ZyXEL Communications Prestige 792H User Manual
ZyXEL Communications Prestige 792H User Manual

ZyXEL Communications Prestige 792H User Manual

G.shdsl 4-port security gateway
Hide thumbs Also See for Prestige 792H:
Table of Contents

Advertisement

Quick Links

Prestige 792H
G.SHDSL 4-port Security Gateway
User's Guide
Version 3.40(BZ.0)
March 2004

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Prestige 792H and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications Prestige 792H

  • Page 1 Prestige 792H G.SHDSL 4-port Security Gateway User's Guide Version 3.40(BZ.0) March 2004...
  • Page 2 Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
  • Page 3 Prestige 792H User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
  • Page 4: Information For Canadian Users

    Prestige 792H User’s Guide Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction.
  • Page 5: Zyxel Limited Warranty

    Prestige 792H User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and...
  • Page 6: Customer Support

    Prestige 792H User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
  • Page 7 Prestige 792H User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION NORWAY support@zyxel.no +47 22 80 61 80 www.zyxel.no ZyXEL Communications A/S Nils Hansens vei 13 sales@zyxel.no +47 22 80 61 81 0667 Oslo...
  • Page 9: Table Of Contents

    Prestige 792H User’s Guide Table of Contents Copyright ................................ ii Federal Communications Commission (FCC) Interference Statement ............ iii Information for Canadian Users ........................iv ZyXEL Limited Warranty ..........................v Customer Support ............................vi Please have the following information ready when you contact customer support......... vi List of Figures ..............................
  • Page 10 Prestige 792H User’s Guide 3.7 IP Address and Subnet Mask ......................3-6 3.8 IP Address Assignment........................3-7 3.8.1IP Assignment with PPPoA or PPPoE Encapsulation ............3-7 3.8.2 IP Assignment with RFC 1483 Encapsulation ..............3-7 3.8.3 IP Assignment with ENET ENCAP Encapsulation ..............3-8 3.8.4 Private IP Addresses ......................3-8 3.9 Nailed-Up Connection (PPP) ......................3-8...
  • Page 11 Prestige 792H User’s Guide 5.13 Configuring Advanced Modem Setup..................5-18 Chapter 6 Network Address Translation (NAT) ..................6-1 6.1 NAT Overview..........................6-1 6.1.1 NAT Definitions........................6-1 6.1.2 What NAT Does........................6-1 6.1.3 How NAT Works ......................... 6-2 6.1.4 NAT Application........................6-2 6.1.5 NAT Mapping Types ......................
  • Page 12 Prestige 792H User’s Guide 9.1 Remote Management and the Firewall ..................9-1 9.2 Enabling the Firewall........................9-1 9.3 Configuring E-mail Alerts ......................9-2 9.4 Attack Alert............................9-3 9.4.1 Alerts.............................9-4 9.4.2 Threshold Values ........................9-4 9.4.3 Half-Open Sessions.......................9-4 Chapter 10 Creating Custom Rules......................10-1 10.1 Rules Overview..........................10-1 10.2 Rule Logic Overview........................10-1...
  • Page 13 Prestige 792H User’s Guide 13.3 Encapsulation ..........................13-5 13.3.1 Transport Mode ........................ 13-5 13.3.2 Tunnel Mode ........................13-5 13.4 IPSec and NAT ........................... 13-5 Chapter 14 VPN Screens........................... 14-1 14.1 VPN/IPSec Overview........................14-1 14.2 IPSec Algorithms ........................14-1 14.2.1 AH (Authentication Header) Protocol................14-1 14.2.2 ESP (Encapsulating Security Payload) Protocol ..............
  • Page 14 Prestige 792H User’s Guide Chapter 16 Universal Plug-and-Play (UPnP) ..................16-1 16.1 Universal Plug and Play Overview ....................16-1 16.1.1 How do I know if I'm using UPnP? ..................16-1 16.1.2 NAT Transversal.......................16-1 16.1.3 Cautions with UPnP ......................16-1 16.1.4 UPnP and ZyXEL ......................16-2 16.2 Accessing the Prestige Web Configurator to Configure UPnP ............16-2...
  • Page 15 Prestige 792H User’s Guide 21.2.3 Editing Filter Sets......................21-9 Chapter 22 LAN Setup..........................22-1 22.1 Ethernet Setup ..........................22-1 22.1.1 LAN Port Filter Setup ...................... 22-1 22.1.2 IP Alias Setup........................22-2 22.1.3 Route IP Setup........................22-3 22.1.4 TCP/IP Ethernet Setup and DHCP ................... 22-4 Chapter 23 Internet Access........................
  • Page 16 Prestige 792H User’s Guide 28.3 Filter Rule Configuration ......................28-9 28.3.1 TCP/IP Filter Rule ......................28-10 28.3.2 Generic Filter Rule......................28-14 28.4 Filter Types and NAT ........................28-16 28.5 Example Filter..........................28-16 28.6 Applying Filters and Factory Defaults..................28-20 28.6.1 Ethernet Traffic .......................28-20 28.6.2 Remote Node Filters .......................28-21 Chapter 29 SNMP Configuration ......................29-1...
  • Page 17 Prestige 792H User’s Guide 31.4.3 FTP File Upload Command from the DOS Prompt Example ........31-12 31.4.4 FTP Session Example of Firmware File Upload ............31-12 31.4.5 TFTP File Upload......................31-12 31.4.6 TFTP Upload Command Example ................. 31-13 31.4.7 Uploading Via Console Port................... 31-13 31.4.8 Uploading Firmware File Via Console Port ..............
  • Page 18 Prestige 792H User’s Guide 36.5.1 Active Protocol .......................36-13 36.5.2 Security Parameter Index (SPI)..................36-13 Chapter 37 SA Monitor ..........................37-1 37.1 SA Monitor Overview........................37-1 37.2 Using SA Monitor........................37-1 37.3 Viewing IPSec Log ........................37-3 37.3.1 VPN Responder IPSec Log....................37-3 Chapter 38 Internal SPTGEN........................38-1 38.1 Internal SPTGEN Overview ......................38-1...
  • Page 19: List Of Figures

    Prestige 792H User’s Guide List of Figures Figure 1-1 Internet Access Application ......................1-5 Figure 1-2 LAN-to-LAN Application ......................1-5 Figure 2-1 Password Screen .........................2-2 Figure 2-2 Web Configurator SITE MAP Screen..................2-3 Figure 2-3 Password.............................2-4 Figure 2-4 Example Xmodem Upload ......................2-5 Figure 3-1 Wizard Screen: WAN Setup......................3-4 Figure 3-2 Wizard Screen: Internet Access ....................3-5...
  • Page 20 Prestige 792H User’s Guide Figure 8-5 Stateful Inspection ........................8-8 Figure 9-1 Enabling the Firewall ......................... 9-1 Figure 9-2 E-mail ............................9-2 Figure 9-3 Alert............................9-6 Figure 10-1 LAN to WAN Traffic......................10-3 Figure 10-2 WAN to LAN Traffic......................10-4 Figure 10-3 Firewall Logs..........................
  • Page 21 Prestige 792H User’s Guide Figure 17-1 System Status..........................17-2 Figure 17-2 System Status: Show Statistics ....................17-4 Figure 17-3 DHCP Table ..........................17-6 Figure 17-4 Diagnostic..........................17-7 Figure 17-5 Diagnostic General .........................17-7 Figure 17-6 Diagnostic DSL Line ......................17-8 Figure 17-7 Firmware Upgrade ........................17-10 Figure 17-8 Network Temporarily Disconnected ..................17-11 Figure 17-9 Error Message........................
  • Page 22 Prestige 792H User’s Guide Figure 25-3 IP Static Route Setup......................25-2 Figure 25-4 Edit IP Static Route ........................ 25-3 Figure 26-1 Remote Node Bridging Options ..................... 26-2 Figure 26-2 Bridge Static Route Setup ...................... 26-3 Figure 26-3 Edit Bridge Static Route ......................26-3 Figure 27-1 Applying NAT for Internet Access ..................
  • Page 23 Prestige 792H User’s Guide Figure 28-14 Protocol and Device Filter Sets ..................28-16 Figure 28-15 Sample Telnet Filter......................28-17 Figure 28-16 Sample Filter Rules Summary — Menu 21.1 ..............28-18 Figure 28-17 Sample Filter Rules Summary — Menu 21.3.1 ..............28-19 Figure 28-18 Sample Filter Rules Summary — Applying a Remote Node Filter Set ......28-20 Figure 28-19 Filtering Ethernet Traffic ....................28-21...
  • Page 24 Prestige 792H User’s Guide Figure 32-4 Budget Management....................... 32-3 Figure 32-5 System Maintenance....................... 32-4 Figure 32-6 System Maintenance — Time and Date Setting ..............32-4 Figure 33-1 IP Routing Policy Setup ......................33-2 Figure 33-2 Sample IP Routing Policy Setup..................... 33-3 Figure 33-3 IP Routing Policy ........................
  • Page 25 Prestige 792H User’s Guide List of Tables Table 2-1 Password ............................2-4 Table 3-1 Wizard Screen: WAN Setup ......................3-5 Table 3-2 Wizard Screen: Internet Access ....................3-6 Table 3-3 Internet Connection with PPPoA ....................3-10 Table 3-4 Internet Connection with RFC 1483...................3-12 Table 3-5 Internet Connection with ENET ENCAP...................3-13 Table 3-6 Internet Connection with PPPoE....................3-15...
  • Page 26 Prestige 792H User’s Guide Table 12-3 Content Filter: Trusted ......................12-4 Table 12-4 Content Filter Logs ........................12-6 Table 13-1 VPN and NAT .......................... 13-6 Table 14-1 AH and ESP ..........................14-2 Table 14-2 VPN Summary ......................... 14-4 Table 14-3 Local ID Type and Content Fields ................... 14-6 Table 14-4 Peer ID Type and Content Fields .....................
  • Page 27 Prestige 792H User’s Guide Table 23-1 Internet Access Setup .......................23-2 Table 24-1 Remote Node Profile ........................24-3 Table 24-2 Remote Node Network Layer Options ..................24-6 Table 25-1 Edit IP Static Route ........................25-3 Table 26-1 Remote Node Bridging Options ....................26-2 Table 26-2 Edit Bridge Static Route......................26-3 Table 27-1 Applying NAT to the Remote Node ..................27-3...
  • Page 28 Prestige 792H User’s Guide Table A-5 Troubleshooting the Password....................A-3 Table A-6 Troubleshooting Telnet....................... A-3 Diagram C-1 Virtual Circuit Topology......................C-1 xxviii List of Tables...
  • Page 29: Preface

    Prestige 792H User’s Guide Preface Congratulations on your purchase of the Prestige 792H G.SHDSL Router. Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.
  • Page 30 For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The Prestige 792H may be referred to as the Prestige in this user’s guide. • Images of Prestige 792H are used throughout this document unless otherwise specified.
  • Page 31: Introduction To Dsl

    Prestige 792H User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
  • Page 33: Getting Started

    Getting Started Getting Started This part covers Getting to Know Your Prestige, Hardware Installation, Initial Setup, WAN, LAN and Internet Access.
  • Page 35: Chapter 1 Getting To Know Your G.shdsl Router

    Symmetrical High Speed Internet Access The Prestige 792H can support symmetrical transmission up to 2.3 Mbps, 40 times faster than a 56K analog modem. For NSP’s (Network Service Provider) convenience, the Prestige also supports rate management depending on distance and service charges.
  • Page 36: Traffic Redirect

    Prestige 792H User’s Guide IPSec VPN Capability Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige’s VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
  • Page 37: Protocols Supported

    Prestige 792H User’s Guide IP Alias IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.
  • Page 38 Prestige 792H User’s Guide IRC, ICQ, RealAudio, VDOLive, Quake and PPTP. No extra configuration is needed to support these applications. SUA address mapping can also be used for other LAN-to-LAN connections. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
  • Page 39: Application Scenarios For The Prestige

    Prestige 792H User’s Guide Application Scenarios for the Prestige This section provides examples on how your Prestige can be used. 1.2.1 Internet Access Figure 1-1 Internet Access Application Your Prestige can act as either of the following: A bridge for multi-computer/MAC bridging (RFC-1483, bridged Ethernet/802.3).
  • Page 41: Chapter 2 Introducing The Web Configurator

    Prestige 792H User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. Web Configurator Overview The embedded web configurator (ewc) allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled.
  • Page 42: Navigating The Prestige Web Configurator

    Prestige 792H User’s Guide Figure 2-1 Password Screen Step 6. You should now see the Site Map screen. The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you. Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the Site Map screen.
  • Page 43: Configuring Password

    Prestige 792H User’s Guide Wizard Setup Navigation panel Logout Figure 2-2 Web Configurator SITE MAP Screen Click the HELP icon (located in the top right corner of most screens) to view embedded help. Configuring Password It is highly recommended that you change the password for accessing the Prestige.
  • Page 44: Resetting The Prestige

    Prestige 792H User’s Guide Figure 2-3 Password The following table describes the labels in this screen. Table 2-1 Password LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field.
  • Page 45: Using The Reset Button

    Prestige 792H User’s Guide of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to “1234”, also. 2.5.1 Using The Reset Button Step 1. Make sure the SYS LED is on (not blinking).
  • Page 47: Chapter 3 Wizard Setup

    Prestige 792H User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access settings and fill in the fields with the information in the Internet Account Information table of the Quick Start Guide or Read Me First.
  • Page 48: Transfer Rates

    Prestige 792H User’s Guide 3.2.3 Transfer Rates The Prestige supports the following symmetrical multi-rate data transmission speeds: 72, 136, 200, 264, 392, 520, 776, 1032, 1160, 1544, 1736, 2056 and 2312Kbps. You can increase the capacity of the Internet connection (within certain limitations) without changing your ISP or buying new equipment.
  • Page 49: Pppoa

    Prestige 792H User’s Guide ATM PVC (Permanent Virtual Circuit), which connects to ADSL Access Concentrator where the PPP session terminates. One PVC can support any number of PPP sessions from your LAN. For more information on PPPoE, see the appendix.
  • Page 50: Vpi And Vci

    Prestige 792H User’s Guide is not practical to have a separate VC for each carried protocol, for example, if charging heavily depends on the number of simultaneous VCs. VPI and VCI Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers assigned to you.
  • Page 51: Figure 3-2 Wizard Screen: Internet Access

    Prestige 792H User’s Guide Table 3-1 Wizard Screen: WAN Setup LABEL DESCRIPTION Service Type Select Client if your Prestige will act as a client device or Server if your Prestige will act as a server (see Service Type). Transfer Rate Rate Adaption If you enable Rate Adaption, the Prestige connects at the optimal transfer rate between the min and max rates below.
  • Page 52: Ip Address And Subnet Mask

    Prestige 792H User’s Guide Table 3-2 Wizard Screen: Internet Access LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
  • Page 53: Ip Address Assignment

    Prestige 792H User’s Guide recommended that you select a network number from 192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise.
  • Page 54: Ip Assignment With Enet Encap Encapsulation

    Prestige 792H User’s Guide 3.8.3 IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and ENET ENCAP Gateway fields as supplied by your ISP. However for a dynamic IP, the Prestige acts as a DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are not applicable (N/A) as the DHCP server assigns them to the Prestige.
  • Page 55: Nat

    Prestige 792H User’s Guide disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons. Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern 3.10 NAT...
  • Page 56: Figure 3-3 Internet Connection With Pppoa

    Prestige 792H User’s Guide Figure 3-3 Internet Connection with PPPoA The following table describes the labels in this screen. Table 3-3 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form...
  • Page 57 Prestige 792H User’s Guide Table 3-3 Internet Connection with PPPoA LABEL DESCRIPTION IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
  • Page 58: Rfc 1483

    Prestige 792H User’s Guide 3.11.2 RFC 1483 Select RFC 1483 from the Encapsulation drop-down list box in the first wizard screen to display the screen as shown. Figure 3-4 Internet Connection with RFC 1483 The following table describes the labels in this screen.
  • Page 59: Figure 3-5 Internet Connection With Enet Encap

    Prestige 792H User’s Guide Figure 3-5 Internet Connection with ENET ENCAP The following table describes the labels in this screen. Table 3-5 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
  • Page 60: Pppoe

    Prestige 792H User’s Guide Table 3-5 Internet Connection with ENET ENCAP LABEL DESCRIPTION Network Address Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT Translation chapter for more details. Back Click Back to go back to the first wizard screen.
  • Page 61: Dhcp Setup

    Prestige 792H User’s Guide Table 3-6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Configure User Name and Password fields for PPPoA and PPPoE encapsulation only. Enter the user name exactly as your ISP assigned. If assigned a name in the form...
  • Page 62: Ip Pool Setup

    Prestige 792H User’s Guide disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
  • Page 63: Figure 3-8 Wizard: Lan Configuration

    Prestige 792H User’s Guide If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next. Figure 3-8 Wizard: LAN Configuration The following table describes the labels in this screen. Table 3-7 Wizard: LAN Configuration...
  • Page 64: Wizard Setup Configuration: Connection Tests

    Prestige 792H User’s Guide Table 3-7 Wizard: LAN Configuration LABEL DESCRIPTION DHCP DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client.
  • Page 65: Test Your Internet Connection

    Prestige 792H User’s Guide Figure 3-9 Wizard Screen: Connection Tests 3.15 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.
  • Page 67: Chapter 4 Lan Setup

    Prestige 792H User’s Guide Chapter 4 LAN Setup This chapter describes how to configure LAN settings. LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
  • Page 68: Dns Server Address Assignment

    Prestige 792H User’s Guide before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up.
  • Page 69: Factory Lan Defaults

    Prestige 792H User’s Guide 4.4.1 Factory LAN Defaults The LAN parameters of the Prestige are preset in the factory with the following values: IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
  • Page 70: Configuring Lan

    Prestige 792H User’s Guide RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers.
  • Page 71: Table 4-1 Lan

    Prestige 792H User’s Guide The following table describes the labels in this screen. Table 4-1 LAN LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
  • Page 72 Prestige 792H User’s Guide Table 4-1 LAN LABEL DESCRIPTION Apply Click this button to save these settings back to the Prestige. Cancel Click this button to reset the fields in this screen. LAN Setup...
  • Page 73: Chapter 5 Wan Setup

    Prestige 792H User’s Guide Chapter 5 WAN Setup This chapter describes how to configure WAN settings. WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. See the Wizard Setup chapter for more information on the fields in the WAN screens.
  • Page 74: Pppoe Encapsulation

    Prestige 792H User’s Guide If you want the dial-backup route to take first priority over the traffic-redirect route or even the normal route, all you need to do is set the dial-backup route’s metric to "1" and the others to "2" (or greater).
  • Page 75: Traffic Shaping

    Prestige 792H User’s Guide Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections.
  • Page 76: Configuring Wan Setup

    Prestige 792H User’s Guide Figure 5-1 Example of Traffic Shaping Configuring WAN Setup To change your Prestige’s WAN remote node settings, click WAN, WAN Setup. The screen differs by the encapsulation. WAN Setup...
  • Page 77: Figure 5-2 Wan Setup

    Prestige 792H User’s Guide Figure 5-2 WAN Setup The following table describes the labels in this screen. WAN Setup...
  • Page 78: Table 5-1 Wan Setup

    Prestige 792H User’s Guide Table 5-1 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
  • Page 79 Prestige 792H User’s Guide Table 5-1 WAN Setup LABEL DESCRIPTION Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535.
  • Page 80: Traffic Redirect

    Prestige 792H User’s Guide Table 5-1 WAN Setup LABEL DESCRIPTION Subnet Mask Enter a subnet mask in dotted decimal notation. (ENET ENCAP Refer to the Subnetting appendix to calculate a subnet mask If you are implementing encapsulation only) subnetting. ENET ENCAP You must specify a gateway IP address (supplied by your ISP) when you select ENET ENCAP in the Encapsulation field.
  • Page 81: Configuring Wan Backup

    Prestige 792H User’s Guide The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN or DMZ. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
  • Page 82: Figure 5-5 Wan Backup

    Prestige 792H User’s Guide To change your Prestige’s WAN backup settings, click WAN, then WAN Backup. The screen appears as shown. Figure 5-5 WAN Backup The following table describes the fields in this screen. 5-10 WAN Setup...
  • Page 83: Table 5-2 Wan Backup

    Prestige 792H User’s Guide Table 5-2 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check the DSL connection’s physical layer. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
  • Page 84: Outgoing Authentication Protocol

    Prestige 792H User’s Guide Table 5-2 WAN Backup LABEL DESCRIPTION Backup Gateway Type the IP address of your backup gateway in dotted decimal notation. The Prestige automatically forwards traffic to this IP address if the Prestige's Internet connection terminates. Dial Backup Active Select this check box to turn on dial backup.
  • Page 85: Configuring Advanced Wan Backup

    Prestige 792H User’s Guide peer disconnects right after a successful authentication, make sure that you specify the correct authentication protocol when connecting to such an implementation. Configuring Advanced WAN Backup To edit your Prestige’s advanced WAN backup settings, click WAN, WAN Backup and then the Advanced Setup button.
  • Page 86: Figure 5-6 Advanced Wan Backup

    Prestige 792H User’s Guide Figure 5-6 Advanced WAN Backup 5-14 WAN Setup...
  • Page 87 Prestige 792H User’s Guide The following table describes the fields in this screen. Advanced WAN Backup Table 5-3 LABEL DESCRIPTION Basic Login Name Type the login name assigned by your ISP. Password Type the password assigned by your ISP. Retype to Confirm Type your password again to make sure that you have entered is correctly.
  • Page 88: Table 5-3 Advanced Wan Backup

    Prestige 792H User’s Guide Advanced WAN Backup Table 5-3 LABEL DESCRIPTION Enable SUA Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network to a different IP address known within another network. SUA (Single User Account) is a subset of NAT that supports two types of mapping: Many-to-One and Server.
  • Page 89: At Command Strings

    Prestige 792H User’s Guide Advanced WAN Backup Table 5-3 LABEL DESCRIPTION PPP Options Select CISCO PPP from the drop-down list box if your backup WAN device uses Encapsulation Cisco PPP encapsulation; otherwise select Standard PPP. Compression Select this check box to enable stac compression.
  • Page 90: Dtr Signal

    Prestige 792H User’s Guide For ISDN lines, there are many more protocols and operational modes. Please consult the documentation of your TA. You may need additional commands in both “Dial” and “Init” strings. 5.11 DTR Signal The majority of WAN devices default to hanging up the current call when the DTR (Data Terminal Ready) signal is dropped by the DTE.
  • Page 91: Figure 5-7 Advanced Modem Setup

    Prestige 792H User’s Guide Figure 5-7 Advanced Modem Setup The following table describes the fields in this screen. Table 5-4 Advanced Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to make a call. Example: atdt Drop Type the AT Command string to drop a call.
  • Page 92 Prestige 792H User’s Guide Table 5-4 Advanced Modem Setup LABEL DESCRIPTION Drop DTR When Select this check box to have the Prestige drop the DTR (Data Terminal Ready) Hang Up signal after the "AT Command String: Drop" is sent out.
  • Page 93 NAT and Dynamic DNS Part II: NAT and Dynamic DNS This part covers NAT (Network Address Translation) and dynamic DNS (Domain Name Sever)
  • Page 95: Chapter 6 Network Address Translation (Nat)

    Prestige 792H User’s Guide Chapter 6 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
  • Page 96: How Nat Works

    Prestige 792H User’s Guide local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed. The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, for example, a web server and a telnet server, on your local network and make them accessible to the outside world.
  • Page 97: Nat Mapping Types

    Prestige 792H User’s Guide Figure 6-2 NAT Application With IP Alias 6.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.
  • Page 98: Sua (Single User Account) Versus Nat

    Prestige 792H User’s Guide 5. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many-to-Many No Overload NAT mapping types.
  • Page 99: Sua Server

    Prestige 792H User’s Guide SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.
  • Page 100: Configuring Servers Behind Sua (Example)

    Prestige 792H User’s Guide The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Table 6-3 Services and Port Numbers SERVICES PORT NUMBER ECHO FTP (File Transfer Protocol)
  • Page 101: Selecting The Nat Mode

    Prestige 792H User’s Guide Figure 6-3 Multiple Servers Behind NAT Example Selecting the NAT Mode Click NAT to open the following screen. Figure 6-4 NAT Mode The following table describes the labels in this screen.
  • Page 102: Configuring Sua Server

    Prestige 792H User’s Guide Table 6-4 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. Select this radio button if you have just one public WAN IP address for your Prestige. The SUA Only Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
  • Page 103: Figure 6-5 Edit Sua/Nat Server Set

    Prestige 792H User’s Guide Figure 6-5 Edit SUA/NAT Server Set The following table describes the labels in this screen. Table 6-5 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field.
  • Page 104: Configuring Address Mapping

    Prestige 792H User’s Guide Table 6-5 Edit SUA/NAT Server Set LABEL DESCRIPTION End Port No. Enter a port number in this field. To forward only one port, enter the port number again in the Start Port No. field above and then enter it again in this field.
  • Page 105: Figure 6-6 Address Mapping Rules

    Prestige 792H User’s Guide Figure 6-6 Address Mapping Rules The following table describes the labels in this screen. Table 6-6 Address Mapping Rules LABEL DESCRIPTION Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping.
  • Page 106: Editing An Address Mapping Rule

    Prestige 792H User’s Guide Table 6-6 Address Mapping Rules LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account...
  • Page 107: Table 6-7 Address Mapping Rule Edit

    Prestige 792H User’s Guide The following table describes the labels in this screen. Table 6-7 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One: One-to-One mode maps one local IP address to one global IP address.
  • Page 109: Chapter 7 Dynamic Dns Setup

    Prestige 792H User’s Guide Chapter 7 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
  • Page 110: Figure 7-1 Ddns

    Prestige 792H User’s Guide Figure 7-1 DDNS The following table describes the labels in this screen. Table 7-1 DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
  • Page 111 Firewall and Content Filter Part III: Firewall and Content Filter This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules and an overview of content filtering.
  • Page 113: Chapter 8 Firewall

    Prestige 792H User’s Guide Chapter 8 Firewall This chapter gives some background information on firewalls and introduces the Prestige firewall. Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access- control policy between two networks.
  • Page 114: Stateful Inspection Firewalls

    Prestige 792H User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
  • Page 115: Denial Of Service

    Prestige 792H User’s Guide Figure 8-1 Prestige Firewall Application Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
  • Page 116: Types Of Dos Attacks

    Prestige 792H User’s Guide Table 8-1 Common IP Ports Telnet HTTP SMTP POP3 8.4.2 Types of DoS Attacks There are four types of DoS attacks: 1. Those that exploit bugs in a TCP/IP implementation. 2. Those that exploit weaknesses in the TCP/IP specification.
  • Page 117: Figure 8-2 Three-Way Handshake

    Prestige 792H User’s Guide Figure 8-2 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
  • Page 118: Figure 8-4 Smurf Attack

    Prestige 792H User’s Guide 2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
  • Page 119: Stateful Inspection

    Prestige 792H User’s Guide The only legal NetBIOS commands are the following - all others are illegal. Table 8-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables.
  • Page 120: Stateful Inspection Process

    Prestige 792H User’s Guide Allows all sessions originating from the LAN (local network) to the WAN (Internet). Denies all sessions originating from the WAN to the LAN. Figure 8-5 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works.
  • Page 121: Stateful Inspection And The Prestige

    Prestige 792H User’s Guide 4. Based on the obtained state information, a firewall rule creates a temporary access list entry that is inserted at the beginning of the WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets of the same connection as the outbound packet just inspected.
  • Page 122: Tcp Security

    Prestige 792H User’s Guide Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the Prestige itself (as with the "virtual connections" created for UDP and ICMP).
  • Page 123: Upper Layer Protocols

    Prestige 792H User’s Guide 8.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple network connections simultaneously. In general terms, they usually have a "control connection" which is used for sending commands between endpoints, and then "data connections" which are used for transmitting bulk information.
  • Page 124: Packet Filtering Vs Firewall

    Prestige 792H User’s Guide 1. Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk.
  • Page 125: Packet Filtering

    Prestige 792H User’s Guide 8.7.1 Packet Filtering: The router filters packets as they pass through the router’s interface according to the filter rules you designed. Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if you need a chain of rules to filter a service.
  • Page 126 Prestige 792H User’s Guide To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters cannot distinguish traffic originating from an inside host or an outside host by IP address. The firewall performs better than filtering if you need to check many rules.
  • Page 127: Chapter 9 Firewall Configuration

    Prestige 792H User’s Guide Chapter 9 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. Remote Management and the Firewall When remote management is configured to allow management (see the Remote Management chapter) and the firewall is enabled: The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it.
  • Page 128: Configuring E-Mail Alerts

    Prestige 792H User’s Guide Configuring E-mail Alerts To change your Prestige’s E-mail log settings, click Advanced Setup, Firewall, and then E-mail. The screen appears as shown. This screen is not available on all models. Use the E-Mail screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige is to send.
  • Page 129: Attack Alert

    Prestige 792H User’s Guide Table 9-1 E-mail LABEL DESCRIPTION E-mail Alerts To Alerts are sent to the e-mail address specified in this field. If this field is left blank, alerts will not be sent via e-mail. Return Address Type an E-mail address to identify the Prestige as the sender of the e-mail messages i.e., a "return-to-sender"...
  • Page 130: Alerts

    Prestige 792H User’s Guide 9.4.1 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Alert screen (Figure 9-3 - select the Generate alert when...
  • Page 131: Tcp Maximum Incomplete And Blocking Time

    Prestige 792H User’s Guide delete half-open sessions as necessary, until the rate of new connection attempts drops below another threshold (one-minute low). The rate is the number of new attempts detected in the last one-minute sample period. TCP Maximum Incomplete and Blocking Time An unusually high number of half-open sessions with the same destination host address could indicate that a Denial of Service attack is being launched against the host.
  • Page 132: Figure 9-3 Alert

    Prestige 792H User’s Guide Figure 9-3 Alert The following table describes the labels in this screen. Table 9-2 Alert LABEL DESCRIPTION Generate alert Select this check box to generate an alert whenever an attack is detected. when attack detected Denial of Services Thresholds...
  • Page 133 Prestige 792H User’s Guide Table 9-2 Alert LABEL DESCRIPTION One Minute High This is the rate of new half-open sessions that causes the firewall to start deleting half-open sessions. The default is "100". When the rate of new connection attempts rises above this number, the Prestige deletes half-open sessions as required to accommodate new connection attempts.
  • Page 135: Chapter 10 Creating Custom Rules

    Prestige 792H User’s Guide Chapter 10 Creating Custom Rules This chapter contains instructions for defining both Local Network and Internet rules. 10.1 Rules Overview Firewall rules are subdivided into “Local Network” and “Internet”. By default, the Prestige’s stateful packet inspection allows all communications to the Internet that originate from the local network, and blocks all traffic to the LAN that originates from the Internet.
  • Page 136: Security Ramifications

    Prestige 792H User’s Guide 3. What is the direction connection: from the LAN to the Internet, or from the Internet to the LAN? 4. What IP services will be affected? 5. What computers on the LAN are to be affected (if any)? 6.
  • Page 137: Connection Direction

    Prestige 792H User’s Guide Source Address What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? Destination Address What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? 10.3 Connection Direction...
  • Page 138: Wan To Lan Rules

    Prestige 792H User’s Guide 10.3.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.
  • Page 139: Figure 10-3 Firewall Logs

    Prestige 792H User’s Guide Figure 10-3 Firewall Logs The following table describes the labels in this screen. Table 10-1 Firewall Logs LABEL DESCRIPTION EXAMPLE This is the index number of the firewall log. 128 entries are available numbered from 0 to 127. Once they are all used, the log will wrap around and the old logs will be lost.
  • Page 140: Rule Summary

    Prestige 792H User’s Guide Table 10-1 Firewall Logs LABEL DESCRIPTION EXAMPLE Reason This field states the reason for the log; i.e., was the rule not match matched, not matched, or was there an attack. The set and <1,01> dest IP rule coordinates (<X, Y>...
  • Page 141: Figure 10-4 Firewall Rules Summary: First Screen

    Prestige 792H User’s Guide Click on Firewall, then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed. The ordering of your rules is very important as rules are applied in turn.
  • Page 142: Predefined Services

    Prestige 792H User’s Guide Table 10-2 Firewall Rules Summary: First Screen LABEL DESCRIPTION The default action for Use the drop-down list box to select whether to Block (silently discard) or packets not matching Forward (allow the passage of) packets that do not match the following rules.
  • Page 143: Table 10-3 Predefined Services

    Prestige 792H User’s Guide defines the service. (Note that there may be more than one IP protocol type. For example, look at the default configuration labeled “(DNS)”. means UDP port 53 and TCP port 53. Up to 128 entries are (UDP/TCP:53) supported.
  • Page 144 Prestige 792H User’s Guide Table 10-3 Predefined Services SERVICE DESCRIPTION NEWS(TCP:144) A protocol for news groups. NFS(UDP:2049) Network File System - NFS is a client/server distributed file service that provides transparent file-sharing for network environments. NNTP(TCP:119) Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
  • Page 145: Creating/Editing Firewall Rules

    Prestige 792H User’s Guide Table 10-3 Predefined Services SERVICE DESCRIPTION SSDP(UDP:1900) Simple Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using UDP port 1900. SSH(TCP/UDP:22) Secure Shell Remote Login Program.
  • Page 146: Figure 10-5 Creating/Editing A Firewall Rule

    Prestige 792H User’s Guide Figure 10-5 Creating/Editing A Firewall Rule The following table describes the labels in this screen. Table 10-4 Creating/Editing A Firewall Rule LABEL DESCRIPTION Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one.
  • Page 147: Source And Destination Addresses

    Prestige 792H User’s Guide Table 10-4 Creating/Editing A Firewall Rule LABEL DESCRIPTION Destination Address Click DestAdd to add a new address, DestEdit to edit an existing one or DestDelete to delete one. Services Select a service in the Available Services box on the left, then click >> to select.
  • Page 148: Timeout

    Prestige 792H User’s Guide Figure 10-6 Adding/Editing Source and Destination Addresses The following table describes the labels in this screen. Table 10-5 Adding/Editing Source and Destination Addresses LABEL DESCRIPTION Address Type Do you want your rule to apply to packets with a particular (single) IP address, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP...
  • Page 149: Factors Influencing Choices For Timeout Values

    Prestige 792H User’s Guide 10.8.1 Factors Influencing Choices for Timeout Values The factors influencing choices for timeout values are the same as the factors influencing choices for threshold values – see section 9.4.2. Click Timeout for either Local Network or Internet.
  • Page 150 Prestige 792H User’s Guide Table 10-6 Timeout LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to return to the previous configuration. 10-16...
  • Page 151: Chapter 11 Customized Services

    Prestige 792H User’s Guide Chapter 11 Customized Services This chapter covers creating, viewing and editing custom services. 11.1 Introduction to Customized Services Configure customized services and port numbers not predefined by the Prestige (see Figure 10-5). For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
  • Page 152: Creating/Editing A Customized Service

    Prestige 792H User’s Guide Table 11-1 Customized Services LABEL DESCRIPTION Customized Services This is the number of your customized port. Click a rule’s number of a service to go to the Firewall Customized Services Config screen to configure or edit a customized service.
  • Page 153: Example Custom Service Firewall Rule

    Prestige 792H User’s Guide Table 11-2 Creating/Editing A Customized Service LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
  • Page 154: Figure 11-4 Configure Source Ip Example

    Prestige 792H User’s Guide Step 4. Click ScrAdd to open the Rule IP Config screen. Configure it as follows and click Apply. Figure 11-4 Configure Source IP Example Step 5. Click Edit Available Service in the Edit rule screen and then click a rule number to bring up the Firewall Customized Services Config screen.
  • Page 155: Figure 11-6 Syslog Rule Configuration Example

    Prestige 792H User’s Guide Step 6. Follow the procedures outlined earlier in this chapter to configure all your rules. Configure the rule configuration screen like the one below and apply it. This is the address range of the MyService computers.
  • Page 156: Figure 11-7 Rule Summary Example

    Prestige 792H User’s Guide Step 7. On completing the configuration procedure for these Internet firewall rules, the Rule Summary screen should look like the following. Don’t forget to click Apply when you have finished configuring your rule(s) to save your settings back to the Prestige.
  • Page 157: Chapter 12 Content Filtering

    Prestige 792H User’s Guide Chapter 12 Content Filtering This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
  • Page 158: Figure 12-1 Content Filter: Keyword

    Prestige 792H User’s Guide Figure 12-1 Content Filter: Keyword The following table describes the labels in this screen. Table 12-1 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured the Prestige contain these keywords in to block.
  • Page 159: Configuring The Schedule

    Prestige 792H User’s Guide Table 12-1 Content Filter: Keyword LABEL DESCRIPTION Add Keyword Click Add Keyword after you have typed a keyword. Repeat this procedure to add other keywords. Up to 127 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.
  • Page 160: Configuring Trusted Computers

    Prestige 792H User’s Guide Table 12-2 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Use the 24 hour format to configure which time of the day (or select the All day check box)
  • Page 161: Configuring Logs

    Prestige 792H User’s Guide Table 12-3 Content Filter: Trusted LABEL DESCRIPTION Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer.
  • Page 162: Table 12-4 Content Filter Logs

    Prestige 792H User’s Guide Table 12-4 Content Filter Logs LABEL DESCRIPTION Page Choose a page of logs from the drop-down list box to display. This is the index number of the content filter log. Time This field displays the time of the log.
  • Page 163 VPN/IPSec Part IV: VPN/IPSec This part provides information about configuring VPN/IPSec for secure communications.
  • Page 165: Chapter 13 Introduction To Ipsec

    Prestige 792H User’s Guide Chapter 13 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 13.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
  • Page 166: Vpn Applications

    Prestige 792H User’s Guide Figure 13-1 Encryption and Decryption Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
  • Page 167: Ipsec Architecture

    Prestige 792H User’s Guide Figure 13-2 VPN Application 13.2 IPSec Architecture The overall IPSec architecture is shown as follows. Introduction to IPSec 13-3...
  • Page 168: Ipsec Algorithms

    Prestige 792H User’s Guide Figure 13-3 IPSec Architecture 13.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
  • Page 169: Encapsulation

    Prestige 792H User’s Guide 13.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 13-4 Transport and Tunnel Mode IPSec Encapsulation 13.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
  • Page 170: Table 13-1 Vpn And Nat

    Prestige 792H User’s Guide computing its own hash value, and complain that the hash value appended to the received packet doesn't match. The VPN device at the receiving end doesn't know about the NAT in the middle, so it assumes that the data has been maliciously altered.
  • Page 171: Chapter 14 Vpn Screens

    Prestige 792H User’s Guide Chapter 14 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the Reference Guide for IPSec log description 14.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
  • Page 172: My Ip Address

    Prestige 792H User’s Guide Table 14-1 AH and ESP DES (default) MD5 (default) Data Encryption Standard (DES) is a widely used method MD5 (Message Digest 5) produces a 128-bit of data encryption using a private (secret) key. DES digest to authenticate packet data.
  • Page 173: Vpn Summary Screen

    Prestige 792H User’s Guide The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE key management and not Manual key management. 14.5 VPN Summary Screen The following figure helps explain the main fields in the web configurator.
  • Page 174: Figure 14-2 Vpn Summary

    Prestige 792H User’s Guide Figure 14-2 VPN Summary The following table describes the labels in this screen. Table 14-2 VPN Summary LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for this VPN policy.
  • Page 175: Keep Alive

    Prestige 792H User’s Guide Table 14-2 VPN Summary LABEL DESCRIPTION IPSec Algorithm This field displays the security protocols used for an SA. Both AH and ESP increase Prestige processing requirements and communications latency (delay). Secure Gateway This is the IP address of the remote IPSec router. This must be a fixed, public IP address for traffic going through the Internet.
  • Page 176: Id Type And Content Examples

    Prestige 792H User’s Guide With main mode (see section 14.10.1), the ID type and content are encrypted to provide identity protection. In this case the Prestige can only distinguish between up to eight different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses. The Prestige can distinguish up to eight...
  • Page 177: Pre-Shared Key

    Prestige 792H User’s Guide Table 14-5 Matching ID Type and Content Configuration Example PRESTIGE A PRESTIGE B Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2 Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2...
  • Page 178: Figure 14-3 Vpn Ike

    Prestige 792H User’s Guide Figure 14-3 VPN IKE 14-8 VPN Screens...
  • Page 179: Table 14-7 Vpn Ike

    Prestige 792H User’s Guide The following table describes the labels in this screen. Table 14-7 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Keep Alive Select either Yes or No from the drop-down list box.
  • Page 180 Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION Local Address Type Use the drop-down menu to choose Single, Range, or Subnet. Select Single for a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask.
  • Page 181 Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION End / Subnet Mask When the Remote Address Type field is configured to Single, enter the IP address in the IP Address Start field again here. When the Remote Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
  • Page 182 Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the Prestige automatically use the address in the Secure Gateway Address field.
  • Page 183: Ike Phases

    Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet Algorithm data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.
  • Page 184: Negotiation Mode

    Prestige 792H User’s Guide Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime period expires. If an IKE SA times out when an IPSec SA is already established, the IPSec SA stays connected.
  • Page 185: Configuring Advanced Ike Settings

    Prestige 792H User’s Guide previous and subsequent keys are not compromised, because subsequent keys are not derived from previous keys. The (time-consuming) Diffie-Hellman exchange is the trade-off for this extra security. This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the Prestige.
  • Page 186: Table 14-8 Vpn Ike: Advanced

    Prestige 792H User’s Guide The following table describes the labels in this screen. Table 14-8 VPN IKE: Advanced LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
  • Page 187 Prestige 792H User’s Guide Table 14-8 VPN IKE: Advanced LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
  • Page 188: Manual Key Setup

    Prestige 792H User’s Guide Table 14-8 VPN IKE: Advanced LABEL DESCRIPTION Encryption Select DES, 3DES or NULL from the drop-down list box. Algorithm When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
  • Page 189: Security Parameter Index (Spi)

    Prestige 792H User’s Guide 14.12.1 Security Parameter Index (SPI) An SPI is used to distinguish different SAs terminating at the same destination and using the same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The SPI (Security Parameter Index) along with a destination IP address uniquely identify a particular Security Association (SA).
  • Page 190: Figure 14-6 Vpn Manual Key

    Prestige 792H User’s Guide Figure 14-6 VPN Manual Key The following table describes the labels in this screen. 14-20 VPN Screens...
  • Page 191: Table 14-9 Vpn Manual Key

    Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces.
  • Page 192 Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION IP Address Start When the Local Address Type field is configured to Single, enter a (static) IP address on the LAN behind your Prestige. When the Local Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your Prestige.
  • Page 193 Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION My IP Address Enter the WAN IP address of your Prestige. The Prestige uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.
  • Page 194: Viewing Sa Monitor

    Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Delete Click Delete to remove the current rule. 14.14 Viewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown.
  • Page 195: Figure 14-7 Sa Monitor

    Prestige 792H User’s Guide Figure 14-7 SA Monitor The following table describes the labels in this screen. Table 14-10 SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy.
  • Page 196: Configuring Global Setting

    Prestige 792H User’s Guide Table 14-10 SA Monitor LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the Prestige. Click Refresh to display the current active VPN connection(s). Refresh 14.15 Configuring Global Setting...
  • Page 197: Configuring Ipsec Logs

    Prestige 792H User’s Guide Table 14-11 Global Setting LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. 14.16 Configuring IPSec Logs To view IPSec logs in this screen, click Advanced Setup, VPN, and then Logs to open the screen shown next.
  • Page 198: Table 14-13 Sample Ike Key Exchange Logs

    Prestige 792H User’s Guide This screen is useful for troubleshooting. A log index number, the date and time the log was created and a log message are displayed. Double exclamation marks (!!) denote an error or warning message. The following table shows sample log messages during IKE key exchange.
  • Page 199: Table 14-14 Sample Ipsec Logs During Packet Transmission

    Prestige 792H User’s Guide Table 14-13 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Local / remote IPs of incoming If the security gateway is “0.0.0.0”, the Prestige will request conflict with rule <#d> use the peer’s “Local Addr” as its “Remote Addr”. If this IP (range) conflicts with a previously configured rule then the connection is not allowed.
  • Page 200: Table 14-15 Rfc-2408 Isakmp Payload Types

    Prestige 792H User’s Guide Table 14-14 Sample IPSec Logs During Packet Transmission LOG MESSAGE DESCRIPTION !! Inbound packet The authentication configuration settings are incorrect. Please authentication failed check them. !! Inbound packet The decryption configuration settings are incorrect. Please check decryption failed them.
  • Page 201: Telecommuter Vpn/Ipsec Examples

    Prestige 792H User’s Guide 14.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The Prestige at headquarters has a static public IP address.
  • Page 202: Telecommuters Using Unique Vpn Rules Example

    Prestige 792H User’s Guide Table 14-16 Telecommuters Sharing One VPN Rule Example HEADQUARTERS TELECOMMUTERS Local IP Address: 192.168.1.10 Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote IP 0.0.0.0 (N/A) 192.168.1.10 Address: 14.17.2 Telecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
  • Page 203: Figure 14-11 Telecommuters Using Unique Vpn Rules Example

    Prestige 792H User’s Guide Figure 14-11 Telecommuters Using Unique VPN Rules Example Table 14-17 Telecommuters Using Unique VPN Rules Example HEADQUARTERS TELECOMMUTERS All Headquarters Rules: All Telecommuter Rules: My IP Address: bigcompanyhq.com My IP Address 0.0.0.0 Local IP Address: 192.168.1.10 Secure Gateway Address: bigcompanyhq.com...
  • Page 204: Vpn And Remote Management

    Prestige 792H User’s Guide 14.18 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW SNMP, DNS or ICMP, then you should configure remote management (REMOTE MGNT) to allow access for that service. 14-34 VPN Screens...
  • Page 205 Remote Management and UPnP Part V: Remote Management and UPnP This part contains Remote Management and UPnP...
  • Page 207: Chapter 15 Remote Management Configuration

    Prestige 792H User’s Guide Chapter 15 Remote Management Configuration This chapter provides information on configuring remote management 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via:...
  • Page 208: System Timeout

    Prestige 792H User’s Guide Use the Prestige’s WAN IP address when configuring from the WAN. Use the Prestige’s LAN IP address when configuring from the LAN. 15.1.3 System Timeout There is a system timeout of five minutes (three hundred seconds) for either the console port or telnet/web/FTP connections.
  • Page 209: Configuring Remote Management

    Prestige 792H User’s Guide 15.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 15-2 Remote Management The following table describes the labels in this screen. Table 15-1 Remote Management LABEL DESCRIPTION Server Type Each of these labels denotes a service that you may use to remotely manage the Prestige.
  • Page 211: Chapter 16 Universal Plug-And-Play (Upnp)

    Prestige 792H User’s Guide Chapter 16 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer- to-peer network connectivity between devices.
  • Page 212: Upnp And Zyxel

    Prestige 792H User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 16.1.4 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
  • Page 213: Installing Upnp In Windows Example

    Prestige 792H User’s Guide Figure 16-1 Configuring UPnP Table 16-1 Configuring UPnP FIELD DESCRIPTION Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use a and Play (UPnP) Service UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
  • Page 214 Prestige 792H User’s Guide Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. Step 1. Click Start and Control Panel. Double-click Add/Remove Programs. Step 2. Click on the Windows Setup tab and select Communication in the Components selection box.
  • Page 215 Prestige 792H User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Step 1. Click start and Control Panel. Step 2. Double-click Network Connections. Step 3. In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
  • Page 216: Using Upnp In Windows Xp Example

    Prestige 792H User’s Guide 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige. Make sure the computer is connected to a LAN port of the Prestige. Turn on your computer and the Prestige.
  • Page 217 Prestige 792H User’s Guide Step 3. Step 4. In the Internet Connection Properties You may edit or delete the port window, click Settings to see the port mappings or click Add to mappings there were automatically created. manually add port mappings.
  • Page 218 Prestige 792H User’s Guide Step 6. Double-click on the icon to display your current Internet connection status. Web Configurator Easy Access Example With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
  • Page 219 Prestige 792H User’s Guide Step 4. An icon with the description for each UPnP-enabled device displays under Local Network. Step 5. Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Step 6. Right-click on the icon for your Prestige and select Properties.
  • Page 221 Maintenance Part VI: Maintenance This part covers the maintenance screens.
  • Page 223: Chapter 17 Maintenance

    Prestige 792H User’s Guide Chapter 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 17.1 Maintenance Overview Use the maintenance screens to view system information, upload new firmware, manage configuration and restart your Prestige.
  • Page 224 Prestige 792H User’s Guide Figure 17-1 System Status The following table describes the labels in this screen. 17-2 Maintenance...
  • Page 225: Figure 17-1 System Status

    Prestige 792H User’s Guide Table 17-1 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS F/W Version This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design.
  • Page 226: System Statistics

    Prestige 792H User’s Guide 17.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable.
  • Page 227 Prestige 792H User’s Guide Table 17-2 System Status: Show Statistics LABEL DESCRIPTION WAN Port Statistics This is the WAN port. Link Status This is the status of your WAN link. Transfer Rate This is the transfer rate in kbps. Node-Link This field displays the remote node index number and link type.
  • Page 228: Dhcp Table Screen

    Prestige 792H User’s Guide 17.3 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it.
  • Page 229: Diagnostic General Screen

    Prestige 792H User’s Guide Figure 17-4 Diagnostic 17.4.1 Diagnostic General Screen Click Diagnostic and then General to open the screen shown next. Figure 17-5 Diagnostic General The following table describes the labels in this screen. Maintenance 17-7...
  • Page 230: Diagnostic Dsl Line Screen

    Prestige 792H User’s Guide Table 17-4 Diagnostic General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered.
  • Page 231: Firmware Screen

    Prestige 792H User’s Guide Table 17-5 Diagnostic DSL Line LABEL DESCRIPTION Reset xDSL Click this button to reinitialize the xDSL line. The large text box above then displays the Line progress and results of this operation, for example: “Start to reset xDSL...
  • Page 232: Figure 17-7 Firmware Upgrade

    Prestige 792H User’s Guide Figure 17-7 Firmware Upgrade The following table describes the labels in this screen. Table 17-6 Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
  • Page 233: Figure 17-8 Network Temporarily Disconnected

    Prestige 792H User’s Guide Figure 17-8 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen.
  • Page 235 SMT General Configuration SMT General Configuration This part covers System Management Terminal configuration for general setup, LAN setup, wireless LAN setup, Internet access, remote nodes, remote node TCP/IP, static routing and NAT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
  • Page 237: Chapter 18 Introducing The Smt

    Prestige 792H User’s Guide Chapter 18 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 18.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
  • Page 238: Prestige Smt Menu Overview

    Prestige 792H User’s Guide Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Enter Password : **** Figure 18-1 Login Screen 18.1.4 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige.
  • Page 239: Figure 4-2 Lan

    Prestige 792H User’s Guide Prestige 650HW Main Menu Menu 3 Menu 4 Menu 12 Menu 14 Menu 15 Menu 1 Menu 11 LAN Setup General Setup Internet Access Static Routing Setup Dial-in User Setup NAT Setup Remote Node Setup Setup Menu 1.1...
  • Page 240: Navigating The Smt Interface

    Prestige 792H User’s Guide 18.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
  • Page 241: System Management Terminal Interface Summary

    Prestige 792H User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Prestige 792H Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall Setup 3. LAN Setup 22. SNMP Configuration 4. Internet Access Setup 23. System Security 24.
  • Page 242: Changing The System Password

    Prestige 792H User’s Guide Table 18-2 Main Menu Summary MENU TITLE DESCRIPTION Schedule Setup Use this menu to schedule outgoing calls. VPN/IPSec Setup Use this menu to configure VPN connections on the Prestige 650H/HW. Exit Use this to exit from SMT and return to a blank screen.
  • Page 243: Chapter 19 General Setup

    Prestige 792H User’s Guide Chapter 19 General Setup Menu 1 - General Setup contains administrative and system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
  • Page 244: Figure 19-1 Menu 1 General Setup

    Prestige 792H User’s Guide Menu 1 - General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Figure 19-1 Menu 1 General Setup Fill in the required fields.
  • Page 245: Configuring Dynamic Dns

    Prestige 792H User’s Guide 19.2.1 Configuring Dynamic DNS If you have a private WAN IP address, then you cannot use Dynamic DNS. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field.
  • Page 247: Chapter 20 Wan Setup

    Prestige 792H User’s Guide Chapter 20 WAN Setup This chapter shows you how to configure the WAN settings of your Prestige 20.1 WAN Setup Use Menu 2 – WAN Setup to configure G.SHDSL settings for your WAN line. Different telephone companies deploy different types of G.SHDSL service.
  • Page 248: Table 20-1 Wan Setup

    Prestige 792H User’s Guide Table 20-1 WAN Setup FIELD DESCRIPTION Service Type Press [SPACE BAR] to select Server (COE) or Client (CPE). Rate Adaption Press [SPACE BAR] to select Enable (activate) or Disable (deactivate). Transfer Max Rate Press [SPACE BAR] to select a Transfer Max Rate greater than or equal to (2312 Kbps) the Transfer Min Rate and press [ENTER] to continue.
  • Page 249: Chapter 21 Dial Backup

    Prestige 792H User’s Guide Chapter 21 Dial Backup This chapter shows you how to configure Dial Backup for your Prestige 21.1 Dial Backup Overview To set up the auxiliary port (Dial Backup or CON/AUX) for use in the event that the regular WAN...
  • Page 250: Advanced Wan Setup

    Prestige 792H User’s Guide Table 21-1 Menu 2: Dial Backup Setup FIELD DESCRIPTION EXAMPLE Dial-Backup: Use this field to turn the dial-backup feature on (Yes) or off (No). Active Port Speed Press [SPACE BAR] and then press [ENTER] to select the speed of the 115200 connection between the Dial Backup port and the external device.
  • Page 251: Figure 21-2 Advanced Wan Setup

    Prestige 792H User’s Guide Menu 2.1 - Advanced WAN Setup AT Command Strings: Call Control: Dial= atdt Dial Timeout(sec)= 60 Drop= ~~+++~~ath Retry Count= 0 Answer= ata Retry Interval(sec)= N/A Drop Timeout(sec)= 20 Drop DTR When Hang Up= Yes Call Back Delay(sec)= 15...
  • Page 252: Remote Node Profile (Backup Isp)

    Prestige 792H User’s Guide Table 21-2 Advanced WAN Port Setup: AT Commands Fields FIELD DESCRIPTION DEFAULT Speed Enter the keyword preceding the connection speed. CONNECT Table 21-3 Advanced WAN Port Setup: Call Control Parameters FIELD DESCRIPTION DEFAULT Call Control Dial Timeout (sec)
  • Page 253: Figure 21-3 Remote Node Profile (Backup Isp)

    Prestige 792H User’s Guide Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Edit PPP Options= No Active= Yes Rem IP Addr= 0.0.0.0 Edit IP= No Outgoing: My Login= My Password= ******** Telco Option: Authen= CHAP/PAP Allocated Budget(min)= 0...
  • Page 254 Prestige 792H User’s Guide Table 21-4 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Pri Phone # Enter the first (primary) phone number from the ISP for this remote node. If the Primary Phone number is busy or does not answer, your Sec Phone # Prestige dials the Secondary Phone number if available.
  • Page 255: Editing Ppp Options

    Prestige 792H User’s Guide Table 21-4 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Once you have configured this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel.
  • Page 256: Figure 21-6 Remote Node Network Layer Options

    Prestige 792H User’s Guide Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.3 - Network Layer Options. Menu 11.3 - Remote Node Network Layer Options Rem IP Addr= 0.0.0.0...
  • Page 257: Editing Filter Sets

    Prestige 792H User’s Guide Table 21-5 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private (default) and not included in RIP broadcasts.
  • Page 258: Figure 21-7 Menu 11.5: Remote Node Filter (Ethernet)

    Prestige 792H User’s Guide Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 21-7 Menu 11.5: Remote Node Filter (Ethernet)
  • Page 259: Chapter 22 Lan Setup

    Prestige 792H User’s Guide Chapter 22 LAN Setup This chapter shows you how to configure the LAN settings for your Prestige 22.1 Ethernet Setup This section describes how to configure the Ethernet using Menu 3 – Ethernet Setup. From the main menu, enter 3 to open the menu as follows.
  • Page 260: Ip Alias Setup

    Prestige 792H User’s Guide If you need to define filters, please read the Filter Configuration chapter first, then return to this menu. 22.1.2 IP Alias Setup Use Menu 3.2 to configure the first network. To edit Menu 3.2, enter 3 from the main menu to display Menu 3 —...
  • Page 261: Route Ip Setup

    Prestige 792H User’s Guide Figure 22-4 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. Table 22-1 IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias Choose Yes to configure the LAN network for the Prestige.
  • Page 262: Tcp/Ip Ethernet Setup And Dhcp

    Prestige 792H User’s Guide Menu 1 - General Setup System Name= P650HW Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Figure 22-5 General Setup 22.1.4 TCP/IP Ethernet Setup and DHCP...
  • Page 263: Table 22-2 Tcp/Ip And Dhcp Ethernet Setup

    Prestige 792H User’s Guide Table 22-2 TCP/IP and DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE DHCP Setup DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows Server NT and other systems that support the DHCP client.
  • Page 264 Prestige 792H User’s Guide Table 22-2 TCP/IP and DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE Multicast IGMP (Internet Group Multicast Protocol) is a network-layer None protocol used to establish membership in a Multicast group. (default) The Prestige supports both IGMP version 1 (IGMP-v1) and SPACE BAR] version 2 ( IGMP-v2).
  • Page 265: Chapter 23 Internet Access

    Prestige 792H User’s Guide Chapter 23 Internet Access This chapter shows you how to configure your Prestige for Internet Access 23.1 Internet Access Overview This section provides information on configuring your Prestige for Internet access. It includes information on encapsulation types, IP address assignment and ATM networks.
  • Page 266 Prestige 792H User’s Guide Table 23-1 Internet Access Setup FIELD DESCRIPTION EXAMPLE ISP’s Name Enter the name of your Internet Service Provider. This ChangeMe information is for identification purposes only. Encapsulation SPACE BAR ENET ENCAP Press [ ] to select the method of encapsulation used by your ISP.
  • Page 267 Prestige 792H User’s Guide Table 23-1 Internet Access Setup FIELD DESCRIPTION EXAMPLE Idle Timeout This value specifies the number of idle seconds that elapse before the Prestige automatically disconnects the PPPoE session. Dynamic IP Address SPACE BAR Press [ ] to select Static or Dynamic address Assignment assignment.
  • Page 269: Advanced Applications

    Advanced Applications Advanced Applications This part shows how to configure Remote Nodes, Static Routes, Bridging and NAT. VIII...
  • Page 271: Chapter 24 Remote Node Configuration

    Prestige 792H User’s Guide Chapter 24 Remote Node Configuration This chapter covers remote node configuration. 24.1 Remote Node Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
  • Page 272: Encapsulation And Multiplexing Scenarios

    Prestige 792H User’s Guide Menu 11 - Remote Node Setup 1. MyISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 9. ________ 10. ________ 11. ________ 12. ________ Enter Node # to Edit: Figure 24-1 Remote Node Setup 24.2.1 Encapsulation and Multiplexing Scenarios...
  • Page 273: Figure 24-2 Remote Node Profile

    Prestige 792H User’s Guide Edit IP/Bridge Options Menu 11.1 - Remote Node Profile in menu 11.3. Rem Node Name= myISP Route= IP Active= Yes Bridge= No Encapsulation= RFC-1483 Edit IP/Bridge= No Multiplexing= VC-based Edit ATM Options= No Edit ATM Options in Incoming: menu 11.6.
  • Page 274 Prestige 792H User’s Guide Table 24-1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Password Type the password used when this remote node calls your Prestige. Outgoing: Type the login name assigned by your ISP when the My Login Prestige calls this remote node.
  • Page 275: Remote Node Network Layer Options

    Prestige 792H User’s Guide Table 24-1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Schedule Sets This field is only applicable for PPPoE and PPPoA encapsulation. You can apply up to four schedule sets here. For more details please refer to the Call Schedule Setup chapter.
  • Page 276: Figure 24-3 Remote Node Network Layer Options

    Prestige 792H User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Dynamic Ethernet Addr Timeout (min)= N/A Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature...
  • Page 277 Prestige 792H User’s Guide Table 24-2 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you have SUA Only multiple public WAN IP addresses for your Prestige. Select SUA Only if you have just one public WAN IP address for your Prestige.
  • Page 278: My Wan Addr Sample Ip Addresses

    Prestige 792H User’s Guide 24.3.1 My WAN Addr Sample IP Addresses The following diagram explains the sample IP addresses to help you understand the field of My Wan Addr in Menu 11.3. My WAN Addr indicates the local Prestige WAN IP while Rem IP Addr indicates the peer WAN IP.
  • Page 279: Editing Atm Layer Options

    Prestige 792H User’s Guide Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= 12, 11 device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 24-5 Remote Node Filter (PPPoA or PPPoE Encapsulation) Menu 11.5 - Remote Node Filter...
  • Page 280: Vc-Based Multiplexing (Non-Ppp Encapsulation)

    Prestige 792H User’s Guide 24.5.1 VC-based Multiplexing (non-PPP Encapsulation) For VC-based multiplexing, by prior agreement, a protocol is assigned a specific virtual circuit, e.g., VC1 will carry IP, VC2 will carry IPX, etc. Separate VPI and VCI numbers must be specified for each protocol.
  • Page 281 Prestige 792H User’s Guide In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (1 to 31 is reserved for local management of ATM traffic).
  • Page 283: Chapter 25 Static Route Setup

    Prestige 792H User’s Guide Chapter 25 Static Route Setup This chapter shows how to setup IP static routes. 25.1 Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
  • Page 284: Figure 25-2 Static Route Setup

    Prestige 792H User’s Guide Step 1. To configure an IP static route, use Menu 12 – Static Route Setup (shown next). See the bridging chapter for more information on Bridge Static Routes. Menu 12 - Static Route Setup 1. IP Static Route 3.
  • Page 285: Figure 25-4 Edit Ip Static Route

    Prestige 792H User’s Guide Menu 12.1.1 - Edit IP Static Route Route #: 1 Route Name= myIPStatic_Route Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ESC to Cancel:...
  • Page 287: Chapter 26 Bridging Setup

    Prestige 792H User’s Guide Chapter 26 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 26.1 Bridging Overview Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address. Bridging allows the Prestige to transport packets of network layer protocols that it does not route, for example, SNA, from one network to another.
  • Page 288: Bridge Static Route Setup

    Prestige 792H User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature...
  • Page 289: Figure 26-2 Bridge Static Route Setup

    Prestige 792H User’s Guide Menu 12.3 - Bridge Static Route Setup 1. ________ 2. ________ 3. ________ 4. ________ Enter selection number: Figure 26-2 Bridge Static Route Setup Choose a static route to edit in menu 12.3. You configure bridge static routes in menu 12.3.1 as shown next.
  • Page 290 Prestige 792H User’s Guide FIELD DESCRIPTION When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
  • Page 291: Chapter 27 Network Address Translation (Nat)

    Prestige 792H User’s Guide Chapter 27 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 27.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
  • Page 292: Figure 27-1 Applying Nat For Internet Access

    Prestige 792H User’s Guide Menu 4 - Internet Access Setup ISP's Name= test Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 1 VCI #= 1 Service Name= N/A My Login= N/A My Password= N/A NAT= SUA Only Address Mapping Set= N/A IP Address Assignment= Static IP Address= 0.0.0.0...
  • Page 293: Nat Setup

    Prestige 792H User’s Guide Table 27-1 Applying NAT to the Remote Node FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you Full Feature have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (menu 15.1 - see section 27.3.1).
  • Page 294: Figure 27-4 Address Mapping Sets

    Prestige 792H User’s Guide Menu 15.1 - Address Mapping Sets 255. SUA (read only) Enter Menu Selection Number: Enter Menu Selection Number: Figure 27-4 Address Mapping Sets Enter 255 to display the next screen (see also section 27.1). The fields in this menu cannot be changed.
  • Page 295 Prestige 792H User’s Guide Table 27-2 Address Mapping Rules - SUA FIELD DESCRIPTION EXAMPLE Local Start IP Local Start IP is the starting local IP address (ILA) 0.0.0.0 Local End IP is the ending local IP address (ILA). If the Local End IP 255.255.255.255...
  • Page 296: Figure 27-6 Address Mapping Rules

    Prestige 792H User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= ? Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: Figure 27-6 Address Mapping Rules If the Set Name field is left blank, the entire set will be deleted.
  • Page 297 Prestige 792H User’s Guide FIELD DESRIPTION EXAMPLE Action The default is Edit. Edit means you want to edit a selected rule (see Edit following field). Insert Before means to insert a rule before the rule selected. The rules after the selected rule will then be moved down by one rule.
  • Page 298: Figure 27-7 Editing/Configuring An Individual Rule In A Set

    Prestige 792H User’s Guide Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= = N/A Global IP: Start= = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 27-7 Editing/Configuring an Individual Rule in a Set...
  • Page 299: Configuring A Server Behind Nat

    Prestige 792H User’s Guide 27.3.2 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup. Step 2. Enter 2 to display Menu 15.2 - NAT Server Sets as shown next.
  • Page 300: Figure 27-9 Nat Server Setup

    Prestige 792H User’s Guide Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 27-9 NAT Server Setup Step 4.
  • Page 301: General Nat Examples

    Prestige 792H User’s Guide Figure 27-10 Multiple Servers Behind NAT Example 27.4 General NAT Examples This section provides some examples with Network Address Translation. 27.4.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
  • Page 302: Figure 27-11 Nat Example 1

    Prestige 792H User’s Guide Figure 27-11 NAT Example 1 Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= RFC-1483 Multiplexing= LLC-based VPI #= 1 VCI #= 1 ATM QoS Type= UBR Peak Cell Rate (PCR)= 5500 Sustained Cell Rate (SCR)= 0...
  • Page 303: Example 2: Internet Access With An Inside Server

    Prestige 792H User’s Guide From menu 4, choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in section 27.4. The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case.
  • Page 304: Example 3: Multiple Public Ip Addresses With Inside Servers

    Prestige 792H User’s Guide Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 27-14 NAT Example 2 - Menu 15.2.1...
  • Page 305: Figure 27-15 Nat Example 3

    Prestige 792H User’s Guide Figure 27-15 NAT Example 3 Step 1. In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3).
  • Page 306: Figure 27-17 Example 3 - Menu 15.1.1.1

    Prestige 792H User’s Guide Step 5. In menu 15.1.1.1, select Type as One-to-One (direct mapping for packets going both ways), and set the local Start IP as 192.168.1.10 (the IP address of FTP Server 1) and the global Start IP as 10.132.50.1 (our first IGA). See the figure below.
  • Page 307 Prestige 792H User’s Guide Now configure the IGA3 to map to our web server and mail server on the LAN. Step 8. Enter 15 from the main menu. Step 9. Enter 2 in Menu 15 - NAT Setup. Step 10. Enter 1 in Menu 15.2 - NAT Server Sets and enter 1 again to see the following menu.
  • Page 308: Example 4: Nat Unfriendly Application Programs

    Prestige 792H User’s Guide Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 27-19 Example 3- Menu 15.2...
  • Page 309: Figure 27-21 Example 4 - Menu 15.1.1.1

    Prestige 792H User’s Guide Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to-One and Many-to-Many No Overload mapping types. Follow the steps outlined in example 3 to configure these two menus as follows.
  • Page 310: Figure 27-22 Example 4 - Menu 15.1.1

    Prestige 792H User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50.3 M:M NO OV Action= Edit...
  • Page 311: Advanced Management

    Advanced Management Part IX: Advanced Management This part discusses Filter Configuration, SNMP, System Maintenance and IP Policy Routing, Call Scheduling and Remote Management.
  • Page 313: Chapter 28 Filter Configuration

    Prestige 792H User’s Guide Chapter 28 Filter Configuration This chapter shows you how to create and apply filters. 28.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
  • Page 314: Figure 28-1 Outgoing Packet Filtering Process

    Prestige 792H User’s Guide Call Filtering Active Data match Built-in User-defined match match Outgoing Initiate call default Call Filters Data Packet if line not up Call Filters (if applicable) Send packet and reset Idle Timer Match Match Match Drop Drop packet...
  • Page 315: Figure 28-2 Filter Rule Process

    Prestige 792H User’s Guide Start Packet intoFilter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available? Execute Filter Rule Check Next Rule...
  • Page 316: Filter Set Configuration

    Prestige 792H User’s Guide For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name.
  • Page 317: Figure 28-4 Netbios Wan Filter Rules Summary

    Prestige 792H User’s Guide Step 3. Type a descriptive name or comment in the Edit Comments field and press [ENTER]. Step 4. Press [ENTER] at the message Press ENTER to confirm…” to display Menu 21.1 – Filter “ Rules Summary (that is, if you selected filter set 1 in menu 21).
  • Page 318: Figure 28-6 Telnet_Wan Filter Rules Summary

    Prestige 792H User’s Guide Menu 21.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: Figure 28-6 Telnet_WAN Filter Rules Summary Menu 21.4 - Filter Rules Summary...
  • Page 319: Figure 28-8 Ftp_Wan Filter Rules Summary

    Prestige 792H User’s Guide Menu 21.5 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------------------------------------------------- - - - 1 Y IP PR=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D F Enter Filter Rule Number (1-6) to Configure: Figure 28-8 FTP_WAN Filter Rules Summary Menu 21.11 - Filter Rules Summary...
  • Page 320: Filter Rules Summary Menus

    Prestige 792H User’s Guide Menu 21.11 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21...
  • Page 321: Filter Rule Configuration

    Prestige 792H User’s Guide FIELD DESCRIPTION Action Not Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N” means to check the next rule. The protocol dependent filter rules abbreviation are listed as follows:...
  • Page 322: Figure 28-11 Tcp/Ip Filter Rule

    Prestige 792H User’s Guide 28.3.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
  • Page 323 Prestige 792H User’s Guide Table 28-3 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE IP Protocol This is the upper layer protocol, for example, TCP is 6, 0 to 255 UDP is 17 and ICMP is 1. The value must be between 0 and 255.
  • Page 324 Prestige 792H User’s Guide Table 28-3 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Select the logging option from the following: None – No packets will be logged. None Action Matched – Only packets that match the rule parameters will be logged.
  • Page 325: Figure 28-12 Executing An Ip Filter

    Prestige 792H User’s Guide Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr Matched Check Not Matched IP Protocol Matched Check Src &...
  • Page 326: Generic Filter Rule

    Prestige 792H User’s Guide 28.3.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
  • Page 327: Table 28-4 Generic Filter Rule Menu Fields

    Prestige 792H User’s Guide Table 28-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third rule of that set.
  • Page 328: Filter Types And Nat

    Prestige 792H User’s Guide 28.4 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
  • Page 329: Figure 28-15 Sample Telnet Filter

    Prestige 792H User’s Guide Figure 28-15 Sample Telnet Filter Step 1. Enter 21 from the main menu to open Menu 21 — Filter Set Configuration. Step 2. Enter the index number of the filter set you want to configure (in this case 3) Step 3.
  • Page 330: Figure 28-16 Sample Filter Rules Summary — Menu 21.1

    Prestige 792H User’s Guide Menu 21.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: 1 This shows you that you have M = N means an action can be taken immediately.
  • Page 331: Figure 28-17 Sample Filter Rules Summary — Menu 21.3.1

    Prestige 792H User’s Guide Press [SPACE BAR] to choose this Menu 21.3.1 - TCP/IP Filter Rule filter rule type. The first filter rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule type determines all subsequent filter Active= Yes IP Protocol= 6 IP Source Route= No types within a set.
  • Page 332: Applying Filters And Factory Defaults

    Prestige 792H User’s Guide Step 3. This brings you to menu 11.5. Enter the example filter set number in this menu as shown in the following figure. Menu 11.5 – Remote Node Filter Input Filter Sets: protocol filters= device filters=...
  • Page 333: Remote Node Filters

    Prestige 792H User’s Guide filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11. The factory default filter set, NetBIOS_LAN, is inserted in the protocol filters field under Input Filter Sets in menu 3.1 in order to...
  • Page 335: Chapter 29 Snmp Configuration

    Prestige 792H User’s Guide Chapter 29 SNMP Configuration This chapter explains SNMP Configuration. SNMP is only available if TCP/IP is configured. 29.1 SNMP Overview Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
  • Page 336: Supported Mibs

    Prestige 792H User’s Guide An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP.
  • Page 337: Snmp Traps

    Prestige 792H User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Hgst= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 29-2 SNMP Configuration Table 29-1 SNMP Configuration...
  • Page 338 Prestige 792H User’s Guide TRAP # TRAP NAME DESCRIPTION warmStart (defined in RFC-1215) A trap is sent after booting (software reboot). linkUp (defined in RFC-1215) A trap is sent with the port number. authenticationFailure (defined in A trap is sent to the manager when receiving any SNMP RFC-1215) get or set requirements with wrong community (password).
  • Page 339: Chapter 30 System Maintenance

    Prestige 792H User’s Guide Chapter 30 System Maintenance This chapter covers the diagnostic tools that help you to maintain your Prestige. 30.1 System Maintenance Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
  • Page 340: Figure 30-2 System Maintenance - Status

    Prestige 792H User’s Guide Menu 24.1 - System Maintenance – Status hh:mm:ss Sat. Jan. 01, 2000 Node-Lnk Status TxPkts RxPkts Errors Tx B/s Rx B/s Up Time 1-ENET 0:26:20 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 My WAN IP (from ISP):0.0.0.0...
  • Page 341: System Information

    Prestige 792H User’s Guide Table 30-1 System Maintenance Status — FIELD DESCRIPTION Rx Pkts The number of received packets from the LAN. Collision Number of collisions. Shows statistics for the WAN. Line Status Shows the current status of the xDSL line, which can be Up or Down.
  • Page 342: Figure 30-4 System Maintenance - Information

    Menu 1 – General Setup. Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. xDSL F/W Version Refers to the DSL version. Standard This refers to the operational protocol the Prestige and the DSLAM (Digital Subscriber Line Access Multiplexer) are using.
  • Page 343: Console Port Speed

    Prestige 792H User’s Guide 30.3.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your Prestige supports 9600 (default), 19200 and 38400 bps. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure.
  • Page 344: Syslog

    Prestige 792H User’s Guide Step 3. Enter 1 from Menu 24.3 — System Maintenance — Log and Trace to display the error log in the system. After the Prestige finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.
  • Page 345: Table 30-3 System Maintenance Menu - Syslog Parameters

    Prestige 792H User’s Guide Table 30-3 System Maintenance Menu — Syslog Parameters PARAMETER DESCRIPTION UNIX Syslog: Active Use [SPACE BAR] and then [ENTER] to turn syslog on or off. Syslog IP Address Type the IP address of your syslog server.
  • Page 346: Diagnostic

    Prestige 792H User’s Guide Jul 19 11:28:56 192.168.102.2 ZYXEL: Packet Trigger: Protocol=1, Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4 Jul 19 11:29:06 192.168.102.2 ZYXEL: Packet Trigger: Protocol=1, Data=45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d1430135004000077600000 3 - Filter Log SdcmdSyslogSend (SYSLOG_FILLOG, SYSLOG_NOTICE, String); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m), drop (D).
  • Page 347: Table 30-4 System Maintenance Menu - Diagnostic

    Prestige 792H User’s Guide The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 30-4 System Maintenance Menu — Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working.
  • Page 349: Chapter 31 Firmware And Configuration File Maintenance

    Prestige 792H User’s Guide Chapter 31 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 31.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
  • Page 350: Backup Configuration

    Prestige 792H User’s Guide Table 31-1 Filename Conventions FILE TYPE INTERNAL EXTERNAL NAME DESCRIPTION NAME Configuration Rom-0 This is the configuration filename on the Prestige. *.rom File Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-related data (including the default password), the error log and the trace log.
  • Page 351: Using The Ftp Command From The Command Line

    Prestige 792H User’s Guide 31.2.1 Backup Configuration Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your computer.
  • Page 352: Gui-Based Ftp Clients

    Prestige 792H User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
  • Page 353: Backup Configuration Using Tftp

    Prestige 792H User’s Guide 4. You have an SMT console session running. 31.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended.
  • Page 354: Backup Via Console Port

    Prestige 792H User’s Guide Table 31-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
  • Page 355: Restore Configuration

    Prestige 792H User’s Guide Step 3. Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the following screen. Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol.
  • Page 356: Restore Using Ftp

    Prestige 792H User’s Guide 31.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file, follow the procedure below: 1.
  • Page 357: Restore Using Ftp Session Example

    Prestige 792H User’s Guide 31.3.2 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
  • Page 358: Uploading Firmware And Configuration Files

    Prestige 792H User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 31-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu.
  • Page 359: Configuration File Upload

    Prestige 792H User’s Guide Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
  • Page 360: Ftp File Upload Command From The Dos Prompt Example

    Prestige 792H User’s Guide 31.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a space and the IP address of your Prestige. Step 3.
  • Page 361: Tftp Upload Command Example

    Prestige 792H User’s Guide To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next. Step 1. Use telnet from your computer to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.
  • Page 362: Uploading Firmware File Via Console Port

    Prestige 792H User’s Guide 31.4.8 Uploading Firmware File Via Console Port Step 1. Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 – System Maintenance – Upload System Firmware, then follow the instructions as shown in the following screen.
  • Page 363: Uploading Configuration File Via Console Port

    Prestige 792H User’s Guide 31.4.10 Uploading Configuration File Via Console Port Step 1. Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 – System Maintenance – Upload System Configuration File. Follow the instructions as shown in the next screen.
  • Page 364: Figure 31-19 Example Xmodem Upload

    Prestige 792H User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 31-19 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”.
  • Page 365: Chapter 32 System Maintenance And Information

    Prestige 792H User’s Guide Chapter 32 System Maintenance and Information This chapter leads you through SMT menus 24.8 to 24.10. 32.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
  • Page 366: Call Control Support

    Prestige 792H User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are: exit device ether xdsl bridge hdap ras> Figure 32-2 Valid Commands 32.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.
  • Page 367: Figure 32-4 Budget Management

    Prestige 792H User’s Guide Menu 24.9.1 - System Maintenance - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1.MyISP No Budget No Budget 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- Reset Node (0 to update screen): Figure 32-4 Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
  • Page 368: Time And Date Setting

    Prestige 792H User’s Guide 32.3 Time and Date Setting The Prestige keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige.
  • Page 369: Resetting The Time

    Prestige 792H User’s Guide Table 32-2 Time and Date Setting Fields FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
  • Page 371: Chapter 33 Ip Policy Routing

    Prestige 792H User’s Guide Chapter 33 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 33.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.
  • Page 372: Ip Routing Policy Setup

    Prestige 792H User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with six policies in each set.
  • Page 373: Figure 33-2 Sample Ip Routing Policy Setup

    Prestige 792H User’s Guide Menu 25.1 - IP Routing Policy Setup Criteria/Action - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________...
  • Page 374: Figure 33-3 Ip Routing Policy

    Prestige 792H User’s Guide Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Menu 25.1.1 - IP Routing Policy Policy Set Name= test...
  • Page 375: Applying An Ip Policy

    Prestige 792H User’s Guide Table 33-2 IP Routing Policy FIELD DESCRIPTION Len Comp Press [SPACE BAR] and then [ENTER] to choose from Equal, Not Equal, Less, Greater, Less or Equal or Greater or Equal. Source: addr start / end Source IP address range from start to end.
  • Page 376: Figure 33-4 Tcp/Ip And Dhcp Ethernet Setup

    Prestige 792H User’s Guide Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP Setup: DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A Secondary DNS Server= N/A Remote DHCP Server= N/A...
  • Page 377: Ip Policy Routing Example

    Prestige 792H User’s Guide 33.4 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
  • Page 378: Figure 33-7 Ip Routing Policy Example

    Prestige 792H User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 192.168.1.2 end= 192.168.1.64...
  • Page 379: Figure 33-8 Ip Routing Policy

    Prestige 792H User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A...
  • Page 381: Chapter 34 Call Scheduling

    Prestige 792H User’s Guide Chapter 34 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 34.1 Call Scheduling Overview The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
  • Page 382: Figure 34-2 Schedule Set Setup

    Prestige 792H User’s Guide To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
  • Page 383 Prestige 792H User’s Guide Table 34-1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE How Often Should this schedule set recur weekly or be used just once only? Once Press the [SPACE BAR] and then [ENTER] to select Once or Weekly. Both these options are mutually exclusive. If Once is selected, then all weekday settings are N/A.
  • Page 384: Figure 34-3 Applying Schedule Set(S) To A Remote Node (Pppoe)

    Prestige 792H User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing=VC-based Edit ATM Options= No Service Name= Telco Option: Incoming Allocated Budget(min)= 0 Rem Login=...
  • Page 385: Chapter 35 Remote Management

    Prestige 792H User’s Guide Chapter 35 Remote Management This chapter covers remote management (SMT menu 24.11). 35.1 Remote Management Overview Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
  • Page 386: Remote Management And Web Services

    Prestige 791R G.SHDSL Router 35.1.3 Remote Management and Web Services You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 35.1.4 Disabling Remote Management To disable remote management of a service, select Disable in the corresponding Server Access field. 35.2 Remote Management Setup Enter 11 in menu 24 to display Menu 24.11 —...
  • Page 387: Remote Management Limitations

    Prestige 792H User’s Guide Table 35-1 Remote Management Control FIELD DESCRIPTION EXAMPLE Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely 0.0.0.0 manage the Prestige. Enter an IP address to restrict access to a client with a matching IP address.
  • Page 389 SMT VPN/IPSec and Internal SPTGEN Part X: SMT VPN/IPSec and Internal SPTGEN This part provides information about configuring VPN/IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
  • Page 391: Chapter 36 Vpn/Ipsec Setup

    Prestige 792H User’s Guide Chapter 36 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 36.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1. Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.
  • Page 392: Ipsec Summary Screen

    Prestige 792H User’s Guide Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor 3. View IPSec Log Enter Menu Selection Number: Figure 36-2 Menu 27 VPN/IPSec Setup 36.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
  • Page 393 Prestige 792H User’s Guide Table 36-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Name This field displays the unique identification name for this VPN rule. The Taiwan name may be up to 32 characters long but only 10 characters will be displayed here.
  • Page 394 Prestige 792H User’s Guide Table 36-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE This field displays the SA’s type of key management, (IKE or Manual). Key Mgt Remote When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to 172.16.2.40...
  • Page 395: Ipsec Setup

    Prestige 792H User’s Guide Table 36-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Select Press [SPACE BAR] to choose from None, Edit, Delete, Go To Rule, None Command Next Page or Previous Page and then press [ENTER]. You must select a rule in the next field when you choose the Edit, Delete or Go To commands.
  • Page 396: Figure 36-4 Menu 27.1.1 Ipsec Setup

    Prestige 792H User’s Guide Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Local ID type= IP Content= My IP Addr= 0.0.0.0 Peer ID type= IP Content= Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 DNS Server= 0.0.0.0...
  • Page 397 Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address.
  • Page 398 Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Secure Type the IP address or the domain name (up to 31 characters) of the Zw50test.com. Gateway IPSec router with which you’re making the VPN connection. Address Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP...
  • Page 399 Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End/Subnet When the Addr Type field is configured to Single, this field is N/A. 192.168.1.38 Mask When the Addr Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your Prestige.
  • Page 400 Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE When the Addr Type field is configured to Single, this field is N/A. End/Subnet 255.255.0.0 Mask When the Addr Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
  • Page 401: Ike Setup

    Prestige 792H User’s Guide 36.4 IKE Setup To edit this menu, the Key Management field in Menu 27.1.1 – IPSec Setup must be set to IKE. Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec Setup; press [SPACE BAR] to select Yes and then press [ENTER] to display Menu 27.1.1.1 –...
  • Page 402: Table 36-3 Menu 27.1.1.1 Ike Setup

    Prestige 792H User’s Guide Table 36-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE When DES is used for data communications, both sender and receiver must Encryption Algorithm know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
  • Page 403: Manual Setup

    Prestige 792H User’s Guide Table 36-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Perfect Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2 None Forward IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press Secrecy (PFS) [SPACE BAR] and choose from DH1 or DH2 to enable PFS.
  • Page 404: Figure 36-6 Menu 27.1.1.2 Manual Setup

    Prestige 792H User’s Guide Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI (Decimal)= Encryption Algorithm= DES Key1= Key2= N/A Key3= N/A Authentication Algorithm= MD5 Key= N/A AH Setup SPI (Decimal)= N/A Authentication Algorithm= N/A Key= Press ENTER to Confirm or ESC to Cancel: Figure 36-6 Menu 27.1.1.2 Manual Setup...
  • Page 405 Prestige 792H User’s Guide Table 36-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Algorithm Key Enter the authentication key to be used by IPSec if applicable. The key must 123456789a be unique.
  • Page 407: Chapter 37 Sa Monitor

    Prestige 792H User’s Guide Chapter 37 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 37.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.
  • Page 408: Table 37-1 Menu 27.2 Sa Monitor

    Prestige 792H User’s Guide Table 37-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EXAMPLE This is the security association index number. Name This field displays the identification name for this VPN policy. This name is Taiwan unique for each connection where the secure gateway IP address is a public static IP address.
  • Page 409: Viewing Ipsec Log

    Prestige 792H User’s Guide 37.3 Viewing IPSec Log To view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the IPSec log as shown next. The following figure shows a typical log from the initiator of a VPN connection.
  • Page 411: Chapter 38 Internal Sptgen

    Prestige 792H User’s Guide Chapter 38 Internal SPTGEN 38.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...
  • Page 412: Internal Sptgen File Modification - Important Points To Remember

    Prestige 792H User’s Guide This is the name of This is the Field Name column. One “=” sign, followed by one the menu. This is the name of the field as seen in space, must precede the corresponding SMT screen.
  • Page 413: Internal Sptgen Ftp Download Example

    Prestige 792H User’s Guide field value is not legal error:-1 ROM-t is not saved, error Line ID:10000000 reboot to get the original configuration Bootbase Version: V2.02 | 2/22/2001 13:33:11 RAM: Size = 8192 Kbytes FLASH: Intel 8M *2 Figure 38-2 Invalid Parameter Entered: Command Line Example The Prestige will display the following if you enter parameter(s) that are valid.
  • Page 414: Internal Sptgen Ftp Upload Example

    Prestige 792H User’s Guide 38.4 Internal SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 1. Launch your FTP application. 2000 User (192.168.1.1:(none)): 331 Enter PASS command 2. Enter "bin". The command “bin” sets Password: the transfer mode to binary.
  • Page 415: Appendices And Index

    Part XI: Appendices and Index This section provides some Appendices and an Index.
  • Page 417: Appendix A Troubleshooting

    Prestige 792H User’s Guide Appendix A Troubleshooting This chapter covers potential problems and the corresponding remedies. Problems Starting Up the Prestige Table A-1 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs Make sure that the Prestige’s power adapter is connected to the Prestige and plugged turn on when I turn in to an appropriate power source.
  • Page 418: Table A-3 Troubleshooting The Wan Interface

    Prestige 792H User’s Guide Problems with the WAN Interface Table A-3 Troubleshooting the WAN Interface PROBLEM CORRECTIVE ACTION I cannot get a WAN The WAN IP is provided when the ISP recognizes the user as an authorized user after IP address from verifying the MAC address, Host Name or User ID.
  • Page 419: Table A-5 Troubleshooting The Password

    Prestige 792H User’s Guide Problems with Passwords Table A-5 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The Password and Username fields are case-sensitive. Make sure that you enter the Prestige. correct password and username using the proper casing.
  • Page 421: Appendix Bpppoe

    Prestige 792H User’s Guide Appendix B PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to an xDSL Access Concentrator where the PPP session terminates (see the next figure).
  • Page 422 Prestige 792H User’s Guide Diagram B-1 Single-PC per Modem Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
  • Page 423 Prestige 792H User’s Guide The Prestige as a PPPoE Client When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs.
  • Page 425: Appendix C Virtual Circuit Topology

    Prestige 792H User’s Guide Appendix C Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...
  • Page 427: Appendix Dpptp

    Prestige 792H User’s Guide Appendix D PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
  • Page 428 Prestige 792H User’s Guide In Windows VPN or PPTP Pass-Through feature, the PPTP tunneling is created from Windows 95, 98 and NT clients to an NT server in a remote location. The pass-through feature allows users on the network to access a different remote server using the Prestige's Internet connection.
  • Page 429 Prestige 792H User’s Guide The control connection runs over TCP. Similar to L2TP, a tunnel control connection is first established before call control messages can be exchanged. Please note that a tunnel control connection supports multiple call sessions. The following diagram depicts the message exchange of a successful call setup between a PC and an ANT.
  • Page 431: Appendix E Index

    Prestige 792H User’s Guide Appendix E Index Call Filters Built-In ............28-1 User-Defined ..........28-1 10/100 MB Auto-negotiation ......1-3 Call Scheduling..........34-1 Maximum Number of Schedule Sets..34-1 PPPoE............34-3 Action for Matched Packets ......10-13 Precedence..........34-1 Active............ 21-5, 21-7 Precedence Example....
  • Page 432 Prestige 792H User’s Guide Customized Services........11-2 Ethernet/802.3 bridged ........1-5 Data Filtering ..........28-1 Factory LAN Defaults ........4-3 Default Policy Log......... 10-8 FCC ..............iii Denial of Service ......8-2, 8-3, 9-4, 9-5 Features ............1-1 Destination Address......10-3, 10-13 Filename Conventions ........31-1 Device Filter rules........
  • Page 433 Prestige 792H User’s Guide Introduction ..........8-2 IGMP support ..........24-7 LAN to WAN Rules ........10-3 IKE Setup ............ 36-11 Logs ............10-4 Industry Canada ..........iv Policies............10-1 Install UPnP........... 16-3 Remote Management ........9-1 Windows Me ..........16-4 Rule Checklist..........
  • Page 434 Prestige 792H User’s Guide Gateway............. 33-5 Management Information Base (MIB) ...29-2 IP Pool Setup ..........3-16 Max-incomplete High........9-4 IP Ports ..........36-9, 36-10 Max-incomplete Low ........9-4 IP Protocol ............. 33-4 MBS ......See Maximum Burst Size IP Routing Policy (IPPR)....... 33-1 Media Access Control ........26-1...
  • Page 435 Prestige 792H User’s Guide Quick Start Guide ........2-1, 16-2 Packet Error............30-2 RAS ............30-4, 33-2 Received ............ 30-3 Rate Transmitted ..........30-2 Receiving........... 30-2 Packet Filtering ..........8-13 Transmission ..........30-2 Packet Filtering Firewalls ........ 8-1 Read Me First ..........xxix Packet Triggered ..........
  • Page 436 Prestige 792H User’s Guide Predefined Services ........10-8 Stateful Inspection ....1-2, 8-1, 8-2, 8-7, 8-8 Source and Destination Addresses ..10-13 Prestige............8-9 Summary ........... 10-6 Process ............8-8 Timeout ........... 10-14 Static Routing Topology.........25-1 SUA........... 1-3, 6-5, 6-6 SUA (Single User Account) ....See NAT Subnet Mask ..
  • Page 437 Prestige 792H User’s Guide And FTP Over WAN ......... 35-3 User Name ............7-2 Restrictions ..........35-3 TFTP and FTP over WAN Will Not Work When…............31-4 VC-based Multiplexing ...... 24-2, 24-10 TFTP and FTP Over WAN ......15-1 Virtual Private Network........1-2 TFTP File Transfer........

Table of Contents