ZyXEL Router Prestige 334 User Manual
Have a look at the manual ZyXEL Router Prestige 334 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 3 ZyXEL manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Prestige 334 User’s Guide Chapter 15 VPN Screens180 Figure 69 VPN: Global Setting The following table describes the labels in this screen. 15.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters from remote IPSec routers that use dynamic WAN IP addresses. 15.17.1 Telecommuters Sharing One VPN Rule Example Multiple telecommuters can use one VPN rule to simultaneously access a Prestige at headquarters. They must all use the same IPSec parameters (including the pre-shared key) but the local IP addresses (or ranges of addresses) cannot overlap. See the following table and figure for an example. Table 55 VPN: Global Setting LABELDESCRIPTION Windows Networking (NetBIOS over TCP/IP)NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to find other computers. It may sometimes be necessary to allow NetBIOS packets to pass through VPN tunnels in order to allow local computers to find computers on the remote network and vice versa. Allow Through IP/Sec TunnelSelect this check box to send NetBIOS packets through the VPN connection. ApplyClick Apply to save your changes back to the Prestige. ResetClick Reset to begin configuring this screen afresh.
Prestige 334 User’s Guide 181Chapter 15 VPN Screens Having everyone use the same pre-shared key may create a vulnerability. If the pre-shared key is compromised, all of the VPN connections using that VPN rule are at risk. A recommended alternative is to use a different VPN rule for each telecommuter and identify them by unique IDs (see the Telecommuters Using Unique VPN Rules Example section ).. Figure 70 Telecommuters Sharing One VPN Rule Example 15.17.2 Telecommuters Using Unique VPN Rules Example With aggressive negotiation mode (see section Negotiation Mode), the Prestige can use the ID types and contents to distinguish between VPN rules. Telecommuters can each use a separate VPN rule to simultaneously access a Prestige at headquarters. They can use different IPSec parameters (including the pre-shared key) and the local IP addresses (or ranges of addresses) can overlap. Table 56 Telecommuter and Headquarters Configuration Example TELECOMMUTERHEADQUARTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP)Public static IP address Secure Gateway IP Address:Public static IP address or domain name.0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel.
Prestige 334 User’s Guide Chapter 15 VPN Screens182 See the following graphic for an example where three telecommuters each use a different VPN rule to initiate a VPN connection to a Prestige located at headquarters. The Prestige at headquarters identifies each by its secure gateway address (a dynamic domain name) and uses the appropriate VPN rule to establish the VPN connection. Figure 71 Telecommuters Using Unique VPN Rules Example 15.18 VPN and Remote Management If a VPN tunnel uses a remote management service port (Telnet, FTP, WWW SNMP, DNS or ICMP) and terminates at the Prestige’s LAN or WAN port, configure remote management (REMOTE MGNT) to allow access for that service. If the VPN tunnel terminates at the Prestige’s LAN IP address, configure remote management for LAN, WA N server access or LAN & WAN. If the VPN tunnel terminates at the Prestige’s WAN IP address, configure remote management for WA N server access or LAN & WAN.
Prestige 334 User’s Guide 183Chapter 15 VPN Screens
Prestige 334 User’s Guide Chapter 16 Centralized Logs184 CHAPTER16 Centralized Logs This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 16.1 View Log The web configurator allows you to look at all of the Prestige’s logs in one location. Click the LOGS in the navigation panel to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see the Log Settings section ). Options include logs about system maintenance, system errors, access control, allowed or blocked web sites, blocked web features (such as ActiveX controls, java and cookies), attacks (such as DoS) and IPSec. Log entries in red indicate system error logs. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order.
Prestige 334 User’s Guide 185Chapter 16 Centralized Logs Figure 72 View Logs The following table describes the labels in this screen. Table 57 View Logs LABELDESCRIPTION Display The categories that you select in the Log Settings page (see section ) display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page. Time This field displays the time the log was recorded. See the chapter on system maintenance and information to configure the Prestige’s time and date. MessageThis field states the reason for the log. SourceThis field lists the source IP address and the port number of the incoming packet. Destination This field lists the destination IP address and the port number of the incoming packet. NoteThis field displays additional information about the log entry. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page (make sure that you have first filled in the Address Info fields in Log Settings, see section ). RefreshClick Refresh to renew the log screen. Clear Log Click Clear Log to delete all the logs.
Prestige 334 User’s Guide Chapter 16 Centralized Logs186 16.2 Log Settings You can configure the Prestige’s general log settings in one location. Click the LOGS in the navigation panel and then the Log Settings tab to open the Log Settings screen. Use the Log Settings screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige to send. An alert is a type of log that warrants more serious attention. They include system errors, attacks (access control) and attempted access to blocked web sites or web sites with restricted web features such as cookies, active X and so on. Some categories such as System Errors consist of both logs and alerts. You may differentiate them by their color in the View Log screen. Alerts display in red and logs display in black. Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full (see Log Schedule). Selecting many alert and/or log categories (especially Access Control) may result in many e-mails being sent
Prestige 334 User’s Guide 187Chapter 16 Centralized Logs Figure 73 Log Settings The following table describes the labels in this screen. Table 58 Log Settings LABELDESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e-mail.
Prestige 334 User’s Guide Chapter 16 Centralized Logs188 Mail SubjectType a title that you want to be in the subject line of the log e-mail message that the Prestige sends. Not all Prestige models have this field. Send Log To The Prestige sends logs to the e-mail address specified in this field. If this field is left blank, the Prestige does not send logs via e-mail. Send Alerts To Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the e-mail address where the alert messages will be sent. Alerts include system errors, attacks and attempted access to blocked web sites. If this field is left blank, alert messages will not be sent via e-mail. Syslog LoggingThe Prestige sends a log to an external syslog server. ActiveClick Active to enable syslog logging. Syslog Server IP AddressEnter the server name or IP address of the syslog server that will log the selected categories of logs. Log FacilitySelect a location from the drop down list box. The log facility allows you to log the messages to different files in the syslog server. Refer to the syslog server manual for more information. Send Log Log ScheduleThis drop-down menu is used to configure the frequency of log messages being sent as E-mail: •Daily • Weekly •Hourly • When Log is Full • None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent. If you select Weekly, then also specify which day of the week the E-mail should be sent. If you select When Log is Full, an alert is sent when the log fills up. If you select None, no log messages are sent Day for Sending LogUse the drop down list box to select which day of the week to send the logs. Time for Sending LogEnter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs. LogSelect the categories of logs that you want to record. Send Immediate Alert Select log categories for which you want the Prestige to send e-mail alerts immediately. ApplyClick Apply to save your changes. Reset Click Reset to begin configuring this screen afresh. Table 58 Log Settings LABELDESCRIPTION
Prestige 334 User’s Guide 189Chapter 16 Centralized Logs