Page 1 Prestige 202H ISDN Router User’s Guide Version 3.40 August 2003...
Page 2: Copyright
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 3 Prestige 202H User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Information For Canadian Users
Prestige 202H User’s Guide Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction.
Page 5: Zyxel Limited Warranty
Prestige 202H User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon...
Page 6: Customer Support
Prestige 202H User’s Guide When you contact your customer support representative please have the following information ready: Please have the following information ready when you contact customer support. • Product model and serial number. • Information in Menu 24.2.1 – System Information.
Page 7: Table Of Contents
List of Tables ...xxi Preface ...xxv Getting Started ... I Chapter 1 Getting to Know Your Prestige ... 1-1 Introducing the Prestige 202H... 1-1 Features ... 1-1 Internet Access With the Prestige ... 1-4 Chapter 2 Hardware Installation ... 2-1 Front Panel ...
Page 8 Chapter 4 SMT Menu 1 General Setup ...4-1 General Setup Overview ...4-1 Configuring General Setup ...4-1 Dynamic DNS...4-2 Configuring Dynamic DNS ...4-3 Chapter 5 ISDN Setup...5-1 ISDN Setup Overview ...5-1 ISDN Advanced Setup Menus ...5-2 NetCAPI ...5-5 Chapter 6 Ethernet Setup ...6-1 Ethernet Setup...6-1 Ethernet TCP/IP and DHCP Server ...6-2 Configuring TCP/IP Ethernet and DHCP ...6-5...
Page 9 Types of Firewalls... 12-1 12.3 Introduction to ZyXEL’s Firewall... 12-2 12.4 Denial of Service... 12-3 12.5 Stateful Inspection... 12-7 12.6 Guidelines For Enhancing Security With Your Firewall ... 12-11 12.7 Packet Filtering Vs Firewall... 12-12 Table of Contents Prestige 202H User’s Guide...
Page 10 Chapter 13 Introducing the Prestige Firewall...13-1 13.1 Access Methods ...13-1 13.2 Using Prestige SMT Menus ...13-1 Chapter 14 Configuring Firewall with the Web Configurator ...14-1 14.1 Web Configurator Login and Main Menu Screens ...14-1 14.2 Enabling the Firewall...14-3 14.3 E-mail ...14-3 14.4 Attack Alert...14-7 Chapter 15 Creating Custom Rules ...15-1...
Page 11 Command Interpreter Mode ... 22-1 22.2 Call Control Support ... 22-2 22.3 Time and Date ... 22-6 Chapter 23 Call Scheduling ... 23-1 23.1 Call Scheduling Overview ... 23-1 23.2 Configuring Call Scheduling... 23-1 Table of Contents Prestige 202H User’s Guide...
Page 12 23.3 Applying Schedule Sets ...23-3 Chapter 24 Remote Management ...24-1 24.1 Remote Management Overview...24-1 24.2 Telnet ...24-2 24.3 FTP ...24-2 24.4 Web...24-2 24.5 Configuring Remote Management...24-2 Chapter 25 Introduction to VPN/IPSec ...25-1 25.1 VPN Overview...25-1 25.2 IPSec Architecture ...25-3 25.3 Encapsulation...25-5 25.4 IPSec and NAT ...25-6...
Page 13 Problems Connecting to a Remote Node or ISP... C Remote User Dial-in Problems... C Problems With the Password... C Problems With Remote Management...D Appendix B Power Adapter Specifications ... E Index ...G Table of Contents Prestige 202H User’s Guide xiii...
Page 14: List Of Figures
Prestige 202H User’s Guide List of Figures Figure 1-1 Internet Access Application...1-5 Figure 1-2 LAN-to-LAN Connection Application...1-5 Figure 1-3 Remote Access ...1-6 Figure 1-4 Secure Internet Access and VPN Application ...1-7 Figure 2-1 Front Panel ...2-1 Figure 2-2 Rear Panel ...2-2 Figure 3-1 Login Screen ...3-2...
Page 15 Prestige 202H User’s Guide Figure 6-6 Menu 3.2.1 IP Alias Setup ... 6-7 Figure 7-1 Menu 4 Internet Access Setup ... 7-2 Figure 8-1 Menu 11 Remote Node Setup... 8-2 Figure 8-2 Menu 11.1 Remote Node Profile ... 8-2 Figure 8-3 Menu 11.2 Remote Node PPP Options... 8-8 Figure 8-4 TCP/IP LAN-to-LAN Application ...
Page 16 Prestige 202H User’s Guide Figure 11-1 How NAT Works ...11-3 Figure 11-2 NAT Application With IP Alias ...11-4 Figure 11-3 Applying NAT for Internet Access ...11-6 Figure 11-4 Applying NAT to the Remote Node ...11-7 Figure 11-5 Menu 15 NAT Setup...11-8 Figure 11-6 Menu 15.1 Address Mapping Sets...11-8...
Page 17 Prestige 202H User’s Guide Figure 12-5 Stateful Inspection ... 12-8 Figure 13-1 Menu 21 Filter and Firewall Setup ... 13-1 Figure 13-2 Menu 21.2 Firewall Setup ... 13-2 Figure 13-3 Example Firewall Log ... 13-2 Figure 14-1 Site Map Screen... 14-1 Figure 14-2 Firewall Functions...
Page 18 Prestige 202H User’s Guide Figure 18-5 NetBIOS_WAN Filter Rules Summary...18-6 Figure 18-6 NetBIOS _LAN Filter Rules Summary...18-6 Figure 18-7 Telnet WAN Filter Rules Summary...18-7 Figure 18-8 FTP_WAN Filter Rules Summary...18-7 Figure 18-9 Menu 21.1.7.1 TCP/IP Filter Rule...18-10 Figure 18-10 Executing an IP Filter...18-13 Figure 18-11 Menu 21.1.5.1 Generic Filter Rule...18-14...
Page 19 Prestige 202H User’s Guide Figure 21-1 Menu 24.5 System Maintenance – Backup Configuration ... 21-3 Figure 21-2 FTP Session Example... 21-4 Figure 21-3 System Maintenance Backup Configuration ... 21-6 Figure 21-4 System Maintenance: Starting Xmodem Download Screen... 21-7 Figure 21-5 Backup Configuration Example ... 21-7 Figure 21-6 Successful Backup Confirmation Screen...
Page 20 Prestige 202H User’s Guide Figure 22-8 Menu 24: System Maintenance ...22-6 Figure 22-9 Menu 24.10 System Maintenance: Time and Date Setting ...22-7 Figure 23-1 Menu 26 Schedule Setup...23-1 Figure 23-2 Menu 26.1 Schedule Set Setup...23-2 Figure 23-3 Applying Schedule Set(s)...23-4 Figure 24-1 Telnet Configuration on a TCP/IP Network ...24-2...
Page 21 Prestige 202H User’s Guide List of Tables Table 2-1 LED Functions ... 2-1 Table 3-1 Main Menu Commands... 3-2 Table 3-2 Main Menu Summary ... 3-3 Table 4-1 Menu 1 – General Setup... 4-2 Table 4-2 Configure Dynamic DNS Menu Fields... 4-3 Table 5-1 Menu 2 ISDN Setup...
Page 22 Prestige 202H User’s Guide Table 11-3 Applying NAT to the Remote Node ...11-7 Table 11-4 Menu 15.1.255 SUA Address Mapping Rules ...11-9 Table 11-5 Fields in Menu 15.1.1 ...11-10 Table 11-6 Menu 15.1.1.1 Address Mapping Rule ...11-12 Table 11-7 Services & Port Numbers...11-13 Table 12-1 Common IP Ports...12-4...
Page 23 Prestige 202H User’s Guide Table 19-1 Menu 22 SNMP Configuration ... 19-3 Table 19-2 SNMP Traps... 19-4 Table 19-3 Ports and Permanent Virtual Circuits ... 19-4 Table 20-1 Menu 24.1 System Maintenance Status ... 20-2 Table 20-2 Menu 24.2.1 System Maintenance Information ... 20-4 Table 20-3 Menu 24.3.2 System Maintenance Unix Syslog ...
Page 24 Prestige 202H User’s Guide Table 26-11 Telecommuter and Headquarters Configuration Example ...26-23 Table 27-1 Menu 27.2 SA Monitor ...27-2 Table 28-1 Sample IKE Key Exchange Logs ...28-2 Table 28-2 Sample IPSec Logs During Packet Transmission ...28-4 Table 28-3 RFC-2408 ISAKMP Payload Types ...28-4...
Page 25: Preface
This manual is designed to guide you through the configuration of your Prestige for its various applications. This manual may refer to the Prestige 202H ISDN router as the Prestige. You may use the System Management Terminal (SMT), web configurator or command interpreter interface to configure your Prestige.
Page 26 • A single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER] means the Enter, or carriage return, key; [ESC] means the escape key and [SPACE BAR] means the space bar. [UP] and [DOWN] are the up and down arrow keys. •...
Page 27: Getting Started
Getting Started Part I: Getting Started This part is structured as a step-by-step guide to help you connect, install and setup your router to operate on your network and access the Internet.
Page 29: Chapter 1 Getting To Know Your Prestige
The Prestige 202H is a high-performance router that offers a complete Internet Access solution. By integrating NAT, firewall, VPN capability and a four-port switch, the Prestige 202H is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.
Page 30: Call Scheduling
Prestige 202H User’s Guide Auto-negotiating 10/100 Mbps Ethernet LAN The LAN interfaces automatically detect if they are on a 10 or a 100 Mbps Ethernet. Auto-crossover 10/100 Mbps Ethernet LAN The LAN interfaces automatically adjust to either a crossover or straight-through Ethernet cable.
Page 31: Outgoing Data Call Bumping Support
Prestige 202H User’s Guide Outgoing Data Call Bumping Support Call bumping is a feature that allows the router to manage an MP (Multilink Protocol) bundle dynamically, dropping or reconnecting a channel in a bundle when necessary. Previously, the router did this for voice calls only, but now with this new feature, the router can drop a channel in an MP bundle if there is a data packet to another remote node.
Page 32: Internet Access With The Prestige
Prestige 202H User’s Guide PAP and CHAP Security The router supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on more platforms. DHCP (Dynamic Host Configuration Protocol) DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to obtain the TCP/IP configuration at start-up from a centralized DHCP server.
Page 33: Figure 1-1 Internet Access Application
Prestige 202H User’s Guide Figure 1-1 Internet Access Application Internet Single User Account For a SOHO (Small Office/Home Office) environment, your router offers the NAT (Network Address Translation) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single user.
Page 34: Figure 1-3 Remote Access
Prestige 202H User’s Guide 1.3.3 Remote Access Server Your router allows remote users to dial-in and gain access to your LAN. This feature enables individuals that have computers with remote access capabilities to dial in to access the network resources without physically being in the office.
Page 35: Figure 1-4 Secure Internet Access And Vpn Application
Prestige 202H User’s Guide Figure 1-4 Secure Internet Access and VPN Application Getting to Know Your Prestige...
Page 37: Chapter 2 Hardware Installation
B1 (B2) bearer channel. Hardware Installation Hardware Installation This chapter shows you how to make the cable connections to your router. Figure 2-1 Front Panel Table 2-1 LED Functions DESCRIPTION Prestige 202H User’s Guide Chapter 2...
Page 38: Rear Panel And Connections
Prestige 202H User’s Guide Rear Panel and Connections The next figure shows the rear panel connectors of your router. Figure 2-2 Rear Panel This section outlines how to connect your router to the LAN and to the ISDN network. 2.2.1 Connecting the ISDN Line Connect the router to the ISDN network using the included ISDN cable.
Page 39: Turn On Your Router
Prestige 202H User’s Guide Turn On Your Router At this point, you should have connected the console port, the ISDN port, the Ethernet port(s) and the power port to the appropriate devices or lines. You can now turn on the router by pushing the power button in to the on position (in is ON, out is OFF).
Page 41: Chapter 3 Introducing The Smt
This chapter explains how to access the System Management Terminal and gives an overview of Introduction to the SMT The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection. This chapter shows you how to access the SMT (System Management Terminal) menus via console port, how to navigate the SMT and how to configure SMT menus.
Page 42: Navigating The Smt Interface
Please note that if there is no activity for longer than 5 minutes after you log in, the router automatically logs you out and displays a blank screen. If you see a blank screen, press [ENTER] to bring up the login screen again.
Page 43: Figure 3-2 Smt Main Menu
Exit the SMT Type 99, then press [ENTER]. After you enter the password, the SMT displays the Main Menu, as shown. Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Getting Started 1. General Setup 2. ISDN Setup 3. Ethernet Setup 4.
Page 44: Smt Menu Overview
Menu Title Ethernet Setup Internet Access Setup Remote Node Setup Static Routing Setup Default Dial-in Setup Dial-in User Setup NAT Setup Filter Set Configuration SNMP Configuration System Security System Maintenance Schedule Setup VPN /IPSec Setup Exit SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige. Table 3-2 Main Menu Summary Use this menu to apply LAN filters, configure LAN DHCP and TCP/IP settings and configure the wireless LAN port (not available on all models).
Page 45: Changing The System Password
Prestige Main Menu Menu 1 Menu 2 Menu 3 General Setup ISDN Setup Ethernet Setup Menu 2.1 Menu 3.1 ISDN Advanced Setup LAN Port Filter Setup Menu 3.2 TCP/IP and DHCP Setup Menu 3.2.1 IP Alias Setup VPN IPSec Setup Menu 27.1 Menu 27.3 Menu 27.2...
Page 46: Resetting The Prestige
Step 2. Enter 1 in Menu 23 to open Menu 23.1 - System Security - Change Password. When Menu 23.1- System Security-Change Password appears, as shown in the figure below, type in your existing system password, i.e., 1234, and press [ENTER]. Figure 3-4 Menu 23.1 - System Security - Change Password Step 3.
Page 47: Figure 3-5 Resetting The Router
speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to “1234”, also. 3.7.1 Uploading a Configuration File Via Console Port Step 1.
Page 48: Figure 3-6 Example Xmodem Upload
Step 5. Click Transfer, then Send File to display the following screen. Step 6. After successful firmware upload, enter "atgo" to restart the router. Figure 3-6 Example Xmodem Upload Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol.
Page 49: Chapter 4 Smt Menu 1 General Setup
Location= branch Contact Person's Name= JohnDoe SMT Menu 1 General Setup SMT Menu 1 General Setup Menu 1 - General Setup Press ENTER to Confirm or ESC to Cancel: Figure 4-1 Menu 1 General Setup Prestige 202H User’s Guide Chapter 4...
Page 50: Dynamic Dns
Prestige 202H User’s Guide FIELD System Name Choose a descriptive name, up to 30 alphanumeric characters long (no spaces, but dashes “–” and underscores "_" are accepted) for identification purposes. It is recommended you enter your computer’s “Computer name” (see section 4.1.1) in this field. This name can be retrieved remotely via SNMP, used for CHAP authentication, and displayed at the prompt in the Command Mode.
Page 51: Configuring Dynamic Dns
[ESC] at any time to cancel. SMT Menu 1 General Setup Menu 1.1 - Configure Dynamic DNS Press ENTER to confirm or ESC to cancel: Figure 4-2 Configure Dynamic DNS DESCRIPTION Prestige 202H User’s Guide EXAMPLE WWW.DynDNS.ORG (default) mail@mailserver...
Page 53: Chapter 5 Isdn Setup
Press [SPACE BAR] to toggle through all the options. The options are below. ISDN Setup Menu 2 - ISDN Setup = 5551212 Figure 5-1 Menu 2 ISDN Setup Table 5-1 Menu 2 ISDN Setup DESCRIPTION Prestige 202H User’s Guide Chapter 5 ISDN Setup...
Page 54: Isdn Advanced Setup Menus
FIELD ♦ Switch/Unused ♦ Switch/Switch ♦ Switch/Leased ♦ Leased/Switch Telephone Enter the telephone number(s) assigned to your ISDN line by your telephone company. Number(s) Some switch types only have one telephone number. Note that the router only accepts digits; please do not include ‘–’ or spaces in this field. This field should be no longer IDSN Data than 25 digits.
Page 55: Figure 5-2 Router Behind A Pabx
Prestige 202H User’s Guide PABX Number (with S/T Bus Number) for Loopback Enter the S/T bus number if the router is connected to an ISDN PABX. If this field is left as blank then the ISDN loopback test will be skipped.
Page 56: Figure 5-3 Menu 2 Isdn Setup For Dss1
5.2.1 Configuring Advanced Setup Calling Line Indication= Enable PABX Outside Line Prefix= PABX Number (Include S/T Bus Number) for Loopback= Outgoing Calling Party Number: ISDN Data Data Link Connection= point-to-multipoint When you are finished, press [ENTER] at the message: ‘Press ENTER to confirm’, the router uses the information that you entered to initialize the ISDN line.
Page 57: Netcapi
Prestige 202H User’s Guide NetCAPI 5.3.1 Overview Your Prestige supports NetCAPI. NetCAPI is ZyXEL's implementation of CAPI (Common ISDN Application Program Interface) capabilities over a network. It runs over DCP (Device Control Protocol) developed by RVS-COM. NetCAPI can be used for applications such as Eurofile transfer, file transfer, G3/G4 Fax, Autoanswer host mode, telephony, etc.
Page 58: Figure 5-5 Configuration Example
The following figure illustrates the configuration used in this example. RVS-COM lite Before entering any configurations, you must install the CAPI driver (RVS-CE) and communication program such as RVS-COM Lite on your computer. 5.3.3 RVS-COM RVS-COM includes an ISDN CAPI driver with its communication program. RVS-CE (Core Engine) is an ISDN-CAPI 2.0 driver for Windows 95/98/NT that can be used by different ISDN communication programs (such as AVM Fritz or RVS-COM) to access the ISDN on the Prestige.
Page 59: Figure 5-6 Menu 2.2 Netcapi Setup
192.168.1.145 Both 192.168.14.32 Imcoming 192.168.20.12 Outgoing 192.168.30.3 Both 10.255.255.255 Incoming _____________ _______ _____________ _______ _____________ _______ Both Press ENTER to Confirm or ESC to Cancel: Figure 5-6 Menu 2.2 NetCAPI Setup Table 5-2 Configuring NetCAPI DESCRIPTION Prestige 202H User’s Guide...
Page 60 FIELD Max Number of When you want to use NetCAPI to place outgoing calls or to listen to incoming calls, Registered you must start RVSCOM on your computer, and RVSCOM will register itself to the Users Prestige. This option is the maximum number of clients that the Prestige supports at the same time.
Page 61: Chapter 6 Ethernet Setup
Figure 6-1 Menu 3 Ethernet Setup Menu 3.1 - General Ethernet Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: Prestige 202H User’s Guide Chapter 6 Ethernet Setup...
Page 62: Ethernet Tcp/Ip And Dhcp Server
Prestige 202H User’s Guide Ethernet TCP/IP and DHCP Server The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. For remote node TCP/IP configuration, refer to the chapter on Remote Node Configuration.
Page 63: Table 6-1 Private Ip Address Ranges
However, if one router uses multicasting, then all routers on your network must use multicasting also. By default, RIP direction is set to Both and the Version set to RIP-1. Ethernet Setup Table 6-1 Private IP Address Ranges 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 Prestige 202H User’s Guide...
Page 64: Dhcp Configuration
Prestige 202H User’s Guide 6.2.5 DHCP Configuration DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The router has built-in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to Windows®...
Page 65: Configuring Tcp/Ip Ethernet And Dhcp
This field specifies the size, or count of the IP address pool. Pool Ethernet Setup as shown DESCRIPTION Prestige 202H User’s Guide The screen now displays Menu 3.2 – First address in the IP Pool. Size of the IP Pool.
Page 66: Ip Alias
Table 6-2 Menu 3.2 TCP/IP and DHCP Ethernet Setup FIELD Primary DNS Enter the IP addresses of the DNS servers. The DNS servers are passed Server to the DHCP clients along with the IP address and the subnet mask. Secondary DNS Server If Relay is selected in the DHCP field above, then enter the IP address of Remote...
Page 67: Ip Alias Setup
IP Alias 2= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol filters= N/A Press ENTER to Confirm or ESC to Cancel: Figure 6-6 Menu 3.2.1 IP Alias Setup Prestige 202H User’s Guide...
Page 68: Table 6-4 Ip Menu 3.2.1 - Ip Alias Setup
FIELD IP Alias 1 or 2 Choose Yes to configure the LAN network for the router. IP Address Enter the IP address of your router in dotted decimal notation. IP Subnet Your router will automatically calculate the subnet mask based on the IP Mask address that you assign.
Page 69: Chapter 7 Internet Access Setup
From the Main Menu, enter option Internet Access Setup to go to Menu 4 – Internet Access Setup, as shown in the following figure. Internet Access Setup Internet Access Setup Table 7-1 Internet Account Information INTERNET ACCOUNT INFORMATION Prestige 202H User’s Guide Chapter 7...
Page 70: Figure 7-1 Menu 4 Internet Access Setup
Internet Access Setup The table following this menu contains instructions on how to configure your router for Internet access. Menu 4 - Internet Access Setup ISP's Name= ChangeMe Pri Phone #= 1234 Sec Phone #= My Login= ChangeMe My Password= ******** My WAN IP Addr= 0.0.0.0 NAT= SUA Only Address Mapping Set= N/A...
Page 71 ISP to test the Internet connection. If the test fails, note the error message that you receive on the screen and take the appropriate troubleshooting steps. Internet Access Setup Table 7-2 Menu 4 Internet Access Setup DESCRIPTION Prestige 202H User’s Guide...
Page 72: Advanced Applications
Advanced Applications Part II: Advanced Applications This part describes the advanced applications of your Prestige, such as Remote Node Configuration, Dial-in Configuration and NAT.
Page 73: Chapter 8 Remote Node Configuration
To configure a remote node, follow these steps: Step 1. From the Main Menu, select menu option 11. Remote Node Setup Remote Node Configuration Remote Node Configuration This chapter covers the configuration of remote nodes. Prestige 202H User’s Guide Chapter 8...
Page 74: Figure 8-1 Menu 11 Remote Node Setup
Step 2. When Menu 11 appears as shown in the following figure, enter the number of the remote node that you wish to configure. Enter Node # to Edit: When Menu 11.1. – Remote Node Profile appears, fill in the fields as described in the following table to define this remote profile.
Page 75: Table 8-1 Menu 11.1 Remote Node Profile
Prestige will check the CLID in the incoming call against the CLIDs in the database. If no match is found and CLID Authen is set to Required, the call will be dropped. Remote Node Configuration DESCRIPTION Prestige 202H User’s Guide EXAMPLE Outgoing...
Page 76 FIELD Call Back This field is applicable only if Call Direction is set to Both. Otherwise, a N/A appears in the field. This field determines whether or not your Prestige will call back after receiving a call from this remote node. If this option is enabled, your Prestige will disconnect the initial call from this node and call it back at the Outgoing Primary Phone Number (see section 10.4 Callback Overview).
Page 77 When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. Remote Node Configuration DESCRIPTION Prestige 202H User’s Guide EXAMPLE Default = 0 Default = No...
Page 78: Outgoing Authentication Protocol
Outgoing Authentication Protocol Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons. However, some vendor’s implementation includes specific authentication protocol in the user profile. It will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is stronger than specified.
Page 79: Editing Ppp Options
Remote Node Profile, and use [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.2, as shown next. Remote Node Configuration Table 8-2 BTR vs MTR for BOD No. of Channel(s) Max No. of Used Channel(s) Used Prestige 202H User’s Guide BANDWIDTH ON DEMAND...
Page 80: Figure 8-3 Menu 11.2 Remote Node Ppp Options
Press Space Bar to Toggle. Figure 8-3 Menu 11.2 Remote Node PPP Options Table 8-3 Menu 11.2 Remote Node PPP Options FIELD Encapsulation Compression BACP Multiple Link Options: BOD Calculation Base Trans Rate (Kbps) Max Trans Rate (Kbps) Menu 11.2 - Remote Node PPP Options Encapsulation= Standard PPP Compression= No BACP= Enable...
Page 81: Lan-To-Lan Application
Figure 8-4 TCP/IP LAN-to-LAN Application For the branch office, you need to configure a remote node in order to dial out to headquarters. Remote Node Configuration Prestige 202H User’s Guide Default = 32–48 Default = 5 sec Default = 5 sec...
Page 82: Figure 8-5 Lan 1 Setup
LAN 1 Setup Rem Node Name= LAN_2 Active= Yes Call Direction= Both Incoming: Rem Login= lan2 Rem Password= ******* Rem CLID= Call Back= No Outgoing: My Login= lan1 My Password= ******** Authen= CHAP/PAP Pri Phone #= 035783942 Sec Phone #= Press ENTER to Confirm or ESC to Cancel: LAN 2 Setup Rem Node Name= LAN_1...
Page 83: Configuring Network Layer Options
Move the cursor to the Edit IP field in Menu 11 – Remote Node Profile, and then press [SPACE BAR] to toggle and set the value to Yes. Press [ENTER] to open Menu 11.3 – Network Layer Options. Remote Node Configuration Prestige 202H User’s Guide DESCRIPTION 8-11...
Page 84: Table 8-5 Remote Node Network Layer Options
Press ENTER to Confirm or ESC to Cancel: Table 8-5 Remote Node Network Layer Options Table 8-6 Remote Node Network Layer Options FIELD Rem IP Addr This will show the IP address you entered for this remote node in the previous menu. Rem Subnet Mask Enter the subnet mask for the remote network.
Page 85 [ESC] at any time to cancel. The following diagram shows the sample IP addresses to help you understand the field of My Wan Addr in Menu 11.3. Remote Node Configuration Prestige 202H User’s Guide DESCRIPTION EXAMPLE None (default) RIP-2B (default)
Page 86: Configuring Filter
Prestige 202H User’s Guide Figure 8-7 Sample IP Addresses for LAN-to-LAN Connection Configuring Filter Use Menu 11.5 – Remote Node Filter to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the Prestige and also to preve.nt certain packets from triggering calls.
Page 87: Figure 8-8 Menu 11.5 Remote Node Filter
Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= 1 device filters= Press ENTER to Confirm or ESC to Cancel: Prestige 202H User’s Guide 8-15...
Page 89: Chapter 9 Static Route Setup
Prestige 202H User’s Guide Chapter 9 Static Route Setup This chapter shows how to set up static routes. Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Page 90: Figure 9-2 Menu 12 Ip Static Route Setup
To configure an IP static route, use Menu 12 – IP Static Route Setup, as displayed next. From Menu 12, select one of the available IP static routes to open Menu 12.1 – Edit IP Static Route, as shown next. FIELD Route Name Enter a descriptive name for this route.
Page 91 Once you have completed filling in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel. Remote Node TCP/IP Configuration Table 9-1 Menu 12.1 Edit IP Static Route DESCRIPTION Prestige 202H User’s Guide...
Page 93: Chapter 10 Dial-In Setup
ID. If the remote node requires mutual authentication, please fill in the O/G Username and O/G Password fields. You must also fill in these fields when a dial-in user to whom we are calling back requests authentication. Dial-in Setup Prestige 202H User’s Guide Chapter 10 Dial-in Setup REMOTE NODES Your Prestige can make calls to and receive calls from the remote node.
Page 94: Setting Up Default Dial-In
10.3 Setting Up Default Dial-in From the Main Menu, enter 13 to go to Menu 13 – Default Dial-in Setup. This section describes how to configure the protocol-independent fields in this menu. For the protocol-dependent fields, refer to the appropriate chapters. Telco Options: CLID Authen= Required PPP Options:...
Page 95 The default for this field is 0 for no budget control. Allocated Budget (min) Period (hr) This field sets the time interval to reset the above callback budget control. IP Address Supplied By: Dial-in Setup Prestige 202H User’s Guide DESCRIPTION EXAMPLE CHAP/PAP 0 (default) 10-3...
Page 96 FIELD Dial-in User If set to Yes, the Prestige will allow a remote host to specify its own IP address. If set to No, the remote host must use the IP address assigned by your Prestige from the IP pool, configured below. This is to prevent the remote host from using an invalid IP address and potentially disrupting the whole network.
Page 97: Callback Overview
Menu 13.1 - Default Dial-in Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: Enter here to CONFIRM or ESC to CANCEL: Prestige 202H User’s Guide 10-5...
Page 98: Figure 10-3 Menu 14 Dial-In User Setup
Step 2. Select one of the users by number, this will bring you to Menu 14.1 – Edit Dial-in User, as shown next. FIELD User This is a required field. This will be used as the login name for authentication. Name Choose a descriptive word for login, for example, johndoe.
Page 99: Telecommuting Application With Windows Example
Typically, a telecommuter will use a client workstation with TCP/IP and dial-out capabilities, e.g., a Windows® PC or a Macintosh. For telecommuters to call in to your Prestige, you need to configure a Dial-in Setup Table 10-3 Edit Dial-in User DESCRIPTION Prestige 202H User’s Guide EXAMPLE No (default) No (default) 100 seconds...
Page 100: Figure 10-5 Example Of Telecommuting
Prestige 202H User’s Guide dial-in user profile for each telecommuter. Additionally, you need to configure the Default Dial-in User Setup to set the operational parameters for all dial-in users. An example of remote access server for telecommuters is shown next.
Page 101: Figure 10-6 Configuring Menu 13 For Remote Access
IP Pool= Yes IP Start Addr= 192.168.250.250 IP Count(1,2)= N/A Session Options: Edit Filter Sets= No Figure 10-7 Edit Dial-in-User callback. Prestige 202H User’s Guide IP Pool for RAS Clients. This must be PAP for Windows®. The User Name and...
Page 102: Lan-To-Lan Server Application Example
Prestige 202H User’s Guide 10.7 LAN-to-LAN Server Application Example Your Prestige can also be used as a dial-in server for LAN-to-LAN application to provide access for the workstations on a remote network. For your Prestige to be set up as a LAN-to-LAN server, you need to configure the Default Dial-in User Setup to set the operational parameters for incoming calls.
Page 103: Figure 10-9 Lan 1 Lan-To-Lan Application
Schedules= Carrier Access Code= Nailed-Up Connection= No Toll Period(sec)= 0 Session Options: Edit Filter Sets= No Idle Timeout(sec)= 300 Prestige 202H User’s Guide Set Call Direction and Both Call Back to respectively. Set Call Direction and Call Both Back to respectively.
Page 104: Figure 10-11 Testing Callback With Your Connection
Start dialing for node <LAN_2> ### Hit any key to continue.### $$$ DIALING dev=2 ch=0 $$$ OUTGOING-CALL phone(123) $$$ CALL CONNECT speed<64000> type<2> chan<0> $$$ LCP opened $$$ PAP sending user/pswd $$$ LCP closed $$$ Recv'd TERM-REQ $$$ Recv'd TERM-ACK state 4 $$$ LCP stopped $$$ ANSWER CONNECTED ch=7743bc $$$ LCP opened...
Page 105: Figure 10-12 Callback With Clid Configuration
Dial-in User= Yes IP Pool= No IP Start Addr= N/A IP Count(1,2)= N/A Session Options: Edit Filter Sets= No Prestige 202H User’s Guide This is how the Prestige on LAN 2 identifies the Prestige on LAN 1. Set this field to Required...
Page 106: Figure 10-14 Callback And Clid Connection Test
The Prestige displays all communication traces as shown in the next figure. If CLID authentication fails, this means that the calling number does not match the Rem CLID number in Menu 11.1. Copyright (c) 1994 - 2003 ZyXEL Communications Corp. LAN_2>sys trcl call...
Page 107: Chapter 11 Network Address Translation (Nat)
This refers to the packet address (source or destination) as the packet travels on the WAN. NAT never changes the IP address (either local or global) of an outside host. Dial-in Setup This chapter discusses how to configure NAT on the Prestige. Table 11-1 NAT Definitions DESCRIPTION Prestige 202H User’s Guide Chapter 11 11-1...
Page 108: What Nat Does
Prestige 202H User’s Guide 11.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 109: Figure 11-1 How Nat Works
Prestige 202H User’s Guide Figure 11-1 How NAT Works 11.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
Page 110: Figure 11-2 Nat Application With Ip Alias
11.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. 2. Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address.
Page 111: Table 11-2 Nat Mapping Types
IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 Prestige 202H User’s Guide SMT ABBREVIATION M:M Ov M:M No OV Server 11-5...
Page 112: Applying Nat
1. Choose SUA Only if you have just one public WAN IP address for your Prestige. 2. Choose Full Feature if you have multiple public WAN IP addresses for your Prestige. 11.2 Applying NAT You apply NAT via menus 4 or 11.3 as displayed next. The next figure shows you how to apply NAT for Internet access in menu 4.
Page 113: Nat Setup
To configure NAT, enter 15 from the main menu to bring up the following screen. Dial-in Setup Menu 11.3 - Remote Node Network Layer Options Enter here to CONFIRM or ESC to CANCEL: DESCRIPTION Prestige 202H User’s Guide EXAMPLE Full Feature 11-7...
Page 114: Figure 11-5 Menu 15 Nat Setup
11.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets. Enter Menu Selection Number: Figure 11-6 Menu 15.1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen (see also section 11.1.6). The fields in this menu cannot be changed. 11-8 Menu 15 —...
Page 115: Figure 11-7 Menu 15.1.255 Sua Address Mapping Rules
Note the extra Action and Select Rule fields mean you can configure rules in this Dial-in Setup Menu 15.1.255 - Address Mapping Rules Global Start IP Global End IP --------------- --------------- 0.0.0.0 0.0.0.0 DESCRIPTION Prestige 202H User’s Guide Type ------ Server EXAMPLE 0.0.0.0 255.255.255.255 0.0.0.0 Server 11-9...
Page 116: Figure 11-8 Menu 15.1.1 Address Mapping Rules First Set
screen. Note also that the [?] in the Set Name field means that this is a required field and you must enter a name for the set. If the Set Name field is left blank, the entire set will be deleted. Set Name= ? Local Start IP ---------------...
Page 117: Figure 11-9 Menu 15.1.1.1 Address Mapping Rule
Figure 11-9 Menu 15.1.1.1 Address Mapping Rule Dial-in Setup Table 11-5 Fields in Menu 15.1.1 DESRIPTION address. Menu 15.1.1.1 Address Mapping Rule Start= = N/A Start= = N/A Press ENTER to Confirm or ESC to Cancel: Prestige 202H User’s Guide EXAMPLE Edit 11-11...
Page 118: Nat Server Sets - Port Forwarding
Table 11-6 Menu 15.1.1.1 Address Mapping Rule FIELD Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in Table 11-2. Server allows you to specify multiple servers of different types behind NAT to this computer. See section 11.5.3 for an example.
Page 119: Table 11-7 Services & Port Numbers
Follow these steps to configure a server behind NAT: Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup. Dial-in Setup Table 11-7 Services & Port Numbers SERVICES Prestige 202H User’s Guide PORT NUMBER 1723 11-13...
Page 120: Figure 11-10 Menu 15.2 Nat Server Sets
Step 2. Enter 2 to display Menu 15.2 - NAT Server Sets as shown next. Step 3. Enter 1 to go to Menu 15.2 NAT Server Setup as follows. Rule --------------------------------------------------- Step 4. Enter a port number in an unused Start Port No field. To forward only one port, enter it again in the End Port No field.
Page 121: General Nat Examples
11.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP. Dial-in Setup Prestige 202H User’s Guide 11-15...
Page 122: Figure 11-13 Nat Example 1
Menu 4 - Internet Access Setup Figure 11-14 Menu 4 Internet Access & NAT Example From menu 4, choose the SUA Only option from the NAT field. This is the Many-to-One mapping discussed in section 11.5. The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case.
Page 123: Figure 11-15 Nat Example 2
Prestige 202H User’s Guide 11.5.2 Example 2: Internet Access with an Inside Server Figure 11-15 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure.
Page 124: Figure 11-16 Menu 15.2 Specifying An Inside Server
Figure 11-16 Menu 15.2 Specifying an Inside Server 11.5.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server. All departments share the same router. The example will reserve one IGA for each department with an FTP server and all departments use the other IGA.
Page 125: Figure 11-17 Nat Example 3
Start IP as 192.168.1.10 (the IP address of FTP Server 1), the global Start IP as 10.132.50.1 (our first IGA). (See Figure 11-19). Step 6. Repeat the previous step for rules 2 to 4 as outlined above. Dial-in Setup Figure 11-17 NAT Example 3 Prestige 202H User’s Guide 11-19...
Page 126: Figure 11-18 Example 3: Menu 11.3
Menu 11.3 - Remote Node Network Layer Options IP Options: IP Address Assignment= Static Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature Address Mapping Set= 2 Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Multicast= IGMP-v2 IP Policies=...
Page 127: Figure 11-20 Example 3: Final Menu 15.1.1
Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. --------------------------------------------------- Default Default Press ENTER to Confirm or ESC to Cancel: Example 3: Menu 15.2.1 Prestige 202H User’s Guide Global End IP Type --------------- ------ Server IP Address 0.0.0.0 192.168.1.21 192.168.1.20...
Page 128: Figure 11-21 Nat Example 4
Prestige 202H User’s Guide 11.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types.
Page 129: Figure 11-22 Example 4: Menu 15.1.1.1 Address Mapping Rule
Menu 15.1.1 - Address Mapping Rules Local End IP Global Start IP --------------- --------------- 192.168.1.12 10.132.50.1 Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: Prestige 202H User’s Guide Global End IP Type --------------- ------ 10.132.50.3 M:M NO OV 11-23...
Page 130: Firewall
Firewall Part III: Firewall This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules.
Page 131: Chapter 12 Firewalls
Prestige 202H User’s Guide Chapter 12 Firewalls This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 12.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 132: Introduction To Zyxel's Firewall
Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Page 133: Denial Of Service
Prestige 202H User’s Guide Figure 12-1 Prestige Firewall Application 12.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 134: Table 12-1 Common Ip Ports
12.4.2 Types of DoS Attacks There are four types of DoS attacks: 1. Those that exploit bugs in a TCP/IP implementation. 2. Those that exploit weaknesses in the TCP/IP specification. 3. Brute-force attacks that flood a network with useless data. 4.
Page 135: Figure 12-2 Three-Way Handshake
(which is set at relatively long intervals) terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users. Firewalls Figure 12-2 Three-Way Handshake Figure 12-3 SYN Flood Prestige 202H User’s Guide 12-5...
Page 136: Figure 12-4 Smurf Attack
2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself. 3.
Page 137: Stateful Inspection
Allows all sessions originating from the LAN (local network) to the WAN (Internet). Firewalls Table 12-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: Table 12-4 Legal SMTP Commands ETRN EXPN SAML SEND Prestige 202H User’s Guide HELO HELP MAIL SOML TURN VRFY NOOP 12-7...
Page 138: Figure 12-5 Stateful Inspection
Denies all sessions originating from the WAN to the LAN. The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed.
Page 139: Stateful Inspection And The Prestige
Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the Prestige itself (as with the "virtual connections" created for UDP and ICMP). Firewalls Prestige 202H User’s Guide 12-9...
Page 140: Tcp Security
Prestige 202H User’s Guide 12.5.3 TCP Security The Prestige uses state information embedded in TCP packets. The first packet of any new connection has its SYN flag set and its ACK flag cleared; these are "initiation" packets. All packets that do not have this flag structure are called "subsequent"...
Page 141: Guidelines For Enhancing Security With Your Firewall
Produce lists like this one! 2. DSL or cable modem connections are “always-on” connections and are particularly vulnerable because they provide more opportunities for hackers to crack your system. Turn your computer off when not in use. Firewalls Prestige 202H User’s Guide 12-11...
Page 142: Packet Filtering Vs Firewall
3. Never give out a password or any sensitive information to an unsolicited telephone call or e-mail. 4. Never e-mail sensitive information such as passwords, credit card information, etc., without encrypting the information first. 5. Never submit sensitive information via a web page unless the web site uses secure connections. You can identify a secure connection by looking for a small “key”...
Page 143: When To Use The Firewall
5. Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. 6. The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. Firewalls Prestige 202H User’s Guide 12-13...
Page 145: Chapter 13 Introducing The Prestige Firewall
Introducing the Prestige Firewall This chapter shows you how to get started with the Prestige firewall. Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup 3. View Firewall Log Prestige 202H User’s Guide Chapter 13 13-1...
Page 146: Figure 13-2 Menu 21.2 Firewall Setup
The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating from the WAN to the LAN You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so Active: Yes...
Page 147: Table 13-1 View Firewall Log
After viewing the firewall log, ENTER “y” to clear the log or “n” to retain it. With either option you will be returned to Menu 21- Filter and Firewall Setup. Introducing the Prestige Firewall Table 13-1 View Firewall Log DESCRIPTION Prestige 202H User’s Guide EXAMPLES mm:dd:yy e.g., Jan 1 00 hh:mm:ss e.g., 00:00:00...
Page 149: Chapter 14 Configuring Firewall With The Web Configurator
Step 4. Click Advanced Setup in the navigation panel, then click Firewall. The Firewall Functions screen displays as shown next. Configuring Firewall with the Web Configurator Figure 14-1 Site Map Screen Prestige 202H User’s Guide Chapter 14 Configurator 14-1...
Page 150: Figure 14-2 Firewall Functions
The following table describes the fields in this screen. LINK Config Email Alert Local Network to Internet Set Rule Summary Timeout Internet to Local Network Set 14-2 Figure 14-2 Firewall Functions Table 14-1 Predefined Services DESCRIPTION Click this link to enable the firewall. Click this link to configure an alert report to be sent to a specific e-mail address.
Page 151: Enabling The Firewall
Click this link to set up firewall rules for WAN to LAN traffic. Click this link to set up protocol timeout values for WAN to LAN traffic. Click this link to view the firewall’s logs. Figure 14-3 Enabling the Firewall Prestige 202H User’s Guide 14-3...
Page 152: Figure 14-4 E-Mail
Prestige 202H User’s Guide 14.3.1 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Attack Alert screen (Figure 14-6 - check the Generate...
Page 153: Table 14-2 E-Mail
Click Back to return to the previous screen. Click Apply to save your customized settings and exit this screen. Click Cancel to return to the previous configuration. Use the Help icon to find field descriptions. Configuring Firewall with the Web Configurator Table 14-2 E-mail DESCRIPTION Prestige 202H User’s Guide EXAMPLE username@mydom ain.com returnaddress@pre stige.com...
Page 154: Table 14-3 Smtp Error Messages
14.3.2 SMTP Error Messages If there are difficulties in sending e-mail the following error messages appear. Please see the Support Notes on the included disk for information on other types of error messages. E-mail error messages appear in SMT menu 24.3.1 as "SMTP action request failed. ret= ??". The “??"are described in the following table.
Page 155: Attack Alert
|match |<1,02> To:192.168.1.255 |match |<1,02> To:192.168.1.255 |match |<1,02> Figure 14-5 E-mail Log Prestige 202H User’s Guide You may edit the subject title The date format here is Month-Day-Year. The time format is Hour-Minute-Second. |forward "End of Log" message shows that a complete log has been sent.
Page 156: Tcp Maximum Incomplete And Blocking Time
2. The minimum capacity of server backlog in your LAN network. 3. The CPU power of servers in your LAN network. 4. Network bandwidth. 5. Type of traffic for certain servers. If your network is slower than average for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy), then the default values should be reduced.
Page 157: Figure 14-6 Attack Alert
(as well as a log) whenever an attack is detected. See the Logs Chapter for more information on logs and alerts. Configuring Firewall with the Web Configurator Figure 14-6 Attack Alert Table 14-4 Attack Alert DESCRIPTION Prestige 202H User’s Guide DEFAULT VALUES 14-9...
Page 158 Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions. The Prestige continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number.
Page 159 Click Back to return to the previous screen. Click Apply to save your customized settings and exit this screen. Click Cancel to return to the previous configuration. Use the Help icon to view field descriptions. Configuring Firewall with the Web Configurator Table 14-4 Attack Alert Prestige 202H User’s Guide 10 existing half-open TCP sessions. minutes (default) 14-11...
Page 161: Chapter 15 Creating Custom Rules
1. State the intent of the rule. For example, “This restricts all IRC access from the LAN to the Internet.” Or, “This allows a remote Lotus Notes server to synchronize over the Internet to an inside Notes server.” Creating Custom Rules Prestige 202H User’s Guide Creating Custom Rules Chapter 15...
Page 162: Security Ramifications
2. Is the intent of the rule to forward or block traffic? 3. What is the direction connection: from the LAN to the Internet, or from the Internet to the LAN? 4. What IP services will be affected? 5. What computers on the LAN are to be affected (if any)? 6.
Page 163: Connection Direction
Prestige 202H User’s Guide Source Address What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? Destination Address What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? 15.3 Connection Direction...
Page 164: Rule Summary
Prestige 202H User’s Guide 15.3.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.
Page 165: Figure 15-3 Firewall Rules Summary: First Screen
Note that “block” means the firewall silently discards the packet. Default Permit Log Select this check box to log all matched rules in the ACL default set. Creating Custom Rules Prestige 202H User’s Guide DESCRIPTION EXAMPLE Forward 15-5...
Page 166: Predefined Services
Table 15-1 Firewall Rules Summary: First Screen FIELD The following fields summarize the rules you have created. Note that these fields are read only. Click the tab at the top of the box to order the rules according to that tab. Source IP Destination IP Service...
Page 167: Table 15-2 Predefined Services
Internet Group Multicast Protocol is used when sending packets to a specific group of hosts. A protocol for news groups. Network File System - NFS is a client/server distributed file service that provides transparent file-sharing for network environments. Prestige 202H User’s Guide 15-7...
Page 168 NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP- TRAPS(TCP/UDP:162) SQL-NET(TCP:1521) SSH(TCP/UDP:22) STRM WORKS(UDP:1558) 15-8 Table 15-2 Predefined Services Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.
Page 169 Its primary function is to allow users to log into remote host systems. Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). Another videoconferencing solution. Prestige 202H User’s Guide 15-9...
Page 170: Figure 15-4 Creating/Editing A Firewall Rule
Prestige 202H User’s Guide Figure 15-4 Creating/Editing A Firewall Rule The following table describes the fields in this screen. 15-10 Creating Custom Rules...
Page 171: Table 15-3 Creating/Editing A Firewall Rule
To add a new source or destination address, click SrcAdd or DestAdd from the previous screen. To edit an existing source or destination address, select it from the box and click SrcEdit or DestEdit from the previous screen. Either action displays the following screen. Creating Custom Rules Prestige 202H User’s Guide DESCRIPTION EXAMPLE SrcAdd...
Page 172: Timeout
Figure 15-5 Adding/Editing Source and Destination Addresses The following table describes the fields in this screen. Table 15-4 Adding/Editing Source and Destination Addresses FIELD Address Type Do you want your rule to apply to packets with a particular (single) IP address, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an option from the drop down list box Start IP Address...
Page 173: Figure 15-6 Timeout Screen
This is the length of time a TCP session remains open after the firewall detects a FIN-exchange (indicating the end of the TCP session). Creating Custom Rules Figure 15-6 Timeout Screen Table 15-5 Timeout Menu DESCRIPTION Prestige 202H User’s Guide DEFAULT VALUE 30 seconds 60 seconds 15-13...
Page 174 Prestige 202H User’s Guide Idle Timeout This is the length of time of inactivity a TCP connection remains open before the Prestige considers the connection closed. UDP Idle Timeout This is the length of time of inactivity a UDP connection remains open before the Prestige considers the connection closed.
Page 175: Chapter 16 Customized Services
Prestige 202H User’s Guide Chapter 16 Customized Services This chapter covers creating, viewing and editing custom services. 16.1 Customized Services Overview Configure customized services and port numbers not predefined by the Prestige (see Figure 15-4). For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
Page 176: Creating/Editing A Customized Service
The following table describes the fields in this screen. FIELD This is the number of your customized port. Click a rule’s number to edit the rule. Name This is the name of your customized port. Protocol This shows the IP protocol (TCP, UDP or Both) that defines your customized port.
Page 177: Example Firewall Rule
Click Any in the Source Address box and then click ScrDelete. Step 4. Click ScrAdd to open the Rule IP Config screen. Configure it as follows and click Apply. Customized Services DESCRIPTION Prestige 202H User’s Guide EXAMPLE TCP/UDP Single Range...
Page 178: Figure 16-3 Configure Source Ip
Step 5. Click Edit Available Service in the edit rule screen and then click a rule number to bring up the Firewall Customized Services Config screen. Configure as follows. Figure 16-4 Customized Service for MyService Customized services show up with an “*” before their names in the Services list box and the Rule Summary list box.
Page 179: Figure 16-5 Myservice Rule Configuration
Click Apply when Figure 16-5 MyService Rule Configuration finished. Customized Services Prestige 202H User’s Guide This is the address range of the “MyService” servers. This is your “MyService” custom port.
Page 180: Figure 16-6 Example Rule Summary
Step 6. On completing the configuration procedure for these Internet firewall rules, the Rule Summary screen should look like the following. Don’t forget to click Apply when you have finished configuring your rule(s) to save your settings back to the Prestige. Rule 3: Allows a “MyService”...
Page 181: Chapter 17 Firewall Logs
Prestige 202H User’s Guide Chapter 17 Firewall Logs This chapter contains information about using the log screen to view the results of the rules you have configured. 17.1 Log Screen When you configure a new rule you also have the option to log events that match, don’t match (or both) this rule (see Figure 15-4).
Page 182: Table 17-1 Log Screen
The following table describes the fields in this screen. FIELD This is the index number of the firewall log. 128 entries are available numbered from 0 to 127. Once they are all used, the log will wrap around and the old logs will be lost.
Page 183: Advanced Management
Advanced Management Part IV: Advanced Management This part discusses Filtering, SNMP, System Information and Diagnosis, Firmware and Configuration File Maintenance, System Maintenance and Information, Call Scheduling, Remote Management and Virtual Private Networking (VPN/IPSec).
Page 185: Chapter 18 Filter Configuration
Prestige 202H User’s Guide Chapter 18 Filter Configuration This chapter shows you how to create and apply filters. 18.1 Filtering Overview Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
Page 186: Figure 18-1 Outgoing Packet Filtering Process
Prestige 202H User’s Guide Outgoing Data Packet Match Drop packet Figure 18-1 Outgoing Packet Filtering Process Two sets of factory filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls. A summary of their filter rules is shown in the figures that follow.
Page 187: Figure 18-2 Filter Rule Process
Filter Configuration Filter Set Fetch Next Filter Rule Next filter Rule Available? Check Next Rule Figure 18-2 Filter Rule Process Prestige 202H User’s Guide Start Packet intoFilter Fetch First Filter Set Fetch First Filter Rule Active? Execute Filter Rule Forward...
Page 188: Configuring A Filter Set
Prestige 202H User’s Guide For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, for example, all the rules for NetBIOS, into a single set and give it a descriptive name.
Page 189: Figure 18-4 Menu 21.1 Filter Set Configuration
----------------- NetBIOS_WAN NetBIOS_LAN Telnet_WAN FTP_WAN ______________ _______________ Enter Filter Set Number to Configure= 0 Edit Comments= N/A Press ENTER to Confirm or ESC to Cancel: Prestige 202H User’s Guide Filter Set # Comments ------ ----------------- _______________ _______________ _______________ _______________ _______________...
Page 190: Figure 18-5 Netbios_Wan Filter Rules Summary
Prestige 202H User’s Guide # A Type - - ---- -------------------------------------------- --------- - - - Pr=6, Pr=6, Pr=6, Pr=17, Pr=17, Pr=17, Figure 18-5 NetBIOS_WAN Filter Rules Summary # A Type - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0...
Page 191: Figure 18-7 Telnet Wan Filter Rules Summary
The following tables briefly describe the abbreviations used in the previous menus. Filter Configuration Menu 21.1.3 - Filter Rules Summary Filter Rules Menu 21.1.4 - Filter Rules Summary Filter Rules Prestige 202H User’s Guide M m n N D F M m n N D F N D F...
Page 192: Table 18-1 Filter Rules Summary Menu Abbreviations
Prestige 202H User’s Guide TABLE 18-1 FILTER RULES SUMMARY MENU ABBREVIATIONS FIELD The filter rule number: 1 to 6. Active: “Y” means the rule is active. “N” means the rule is inactive. Type The type of filter rule: “GEN” for Generic, “IP” for TCP/IP.
Page 193: Configuring A Filter Rule
Prestige 202H User’s Guide 18.3 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.x – Filter Rules Summary and press [ENTER] to open menu 21.1.x.x for the rule. There are two types of filter rules: TCP/IP and Generic. Depending on the type of rule, the parameters for each type will be different.
Page 194: Figure 18-9 Menu 21.1.7.1 Tcp/Ip Filter Rule
Prestige 202H User’s Guide Press Space Bar to Toggle. Figure 18-9 Menu 21.1.7.1 TCP/IP Filter Rule Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIELD Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third filter rule of that set.
Page 195 Both – All packets will be logged. Action Select the action for a matching packet. Choices are Check Next Matched Rule, Forward or Drop. Filter Configuration DESCRIPTION Prestige 202H User’s Guide EXAMPLE 0 to 65535 None IP address IP mask 0 to 65535...
Page 196 Prestige 202H User’s Guide Table 18-3 Menu 21.1.7.1 TCP/IP Filter Rule FIELD Action Not Select the action for a packet not matching the rule. Choices are Check Next Rule, Forward or Drop. Matched When you have completed this menu, press [ENTER] at the prompt “Press [ENTER] to confirm or [ESC] to cancel”...
Page 197: Figure 18-10 Executing An Ip Filter
Drop Packet Filter Configuration Not Matched Not Matched Not Matched Not Matched Check Next Rule Check Next Rule Forward Check Next Rule Figure 18-10 Executing an IP Filter Prestige 202H User’s Guide Action Not Matched Drop Forward Accept Packet 18-13...
Page 198: Figure 18-11 Menu 21.1.5.1 Generic Filter Rule
Prestige 202H User’s Guide 18.3.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
Page 199 When you have completed this menu, press [ENTER] at the prompt “Press [ENTER] to confirm or [ESC] to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. Filter Configuration DESCRIPTION Prestige 202H User’s Guide EXAMPLE Generic Filter Rule...
Page 200: Filter Types And Nat
Prestige 202H User’s Guide 18.4 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
Page 201: Figure 18-13 Sample Telnet Filter
Enter a descriptive name or comment in the Edit Comments field and press [ENTER]. Step 5. Press [ENTER] at the message [Press ENTER to confirm] to open Menu 21.1.9 - Filter Rules Summary. Filter Configuration Figure 18-13 Sample Telnet Filter Prestige 202H User’s Guide 18-17...
Page 202: Figure 18-14 Sample Filter Menu 21.1.9.1
Prestige 202H User’s Guide Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as shown in the following figure. Menu 21.1.9.1 - TCP/IP Filter Rule Filter #: 9,1...
Page 203: Applying Filters And Factory Defaults
(n = F) if the action is not matched no matter whether there are more rules to be checked (there aren’t in this example). Prestige 202H User’s Guide M m n N D F 18-19...
Page 204: Figure 18-16 Filtering Ethernet Traffic
Prestige 202H User’s Guide FILTER SETS Input Filter Sets: Apply filters for incoming traffic. You may apply protocol or device filter rules. Output Filter Sets: Apply filters for traffic leaving the Prestige. You may apply filter rules for protocol or device filters.
Page 205: Figure 18-17 Filtering Remote Node Traffic
3,4,5 device filters= Output Filter Sets: protocol filters= 1 device filters= Prestige 202H User’s Guide Apply filter 3 to block Telnet traffic from the WAN; filter 4 to allow PPPoE packets only, and filter 5 to deny FTP traffic from the WAN.
Page 207: Chapter 19 Snmp Configuration
Prestige 202H User’s Guide Chapter 19 SNMP Configuration This chapter explains SNMP Configuration menu 22. 19.1 SNMP Overview Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Page 208: Supported Mibs
Prestige 202H User’s Guide An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Page 209: Snmp Traps
Get Community= public Set Community= public Trusted Hgst= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Table 19-1 Menu 22 SNMP Configuration DESCRIPTION Prestige 202H User’s Guide EXAMPLE public public 0.0.0.0 public 0.0.0.0 19-3...
Page 210: Table 19-2 Snmp Traps
Prestige 202H User’s Guide TRAP # TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) linkUp (defined in RFC-1215) authenticationFailure (defined in RFC-1215) linkDown (defined in RFC-1215) The port number is its interface index under the interface group. Table 19-3 Ports and Permanent Virtual Circuits PORT …...
Page 211: Chapter 20 System Information And Diagnosis
Upload Firmware Command Interpreter Mode Call Control Enter Menu Selection Number: System Maintenance. From this menu, type 1. – System Maintenance – System Maintenance – Prestige 202H User’s Guide Chapter 20 Status. Typing 1 resets – Status which are – 20-1...
Page 212: Figure 20-2 Menu 24.1 System Maintenance Status
Prestige 202H User’s Guide Chan Link Type Down 0Kbps Down 0Kbps Chan Own IP Address Ethernet Status 100M/Full Duplex Total Outcall Time: LAN Packet Which Triggered Last Call: (Type: IP) 45 00 00 28 FE EB 00 00 FE 06 50 01 C0 A8 01 21 AC 16 00 03 04 61 02 0C...
Page 213: System Information And Console Port Speed
Step 2. Enter 2 to open Menu 24.2 – System Information and Console Port Speed. Step 3. From this menu you have two choices as shown in the next figure: System Information and Diagnosis Prestige 202H User’s Guide DESCRIPTION 20-3...
Page 214: Figure 20-3 Menu 24.2 System Information And Console Port Speed
Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Country Code This is the country code value (in decimal notation).
Page 215: Log And Trace
Step 2. From menu 24, type 3 to display Menu 24.3 – System Maintenance – Log and Trace. System Information and Diagnosis DESCRIPTION Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Prestige 202H User’s Guide 20-5...
Page 216: Figure 20-6 Menu 24.3 System Maintenance Log And Trace
Prestige 202H User’s Guide Menu 24.3 - System Maintenance - Log and Trace Figure 20-6 Menu 24.3 System Maintenance Log and Trace Step 3. Enter 1 from Menu 24.3 – System Maintenance – Log and Trace to display the error log in the system.
Page 217: Figure 20-8 Menu 24.3.2 System Maintenance Unix Syslog
Active= No Syslog IP Address= ? Log Facility= Local 1 Types: CDR= No Packet triggered= No Filter log= No PPP log= No POTS log=No Firewall log=No Press ENTER to Confirm or ESC to Cancel: DESCRIPTION Prestige 202H User’s Guide 20-7...
Page 218: Packet Triggered
Prestige 202H User’s Guide Table 20-3 Menu 24.3.2 System Maintenance Unix Syslog FIELD Firewall log Firewall events are logged when this field is set to Yes. When finished configuring this screen, press [ENTER] to confirm or [ESC] to cancel. The following are examples of syslog messages sent by the Prestige: 1.
Page 219: Accounting Server
Remote Call = a string type which represents as the remote call number 20.5 Accounting Server Type 3 in menu 24.3 to open Menu 24.3.3-Accounting Server. This menu allows you to activate and configure an accounting server. System Information and Diagnosis Prestige 202H User’s Guide dpo=00021]}S04>R01mF 20-9...
Page 220: Call Triggering Packet
Prestige 202H User’s Guide Menu 24.3.3 - System Maintenance - Accounting Server Press Space Bar to Toggle. Figure 20-9 Menu 24.3.3 System Maintenance Accounting Server FIELD Accounting Server Active Press the [SPACE BAR] to select Yes and press [ENTER] to enable wireless client authentication through an external accounting server.
Page 221: Diagnostic
= 0xFB20 (64288) = 0xC0A80101 (192.168.1.1) = 0x00000000 (0.0.0.0) = 0x0401 (1025) = 0x000D (13) = 0x05B8D000 (95997952) = 0x00000000 (0) = 24 = 0x02 (...S.) = 0x2000 (8192) = 0xE06A (57450) = 0x0000 (0) Prestige 202H User’s Guide E..20-11...
Page 222: Figure 20-11 Menu 24.4 System Maintenance Diagnostic
Prestige 202H User’s Guide ISDN Hang Up B1 Call Hang Up B2 Call Reset ISDN ISDN Connection Test Manual Call TCP/IP 11. Internet Setup Test 12. Ping Host Figure 20-11 Menu 24.4 System Maintenance Diagnostic Follow the procedure next to get to Diagnostic: Step 1.
Page 223: Figure 20-12 Display For A Successful Manual Call
Dialing chan<2> phone<last 9-digit>:12345 Call CONNECT speed<64000> chan<2> prot<1> LCP up CHAP send response CHAP login to remote OK! IPCP negotiation started IPCP up Figure 20-12 Display for a Successful Manual Call System Information and Diagnosis Prestige 202H User’s Guide DESCRIPTION 20-13...
Page 225: Chapter 21 Firmware And Configuration File Maintenance
Prestige 202H User’s Guide Chapter 21 Firmware and Configuration File Maintenance This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file. 21.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 226: Backup Configuration
Prestige 202H User’s Guide FILE TYPE INTERNAL NAME Configuration Rom-0 File Firmware 21.2 Backup Configuration The Prestige displays different messages explaining different ways to backup, restore and upload files in menus 24.5, 24.6, 24. 7.1 and 24.7.2; depending on whether you use the console port or Telnet.
Page 227: Figure 21-1 Menu 24.5 System Maintenance - Backup Configuration
“config.rom”. See earlier in this chapter for more information on filename conventions. Step 7. Enter “quit” to exit the ftp prompt. 21.2.3 Example of FTP Commands from the Command Line Firmware and Configuration File Maintenance Press ENTER to Exit: Prestige 202H User’s Guide 21-3...
Page 228: Figure 21-2 Ftp Session Example
Prestige 202H User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 229: Backup Configuration Using Tftp
Prestige IP address, “get” transfers the file source on the Prestige (rom-0, name of the configuration file on the Prestige) to the file destination on the computer and renames it config.rom. Firmware and Configuration File Maintenance Prestige 202H User’s Guide 21-5...
Page 230: Figure 21-3 System Maintenance Backup Configuration
Prestige 202H User’s Guide 21.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 21-3 General Commands for GUI-based TFTP Clients COMMAND Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.
Page 231: Restore Configuration
Firmware and Configuration File Maintenance ** Backup Configuration completed. OK. ### Hit any key to continue.### Prestige 202H User’s Guide Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol.
Page 232: Figure 21-7 Telnet Into Menu 24.6
Prestige 202H User’s Guide DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE, WHEN THE UPLOAD CONFIGURATION/FIRMWARE PROCESS IS COMPLETE, THE PRESTIGE WILL 21.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter.
Page 233: Figure 21-8 Restore Using Ftp Session Example
Starting XMODEM download (CRC mode) ... CCCCCCCCC Figure 21-10 System Maintenance: Starting Xmodem Download Screen Step 3. Run the HyperTerminal program by clicking Transfer, then Send File as shown in the following screen. Firmware and Configuration File Maintenance Prestige 202H User’s Guide 21-9...
Page 234: Uploading Firmware And Configuration Files
Prestige 202H User’s Guide Figure 21-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu. Figure 21-12 Successful Restoration Confirmation Screen 21.4 Uploading Firmware and Configuration Files...
Page 235: Figure 21-13 - System Maintenance Upload Firmware
Press ENTER to Exit: Figure 21-14 Menu 24.7.1 Upload System Firmware 21.4.2 Configuration File Upload Firmware and Configuration File Maintenance 1. Upload Router Firmware 2. Upload Router Configuration File Enter Menu Selection Number: Prestige 202H User’s Guide 21-11...
Page 236: Figure 21-15 Menu 24.7.2 - System Maintenance - Upload Configuration File
Prestige 202H User’s Guide You can see the following screen when you enter 2 in menu 24.7. Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your computer.
Page 237: Figure 21-16 Ftp Session Example Of Firmware File Upload
For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “get” to transfer from the Prestige to the computer, “put” the other way around, and “binary” to set binary transfer mode. Firmware and Configuration File Maintenance Prestige 202H User’s Guide 21-13...
Page 238: Figure 21-17 Menu 24.7.1 As Seen Using The Console Port
Prestige 202H User’s Guide 21.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige’s IP address and “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the Prestige).
Page 239: Figure 21-18 Example Xmodem Upload
- System Maintenance - Upload System Configuration File. Follow the instructions as shown in the next screen. Firmware and Configuration File Maintenance Figure 21-18 Example Xmodem Upload Prestige 202H User’s Guide Type the firmware file’s location, or click Browse to look for it. Choose the Xmodem protocol.
Page 240: Figure 21-19 Menu 24.7.2 As Seen Using The Console Port
Prestige 202H User’s Guide Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload system configuration file: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atlc" after "Enter Debug Mode" message. 3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal.
Page 241: Figure 21-20 Example Xmodem Upload
After the configuration upload process has completed, restart the Prestige by entering “atgo”. Firmware and Configuration File Maintenance Figure 21-20 Example Xmodem Upload Prestige 202H User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol.
Page 243: Chapter 22 Smt Menus 24.8 To 24.10
Menu 24 - System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Firmware Update Command Interpreter Mode Call Control 10. Time and Date Setting Enter Menu Selection Number: Prestige 202H User’s Guide Chapter 22 22-1...
Page 244: Call Control Support
Prestige 202H User’s Guide Copyright (c) 1994 - 2002 ZyXEL Communications Corp. ras> ? Valid commands are: config ipsec ras> 22.2 Call Control Support The Prestige provides four call control functions: call control parameters, blacklist, budget management and call history.
Page 245: Figure 22-4 Menu 24.9.1Call Control Parameters
Enter 2 from Menu 24.9 to bring up the following menu. SMT Menus 24.8 to 24.10 Menu 24.9.1 - Call Control Parameters Dialer Timeout: Digital Call(sec)= 60 Retry Counter= 0 Retry Interval(sec)= N/A Press ENTER to confirm or ESC to Cancel: DESCRIPTION Prestige 202H User’s Guide 22-3...
Page 246: Figure 22-5 Menu 24.9.2 Blacklist
Prestige 202H User’s Guide 22.2.3 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 3 from Menu 24.9 to bring up the following menu. Remote Node 1.ChangeMe 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- 9 Dial-in User Figure 22-6 Menu 24.9.1 Budget Management...
Page 247: Figure 22-7 Menu 24.9.4 Call History
DESCRIPTION Menu 24.9.4 - Call History Rate #call Enter Entry to Delete (0 to exit): Figure 22-7 Menu 24.9.4 Call History Prestige 202H User’s Guide EXAMPLE 5/10 means that 5 minutes out of a total allocation of 10 minutes have lapsed.
Page 248: Time And Date
Prestige 202H User’s Guide FIELD Phone Number This is the telephone number of past incoming and outgoing calls. This shows whether the call was incoming or outgoing. Rate This is the transfer rate of the call. #call This is the number of calls made to or received from that telephone number.
Page 249: Figure 22-9 Menu 24.10 System Maintenance: Time And Date Setting
Current Date: New Date (yyyy-mm-dd): Time Zone= GMT+0800 Press ENTER to Confirm or ESC to Cancel: DESCRIPTION Prestige 202H User’s Guide 00 : 00 : 00 11 : 23 : 16 2000 - 01 - 01 2001 - 03 - 01...
Page 250: Resetting The Time
Prestige 202H User’s Guide Table 22-4 Time and Date Setting Fields FIELD Time Server Enter the IP address or domain name of your timeserver. Check with your Address ISP/network administrator if you are unsure of this information. The default is tick.stdtime.gov.tw Current Time This field displays an updated time only when you reenter this menu.
Page 251: Chapter 23 Call Scheduling
Menu 26 - Schedule Setup Schedule Set # ------ Enter Schedule Set Number to Configure=0 Edit Name=N/A Press ENTER to Confirm or ESC to Cancel: Figure 23-1 Menu 26 Schedule Setup Prestige 202H User’s Guide Chapter 23 Call Scheduling Name ------------------ ______________ ______________ ______________...
Page 252: Figure 23-2 Menu 26.1 Schedule Set Setup
To delete a schedule set, enter the set number and press [SPACE BAR] and then To set up a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 - Schedule Set Setup as shown next. Press Space Bar to Toggle FIELD Active...
Page 253: Applying Schedule Sets
Main Menu and then enter the target remote node index. You can apply up to four schedule sets, separated by commas, for one remote node. Change the schedule set numbers to your preference(s). Call Scheduling DESCRIPTION Prestige 202H User’s Guide OPTIONS Forced On Forced...
Page 254: Figure 23-3 Applying Schedule Set(S)
Rem Node Name= ? Active= Yes Call Direction= Both Incoming: Rem Login= ? Rem Password= ? Rem CLID= Call Back= No Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Pri Phone #= ? Sec Phone #= Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
Page 255: Chapter 24 Remote Management
24.1.2 Remote Management and NAT When NAT is enabled: Use the Prestige’s WAN IP address when configuring from the WAN. Remote Management Prestige 202H User’s Guide Chapter 24 Remote Management ALL (LAN and WAN) Neither (Disable)
Page 256: Telnet
Prestige 202H User’s Guide Use the Prestige’s LAN IP address when configuring from the LAN. 24.1.3 System Timeout There is a system timeout of five minutes (three hundred seconds) for either the console port or telnet/web/FTP connections. Your Prestige automatically logs you out if you do nothing in this timeout period, except when it is continuously updating the status in menu 24.1 or when sys stdio has been...
Page 257: Figure 24-2 Remote Management
Menu 24.11 - Remote Management Control Server Access = LAN only Server Access = LAN only Server Access = LAN only Press ENTER to Confirm or ESC to Cancel: Figure 24-2 Remote Management Table 24-1 Remote Management DESCRIPTION Prestige 202H User’s Guide 24-3...
Page 259: Chapter 25 Introduction To Vpn/Ipsec
Decryption is the opposite of encryption: it is a mathematical operation that transforms “ciphertext” to plaintext. Decryption also requires a key. Introduction to VPN/IPSec Introduction to VPN/IPSec This chapter introduces the basics of IPSec VPNs. Prestige 202H User’s Guide Chapter 25 25-1...
Page 260: Figure 25-1 Encryption And Decryption
Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission. Data Origin Authentication The IPSec receiver can verify the source of IPSec packets.
Page 261: Ipsec Architecture
Prestige 202H User’s Guide Figure 25-2 VPN Application 25.2 IPSec Architecture The overall IPSec architecture is shown as follows. Introduction to VPN/IPSec 25-3...
Page 262: Figure 25-3 Ipsec Architecture
Prestige 202H User’s Guide Figure 25-3 IPSec Architecture 25.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Page 263: Encapsulation
Inside header: The inside IP header contains the destination IP address of the final system behind the VPN gateway. The security protocol appears after the outer IP header and before the inside IP header. Introduction to VPN/IPSec Prestige 202H User’s Guide 25-5...
Page 264: Ipsec And Nat
25.4 IPSec and NAT Read this section if you are running IPSec on a host computer behind the Prestige. NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet.
Page 265: Chapter 26 Vpn/Ipsec Setup
3. View the IPSec connection log in menu 27.4. This menu is also useful for troubleshooting. This is an overview of the VPN menu tree. VPN/IPSec Setup VPN/IPSec Setup This chapter shows you how to set up VNP/IPSec on your Prestige. Figure 26-1 VPN SMT Menu Tree Prestige 202H User’s Guide Chapter 26 26-1...
Page 266: Ipsec Algorithms
From the main menu, enter 27 to display the first VPN/IPSec menu (shown next). 26.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN. An SA is built from the authentication provided by the AH and ESP protocols. The primary function of key management is to establish and maintain the SA between systems.
Page 267: My Ip Address
Select MD5 for minimal security and SHA-1 for maximum security. MD5 (default) MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data. SHA1 SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data. Prestige 202H User’s Guide 26-3...
Page 268: Ipsec Summary
Prestige 202H User’s Guide 26.4.1 Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS, enter 0.0.0.0 as the secure gateway’s address. In this case only the remote secure gateway can initiate SAs. This may be useful for telecommuters initiating a VPN tunnel to the company network.
Page 269: Figure 26-4 Menu 27.1 Ipsec Summary
1.1.1.1 255.255.0.0 192.168.1.42 Press ENTER to Confirm or ESC to Cancel: Figure 26-4 Menu 27.1 IPSec Summary Table 26-2 Menu 27.1 IPSec Summary DESCRIPTION Prestige 202H User’s Guide Encap IPSec Algorithm Secure Gw Addr ------ ------------------ Tunnel ESP DES MD5 193.81.13.2...
Page 270 FIELD Local Addr End When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Single, this is the same (static) IP address as in the Local Addr Start field. When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to Range, this is the end (static) IP address, in a range of computers on the LAN behind your Prestige.
Page 271 When a VPN rule is deleted, subsequent rules do not move up in the page list. VPN/IPSec Setup Table 26-2 Menu 27.1 IPSec Summary DESCRIPTION Prestige 202H User’s Guide EXAMPLE 172.16.2.40 172.16.2.46 193.81.13.2 None...
Page 272: Keep Alive
FIELD Select Rule Type the VPN rule index number you wish to edit or delete and then press [ENTER]. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. 26.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the IPSec SA lifetime period expires.
Page 273: Table 26-3 Local Id Type And Content Fields
The two Prestiges in this example can complete negotiation and establish a VPN tunnel. Table 26-5 Matching ID Type and Content Configuration Example PRESTIGE A Local ID type: E-mail Local ID content: tom@yourcompany.com VPN/IPSec Setup Prestige 202H User’s Guide CONTENT= CONTENT= PRESTIGE B Local ID type: IP Local ID content: 1.1.1.2...
Page 274: Pre-Shared Key
Peer ID type: IP Peer ID content: 1.1.1.2 The two Prestiges in this example cannot complete their negotiation because Prestige B’s Local ID type is IP, but Prestige A’s Peer ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
Page 275: Figure 26-5 Menu 27.1.1 Ipsec Setup
Content= Content= End/Subnet Mask= N/A End= N/A End/Subnet Mask= N/A End= N/A Press ENTER to Confirm or ESC to Cancel: Figure 26-5 Menu 27.1.1 IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup DESCRIPTION Prestige 202H User’s Guide EXAMPLE Taiwan 26-11...
Page 276 FIELD Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address. When you select DNS in the Local ID Type field, type a domain name (up to 31 characters) by which to identify this Prestige.
Page 277 Port Start 0 is the default and signifies any port. Type a port number from 0 to 65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3 VPN/IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup DESCRIPTION Prestige 202H User’s Guide EXAMPLE Zw50test.com. SINGLE 192.168.1.35 192.168.1.38...
Page 278 Prestige 202H User’s Guide Table 26-7 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. This field is N/A when 0 is configured in the Port Start field.
Page 279: Ike Phases
There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec. VPN/IPSec Setup Table 26-7 Menu 27.1.1 IPSec Setup DESCRIPTION Prestige 202H User’s Guide EXAMPLE 26-15...
Page 280: Figure 26-6 Two Phases To Set Up The Ipsec Sa
Figure 26-6 Two Phases to Set Up the IPSec SA In phase 1 you must: Choose a negotiation mode. Authenticate the connection by entering a pre-shared key. Choose an encryption algorithm. Choose an authentication algorithm. Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). Set the IKE SA lifetime.
Page 281: Negotiation Mode
Prestige. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange). VPN/IPSec Setup Prestige 202H User’s Guide 26-17...
Page 282: Configuring Ike Settings
26.11 Configuring IKE Settings This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the Prestige. Disabling PFS means new authentication and encryption keys are derived from the same root secret (which may have security implications in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).
Page 283: Table 26-8 Menu 27.1.1.1 Ike Setup
Press [SPACE BAR] to choose from Tunnel mode or Transport mode and then press [ENTER]. See earlier for a discussion of these. VPN/IPSec Setup Table 26-8 Menu 27.1.1.1 IKE Setup DESCRIPTION Prestige 202H User’s Guide EXAMPLE 28800 (default) SHA1 28800...
Page 284: Manual Key Setup
FIELD Perfect Forward Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2 Secrecy (PFS) IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press [SPACE BAR] and choose from DH1 or DH2 to enable PFS. DH1 refers to Diffie-Hellman Group 1 a 768 bit random number.
Page 285: Figure 26-8 Menu 27.1.1.2 Manual Setup
Key1= Key2= N/A Key3= N/A Key= Key= N/A Press ENTER to Confirm or ESC to Cancel: Figure 26-8 Menu 27.1.1.2 Manual Setup Table 26-10 Menu 27.1.1.2 Manual Setup DESCRIPTION Prestige 202H User’s Guide EXAMPLE ESP Tunnel 1234 89abcde SHA1 26-21...
Page 286: Telecommuter Vpn/Ipsec Examples
FIELD Key Enter the authentication key to be used by IPSec if applicable. The key must be unique. Enter 16 characters for MD5 authentication and 20 characters for SHA-1 authentication. Any character may be used, including spaces, but trailing spaces are truncated. AH Setup The AH Setup fields are N/A if you chose an ESP Active Protocol.
Page 287: Figure 26-9 Telecommuters Sharing One Vpn Rule Example
Public static IP address or domain IP Address: name. Figure 26-9 Telecommuters Sharing One VPN Rule Example VPN/IPSec Setup TELECOMMUTER Public static IP address 0.0.0.0 telecommuter can initiate the IPSec tunnel. Prestige 202H User’s Guide HEADQUARTERS With this IP address only the 26-23...
Page 288: Figure 26-10 Telecommuters Using Unique Vpn Rules Example
Prestige 202H User’s Guide 26.13.2 Telecommuters Using Unique VPN Rules Example With aggressive negotiation mode (see section 26.10.1Negotiation Mode) the Prestige can use the ID types and contents to distinguish between VPN rules. Telecommuters can each use a separate VPN rule to simultaneously access a Prestige at headquarters.
Page 289: Chapter 27 Sa Monitor
Press ENTER to Confirm or ESC to Cancel: SA Monitor Menu 27.2 - SA Monitor Name Encap. --------- Select Command= Refresh Select Connection= N/A Figure 27-1 Menu 27.2 SA Monitor Prestige 202H User’s Guide Chapter 27 SA Monitor IPSec Algorithm ---------------- Tunnel ESP DES MD5 27-1...
Page 290: Table 27-1 Menu 27.2 Sa Monitor
Prestige 202H User’s Guide FIELD This is the security association index number. Name This field displays the identification name for this VPN policy. This name is unique for each connection where the secure gateway IP address is a public static IP address.
Page 291: Chapter 28 Ipsec Log
This chapter interprets common IPSec log messages. Log: Send Main Mode request to <192.168.100.101> Send:<SA> Recv:<SA> Send:<KE><NONCE> Recv:<KE><NONCE> Send:<ID><HASH> Recv:<ID><HASH> Phase 1 IKE SA process done Start Phase 2: Quick Mode Send:<HASH><SA><NONCE><ID><ID> Recv:<HASH><SA><NONCE><ID><ID> Send:<HASH> Prestige 202H User’s Guide Chapter 28 IPSec Log 28-1...
Page 292: Figure 28-2 Example Vpn Responder Ipsec Log
Prestige 202H User’s Guide Index: Date/Time: ------------------------------------------------------------ 01 Jan 08:08:07 01 Jan 08:08:07 01 Jan 08:08:08 01 Jan 08:08:08 01 Jan 08:08:10 01 Jan 08:08:10 01 Jan 08:08:10 01 Jan 08:08:10 01 Jan 08:08:10 01 Jan 08:08:10 01 Jan 08:08:10...
Page 293 !! IKE Packet Retransmit !! Failed to send IKE Packet !! Too many errors! Deleting SA IPSec Log Prestige 202H User’s Guide DESCRIPTION Phase 2 negotiation is beginning using Quick Mode. The Prestige has begun negotiation with the peer for the connection already, but the IKE key exchange has not finished yet.
Page 294: Table 28-2 Sample Ipsec Logs During Packet Transmission
Prestige 202H User’s Guide The following table shows sample log messages during packet transmission. Table 28-2 Sample IPSec Logs During Packet Transmission LOG MESSAGE !! WAN IP changed to <IP> !! Cannot find Phase 2 SA !! Discard REPLAY packet...
Page 295 Table 28-3 RFC-2408 ISAKMP Payload Types NONCE NOTFY IPSec Log LOG DISPLAY PAYLOAD TYPE Nonce Notification Delete Vendor ID Prestige 202H User’s Guide 28-5...
Page 296: Appendices And Index
Appendices and Index Part V: Appendices and Index This part provides appendices and an index of key terms.
Page 298: Appendix A Troubleshooting
The port. communications software should be configured as follows: Troubleshooting Prestige 202H User’s Guide Appendix A Troubleshooting CORRECTIVE ACTION VT100 terminal emulation 9600 bps is the default speed on leaving the factory. Try other speeds in case the speed has been changed.
Page 299: Problems With The Isdn Line
Problems With the ISDN Line PROBLEM The ISDN initialization failed. This problem occurs when you attempt to save the parameters entered in Menu 2, but receive the message, ‘Save successful, but Failed to initialize ISDN; Press [Esc] to exit’. The ISDN loopback test failed. Problems With a LAN Interface Chart 3 Troubleshooting the LAN Interface PROBLEM...
Page 300: Problems Connecting To A Remote Node Or Isp
Check Menu 24.1 to verify the line status. If it indicates [down], then refer to the section on the line problems. In Menu 24.4.5, do a manual call to that remote node. Observe the messages and take appropriate actions. CORRECTIVE ACTION Chart 6 Troubleshooting the Password CORRECTIVE ACTION Prestige 202H User’s Guide...
Page 301: Problems With Remote Management
Problems With Remote Management PROBLEM Cannot access When NAT is enabled: the Prestige from the LAN or WAN. Refer to the Problems with the LAN Interface section for instructions on checking your LAN connection. Chart 7 Troubleshooting Telnet CORRECTIVE ACTION Use the Prestige’s WAN IP address when configuring from the WAN.
Page 302: Appendix B Power Adapter Specifications
UL, CUL (UL 1310, CSA C22.2 No.223) NORTH AMERICAN PLUG STANDARDS DSA-009F-12A AC100-250V/47-63Hz/0.3A DC 12 Volts/0.75A UL, CUL, T-mark (UL 1950, CSA C22.2 No.950) UNITED KINGDOM PLUG STANDARDS AA-121AD AC230Volts/50Hz/140mA AC12Volts/1.0A ITS-GS, CE (EN 60950, BS 7002) Prestige 202H User’s Guide Appendix B...
Page 303 AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards AC Power Adapter Model Input Power Output Power Power Consumption...
Page 304: Index
Broadband Access Security Gateway ... xxv Brute-force Attack,... 12-6 BTR ... See Base Transmission Rate budget control... 8-5, 10-3 Budget Management ... 22-2, 22-4, 22-5 Index Prestige 202H User’s Guide Call Control ...1-4 Call Direction...8-3 Call Filtering ...18-1 Call Filters Built-In ...18-1 User-Defined ...18-1...
Page 305 Customer Support ... vi data compression ...1-4 Data Filtering...18-1 Data Link Connection ...5-3 DDNS Configuration ... 4-3 Default Dial-In Setup Default Policy Log ...15-5 Denial of Service ... 12-2, 12-3, 13-1, 14-8 Denial of Services Thresholds ... 14-10 Destination Address ...15-3, 15-11 Device Filter rules ...18-16 DHCP ...
Page 306 Hardware Installation... 2-1 Hidden Menus ... 3-2 HTTP ...11-13, 12-1, 12-3, 12-4, 26-13, 26-14 HyperTerminal program... 21-6, 21-9 Index Prestige 202H User’s Guide i.e..See Syntax Conventions ICMP echo ...12-6 Idle Timeout ... 8-5, 10-9 Incoming Call Support ...1-2 Industry Canada ... iv Initial Screen ...3-1...
Page 307 Logging ...1-3 Logging Option ...18-11, 18-15 Login ...8-3 login screen...3-2 Logs ...17-1 Loop-back Test ...5-4 Mail Server ...14-5 Main Menu ...3-3 Main Menu Commands ...3-2 Management Information Base (MIB)...19-2 Max. Transmission Rate...8-6 Maximum Incomplete High...14-10 Maximum Incomplete Low...14-10 Max-incomplete High...14-8 Max-incomplete Low ...14-8, 14-10 Metric ...
Page 308 Service ...v, 15-2 Service Type... 16-3 Set Up a Schedule... 23-2 Single User Account ... 7-3 SMTP Error Messages ... 14-6 Smurf... 12-6 Index Prestige 202H User’s Guide SNMP...1-2 Community ... 19-3, 20-10 Configuration...19-2 Get ...19-2 Manager ...19-2 MIBs ...19-2 Trap...19-2...
Page 309 Target Utility ...8-7 TCP Maximum Incomplete ... 14-8, 14-9, 14-11 TCP Security ...12-10 TCP/IP... 6-6, 12-3, 12-4, 18-16, 20-13, 24-2 TCP/IP Ethernet Setup and DHCP...6-5 TCP/IP Setup ...6-6 Teardrop...12-4 Telco Options ...7-3 Telecommuting... 10-7, 10-8 Telnet ...24-2 Telnet Configuration ...24-2 Terminal Emulation ...3-1 TFTP and FTP Over WAN} ...

ZyXEL Communications Prestige 202H User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Hardware Installation

Chapter 3 Introducing the SMT

Chapter 4 SMT Menu 1 General Setup

Chapter 5 ISDN Setup

Chapter 6 Ethernet Setup

Chapter 7 Internet Access Setup

Chapter 8 Remote Node Configuration

Chapter 9 Static Route Setup

Chapter 10 Dial-In Setup

Chapter 11 Network Address Translation (NAT)

Chapter 12 Firewalls

Chapter 13 Introducing the Prestige Firewall

Chapter 14 Configuring Firewall with the Web Configurator

Chapter 15 Creating Custom Rules

Chapter 16 Customized Services

Chapter 17 Firewall Logs

Chapter 18 Filter Configuration

Quick Links

Related Manuals for ZyXEL Communications Prestige 202H

Summary of Contents for ZyXEL Communications Prestige 202H