ZyXEL Communications 2602RL-D3A User Manual

Prestige 2602RL-D3A

Support Notes

Version 3.40

Sep. 2007

Prestige 2602RL-D3A Support Notes

INDEX

APPLICATION NOTES .............................................................................................................................................................. 6

GENERAL APPLICATION NOTES .......................................................................................................................................................... 6

INTERNET CONNECTION ................................................................................................................................................................... 6

Setup the Prestige as a DHCP Relay .................................................................................................................................... 10

Configure an Internal Server Behind SUA ........................................................................................................................... 12

Configure a PPTP server Behind SUA .................................................................................................................................. 14

Using NAT / Multi-NAT ........................................................................................................................................................ 18

About Filter & Filter Examples ............................................................................................................................................ 39

Using the Dynamic DNS (DDNS) ......................................................................................................................................... 62

Network Management Using SNMP................................................................................................................................... 64

Using syslog ........................................................................................................................................................................ 70

Using IP Alias ...................................................................................................................................................................... 74

Using Call Scheduling .......................................................................................................................................................... 76

Using IP Multicast ............................................................................................................................................................... 81

Using Prestige traffic redirect ............................................................................................................................................. 83

Using Universal Plug n Play (UPnP) .................................................................................................................................... 85

PSTN LIFELINE APPLICATION NOTES ................................................................................................................................................ 91

Usage of PSTN Lifeline ........................................................................................................................................................ 91

Lifeline configuration .......................................................................................................................................................... 92

Relay to PSTN ..................................................................................................................................................................... 92

How to connect Lifeline and DSL connection ...................................................................................................................... 93

VOIP APPLICATION NOTES ............................................................................................................................................................. 94

Setup SIP Account ............................................................................................................................................................... 94

Phone port settings ............................................................................................................................................................ 97

Advanced voice settings configuration ............................................................................................................................... 99

Phone book Speed dial ..................................................................................................................................................... 102

Voice – Common Settings ................................................................................................................................................. 105

Voice - QoS setup .............................................................................................................................................................. 106

Call Forwarding setup ....................................................................................................................................................... 107

Call Hold setup .................................................................................................................................................................. 110

Call Waiting setup............................................................................................................................................................. 110

Three Way Conference setup ............................................................................................................................................ 112

Call Transfer setup ............................................................................................................................................................ 114

Internal Call ...................................................................................................................................................................... 117

Call Park / Call Pickup ....................................................................................................................................................... 117

Prestige 2602RL-D3A Support Notes

Call Return ........................................................................................................................................................................ 120

Distinctive Ringing ............................................................................................................................................................ 121

Do Not Disturb (DND) ....................................................................................................................................................... 122

Hot Line (Auto Dial) .......................................................................................................................................................... 123

Music on hold ................................................................................................................................................................... 124

MWI .................................................................................................................................................................................. 125

Early Media ....................................................................................................................................................................... 126

Country Code .................................................................................................................................................................... 127

FAQ.....................................................................................................................................................................................128

ZYNOS FAQ ............................................................................................................................................................................. 128

What is ZyNOS? ................................................................................................................................................................ 128

How do I access the embedded web configurator? .......................................................................................................... 128

What is the default LAN IP address and Password? Moreover, how do I change it? ....................................................... 128

How do I upload the ZyNOS firmware code via embeded web configurator? .................................................................. 128

How do I upgrade/backup the ZyNOS firmware by using FTP client program via LAN? .................................................. 129

How do I upload or backup ROMFILE via web configurator? ........................................................................................... 129

How do I backup/restore configurations by using FTP client program via LAN? .............................................................. 130

Why can't I make Telnet to Prestige from WAN? ............................................................................................................. 130

What should I do if I forget the system password? .......................................................................................................... 130

What is SUA? When should I use SUA? ............................................................................................................................ 130

What is the difference between NAT and SUA? ............................................................................................................... 131

How many network users can the SUA/NAT support? ..................................................................................................... 131

What are Device filters and Protocol filters? .................................................................................................................... 131

Why can't I configure device filters or protocol filters? .................................................................................................... 131

PRODUCT FAQ .......................................................................................................................................................................... 132

What is the Prestige Integrated Access Device? ............................................................................................................... 132

Will the Prestige work with my Internet connection? ...................................................................................................... 132

What do I need to use the Prestige? ................................................................................................................................. 132

What is PPPoE? ................................................................................................................................................................. 132

Does the Prestige support PPPoE? .................................................................................................................................... 133

How do I know I am using PPPoE? .................................................................................................................................... 133

Why does my provider use PPPoE? ................................................................................................................................... 133

Which Internet Applications can I use with the Prestige? ................................................................................................. 133

How can I configure the Prestige? .................................................................................................................................... 133

What network interface does the Prestige support? ........................................................................................................ 133

What can we do with Prestige? ........................................................................................................................................ 133

Prestige 2602RL-D3A Support Notes

Does Prestige support dynamic IP addressing? ................................................................................................................ 134

What is the difference between the internal IP and the real IP from my ISP? .................................................................. 134

How does e-mail work through the Prestige? .................................................................................................................. 134

Is it possible to access a server running behind SUA from the outside Internet? If possible, how? .................................. 134

What DHCP capability does the Prestige support? ........................................................................................................... 134

How do I used the reset button, more over what field of parameter will be reset by reset button? ................................ 135

What network interface does the new Prestige series support? ...................................................................................... 135

How does the Prestige support TFTP? .............................................................................................................................. 135

Can the Prestige support TFTP over WAN? ....................................................................................................................... 135

How fast can the data go? ................................................................................................................................................ 135

What is Multi-NAT? .......................................................................................................................................................... 136

When do I need Multi-NAT? .............................................................................................................................................. 136

What IP/Port mapping does Multi-NAT support? ............................................................................................................. 137

What is the difference between SUA and Multi-NAT? ...................................................................................................... 138

What is BOOTP/DHCP? ..................................................................................................................................................... 138

What is DDNS? ................................................................................................................................................................. 139

When do I need DDNS service? ......................................................................................................................................... 139

What DDNS servers does the Prestige support? ............................................................................................................... 139

What is DDNS wildcard? ................................................................................................................................................... 139

Does the Prestige support DDNS wildcard? ...................................................................................................................... 139

Can the Prestige SUA handle IPsec packets sent by the VPN gateway behind Prestige? .................................................. 140

How do I setup my Prestige for routing IPsec packets over SUA? ..................................................................................... 140

PSTN LIFELINE FAQ ................................................................................................................................................................... 140

What is P2602 and what is the difference between P2602R and P2602RL? .................................................................... 140

What does Lifeline mean? ................................................................................................................................................ 140

Do I need Lifeline? ............................................................................................................................................................ 140

Can I connect more than one phone on the phone port? ................................................................................................. 141

Can I receive incoming PSTN call through P2602RL-

Can I make an outgoing PSTN call through P2602RL –

VOIP FAQ ................................................................................................................................................................................ 141

What is Voice over IP? ...................................................................................................................................................... 141

D3A

? ................................................................................................ 141

D3A

? ............................................................................................ 141

How does Voice over IP work? .......................................................................................................................................... 141

Why use VoIP? .................................................................................................................................................................. 141

What is the relationship between codec and VoIP? ......................................................................................................... 142

What advantage does Voice over IP can provide? ........................................................................................................... 142

What is the difference between H.323 and SIP? .............................................................................................................. 142

Can H.323 and SIP interoperate with one another? ......................................................................................................... 142

Prestige 2602RL-D3A Support Notes

What is voice quality? ...................................................................................................................................................... 142

How are voice quality normally rated?............................................................................................................................. 142

What is codec? ................................................................................................................................................................. 143

What is the relation of codec and VoIP? .......................................................................................................................... 143

What codec does Prestige support? ................................................................................................................................. 143

Which codec should I choose? .......................................................................................................................................... 143

What do I need in order to use SIP? ................................................................................................................................. 143

Unable to register with the SIP server? ............................................................................................................................ 144

I can register but can not establish a call? ....................................................................................................................... 144

I can make a call but the voice only goes one way not bothway? .................................................................................... 144

I can receive a call but the voice only goes one way not bothway? ................................................................................. 144

If all the about have been tried, but register still fail what should I do? .......................................................................... 145

I suspect there is a hardware problem with my Prestige what should I do? .................................................................... 145

FIREWALL FAQ .......................................................................................................................................................................... 145

What is a network firewall? ............................................................................................................................................. 145

What makes Prestige firewall secure? ............................................................................................................................. 145

What are the basic types of firewalls? ............................................................................................................................. 146

What kind of firewall is the Prestige? ............................................................................................................................... 146

Why do you need a firewall when your router has packet filtering and NAT built-in? ..................................................... 147

What is Denials of Service (DoS)attack? ........................................................................................................................... 147

What is Ping of Death attack? .......................................................................................................................................... 147

What is Teardrop attack? ................................................................................................................................................. 147

What is SYN Flood attack? ................................................................................................................................................ 147

What is LAND attack? ....................................................................................................................................................... 148

What is Brute-force attack? ............................................................................................................................................. 148

What is IP Spoofing attack?.............................................................................................................................................. 148

What are the default ACL firewall rules in Prestige? ........................................................................................................ 148

How can I protect against IP spoofing attacks? ............................................................................................................... 149

CONTENT FILTER FAQ ................................................................................................................................................................. 150

TROUBLE SHOOTING...........................................................................................................................................................150

USING EMBEDDED PACKET TRACE ................................................................................................................................................. 150

DEBUG PPPOE CONNECTION ....................................................................................................................................................... 165

CLI COMMAND LIST ............................................................................................................................................................ 176

Prestige 2602RL-D3A Support Notes

Application Notes

General Application Notes

Internet Connection

A typical Internet access application of the Prestige is shown below. For a small office, there are some

components needs to be checked before accessing the Internet.

 Before you begin  Setting up the Windows  Setting up the Prestige router  Troubleshooting

 Before you begin

The Prestige is shipped with the following factory default:

1. IP address = 192.168.1.1, subnet mask = 255.255.255.0 (24 bits)

2. DHCP server enabled with IP pool starting from 192.168.1.33

3. Default SMT menu password = 1234

 Setting up the PC (Windows OS)

1. Ethernet connection

Prestige 2602RL-D3A Support Notes

All PCs must have an Ethernet adapter card installed.

 If you only have one PC, connect the PC's Ethernet adapter to the Prestige's LAN port with a

crossover (red one) Ethernet cable.

 If you have more than one PC, both the PC's Ethernet adapters and the Prestige's LAN port must

be connected to an external hub with straight Ethernet cable.

2. TCP/IP Installation

You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already

installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:

 In the Control Panel/Network window, click Add button.  In the Select Network Component Type windows, select Protocol and click Add.  In the Select Network Protocol windows, select Microsoft from the manufacturers, then select

TCP/IP from the Network Protocols and click OK.

3. TCP/IP Configuration

Follow these steps to configure Windows TCP/IP:

 In the Control Panel/Network window, click the TCP/IP entry to select it and click Properties

button.

 In the TCP/IP Properties window, select obtain an IP address automatically.

Note: Do not assign arbitrary IP address and subnet mask to your PCs, otherwise, you will not be able to access

the Internet.

 Click the WINS configuration tab and select Disable WINS Resolution.  Click the Gateway tab. Highlight any installed gateways and click the Remove button until there

are none listed.

 Click the DNS Configuration tab and select Disable DNS.  Click OK to save and close the TCP/IP properties window  Click OK to close the Network window. You will be prompted to insert your Windows CD or disk.

When the drivers are updated, you will be asked if you want to restart the PC. Make sure your Prestige is powered on before answering Yes to the prompt. Repeat the above steps for each Windows PC on your network.

 Setting up the Prestige router

Prestige 2602RL-D3A Support Notes

The following procedure is for the most typical usage of the Prestige where you have a single-user account

(SUA). The Prestige supports embedded web server that allows you to use Web browser to configure it. Before

configuring the router using Browser please be sure there is no Telnet or Console login.

1. Retrieve Prestige Web

Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the

Prestige. The default LAN IP of the Prestige is 192.168.1.1. See the example below. Note that you can either

use http://192.168.1.1

2. Login first

The default password is the default SMT password, '1234'.

3. Configure Prestige for Internet access by using WIZARD SETUP

Prestige 2602RL-D3A Support Notes

The Web screen shown below takes PPPoE as the example.

Prestige 2602RL-D3A Support Notes

Setup the Prestige as a DHCP Relay

 What is DHCP Relay?

DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2602

supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the

Prestige 2602RL-D3A Support Notes

Menu 3.2 - TCP/IP and DHCP Setup

DHCP Setup

DHCP= Relay

Client IP Pool Starting Address= N/A

Size of Client IP Pool= N/A

Primary DNS Server= N/A

Secondary DNS Server= N/A

Remote DHCP Server= 192.168.1.2

TCP/IP Setup:

IP Address= 192.168.1.1

IP Subnet Mask= 255.255.255.0

RIP Direction= None

Version= N/A

Multicast= None

IP Policies=

LAN clients. When it is configured as DHCP relay, it is reponsable for forwarding the requests and responses

negotiating between the DHCP clients and the server. See figure 1.

 Setup the Prestige as a DHCP Client

1. Toggle the DHCP to Relay in menu 3.2 and enter the IP address of the DHCP server in the 'Relay Server

Address' field.

Prestige 2602RL-D3A Support Notes

Edit IP Alias= No

Press ENTER to Confirm or ESC to Cancel:

Configure an Internal Server Behind SUA

 Introduction

If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even

though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the

port number. Also, since you need to specify the IP address of a server in the Prestige, a server must have a

fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered on.

In addition to the servers for specific services, SUA supports a default server. A service request that does not

have a server explicitly designated for it is forwarded to the default server. If the default server is not defined,

the service request is simply discarded.

 Configuration

Prestige 2602RL-D3A Support Notes

Menu 15.2 - NAT Server Setup

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

2. 80 80 192.168.1.10

3. 0 0 0.0.0.0

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

Service

Port Number

FTP

Telnet

SMTP

To make a server visible to the outside world, specify the port number of the service and the inside address of

the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using

the Prestige's

 For example (Configuring an internal Web server for outside access) :

WAN IP

address which can be obtained from menu 24.1.

 Port numbers for some services

Prestige 2602RL-D3A Support Notes

DNS (Domain Name Server)

www-http (Web)

Configure a PPTP server Behind SUA

 Introduction

PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within

Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.

In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server

such as the Windows NT Server 4.0 Remote Access Server.

Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure,optimized

multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be

encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run

correctly. Windows NT Domain Login level security is preserved even across the Internet.

PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a

connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system.

Window98 PPTP Client / Internet / NT RAS Server Protocol Stack

Prestige 2602RL-D3A Support Notes

Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This

second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first

dial-up adapter that provides PPP support for the analog or ISDN modem.

The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by

the Dial-Up Networking 1.2 upgrade.

 Configuration

This application note explains how to establish a PPTP connection with a remote private network in the Prestige

SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind

SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for Prestige to forward to the

appropriate private IP address of Windows NT server.

 Example

The following example shows how to dial to an ISP via the Prestige and then establish a tunnel to a private

network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT),

PPTP client (Win9x) and the Prestige.

o PPTP server setup (WinNT)

 Add the VPN service from Control Panel>Network  Add an user account for PPTP logged on user  Enable RAS port  Select the network protocols from RAS such as IPX, TCP/IP NetBEUI  Set the Internet gateway to Prestige

Prestige 2602RL-D3A Support Notes

Menu 15.2 - NAT Server Setup (Used for SUA Only)

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

2. 1723 1723 192.168.1.10

3. 0 0 0.0.0.0

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

o PPTP client setup (Win9x)

 Add one VPN connection from Dial-Up Networking by entering the correct

username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server.

 Set the Internet gateway to the router that is connecting to ISP

o Prestige router setup

 Before making a VPN connection from Win9x to WinNT server, you need to connect Prestige

router to your ISP first.

 Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown

below.

When you have finished the above settings, you can ping to the remote Win9x client from

WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the

Prestige 2602RL-D3A Support Notes

Internet. If the Internet connection between two LANs is achieve, you can place a VPN call from the

remote Win9x client.

For example:

C:\ping 203.66.113.2

When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic

through that connection. Therefore, the output below shows the default gateway of the Win9x client

after the dial-up connection has been established.

Before making a VPN connection from the Win9x client to the NT server, you need to know the exact

Internet IP address that the ISP assigns to Prestige router in SUA mode and enter this IP address in the

VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or SMT Menu

24.1. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can

always use this IP address for reaching the VPN server.

In the following example, the IP address '140.113.1.225' is dynamically assigned by ISP. You must

enter this IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is

established, you can start the network protocol application such as IP, IPX and NetBEUI.

Prestige 2602RL-D3A Support Notes

Using NAT / Multi-NAT

 What is Multi-NAT?

NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used

within one network to a different IP address known within another network. One network is designated the

inside

network and the other is the

or more global outside IP addresses and "unmaps" the global IP addresses on incoming packets back into local

IP addresses. The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP. In addition,

outside

. Typically, a company maps its local inside network addresses to one

you can designate servers, e.g., a web server and a telnet server, on your local network and make them

accessible to the outside world. If you do not define any servers, NAT offers the additional benefit of firewall

protection. In such case, all incoming connections to your network will be filtered out by the Prestige, thus

preventing intruders from probing your network.

The SUA feature that the Prestige supports previously operates by mapping the private IP addresses to a global

IP address. It is only one subset of the NAT. The Prestige with ZyNOS V3.40 supports the most of the features

of the NAT based on RFC 1631, and we call this feature as 'Multi-NAT'. For more information on IP address

translation, please refer to RFC 1631,

 How NAT works

The IP Network Address Translator (NAT)

If we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the

Inside Global Address (IGA), see the following figure. The term 'inside' refers to the set of networks that are

subject to translation. NAT operates by mapping the ILA to the IGA required for communication with hosts on

other networks. It replaces the original IP source address (and TCP or UDP source port numbers) and then

forwards each packet to the Internet ISP, thus making them appear as if they had come from the NAT system

itself (e.g., the Prestige router). The Prestige keeps track of the original addresses and port numbers so incoming

reply packets can have their original values restored.

Prestige 2602RL-D3A Support Notes

1. NAT Mapping Types

NAT supports five types of IP/port mapping. They are:

2. One to One

In One-to-One mode, the Prestige maps one ILA to one IGA.

3. Many to One

In Many-to-One mode, the Prestige maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port

address translation), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA

only option in today's routers).

4. Many to Many Overload

In Many-to-Many Overload mode, the Prestige maps the multiple ILA to shared IGA.

5. Many to Many No Overload

In Many-to-Many No Overload mode, the Prestige maps each ILA to unique IGA.

 Server

In Server mode, the Prestige maps multiple inside servers to one global IP address. This allows us to specify

multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to

one unique IGA please use the One-to-One mode.

Prestige 2602RL-D3A Support Notes

NAT Type

IP Mapping

Mapping Direction

One-to-One

ILA1<--->IGA1

Both

Many-to-One (SUA/PAT)

ILA1---->IGA1 ILA2---->IGA1 ...

Outgoing

Many-to-Many Overload

ILA1---->IGA1 ILA2---->IGA2 ILA3---->IGA1 ILA4---->IGA2 ...

Outgoing

Many-to-Many No Overload

(Allocate by Connections)

ILA1---->IGA1 ILA2---->IGA3 ILA3---->IGA2 ILA4---->IGA4 ...

Outgoing

Server

Server 1 IP<----IGA1 Server 2 IP<----IGA1

Incoming

The following table summarizes these types.

 SUA Versus NAT

SUA (Single User Account) in previous ZyNOS versions is a NAT set with 2 rules, Many-to-One and Server.

The Prestige now has Full Feature NAT support to map global IP addresses to local IP addresses of clients or

servers. With multiple global IP addresses, multiple severs of the same type (e.g., FTP servers) are allowed on

the LAN for outside access. In previous ZyNOS versions (that supported SUA 'visible' servers had to be of

different types. The Prestige supports NAT sets on a remote node basis. They are reusable, but only one set is

allowed for each remote node. The Prestige 2602RL supports 8 sets since there are 8 remote node. The default

SUA (Read Only) Set in menu 15.1 is a convenient, pre-configured, read only, Many-to-One mapping set,

sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions.

 SMT Menus

1. Applying NAT in the SMT Menus

Prestige 2602RL-D3A Support Notes

Menu 4 - Internet Access Setup

ISP's Name= MyISP

Encapsulation= PPPoE

Multiplexing= LLC-based

VPI #= 0

VCI #= 33

ATM QoS Type= UBR

Peak Cell Rate (PCR)= 0

Sustain Cell Rate (SCR)= 0

Maximum Burst Size (MBS)= 0

My Login= cso@zyxel

My Password= ********

Idle Timeout (sec)= 0

IP Address Assignment= Dynamic

IP Address= N/A

Network Address Translation= Full Feature

Address Mapping Set= 1

Press ENTER to Confirm or ESC to Cancel:

Field

Options

Description

Network Address Translation

Full Feature

When you select this option the SMT will use Address Mapping Set 1 (Menu 15.1-see later for further discussion).

None

NAT is disabled when you select this option.

SUA Only

When you select this option the SMT will use Address Mapping Set 255 (Menu 15.1-see later for further discussion). This option use basically Many-to-One

You apply NAT via menus 4 and 11.3 as displayed next. The next figure how you apply NAT for Internet

access in menu 4. Enter 4 from the Main Menu to go to Menu 4-Internet Access Setup.

The following table describes the options for Network Address Translation.

Prestige 2602RL-D3A Support Notes

Overload mapping. Select Full Feature when you require other mapping types. It is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions. Note that there is also a Server type whose IGA is 0.0.0.0 in this set.

Menu 15 - NAT Setup

1. Address Mapping Sets

2. NAT Server Sets

Table: Applying NAT in Menu 4 and Menu 11.3

2. Configuring NAT

To configure NAT, enter 15 from the Main Menu to bring up the following screen.

3. Address Mapping Sets and NAT Server Sets

Use the Address Mapping Sets menus and submenus to create the mapping table used to assign global addresses

to LAN clients. Each remote node must specify which NAT Address Mapping Set to use. The P2602RL has 8

remote nodes and so allows you to configure 8 NAT Address Mapping Set. You can see nine NAT Address

Mapping sets in Menu 15.1. You can only configure from Set 1 to Set 8. Set 255 is used for SUA. When you

select Full Feature in menu 4 or 11.3. When you select SUA Only, the SMT will use Set 15.2.

The NAT Server Set is a list of LAN side servers mapped to external ports. To use this set (one set for the

Prestige), a server rule must be set up inside the NAT Address Mapping set. Please see NAT Server Sets for

further information on these menus.

Enter 1 to bring up Menu 15.1-Address Mapping Sets

Prestige 2602RL-D3A Support Notes

Menu 15.1 - Address Mapping Sets

255. SUA (read only)

Enter Set Number to Edit:

Menu 15.1.1 - Address Mapping Rules

Set Name= SUA

Idx Local Start IP Local End IP Global Start IP Global End IP Type

--- --------------- --------------- --------------- --------------- ------

1. 0.0.0.0 255.255.255.255 0.0.0.0 M-1

2. 0.0.0.0 Server

10.

Press ENTER to Confirm or ESC to Cancel:

Let's first look at Option 255. Option 255 is equivalent to SUA in previous ZyXEL routers. The fields in this

menu cannot be changed. Entering 255 brings up this screen.

Prestige 2602RL-D3A Support Notes

Field

Description

Option/Example

Set Name

This is the name of the set you selected in Menu 15.1 or enter the name of a new set you want to create.

SUA Idx

This is the index or rule number.

Local Start IP

This is the starting local IP address (ILA).

0.0.0.0 for the Many-to-One type.

Local End IP

This is the starting local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is

255.255.255.255.

255.255.255.255

Global Start IP

This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP.

0.0.0.0 Global End IP

This is the ending global IP address (IGA).

N/A

Type

This is the NAT mapping types.

Many-to-One and Server

Menu 15.1.1 - Address Mapping Rules

Set Name= ?

Idx Local Start IP Local End IP Global Start IP Global End IP Type

--- --------------- --------------- --------------- --------------- ------

The following table explains the fields in this screen. Please note that the fields in this menu are read-only.

Please note that the fields in this menu are read-only. However, the settings of the server set 1 can be modified

in menu 15.1.1.

Now let's look at Option 1 in Menu 15.1.1 Enter 1 to bring up this menu.

Prestige 2602RL-D3A Support Notes

10.

Action= Edit , Select Rule= 0

Press ENTER to Confirm or ESC to Cancel:

Field

Description

Option

Set Name

Enter a name for this set of rules. This is a required field. Please note

that if this field is left blank, the entire set will be deleted.

Rule1

Action

They are 4 actions. The default is Edit. Edit means you want to edit a selected rule (see following field). Insert Before means to insert a new rule before the rule selected. The rule after the selected rule will then be moved down by one rule. Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule. Save Set means to save the whole set (note when you choose this action the Select Rule item will be disabled).

Edit Insert Before Delete Save Set

Select Rule

When you choose Edit, Insert Before or Save Set in the previous field the cursor jumps to this field to allow you to select the rule to apply the action in question.

Menu 15.1.1.1 - - Rule 1

Type: One-to-One

We will just look at the differences from the previous menu. Note that, this screen is not read only, so we have

extra Action and Select Rule fields. Not also that the [?] in the Set Name field means that this is a required field

and you must enter a name for the set. The description of the other fields is as described above. The Type,

Local and Global Start/End IPs are configured in Menu 15.1.1 (described later) and the values are displayed

here.

Note: Save Set in the Action field means to save the whole set. You must do this if you make any changes to

the set-including deleting a rule. No changes to the set take place until this action is taken. Be careful when

ordering your rules as each rule is executed in turn beginning from the first rule.

Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu

15.1.1.1-Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and

Global Start/End IPs displayed in Menu 15.1.1.

Prestige 2602RL-D3A Support Notes

Local IP:

Start= 0.0.0.0

End = N/A

Global IP:

Start= 0.0.0.0

End = N/A

Press ENTER to Confirm or ESC to Cancel:

Field

Description

Option/Example

Type

Press [SPACEBAR] to toggle through a total of 5 types. These are the mapping types discussed above plus a server type. Some examples follow to clarify these a little more.

One-to-One Many-to-One Many-to-Many Overload Many-to-Many No Overload Server

Local IP

Start

This is the starting local IP address (ILA)

0.0.0.0

End

This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End IP as

255.255.255.255. This field is N/A for One-to-One type.

255.255.255.255

Global IP

Start

This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP.

0.0.0.0

End

This is the ending global IP address (IGA). This field is N/A for One-to-One, Many-to-One and Server types.

200.1.1.64

The following table describes the fields in this screen.

Note: For all Local and Global IPs, the End IP address must begin after the IP Start address, i.e., you cannot

have an End IP address beginning before the Start IP address.

 NAT Server Sets

Prestige 2602RL-D3A Support Notes

Menu 15.2 - NAT Server Setup (Used for SUA Only)

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

The NAT Server Set is a list of LAN side servers mapped to external ports (similar to the old SUA menu of

before). If you wish, you can make inside servers for different services, e.g., Web or FTP, visible to the outside

users, even though NAT makes your network appears as a single machine to the outside world. A server is

identified by the port number, e.g., Web service is on port 80 and FTP on port 21.

As an example (see the following figure), if you have a Web server at 192.168.1.36 and a FTP server at

192.168.1.33, then you need to specify for port 80 (Web) the server at IP address 192.168.1.36 and for port 21

(FTP) another at IP address 192.168.1.33.

Please note that a server can support more than one service, e.g., a server can provide both FTP and Mail

service, while another provides only Web service.

The following procedures show how to configure a server behind NAT.

Step 1. Enter 15 in the Main Menu to go to Menu 15-NAT Setup.

Step 2. Enter 2 to go to Menu 15.2.1-NAT Server Setup.

Step 3. Enter the service port number in the Port# field and the inside IP address of the server in the IP Address

field.

Step 4. Press [SPACEBAR] at the 'Press ENTER to confirm...' prompt to save your configuration after you

define all the servers or press ESC at any time to cancel.

Prestige 2602RL-D3A Support Notes

2. 21 21 192.168.1.33

3. 80 80 192.168.1.36

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

Service

Port Number

FTP

Telnet

SMTP

DNS (Domain Name Server)

www-http (Web)

PPTP (Point-to-Point Tunneling Protocol)

1723

The most often used port numbers are shown in the following table. Please refer RFC 1700 for further

information about port numbers.

1. Internet Access Only

In our Internet Access example, we only need one rule where all our ILAs map to one IGA assigned by the ISP.

See the following figure.

Prestige 2602RL-D3A Support Notes

Menu 4 - Internet Access Setup

ISP's Name= MyISP

Encapsulation= PPPoE

Multiplexing= LLC-based

VPI #= 0

VCI #= 33

ATM QoS Type= UBR

Peak Cell Rate (PCR)= 0

Sustain Cell Rate (SCR)= 0

Maximum Burst Size (MBS)= 0

My Login= cso@zyxel

My Password= ********

Idle Timeout (sec)= 0

IP Address Assignment= Dynamic

IP Address= N/A

Network Address Translation= SUA Only

Address Mapping Set= 1

Press ENTER to Confirm or ESC to Cancel:

Prestige 2602RL-D3A Support Notes

Menu 15.2 - NAT Server Setup (Used for SUA Only)

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

2. 21 21 192.168.1.33

3. 0 0 0.0.0.0

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

From Menu 4 shown above simply choose the SUA Only option from the NAT field. This is the Many-to-One

mapping discussed earlier. The SUA read only option from the NAT field in menu 4 and 11.3 is specifically

pre-configured to handle this case.

2. Internet Access with an Internal Server

In this case, we do exactly as above (use the convenient pre-configured SUA Only set) and also go to Menu

15.2-NAT Server Setup (Used for SUA Only) to specify the Internet Server behind the NAT as shown in the

NAT as shown below.

+ 146 hidden pages