Home > ZyXEL > Router > ZyXEL Router Prestige 334 User Manual

ZyXEL Router Prestige 334 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual ZyXEL Router Prestige 334 User Manual. The ZyXEL manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 171

    Page 171 Prestige 334 User’s Guide Chapter 15 VPN Screens170 Figure 66 VPN IKE: Advanced 
    Prestige 334 User’s Guide
Chapter 15 VPN Screens170
Figure 66   VPN IKE: Advanced

    Page 172

    Page 172 Prestige 334 User’s Guide 171Chapter 15 VPN Screens The following table describes the labels in this screen. Table 52 VPN IKE: Advanced LABELDESCRIPTION Active Select this check box to activate this VPN policy. Keep AliveSelect this check box to turn on the Keep Alive feature for this SA. Turn on Keep Alive to have the Prestige automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this... 
    Prestige 334 User’s Guide
171Chapter 15 VPN Screens
The following table describes the labels in this screen.
Table 52   VPN IKE: Advanced
LABELDESCRIPTION
Active Select this check box to activate this VPN policy.
Keep AliveSelect this check box to turn on the Keep Alive feature for this SA. 
Turn on Keep Alive to have the Prestige automatically reinitiate the SA after 
the SA lifetime times out, even if there is no traffic. The remote IPSec router 
must also have keep alive enabled in order for this...

    Page 173

    Page 173 Prestige 334 User’s Guide Chapter 15 VPN Screens172 Remote Address End/ MaskWhen the remote IP address is a single address, type it a second time here. When the remote IP address is a range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router. When the remote IP address is a subnet address, enter a subnet mask on the network behind the remote IPSec router. Remote Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535.... 
    Prestige 334 User’s Guide
Chapter 15 VPN Screens172
Remote Address End/
MaskWhen the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a 
range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the 
network behind the remote IPSec router.
Remote Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535....

    Page 174

    Page 174 Prestige 334 User’s Guide 173Chapter 15 VPN Screens Peer ContentThe configuration of the peer content depends on the peer ID type. •For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the Prestige will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description). •For DNS or E-mail, type a domain name or e-mail address by which to identify the remote IPSec... 
    Prestige 334 User’s Guide
173Chapter 15 VPN Screens
Peer ContentThe configuration of the peer content depends on the peer ID type.
•For IP, type the IP address of the computer with which you will make the 
VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the 
Prestige will use the address in the Secure Gateway Address field (refer 
to the Secure Gateway Address field description).
•For DNS or E-mail, type a domain name or e-mail address by which to 
identify the remote IPSec...

    Page 175

    Page 175 Prestige 334 User’s Guide Chapter 15 VPN Screens174 15.13 Manual Key Setup Manual key management is useful if you have problems with IKE key management. IPSec Protocol Select ESP or AH from the drop-down list box. The Prestiges IPSec Protocol should be identical to the secure remote gateway. The ESP (Encapsulation Security Payload) protocol (RFC 2406) provides encryption as well as the authentication offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and... 
    Prestige 334 User’s Guide
Chapter 15 VPN Screens174
15.13  Manual Key Setup
Manual key management is useful if you have problems with IKE key management.
IPSec Protocol Select ESP or AH from the drop-down list box. The Prestiges IPSec Protocol 
should be identical to the secure remote gateway. The ESP (Encapsulation 
Security Payload) protocol (RFC 2406) provides encryption as well as the 
authentication offered by AH. If you select ESP here, you must select options 
from the Encryption Algorithm and...

    Page 176

    Page 176 Prestige 334 User’s Guide 175Chapter 15 VPN Screens 15.13.1 Security Parameter Index (SPI) An SPI is used to distinguish different SAs terminating at the same destination and using the same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The SPI (Security Parameter Index) along with a destination IP address uniquely identify a particular Security Association (SA). The SPI is transmitted from the remote VPN gateway to the local VPN gateway. The local VPN gateway then... 
    Prestige 334 User’s Guide
175Chapter 15 VPN Screens
15.13.1  Security Parameter Index (SPI)
An SPI is used to distinguish different SAs terminating at the same destination and using the 
same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The 
SPI (Security Parameter Index) along with a destination IP address uniquely identify a 
particular Security Association (SA). The SPI is transmitted from the remote VPN gateway to 
the local VPN gateway. The local VPN gateway then...

    Page 177

    Page 177 Prestige 334 User’s Guide Chapter 15 VPN Screens176 Figure 67 Setup: Manual The following table describes the labels in this screen. Table 53 Rule Setup: Manual LABELDESCRIPTION Active Select this check box to activate this VPN policy. IPSec Keying ModeSelect IKE or Manual from the drop-down list box. Manual is a useful option for troubleshooting if you have problems using IKE key management. Protocol NumberEnter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.... 
    Prestige 334 User’s Guide
Chapter 15 VPN Screens176
Figure 67   Setup: Manual
The following table describes the labels in this screen.
Table 53   Rule Setup: Manual
LABELDESCRIPTION
Active Select this check box to activate this VPN policy.
IPSec Keying ModeSelect IKE or Manual from the drop-down list box. Manual is a useful option 
for troubleshooting if you have problems using IKE key management. 
Protocol NumberEnter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any 
protocol....

    Page 178

    Page 178 Prestige 334 User’s Guide 177Chapter 15 VPN Screens Local Port EndType a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Local Port Start is left at 0, Local Port End will also remain at 0. Remote Address StartRemote IP addresses must be static and correspond to the remote IPSec routers configured local IP addresses. The remote address fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0.... 
    Prestige 334 User’s Guide
177Chapter 15 VPN Screens
Local Port EndType a port number in this field to define a port range. This port number must 
be greater than that specified in the previous field. If Local Port Start is left at 
0, Local Port End will also remain at 0.
Remote Address StartRemote IP addresses must be static and correspond to the remote IPSec 
routers configured local IP addresses. The remote address fields do not 
apply when the Secure Gateway IP Address field is configured to 0.0.0.0....

    Page 179

    Page 179 Prestige 334 User’s Guide Chapter 15 VPN Screens178 15.15 Viewing SA Monitor In the web configurator, click VPN and the SA Monitor tab. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the labels in this tab. Encryption AlgorithmSelect DES or 3DES... 
    Prestige 334 User’s Guide
Chapter 15 VPN Screens178
15.15  Viewing SA Monitor
In the web configurator, click VPN and the SA Monitor tab. Use this screen to display and 
manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel. 
This screen displays active VPN connections. Use Refresh to display active VPN 
connections. This screen is read-only. The following table describes the labels in this tab.
Encryption AlgorithmSelect DES or 3DES...

    Page 180

    Page 180 Prestige 334 User’s Guide 179Chapter 15 VPN Screens Figure 68 SA Monitor The following table describes the labels in this screen. 15.16 Configuring Global Setting To change your Prestige’s Global Settings, click VPN, then the Global Setting tab. The screen appears as shown. Table 54 SA Monitor LABELDESCRIPTION #This is the security association index number. NameThis field displays the identification name for this VPN policy. EncapsulationThis field displays Tunnel or Transport mode. IPSec... 
    Prestige 334 User’s Guide
179Chapter 15 VPN Screens
Figure 68   SA Monitor
The following table describes the labels in this screen.
15.16  Configuring Global Setting
To change your Prestige’s Global Settings, click VPN, then the Global Setting tab. The 
screen appears as shown.
Table 54   SA Monitor 
LABELDESCRIPTION
#This is the security association index number. 
NameThis field displays the identification name for this VPN policy.
EncapsulationThis field displays Tunnel or Transport mode. 
IPSec...
    Start reading ZyXEL Router Prestige 334 User Manual

    Related Manuals for ZyXEL Router Prestige 334 User Manual

    All ZyXEL manuals