Home > ZyXEL > Router > ZyXEL Router Prestige 334 User Manual

ZyXEL Router Prestige 334 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual ZyXEL Router Prestige 334 User Manual. The ZyXEL manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 151

    Page 151 Prestige 334 User’s Guide Chapter 14 Introduction to IPSec 150 CHAPTER14 Introduction to IPSec This chapter introduces the basics of IPSec VPNs 14.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP... 
    Prestige 334 User’s Guide
Chapter 14 Introduction to IPSec 150
CHAPTER14
Introduction to IPSec
This chapter introduces the basics of IPSec VPNs
14.1  VPN Overview
A VPN (Virtual Private Network) provides secure communications between sites without the 
expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, 
authentication, access control and auditing technologies/services used to transport traffic over 
the Internet or any insecure network that uses the TCP/IP...

    Page 152

    Page 152 Prestige 334 User’s Guide 151 Chapter 14 Introduction to IPSec Figure 56 Encryption and Decryption 14.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 14.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission. 14.1.3.4 Data Origin Authentication The IPSec receiver can verify the source of IPSec packets. This service depends on the data... 
    Prestige 334 User’s Guide
151 Chapter 14 Introduction to IPSec
Figure 56   Encryption and Decryption
14.1.3.2  Data Confidentiality
The IPSec sender can encrypt packets before transmitting them across a network. 
14.1.3.3  Data Integrity
The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not 
been altered during transmission. 
14.1.3.4  Data Origin Authentication
The IPSec receiver can verify the source of IPSec packets. This service depends on the data...

    Page 153

    Page 153 Prestige 334 User’s Guide Chapter 14 Introduction to IPSec 152 Figure 57 IPSec Architecture 14.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms. The Authentication... 
    Prestige 334 User’s Guide
Chapter 14 Introduction to IPSec 152
Figure 57   IPSec Architecture
14.2.1  IPSec Algorithms
The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication 
Header) protocol (RFC 2402) describe the packet formats and the default standards for packet 
structure (including implementation algorithms).
The Encryption Algorithm describes the use of encryption techniques such as DES (Data 
Encryption Standard) and Triple DES algorithms.
The Authentication...

    Page 154

    Page 154 Prestige 334 User’s Guide 153 Chapter 14 Introduction to IPSec Figure 58 Transport and Tunnel Mode IPSec Encapsulation 14.3.1 Transport Mode Tr a n s p o r t mode is used to protect upper layer protocols and only affects the data in the IP packet. In Tr a n s p o r t mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP). With ESP, protection is applied only... 
    Prestige 334 User’s Guide
153 Chapter 14 Introduction to IPSec
Figure 58   Transport and Tunnel Mode IPSec Encapsulation
14.3.1  Transport Mode
Tr a n s p o r t mode is used to protect upper layer protocols and only affects the data in the IP 
packet. In Tr a n s p o r t mode, the IP packet contains the security protocol (AH or ESP) located 
after the original IP header and options, but before any upper layer protocols contained in the 
packet (such as TCP and UDP). 
With ESP, protection is applied only...

    Page 155

    Page 155 Prestige 334 User’s Guide Chapter 14 Introduction to IPSec 154 NAT is incompatible with the AH protocol in both Tr a n s p o r t and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN... 
    Prestige 334 User’s Guide
Chapter 14 Introduction to IPSec 154
NAT is incompatible with the AH protocol in both Tr a n s p o r t  and Tunnel mode. An IPSec 
VPN using the AH protocol digitally signs the outbound packet, both data payload and 
headers, with a hash value appended to the packet. When using AH protocol, packet contents 
(the data payload) are not encrypted.
A NAT device in between the IPSec endpoints will rewrite either the source or destination 
address with one of its own choosing. The VPN...

    Page 156

    Page 156 Prestige 334 User’s Guide 155 Chapter 14 Introduction to IPSec 
    Prestige 334 User’s Guide
155 Chapter 14 Introduction to IPSec

    Page 157

    Page 157 Prestige 334 User’s Guide Chapter 15 VPN Screens156 CHAPTER15 VPN Screens This chapter introduces the VPN Web Configurator. See the Logs chapter for information on viewing logs and the Appendices for IPSec log descriptions. 15.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 15.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN. An SA is... 
    Prestige 334 User’s Guide
Chapter 15 VPN Screens156
CHAPTER15
  VPN Screens
This chapter introduces the VPN Web Configurator. See the Logs chapter for information on 
viewing logs and the Appendices for IPSec log descriptions.
15.1  VPN/IPSec Overview
Use the screens documented in this chapter to configure rules for VPN connections and 
manage VPN connections.
15.2  IPSec Algorithms
The ESP and AH protocols are necessary to create a Security Association (SA), the 
foundation of an IPSec VPN. An SA is...

    Page 158

    Page 158 Prestige 334 User’s Guide 157Chapter 15 VPN Screens An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted. 15.3 My IP Address My IP Address is the WAN IP address of the Prestige. If this field is configured as 0.0.0.0, then the Prestige will use the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel. The Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup.... 
    Prestige 334 User’s Guide
157Chapter 15 VPN Screens
An added feature of the ESP is payload padding, which further protects communications by 
concealing the size of the packet being transmitted.
15.3  My IP Address
My IP Address is the WAN IP address of the Prestige. If this field is configured as 0.0.0.0, 
then the Prestige will use the current Prestige WAN IP address (static or dynamic) to set up the 
VPN tunnel. The Prestige has to rebuild the VPN tunnel if the My IP Address changes after 
setup....

    Page 159

    Page 159 Prestige 334 User’s Guide Chapter 15 VPN Screens158 15.4.1 Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as the secure gateway’s address. In this case only the remote secure gateway can initiate SAs. This may be useful for telecommuters initiating a VPN tunnel to the company network. 15.5 Summary Screen The following figure helps explain the main fields in the web configurator. Figure 59 IPSec Summary Fields Local and... 
    Prestige 334 User’s Guide
Chapter 15 VPN Screens158
15.4.1  Dynamic Secure Gateway Address
If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 
0.0.0.0 as the secure gateway’s address. In this case only the remote secure gateway can 
initiate SAs. This may be useful for telecommuters initiating a VPN tunnel to the company 
network.
15.5  Summary Screen
The following figure helps explain the main fields in the web configurator.
Figure 59   IPSec Summary Fields
Local and...

    Page 160

    Page 160 Prestige 334 User’s Guide 159Chapter 15 VPN Screens Figure 60 VPN: Summary The following table describes the labels in this screen. Table 47 VPN: Summary LABELDESCRIPTION #The VPN policy index number. ActiveThis field displays whether the VPN policy is active or not. A Y signifies that this VPN policy is active. N signifies that this VPN policy is not active. Local Addr.This is the IP address of the computer on your local network behind your Prestige. Remote Addr.This is the IP address(es) of... 
    Prestige 334 User’s Guide
159Chapter 15 VPN Screens
Figure 60   VPN: Summary
The following table describes the labels in this screen.
Table 47   VPN: Summary
LABELDESCRIPTION
#The VPN policy index number.
ActiveThis field displays whether the VPN policy is active or not. A Y signifies that this 
VPN policy is active. N signifies that this VPN policy is not active.
Local Addr.This is the IP address of the computer on your local network behind your Prestige. 
Remote Addr.This is the IP address(es) of...
    Start reading ZyXEL Router Prestige 334 User Manual

    Related Manuals for ZyXEL Router Prestige 334 User Manual

    All ZyXEL manuals