Figure 113 Menu 15 NAT Setup .......................................................................................... 216

Figure 114 Menu 15.1 Address Mapping Sets .................................................................... 217

Figure 115 Menu 15.1.255 SUA Address Mapping Rules .................................................. 217

Figure 116 Menu 15.1.1 First Set ........................................................................................ 218

Figure 117 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ......................... 219

Figure 118 Menu 15.2 NAT Server Sets .............................................................................. 220

Figure 119 Menu 15.2.1 NAT Server Setup ........................................................................ 221

Figure 120 Multiple Servers Behind NAT Example ............................................................. 221

Figure 121 NAT Example 1 ................................................................................................. 222

Figure 122 Menu 4 Internet Access & NAT Example ......................................................... 222

Figure 123 NAT Example 2 ................................................................................................. 223

Figure 124 Menu 15.2.1 Specifying an Inside Server ......................................................... 223

List of Figures 22

P-202H Plus v2 User’s Guide

Figure 125 NAT Example 3 ................................................................................................. 224

Figure 126 NAT Example 3: Menu 11.3 .............................................................................. 225

Figure 127 Example 3: Menu 15.1.1.1 ............................................................................... 225

Figure 128 Example 3: Final Menu 15.1.1 .......................................................................... 226

Figure 129 Example 3: Menu 15.2 ...................................................................................... 226

Figure 130 NAT Example 4 ................................................................................................. 227

Figure 131 Example 4: Menu 15.1.1.1 Address Mapping Rule. .......................................... 227

Figure 132 Example 4: Menu 15.1.1 Address Mapping Rules ............................................ 228

Figure 133 Menu 21.2 Firewall Setup ................................................................................. 231

Figure 134 Example Firewall Log ........................................................................................ 231

Figure 135 Outgoing Packet Filtering Process .................................................................... 234

Figure 136 Filter Rule Process ............................................................................................ 236

Figure 137 Menu 21: Filter and Firewall Setup ................................................................... 237

Figure 138 Menu 21.1: Filter Set Configuration .................................................................. 237

Figure 139 NetBIOS_WAN Filter Rules Summary .............................................................. 238

Figure 140 NetBIOS _LAN Filter Rules Summary .............................................................. 238

Figure 141 Telnet WAN Filter Rules Summary .................................................................... 238

Figure 142 FTP_WAN Filter Rules Summary ..................................................................... 239

Figure 143 Menu 21.1.1.1 TCP/IP Filter Rule. .................................................................... 241

Figure 144 Executing an IP Filter ........................................................................................ 243

Figure 145 Menu 21.1.4.1 Generic Filter Rule .................................................................... 244

Figure 146 Telnet Filter Example ........................................................................................ 245

Figure 147 Example Filter: Menu 21.1.3.1 .......................................................................... 246

Figure 148 Example Filter Rules Summary: Menu 21.1.3 .................................................. 247

Figure 149 Protocol and Device Filter Sets ......................................................................... 248

Figure 150 Filtering LAN Traffic .......................................................................................... 249

Figure 151 Filtering Remote Node Traffic ........................................................................... 249

Figure 152 SNMP Management Model ............................................................................... 250

Figure 153 Menu 22 SNMP Configuration .......................................................................... 251

Figure 154 Menu 23 System Security ................................................................................. 254

Figure 155 RADIUS Server ................................................................................................. 255

Figure 156 Menu 23.2 System Security : External Server .................................................. 255

Figure 157 Menu 24 System Maintenance ......................................................................... 258

Figure 158 Menu 24.1 System Maintenance : Status ......................................................... 259

Figure 159 Menu 24.2 System Information and Console Port Speed ............................... 260

Figure 160 Menu 24.2.1 System Maintenance : Information ............................................. 261

Figure 161 Menu 24.2.2 System Maintenance : Change Console Port Speed ................... 262

Figure 162 Menu 24.3 System Maintenance Log and Trace .............................................. 262

Figure 163 Sample Error and Information Messages ......................................................... 263

Figure 164 Menu 24.3.2 - System Maintenance - UNIX Syslog .......................................... 263

Figure 165 Menu 24.3.3 System Maintenance : Accounting Server ................................... 266

Figure 166 Call-Triggering Packet Example ........................................................................ 267

Figure 167 Menu 24.4 System Maintenance : Diagnostic ................................................... 268

23 List of Figures

P-202H Plus v2 User’s Guide

Figure 168 Display for a Successful Manual Call ................................................................ 269

Figure 169 Telnet in Menu 24.5 ........................................................................................... 272

Figure 170 FTP Session Example ...................................................................................... 272

Figure 171 System Maintenance: Backup Configuration .................................................... 275

Figure 172 System Maintenance: Starting Xmodem Download Screen ............................. 275

Figure 173 Backup Configuration Example ......................................................................... 275

Figure 174 Successful Backup Confirmation Screen .......................................................... 276

Figure 175 Telnet into Menu 24.6. ....................................................................................... 276

Figure 176 Restore Using FTP Session Example ............................................................... 277

Figure 177 System Maintenance: Restore Configuration ................................................... 277

Figure 178 System Maintenance: Starting Xmodem Download Screen ............................. 277

Figure 179 Restore Configuration Example ........................................................................ 278

Figure 180 Successful Restoration Confirmation Screen ................................................... 278

Figure 181 System Maintenance Upload Firmware ............................................................ 278

Figure 182 Menu 24.7.1 Upload System Firmware ............................................................. 279

Figure 183 Menu 24.7.2 System Maintenance: Upload System Configuration File ........... 279

Figure 184 FTP Session Example of Firmware File Upload ............................................... 280

Figure 185 Menu 24.7.1 As Seen Using the Console Port ................................................. 282

Figure 186 Example Xmodem Upload ................................................................................ 282

Figure 187 Menu 24.7.2 As Seen Using the Console Port ................................................ 283

Figure 188 Example Xmodem Upload ................................................................................ 283

Figure 189 Command Mode in Menu 24 ............................................................................. 284

Figure 190 Valid Commands ............................................................................................... 285

Figure 191 Menu 24.9 System Maintenance : Call Control ................................................. 285

Figure 192 Menu 24.9.1 Call Control Parameters ............................................................... 286

Figure 193 Menu 24.9.2 Blacklist ........................................................................................ 287

Figure 194 Menu 24.9.3 - Budget Management ................................................................ 287

Figure 195 Menu 24.9.4 - Call History ................................................................................ 288

Figure 196 Menu 24: System Maintenance ....................................................................... 289

Figure 197 Menu 24.10 System Maintenance: Time and Date Setting ............................... 290

Figure 198 Menu 24.11 – Remote Management Control .................................................... 292

Figure 199 Menu 26 Schedule Setup .................................................................................. 296

Figure 200 Menu 26.1 Schedule Set Setup ....................................................................... 297

Figure 201 Applying Schedule Set(s) to a Remote Node ................................................... 298

Figure 202 VPN SMT Menu Tree ........................................................................................ 300

Figure 203 Menu 27 VPN/IPSec Setup ............................................................................... 301

Figure 204 Menu 27 ............................................................................................................ 301

Figure 205 Menu 27.1.1 IPSec Setup ................................................................................. 303

Figure 206 Menu 27.1.1.1 IKE Setup .................................................................................. 307

Figure 207 Menu 27.1.1.2 Manual Setup ............................................................................ 309

Figure 208 Menu 27.2 SA Monitor ...................................................................................... 312

Figure 209 Example VPN Initiator IPSec Log ..................................................................... 314

Figure 210 Example VPN Responder IPSec Log ............................................................... 315

List of Figures 24

P-202H Plus v2 User’s Guide

Figure 211 Wall-mounting Example .................................................................................... 324

Figure 212 WIndows 95/98/Me: Network: Configuration ..................................................... 339

Figure 213 Windows 95/98/Me: TCP/IP Properties: IP Address ......................................... 340

Figure 214 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............................ 341

Figure 215 Windows XP: Start Menu .................................................................................. 342

Figure 216 Windows XP: Control Panel .............................................................................. 342

Figure 217 Windows XP: Control Panel: Network Connections: Properties ....................... 343

Figure 218 Windows XP: Local Area Connection Properties .............................................. 343

Figure 219 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 344

Figure 220 Windows XP: Advanced TCP/IP Properties ...................................................... 345

Figure 221 Windows XP: Internet Protocol (TCP/IP) Properties ......................................... 346

Figure 222 Macintosh OS 8/9: Apple Menu ........................................................................ 347

Figure 223 Macintosh OS 8/9: TCP/IP ................................................................................ 347

Figure 224 Macintosh OS X: Apple Menu ........................................................................... 348

Figure 225 Macintosh OS X: Network ................................................................................. 349

Figure 226 Red Hat 9.0: KDE: Network Configuration: Devices ........................................ 350

Figure 227 Red Hat 9.0: KDE: Ethernet Device: General ................................................. 350

Figure 228 Red Hat 9.0: KDE: Network Configuration: DNS ............................................. 351

Figure 229 Red Hat 9.0: KDE: Network Configuration: Activate ................................. 351

Figure 230 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 .............................. 352

Figure 231 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0 .................................. 352

Figure 232 Red Hat 9.0: DNS Settings in resolv.conf ...................................................... 352

Figure 233 Red Hat 9.0: Restart Ethernet Card ................................................................ 353

Figure 234 Red Hat 9.0: Checking TCP/IP Properties ...................................................... 353

Figure 235 Pop-up Blocker ................................................................................................. 362

Figure 236 Internet Options ............................................................................................... 363

Figure 237 Internet Options ................................................................................................ 364

Figure 238 Pop-up Blocker Settings ................................................................................... 365

Figure 239 Internet Options ................................................................................................ 366

Figure 240 Security Settings - Java Scripting ..................................................................... 367

Figure 241 Security Settings - Java .................................................................................... 368

Figure 242 Java (Sun) ......................................................................................................... 369

25 List of Figures

P-202H Plus v2 User’s Guide

List of Tables

Table 1 Front Panel LEDs .................................................................................................. 39

Table 2 Web Configurator Screens Summary .................................................................... 42

Table 3 Password ............................................................................................................... 44

Table 4 Wizard 1: ISDN Line Set Up .................................................................................. 47

Table 5 Wizard 2: ISP Parameters For Internet Access ..................................................... 49

Table 6 Wizard: LAN Configuration .................................................................................... 52

Table 7 LAN Setup .............................................................................................................57

Table 8 WAN Setup ............................................................................................................ 61

Table 9 NAT Definitions ...................................................................................................... 64

Table 10 NAT Mapping Types ............................................................................................ 67

Table 11 NAT Mode ............................................................................................................ 68

Table 12 Services and Port Numbers ................................................................................. 69

Table 13 Edit SUA/NAT Server Set .................................................................................... 71

Table 14 Address Mapping Rules ...................................................................................... 72

Table 15 Edit Address Mapping Rule ................................................................................. 73

Table 16 Dynamic DNS ...................................................................................................... 75

Table 17 Common IP Ports ................................................................................................ 78

Table 18 ICMP Commands That Trigger Alerts .................................................................. 81

Table 19 Legal NetBIOS Commands ................................................................................. 81

Table 20 Legal SMTP Commands .................................................................................... 81

Table 21 Firewall > E-mail .................................................................................................. 89

Table 22 Firewall > Alert .....................................................................................................92

Table 23 Firewall > Rule Summary .................................................................................... 96

Table 24 Firewall > Edit a Rule .......................................................................................... 98

Table 25 Firewall > Source and Destination Addresses ..................................................... 99

Table 26 Firewall > Customized Services .......................................................................... 100

Table 27 Firewall > Configure Customized Services .......................................................... 101

Table 28 Firewall > Timeout ............................................................................................... 102

Table 29 Firewall > Logs .................................................................................................... 103

Table 30 Predefined Services ........................................................................................... 107

Table 31 VPN and NAT ...................................................................................................... 114

Table 32 AH and ESP ........................................................................................................ 117

Table 33 VPN Summary ..................................................................................................... 119

Table 34 Local ID Type and Content Fields ....................................................................... 120

Table 35 Peer ID Type and Content Fields ........................................................................ 121

Table 36 Matching ID Type and Content Configuration Example ....................................... 121

Table 37 VPN Rule Setup .................................................................................................. 123

Table 38 Advanced Rule Setup .......................................................................................... 129

List of Tables 26

P-202H Plus v2 User’s Guide

Table 39 Rule Setup with Manual Key ............................................................................... 132

Table 40 SA Monitor ...........................................................................................................135

Table 41 Global Setting ...................................................................................................... 136

Table 42 Telecommuter and Headquarters Configuration Example ................................... 136

Table 43 VPN Logs ............................................................................................................ 139

Table 44 NetCAPI ............................................................................................................... 141

Table 45 Supplemental Services In Europe ....................................................................... 144

Table 46 Phone Flash Commands ..................................................................................... 147

Table 47 System Status ...................................................................................................... 151

Table 48 System Status > Show Statistics ......................................................................... 152

Table 49 DHCP Table ......................................................................................................... 154

Table 50 Firmware Upgrade ............................................................................................... 155

Table 51 Budget Control ..................................................................................................... 157

Table 52 SMT Menus Overview ......................................................................................... 159

Table 53 Main Menu Commands ....................................................................................... 161

Table 54 Main Menu Summary .......................................................................................... 162

Table 55 Menu 1 General Setup ........................................................................................ 167

Table 56 Menu 1.1 Configure Dynamic DNS ..................................................................... 168

Table 57 Menu 2 ISDN Setup ............................................................................................. 172

Table 58 Menu 2.1 ISDN Advanced Setup ......................................................................... 174

Table 59 Menu 2.2 NetCAPI Setup .................................................................................... 176

Table 60 DHCP Ethernet Setup Fields ............................................................................... 179

Table 61 Menu 3.2: LAN TCP/IP Setup Fields ................................................................... 180

Table 62 Menu 3.2.1 IP Alias Setup ................................................................................... 181

Table 63 Internet Access Setup ......................................................................................... 185

Table 64 Menu 11.1 Remote Node Profile ......................................................................... 187

Table 65 BTR vs MTR for BOD .......................................................................................... 190

Table 66 Menu 11.2 Remote Node PPP Options ............................................................... 191

Table 67 TCP/IP-related Fields in Remote Node Profile .................................................... 194

Table 68 Menu 11.3 Remote Node Network Layer Options ............................................... 194

Table 69 Menu12.1 Edit IP Static Route ............................................................................. 199

Table 70 Remote Dial-in Users/Remote Nodes Comparison Chart ................................... 202

Table 71 Menu 13 Default Dial-in Setup ............................................................................. 203

Table 72 Menu 14.1 Edit Dial-in User ................................................................................. 207

Table 73 Applying NAT in Menus 4 & 11.3 ......................................................................... 216

Table 74 Menu 15.1.255 SUA Address Mapping Rules ..................................................... 217

Table 75 Menu 15.1.1 First Set .......................................................................................... 219

Table 76 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set ........................... 220

Table 77 View Firewall Log ................................................................................................ 232

Table 78 Abbreviations Used in the Filter Rules Summary Menu ...................................... 239

Table 79 Rule Abbreviations Used ..................................................................................... 240

Table 80 Menu 21.1.x.x TCP/IP Filter Rule ........................................................................ 241

Table 81 Menu 21.1.x.x Generic Filter Rule Menu Fields .................................................. 244

27 List of Tables

P-202H Plus v2 User’s Guide

Table 82 Menu 22 SNMP Configuration ............................................................................. 252

Table 83 SNMP Traps ........................................................................................................ 252

Table 84 Ports and Permanent Virtual Circuits ................................................................... 252

Table 85 Menu 23.2 System Security : External Server ..................................................... 255

Table 86 System Maintenance: Status Menu Fields .......................................................... 259

Table 87 Menu 24.2.1 System Maintenance : Information ................................................. 261

Table 88 Menu 24.3.2 System Maintenance : Syslog and Accounting .............................. 263

Table 89 Menu 24.3.3 System Maintenance : Accounting Server ...................................... 266

Table 90 System Maintenance Menu Diagnostic ............................................................... 268

Table 91 Filename Conventions ......................................................................................... 271

Table 92 General Commands for GUI-based FTP Clients ................................................. 273

Table 93 General Commands for GUI-based TFTP Clients ............................................... 274

Table 94 Menu 24.9.1 Call Control Parameters ................................................................. 286

Table 95 Menu 24.9.1 - Budget Management .................................................................... 288

Table 96 Call History Fields ................................................................................................ 289

Table 97 Time and Date Setting Fields .............................................................................. 290

Table 98 Menu 24.11 – Remote Management Control ....................................................... 293

Table 99 Menu 26.1 Schedule Set Setup ........................................................................... 297

Table 100 Menu 27.1 IPSec Summary ............................................................................... 301

Table 101 Menu 27.1.1 IPSec Setup .................................................................................. 304

Table 102 Menu 27.1.1.1 IKE Setup .................................................................................. 307

Table 103 Active Protocol: Encapsulation and Security Protocol ....................................... 308

Table 104 Menu 27.1.1.2 Manual Setup ............................................................................ 309

Table 105 Menu 27.2 SA Monitor ....................................................................................... 313

Table 106 Sample IKE Key Exchange Logs ....................................................................... 315

Table 107 Sample IPSec Logs During Packet Transmission ............................................. 316

Table 108 RFC-2408 ISAKMP Payload Types ................................................................... 317

Table 109 Troubleshooting Starting Up Your ZyXEL Device .............................................. 318

Table 110 Troubleshooting the LAN ................................................................................... 318

Table 111 Troubleshooting the ISDN Line .......................................................................... 319

Table 112 Troubleshooting Remote User Dial-in ................................................................ 319

Table 113 Troubleshooting Accessing the ZyXEL Device .................................................. 320

Table 114 Device ................................................................................................................ 322

Table 115 Firmware ............................................................................................................322

Table 116 System Maintenance Logs ................................................................................ 326

Table 117 System Error Logs ............................................................................................. 326

Table 118 Access Control Logs .......................................................................................... 327

Table 119 TCP Reset Logs ................................................................................................ 327

Table 120 Packet Filter Logs .............................................................................................. 328

Table 121 ICMP Logs ......................................................................................................... 328

Table 122 CDR Logs .......................................................................................................... 329

Table 123 Attack Logs ........................................................................................................ 329

Table 124 IPSec Logs ........................................................................................................ 330

List of Tables 28

P-202H Plus v2 User’s Guide

Table 125 IKE Logs ............................................................................................................330

Table 126 PKI Logs ............................................................................................................333

Table 127 Certificate Path Verification Failure Reason Codes ........................................... 334

Table 128 ACL Setting Notes ............................................................................................. 335

Table 129 ICMP Notes ....................................................................................................... 336

Table 130 RFC-2408 ISAKMP Payload Types ................................................................... 337

Table 131 Classes of IP Addresses ................................................................................... 355

Table 132 Allowed IP Address Range By Class ................................................................. 355

Table 133 “Natural” Masks ................................................................................................. 356

Table 134 Alternative Subnet Mask Notation ..................................................................... 356

Table 135 Two Subnets Example ....................................................................................... 357

Table 136 Subnet 1 ............................................................................................................357

Table 137 Subnet 2 ............................................................................................................358

Table 138 Subnet 1 ............................................................................................................358

Table 139 Subnet 2 ............................................................................................................359

Table 140 Subnet 3 ............................................................................................................359

Table 141 Subnet 4 ............................................................................................................359

Table 142 Eight Subnets .................................................................................................... 360

Table 143 Class C Subnet Planning ................................................................................... 360

Table 144 Class B Subnet Planning ................................................................................... 361

29 List of Tables

+ 345 hidden pages