Zyxel-communications P-202 Bedienungsanleitung

P-202H Plus v2 Support Notes P-202H Plus v2 ISDN Internet Access Router Support Notes Version3.40 J

P-202H Plus v2 Support Notes • Deny packets from the outside that claim to be from the inside • Allow everyt

P-202H Plus v2 Support Notes Incoming Phone Numbers: ISDN Data = 10000 Subaddress=

P-202H Plus v2 Support Notes 3. Incoming Data Call Matching: This setting helps the P-202H Plus v2 to forward

P-202H Plus v2 Support Notes dcp fsm sw [on|off] To enable/disable the NetCAPI state machine, use the dcp fsm s

P-202H Plus v2 Support Notes dcp trcp clear To clear the NetCAPI packet log, use the dcp trcp clear command. d

P-202H Plus v2 Support Notes # Zyxel proprietary attributes ATTRIBUTE Zyxel-Callback-Option 192 integer

P-202H Plus v2 Support Notes 5. Run "RADIUS.EXE -X15" to turn on the RADIUS service. • P-202H Plus

P-202H Plus v2 Support Notes When calling back to a remote node the outgoing user information (username and pas

P-202H Plus v2 Support Notes Period(hr)= Press ENTER to Confirm or ESC to Cancel:

P-202H Plus v2 Support Notes Password Outgoing: Pri Phone # Enter the phone number of the remote node for calli

P-202H Plus v2 Support Notes Period(hr)= Press ENTER to Confirm or ESC to Cancel: C

P-202H Plus v2 Support Notes How do I set DNS other than P-202H Plus v2 IP address? The P-202H Plus v2 assigns

P-202H Plus v2 Support Notes 12. Using SNMP 1. SNMP Overview The Simple Network Management Protocol (SNMP) is

P-202H Plus v2 Support Notes The Internet Management Model is as shown in figure 1. Interactions between the NM

P-202H Plus v2 Support Notes 2. SNMPv1 Operations SNMP itself is a simple request/response protocol. 4 SNMPv1

P-202H Plus v2 Support Notes The SNMPv1 messages contains two part. The first part contains a version and a com

P-202H Plus v2 Support Notes 1. coldStart (defined in RFC-1215) : If the machine coldstarts, the trap will be

P-202H Plus v2 Support Notes • Downloading ZyXEL's private MIB 3. Configure the P-202H Plus v2 for SNMP

P-202H Plus v2 Support Notes Get Community= public Set Community= publ

P-202H Plus v2 Support Notes 2. Configuring NAT 3. Address Mapping Sets and NAT Server Sets • NAT Server S

P-202H Plus v2 Support Notes • NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1.

P-202H Plus v2 Support Notes Overload ILA2<--->IGA2 ILA3<--->IGA1 ILA4<--->IGA2 ... Many-t

P-202H Plus v2 Support Notes Product FAQ 1. How do I collect EPA trace? Moreover, how do I read it? • Enab

P-202H Plus v2 Support Notes Pri Phone #= 1234 Sec Phone #=

P-202H Plus v2 Support Notes default NO to Yes, then press [ENTER] to bring up Menu 11.3-Remote Node Network La

P-202H Plus v2 Support Notes Use the Address Mapping Sets menus and submenus to create the mapping table used t

P-202H Plus v2 Support Notes Idx Local Start IP Local End IP Global Start IP Global End IP Type -

P-202H Plus v2 Support Notes Please note that the fields in this menu are read-only. However, the settings of t

P-202H Plus v2 Support Notes selected rule and then all the rules after the selected one will be advanced one r

P-202H Plus v2 Support Notes Many-to-Many No Overload Server Start This is the starting local IP address (ILA)

P-202H Plus v2 Support Notes Please note that a server can support more than one service, e.g., a server can p

P-202H Plus v2 Support Notes 12. 0 0 0.0.0.0

P-202H Plus v2 Support Notes Menu 4 - Internet Access Setup ISP&ap

P-202H Plus v2 Support Notes  Call Transfer  Call Forwarding  Reminder Ring  Terminal Portability(Su

P-202H Plus v2 Support Notes 2. Internet Access with an Internal Server In this case, we do exactly as above (

P-202H Plus v2 Support Notes 3. Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to

P-202H Plus v2 Support Notes My Login= ChangeMe My Password= ********

P-202H Plus v2 Support Notes Rule 2 Setup: Selecting One-to-One type to map the FTP Server 2 with ILA2 (192.16

P-202H Plus v2 Support Notes Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (

P-202H Plus v2 Support Notes Press ESC or RETURN to Exit: Step 3: Now we config

P-202H Plus v2 Support Notes One rule configured for using Many-to-Many No Overload mapping type is shown belo

P-202H Plus v2 Support Notes Start= 192.168.1.10 End = N/A

P-202H Plus v2 Support Notes Global IP: Start= [Enter IGA3]

P-202H Plus v2 Support Notes IPSec VPN 1. Using IPSec VPN What is IPSec? IPSec is a set of IP extensions develo

P-202H Plus v2 Support Notes If you hang up your telephone during a three-way call and the two other callers re

P-202H Plus v2 Support Notes • Avaya VPN • Netopia VPN • III VPN As the figure shown below, the tunnel be

P-202H Plus v2 Support Notes 4. On the CONFIGURE-IKE menu, check Active check box and give a name to this polic

P-202H Plus v2 Support Notes See the screen shot:

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit IKE

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 B Similar to the settings for P-202H Plus v2 A, P-202

P-202H Plus v2 Support Notes 12. Select Encryption Algorithm to DES and Authentication Algorithm to MD5, as we

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit IKE

P-202H Plus v2 Support Notes 3. Troubleshooting Q: How do we know the above tunnel works? A: If the connect

P-202H Plus v2 Support Notes 2 3 4 5 6 7 8 9 10 Select Command= Refresh

P-202H Plus v2 Support Notes 4. View Log To view the log for IPSec and IKE connections, please enter menu 27.3,

P-202H Plus v2 Support Notes Unconditional) *22*forward-number# Active CFNR (Call Forwarding No Reply#20# Deac

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. PC 1 P-202H Plus v

P-202H Plus v2 Support Notes Remote Party Identity and Addressing settings: 4. In ID Type option, please choo

P-202H Plus v2 Support Notes The detailed configuration is shown in the following figure. Pre-Share Key Setti

P-202H Plus v2 Support Notes Security Policy Settings:

P-202H Plus v2 Support Notes 9. Click Security Policy option to choose Main Mode as Phase 1 Negotiation Mode 1

P-202H Plus v2 Support Notes v2.

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 VPN 1. Using a web browser, login P-202H Plus v2 by giv

P-202H Plus v2 Support Notes Figure 8: See the VPN rule screen shot

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit I

P-202H Plus v2 Support Notes Please note that any configuration in 'IKE Setup' should match the setti

P-202H Plus v2 Support Notes calling party number or not when the switch sends the SETUP message to the called

P-202H Plus v2 Support Notes • Avaya VPN • Netopia VPN • III VPN As the figure shown below, the tunnel be

P-202H Plus v2 Support Notes 2. Click Advanced, and click VPN tab on the left. 3. On the SUMMARY menu, Select

P-202H Plus v2 Support Notes See the screen shot: If you use SMT management, the VPN configurations are as sh

P-202H Plus v2 Support Notes 1. Edit IKE settings by selecting 'Edit IKE Setup' option in menu27.1.1

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 B Similar to the settings for P-202H Plus v2 A, P-202H P

P-202H Plus v2 Support Notes 12. Select Encryption Algorithm to DES and Authentication Algorithm to MD5, as we

P-202H Plus v2 Support Notes 1. Edit IKE settings by selecting 'Edit IKE Setup' option in menu 27.1.

P-202H Plus v2 Support Notes 3. Troubleshooting Q: How do we know the above tunnel works? A: If the connecti

P-202H Plus v2 Support Notes DES-SHA1 2 3 4 5 6 7 8 9 10 Select Command=

P-202H Plus v2 Support Notes 4. View Log To view the log for IPSec and IKE connections, please enter menu 27.3

P-202H Plus v2 Support Notes Firewall FAQ General 1. What is a network firewall? A firewall is a system or gr

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. PC 1 P-202H Plus v2

P-202H Plus v2 Support Notes 12. Select Encryption Algorithm to DES and Authentication Algorithm to MD5, as we

P-202H Plus v2 Support Notes in section 2.1. If you prefer to use commands from console, please go to section 2

P-202H Plus v2 Support Notes See the screen shot: 5. Layout your network topology in the Network Diagram as

P-202H Plus v2 Support Notes See the screen shot: 6. Connect the network components by Ethernet from the

P-202H Plus v2 Support Notes See the screen shot: 7. Select VPN from Connections window. During this stage

P-202H Plus v2 Support Notes See the screen shot: 8. Select VPN, then click the right button of the mouse, and

P-202H Plus v2 Support Notes See the screen shot: 9. Choose the Cisco router, and click Deliver to save the s

P-202H Plus v2 Support Notes See the screen shot: 10. Enter Cisco commands mode from console and check if Ci

P-202H Plus v2 Support Notes ! version 12.2 no parser cache no service single-slot-reload-enable service timest

P-202H Plus v2 Support Notes Inspection firewalls generally provides the best speed and transparency, however,

P-202H Plus v2 Support Notes crypto map cm-cryptomap 1 ipsec-isakmp set peer 172.21.10.50 set transform-set c

P-202H Plus v2 Support Notes ! no scheduler allocate end After all of the settings, if PC1 and PC2 can reach ea

P-202H Plus v2 Support Notes 1. Setup P-202H Plus v2 1. Login P-202H Plus v2 by giving the LAN IP address of

P-202H Plus v2 Support Notes See the screen shot: 2. Setup SonicWALL 1. Login SonicWALL by giving the LAN I

P-202H Plus v2 Support Notes 6. In DNS Settings, enter the DNS IP. 7. Click Update to save the settings to Son

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes P-202H Plus v2 to WatchGuard Tunneling This page guides us to setup a VPN connect

P-202H Plus v2 Support Notes 5. Select IPSec Keying Mode to IKE and Negotiation Mode to Main. 6. Source IP Ad

P-202H Plus v2 Support Notes See the screen shot: 2. Setup WatchGuard 1. In the QuickSetup Wizard, select Co

P-202H Plus v2 Support Notes 6. Select Use Serial Cable to Assign IP Address and Serial Port of your computer t

P-202H Plus v2 Support Notes 3. Brute-force attacks that flood a network with useless data such as Smurf attac

P-202H Plus v2 Support Notes 12. Select isakmp (dynamic) (IKE in P-202H Plus v2) as Key Negotiation Type and e

P-202H Plus v2 Support Notes 17. Enable the Key expiration. Then click OK twice. (ESP, MD5-HMAC, DES-CBC) 1

P-202H Plus v2 Support Notes 20. Select 'Save to Firebox' and enter the write pass phrase for your W

P-202H Plus v2 Support Notes WAN: 202.132.154.1 WAN: 168.10.10.66Note: The following configurations are suppo

P-202H Plus v2 Support Notes See the screen shot: If you use SMT management, the VPN configurations are as sh

P-202H Plus v2 Support Notes 1. Edit IKE settings by selecting Edit IKE Setup option in menu27.1.1 to Yes and

P-202H Plus v2 Support Notes for data transmission. 2. Setup NETSCREEN For VPN 1. Configure NETSCREEN by u

P-202H Plus v2 Support Notes 3. Click OK to save it. 4. Click New Address to add the remote secure host (192

P-202H Plus v2 Support Notes 5. Click OK to save it. Create Outgoing & Incoming VPN Policy: 1. Click Po

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes FAQ...

P-202H Plus v2 Support Notes hosts, this will create a large amount of ICMP echo request packet, the resulting

P-202H Plus v2 Support Notes 9. Click New Policy to configure the incoming VPN policy. 10. Give a name to the

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes Create Phase 1 Proposal: Note that all phase 1 and phase 2 settings in NETSCREEN m

P-202H Plus v2 Support Notes screenshot. Create VPN Gateway: 1. Click VPN menu and click Gateway tab. 2. Cli

P-202H Plus v2 Support Notes 7. Enter 12345678 as the Preshared Key and click OK to save. See the screenshot.

P-202H Plus v2 Support Notes 13. Enter 12345678 as the Preshared Key and click OK to save. See the screenshot.

P-202H Plus v2 Support Notes 5. Click VPN menu and click AutoKey IKE tab. 6. Click New AutoKey IKE Entry to

P-202H Plus v2 Support Notes 9. After all above settings have been finished, you can start to access the remo

P-202H Plus v2 Support Notes You can also see the current active user from the Active Log by clicking Log men

P-202H Plus v2 Support Notes Checkpoint VPN to P-202H Plus v2 Tunneling This page guides us to setup a VPN conn

P-202H Plus v2 Support Notes The above figure indicates the "triangle route" topology. It works fine

P-202H Plus v2 Support Notes Edit LAN segment of P-202H Plus v210. In this example, we setup P-202H Plus v210

P-202H Plus v2 Support Notes In SMT menu 27, create a VPN rule like following.

P-202H Plus v2 Support Notes 2. Setup Checkpoint VPN Creating Network objects. Click on New/Network, def

P-202H Plus v2 Support Notes Define the LAN segment of Checkpoint. Select Location as Internal. If there are

P-202H Plus v2 Support Notes Creating VPN Objects Define P-202H Plus v2 box as a tunnel end point. (Name: S

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes Define checkpoint box as a tunnel endpoint. Select VPN tab to define the protect

P-202H Plus v2 Support Notes Edit pre-shared key by selecting Pre-Shared Secret in Authentication Method. Choo

P-202H Plus v2 Support Notes Double click on the "encrypt" action to edit the encryption properties.

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. PC 1 P-202H Plus v

P-202H Plus v2 Support Notes (B) Deploying your second gateway on WAN side. (C) To resolve this conflict, we

P-202H Plus v2 Support Notes 3. In the Add/Remove Snap-In dialog box, click Add.

P-202H Plus v2 Support Notes 4. In the Add Standalone Snap-in dialog box, click Computer Management, and then c

P-202H Plus v2 Support Notes 6. In the Add Standalone Snap-in dialog box, click Group Policy, and then click Ad

P-202H Plus v2 Support Notes 8. In the Add Standalone Snap-in dialog box, click Certifications, and then click

P-202H Plus v2 Support Notes 10. Verify that Local Computer (default setting) is selected, and click Finish.

P-202H Plus v2 Support Notes 12. Click OK to close the Add/Remove Snap-in dialog box. - Create IPSec Policy

P-202H Plus v2 Support Notes 2. Right click IP Security Policies on Local Machine, and then click Create IP Se

P-202H Plus v2 Support Notes 4. Uncheck Active the default response rule check box, and click Next.

P-202H Plus v2 Support Notes 5. Keep the Edit properties check box selected and click Finish. 5. A dialog wi

P-202H Plus v2 Support Notes Note: The IPSec policy is created with default IKE main mode (phase 1) on the Gene

P-202H Plus v2 Support Notes 2. How do I prevent others from configuring my firewall? There are several ways t

P-202H Plus v2 Support Notes 2. On the IP Filter List tab, click Add.

P-202H Plus v2 Support Notes 3. Type a name for the filter list (e.g., WIN2K to P-202H Plus v2), uncheck Use

P-202H Plus v2 Support Notes 4. In the Source address, choose A specific IP Address, and enter the IP address

P-202H Plus v2 Support Notes 5. In the Destination address, choose A specific IP Address, and enter the IP addr

P-202H Plus v2 Support Notes 7. On the Protocol tab, leave the protocol type to Any, because IPSec tunnels do n

P-202H Plus v2 Support Notes 9. Click OK and Close to close the windows. - Build a Filter List from PC 2 to P

P-202H Plus v2 Support Notes 2. Type a name for the filter list (e.g., P-202H Plus v2 to WIN2K), uncheck Use A

P-202H Plus v2 Support Notes 4. In the Destination address, choose A specific IP Address, and enter the IP addr

P-202H Plus v2 Support Notes 6. On the Protocol tab, leave the protocol type to Any, because IPSec tunnels do

P-202H Plus v2 Support Notes 7. On the Description tab, you can give a name for this filter list. The filter na

P-202H Plus v2 Support Notes firewall off (Menu 21.2) or create a firewall rule to allow FTP connection from WA

P-202H Plus v2 Support Notes - Configure a Rule for PC 1 to PC 2 tunnel 1. Select the first filter list you c

P-202H Plus v2 Support Notes 3. Click Connection Type tab, click All network connections (or click LAN connecti

P-202H Plus v2 Support Notes 5. Leave Negotiate security as checked, and uncheck Accept unsecured communication

P-202H Plus v2 Support Notes 7. Click OK. On the General tab, give a name to the filter action. For example, W

P-202H Plus v2 Support Notes 8. Select the filter action you just created. 9. On the Authentication Methods t

P-202H Plus v2 Support Notes 10. Click OK. See the finished screen shot.

P-202H Plus v2 Support Notes - Configure a Rule for PC 2 to PC 1 tunnel 1. In the IPSec policy properties, cl

P-202H Plus v2 Support Notes 3. Click Tunnel Setting tab, enter the remote endpoint. For this filter list, the

P-202H Plus v2 Support Notes 5. Click Filter Action tab, select the filter action you created. 6. On the Authe

P-202H Plus v2 Support Notes 7. Click Close. 8. Enable both rules you created in the policy properties and cl

P-202H Plus v2 Support Notes The log supports up to 128 entries. There are 2 rows and 5 columns for each entry.

P-202H Plus v2 Support Notes - Assign Your New IPSec Policy to Your Windows 2000 1. In the IP Security Policie

P-202H Plus v2 Support Notes For more information about configure WIN2K IPSec, please refer to the following we

P-202H Plus v2 Support Notes Figure 8: See the VPN rule screen shot If you use SMT management, the VPN config

P-202H Plus v2 Support Notes Active= Yes My IP Addr= 172.21.1.252 Secure Gateway

P-202H Plus v2 Support Notes Perfect Forward Secrecy (PFS)= None Pre

P-202H Plus v2 Support Notes Remote Party Identity and Addressing settings: 4. In ID Type option, please choo

P-202H Plus v2 Support Notes The detailed configuration is shown in the following figure. Pre-Share Key Setti

P-202H Plus v2 Support Notes Security Policy Settings:

P-202H Plus v2 Support Notes 9. Click Security Policy option to choose Main Mode as Phase 1 Negotiation Mode 1

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes 6. What is the difference between the log and alert? A log entry is just added to

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 VPN 1. Using a web browser, login P-202H Plus v2 by giv

P-202H Plus v2 Support Notes Figure 8: See the VPN rule screen shot

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit IKE

P-202H Plus v2 Support Notes Please note that any configuration in 'IKE Setup' should match the setti

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. LAN 1 FreeS/WAN Lin

P-202H Plus v2 Support Notes leftsubnet=192.168.10.0/24 leftnexthop=65.170.185.65 right

P-202H Plus v2 Support Notes You can click Advanced button to check IPSec Phase 1 and Phase 2 parameters. Plea

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit IKE

P-202H Plus v2 Support Notes SSH Sentinel to P-202H Plus v2 Tunneling Sentinel (Static IP) to P-202H Plus v2(

P-202H Plus v2 Support Notes IPSec Related FAQ IPSec FAQ VPN Overview 1. What is VPN? A VPN gives users a secu

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. PC 1 P-202H Plus v

P-202H Plus v2 Support Notes 3. Select Create a preshared key, and press Next.

P-202H Plus v2 Support Notes 4. Give this preshared key a name, P-202H Plus v2. And then enter the preshared

P-202H Plus v2 Support Notes 5. Press Apply in Main menu to save the above settings for latter use.

P-202H Plus v2 Support Notes 6. Switch to Security Policy tab. Choose VPN connections, and then press Add...

P-202H Plus v2 Support Notes 7. Add VPN Connection window will pop out. Press IP button besides Gateway Name

P-202H Plus v2 Support Notes 9. Network Editor Window will pop out. Press New button, and Enter P-202H Plus v

P-202H Plus v2 Support Notes 11. In SSH Sentinel Policy Editor, you will get a new VPN connection, 172.21.1.2

P-202H Plus v2 Support Notes 13. Tune IKE proposal to Encryption algorithm as DES, Integrity function as MD5,

P-202H Plus v2 Support Notes 14. Press Apply to save all of the settings.

P-202H Plus v2 Support Notes 3. What are most common VPN protocols? There are currently three major tunneling p

P-202H Plus v2 Support Notes 15. Initiate VPN connection from Sentinel by selecting your VPN connection from S

P-202H Plus v2 Support Notes NOTE: Please check your P-202H Plus v2's release note, if your current firm

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 VPN 1. Using a web browser, login P-202H Plus v2 by gi

P-202H Plus v2 Support Notes See the VPN rule screen shot Set IKE Phase 1 and Phase 2 parameters.

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit IKE

P-202H Plus v2 Support Notes Please note that any configuration in 'IKE Setup' should match the setti

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. PC 1 P-202H Plus v

P-202H Plus v2 Support Notes 3. Select Create a preshared key, and press Next.

P-202H Plus v2 Support Notes 4. Give this preshared key a name, P-202H Plus v2. And then enter the preshared

P-202H Plus v2 Support Notes for security gateway to provide IPSec service for other machines lacking of IPSec

P-202H Plus v2 Support Notes 5. Press Apply in Main menu to save the above settings for latter use.

P-202H Plus v2 Support Notes 6. Switch to Security Policy tab. Choose VPN connections, and then press Add...

P-202H Plus v2 Support Notes 7. Add VPN Connection window will pop out. Press IP button besides Gateway Name

P-202H Plus v2 Support Notes 9. Network Editor Window will pop out. Press New button, and Enter P-202H Plus v

P-202H Plus v2 Support Notes 11. In SSH Sentinel Policy Editor, you will get a new VPN connection, 172.21.1.2

P-202H Plus v2 Support Notes 13. Tune IKE proposal to Encryption algorithm as DES, Integrity function as MD5,

P-202H Plus v2 Support Notes 14. Press Apply to save all of the settings.

P-202H Plus v2 Support Notes 15. Initiate VPN connection from Sentinel by selecting your VPN connection from S

P-202H Plus v2 Support Notes NOTE: Please check your P-202H Plus v2's release note, if your current firm

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 VPN 1. Using a web browser, login P-202H Plus v2 by gi

P-202H Plus v2 Support Notes 15. What are CLIP and CLIR in Advanced Setup of Menu 2 (European firmware)?...

P-202H Plus v2 Support Notes IKE is more secure than manual key, because IKE negotiation can generate new keys

P-202H Plus v2 Support Notes See the VPN rule screen shot Set IKE Phase 1 and Phase 2 parameters.

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit I

P-202H Plus v2 Support Notes Please note that any configuration in 'IKE Setup' should match the setti

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. PC 1 NAT Router P-

P-202H Plus v2 Support Notes 3. Select Create a preshared key, and press Next.

P-202H Plus v2 Support Notes 4. Give this preshared key a name, P-202H Plus v2. And then enter the preshared

P-202H Plus v2 Support Notes 5. Press Apply in Main menu to save the above settings for latter use.

P-202H Plus v2 Support Notes 6. Switch to Security Policy tab. Choose VPN connections, and then press Add...

P-202H Plus v2 Support Notes 7. Add VPN Connection window will pop out. Press IP button besides Gateway Name

P-202H Plus v2 Support Notes First of all, both P-202H Plus v2 must have VPN capabilities. Please check the fir

P-202H Plus v2 Support Notes 9. Network Editor Window will pop out. Press New button, and Enter P-202H Plus v

P-202H Plus v2 Support Notes 11. In SSH Sentinel Policy Editor, you will get a new VPN connection, 172.21.1.2

P-202H Plus v2 Support Notes 13. Tune IKE proposal to Encryption algorithm as DES, Integrity function as MD5,

P-202H Plus v2 Support Notes 14. Press Apply to save all of the settings.

P-202H Plus v2 Support Notes 15. Initiate VPN connection from Sentinel by selecting your VPN connection from S

P-202H Plus v2 Support Notes NOTE: Please check your P-202H Plus v2's release note, if your current firm

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 VPN 1. Using a web browser, login P-202H Plus v2 by gi

P-202H Plus v2 Support Notes See the VPN rule screen shot Set IKE Phase 1 and Phase 2 parameters.

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit

P-202H Plus v2 Support Notes • ZyXEL P-202H Plus v2 • Avaya VPN • Netopia VPN • III VPN 9. What VPN sof

P-202H Plus v2 Support Notes Please note that any configuration in 'IKE Setup' should match the setti

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. PC 1 P-202H Plus v

P-202H Plus v2 Support Notes See the VPN rule screen shot Set IKE Phase 1 and Phase 2 parameters.

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below. 1. Edit I

P-202H Plus v2 Support Notes Please note that any configuration in 'IKE Setup' should match the setti

P-202H Plus v2 Support Notes 2. Choose Key Management. Select My Keys, then press Add... button.

P-202H Plus v2 Support Notes 3. Select Create a preshared key, and press Next.

P-202H Plus v2 Support Notes 4. Give this preshared key a name, P-202H Plus v2. And then enter the preshared

P-202H Plus v2 Support Notes 5. Press Apply in Main menu to save the above settings for latter use.

P-202H Plus v2 Support Notes NAT*NAT in Transport mode None * The NAT router must support IPSec pass through.

P-202H Plus v2 Support Notes 6. Switch to Security Policy tab. Choose VPN connections, and then press Add...

P-202H Plus v2 Support Notes 7. Add VPN Connection window will pop out. Enter P-202H Plus v2.dyndns.org in Ga

P-202H Plus v2 Support Notes 10. Choose P-202H Plus v2 as Authentication Key. Then click OK to save. 11. In

P-202H Plus v2 Support Notes 12. Choose Settings button in Remote endpoint section. Please uncheck the boxes

P-202H Plus v2 Support Notes 13. Tune IKE proposal to Encryption algorithm as DES, Integrity function as MD5,

P-202H Plus v2 Support Notes 14. Press Apply to save all of the settings.

P-202H Plus v2 Support Notes 15. Initiate VPN connection from Sentinel by selecting your VPN connection from S

P-202H Plus v2 Support Notes NOTE: Please check your P-202H Plus v2's release note, if your current firm

P-202H Plus v2 Support Notes Intel VPN client to P-202H Plus v2 Tunneling This page guides us to setup a VPN co

P-202H Plus v2 Support Notes 2. Give this Tunnel a name, P-202H Plus v2, for example. Specify VPN Gateway IP

P-202H Plus v2 Support Notes 1. What is SSH Sentinel VPN client? Developed by SSH (http://www.ssh.com) Sentinel

P-202H Plus v2 Support Notes 3. Select Security Associations tab. Press Add... to edit the IP address of remot

P-202H Plus v2 Support Notes 4. Select Shared Secret as Authentication Method, and Enter the pre-shared key: 1

P-202H Plus v2 Support Notes 5. Specify phase SA life time you would like to have, 60 minutes for example. En

P-202H Plus v2 Support Notes 2. Setup P-202H Plus v2 VPN 1. Using a web browser, login P-202H Plus v2 by gi

P-202H Plus v2 Support Notes 12. Select Encryption Algorithm to DES and Authentication Algorithm to MD5, as we

P-202H Plus v2 Support Notes If you use SMT management, the VPN configurations are as shown below.

P-202H Plus v2 Support Notes IP Addr Start= 172.21.1.232 End= N/A Port S

P-202H Plus v2 Support Notes Some tips for this application: Generally, without IPSec, to configure an internal

P-202H Plus v2 Support Notes The IP addresses we use in this example are as shown below. Branch_A Headquarter

P-202H Plus v2 Support Notes 6. In Local section, select Address Type to Range Address, set IP Address Start to

P-202H Plus v2 Support Notes 7. Does Sentinel support IP range? No, only subnet/single is supported. So when

P-202H Plus v2 Support Notes You can setup IKE phase 1 and phase 2 parameters by pressing Advanced button. Ple

P-202H Plus v2 Support Notes 2. Setup VPN in branch office B Be very careful about the remote IP address in b

P-202H Plus v2 Support Notes You can setup IKE phase 1 and phase 2 parameters by pressing Advanced button. Ple

P-202H Plus v2 Support Notes 2. The second rule in Branch_B This rule is for branch office B to access branc

P-202H Plus v2 Support Notes You can setup IKE phase 1 and phase 2 parameters by pressing Advanced button. Ple

P-202H Plus v2 Support Notes 3. Setup VPN in Headquarter 1. The correspondent rule for Branch_A in headq

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes 2. The correspondent rule for Branch_B_1 in headquarter

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes 2. The correspondent rule for Branch_B_2 in headquarter

P-202H Plus v2 Support Notes General Application Notes 1. Internet AccessA typical Internet access application

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes

P-202H Plus v2 Support Notes Support Tool 1. Using ZyXEL ISDN D Channel Analyzer, EPA Introduction An ISDN cal

P-202H Plus v2 Support Notes P-202H Plus v2> isdn fw ana on P-202H Plus v2> dev dial 1 Start dialing fo

P-202H Plus v2 Support Notes 2 00000010 IE length : 2 bytes 3 1------- Extension bit

P-202H Plus v2 Support Notes ------01 Info. Ch. Selection : B1 channel 00:00:03:29 4 bytes LAPD

P-202H Plus v2 Support Notes Dest-> CallRef=1 PD=Q.931 RELEASE 1 00001000 INFORMATIO

P-202H Plus v2 Support Notes • Manually dial to remote node N P-202H Plus v2>dev dial N (N is th

P-202H Plus v2 Support Notes 89 258470 PP08 CALL CONNECT speed<64000> type<2> chan<0>

P-202H Plus v2 Support Notes 0000: ff 03 c0 21 08 11 00 10 80 fd 01 01 00 0a 11 06 0010: 00 01 01 03 109

P-202H Plus v2 Support Notes • In the Control Panel/Network window, click the TCP/IP entry to select it and cl

P-202H Plus v2 Support Notes 3. LAN/WAN Packet Trace The P-202H Plus v2 records packet trace and analyzes pack

P-202H Plus v2 Support Notes Online Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet 1.1 D

P-202H Plus v2 Support Notes IP Version = 4 Header Length = 20 Type of S

P-202H Plus v2 Support Notes Idetification = 0x57F3 (22515) Flags = 0x02

P-202H Plus v2 Support Notes Protocol = 0x06 (TCP) Header Checksum = 0x3C79 (

P-202H Plus v2 Support Notes 1 902.120 BRI0-T[0023] LCP (ID=0x06) Configure-Request (1,5,8,13) 2

P-202H Plus v2 Support Notes 0020: 00 00 00 00 70 02 20 00-9A 63 00 00 02 04 05 B4 ...p. ..c... 0030:

P-202H Plus v2 Support Notes Offline Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet 1.1

P-202H Plus v2 Support Notes Network Type = 0x0800 (TCP/IP) IP Header: IP Version

P-202H Plus v2 Support Notes 1.6 Display the trace briefly by entering: sys trcp brief 1.7 Display specific pa

P-202H Plus v2 Support Notes Example: Key Settings: • Pri Phone#= is the phone number your P-202H Plus v2 h

P-202H Plus v2 Support Notes Sequence Number = 0x000D088D (854157) Ack Number =

P-202H Plus v2 Support Notes Urgent Ptr = 0x0000 (0) Options =

P-202H Plus v2 Support Notes The 192.168.1.1 is the IP address of the P-202H Plus v2. The local file is the sou

P-202H Plus v2 Support Notes Before you begin: 1. TELNET to your P-202H Plus v2 first before using TFTP comma

P-202H Plus v2 Support Notes P-202H Plus v2 Main Menu Getting Started

P-202H Plus v2 Support Notes 5. Using FTP to Upload Firmware and Configuration Files In addition to upload the

P-202H Plus v2 Support Notes The P-202H Plus v2 reboots automatically after the uploading is finished. 2. Us

P-202H Plus v2 Support Notes 2. Press 'OK' to ignore the 'Username' prompt. 3. To upload t

P-202H Plus v2 Support Notes CI Command List CI has the following command syntax: command <iface | device &

P-202H Plus v2 Support Notes Troubleshooting 1. Internet Connection Related SMT screens and CI commands: - S

P-202H Plus v2 Support Notes Configure a PPTP server behind SUA • Introduction PPTP is a tunneling protocol

P-202H Plus v2 Support Notes Internet connection verification steps: • Setup Menu 4 for Internet Access. •

P-202H Plus v2 Support Notes Dialing chan<1> phone(last 9-digit): 40202 ### Hit any key to continue.###

P-202H Plus v2 Support Notes CHAP login to remote OK! IPCP negotiation started IPCP opened Recv'd TERM-

P-202H Plus v2 Support Notes CHAP send response CHAP login to remote OK! IPCP negotiation started BACP stopp

P-202H Plus v2 Support Notes Lcp negotiation failed - trace PPP packets Ipcp negotiation failed - check if I

P-202H Plus v2 Support Notes Zyxel> dev dial 1 ### Hit any key to continue.### (hit any key) Dial Fail **

P-202H Plus v2 Support Notes ***startDialing failed ### Hit any key to continue.### • ZyNOS: Zyxel> dev

P-202H Plus v2 Support Notes - PPP negotiation failed 306Z> isdn dial 1 or dev dial 1 Start dialing for

P-202H Plus v2 Support Notes 0000: ff 03 c0 21 01 12 00 24 01 04 05 f4 02 06 00 00 0010: 00 00 08 02 0d 03

P-202H Plus v2 Support Notes 0010: 00 2d 0f 01 03 06 cc f7 cb b7 126 fe4066 0 PNET ebp=4ad30,seqNum=28

P-202H Plus v2 Support Notes 2. Why do I need VPN?...

P-202H Plus v2 Support Notes The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it nee

P-202H Plus v2 Support Notes BACP negotiation started IPCP up LCP closed IPCP closed Recv'd TERM-ACK s

P-202H Plus v2 Support Notes Cannot callback to a Dial-in User The P-202H Plus v2 only supports Microsoft&apos

P-202H Plus v2 Support Notes < Example > 1. Clear the error counter and display it to verify all counter

P-202H Plus v2 Support Notes p2864> ip route errcnt disp last route error code = a <--an hex value inde

P-202H Plus v2 Support Notes IpxMatch 0 IpxDefaultMatch 0 IpxDefaultNotMatch 0

P-202H Plus v2 Support Notes b. Enter CI command 'sys stdio 0' in menu 24.8 to disable console idle

P-202H Plus v2 Support Notes Reference 1. ISDN Disconnection Cause This source of this ISDN cause is from ETS

P-202H Plus v2 Support Notes 42 Switching equipment congestion 43 Access information discarded 44 Request ci

P-202H Plus v2 Support Notes 91 Invalid transit network selection 95 Invalid message, unspecified Protocol

P-202H Plus v2 Support Notes 0003 to 001f reserved (transparency inefficient) 0021

P-202H Plus v2 Support Notes  Set the Internet gateway to the router that is connecting to ISP o P-202H Plu

P-202H Plus v2 Support Notes 0205 DEC LANBridge100 Spanning Tree 0207

P-202H Plus v2 Support Notes 806f Stampede Bridging Control Protocol 8073 MP+

P-202H Plus v2 Support Notes datagrams as Control Protocols (such as LCP). • PPP LCP AND IPCP CODES The P

P-202H Plus v2 Support Notes 3 Authentication-Protocol 4 Quality-Protocol 5

P-202H Plus v2 Support Notes 0 OUI [RFC1968] 1 Deprecated (DESE) [Fox]

P-202H Plus v2 Support Notes 3 Length-Field-Present [RFC1963] 4 Multi-

P-202H Plus v2 Support Notes Class Description -----------------------------------------------

P-202H Plus v2 Support Notes • PPP ATCP CONFIGURATION OPTION TYPES The Point-to-Point Protocol (PPP) Apple Ta

P-202H Plus v2 Support Notes The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP) specifies a numb

P-202H Plus v2 Support Notes 4 DEC LANbridge 100 spanning tree protocol • PPP INTERNETWORK

P-202H Plus v2 Support Notes 202H Plus v2 router in SUA mode and enter this IP address in the VPN dial-up dialo

P-202H Plus v2 Support Notes Option is not included in a Configure-Request packet, the default value for that C

P-202H Plus v2 Support Notes 3. Port Numbers The following list contains port numbers for well-known services

P-202H Plus v2 Support Notes hostnames 101/tcp hostname # usually from sri-nic iso-tsap

P-202H Plus v2 Support Notes courier 530/tcp rpc conference 531/tcp chat rvd-control

P-202H Plus v2 Support Notes rscs0 10000/udp queue 10001/tcp rscs1 10001/udp p

P-202H Plus v2 Support Notes 13 ARGUS ARGUS [RWS4] 14 EMC

P-202H Plus v2 Support Notes 57 SKIP SKIP [Markson] 58 IPv

P-202H Plus v2 Support Notes 102 PNNI PNNI over IP [Callon] 103 PIM

P-202H Plus v2 Support Notes -3028 the node is not found -3029 the node is inactive -3030 dial fa

P-202H Plus v2 Support Notes Meaning: call failed, packet is filtered. Solution: clean the filter set and r

P-202H Plus v2 Support Notes If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessi

P-202H Plus v2 Support Notes Meaning: waiting RADIUS authentication. Solution: do nothing, it should be inf

P-202H Plus v2 Support Notes -3035 Message: PINI ERROR netMakeChannDial: err=-3035, rn_p=576de0 Meaning:

P-202H Plus v2 Support Notes -3045 Message: PINI ERROR netMakeChannDial: err=-3045, rn_p=576de0 Meaning:

P-202H Plus v2 Support Notes Meaning: the peer using the different network protocol. (WARN - warning log) Solu

P-202H Plus v2 Support Notes Meaning: 1. Download wrong firmware to the hardware because hardware does not have

P-202H Plus v2 Support Notes Telnet 23 SMTP 25 DNS (Domain Name Server) 53 www-http (Web) 80 Tested SUA Appli

P-202H Plus v2 Support Notes Required Settings in Menu 15 Port/IP Application Outgoing Connection Incoming

P-202H Plus v2 Support Notes pcAnywhere 8.0 None 5631/client IP 5632/client IP 22/client IP 1 Since SUA enable

P-202H Plus v2 Support Notes 3. LAN to LAN IP Connection • Introduction This configuration note explains h

P-202H Plus v2 Support Notes o IP Address-the IP address assigned to the workstation itself o Subnet Mask-t

P-202H Plus v2 Support Notes Version= RIP-2B Edit IP Alias= No

P-202H Plus v2 Support Notes 12. How can I verify if the VPN connection is up in Sentinel?... 35

P-202H Plus v2 Support Notes Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP

P-202H Plus v2 Support Notes Key Settings: o Select the 'Active' field to 'Yes' o Selec

P-202H Plus v2 Support Notes • Configuration • If the Cisco router requests PAP, you have to configure more

P-202H Plus v2 Support Notes Menu 11.1 - Remote Node Profile Rem Node Name= LAN2

P-202H Plus v2 Support Notes perform any TCP/IP applications (e.g., FTP, Telnet, etc.). There will be two items

P-202H Plus v2 Support Notes o Default Dial-in Setup in SMT menu 13 o Edit Dial-in User in SMT menu 14 1. E

P-202H Plus v2 Support Notes Allocated Budget(min)= 0 Period(hr)= 0

P-202H Plus v2 Support Notes • The User Name and Password fields should be set to the login username and passw

P-202H Plus v2 Support Notes 1. LAN device and protocol input filter sets. 2. WAN protocol call and output f

P-202H Plus v2 Support Notes Filter #: 1,1 Filter Type= Generic Filter

P-202H Plus v2 Support Notes FAQ ZyNOS FAQ 1. What is ZyNOS? ZyNOS is ZyXEL's proprietary Network Oper

P-202H Plus v2 Support Notes Menu 3.1: Menu 3.1 - General Ethernet Setup

P-202H Plus v2 Support Notes Menu 11.5 - Remote Node Filter Inpu

P-202H Plus v2 Support Notes Menu 13.1 - Default Dial-in Filter In

P-202H Plus v2 Support Notes We list the header of the IP, UDP and TCP in order to make you know more about the

P-202H Plus v2 Support Notes Data (if any) Based on the above headers, we can then interpret the LAN Packet Wh

P-202H Plus v2 Support Notes Filter Examples Filter example A filter for blocking the FTP connections from WAN

P-202H Plus v2 Support Notes Menu 21 - Filter Set Configuration Filter

P-202H Plus v2 Support Notes Action Not Matched= Check Next Rule Press

P-202H Plus v2 Support Notes • Choose the remote node number where you want to block the inbound FTP connectio

P-202H Plus v2 Support Notes A filter for blocking the web connections from LAN • Introduction If you want to

P-202H Plus v2 Support Notes The procedure for uploading via console is as follows. a. Enter debug mode when

P-202H Plus v2 Support Notes ------ ----------------- ------ ----------------- 1

P-202H Plus v2 Support Notes • Rule 2 for (b).DNS request, TCP(06)/Port number 53

P-202H Plus v2 Support Notes Port #= Port #

P-202H Plus v2 Support Notes My Password= ******** Session Options: Authen= CHAP/PA

P-202H Plus v2 Support Notes 2 8 _______________ 3

P-202H Plus v2 Support Notes • IP Mask...here the IP mask is used to mask the bits of t

P-202H Plus v2 Support Notes device filters= Call Filter Sets:

P-202H Plus v2 Support Notes Now a client on the LAN is trying to ping P-202H Plus v2……… ras> sys trcp sw o

P-202H Plus v2 Support Notes - Checksum: 0x455C - Identifier: 768 - Sequence Number: 1280 -

P-202H Plus v2 Support Notes • Mask (in hexadecimal): Specify the value that the P-202H Plus v2 will logically

P-202H Plus v2 Support Notes b. To backup the SMT configurations, use TFTP client program to get file 'ro

P-202H Plus v2 Support Notes protocol filters= device filters=

P-202H Plus v2 Support Notes 1 NetBIOS_WAN 7 _______________ 2

P-202H Plus v2 Support Notes Menu 21.1.2 - TCP/IP Filter Rule Fi

P-202H Plus v2 Support Notes Action Not Matched= Check Next Rule Press

P-202H Plus v2 Support Notes Source: IP Addr= 0.0.0.0

P-202H Plus v2 Support Notes Menu 21.2 - Filter Rules Summary # A Type Filt

P-202H Plus v2 Support Notes protocol filters= device filters

P-202H Plus v2 Support Notes Menu 21.2.2 - TCP/IP Filter Rule Fi

P-202H Plus v2 Support Notes protocol filters= 2 device filter

P-202H Plus v2 Support Notes 2. Edit the file /etc/syslog.conf by adding the following line at the end of the /

P-202H Plus v2 Support Notes allows a network to rectify the illegal address problem mentioned above without go

P-202H Plus v2 Support Notes C01 Incoming Call xxxx (means connected speed) xxxxx (means Remote Call ID) L

P-202H Plus v2 Support Notes match (m) drop (D). Src: Source Address Dst: Destination Address prot: Pr

P-202H Plus v2 Support Notes sdcmdSyslogSend( SYSLOG_POTSLOG, SYSLOG_NOTICE, String ); String = Call Connect /

P-202H Plus v2 Support Notes Advance Setup = No B Channel Usage: o Set to Leased/Unused if you are

P-202H Plus v2 Support Notes o Enter the IP address assigned from ISP for P-202H Plus v2, enter '0.0.0.0&

P-202H Plus v2 Support Notes B Channel Usage: o Set to Leased/Unused if you are using one 64K-leased line o

P-202H Plus v2 Support Notes 3. Call Transfer 4. Call Forwarding 5. Reminder Ring 6. Terminal Portability

P-202H Plus v2 Support Notes If you hang up your telephone during a three-way call and the two other callers re

P-202H Plus v2 Support Notes Unconditional) *22*forward-number# Active CFNR (Call Forwarding No Reply#20# Deac

P-202H Plus v2 Support Notes The P-202H Plus v2 202H Plus supports the ISDN Device Control Protocol (ISDN-DCP)