User Guide
Page 3
...to the included CD for Internet access. • Support Disc Refer to configure the P-792H v2 using the web configurator. It contains information on your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you can grab the page and move around freely on setting up and... This manual is designed to help you quickly pinpoint the information you can enter a number in the toolbar in mind: • If you don't already have the latest version of the User's Guide PDF. P-792H v2 User's Guide 3 Tips for Reading User's Guides On-Screen When reading a ZyXEL User's...
...to the included CD for Internet access. • Support Disc Refer to configure the P-792H v2 using the web configurator. It contains information on your comments, questions or suggestions to: techwriters@zyxel.com.tw Thank you can grab the page and move around freely on setting up and... This manual is designed to help you quickly pinpoint the information you can enter a number in the toolbar in mind: • If you don't already have the latest version of the User's Guide PDF. P-792H v2 User's Guide 3 Tips for Reading User's Guides On-Screen When reading a ZyXEL User's...
User Guide
Page 5
Every effort has been made to ensure that the information in this book may differ slightly from the product due to differences in this manual is accurate. P-792H v2 User's Guide 5 About This User's Guide Disclaimer Graphics in operating systems, operating system versions, or if you installed updated firmware/software for your device.
Every effort has been made to ensure that the information in this book may differ slightly from the product due to differences in this manual is accurate. P-792H v2 User's Guide 5 About This User's Guide Disclaimer Graphics in operating systems, operating system versions, or if you installed updated firmware/software for your device.
User Guide
Page 12
... 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client ...55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 ... ...76 6.5.2 Multiplexing ...78 6.5.3 VPI and VCI ...78 6.5.4 IP Address Assignment 78 6.5.5 Nailed-Up Connection (PPP 79 6.5.6 NAT ...79 6.6 Metric ...79 6.7 Traffic Redirect ...80 12 P-792H v2 User's Guide
... 4 Internet Setup Wizard ...43 4.1 Overview ...43 4.2 Internet Access Wizard Setup 43 4.2.1 Manual Configuration 46 Chapter 5 Tutorial ...53 5.1 Overview ...53 5.2 Configuring Point-to-point Connection 53 5.2.1 Set Up the Server ...54 5.2.2 Set Up the Client ...55 5.2.3 Connect the P-792H v2s 55 Part II: Technical Reference 57 Chapter 6 WAN Setup...59 6.1 Overview ...59 6.1.1 ... ...76 6.5.2 Multiplexing ...78 6.5.3 VPI and VCI ...78 6.5.4 IP Address Assignment 78 6.5.5 Nailed-Up Connection (PPP 79 6.5.6 NAT ...79 6.6 Metric ...79 6.7 Traffic Redirect ...80 12 P-792H v2 User's Guide
User Guide
Page 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
... 157 12.2 VPN Setup Screen ...157 12.3 The VPN Edit Screen ...160 12.4 Configuring Advanced IKE Settings 165 12.5 Manual Key Setup ...167 12.5.1 Security Parameter Index (SPI 168 12.6 Configuring Manual Key 168 12.7 Viewing SA Monitor ...171 12.8 Configuring VPN Global Setting 172 12.9 IPSec VPN Technical Reference 173 12... 197 14.2.1 Editing 802.1Q/1P Group Setting 198 14.3 The 802.1Q/1P Port Setting Screen 199 Chapter 15 Quality of Service (QoS)...201 P-792H v2 User's Guide 15
User Guide
Page 44
...the system for more details. See Section 4.2.1 on page 46 for Internet access. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide If you by your Internet setup information as provided to the wizard welcome screen. Follow the directions in the wizard and... and click Restart the INTERNET SETUP Wizard to return to you still cannot connect, click Manually configure your connection type. 3a The following screen appears if a connection is not detected. Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to detect your DSL connection and your Internet connection.
...the system for more details. See Section 4.2.1 on page 46 for Internet access. Figure 13 Auto Detection: No DSL Connection 44 P-792H v2 User's Guide If you by your Internet setup information as provided to the wizard welcome screen. Follow the directions in the wizard and... and click Restart the INTERNET SETUP Wizard to return to you still cannot connect, click Manually configure your connection type. 3a The following screen appears if a connection is not detected. Figure 12 Wizard Welcome 3 Your P-792H v2 attempts to detect your DSL connection and your Internet connection.
User Guide
Page 45
Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Then click Next. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45
Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Figure 14 Auto-Detection: PPPoE 3c The following screen displays if a PPPoE or PPPoA connection is detected. Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Chapter 4 Internet Setup Wizard 3b The following screen appears if the ZyXEL device detects a connection but not the connection type. Then click Next. Figure 15 Auto Detection: Failed P-792H v2 User's Guide 45
User Guide
Page 46
..., DHCP server and NAT on what you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide If you select Bridge, you were not given information. Table 7 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode Select ... computers to get individual IP address from the Encapsulation drop-down list box. If you . Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen...
..., DHCP server and NAT on what you select Routing in the Mode field, select PPPoA, RFC 1483, ENET ENCAP or PPPoE. 46 P-792H v2 User's Guide If you select Bridge, you were not given information. Table 7 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode Select ... computers to get individual IP address from the Encapsulation drop-down list box. If you . Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration 1 If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen...
User Guide
Page 64
...(PPPoA and PPPoE encapsulation only) Nailed-Up Connection Select Nailed-Up Connection when you click Apply. A dynamic IP address is disconnected. 64 P-792H v2 User's Guide Gateway IP address Enter a subnet mask in the field to use as a default for outgoing traffic (remote node 1). If ... address (supplied by inserting a tag into a MAC-layer frame that your LAN, or else the computers must have their DNS server addresses manually configured. Type the VLAN ID number (from 0 to 7) to add to traffic through this option to the egree packets outgoing traffic through this...
...(PPPoA and PPPoE encapsulation only) Nailed-Up Connection Select Nailed-Up Connection when you click Apply. A dynamic IP address is disconnected. 64 P-792H v2 User's Guide Gateway IP address Enter a subnet mask in the field to use as a default for outgoing traffic (remote node 1). If ... address (supplied by inserting a tag into a MAC-layer frame that your LAN, or else the computers must have their DNS server addresses manually configured. Type the VLAN ID number (from 0 to 7) to add to traffic through this option to the egree packets outgoing traffic through this...
User Guide
Page 91
...you must know the IP address of the contiguous addresses in the IP address pool. Select DNS Relay to have their DNS server addresses manually configured. The P-792H v2's LAN IP address displays in the field to the right. You can assign IP addresses, an IP default gateway and DNS servers ... to None after you do not configure a DNS server, you have another DHCP sever on your ISP dynamically assigns DNS server information (and the P-792H v2's WAN IP address). If you set to 0.0.0.0, UserDefined changes to None after you click Apply. When a computer on the LAN that support the ...
...you must know the IP address of the contiguous addresses in the IP address pool. Select DNS Relay to have their DNS server addresses manually configured. The P-792H v2's LAN IP address displays in the field to the right. You can assign IP addresses, an IP default gateway and DNS servers ... to None after you do not configure a DNS server, you have another DHCP sever on your ISP dynamically assigns DNS server information (and the P-792H v2's WAN IP address). If you set to 0.0.0.0, UserDefined changes to None after you click Apply. When a computer on the LAN that support the ...
User Guide
Page 96
...explicit DNS servers, chances are the DNS servers are conveyed through the DNS proxy feature. When a computer sends a DNS query to the P-792H v2, the P-792H v2 acts as a DNS proxy and forwards the query to the real DNS server learned through IPCP and relays the response back to its corresponding ...addresses using the DNS server extensions of IP addresses for the clients. If your ISP did not give you must be manually configured. If the DNS Server fields in the DHCP Setup screen. 96 P-792H v2 User's Guide You can access it . When configured as a DHCP server or disable it .
...explicit DNS servers, chances are the DNS servers are conveyed through the DNS proxy feature. When a computer sends a DNS query to the P-792H v2, the P-792H v2 acts as a DNS proxy and forwards the query to the real DNS server learned through IPCP and relays the response back to its corresponding ...addresses using the DNS server extensions of IP addresses for the clients. If your ISP did not give you must be manually configured. If the DNS Server fields in the DHCP Setup screen. 96 P-792H v2 User's Guide You can access it . When configured as a DHCP server or disable it .
User Guide
Page 157
...the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. Figure 71 IPSec Summary Fields Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address My ...remote secure gateway can also enter a remote secure gateway's domain name in the web configurator. Chapter 12 VPN You can initiate SAs. The P-792H v2 has to rebuild the VPN tunnel each time the remote secure gateway's WAN IP address changes (there may be useful for telecommuters initiating a VPN...
...the Secure Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using IKE key management and not Manual key management. Figure 71 IPSec Summary Fields Local Network Remote Network Remote IPSec Router Local IP Address VPN Tunnel Remote IP Address My ...remote secure gateway can also enter a remote secure gateway's domain name in the web configurator. Chapter 12 VPN You can initiate SAs. The P-792H v2 has to rebuild the VPN tunnel each time the remote secure gateway's WAN IP address changes (there may be useful for telecommuters initiating a VPN...
User Guide
Page 161
... if you want to set up to 32 characters to Single, this VPN policy. Select IKE or Manual from the drop-down menu to Single, enter a (static) IP address on the LAN behind your P-792H v2. Select Main or Aggressive from the drop-down list box. Select Range for a single IP address. Use... the drop-down list box. Manual is ESP. When the Local Address Type field is a subnet mask on the LAN...
... if you want to set up to 32 characters to Single, this VPN policy. Select IKE or Manual from the drop-down menu to Single, enter a (static) IP address on the LAN behind your P-792H v2. Select Main or Aggressive from the drop-down list box. Select Range for a single IP address. Use... the drop-down list box. Manual is ESP. When the Local Address Type field is a subnet mask on the LAN...
User Guide
Page 167
... Protocol field. Select SHA1 or MD5 from 60 to save your changes. 12.5 Manual Key Setup Manual key management is available when you select ESP in increased latency and decreased throughput. P-792H v2 User's Guide 167 Perfect Forward Secrecy (PFS) is more secure, yet slower). Chapter...management. Authentication Algorithm SA Life Time (Seconds) Select NULL to set up a tunnel without saving your changes back to the P-792H v2 and return to authenticate packet data. Select MD5 for minimal security and SHA-1 for data communications, both the sending device and the...
... Protocol field. Select SHA1 or MD5 from 60 to save your changes. 12.5 Manual Key Setup Manual key management is available when you select ESP in increased latency and decreased throughput. P-792H v2 User's Guide 167 Perfect Forward Secrecy (PFS) is more secure, yet slower). Chapter...management. Authentication Algorithm SA Life Time (Seconds) Select NULL to set up a tunnel without saving your changes back to the P-792H v2 and return to authenticate packet data. Select MD5 for minimal security and SHA-1 for data communications, both the sending device and the...
User Guide
Page 168
... Security Association (SA). Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. Manual Key screen as shown next. Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide Chapter 12...
... Security Association (SA). Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 12.6 Configuring Manual Key You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. Manual Key screen as shown next. Figure 75 Security > VPN > Setup > Manual Key 168 P-792H v2 User's Guide Chapter 12...
User Guide
Page 169
...time. IPSec Key Mode Select IKE or Manual from the drop-down list box. Encapsulation Mode Select Tunnel mode or Transport mode from 1 to find other computers and servers on the VPN by their (private) domain names. The P-792H v2 assigns this IPSec rule's range of computers ...address on the LAN behind your P-792H v2. When the Local Address Type field is active at any character, including spaces, but not both the same. P-792H v2 User's Guide 169 You can have problems using IKE key management. Table 46 Security > VPN > Setup > Manual Key LABEL DESCRIPTION IPSec Setup Active ...
...time. IPSec Key Mode Select IKE or Manual from the drop-down list box. Encapsulation Mode Select Tunnel mode or Transport mode from 1 to find other computers and servers on the VPN by their (private) domain names. The P-792H v2 assigns this IPSec rule's range of computers ...address on the LAN behind your P-792H v2. When the Local Address Type field is active at any character, including spaces, but not both the same. P-792H v2 User's Guide 169 You can have problems using IKE key management. Table 46 Security > VPN > Setup > Manual Key LABEL DESCRIPTION IPSec Setup Active ...
User Guide
Page 170
...more secure than DES. Two active SAs can configure multiple SAs between the same local and remote IP addresses, as long as 0.0.0.0: The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic) to be rebuilt if this field is a variation on a network by AH. You can have ...Enter the WAN IP address of the IPSec Address router with a single IP address. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must select options from the drop-down menu to specify IP addresses on DES that uses a 168...
...more secure than DES. Two active SAs can configure multiple SAs between the same local and remote IP addresses, as long as 0.0.0.0: The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic) to be rebuilt if this field is a variation on a network by AH. You can have ...Enter the WAN IP address of the IPSec Address router with a single IP address. Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Remote Remote IP addresses must select options from the drop-down menu to specify IP addresses on DES that uses a 168...
User Guide
Page 171
Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no...SA) is slower. A tunnel with ESP) With DES, type a unique key 8 characters long. See Section P-792H v2 User's Guide 171 The SHA1 algorithm is generally considered stronger than MD5, but trailing spaces are truncated. Any characters... SA lifetime period expires. Back Click Back to return to authenticate packet data. Use Refresh to the P-792H v2. With 3DES, type a unique key 24 characters long. Authentication Key Type a unique authentication key to open...
Chapter 12 VPN Table 46 Security > VPN > Setup > Manual Key (continued) LABEL DESCRIPTION Encapsulation Key (only with no...SA) is slower. A tunnel with ESP) With DES, type a unique key 8 characters long. See Section P-792H v2 User's Guide 171 The SHA1 algorithm is generally considered stronger than MD5, but trailing spaces are truncated. Any characters... SA lifetime period expires. Back Click Back to return to authenticate packet data. Use Refresh to the P-792H v2. With 3DES, type a unique key 24 characters long. Authentication Key Type a unique authentication key to open...
User Guide
Page 174
... not the new headers, are signed with a hash value appended to the packet. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to use of the VPN device at the receiving end. When using the AH protocol digitally signs the outbound packet, ...to set up a VPN. 12.9.2 IPSec and NAT Read this case, the entire original packet) are running IPSec on a host computer behind the P-792H v2. Key Management Key management allows you are encrypted. Chapter 12 VPN IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (...
... not the new headers, are signed with a hash value appended to the packet. The Encryption Algorithm describes the use IKE (ISAKMP) or manual key configuration in order to use of the VPN device at the receiving end. When using the AH protocol digitally signs the outbound packet, ...to set up a VPN. 12.9.2 IPSec and NAT Read this case, the entire original packet) are running IPSec on a host computer behind the P-792H v2. Key Management Key management allows you are encrypted. Chapter 12 VPN IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (...
User Guide
Page 237
...the need to configure the UPnP settings on page 235 for the UPnP enabled application. Allow users to make configuration changes through the P-792H v2, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to install the UPnP in Windows Me... Screen Use the following table describes the fields in this screen. Figure 110 Advanced > UPnP > General The following screen to manually configure port forwarding for more information. Installing UPnP in Windows Me Follow the steps below to communicate with another UPnP enabled device;
...the need to configure the UPnP settings on page 235 for the UPnP enabled application. Allow users to make configuration changes through the P-792H v2, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to install the UPnP in Windows Me... Screen Use the following table describes the fields in this screen. Figure 110 Advanced > UPnP > General The following screen to manually configure port forwarding for more information. Installing UPnP in Windows Me Follow the steps below to communicate with another UPnP enabled device;
User Guide
Page 243
Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-792H v2 User's Guide 243
Chapter 18 Universal Plug-and-Play (UPnP) 4 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-792H v2 User's Guide 243