Summary of Contents for ZyXEL Communications Prestige 792H
Page 1
Prestige 792H G.SHDSL 4-port Security Gateway User's Guide Version 3.40(BZ.0) March 2004...
Page 2
Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 3
Prestige 792H User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Prestige 792H User’s Guide Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction.
Prestige 792H User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and...
Prestige 792H User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 7
Prestige 792H User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION NORWAY support@zyxel.no +47 22 80 61 80 www.zyxel.no ZyXEL Communications A/S Nils Hansens vei 13 sales@zyxel.no +47 22 80 61 81 0667 Oslo...
Prestige 792H User’s Guide Table of Contents Copyright ................................ ii Federal Communications Commission (FCC) Interference Statement ............ iii Information for Canadian Users ........................iv ZyXEL Limited Warranty ..........................v Customer Support ............................vi Please have the following information ready when you contact customer support......... vi List of Figures ..............................
Page 10
Prestige 792H User’s Guide 3.7 IP Address and Subnet Mask ......................3-6 3.8 IP Address Assignment........................3-7 3.8.1IP Assignment with PPPoA or PPPoE Encapsulation ............3-7 3.8.2 IP Assignment with RFC 1483 Encapsulation ..............3-7 3.8.3 IP Assignment with ENET ENCAP Encapsulation ..............3-8 3.8.4 Private IP Addresses ......................3-8 3.9 Nailed-Up Connection (PPP) ......................3-8...
Page 14
Prestige 792H User’s Guide Chapter 16 Universal Plug-and-Play (UPnP) ..................16-1 16.1 Universal Plug and Play Overview ....................16-1 16.1.1 How do I know if I'm using UPnP? ..................16-1 16.1.2 NAT Transversal.......................16-1 16.1.3 Cautions with UPnP ......................16-1 16.1.4 UPnP and ZyXEL ......................16-2 16.2 Accessing the Prestige Web Configurator to Configure UPnP ............16-2...
Page 15
Prestige 792H User’s Guide 21.2.3 Editing Filter Sets......................21-9 Chapter 22 LAN Setup..........................22-1 22.1 Ethernet Setup ..........................22-1 22.1.1 LAN Port Filter Setup ...................... 22-1 22.1.2 IP Alias Setup........................22-2 22.1.3 Route IP Setup........................22-3 22.1.4 TCP/IP Ethernet Setup and DHCP ................... 22-4 Chapter 23 Internet Access........................
Page 24
Prestige 792H User’s Guide Figure 32-4 Budget Management....................... 32-3 Figure 32-5 System Maintenance....................... 32-4 Figure 32-6 System Maintenance — Time and Date Setting ..............32-4 Figure 33-1 IP Routing Policy Setup ......................33-2 Figure 33-2 Sample IP Routing Policy Setup..................... 33-3 Figure 33-3 IP Routing Policy ........................
Page 25
Prestige 792H User’s Guide List of Tables Table 2-1 Password ............................2-4 Table 3-1 Wizard Screen: WAN Setup ......................3-5 Table 3-2 Wizard Screen: Internet Access ....................3-6 Table 3-3 Internet Connection with PPPoA ....................3-10 Table 3-4 Internet Connection with RFC 1483...................3-12 Table 3-5 Internet Connection with ENET ENCAP...................3-13 Table 3-6 Internet Connection with PPPoE....................3-15...
Page 26
Prestige 792H User’s Guide Table 12-3 Content Filter: Trusted ......................12-4 Table 12-4 Content Filter Logs ........................12-6 Table 13-1 VPN and NAT .......................... 13-6 Table 14-1 AH and ESP ..........................14-2 Table 14-2 VPN Summary ......................... 14-4 Table 14-3 Local ID Type and Content Fields ................... 14-6 Table 14-4 Peer ID Type and Content Fields .....................
Prestige 792H User’s Guide Preface Congratulations on your purchase of the Prestige 792H G.SHDSL Router. Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces.
Page 30
For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for “that is” or “in other words” throughout this manual. • The Prestige 792H may be referred to as the Prestige in this user’s guide. • Images of Prestige 792H are used throughout this document unless otherwise specified.
Prestige 792H User’s Guide Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can handle higher frequencies, the telephone switching equipment is designed to cut off signals above 4,000 Hz to filter noise off the voice line, but now everybody is searching for ways to get more bandwidth to improve access to the Web - hence DSL technologies.
Symmetrical High Speed Internet Access The Prestige 792H can support symmetrical transmission up to 2.3 Mbps, 40 times faster than a 56K analog modem. For NSP’s (Network Service Provider) convenience, the Prestige also supports rate management depending on distance and service charges.
Prestige 792H User’s Guide IPSec VPN Capability Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and the Internet to provide secure communications without the expense of leased site-to-site lines. The Prestige’s VPN is based on the IPSec standard and is fully interoperable with other IPSec-based VPN products.
Prestige 792H User’s Guide IP Alias IP Alias allows you to partition a physical network into logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network.
Page 38
Prestige 792H User’s Guide IRC, ICQ, RealAudio, VDOLive, Quake and PPTP. No extra configuration is needed to support these applications. SUA address mapping can also be used for other LAN-to-LAN connections. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Prestige and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
Prestige 792H User’s Guide Application Scenarios for the Prestige This section provides examples on how your Prestige can be used. 1.2.1 Internet Access Figure 1-1 Internet Access Application Your Prestige can act as either of the following: A bridge for multi-computer/MAC bridging (RFC-1483, bridged Ethernet/802.3).
Prestige 792H User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. Web Configurator Overview The embedded web configurator (ewc) allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled.
Prestige 792H User’s Guide Figure 2-1 Password Screen Step 6. You should now see the Site Map screen. The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you. Navigating the Prestige Web Configurator The following summarizes how to navigate the web configurator from the Site Map screen.
Prestige 792H User’s Guide Wizard Setup Navigation panel Logout Figure 2-2 Web Configurator SITE MAP Screen Click the HELP icon (located in the top right corner of most screens) to view embedded help. Configuring Password It is highly recommended that you change the password for accessing the Prestige.
Prestige 792H User’s Guide Figure 2-3 Password The following table describes the labels in this screen. Table 2-1 Password LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field.
Prestige 792H User’s Guide of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to “1234”, also. 2.5.1 Using The Reset Button Step 1. Make sure the SYS LED is on (not blinking).
Prestige 792H User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access settings and fill in the fields with the information in the Internet Account Information table of the Quick Start Guide or Read Me First.
Prestige 792H User’s Guide 3.2.3 Transfer Rates The Prestige supports the following symmetrical multi-rate data transmission speeds: 72, 136, 200, 264, 392, 520, 776, 1032, 1160, 1544, 1736, 2056 and 2312Kbps. You can increase the capacity of the Internet connection (within certain limitations) without changing your ISP or buying new equipment.
Prestige 792H User’s Guide ATM PVC (Permanent Virtual Circuit), which connects to ADSL Access Concentrator where the PPP session terminates. One PVC can support any number of PPP sessions from your LAN. For more information on PPPoE, see the appendix.
Prestige 792H User’s Guide is not practical to have a separate VC for each carried protocol, for example, if charging heavily depends on the number of simultaneous VCs. VPI and VCI Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers assigned to you.
Prestige 792H User’s Guide Table 3-1 Wizard Screen: WAN Setup LABEL DESCRIPTION Service Type Select Client if your Prestige will act as a client device or Server if your Prestige will act as a server (see Service Type). Transfer Rate Rate Adaption If you enable Rate Adaption, the Prestige connects at the optimal transfer rate between the min and max rates below.
Prestige 792H User’s Guide Table 3-2 Wizard Screen: Internet Access LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
Prestige 792H User’s Guide recommended that you select a network number from 192.168.0.0 to 192.168.255.0 and you must enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise.
Prestige 792H User’s Guide 3.8.3 IP Assignment with ENET ENCAP Encapsulation In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and ENET ENCAP Gateway fields as supplied by your ISP. However for a dynamic IP, the Prestige acts as a DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are not applicable (N/A) as the DHCP server assigns them to the Prestige.
Prestige 792H User’s Guide disabled. The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons. Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern 3.10 NAT...
Prestige 792H User’s Guide Figure 3-3 Internet Connection with PPPoA The following table describes the labels in this screen. Table 3-3 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form...
Page 57
Prestige 792H User’s Guide Table 3-3 Internet Connection with PPPoA LABEL DESCRIPTION IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Prestige 792H User’s Guide 3.11.2 RFC 1483 Select RFC 1483 from the Encapsulation drop-down list box in the first wizard screen to display the screen as shown. Figure 3-4 Internet Connection with RFC 1483 The following table describes the labels in this screen.
Prestige 792H User’s Guide Figure 3-5 Internet Connection with ENET ENCAP The following table describes the labels in this screen. Table 3-5 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Prestige 792H User’s Guide Table 3-5 Internet Connection with ENET ENCAP LABEL DESCRIPTION Network Address Select None, SUA Only or Full Feature from the drop-sown list box. Refer to the NAT Translation chapter for more details. Back Click Back to go back to the first wizard screen.
Prestige 792H User’s Guide Table 3-6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Configure User Name and Password fields for PPPoA and PPPoE encapsulation only. Enter the user name exactly as your ISP assigned. If assigned a name in the form...
Prestige 792H User’s Guide disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Prestige 792H User’s Guide If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next. Figure 3-8 Wizard: LAN Configuration The following table describes the labels in this screen. Table 3-7 Wizard: LAN Configuration...
Prestige 792H User’s Guide Table 3-7 Wizard: LAN Configuration LABEL DESCRIPTION DHCP DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client.
Prestige 792H User’s Guide Figure 3-9 Wizard Screen: Connection Tests 3.15 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete range of Prestige features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the Wizard Setup are correct.
Prestige 792H User’s Guide Chapter 4 LAN Setup This chapter describes how to configure LAN settings. LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Prestige 792H User’s Guide before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up.
Prestige 792H User’s Guide 4.4.1 Factory LAN Defaults The LAN parameters of the Prestige are preset in the factory with the following values: IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits) DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
Prestige 792H User’s Guide RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers.
Prestige 792H User’s Guide The following table describes the labels in this screen. Table 4-1 LAN LABEL DESCRIPTION DHCP DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 72
Prestige 792H User’s Guide Table 4-1 LAN LABEL DESCRIPTION Apply Click this button to save these settings back to the Prestige. Cancel Click this button to reset the fields in this screen. LAN Setup...
Prestige 792H User’s Guide Chapter 5 WAN Setup This chapter describes how to configure WAN settings. WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. See the Wizard Setup chapter for more information on the fields in the WAN screens.
Prestige 792H User’s Guide If you want the dial-backup route to take first priority over the traffic-redirect route or even the normal route, all you need to do is set the dial-backup route’s metric to "1" and the others to "2" (or greater).
Prestige 792H User’s Guide Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of real time data such as audio and video connections.
Prestige 792H User’s Guide Figure 5-1 Example of Traffic Shaping Configuring WAN Setup To change your Prestige’s WAN remote node settings, click WAN, WAN Setup. The screen differs by the encapsulation. WAN Setup...
Prestige 792H User’s Guide Table 5-1 WAN Setup LABEL DESCRIPTION Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for identification purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 79
Prestige 792H User’s Guide Table 5-1 WAN Setup LABEL DESCRIPTION Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535.
Prestige 792H User’s Guide Table 5-1 WAN Setup LABEL DESCRIPTION Subnet Mask Enter a subnet mask in dotted decimal notation. (ENET ENCAP Refer to the Subnetting appendix to calculate a subnet mask If you are implementing encapsulation only) subnetting. ENET ENCAP You must specify a gateway IP address (supplied by your ISP) when you select ENET ENCAP in the Encapsulation field.
Prestige 792H User’s Guide The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN or DMZ. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Prestige 792H User’s Guide To change your Prestige’s WAN backup settings, click WAN, then WAN Backup. The screen appears as shown. Figure 5-5 WAN Backup The following table describes the fields in this screen. 5-10 WAN Setup...
Prestige 792H User’s Guide Table 5-2 WAN Backup LABEL DESCRIPTION Backup Type Select the method that the Prestige uses to check the DSL connection. Select DSL Link to have the Prestige check the DSL connection’s physical layer. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Prestige 792H User’s Guide Table 5-2 WAN Backup LABEL DESCRIPTION Backup Gateway Type the IP address of your backup gateway in dotted decimal notation. The Prestige automatically forwards traffic to this IP address if the Prestige's Internet connection terminates. Dial Backup Active Select this check box to turn on dial backup.
Prestige 792H User’s Guide peer disconnects right after a successful authentication, make sure that you specify the correct authentication protocol when connecting to such an implementation. Configuring Advanced WAN Backup To edit your Prestige’s advanced WAN backup settings, click WAN, WAN Backup and then the Advanced Setup button.
Prestige 792H User’s Guide Figure 5-6 Advanced WAN Backup 5-14 WAN Setup...
Page 87
Prestige 792H User’s Guide The following table describes the fields in this screen. Advanced WAN Backup Table 5-3 LABEL DESCRIPTION Basic Login Name Type the login name assigned by your ISP. Password Type the password assigned by your ISP. Retype to Confirm Type your password again to make sure that you have entered is correctly.
Prestige 792H User’s Guide Advanced WAN Backup Table 5-3 LABEL DESCRIPTION Enable SUA Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network to a different IP address known within another network. SUA (Single User Account) is a subset of NAT that supports two types of mapping: Many-to-One and Server.
Prestige 792H User’s Guide Advanced WAN Backup Table 5-3 LABEL DESCRIPTION PPP Options Select CISCO PPP from the drop-down list box if your backup WAN device uses Encapsulation Cisco PPP encapsulation; otherwise select Standard PPP. Compression Select this check box to enable stac compression.
Prestige 792H User’s Guide For ISDN lines, there are many more protocols and operational modes. Please consult the documentation of your TA. You may need additional commands in both “Dial” and “Init” strings. 5.11 DTR Signal The majority of WAN devices default to hanging up the current call when the DTR (Data Terminal Ready) signal is dropped by the DTE.
Prestige 792H User’s Guide Figure 5-7 Advanced Modem Setup The following table describes the fields in this screen. Table 5-4 Advanced Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to make a call. Example: atdt Drop Type the AT Command string to drop a call.
Page 92
Prestige 792H User’s Guide Table 5-4 Advanced Modem Setup LABEL DESCRIPTION Drop DTR When Select this check box to have the Prestige drop the DTR (Data Terminal Ready) Hang Up signal after the "AT Command String: Drop" is sent out.
Page 93
NAT and Dynamic DNS Part II: NAT and Dynamic DNS This part covers NAT (Network Address Translation) and dynamic DNS (Domain Name Sever)
Prestige 792H User’s Guide Chapter 6 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Prestige 792H User’s Guide local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed. The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, for example, a web server and a telnet server, on your local network and make them accessible to the outside world.
Prestige 792H User’s Guide Figure 6-2 NAT Application With IP Alias 6.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.
Prestige 792H User’s Guide 5. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many-to-Many No Overload NAT mapping types.
Prestige 792H User’s Guide SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world.
Prestige 792H User’s Guide The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Table 6-3 Services and Port Numbers SERVICES PORT NUMBER ECHO FTP (File Transfer Protocol)
Prestige 792H User’s Guide Figure 6-3 Multiple Servers Behind NAT Example Selecting the NAT Mode Click NAT to open the following screen. Figure 6-4 NAT Mode The following table describes the labels in this screen.
Prestige 792H User’s Guide Table 6-4 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. Select this radio button if you have just one public WAN IP address for your Prestige. The SUA Only Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen.
Prestige 792H User’s Guide Figure 6-5 Edit SUA/NAT Server Set The following table describes the labels in this screen. Table 6-5 Edit SUA/NAT Server Set LABEL DESCRIPTION Start Port No. Enter a port number in this field. To forward only one port, enter the port number again in the End Port No. field.
Prestige 792H User’s Guide Table 6-5 Edit SUA/NAT Server Set LABEL DESCRIPTION End Port No. Enter a port number in this field. To forward only one port, enter the port number again in the Start Port No. field above and then enter it again in this field.
Prestige 792H User’s Guide Figure 6-6 Address Mapping Rules The following table describes the labels in this screen. Table 6-6 Address Mapping Rules LABEL DESCRIPTION Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping.
Prestige 792H User’s Guide Table 6-6 Address Mapping Rules LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account...
Prestige 792H User’s Guide The following table describes the labels in this screen. Table 6-7 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One: One-to-One mode maps one local IP address to one global IP address.
Prestige 792H User’s Guide Chapter 7 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.).
Prestige 792H User’s Guide Figure 7-1 DDNS The following table describes the labels in this screen. Table 7-1 DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider.
Page 111
Firewall and Content Filter Part III: Firewall and Content Filter This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules and an overview of content filtering.
Prestige 792H User’s Guide Chapter 8 Firewall This chapter gives some background information on firewalls and introduces the Prestige firewall. Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access- control policy between two networks.
Prestige 792H User’s Guide Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. Robust authentication and logging pre-authenticates application traffic before it reaches internal hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Prestige 792H User’s Guide Figure 8-1 Prestige Firewall Application Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Prestige 792H User’s Guide Table 8-1 Common IP Ports Telnet HTTP SMTP POP3 8.4.2 Types of DoS Attacks There are four types of DoS attacks: 1. Those that exploit bugs in a TCP/IP implementation. 2. Those that exploit weaknesses in the TCP/IP specification.
Prestige 792H User’s Guide Figure 8-2 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment).
Prestige 792H User’s Guide 2-b In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
Prestige 792H User’s Guide The only legal NetBIOS commands are the following - all others are illegal. Table 8-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables.
Prestige 792H User’s Guide Allows all sessions originating from the LAN (local network) to the WAN (Internet). Denies all sessions originating from the WAN to the LAN. Figure 8-5 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as demonstrates how stateful inspection works.
Prestige 792H User’s Guide 4. Based on the obtained state information, a firewall rule creates a temporary access list entry that is inserted at the beginning of the WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets of the same connection as the outbound packet just inspected.
Prestige 792H User’s Guide Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the Prestige itself (as with the "virtual connections" created for UDP and ICMP).
Prestige 792H User’s Guide 8.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple network connections simultaneously. In general terms, they usually have a "control connection" which is used for sending commands between endpoints, and then "data connections" which are used for transmitting bulk information.
Prestige 792H User’s Guide 1. Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk.
Prestige 792H User’s Guide 8.7.1 Packet Filtering: The router filters packets as they pass through the router’s interface according to the filter rules you designed. Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if you need a chain of rules to filter a service.
Page 126
Prestige 792H User’s Guide To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters cannot distinguish traffic originating from an inside host or an outside host by IP address. The firewall performs better than filtering if you need to check many rules.
Prestige 792H User’s Guide Chapter 9 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. Remote Management and the Firewall When remote management is configured to allow management (see the Remote Management chapter) and the firewall is enabled: The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it.
Prestige 792H User’s Guide Configuring E-mail Alerts To change your Prestige’s E-mail log settings, click Advanced Setup, Firewall, and then E-mail. The screen appears as shown. This screen is not available on all models. Use the E-Mail screen to configure to where the Prestige is to send logs; the schedule for when the Prestige is to send the logs and which logs and/or immediate alerts the Prestige is to send.
Prestige 792H User’s Guide Table 9-1 E-mail LABEL DESCRIPTION E-mail Alerts To Alerts are sent to the e-mail address specified in this field. If this field is left blank, alerts will not be sent via e-mail. Return Address Type an E-mail address to identify the Prestige as the sender of the e-mail messages i.e., a "return-to-sender"...
Prestige 792H User’s Guide 9.4.1 Alerts Alerts are reports on events, such as attacks, that you may want to know about right away. You can choose to generate an alert when an attack is detected in the Alert screen (Figure 9-3 - select the Generate alert when...
Prestige 792H User’s Guide delete half-open sessions as necessary, until the rate of new connection attempts drops below another threshold (one-minute low). The rate is the number of new attempts detected in the last one-minute sample period. TCP Maximum Incomplete and Blocking Time An unusually high number of half-open sessions with the same destination host address could indicate that a Denial of Service attack is being launched against the host.
Prestige 792H User’s Guide Figure 9-3 Alert The following table describes the labels in this screen. Table 9-2 Alert LABEL DESCRIPTION Generate alert Select this check box to generate an alert whenever an attack is detected. when attack detected Denial of Services Thresholds...
Page 133
Prestige 792H User’s Guide Table 9-2 Alert LABEL DESCRIPTION One Minute High This is the rate of new half-open sessions that causes the firewall to start deleting half-open sessions. The default is "100". When the rate of new connection attempts rises above this number, the Prestige deletes half-open sessions as required to accommodate new connection attempts.
Prestige 792H User’s Guide Chapter 10 Creating Custom Rules This chapter contains instructions for defining both Local Network and Internet rules. 10.1 Rules Overview Firewall rules are subdivided into “Local Network” and “Internet”. By default, the Prestige’s stateful packet inspection allows all communications to the Internet that originate from the local network, and blocks all traffic to the LAN that originates from the Internet.
Prestige 792H User’s Guide 3. What is the direction connection: from the LAN to the Internet, or from the Internet to the LAN? 4. What IP services will be affected? 5. What computers on the LAN are to be affected (if any)? 6.
Prestige 792H User’s Guide Source Address What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? Destination Address What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? 10.3 Connection Direction...
Prestige 792H User’s Guide 10.3.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it.
Prestige 792H User’s Guide Figure 10-3 Firewall Logs The following table describes the labels in this screen. Table 10-1 Firewall Logs LABEL DESCRIPTION EXAMPLE This is the index number of the firewall log. 128 entries are available numbered from 0 to 127. Once they are all used, the log will wrap around and the old logs will be lost.
Prestige 792H User’s Guide Table 10-1 Firewall Logs LABEL DESCRIPTION EXAMPLE Reason This field states the reason for the log; i.e., was the rule not match matched, not matched, or was there an attack. The set and <1,01> dest IP rule coordinates (<X, Y>...
Prestige 792H User’s Guide Click on Firewall, then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed. The ordering of your rules is very important as rules are applied in turn.
Prestige 792H User’s Guide Table 10-2 Firewall Rules Summary: First Screen LABEL DESCRIPTION The default action for Use the drop-down list box to select whether to Block (silently discard) or packets not matching Forward (allow the passage of) packets that do not match the following rules.
Prestige 792H User’s Guide defines the service. (Note that there may be more than one IP protocol type. For example, look at the default configuration labeled “(DNS)”. means UDP port 53 and TCP port 53. Up to 128 entries are (UDP/TCP:53) supported.
Page 144
Prestige 792H User’s Guide Table 10-3 Predefined Services SERVICE DESCRIPTION NEWS(TCP:144) A protocol for news groups. NFS(UDP:2049) Network File System - NFS is a client/server distributed file service that provides transparent file-sharing for network environments. NNTP(TCP:119) Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
Prestige 792H User’s Guide Table 10-3 Predefined Services SERVICE DESCRIPTION SSDP(UDP:1900) Simple Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using UDP port 1900. SSH(TCP/UDP:22) Secure Shell Remote Login Program.
Prestige 792H User’s Guide Figure 10-5 Creating/Editing A Firewall Rule The following table describes the labels in this screen. Table 10-4 Creating/Editing A Firewall Rule LABEL DESCRIPTION Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one.
Prestige 792H User’s Guide Table 10-4 Creating/Editing A Firewall Rule LABEL DESCRIPTION Destination Address Click DestAdd to add a new address, DestEdit to edit an existing one or DestDelete to delete one. Services Select a service in the Available Services box on the left, then click >> to select.
Prestige 792H User’s Guide Figure 10-6 Adding/Editing Source and Destination Addresses The following table describes the labels in this screen. Table 10-5 Adding/Editing Source and Destination Addresses LABEL DESCRIPTION Address Type Do you want your rule to apply to packets with a particular (single) IP address, a range of IP addresses (e.g., 192.168.1.10 to 192.169.1.50), a subnet or any IP...
Prestige 792H User’s Guide 10.8.1 Factors Influencing Choices for Timeout Values The factors influencing choices for timeout values are the same as the factors influencing choices for threshold values – see section 9.4.2. Click Timeout for either Local Network or Internet.
Page 150
Prestige 792H User’s Guide Table 10-6 Timeout LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to return to the previous configuration. 10-16...
Prestige 792H User’s Guide Chapter 11 Customized Services This chapter covers creating, viewing and editing custom services. 11.1 Introduction to Customized Services Configure customized services and port numbers not predefined by the Prestige (see Figure 10-5). For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
Prestige 792H User’s Guide Table 11-1 Customized Services LABEL DESCRIPTION Customized Services This is the number of your customized port. Click a rule’s number of a service to go to the Firewall Customized Services Config screen to configure or edit a customized service.
Prestige 792H User’s Guide Table 11-2 Creating/Editing A Customized Service LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Prestige 792H User’s Guide Step 4. Click ScrAdd to open the Rule IP Config screen. Configure it as follows and click Apply. Figure 11-4 Configure Source IP Example Step 5. Click Edit Available Service in the Edit rule screen and then click a rule number to bring up the Firewall Customized Services Config screen.
Prestige 792H User’s Guide Step 6. Follow the procedures outlined earlier in this chapter to configure all your rules. Configure the rule configuration screen like the one below and apply it. This is the address range of the MyService computers.
Prestige 792H User’s Guide Step 7. On completing the configuration procedure for these Internet firewall rules, the Rule Summary screen should look like the following. Don’t forget to click Apply when you have finished configuring your rule(s) to save your settings back to the Prestige.
Prestige 792H User’s Guide Chapter 12 Content Filtering This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Prestige 792H User’s Guide Figure 12-1 Content Filter: Keyword The following table describes the labels in this screen. Table 12-1 Content Filter: Keyword LABEL DESCRIPTION Enable Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured the Prestige contain these keywords in to block.
Prestige 792H User’s Guide Table 12-1 Content Filter: Keyword LABEL DESCRIPTION Add Keyword Click Add Keyword after you have typed a keyword. Repeat this procedure to add other keywords. Up to 127 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.
Prestige 792H User’s Guide Table 12-2 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Use the 24 hour format to configure which time of the day (or select the All day check box)
Prestige 792H User’s Guide Table 12-3 Content Filter: Trusted LABEL DESCRIPTION Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer.
Prestige 792H User’s Guide Table 12-4 Content Filter Logs LABEL DESCRIPTION Page Choose a page of logs from the drop-down list box to display. This is the index number of the content filter log. Time This field displays the time of the log.
Page 163
VPN/IPSec Part IV: VPN/IPSec This part provides information about configuring VPN/IPSec for secure communications.
Prestige 792H User’s Guide Chapter 13 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 13.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Prestige 792H User’s Guide Figure 13-1 Encryption and Decryption Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Prestige 792H User’s Guide 13.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 13-4 Transport and Tunnel Mode IPSec Encapsulation 13.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Prestige 792H User’s Guide computing its own hash value, and complain that the hash value appended to the received packet doesn't match. The VPN device at the receiving end doesn't know about the NAT in the middle, so it assumes that the data has been maliciously altered.
Prestige 792H User’s Guide Chapter 14 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the Reference Guide for IPSec log description 14.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections.
Prestige 792H User’s Guide Table 14-1 AH and ESP DES (default) MD5 (default) Data Encryption Standard (DES) is a widely used method MD5 (Message Digest 5) produces a 128-bit of data encryption using a private (secret) key. DES digest to authenticate packet data.
Prestige 792H User’s Guide The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE key management and not Manual key management. 14.5 VPN Summary Screen The following figure helps explain the main fields in the web configurator.
Prestige 792H User’s Guide Figure 14-2 VPN Summary The following table describes the labels in this screen. Table 14-2 VPN Summary LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for this VPN policy.
Prestige 792H User’s Guide Table 14-2 VPN Summary LABEL DESCRIPTION IPSec Algorithm This field displays the security protocols used for an SA. Both AH and ESP increase Prestige processing requirements and communications latency (delay). Secure Gateway This is the IP address of the remote IPSec router. This must be a fixed, public IP address for traffic going through the Internet.
Prestige 792H User’s Guide With main mode (see section 14.10.1), the ID type and content are encrypted to provide identity protection. In this case the Prestige can only distinguish between up to eight different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses. The Prestige can distinguish up to eight...
Prestige 792H User’s Guide Table 14-5 Matching ID Type and Content Configuration Example PRESTIGE A PRESTIGE B Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2 Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2...
Prestige 792H User’s Guide The following table describes the labels in this screen. Table 14-7 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Keep Alive Select either Yes or No from the drop-down list box.
Page 180
Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION Local Address Type Use the drop-down menu to choose Single, Range, or Subnet. Select Single for a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask.
Page 181
Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION End / Subnet Mask When the Remote Address Type field is configured to Single, enter the IP address in the IP Address Start field again here. When the Remote Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Page 182
Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the Prestige automatically use the address in the Secure Gateway Address field.
Prestige 792H User’s Guide Table 14-7 VPN IKE LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet Algorithm data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.
Prestige 792H User’s Guide Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime period expires. If an IKE SA times out when an IPSec SA is already established, the IPSec SA stays connected.
Prestige 792H User’s Guide previous and subsequent keys are not compromised, because subsequent keys are not derived from previous keys. The (time-consuming) Diffie-Hellman exchange is the trade-off for this extra security. This may be unnecessary for data that does not require such security, so PFS is disabled (None) by default in the Prestige.
Prestige 792H User’s Guide The following table describes the labels in this screen. Table 14-8 VPN IKE: Advanced LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 187
Prestige 792H User’s Guide Table 14-8 VPN IKE: Advanced LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Prestige 792H User’s Guide Table 14-8 VPN IKE: Advanced LABEL DESCRIPTION Encryption Select DES, 3DES or NULL from the drop-down list box. Algorithm When DES is used for data communications, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Prestige 792H User’s Guide 14.12.1 Security Parameter Index (SPI) An SPI is used to distinguish different SAs terminating at the same destination and using the same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The SPI (Security Parameter Index) along with a destination IP address uniquely identify a particular Security Association (SA).
Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the Prestige drops trailing spaces.
Page 192
Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION IP Address Start When the Local Address Type field is configured to Single, enter a (static) IP address on the LAN behind your Prestige. When the Local Address Type field is configured to Range, enter the beginning (static) IP address, in a range of computers on your LAN behind your Prestige.
Page 193
Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION My IP Address Enter the WAN IP address of your Prestige. The Prestige uses its current WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.
Prestige 792H User’s Guide Table 14-9 VPN Manual Key LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Delete Click Delete to remove the current rule. 14.14 Viewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown.
Prestige 792H User’s Guide Figure 14-7 SA Monitor The following table describes the labels in this screen. Table 14-10 SA Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy.
Prestige 792H User’s Guide Table 14-10 SA Monitor LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the Prestige. Click Refresh to display the current active VPN connection(s). Refresh 14.15 Configuring Global Setting...
Prestige 792H User’s Guide Table 14-11 Global Setting LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. 14.16 Configuring IPSec Logs To view IPSec logs in this screen, click Advanced Setup, VPN, and then Logs to open the screen shown next.
Prestige 792H User’s Guide This screen is useful for troubleshooting. A log index number, the date and time the log was created and a log message are displayed. Double exclamation marks (!!) denote an error or warning message. The following table shows sample log messages during IKE key exchange.
Prestige 792H User’s Guide Table 14-13 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Local / remote IPs of incoming If the security gateway is “0.0.0.0”, the Prestige will request conflict with rule <#d> use the peer’s “Local Addr” as its “Remote Addr”. If this IP (range) conflicts with a previously configured rule then the connection is not allowed.
Prestige 792H User’s Guide 14.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The Prestige at headquarters has a static public IP address.
Prestige 792H User’s Guide Table 14-16 Telecommuters Sharing One VPN Rule Example HEADQUARTERS TELECOMMUTERS Local IP Address: 192.168.1.10 Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote IP 0.0.0.0 (N/A) 192.168.1.10 Address: 14.17.2 Telecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
Prestige 792H User’s Guide Figure 14-11 Telecommuters Using Unique VPN Rules Example Table 14-17 Telecommuters Using Unique VPN Rules Example HEADQUARTERS TELECOMMUTERS All Headquarters Rules: All Telecommuter Rules: My IP Address: bigcompanyhq.com My IP Address 0.0.0.0 Local IP Address: 192.168.1.10 Secure Gateway Address: bigcompanyhq.com...
Prestige 792H User’s Guide 14.18 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW SNMP, DNS or ICMP, then you should configure remote management (REMOTE MGNT) to allow access for that service. 14-34 VPN Screens...
Page 205
Remote Management and UPnP Part V: Remote Management and UPnP This part contains Remote Management and UPnP...
Prestige 792H User’s Guide Chapter 15 Remote Management Configuration This chapter provides information on configuring remote management 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via:...
Prestige 792H User’s Guide Use the Prestige’s WAN IP address when configuring from the WAN. Use the Prestige’s LAN IP address when configuring from the LAN. 15.1.3 System Timeout There is a system timeout of five minutes (three hundred seconds) for either the console port or telnet/web/FTP connections.
Prestige 792H User’s Guide 15.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 15-2 Remote Management The following table describes the labels in this screen. Table 15-1 Remote Management LABEL DESCRIPTION Server Type Each of these labels denotes a service that you may use to remotely manage the Prestige.
Prestige 792H User’s Guide Chapter 16 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer- to-peer network connectivity between devices.
Prestige 792H User’s Guide All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 16.1.4 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP™...
Prestige 792H User’s Guide Figure 16-1 Configuring UPnP Table 16-1 Configuring UPnP FIELD DESCRIPTION Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use a and Play (UPnP) Service UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Page 214
Prestige 792H User’s Guide Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. Step 1. Click Start and Control Panel. Double-click Add/Remove Programs. Step 2. Click on the Windows Setup tab and select Communication in the Components selection box.
Page 215
Prestige 792H User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Step 1. Click start and Control Panel. Step 2. Double-click Network Connections. Step 3. In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Prestige 792H User’s Guide 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige. Make sure the computer is connected to a LAN port of the Prestige. Turn on your computer and the Prestige.
Page 217
Prestige 792H User’s Guide Step 3. Step 4. In the Internet Connection Properties You may edit or delete the port window, click Settings to see the port mappings or click Add to mappings there were automatically created. manually add port mappings.
Page 218
Prestige 792H User’s Guide Step 6. Double-click on the icon to display your current Internet connection status. Web Configurator Easy Access Example With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first.
Page 219
Prestige 792H User’s Guide Step 4. An icon with the description for each UPnP-enabled device displays under Local Network. Step 5. Right-click on the icon for your Prestige and select Invoke. The web configurator login screen displays. Step 6. Right-click on the icon for your Prestige and select Properties.
Page 221
Maintenance Part VI: Maintenance This part covers the maintenance screens.
Prestige 792H User’s Guide Chapter 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 17.1 Maintenance Overview Use the maintenance screens to view system information, upload new firmware, manage configuration and restart your Prestige.
Page 224
Prestige 792H User’s Guide Figure 17-1 System Status The following table describes the labels in this screen. 17-2 Maintenance...
Prestige 792H User’s Guide Table 17-1 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS F/W Version This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Operating System design.
Prestige 792H User’s Guide 17.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable.
Page 227
Prestige 792H User’s Guide Table 17-2 System Status: Show Statistics LABEL DESCRIPTION WAN Port Statistics This is the WAN port. Link Status This is the status of your WAN link. Transfer Rate This is the transfer rate in kbps. Node-Link This field displays the remote node index number and link type.
Prestige 792H User’s Guide 17.3 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Prestige as a DHCP server or disable it.
Prestige 792H User’s Guide Figure 17-4 Diagnostic 17.4.1 Diagnostic General Screen Click Diagnostic and then General to open the screen shown next. Figure 17-5 Diagnostic General The following table describes the labels in this screen. Maintenance 17-7...
Prestige 792H User’s Guide Table 17-4 Diagnostic General LABEL DESCRIPTION TCP/IP Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered.
Prestige 792H User’s Guide Table 17-5 Diagnostic DSL Line LABEL DESCRIPTION Reset xDSL Click this button to reinitialize the xDSL line. The large text box above then displays the Line progress and results of this operation, for example: “Start to reset xDSL...
Prestige 792H User’s Guide Figure 17-7 Firmware Upgrade The following table describes the labels in this screen. Table 17-6 Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
Prestige 792H User’s Guide Figure 17-8 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Back to go back to the Firmware screen.
Page 235
SMT General Configuration SMT General Configuration This part covers System Management Terminal configuration for general setup, LAN setup, wireless LAN setup, Internet access, remote nodes, remote node TCP/IP, static routing and NAT. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Prestige 792H User’s Guide Chapter 18 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 18.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
Prestige 792H User’s Guide Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Enter Password : **** Figure 18-1 Login Screen 18.1.4 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige.
Prestige 792H User’s Guide Prestige 650HW Main Menu Menu 3 Menu 4 Menu 12 Menu 14 Menu 15 Menu 1 Menu 11 LAN Setup General Setup Internet Access Static Routing Setup Dial-in User Setup NAT Setup Remote Node Setup Setup Menu 1.1...
Prestige 792H User’s Guide 18.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Prestige 792H User’s Guide Table 18-2 Main Menu Summary MENU TITLE DESCRIPTION Schedule Setup Use this menu to schedule outgoing calls. VPN/IPSec Setup Use this menu to configure VPN connections on the Prestige 650H/HW. Exit Use this to exit from SMT and return to a blank screen.
Prestige 792H User’s Guide Chapter 19 General Setup Menu 1 - General Setup contains administrative and system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Prestige 792H User’s Guide Menu 1 - General Setup System Name= ? Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Figure 19-1 Menu 1 General Setup Fill in the required fields.
Prestige 792H User’s Guide 19.2.1 Configuring Dynamic DNS If you have a private WAN IP address, then you cannot use Dynamic DNS. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field.
Prestige 792H User’s Guide Chapter 20 WAN Setup This chapter shows you how to configure the WAN settings of your Prestige 20.1 WAN Setup Use Menu 2 – WAN Setup to configure G.SHDSL settings for your WAN line. Different telephone companies deploy different types of G.SHDSL service.
Prestige 792H User’s Guide Table 20-1 WAN Setup FIELD DESCRIPTION Service Type Press [SPACE BAR] to select Server (COE) or Client (CPE). Rate Adaption Press [SPACE BAR] to select Enable (activate) or Disable (deactivate). Transfer Max Rate Press [SPACE BAR] to select a Transfer Max Rate greater than or equal to (2312 Kbps) the Transfer Min Rate and press [ENTER] to continue.
Prestige 792H User’s Guide Chapter 21 Dial Backup This chapter shows you how to configure Dial Backup for your Prestige 21.1 Dial Backup Overview To set up the auxiliary port (Dial Backup or CON/AUX) for use in the event that the regular WAN...
Prestige 792H User’s Guide Table 21-1 Menu 2: Dial Backup Setup FIELD DESCRIPTION EXAMPLE Dial-Backup: Use this field to turn the dial-backup feature on (Yes) or off (No). Active Port Speed Press [SPACE BAR] and then press [ENTER] to select the speed of the 115200 connection between the Dial Backup port and the external device.
Prestige 792H User’s Guide Menu 2.1 - Advanced WAN Setup AT Command Strings: Call Control: Dial= atdt Dial Timeout(sec)= 60 Drop= ~~+++~~ath Retry Count= 0 Answer= ata Retry Interval(sec)= N/A Drop Timeout(sec)= 20 Drop DTR When Hang Up= Yes Call Back Delay(sec)= 15...
Prestige 792H User’s Guide Table 21-2 Advanced WAN Port Setup: AT Commands Fields FIELD DESCRIPTION DEFAULT Speed Enter the keyword preceding the connection speed. CONNECT Table 21-3 Advanced WAN Port Setup: Call Control Parameters FIELD DESCRIPTION DEFAULT Call Control Dial Timeout (sec)
Prestige 792H User’s Guide Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Edit PPP Options= No Active= Yes Rem IP Addr= 0.0.0.0 Edit IP= No Outgoing: My Login= My Password= ******** Telco Option: Authen= CHAP/PAP Allocated Budget(min)= 0...
Page 254
Prestige 792H User’s Guide Table 21-4 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Pri Phone # Enter the first (primary) phone number from the ISP for this remote node. If the Primary Phone number is busy or does not answer, your Sec Phone # Prestige dials the Secondary Phone number if available.
Prestige 792H User’s Guide Table 21-4 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Once you have configured this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel.
Prestige 792H User’s Guide Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.3 - Network Layer Options. Menu 11.3 - Remote Node Network Layer Options Rem IP Addr= 0.0.0.0...
Prestige 792H User’s Guide Table 21-5 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private (default) and not included in RIP broadcasts.
Prestige 792H User’s Guide Chapter 22 LAN Setup This chapter shows you how to configure the LAN settings for your Prestige 22.1 Ethernet Setup This section describes how to configure the Ethernet using Menu 3 – Ethernet Setup. From the main menu, enter 3 to open the menu as follows.
Prestige 792H User’s Guide If you need to define filters, please read the Filter Configuration chapter first, then return to this menu. 22.1.2 IP Alias Setup Use Menu 3.2 to configure the first network. To edit Menu 3.2, enter 3 from the main menu to display Menu 3 —...
Prestige 792H User’s Guide Figure 22-4 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. Table 22-1 IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias Choose Yes to configure the LAN network for the Prestige.
Prestige 792H User’s Guide Menu 1 - General Setup System Name= P650HW Location= location Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No Press ENTER to Confirm or ESC to Cancel: Figure 22-5 General Setup 22.1.4 TCP/IP Ethernet Setup and DHCP...
Prestige 792H User’s Guide Table 22-2 TCP/IP and DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE DHCP Setup DHCP If set to Server, your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows Server NT and other systems that support the DHCP client.
Page 264
Prestige 792H User’s Guide Table 22-2 TCP/IP and DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE Multicast IGMP (Internet Group Multicast Protocol) is a network-layer None protocol used to establish membership in a Multicast group. (default) The Prestige supports both IGMP version 1 (IGMP-v1) and SPACE BAR] version 2 ( IGMP-v2).
Prestige 792H User’s Guide Chapter 23 Internet Access This chapter shows you how to configure your Prestige for Internet Access 23.1 Internet Access Overview This section provides information on configuring your Prestige for Internet access. It includes information on encapsulation types, IP address assignment and ATM networks.
Page 266
Prestige 792H User’s Guide Table 23-1 Internet Access Setup FIELD DESCRIPTION EXAMPLE ISP’s Name Enter the name of your Internet Service Provider. This ChangeMe information is for identification purposes only. Encapsulation SPACE BAR ENET ENCAP Press [ ] to select the method of encapsulation used by your ISP.
Page 267
Prestige 792H User’s Guide Table 23-1 Internet Access Setup FIELD DESCRIPTION EXAMPLE Idle Timeout This value specifies the number of idle seconds that elapse before the Prestige automatically disconnects the PPPoE session. Dynamic IP Address SPACE BAR Press [ ] to select Static or Dynamic address Assignment assignment.
Prestige 792H User’s Guide Chapter 24 Remote Node Configuration This chapter covers remote node configuration. 24.1 Remote Node Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Prestige 792H User’s Guide Edit IP/Bridge Options Menu 11.1 - Remote Node Profile in menu 11.3. Rem Node Name= myISP Route= IP Active= Yes Bridge= No Encapsulation= RFC-1483 Edit IP/Bridge= No Multiplexing= VC-based Edit ATM Options= No Edit ATM Options in Incoming: menu 11.6.
Page 274
Prestige 792H User’s Guide Table 24-1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Password Type the password used when this remote node calls your Prestige. Outgoing: Type the login name assigned by your ISP when the My Login Prestige calls this remote node.
Prestige 792H User’s Guide Table 24-1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Schedule Sets This field is only applicable for PPPoE and PPPoA encapsulation. You can apply up to four schedule sets here. For more details please refer to the Call Schedule Setup chapter.
Prestige 792H User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Dynamic Ethernet Addr Timeout (min)= N/A Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature...
Page 277
Prestige 792H User’s Guide Table 24-2 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you have SUA Only multiple public WAN IP addresses for your Prestige. Select SUA Only if you have just one public WAN IP address for your Prestige.
Prestige 792H User’s Guide 24.3.1 My WAN Addr Sample IP Addresses The following diagram explains the sample IP addresses to help you understand the field of My Wan Addr in Menu 11.3. My WAN Addr indicates the local Prestige WAN IP while Rem IP Addr indicates the peer WAN IP.
Prestige 792H User’s Guide 24.5.1 VC-based Multiplexing (non-PPP Encapsulation) For VC-based multiplexing, by prior agreement, a protocol is assigned a specific virtual circuit, e.g., VC1 will carry IP, VC2 will carry IPX, etc. Separate VPI and VCI numbers must be specified for each protocol.
Page 281
Prestige 792H User’s Guide In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (1 to 31 is reserved for local management of ATM traffic).
Prestige 792H User’s Guide Chapter 25 Static Route Setup This chapter shows how to setup IP static routes. 25.1 Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Prestige 792H User’s Guide Step 1. To configure an IP static route, use Menu 12 – Static Route Setup (shown next). See the bridging chapter for more information on Bridge Static Routes. Menu 12 - Static Route Setup 1. IP Static Route 3.
Prestige 792H User’s Guide Menu 12.1.1 - Edit IP Static Route Route #: 1 Route Name= myIPStatic_Route Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ESC to Cancel:...
Prestige 792H User’s Guide Chapter 26 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 26.1 Bridging Overview Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP) address. Bridging allows the Prestige to transport packets of network layer protocols that it does not route, for example, SNA, from one network to another.
Prestige 792H User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT= Full Feature...
Prestige 792H User’s Guide Menu 12.3 - Bridge Static Route Setup 1. ________ 2. ________ 3. ________ 4. ________ Enter selection number: Figure 26-2 Bridge Static Route Setup Choose a static route to edit in menu 12.3. You configure bridge static routes in menu 12.3.1 as shown next.
Page 290
Prestige 792H User’s Guide FIELD DESCRIPTION When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Prestige 792H User’s Guide Chapter 27 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 27.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Prestige 792H User’s Guide Menu 4 - Internet Access Setup ISP's Name= test Encapsulation= RFC 1483 Multiplexing= LLC-based VPI #= 1 VCI #= 1 Service Name= N/A My Login= N/A My Password= N/A NAT= SUA Only Address Mapping Set= N/A IP Address Assignment= Static IP Address= 0.0.0.0...
Prestige 792H User’s Guide Table 27-1 Applying NAT to the Remote Node FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you Full Feature have multiple public WAN IP addresses for your Prestige. The SMT uses the address mapping set that you configure and enter in the Address Mapping Set field (menu 15.1 - see section 27.3.1).
Prestige 792H User’s Guide Menu 15.1 - Address Mapping Sets 255. SUA (read only) Enter Menu Selection Number: Enter Menu Selection Number: Figure 27-4 Address Mapping Sets Enter 255 to display the next screen (see also section 27.1). The fields in this menu cannot be changed.
Page 295
Prestige 792H User’s Guide Table 27-2 Address Mapping Rules - SUA FIELD DESCRIPTION EXAMPLE Local Start IP Local Start IP is the starting local IP address (ILA) 0.0.0.0 Local End IP is the ending local IP address (ILA). If the Local End IP 255.255.255.255...
Prestige 792H User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= ? Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: Figure 27-6 Address Mapping Rules If the Set Name field is left blank, the entire set will be deleted.
Page 297
Prestige 792H User’s Guide FIELD DESRIPTION EXAMPLE Action The default is Edit. Edit means you want to edit a selected rule (see Edit following field). Insert Before means to insert a rule before the rule selected. The rules after the selected rule will then be moved down by one rule.
Prestige 792H User’s Guide Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= = N/A Global IP: Start= = N/A Server Mapping Set= N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 27-7 Editing/Configuring an Individual Rule in a Set...
Prestige 792H User’s Guide 27.3.2 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup. Step 2. Enter 2 to display Menu 15.2 - NAT Server Sets as shown next.
Prestige 792H User’s Guide Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 27-9 NAT Server Setup Step 4.
Prestige 792H User’s Guide Figure 27-10 Multiple Servers Behind NAT Example 27.4 General NAT Examples This section provides some examples with Network Address Translation. 27.4.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Prestige 792H User’s Guide From menu 4, choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in section 27.4. The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case.
Prestige 792H User’s Guide Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 27-14 NAT Example 2 - Menu 15.2.1...
Prestige 792H User’s Guide Figure 27-15 NAT Example 3 Step 1. In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3).
Prestige 792H User’s Guide Step 5. In menu 15.1.1.1, select Type as One-to-One (direct mapping for packets going both ways), and set the local Start IP as 192.168.1.10 (the IP address of FTP Server 1) and the global Start IP as 10.132.50.1 (our first IGA). See the figure below.
Page 307
Prestige 792H User’s Guide Now configure the IGA3 to map to our web server and mail server on the LAN. Step 8. Enter 15 from the main menu. Step 9. Enter 2 in Menu 15 - NAT Setup. Step 10. Enter 1 in Menu 15.2 - NAT Server Sets and enter 1 again to see the following menu.
Prestige 792H User’s Guide Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 27-19 Example 3- Menu 15.2...
Prestige 792H User’s Guide Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to-One and Many-to-Many No Overload mapping types. Follow the steps outlined in example 3 to configure these two menus as follows.
Prestige 792H User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50.3 M:M NO OV Action= Edit...
Advanced Management Part IX: Advanced Management This part discusses Filter Configuration, SNMP, System Maintenance and IP Policy Routing, Call Scheduling and Remote Management.
Prestige 792H User’s Guide Chapter 28 Filter Configuration This chapter shows you how to create and apply filters. 28.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
Prestige 792H User’s Guide Call Filtering Active Data match Built-in User-defined match match Outgoing Initiate call default Call Filters Data Packet if line not up Call Filters (if applicable) Send packet and reset Idle Timer Match Match Match Drop Drop packet...
Prestige 792H User’s Guide Start Packet intoFilter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available? Execute Filter Rule Check Next Rule...
Prestige 792H User’s Guide For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. The Filter Structure of the Prestige A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name.
Prestige 792H User’s Guide Step 3. Type a descriptive name or comment in the Edit Comments field and press [ENTER]. Step 4. Press [ENTER] at the message Press ENTER to confirm…” to display Menu 21.1 – Filter “ Rules Summary (that is, if you selected filter set 1 in menu 21).
Prestige 792H User’s Guide Menu 21.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: Figure 28-6 Telnet_WAN Filter Rules Summary Menu 21.4 - Filter Rules Summary...
Prestige 792H User’s Guide Menu 21.5 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------------------------------------------------- - - - 1 Y IP PR=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D F Enter Filter Rule Number (1-6) to Configure: Figure 28-8 FTP_WAN Filter Rules Summary Menu 21.11 - Filter Rules Summary...
Prestige 792H User’s Guide Menu 21.11 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21...
Prestige 792H User’s Guide FIELD DESCRIPTION Action Not Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N” means to check the next rule. The protocol dependent filter rules abbreviation are listed as follows:...
Prestige 792H User’s Guide 28.3.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 323
Prestige 792H User’s Guide Table 28-3 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE IP Protocol This is the upper layer protocol, for example, TCP is 6, 0 to 255 UDP is 17 and ICMP is 1. The value must be between 0 and 255.
Page 324
Prestige 792H User’s Guide Table 28-3 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Select the logging option from the following: None – No packets will be logged. None Action Matched – Only packets that match the rule parameters will be logged.
Prestige 792H User’s Guide Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr Matched Check Not Matched IP Protocol Matched Check Src &...
Prestige 792H User’s Guide 28.3.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
Prestige 792H User’s Guide Table 28-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third rule of that set.
Prestige 792H User’s Guide 28.4 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter (TCP/IP) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets.
Prestige 792H User’s Guide Figure 28-15 Sample Telnet Filter Step 1. Enter 21 from the main menu to open Menu 21 — Filter Set Configuration. Step 2. Enter the index number of the filter set you want to configure (in this case 3) Step 3.
Prestige 792H User’s Guide Menu 21.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: 1 This shows you that you have M = N means an action can be taken immediately.
Prestige 792H User’s Guide Press [SPACE BAR] to choose this Menu 21.3.1 - TCP/IP Filter Rule filter rule type. The first filter rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule type determines all subsequent filter Active= Yes IP Protocol= 6 IP Source Route= No types within a set.
Prestige 792H User’s Guide Step 3. This brings you to menu 11.5. Enter the example filter set number in this menu as shown in the following figure. Menu 11.5 – Remote Node Filter Input Filter Sets: protocol filters= device filters=...
Prestige 792H User’s Guide filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11. The factory default filter set, NetBIOS_LAN, is inserted in the protocol filters field under Input Filter Sets in menu 3.1 in order to...
Prestige 792H User’s Guide Chapter 29 SNMP Configuration This chapter explains SNMP Configuration. SNMP is only available if TCP/IP is configured. 29.1 SNMP Overview Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Prestige 792H User’s Guide An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP.
Prestige 792H User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Hgst= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 29-2 SNMP Configuration Table 29-1 SNMP Configuration...
Page 338
Prestige 792H User’s Guide TRAP # TRAP NAME DESCRIPTION warmStart (defined in RFC-1215) A trap is sent after booting (software reboot). linkUp (defined in RFC-1215) A trap is sent with the port number. authenticationFailure (defined in A trap is sent to the manager when receiving any SNMP RFC-1215) get or set requirements with wrong community (password).
Prestige 792H User’s Guide Chapter 30 System Maintenance This chapter covers the diagnostic tools that help you to maintain your Prestige. 30.1 System Maintenance Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Prestige 792H User’s Guide Menu 24.1 - System Maintenance – Status hh:mm:ss Sat. Jan. 01, 2000 Node-Lnk Status TxPkts RxPkts Errors Tx B/s Rx B/s Up Time 1-ENET 0:26:20 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 My WAN IP (from ISP):0.0.0.0...
Prestige 792H User’s Guide Table 30-1 System Maintenance Status — FIELD DESCRIPTION Rx Pkts The number of received packets from the LAN. Collision Number of collisions. Shows statistics for the WAN. Line Status Shows the current status of the xDSL line, which can be Up or Down.
Menu 1 – General Setup. Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. xDSL F/W Version Refers to the DSL version. Standard This refers to the operational protocol the Prestige and the DSLAM (Digital Subscriber Line Access Multiplexer) are using.
Prestige 792H User’s Guide 30.3.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your Prestige supports 9600 (default), 19200 and 38400 bps. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure.
Prestige 792H User’s Guide Step 3. Enter 1 from Menu 24.3 — System Maintenance — Log and Trace to display the error log in the system. After the Prestige finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messages are presented in the next figure.
Prestige 792H User’s Guide Table 30-3 System Maintenance Menu — Syslog Parameters PARAMETER DESCRIPTION UNIX Syslog: Active Use [SPACE BAR] and then [ENTER] to turn syslog on or off. Syslog IP Address Type the IP address of your syslog server.
Prestige 792H User’s Guide The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 30-4 System Maintenance Menu — Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping the host to see if the links and TCP/IP protocol on both systems are working.
Prestige 792H User’s Guide Chapter 31 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 31.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Prestige 792H User’s Guide Table 31-1 Filename Conventions FILE TYPE INTERNAL EXTERNAL NAME DESCRIPTION NAME Configuration Rom-0 This is the configuration filename on the Prestige. *.rom File Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-related data (including the default password), the error log and the trace log.
Prestige 792H User’s Guide 31.2.1 Backup Configuration Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your computer.
Prestige 792H User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Prestige 792H User’s Guide 4. You have an SMT console session running. 31.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended.
Prestige 792H User’s Guide Table 31-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Prestige 792H User’s Guide Step 3. Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the following screen. Type a location for storing the configuration file or click Browse to look for one. Choose the Xmodem protocol.
Prestige 792H User’s Guide 31.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file, follow the procedure below: 1.
Prestige 792H User’s Guide 31.3.2 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
Prestige 792H User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 31-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu.
Prestige 792H User’s Guide Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Prestige 792H User’s Guide 31.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a space and the IP address of your Prestige. Step 3.
Prestige 792H User’s Guide To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next. Step 1. Use telnet from your computer to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.
Prestige 792H User’s Guide 31.4.8 Uploading Firmware File Via Console Port Step 1. Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 – System Maintenance – Upload System Firmware, then follow the instructions as shown in the following screen.
Prestige 792H User’s Guide 31.4.10 Uploading Configuration File Via Console Port Step 1. Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 – System Maintenance – Upload System Configuration File. Follow the instructions as shown in the next screen.
Prestige 792H User’s Guide Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 31-19 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”.
Prestige 792H User’s Guide Chapter 32 System Maintenance and Information This chapter leads you through SMT menus 24.8 to 24.10. 32.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
Prestige 792H User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ? Valid commands are: exit device ether xdsl bridge hdap ras> Figure 32-2 Valid Commands 32.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.
Prestige 792H User’s Guide Menu 24.9.1 - System Maintenance - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1.MyISP No Budget No Budget 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- Reset Node (0 to update screen): Figure 32-4 Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
Prestige 792H User’s Guide 32.3 Time and Date Setting The Prestige keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige.
Prestige 792H User’s Guide Table 32-2 Time and Date Setting Fields FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Prestige 792H User’s Guide Chapter 33 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 33.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet.
Prestige 792H User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with six policies in each set.
Prestige 792H User’s Guide Menu 25.1 - IP Routing Policy Setup Criteria/Action - - -------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________...
Prestige 792H User’s Guide Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Menu 25.1.1 - IP Routing Policy Policy Set Name= test...
Prestige 792H User’s Guide Table 33-2 IP Routing Policy FIELD DESCRIPTION Len Comp Press [SPACE BAR] and then [ENTER] to choose from Equal, Not Equal, Less, Greater, Less or Equal or Greater or Equal. Source: addr start / end Source IP address range from start to end.
Prestige 792H User’s Guide Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP Setup: DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A Secondary DNS Server= N/A Remote DHCP Server= N/A...
Prestige 792H User’s Guide 33.4 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
Prestige 792H User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 192.168.1.2 end= 192.168.1.64...
Prestige 792H User’s Guide Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Packet length= 10 Precedence = Don't Care Len Comp= N/A Source: addr start= 0.0.0.0 end= N/A...
Prestige 792H User’s Guide Chapter 34 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 34.1 Call Scheduling Overview The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Prestige 792H User’s Guide To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
Page 383
Prestige 792H User’s Guide Table 34-1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE How Often Should this schedule set recur weekly or be used just once only? Once Press the [SPACE BAR] and then [ENTER] to select Once or Weekly. Both these options are mutually exclusive. If Once is selected, then all weekday settings are N/A.
Prestige 792H User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= ? Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing=VC-based Edit ATM Options= No Service Name= Telco Option: Incoming Allocated Budget(min)= 0 Rem Login=...
Prestige 792H User’s Guide Chapter 35 Remote Management This chapter covers remote management (SMT menu 24.11). 35.1 Remote Management Overview Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the secured client IP address to enhance security and flexibility.
Prestige 791R G.SHDSL Router 35.1.3 Remote Management and Web Services You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 35.1.4 Disabling Remote Management To disable remote management of a service, select Disable in the corresponding Server Access field. 35.2 Remote Management Setup Enter 11 in menu 24 to display Menu 24.11 —...
Prestige 792H User’s Guide Table 35-1 Remote Management Control FIELD DESCRIPTION EXAMPLE Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely 0.0.0.0 manage the Prestige. Enter an IP address to restrict access to a client with a matching IP address.
Page 389
SMT VPN/IPSec and Internal SPTGEN Part X: SMT VPN/IPSec and Internal SPTGEN This part provides information about configuring VPN/IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Prestige 792H User’s Guide Chapter 36 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 36.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1. Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer IPSec router IP address and key management.
Prestige 792H User’s Guide Menu 27 - VPN/IPSec Setup 1. IPSec Summary 2. SA Monitor 3. View IPSec Log Enter Menu Selection Number: Figure 36-2 Menu 27 VPN/IPSec Setup 36.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary. This is a summary read-only menu of your IPSec rules (tunnels).
Page 393
Prestige 792H User’s Guide Table 36-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Name This field displays the unique identification name for this VPN rule. The Taiwan name may be up to 32 characters long but only 10 characters will be displayed here.
Page 394
Prestige 792H User’s Guide Table 36-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE This field displays the SA’s type of key management, (IKE or Manual). Key Mgt Remote When the Addr Type field in Menu 27.1.1 IPSec Setup is configured to 172.16.2.40...
Prestige 792H User’s Guide Table 36-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Select Press [SPACE BAR] to choose from None, Edit, Delete, Go To Rule, None Command Next Page or Previous Page and then press [ENTER]. You must select a rule in the next field when you choose the Edit, Delete or Go To commands.
Prestige 792H User’s Guide Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Local ID type= IP Content= My IP Addr= 0.0.0.0 Peer ID type= IP Content= Secure Gateway Address= zw50test.zyxel.com.tw Protocol= 0 DNS Server= 0.0.0.0...
Page 397
Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Content When you select IP in the Local ID Type field, type the IP address of your computer or leave the field blank to have the Prestige automatically use its own IP address.
Page 398
Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE Secure Type the IP address or the domain name (up to 31 characters) of the Zw50test.com. Gateway IPSec router with which you’re making the VPN connection. Address Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP...
Page 399
Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE End/Subnet When the Addr Type field is configured to Single, this field is N/A. 192.168.1.38 Mask When the Addr Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your Prestige.
Page 400
Prestige 792H User’s Guide Table 36-2 Menu 27.1.1 IPSec Setup FIELD DESCRIPTION EXAMPLE When the Addr Type field is configured to Single, this field is N/A. End/Subnet 255.255.0.0 Mask When the Addr Type field is configured to Range, enter the end (static) IP address, in a range of computers on the network behind the remote IPSec router.
Prestige 792H User’s Guide 36.4 IKE Setup To edit this menu, the Key Management field in Menu 27.1.1 – IPSec Setup must be set to IKE. Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec Setup; press [SPACE BAR] to select Yes and then press [ENTER] to display Menu 27.1.1.1 –...
Prestige 792H User’s Guide Table 36-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE When DES is used for data communications, both sender and receiver must Encryption Algorithm know the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Prestige 792H User’s Guide Table 36-3 Menu 27.1.1.1 IKE Setup FIELD DESCRIPTION EXAMPLE Perfect Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2 None Forward IPSec SA setup. This allows faster IPSec setup, but is not so secure. Press Secrecy (PFS) [SPACE BAR] and choose from DH1 or DH2 to enable PFS.
Prestige 792H User’s Guide Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI (Decimal)= Encryption Algorithm= DES Key1= Key2= N/A Key3= N/A Authentication Algorithm= MD5 Key= N/A AH Setup SPI (Decimal)= N/A Authentication Algorithm= N/A Key= Press ENTER to Confirm or ESC to Cancel: Figure 36-6 Menu 27.1.1.2 Manual Setup...
Page 405
Prestige 792H User’s Guide Table 36-5 Menu 27.1.1.2 Manual Setup FIELD DESCRIPTION EXAMPLE Authentication Press [SPACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Algorithm Key Enter the authentication key to be used by IPSec if applicable. The key must 123456789a be unique.
Prestige 792H User’s Guide Chapter 37 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 37.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next) displays active VPN connections.
Prestige 792H User’s Guide Table 37-1 Menu 27.2 SA Monitor FIELD DESCRIPTION EXAMPLE This is the security association index number. Name This field displays the identification name for this VPN policy. This name is Taiwan unique for each connection where the secure gateway IP address is a public static IP address.
Prestige 792H User’s Guide 37.3 Viewing IPSec Log To view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the IPSec log as shown next. The following figure shows a typical log from the initiator of a VPN connection.
Prestige 792H User’s Guide Chapter 38 Internal SPTGEN 38.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file –...
Prestige 792H User’s Guide This is the name of This is the Field Name column. One “=” sign, followed by one the menu. This is the name of the field as seen in space, must precede the corresponding SMT screen.
Prestige 792H User’s Guide field value is not legal error:-1 ROM-t is not saved, error Line ID:10000000 reboot to get the original configuration Bootbase Version: V2.02 | 2/22/2001 13:33:11 RAM: Size = 8192 Kbytes FLASH: Intel 8M *2 Figure 38-2 Invalid Parameter Entered: Command Line Example The Prestige will display the following if you enter parameter(s) that are valid.
Prestige 792H User’s Guide 38.4 Internal SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 1. Launch your FTP application. 2000 User (192.168.1.1:(none)): 331 Enter PASS command 2. Enter "bin". The command “bin” sets Password: the transfer mode to binary.
Prestige 792H User’s Guide Appendix A Troubleshooting This chapter covers potential problems and the corresponding remedies. Problems Starting Up the Prestige Table A-1 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs Make sure that the Prestige’s power adapter is connected to the Prestige and plugged turn on when I turn in to an appropriate power source.
Prestige 792H User’s Guide Problems with the WAN Interface Table A-3 Troubleshooting the WAN Interface PROBLEM CORRECTIVE ACTION I cannot get a WAN The WAN IP is provided when the ISP recognizes the user as an authorized user after IP address from verifying the MAC address, Host Name or User ID.
Prestige 792H User’s Guide Problems with Passwords Table A-5 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the The Password and Username fields are case-sensitive. Make sure that you enter the Prestige. correct password and username using the proper casing.
Prestige 792H User’s Guide Appendix B PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to an xDSL Access Concentrator where the PPP session terminates (see the next figure).
Page 422
Prestige 792H User’s Guide Diagram B-1 Single-PC per Modem Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
Page 423
Prestige 792H User’s Guide The Prestige as a PPPoE Client When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs.
Prestige 792H User’s Guide Appendix C Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ATM switches •...
Prestige 792H User’s Guide Appendix D PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
Page 428
Prestige 792H User’s Guide In Windows VPN or PPTP Pass-Through feature, the PPTP tunneling is created from Windows 95, 98 and NT clients to an NT server in a remote location. The pass-through feature allows users on the network to access a different remote server using the Prestige's Internet connection.
Page 429
Prestige 792H User’s Guide The control connection runs over TCP. Similar to L2TP, a tunnel control connection is first established before call control messages can be exchanged. Please note that a tunnel control connection supports multiple call sessions. The following diagram depicts the message exchange of a successful call setup between a PC and an ANT.
Prestige 792H User’s Guide Appendix E Index Call Filters Built-In ............28-1 User-Defined ..........28-1 10/100 MB Auto-negotiation ......1-3 Call Scheduling..........34-1 Maximum Number of Schedule Sets..34-1 PPPoE............34-3 Action for Matched Packets ......10-13 Precedence..........34-1 Active............ 21-5, 21-7 Precedence Example....
Page 432
Prestige 792H User’s Guide Customized Services........11-2 Ethernet/802.3 bridged ........1-5 Data Filtering ..........28-1 Factory LAN Defaults ........4-3 Default Policy Log......... 10-8 FCC ..............iii Denial of Service ......8-2, 8-3, 9-4, 9-5 Features ............1-1 Destination Address......10-3, 10-13 Filename Conventions ........31-1 Device Filter rules........
Page 433
Prestige 792H User’s Guide Introduction ..........8-2 IGMP support ..........24-7 LAN to WAN Rules ........10-3 IKE Setup ............ 36-11 Logs ............10-4 Industry Canada ..........iv Policies............10-1 Install UPnP........... 16-3 Remote Management ........9-1 Windows Me ..........16-4 Rule Checklist..........
Page 434
Prestige 792H User’s Guide Gateway............. 33-5 Management Information Base (MIB) ...29-2 IP Pool Setup ..........3-16 Max-incomplete High........9-4 IP Ports ..........36-9, 36-10 Max-incomplete Low ........9-4 IP Protocol ............. 33-4 MBS ......See Maximum Burst Size IP Routing Policy (IPPR)....... 33-1 Media Access Control ........26-1...
Page 437
Prestige 792H User’s Guide And FTP Over WAN ......... 35-3 User Name ............7-2 Restrictions ..........35-3 TFTP and FTP over WAN Will Not Work When…............31-4 VC-based Multiplexing ...... 24-2, 24-10 TFTP and FTP Over WAN ......15-1 Virtual Private Network........1-2 TFTP File Transfer........
Need help?
Do you have a question about the Prestige 792H and is the answer not in the manual?
Questions and answers