ZyXEL Router Prestige 334 User Manual

							Prestige 334 User’s Guide
Chapter 33 Call Scheduling310
CHAPTER33
Call Scheduling
Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate 
when a remote node should be called and for how long.
33.1  Introduction to Call Scheduling
The call scheduling feature allows the Prestige to manage a remote node and dictate when a 
remote node should be called and for how long. This feature is similar to the scheduler in a 
videocassette recorder (you can specify a time period for the VCR to record). You can apply 
up to 4 schedule sets in Menu 11.1 — Remote Node Profile.  From the main menu, enter 26 
to access Menu 26 — Schedule Setup as shown next. 
Figure 173   Menu 26 Schedule Setup
Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling 
conflicts. For example, if sets 1, 2 ,3 and 4 in are applied in the remote node then set 1 will 
take precedence over set 2, 3 and 4 as the Prestige, by default, applies the lowest numbered set 
first.  Set 2 will take precedence over set 3 and 4, and so on.
Menu 26 - Schedule Setup
Schedule                        Schedule
  Set #       Name                Set #      Name
------   -------------------     ------  ----------------
1         ______________           7      ______________
2         ______________           8      ______________
3         ______________           9      ______________
4         ______________          10      ______________
5         ______________          11      ______________
6         ______________          12      ______________
Enter Schedule Set Number to Configure= 0
Edit Name= N/A
Press ENTER to Confirm or ESC to Cancel: 
						

							Prestige 334 User’s Guide
311Chapter 33 Call Scheduling
You can design up to 12 schedule sets but you can only apply up to four schedule sets for a 
remote node.
 To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and 
press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next.  
Figure 174    Menu 26.1 Schedule Set Setup
If a connection has been already established, your Prestige will not drop it. Once the 
connection is dropped manually or it times out, then that remote node cant be triggered up 
until the end of the Duration.
Note: To delete a schedule set, enter the set number and press 
[SPACE BAR] and then [ENTER] (or delete) in the Edit Name field.
                Menu 26.1 - Schedule Set Setup
Active= Yes
Start Date(yyyy/mm/dd) = 2000 – 01 - 01
How Often= Once
Once:
  Date(yyyy/mm/dd)= 2000 – 01 - 01
Weekdays: 
  Sunday= N/A
  Monday= N/A
  Tuesday= N/A
  Wednesday= N/A
  Thursday= N/A
  Friday= N/A
  Saturday= N/A
Start Time (hh:mm)= 00 : 00
Duration (hh:mm)= 00 : 00
Action= Forced On
                    
                   Press ENTER to Confirm or ESC to Cancel:
Table 103   Menu 26.1 Schedule Set Setup
FIELDDESCRIPTION
ActivePress [SPACE BAR] to select Ye s or No. Choose Ye s and press [ENTER] to activate 
the schedule set. 
Start DateEnter the start date when you wish the set to take effect in year -month-date format. 
Valid dates are from the present to 2036-February-5.
How OftenShould this schedule set recur weekly or be used just once only? Press the [SPACE 
BAR] and then [ENTER] to select Once or Weekly. Both these options are mutually 
exclusive.  If Once is selected, then all weekday settings are N/A. When Once is 
selected, the schedule rule deletes automatically after the scheduled time elapses.
Once:    
Date
If you selected Once in the How Often field above, then enter the date the set should 
activate here in year-month-date format.
Weekday:
Day
If you selected Weekly in the How Often field above, then select the day(s) when the 
set should activate (and recur) by going to that day(s) and pressing [SPACE BAR] to 
select Ye s, then press [ENTER]. 
						

							Prestige 334 User’s Guide
Chapter 33 Call Scheduling312
Once your schedule sets are configured, you must then apply them to the desired remote 
node(s). Enter 11 from the Main Menu and then enter the target remote node index. Using 
[SPACE BAR], select PPPoE or PPPoA in the Encapsulation field and then press 
[ENTER] to make the schedule sets field available as shown next.
Figure 175   Applying Schedule Set(s) to a Remote Node (PPPoE)
You can apply up to four schedule sets, separated by commas, for one remote node. Change 
the schedule set numbers to your preference(s).
Start TimeEnter the start time when you wish the schedule set to take effect in hour-minute format. 
DurationEnter the maximum length of time this connection is allowed in hour-minute format. 
ActionForced On means that the connection is maintained whether or not there is a demand 
call on the line and will persist for the time period specified in the Duration field.
Forced Down means that the connection is blocked whether or not there is a demand 
call on the line. 
Enable Dial-On-Demand means that this schedule permits a demand call on the line. 
Disable Dial-On-Demand means that this schedule prevents a demand call on the line. 
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC 
to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
      Menu 11.1 - Remote Node Profile
   Rem Node Name= MyISP                 Route= IP
   Active= Yes
   Encapsulation= PPPoE                 Edit IP= No
   Service Type= Standard               Telco Option:
   Service Name=                          Allocated Budget(min)= 0
   Outgoing:                              Period(hr)= 0
     My Login=                            Schedules= 1,2,3,4
     My Password= ********                Nailed-Up Connection= No
     Retype to Confirm= ********
     Authen= CHAP/PAP
                                        Session Options:
                                          Edit Filter Sets= No
                                          Idle Timeout(sec)= 100
                                        Edit Traffic Redirect= No
                  Press ENTER to Confirm or ESC to Cancel:
Table 103   Menu 26.1 Schedule Set Setup
FIELDDESCRIPTION 
						

							Prestige 334 User’s Guide
313Chapter 33 Call Scheduling 
						

							Prestige 334 User’s Guide
Chapter 34 VPN/IPSec Setup314
CHAPTER34
VPN/IPSec Setup
This chapter introduces the VPN SMT menus. 
34.1  VPN/IPSec Overview
The VPN/IPSec main SMT menu has these main submenus:
1Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP 
addresses, peer IPSec router IP address and key management. 
2Menu 27.2 - SA Monitor allows you to manage (refresh or disconnect) your SA 
connections. 
This is an overview of the VPN menu tree.
Figure 176   VPN SMT Menu Tree
From the main menu, enter 27 to display the first VPN menu (shown next). 
						

							Prestige 334 User’s Guide
315Chapter 34 VPN/IPSec Setup
Figure 177   Menu 27 VPN/IPSec Setup
34.2  IPSec Summary Screen
Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a 
summary read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by 
selecting an index number and then configuring the associated submenus.
Figure 178   Menu 27
Menu 27 - VPN/IPSec Setup
 1. IPSec Summary
 2. SA Monitor
Enter Menu Selection Number:
Menu 27.1 – IPSec Summary
#
-
001
002
003
  Name
Key Mgt
---------
Taiwan
IKE
zw50
IKE
China
IKE
A
-
Y
N
N
Local Addr Start
Remote Addr Start
-----------------
-
192.168.1.35
172.16.2.40
1.1.1.1
4.4.4.4
192.168.1.40
N/A
- Local Addr End
- Remote Addr End
-------------------
-
192.168.1.38
172.16.2.46
1.1.1.1
255.255.0.0
192.168.1.42
N/A
Encap
------
Tunnel
Tunnel
Tunnel
IPSec Algorithm
Secure GW Addr
------------------
ESP DES MD5
193.81.13.2
AH SHA1
zw50test.zyxel.
ESP DES MD5
0.0.0.0
Select Command= NoneSelect Rule= N/A
Press ENTER to Confirm or ESC to Cancel:
Table 104   Menu 27.1 IPSec Summary
FIELDDESCRIPTION
#This is the VPN policy index number.
NameThis field displays the unique identification name for this VPN rule. The name may be 
up to 32 characters long but only 10 characters will be displayed here.
AY signifies that this VPN rule is active. 
						

							Prestige 334 User’s Guide
Chapter 34 VPN/IPSec Setup316
Local Addr 
StartWhen the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a 
static IP address on the LAN behind your Prestige.
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is 
the beginning (static) IP address, in a range of computers on the LAN behind your Pres-
tige. 
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to SUBNET, this 
is a static IP address on the LAN behind your Prestige.
Local Addr 
EndWhen the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is 
the same (static) IP address as in the Local Addr Start field.
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is 
the end (static) IP address, in a range of computers on the LAN behind your Prestige. 
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to SUBNET, this 
is a subnet mask on the LAN behind your Prestige.
EncapThis field displays Tu n n e l  mode or Transport mode. See earlier for a discussion of 
these. You need to finish configuring the VPN policy in menu 27.1.1.1 or 27.1.1.2 if ??? 
is displayed.
IPSec 
AlgorithmThis field displays the security protocols used for an SA. ESP provides confidentiality 
and integrity of data by encrypting the data and encapsulating it into IP packets. Encryp-
tion methods include 56-bit DES and 168-bit 3DES. NULL denotes a tunnel without 
encryption.
AH (Authentication Header) provides strong integrity and authentication by adding 
authentication information to IP packets. This authentication information is calculated 
using header and payload data in the IP packet. This provides an additional level of 
security. AH choices are MD5 (default  - 128 bits) and SHA -1(160 bits).
Both AH and ESP increase the Prestige’s processing requirements and communica-
tions latency (delay).
You need to finish configuring the VPN policy in menu 27.1.1.1 or 27.1.1.2 if ??? is 
displayed.
Key MgtThis field displays the SA’s type of key management, (IKE or Manual).
Remote Addr 
StartWhen the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is a 
static IP address on the network behind the remote IPSec router.
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is 
the beginning (static) IP address, in a range of computers on the network behind the 
remote IPSec router.
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to SUBNET, this 
is a static IP address on the network behind the remote IPSec router.
This field displays N/A when you configure the Secure Gateway Addr field in SMT 
27.1.1 to 0.0.0.0.
Table 104   Menu 27.1 IPSec Summary
FIELDDESCRIPTION 
						

							Prestige 334 User’s Guide
317Chapter 34 VPN/IPSec Setup
Remote Addr 
EndWhen the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is 
the same (static) IP address as in the Remote Addr Start field.
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is 
the end (static) IP address, in a range of computers on the network behind the remote 
IPSec router. 
When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to SUBNET, this 
is a subnet mask on the network behind the remote IPSec router.
This field displays N/A when you configure the Secure Gateway Addr field in SMT 
27.1.1 to 0.0.0.0.
Secure GW 
AddrThis is the WAN IP address or the domain name (up to the first 15 characters are 
displayed) of the IPSec router with which you are making the VPN connection. This field 
displays 0.0.0.0 when you configure the Secure Gateway Addr field in SMT 27.1.1 to 
0.0.0.0. 
Select 
CommandPress [SPACE BAR] to choose from None, Edit, Delete, Go To Rule, Next Page or 
Previous Page and then press [ENTER]. You must select a rule in the next field when 
you choose the Edit, Delete or Go To commands. 
Select None and then press [ENTER] to go to the “Press ENTER to Confirm…” prompt.
Use Edit to create or edit a rule. Use Delete to remove a rule. To edit or delete a rule, 
first make sure you are on the correct page. When a VPN rule is deleted, subsequent 
rules do not
 move up in the page list.
Use Go To Rule to view the page where your desired rule is listed. 
Select Next Page or Previous Page to view the next or previous page of rules 
(respectively). 
Select RuleType the VPN rule index number you wish to edit or delete and then press [ENTER].
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to 
save your configuration, or press [ESC] at any time to cancel.
Table 104   Menu 27.1 IPSec Summary
FIELDDESCRIPTION 
						

							Prestige 334 User’s Guide
Chapter 34 VPN/IPSec Setup318
Figure 179   Menu 27.1.1 IPSec Setup
The following table describes the fields in this menu.
                        Menu 27.1.1 – IPSec Setup
Index= 1         Name= Taiwan
Active= Yes      Keep Alive= No      Nat Traversal= No    
Local ID type            Content=
My IP Addr= 0.0.0.0
Peer ID type= IP         Content=
Secure Gateway Address= zw50test.zyxel.com.tw
Protocol= 0              DNS Server= 0.0.0.0
Local:
Remote:
   Addr Type= SINGLE
Local IP Addr= 1.1.1.1
   Port Start= 0
   Addr Type= SUBNET
IP Addr Start= 4.4.4.4
   Port Start= 0
End= N/A
End/Subnet Mask= 255.255.0.0
End= N/A
Enable Replay Detection = No
Key Management= IKE
Edit Key Management Setup= No
                    
                  Press ENTER to Confirm or ESC to Cancel:
Table 105   Menu 27.1.1 IPSec Setup
FIELDDESCRIPTION
IndexThis is the VPN rule index number you selected in the previous menu.
NameEnter a unique identification name for this VPN rule. The name may be up to 32 
characters long but only 10 characters will be displayed in Menu 27.1 - IPSec 
Summary.
ActivePress [SPACE BAR] to choose either Ye s or No. Choose Ye s and press [ENTER] to 
activate the VPN tunnel. This field determines whether a VPN rule is applied before a 
packet leaves the firewall.
Keep AlivePress [SPACE BAR] to choose either Ye s or No. Choose Ye s and press [ENTER] to 
have the Prestige automatically re-initiate the SA after the SA lifetime times out, even if 
there is no traffic. The remote IPSec router must also have keep alive enabled in order 
for this feature to work. 
Nat TraversalSelect this check box to enable NAT traversal. NAT traversal allows you to set up a 
VPN connection when there are NAT routers between the two IPSec routers.
The remote IPSec router must also have NAT traversal enabled. You can use NAT tra-
versal with ESP protocol using Transport or Tu n n e l  mode, but not with AH protocol 
nor with Manual key management. 
In order for an IPSec router behind a NAT router to receive an initiating IPSec packet, 
set the NAT router to forward UDP port 500 to the IPSec router behind the NAT router.
Local ID typePress [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER]. 
Select IP to identify this Prestige by its IP address. 
Select DNS to identify this Prestige by a domain name.
Select E-mail to identify this Prestige by an e-mail address. 
						

							Prestige 334 User’s Guide
319Chapter 34 VPN/IPSec Setup
ContentWhen you select IP in the Local ID Type field, type the IP address of your computer or 
leave the field blank to have the Prestige automatically use its own IP address.
When you select DNS in the Local ID Type field, type a domain name (up to 31 char-
acters) by which to identify this Prestige. 
When you select E-mail in the Local ID Type field, type an e-mail address (up to 31 
characters) by which to identify this Prestige. 
The domain name or e-mail address that you use in the Content field is used for 
identification purposes only and does not need to be a real domain name or e-mail 
address. 
My IP AddrEnter the IP address of your Prestige. The Prestige uses its current WAN IP address 
(static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.  
The VPN tunnel has to be rebuilt if this IP address changes.
Peer ID typePress [SPACE BAR] to choose IP, DNS, or E-mail and press [ENTER]. 
Select IP to identify the remote IPSec router by its IP address. 
Select DNS to identify the remote IPSec router by a domain name.
Select E-mail to identify the remote IPSec router by an e-mail address.
ContentWhen you select IP in the Peer ID Type field, type the IP address of the computer with 
which you will make the VPN connection or leave the field blank to have the Prestige 
automatically use the address in the Secure Gateway Address field.
When you select DNS in the Peer ID Type field, type a domain name (up to 31 charac-
ters) by which to identify the remote IPSec router. 
When you select E-mail in the Peer ID Type field, type an e-mail address (up to 31 
characters) by which to identify the remote IPSec router. 
The domain name or e-mail address that you use in the Content field is used for 
identification purposes only and does not need to be a real domain name or e-mail 
address. The domain name also does not have to match the remote router’s IP 
address or what you configure in the Secure Gateway Address field below.
Secure 
Gateway 
AddressType the IP address or the domain name (up to 31 characters) of the IPSec router with 
which you’re making the VPN connection. 
Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the 
Key Management field must be set to IKE, see later). 
ProtocolEnter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
LocalLocal IP addresses must be static and correspond to the remote IPSec router’s config-
ured remote IP addresses.
Two active SAs cannot have the local and remote IP address(es) both the same. Two 
active SAs can have the same local or remote IP address, but not both. You can 
configure multiple SAs between the same local and remote IP addresses, as long as 
only one is active at any time.
Addr TypeThis field displays SINGLE for a single IP address. 
Local IP AddrEnter a static IP address on the LAN behind your Prestige.
Table 105   Menu 27.1.1 IPSec Setup
FIELDDESCRIPTION