What Vpn Authentication Types Does The Prestige Support; I Am Planning My Prestige-To-Prestige Vpn Configuration. What Do I Need To Know - ZyXEL Communications P-2608HWL-D1 Support Notes

P-2608hwl series

Hide thumbs Also See for P-2608HWL-D1:

Quick start manual (8 pages)

User manual (451 pages)

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

Table of Contents

What VPN authentication types does the Prestige support?

VPN vendors support a number of different authentication methods. Prestige VPN supports both SHA1

and MD5.

AH provides authentication, integrity, and replay protection (but not confidentiality). Its main difference with

ESP is that AH also secures parts of the packet IP header (like the source/destination addresses), but ESP does

not.

ESP provides authentication, integrity, replay protection, and confidentiality of the data (it secures everything in

the packet that follows the header). Replay protection requires authentication and integrity (these two always go

together). Confidentiality (encryption) can be used with or without authentication/integrity. Similarly, one could

use authentication/integrity with or without confidentiality.

I am planning my Prestige-to-Prestige VPN configuration. What do I need to know?

First of all, both Prestiges must have be VPN capable. Check that both are using the V3.50 firmware

version or later.

If the VPN feature is available on the Prestige, click Advanced>VPN in the web configurator to display

the configuration screen.

The following summaries the steps to configure a Prestige-to-Prestige VPN connection.

1. If there is a NAT router running in the front of Prestige, make sure IPSec passthrough is supported

and enabled on the NAT router.

2. If NAT is enabled on the network (either in frond of the remote VPN router, or on the Prestige),

use the IPSec ESP tunneling mode since NAT does not support the AH mode.

3. Source IP/Destination IP—The private IP address ranges of the remote and local networks

cannot overlap. VPN will not work if the VPN destination addresses and the local network IP

addresses are indistinguishable.

4. Secure Gateway IP Address -- This must be a public, routable IP address. A private IP is not

allowed. That means it cannot be in the 10.x.x.x, 192.168.x.x, or 172.16.0.0 - 172.31.255.255

range (these address ranges are reserved by the Internet standard for private LANs behind NAT

devices). It is usually a static IP so that we can pre-configure it on the Prestige for making VPN

connections. If it is a dynamic IP given by your ISP, you can still configure this IP address after

the remote Prestige is online and its WAN IP is available from the ISP.

P-2608HWL Series Support Notes

173

Table of Contents

Troubleshooting

This manual is also suitable for:

P-2608hwl-d3

What Vpn Authentication Types Does The Prestige Support; I Am Planning My Prestige-To-Prestige Vpn Configuration. What Do I Need To Know - ZyXEL Communications P-2608HWL-D1 Support Notes

What VPN authentication types does the Prestige support?

I am planning my Prestige-to-Prestige VPN configuration. What do I need to know?

Troubleshooting

Related Manuals for ZyXEL Communications P-2608HWL-D1

Related Content for ZyXEL Communications P-2608HWL-D1

This manual is also suitable for:

Table of Contents