User Guide
Page 22
... 192.168.3.1 and serves as a DHCP server by the Quick Setup - Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. 22 ZyWALL USG100-PLUS User's Guide Figure 19 Ethernet Interface, Port Roles, and Zone Configuration Example 2.2.1 Configure a ...WAN Ethernet Interface You need to assign the ZyWALL's wan1 interface a static IP address of 1.2.3.4. • Add P5 (lan2) to the DMZ interface. The DMZ interface is used for the VPN tunnel created by default. • You want to be able to it. So you ...
... 192.168.3.1 and serves as a DHCP server by the Quick Setup - Select Use Fixed IP Address and configure the IP address, subnet mask, and default gateway settings and click OK. 22 ZyWALL USG100-PLUS User's Guide Figure 19 Ethernet Interface, Port Roles, and Zone Configuration Example 2.2.1 Configure a ...WAN Ethernet Interface You need to assign the ZyWALL's wan1 interface a static IP address of 1.2.3.4. • Add P5 (lan2) to the DMZ interface. The DMZ interface is used for the VPN tunnel created by default. • You want to be able to it. So you ...
User Guide
Page 26
... WAN connection goes down, the ZyWALL still sends traffic through the interface. • IPv6 Address Assignment - Configure this if you need your service provider to provide an IP address through PPPoE or PPTP in this if you want to override the ZyWALL's default routing behavior in the screens listed ...above to enable the ZyWALL to be able to send and receive IPv6 packets through the ZyWALL. Although the ZyWALL is "transparent" in ...
... WAN connection goes down, the ZyWALL still sends traffic through the interface. • IPv6 Address Assignment - Configure this if you need your service provider to provide an IP address through PPPoE or PPTP in this if you want to override the ZyWALL's default routing behavior in the screens listed ...above to enable the ZyWALL to be able to send and receive IPv6 packets through the ZyWALL. Although the ZyWALL is "transparent" in ...
User Guide
Page 33
...IPv6 support on you can enable IPv6 in a Command Prompt. If your IPv6 settings are correct, you computer. ZyWALL USG100-PLUS User's Guide 33 You can see a dancing turtle in the website. 2.5.6 Prefix Delegation and Router Advertisement ... Control Panel > Network and Sharing Center > Local Area Connection screen. 3 Your computer should get an IPv6 IP address (starting with 2001:b050:2d:1111: for this video. In Windows XP, you want to play the... that you need to play this example) from the ZyWALL. 4 Open a web browser and type http://www.kame.net. In Windows 7, IPv6 is supported by...
...IPv6 support on you can enable IPv6 in a Command Prompt. If your IPv6 settings are correct, you computer. ZyWALL USG100-PLUS User's Guide 33 You can see a dancing turtle in the website. 2.5.6 Prefix Delegation and Router Advertisement ... Control Panel > Network and Sharing Center > Local Area Connection screen. 3 Your computer should get an IPv6 IP address (starting with 2001:b050:2d:1111: for this video. In Windows XP, you want to play the... that you need to play this example) from the ZyWALL. 4 Open a web browser and type http://www.kame.net. In Windows 7, IPv6 is supported by...
User Guide
Page 34
... example in order to forward 6to4 packets to any default route to forward the LAN's IPv6 packets. 2 To use prefix delegation, you must be enabled by the ZyWALL through WAN1 with 2002:7a64:dcee::/48 if you decide to use the WAN1 IP address to forward 6to4 packets to handle IPv6 packets... 6to4 tunnels. It may be converted from DHCPv6 Prefix Delegation table. 3 If the Value field in hexadecimal. The second and third sets of 122.100.220.238) and an IPv6 intranet network. It becomes 7a64:dcee in the WAN1's DHCPv6 Request Options table displays n/a, contact your ISP for further ...
... example in order to forward 6to4 packets to any default route to forward the LAN's IPv6 packets. 2 To use prefix delegation, you must be enabled by the ZyWALL through WAN1 with 2002:7a64:dcee::/48 if you decide to use the WAN1 IP address to forward 6to4 packets to handle IPv6 packets... 6to4 tunnels. It may be converted from DHCPv6 Prefix Delegation table. 3 If the Value field in hexadecimal. The second and third sets of 122.100.220.238) and an IPv6 intranet network. It becomes 7a64:dcee in the WAN1's DHCPv6 Request Options table displays n/a, contact your ISP for further ...
User Guide
Page 36
... 2.6.3 Setting Up the 6to4 Tunnel 1 Click Add in this example just simply uses the default 6to4 Prefix, 2002:://16. In Windows XP, you computer. In Windows 7, IPv6 is supported by default. Select wan1 as the Tunnel Mode. You can enable IPv6 in the Control Panel > ...Network and Sharing Center > Local Area Connection screen. 3 You should get an IPv6 IP address starting with 2002:7a64:dcee:1:. 4 Type ping -6 ipv6.google.com in a Command Prompt. You should get a response. 36 ZyWALL USG100-PLUS User's Guide In the 6to4 Tunnel Parameter section, this example). Enter ...
... 2.6.3 Setting Up the 6to4 Tunnel 1 Click Add in this example just simply uses the default 6to4 Prefix, 2002:://16. In Windows XP, you computer. In Windows 7, IPv6 is supported by default. Select wan1 as the Tunnel Mode. You can enable IPv6 in the Control Panel > ...Network and Sharing Center > Local Area Connection screen. 3 You should get an IPv6 IP address starting with 2002:7a64:dcee:1:. 4 Type ping -6 ipv6.google.com in a Command Prompt. You should get a response. 36 ZyWALL USG100-PLUS User's Guide In the 6to4 Tunnel Parameter section, this example). Enter ...
User Guide
Page 37
Enabling it will cause two default routes, however, the ZyWALL only needs a default route generated by your 6to4 packets over the IPv4 network. In 6to4, the ZyWALL doesn't need a policy route to determine where to forward a 6to4 packet (starting with 2002. 2 You don't need to confirm that you ...activate the WAN1 IPv6 interface but make sure you may need to the relay router using the default route if the packet's destination is not an IP address starting with 2002 in the IPv6 IP address). ZyWALL USG100-PLUS User's Guide 37 After clicking play again. 2.6.6 What Can Go Wrong? 1 Do...
Enabling it will cause two default routes, however, the ZyWALL only needs a default route generated by your 6to4 packets over the IPv4 network. In 6to4, the ZyWALL doesn't need a policy route to determine where to forward a 6to4 packet (starting with 2002. 2 You don't need to confirm that you ...activate the WAN1 IPv6 interface but make sure you may need to the relay router using the default route if the packet's destination is not an IP address starting with 2002 in the IPv6 IP address). ZyWALL USG100-PLUS User's Guide 37 After clicking play again. 2.6.6 What Can Go Wrong? 1 Do...
User Guide
Page 38
... need to enable IPv6 in the wan1 since the IPv6 packets will be enabled by the ZyWALL through the following flow. Enter tunnel0 as the Interface Name and select IPv6-in-IPv4 as the remote gateway IP. 2.7.1 Configuration Concept After the IPv6-in-IPv4 tunnel settings are complete, IPv4 and IPv6... Up Your Network Note: For 6to4, you must configure the peer gateway's WAN IPv4 address as the Tunnel Mode. It may be handled by default such as IPv6-in-IPv4 routers which connect the IPv4 Internet and an individual IPv6 network. Figure 25 IPv6-in-IPv4 Tunnel Configuration Concept LAN1...
... need to enable IPv6 in the wan1 since the IPv6 packets will be enabled by the ZyWALL through the following flow. Enter tunnel0 as the Interface Name and select IPv6-in-IPv4 as the remote gateway IP. 2.7.1 Configuration Concept After the IPv6-in-IPv4 tunnel settings are complete, IPv4 and IPv6... Up Your Network Note: For 6to4, you must configure the peer gateway's WAN IPv4 address as the Tunnel Mode. It may be handled by default such as IPv6-in-IPv4 routers which connect the IPv4 Internet and an individual IPv6 network. Figure 25 IPv6-in-IPv4 Tunnel Configuration Concept LAN1...
User Guide
Page 41
...-PLUS User's Guide 41 You can ping a computer behind ZyWALL Y. In Windows 7, IPv6 is supported by default. Chapter 2 How to Set Up Your Network 2.7.5 Testing the IPv6-in-IPv4 Tunnel 1 Connect a computer to the ZyWALL's LAN1. 2 Enable IPv6 support on you can enable IPv6 in the Control Panel >... Network and Sharing Center > Local Area Connection screen. 3 You should get an IPv6 IP ...
...-PLUS User's Guide 41 You can ping a computer behind ZyWALL Y. In Windows 7, IPv6 is supported by default. Chapter 2 How to Set Up Your Network 2.7.5 Testing the IPv6-in-IPv4 Tunnel 1 Connect a computer to the ZyWALL's LAN1. 2 Enable IPv6 support on you can enable IPv6 in the Control Panel >... Network and Sharing Center > Local Area Connection screen. 3 You should get an IPv6 IP ...
User Guide
Page 70
...and and password exactly as configured on the ZyWALL, then enter the new one here. If you changed the default HTTPS port on the ZyWALL or external authentication server. Click Next. 70 ZyWALL USG100-PLUS User's Guide Figure 30 ZyWALL IPSec VPN Client with the ZyWALL IPSec VPN Client. 2 Click Configuration > ...it to allow the newly created user to retrieve this rule's settings using the ZyWALL IPSec VPN Client. 4 On the ZyWALL IPSec VPN Client, select Configuration > Get From Server. 5 Enter the WAN IP address or URL for Configuration Provisioning wizard to create a VPN rule that can ...
...and and password exactly as configured on the ZyWALL, then enter the new one here. If you changed the default HTTPS port on the ZyWALL or external authentication server. Click Next. 70 ZyWALL USG100-PLUS User's Guide Figure 30 ZyWALL IPSec VPN Client with the ZyWALL IPSec VPN Client. 2 Click Configuration > ...it to allow the newly created user to retrieve this rule's settings using the ZyWALL IPSec VPN Client. 4 On the ZyWALL IPSec VPN Client, select Configuration > Get From Server. 5 Enter the WAN IP address or URL for Configuration Provisioning wizard to create a VPN rule that can ...
User Guide
Page 73
... the internal network. If there is installed. Here a user uses his user name and password to set the IP address of the ZyWALL (or a gateway device) on which the ZyWALL IPSec VPN Client is no reply, check that the entry has a yellow Status icon. 4.5 SSL VPN SSL ... manage files as if he were part of the ZyWALL's VPN solutions. Chapter 4 Create Secure Connections Across the Internet • There's a network connectivity problem between the ZyWALL and the ZyWALL IPSec VPN Client: Check that the correct ZyWALL IP address and HTTPS port (if the default port was changed) was entered.
... the internal network. If there is installed. Here a user uses his user name and password to set the IP address of the ZyWALL (or a gateway device) on which the ZyWALL IPSec VPN Client is no reply, check that the entry has a yellow Status icon. 4.5 SSL VPN SSL ... manage files as if he were part of the ZyWALL's VPN solutions. Chapter 4 Create Secure Connections Across the Internet • There's a network connectivity problem between the ZyWALL and the ZyWALL IPSec VPN Client: Check that the correct ZyWALL IP address and HTTPS port (if the default port was changed) was entered.
User Guide
Page 75
... L2TP VPN tunnel. • The VPN rule allows the remote user to re-connect if this happens. 4.6 L2TP VPN with a static IP address of the ZyWALL's IPSec VPN connections. Figure 32 L2TP VPN Example 172.16.1.2 LAN1_SUBNET: 192.168.1.x L2TP_POOL: 192.168.10.10~192.168.10.20 ...• Set the next hop to be the VPN tunnel you want to use. • Replace the default Pre-Shared Key. 2 Create a host-type address object containing the My Address IP address configured in the Default_L2TP_VPN_GW and set the Default_L2TP_VPN_Connection's Local Policy to use in the following example). •...
... L2TP VPN tunnel. • The VPN rule allows the remote user to re-connect if this happens. 4.6 L2TP VPN with a static IP address of the ZyWALL's IPSec VPN connections. Figure 32 L2TP VPN Example 172.16.1.2 LAN1_SUBNET: 192.168.1.x L2TP_POOL: 192.168.10.10~192.168.10.20 ...• Set the next hop to be the VPN tunnel you want to use. • Replace the default Pre-Shared Key. 2 Create a host-type address object containing the My Address IP address configured in the Default_L2TP_VPN_GW and set the Default_L2TP_VPN_Connection's Local Policy to use in the following example). •...
User Guide
Page 77
... object that you want to allow the remote users to access (LAN_1SUBNET in this example). • Set the Destination Address to the IP address pool that the ZyWALL assigns to the remote users (L2TP_POOL in this example)). • Set the next hop to create an... user object for the users allowed to 192.168.10.20. Set IP Address Pool to Default_L2TP_VPN_Connection. Set VPN Connection to L2TP_POOL. This example uses a user object named L2TP-test. Enable the connection. Select the authentication method (default in this example), and select the users that can use the tunnel....
... object that you want to allow the remote users to access (LAN_1SUBNET in this example). • Set the Destination Address to the IP address pool that the ZyWALL assigns to the remote users (L2TP_POOL in this example)). • Set the next hop to create an... user object for the users allowed to 192.168.10.20. Set IP Address Pool to Default_L2TP_VPN_Connection. Set VPN Connection to L2TP_POOL. This example uses a user object named L2TP-test. Enable the connection. Select the authentication method (default in this example), and select the users that can use the tunnel....
User Guide
Page 103
Chapter 5 Managing Traffic 3 Select the trunk as the default trunk and click Apply. 5.3 How to Use Multiple Static Public WAN IP Addresses for traffic it goes from the LAN. 5.3.1 Create the Public IP Address Range Object Click Configuration > Object > Address > Add (in IPv4 Address Configuration) to 1.1.1.17. In this ...example you a range of static public IP addresses, this example shows how to configure a policy route to have the ZyWALL use them for LAN-to-WAN Traffic If your ISP gave you name it Public-IPs and it sends out from 1.1.1.10 to create the address...
Chapter 5 Managing Traffic 3 Select the trunk as the default trunk and click Apply. 5.3 How to Use Multiple Static Public WAN IP Addresses for traffic it goes from the LAN. 5.3.1 Create the Public IP Address Range Object Click Configuration > Object > Address > Add (in IPv4 Address Configuration) to 1.1.1.17. In this ...example you a range of static public IP addresses, this example shows how to configure a policy route to have the ZyWALL use them for LAN-to-WAN Traffic If your ISP gave you name it Public-IPs and it sends out from 1.1.1.10 to create the address...
User Guide
Page 111
...the destination because the ZyWALL applies NAT to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. • Set the Mapped IP to the IPPBX's DMZ IP address object (IPPBX...to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow and click OK. Set the...the firewall rule. Set the Destination to the WAN address object (IPPBX-Public). If a domain name is registered for IP address 1.1.1.2, users can use the IPPBX. • Click OK. Click Configuration > Firewall > Add. Figure 46 ...
...the destination because the ZyWALL applies NAT to allow the public to send SIP traffic to DMZ Firewall Rule for making SIP calls. • Set the Mapped IP to the IPPBX's DMZ IP address object (IPPBX...to for SIP The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a firewall rule to allow and click OK. Set the...the firewall rule. Set the Destination to the WAN address object (IPPBX-Public). If a domain name is registered for IP address 1.1.1.2, users can use the IPPBX. • Click OK. Click Configuration > Firewall > Add. Figure 46 ...
User Guide
Page 112
.... Chapter 5 Managing Traffic 5.6.2.4 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN1 zone by default so you need to create a firewall rule to allow the IPPBX to send SIP traffic to allow and click OK. 5.6.3 What Can Go Wrong •... rules in the list, it may be unexpectedly blocked. • The ZyWALL does not apply the firewall rule. Leave the Access field to the SIP clients on the LAN. 1 Click Configuration > Firewall > Add. Set the Source to the IPPBX's DMZ IP address object (DMZ_SIP). Set the From field as DMZ and the...
.... Chapter 5 Managing Traffic 5.6.2.4 Set Up a DMZ to LAN Firewall Rule for SIP The firewall blocks traffic from the DMZ zone to the LAN1 zone by default so you need to create a firewall rule to allow the IPPBX to send SIP traffic to allow and click OK. 5.6.3 What Can Go Wrong •... rules in the list, it may be unexpectedly blocked. • The ZyWALL does not apply the firewall rule. Leave the Access field to the SIP clients on the LAN. 1 Click Configuration > Firewall > Add. Set the Source to the IPPBX's DMZ IP address object (DMZ_SIP). Set the From field as DMZ and the...
User Guide
Page 124
...connect to port 22 on the ZyWALL. Are you sure you want save the host information of known hosts. Select the configuration file that comes with most Linux distributions. 1 Test whether the SSH service is available on the ZyWALL (using the default IP address of host '192.168....1.1 (192.168.1.1)' can find the *.conf file in to the ZyWALL using SSH, a message displays prompting you can 't be established. [email protected]'s ...
...connect to port 22 on the ZyWALL. Are you sure you want save the host information of known hosts. Select the configuration file that comes with most Linux distributions. 1 Test whether the SSH service is available on the ZyWALL (using the default IP address of host '192.168....1.1 (192.168.1.1)' can find the *.conf file in to the ZyWALL using SSH, a message displays prompting you can 't be established. [email protected]'s ...
User Guide
Page 125
... be restored. • startup-config.conf: This is the configuration file that the ZyWALL is successful, it will restore by using . Chapter 6 Maintenance The default configuration files are applied to this file, the ZyWALL's default IP address and password will be copied into lastgood.conf. If you upload and apply a configuration file with an error...
... be restored. • startup-config.conf: This is the configuration file that the ZyWALL is successful, it will restore by using . Chapter 6 Maintenance The default configuration files are applied to this file, the ZyWALL's default IP address and password will be copied into lastgood.conf. If you upload and apply a configuration file with an error...