ZyXEL Communications P-793H v2 Support Notes
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Gateway
  5. P-793H V2 -
  6. Support notes
ZyXEL Communications P-793H v2 Support Notes

ZyXEL Communications P-793H v2 Support Notes

G.shdsl.bis bonded broadband gateway
Hide thumbs Also See for P-793H v2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
P-793H v2
G.SHDSL.bis Bonded Broadband Gateway
Support Notes
Version 3.70
02/2010

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications P-793H v2

Summary of Contents for ZyXEL Communications P-793H v2

  • Page 1 P-793H v2 G.SHDSL.bis Bonded Broadband Gateway Support Notes Version 3.70 02/2010...

  • Page 2: Table Of Contents

    7. What should I do when the power (PWR) LED is off? ....12 8. How to debug while DSL LED is off? ..........12 9. How do I verify my PC's IP address assigned by the P-793H v2? .. 12 10. What is Traffic Shaping?..............12 11.
  • Page 3 ........................ 15 20. Can the P-793H v2's SUA handle IPSec packets sent by the IPSec gateway? ....................15 21. How do I setup my P-793H v2 for routing IPSec packets over SUA? ........................ 15 22. What is VLAN? ................16 23.
  • Page 4 22. How to setup Dial Backup?............85 IPSEC VPN Application Notes ........1. How to use P-793H v2 to build VPN Tunnel with another VPN Gateway/ Software?................86 2. How to build a VPN between Secure Gateway with Dynamic WAN IP Address?...................

  • Page 5: Faq

    4. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN? The P-793H v2 allows you to transfer the firmware from/to P-793H v2 by using TFTP program via LAN. The procedure for uploading via TFTP is as follows.

  • Page 6: How Do I Restore P-793H V2 Configurations By Using Tftp Client Program Via Lan

    P-793H v 2 Support Notes (1) Use the TELNET client program in your PC to login to your P-793H v2, and use Menu 24.8 to enter CI command 'sys stdio 0' to disable console idle timeout (2) To upgrade firmware, use TFTP client program to put firmware in file 'ras' in the P-793H v2.

  • Page 7: What Is Sua? When Should I Use Sua

    Internet concurrently for the cost of a single user account. When P-793H v2 acts as SUA receives a packet from a local client destined for the outside Internet, it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool.

  • Page 8: Is It Possible To Access A Server Running Behind Sua From The Outside Internet? If Possible, How

    P-793H v 2 Support Notes The P-793H v2 supports NAT sets on a remote node basis. They are reusable, but only one set is allowed for each remote node. The P-793H v2 supports 8 sets since there are 8 remote nodes.

  • Page 9: How Many Network Users Can The Sua/Nat Support

    Server 2 IP<--->IGA1 14. How many network users can the SUA/NAT support? The P-793H v2 does not limit the number of the users but the number of the NAT sessions. The P-793H v2 supports 2048 sessions that you can use the 'ip nat session' command in CLI to see.

  • Page 10: What Are Device Filters And Protocol Filters

    Note: In ZyNOS, you can not mix different filter groups in the same filter set. 16. How can I protect against IP spoofing attacks? The P-793H v2's filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows:...
  • Page 11 P-793H v 2 Support Notes Allow packets that originate from us Filter rule setup: Filter Type =TCP/IP Filter Rule Active =Yes Destination IP Addr =a.b.c.d Destination IP Mask =w.x.y.z Action Matched =Drop Action No Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.

  • Page 12: Product Faq

    Moreover, only with Administrator Password, you could manage the P-793H v2 via FTP/TFTP or Telnet. 5. How do I know the P-793H v2's WAN IP address assigned by the ISP? You can view "IP Address: x.x.x.x" shown in Web Configurator „Status- >Device Information ->WAN Information‟.

  • Page 13: What Do I Need Before Using The Shdsl

    If there are several VCs in the P-793H v2 but only one VC activated at one time, the P-793H v2 allocates all the Bandwidth to the VC and the VC gets full bandwidth. If another VCs are activated later, the bandwidth is yield to other VCs after ward.

  • Page 14: What Do Atm Qos Types (Cbr, Ubr, Vbr-Nrt, Vbr-Rt) Mean

    VC with Peak Cell rate before yielding to other VCs. The P-793H v2 holds the parameters for shaping the traffic among its virtual channels. If you do not need traffic shaping, please set SCR = 0, MBS = 0 and PCR as the maximum value according to the line rate (for example, 2.3 Mbps...

  • Page 15: The P-793H V2 Supports Bridge And Router Mode, What's The Difference Between Them

    Without DDNS, we always tell the users to use the WAN IP of the P-793H v2to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the P-793H v2, you apply a DNS name (e.g.,...

  • Page 16: When Do I Need Ddns Service

    WAN IP of the P-793H v2. When the ISP assigns the P-793H v2 a new IP, the P-793H v2 updates this IP to DDNS server so that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable.

  • Page 17: What Is Vlan

    SUA and the outside users access the server using the P-793H v2's WAN IP address. So, we have to configure the internal IPsec client as a default server (unspecified service port) when it acts a server gateway.

  • Page 18: What Is Traffic Redirect

    When the DSL connection is re-established, traffic will be fully restored. The WAN Backup Solution saves device maintenance cost and reduces loss from daily operation. In addition, P-793H v2 also performs backup functions by redirecting traffic to a specific gateway to ensure availability of the Internet connection. DSL FAQ 1.

  • Page 19: How Do I Know The Dsl Line Is Up

    2. How do I know the DSL line is up? You can see the DSL LEDs on the P-793H v2's front panel are on Green when the DSL physical layer is up. Note: There are two DSL LEDs: DSL1 and DSL2.

  • Page 20: What Are The Signaling Pins Of The Dsl Connector

    P-793H v 2 Support Notes 6. What are the signaling pins of the DSL connector? The signaling pins on the P-793H v2's DSL connector RJ11 cable are pin 3 and 4 for 2-wire mode, and pin 2, 3, 4 and 5 for 4-wire mode.

  • Page 21: Firewall Faq

    Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to determine if an inbound connection is allowed through the firewall to the private LAN. The P-793H v2 supports Network Address Translation (NAT), which translates the private local addresses to one or multiple public addresses.
  • Page 22 The P-793H v2's firewall is fast. It uses a hashing function to search the matched session cache instead of going through every individual rule for a packet.
  • Page 23 P-793H v 2 Support Notes 6. What is Denials of Service (DoS) attack? Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.

  • Page 24: Configuration

    1. How do I configure the firewall? You can use the Web Configurator to configure the firewall for P-793H v2. By factory default, if you connect your PC to the LAN Interface of P-793H v2, you can access Web Configurator via „http://192.168.1.1‟.
  • Page 25 The default value in this field is 0.0.0.0, which means you do not care which host is trying to telnet your P-793H v2 or access the Web Configurator of Plus: Above configuration can also be realized via SMT menu 24.11 as below: 3.
  • Page 26 P-793H v 2 Support Notes (1) When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule. To enable WWW/Telnet from WAN, you must turn the firewall off, or create a firewall rule to allow WWW/Telnet connection from WAN.

  • Page 27: Log And Alert

    (4) A filter set which blocks FTP from WAN is applied to WAN node. The default filter rule 3 (Telnet_FTP_WAN) is applied in the Input Protocol field in menu 11.5. Log and Alert . When does the P-793H v2 generate the firewall log? All contents copy right © 2010 Zy XEL Communications Corporation.
  • Page 28 P-793H v 2 Support Notes The P-793H v2 generates the firewall log immediately when the packet matches a firewall rule. The log for Default Firewall Policy (LAN to WAN, WAN to LAN, WAN to WAN) is generated automatically with factory default setting, but you can customize it in Web Configurator, Advanced setup, Maintenance ->...

  • Page 29: Ipsec Faq

    5. What is the difference between the log and alert? A log entry is just added to the log inside the P-793H v2 and e-mailed together with all other log entries at the scheduled time as configured. An alert is e-mailed immediately after an attacked is detected.
  • Page 30 P-793H v 2 Support Notes Because users typically dial the their local ISP for VPN, thus, long distance phone charge is reduced than making a long direct connection to the remote office. (2).Reducing number of access lines Many companies pay monthly charges for two types access lines: (1) high- speed links for their Internet access and (2) frame relay, ISDN Primary Rate Interface or T1 lines to carry data.
  • Page 31 P-793H v 2 Support Notes There are two protocols provided by IPSec, they are AH (Authentication Header, protocol number 51) and ESP (Encapsulated Security Payload, protocol number 50). 8. What are the differences between 'Transport mode' and 'Tunnel mode? The IPSec protocols (AH and ESP) can be used to protect either an entire IP payload or only the upper-layer protocols of an IP payload.
  • Page 32 IP 202.132.154.1 DNS www.zyxel.com E-mail support@zyxel.com.tw Please note that, in P-793H v2, if "DNS" or "E-mail" type is chosen, you can still use a random string as the content, such as "this_is_P-793H v2". It's not necessary to follow the format exactly.

  • Page 33: P-793H V2 Vpn

    P-793H v 2 Support Notes 15. When should I use FQDN? If your VPN connection is P-793H v2 to P-793H v2, and both of them have static IP address, and there is no NAT router in between, you can ignore this option.
  • Page 34 P-793H v 2 Support Notes If your P-793H v2 is capable of VPN, you can find the VPN options in Advanced>VPN tab. For configuring a 'box-to-box VPN', there are some tips: If there is a NAT router running in the front of P-793H v2, please make sure the NAT router supports to pass through IPSec.
  • Page 35 NAT* NAT in Transport mode None The NAT router must support IPSec pass through. For example, for P-793H v2 SUA/NAT routers. The default port and the client IP have to be specified in menu 15-SUA Server Setup. All contents copy right © 2010 Zy XEL Communications Corporation.
  • Page 36 IP and its service port in SUA/NAT Server Table. However, if both NAT and IPSec is enabled in P-793H v2, the edit of the table is necessary only if the connection is a non-secure connections. For secure connections, none SUA server settings are required since private IP is reachable in the VPN case.
  • Page 37 IPSec gateway simultaneously? No, P-793H v2 can't support them simultaneously. You need to choose either one. If P-793H v2 is to support IPSec passthrough, you have to disable the VPN All contents copy right © 2010 Zy XEL Communications Corporation.
  • Page 38 P-793H v 2 Support Notes function on P-793H v2. To disable it, you can either deactivate each VPN rule or issue a CI command, "ipsec switch off" from SMT menu 24.8. You can get into SMT menu via either telnet or console connection.

  • Page 39: Application Notes

    In this case, we use P-793H v2 which works as an DSL bridge modem to connect to the ISP. The ISP will generally give one Internet account and limit only one computer to access the Internet.
  • Page 40 P-793H v 2 Support Notes Setup your P-793H v2 The following procedure shows you how to configure your P-793H v2 as bridge mode. We will use Web Configurator to guide you through the related menu. (1) Configure P-793H v2 as bridge mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network ->...

  • Page 41: Internet Access Using P-793H V2 Under Routing Mode

    Identifier) given to you by your ISP. (2) Turn off DHCP Server and configure a LAN IP for the P-793H v2 in Web Configurator, Advanced Setup, Network -> LAN. We use 192.168.1.1 as the LAN IP for P-793H v2 in this case: Step 1: Inactivate DHCP Server and apply.
  • Page 42 P-793H v 2 Support Notes Set up your P-793H v2 under routing mode The following procedure shows you how to configure your P-793H v2 as Routing mode for routing traffic. We will use Web Configurator to guide you through related menu.

  • Page 43: Internet Access Scenarios

    P-793H v 2 Support Notes (2) Configure a LAN IP for the P-793H v2 and the DHCP settings in Web Configurator, Advanced Setup, Network -> LAN. 3. Internet Access scenarios 4 Wire Application 2 Wire Application Configuration Guide: Network WAN Internet Connection,...

  • Page 44: Back To Back Scenarios

    P-793H v 2 Support Notes Please set proper parameter for your Internet Access. 4. Back to back scenarios 1 - 1 back to back (1) 4 Wire Application (2) 2 Wire Application All contents copy right © 2010 Zy XEL Communications Corporation.

  • Page 45: What Is The Checklist For Making A 1-1 Back-To-Back Connection Over P-793H V2

    P-793H v 2 Support Notes 1 - 2 back to back Note 1: It is also compatible with G.SHDSL 2.3Mbps application when we connect it with P-792H or P-791R. Note2 : There are two DSL led: DSL1 and DSL2. When we use one line for Internet access or back to back application, DSL1 and DSL2 will act the same as one LED.

  • Page 46: What Is The Checklist For Making A 1-2 Back-To-Back Connection Over P-793H V2

    What is DHCP Relay? DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P-793H v2 supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the LAN clients.

  • Page 47: Sua Notes

    P-793H v 2 Support Notes Setup the P-793H v2 as a DHCP Relay We could set the P-793H v2 as a DHCP Relay via menu 3.2 as below: Or via the following command in CLI: Ip dhcp enif0 mode relay Ip dhcp enif0 relay server [Server IP Address] 8.
  • Page 48 Cu-SeeMe, and ICQ will need to connect to the local user behind the P-793H v2. In such case, a SUA server must be configured to forward the incoming packets to the true destination behind SUA. After the required server are configured in Web Configurator, Advanced Setup, Network ->...
  • Page 49 P-793H v 2 Support Notes ICQ 99a None for Chat. Default/client IP For DCC, please set: ICQ -> preference -> connections -> firewall and set the firewall time out to 80 seconds in firewall setting. ICQ 2000b None for Chat None for Chat ICQ Phone 2000b None...
  • Page 50 Certain Quake servers do not allow multiple users to login using the same unique IP, so only one Quake user will be allowed in this case. Moreover, when a Quake server is configured behind SUA, P-793H v2 will not be able to provide information of that server on the internet.
  • Page 51 A service is identified by the port number. Also, since you need to specify the IP address of a server behind the P-793H v2, a server must have a fixed IP address and not be a DHCP client whose IP address potentially changes each time P-793H v2 is powered on.
  • Page 52 P-793H v 2 Support Notes Setup, Network -> NAT -> Port Forwarding. The outside users can access the local server using the P-793H v2's WAN IP address which can be obtained from Web Configurator, Status -> WAN Information. For example: Configuring an internal Web server for outside access (suppose the Server IP Address is 192.168.1.10 ) :...
  • Page 53 P-793H v 2 Support Notes Telnet SMTP DNS (Domain Name Server) www-http (Web) Configure a PPTP server behind SUA Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.
  • Page 54 IP address of Windows NT server. Example The following example shows how to dial to an ISP via the P-793H v2 and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the P-793H v2.
  • Page 55 (3) P-793H v2 setup Before making a VPN connection from Win9x to WinNT server, you need to connect P-793H v2 router to your ISP first. Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown below: Select service name as „PPTP‟, fill in the Server IP Address, then press button...

  • Page 56: Using Full Feature Nat

    Before making a VPN connection from the Win9x client to the NT server, you need to know the exact Internet IP address that the ISP assigns to P-793H v2 router in SUA mode and enter this IP address in the VPN dial-up dialog box.
  • Page 57 Configuring NAT The P-793H v2 has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Sets, You must specify which NAT Address Mapping Set (1~8) to use in the remote node when you select Full Feature NAT.
  • Page 58 P-793H v 2 Support Notes -> NAT -> Port Forwarding. The following table explains the fields in this above screen: Field Description Option/Example This is sequence number for Address Mapping Sets 255 for SUA Internal 0.0.0.0 for the This is the starting local IP address (ILA). Start IP Many-to-One type.
  • Page 59 P-793H v 2 Support Notes Please note that a server can support more than one service, e.g., a server can provide both FTP and Mail service, while another provides only Web service. The following procedures show how to configure a server behind NAT. Step 1: Login Web Configurator, Advanced Setup, Network ->...
  • Page 60 P-793H v 2 Support Notes (2) Internet Access with an Internal Server In this case, we do exactly as the figure (use the convenient pre-configured SUA Only set) and also go to Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding to specify the Internet Server behind the NAT as All contents copy right ©...
  • Page 61 P-793H v 2 Support Notes below: (3) Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping types are used) In this case we have 3 IGAs from the ISP. We have two very busy internal FTP servers and also an internal general server for the web and mail.
  • Page 62 Step 1: In this case, we need to map ILA to more than one IGA, therefore we must choose the Full Feature option from the NAT field in currently active remote node, and assign IGA3 to P-793H v2‟s WAN IP Address. Step 2: Go to Web Configurator, Advanced Setup, Network -> NAT ->...
  • Page 63 P-793H v 2 Support Notes Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu Network -> NAT -> Address Mapping should look as follows now: Step 3: Now we configure all other incoming traffic to go to our web server and mail server from Web Configurator, Advanced Setup, Network ->...

  • Page 64: Using The Dynamic Dns (Ddns)

    This solves the problems if your DNS server uses an IP associated with dynamic IPs. Without DDNS, we always tell the users to use the WAN IP of the P-793H v2 to access the internal server. It is inconvenient for the users if this IP is dynamic.
  • Page 65 WAN IP of the P-793H v2. When the ISP assigns the P-793H v2 a new IP, the P-793H v2 must inform the DDNS server the change of this IP so that the server can update its IP-to-DNS entry.

  • Page 66: Network Management Using Snmp

    11. Network Management Using SNMP ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some P-793H v2 routers. It is implemented based on the SNMP v1, so it will be able to communicate with SNMPv1 NMSs. Further, users can also add ZyXEL's private MIB in the NMS to monitor and control additional system variables.
  • Page 67 (2) For fatal error : System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent. Configure the P-793H v2 for SNMP All contents copy right © 2010 Zy XEL Communications Corporation.
  • Page 68 Trusted SNMP messages coming from this IP address. If 0.0.0.0 is entered, the Host P-793H v2 w ill respond to all NMS m anagers. Enter the community name in each sent trap to the NMS. This Trap Trap Community must match w hat the NMS is expecting. The default is Community 'public'.

  • Page 69: Using Syslog

    'IP Alias'. In this case, an internal router is not required. For example, the network manager can divide the local network into three networks and connect them to the Internet using P-793H v2's single user account. See the figure below.
  • Page 70 'IP Alias 1' and 'IP Alias 2' can be configured in Network -> LAN -> IP Alias. There are three internal virtual LAN interfaces for the P-793H v2 to route the packets from/to the three networks correctly. They are enif0 for the major network, enif0:0 for the IP alias 1 and enif0:1 for the IP alias 2.
  • Page 71 If the P-793H v2's DHCP server is enabled, the IP pool for the clients can be any of the three netw orks. Setup TCP/IP Enter the first LAN IP address for the P-793H v2. This w ill create the first route Setup in the enif0 interface.

  • Page 72: Using Ip Policy Routing

    IP Alias 1 w ill create the second route in the enif0:0 interface. Active it and enter the third LAN IP address for the P-793H v2. This w ill IP Alias 2 create the third route in the enif0:1 interface.
  • Page 73 P-793H v 2 Support Notes Cost Savings- IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost path while using low-path for batch traffic. Load Sharing- Network administrators can use IPPR to distribute traffic among multiple paths. How does the IPPR work? A policy defines the matching criteria and the action to take when a packet meets the criteria.

  • Page 74: Using Call Scheduling

    15. Using Call Scheduling What is Call Scheduling? Call scheduling enables the mechanism for the P-793H v2 to run the remote node connection according to the pre-defined schedule. This feature is just like the scheduler in a video recorder which records the program according to the specified time.
  • Page 75 Idle Timeout(sec)= 0 Time Service in P-793H v2 There is no RTC (Real-Time Clock) chip so the P-793H v2 should launch a mechanism to get current time and date from external server in boot time. Time service is implemented by the Daytime protocol (RFC-867), Time...

  • Page 76: Using Ip Multicast

    IGMP to report their multicast group membership to any immediate-neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be forwarded. At start up, the P-793H v2 queries all directly connected networks to gather group membership.

  • Page 77: Using Bandwidth Management

    P-793H v 2 Support Notes IP Multicast Setup (1) Enable IGMP in P-793H v2's LAN in Web Configurator, Advanced Setup, Network -> LAN -> IP -> Advanced Setup. (2) Enable IGMP in P-793H v2's remote node in Web Configurator, Advanced Setup, Network ->...
  • Page 78 P-793H v 2 Support Notes Key Settings: Check the box to enable BWM on the interface. Note that if you w ould like Active to manage traffic from WAN to LAN, you should apply BWM on LAN interface. Enter the total speed to manage on this interface. This value is the budget Speed of the class tree's root.
  • Page 79 P-793H v 2 Support Notes Key Settings: RuleName Give this rule a name, for example, 'WWW' BW Budget Configure the bandw idth you w ould like to allocate to this rule Enter a number betw een 0 and 7 to set the priority of this class. The Priority higher the number, the higher the priority.

  • Page 80: How To Configure Packet Filter On P-793H V2

    18. How to configure packet filter on P-793H v2? The P-793H v2 allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets.

  • Page 81: How To Setup Traffic Redirect In P-793H V2

    Backup Type: Select the method that the P-793H v2 uses to check the DSL connection. Select DSL Link to have the P-793H v2 check if the connection to the DSLAM is up. Select ICMP to have the P-793H v2 periodically ping the IP address configured in the Check WAN IP Address fields.
  • Page 82 (usually a WAN Backup connection), it periodically checks to whether or not it can use a higher priority connection. Type the number of seconds (30 recommended) for the P-793H v2 to wait between checks. Allow more time if your destination IP address handles lots of traffic.

  • Page 83: How To Deal With Triangle Route And Traffic Redirect

    P-793H v 2 Support Notes 21. How to deal with Triangle Route and Traffic redirect? Traffic redirect scenario: (1). Triangle route introduction All contents copy right © 2010 Zy XEL Communications Corporation.
  • Page 84 1. A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN. 2. The P-793H v2 reroutes the SYN packet through Gateway B on the LAN to the WAN. 3. The reply from WAN goes directly to the computer on the LAN without going through the P-793H v2.
  • Page 85 Put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your P-793H v2 to your LAN. Therefore your LAN is protected. Traffic redirect LAN setup example 2:...

  • Page 86: How To Setup Dial Backup

    P-793H v 2 Support Notes 22. How to setup Dial Backup? Please refer to “20.How to setup traffic redirect in P-793H v2?” to Configure parameters in WEB Configuration “Network WAN Wan Backup”. After finishing WAN Backup Setup settings, please do below configurations for dial backup: Active: Turn on or off dial backup.

  • Page 87: Ipsec Vpn Application Notes

    WAN backup setup.(For more descriptions, please refer to User‟s Guide). IPSEC VPN Application Notes 1. How to use P-793H v2 to build VPN Tunnel with another VPN Gateway/ Software? This page will guide you to setup a VPN connection between two Prestige routers.
  • Page 88 Prestige in URL field. Default LAN IP is 192.168.1.1, default password to login advanced web configurator is 1234. (2) Go to VPN Setup page to edit a VPN Rule. On P-793H v2, you could begin with Security -> VPN -> Summery:...
  • Page 89 P-793H v 2 Support Notes (3) On the SUMMARY menu, select a policy to edit by clicking Edit. On P- 793H v2, we can build at most 2 VPN Tunnels. Just make a click on the „Edit‟ button in the table, we can begin to configure the VPN rule. (4) In the IPSEC Setup field, toggle Active check box and give a name, Test in the example to this policy.
  • Page 90 P-793H v 2 Support Notes My IP Address is the WAN IP of Prestige A, 202.132.154.1 in the example. Secure Gateway Address is the remote secure gateway, Prestige B‟s WAN IP, 168.10.10.66 in the example. Local ID Type as IP, and Content as 0.0.0.0 in the example. Peer ID Type as IP, and Content as 0.0.0.1 in the example.
  • Page 91 P-793H v 2 Support Notes Note: If there‟s a NAT router between the two VPN Secure Gateways, we should only choose „ESP‟ VPN Protocol. The minimum length of Pre-Shared Key is 8. (8) A common VPN Rule has been completed, you can click „Apply‟ to save it. But if you want to make more special configuration, you could click „Advanced‟...
  • Page 92 IPSec in Prestige: (1) Check the VPN Monitor On P-793H v2 Web Configurator, Security -> VPN -> Monitor, you can check every active IPSec connections. The VPN Name, Encapsulation, and IPSec Algorithm will be shown in the Monitor Table. If you can't see the name of your IPSec rule, it means that the SA establishment fails.

  • Page 93: How To Build A Vpn Between Secure Gateway With Dynamic Wan Ip Address

    We can also view the log for IPSec and IKE connections for trouble shooting. On P-793H v2, we can check the logs via Web Configurator or CLI. The log menu is also useful for troubleshooting please capture to us if necessary.
  • Page 94 P-793H v 2 Support Notes Most of the cases, static IP addresses are used for VPN tunneling endpoints. But for SOHO users, generally, it is a dynamic case. In this case, this IP will not be available to be predefined in the VPN box. There are some tips when configure Prestige in any dynamic case.

  • Page 95: Configure Nat For Internal Servers

    IP address of My IP as 0.0.0.0 and Secure Gateway as 0.0.0.0 (Here we take P-793H v2 Web Configurator as the example). Step 3: In Prestige B, please specify the IP address of My IP as 0.0.0.0 and Secure Gateway as the domain name you registered for Prestige A.

  • Page 96: Vpn Routing Between Branch Office Through Headquarter

    P-793H v 2 Support Notes Generally, without IPSec, to configure an internal server for outside access, we need to configure the server private IP and its service port in SUA/NAT Server Table. The NAT router then will forward the incoming connections to the internal server according to the service port and private IP entered in SUA/NAT Server Table.
  • Page 97 P-793H v 2 Support Notes The IP addresses we use in this example are as shown below. Branch_A Headquarter Branch_B WAN:202.3.1.1 WAN:202.1.1.1 WAN:202.2.1.1 LAN:192.168.3.1 LAN:192.168.1.1 LAN:192.168.2.1 LAN of Branch_A LAN of Headquarter LAN of Branch_B 192.168.3.0/24 192.168.1.0/24 192.168.2.0/24 Setp 1: Setup VPN in branch office A Because VPN routing enables branch offices to talk to each other via tunnels concentrated on headquarter.
  • Page 98 P-793H v 2 Support Notes Remote Address Type is Range Address and IP Address Start is 192.168.1.0, IP Address End is 192.168.2.255. This section covers the LAN segment of both headquarter and branch office B. (2) My IP Address is the WAN IP of Prestige in Branch_A, 202.3.1.1 in the example.
  • Page 99 P-793H v 2 Support Notes (3) Suppose the pre-shared key is 01234567, we should configure the same key in the corresponding rule in Headquarter VPN Gateway. (4) You can setup IKE phase 1 and phase 2 parameters by pressing Advanced button. Please make sure that parameters you set in this menu match with all the parameters with the corresponding VPN rule in headquarter.

  • Page 100: Support Tool

    WAN interfaces. It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or WAN end of P-793H v2. It is also very helpful for diagnostics if you have compatibility problems you‟re your ISP or if you want to know the details of a packet for configuring a filter rule.
  • Page 101 P-793H v 2 Support Notes (2) Trace WAN packet Disable the capture of the LAN packet by entering: sys trcp channel enet0 none Enable to capture the WAN packet by entering: sys trcp channel mpoa00 bothw ay Enable the trace log by entering: sys trcp sw on &...
  • Page 102 Enable the trace log by entering: sys trcp sw on & sys trcl sw on Wait for packet passing through the P-793H v2 over LAN Disable the trace log by entering: sys trcp sw off & sys trcl sw off...
  • Page 103 Step 1: Initiate a hyper terminal connection from your PC(suppose you connected to the LAN port of P-793H v2) Step 2: Click the „properties‟ to configure parameters to telnet to the P-793H v2. All contents copy right © 2010 Zy XEL Communications Corporation.

  • Page 104: Firmware/Configurations Uploading And Downloading Using Tftp

    P-793H v 2 Support Notes Step 3: So that after you invoke the relevant commands, you could save the logs you‟ve captured. 2. Firmware/Configurations Uploading and Downloading using TFTP All contents copy right © 2010 Zy XEL Communications Corporation.
  • Page 105 FLASH ROM and reboot itself. An example: The 192.168.1.1 is the IP address of the P-793H v2. The local file is the source file of the ZyNOS firmware that is available in your hard disk. The remote file is the file name that will be saved in P-793H v2.
  • Page 106 The local file is the source file of your configuration file that is available  in your hard disk. The remote file is the file name that will be saved in P-793H v2.  Check the port number 69 and 512-Octet blocks for TFTP.

  • Page 107: Using Ftp To Upload The Firmware And Configuration Files

    Using FTP client software Note: The remote file name for the firmware is 'ras' and the configuration file is 'rom-0'. Use FTP client from your workstation to connect to the P-793H v2 by Step 1 entering the IP address of the P-793H v2.
  • Page 108 Step 5 Use 'put' command to transfer the file to the P-793H v2. Example: Step 1: Connect to the P-793H v2 by entering the P-793H v2's IP and Administrator password in the FTP software. Set the transfer type to 'Auto- Detect' or 'Binary'.
  • Page 109 P-793H v 2 Support Notes the remote 'rom-0' file. Step 4: The P-793H v2 reboots automatically after the uploading is finished. Please do not power off the router at this moment. All contents copy right © 2010 Zy XEL Communications Corporation.

  • Page 110: Ci Command Reference

    P-793H v 2 Support Notes CI Command Reference Command Syntax and General User Interface CI has the following command syntax: command <iface | device > subcommand [param] command subcommand [param] command ? | help command subcommand ? | help General user interface: Shows the following commands and all major (sub)commands 2.

  • Page 111: Reference

    P-793H v 2 Support Notes Reference 1. PPP Numbers POINT-TO-POINT PROTOCOL FIELD ASSIGNMENTS PPP DLL PROTOCOL NUMBERS The Point-to-Point Protocol (PPP) Data Link Layer [146,147,175] contains a 16 bit Protocol field to identify the encapsulated protocol. The Protocol field is consistent with the ISO 3309 (HDLC) extension mechanism for Address fields.
  • Page 112 P-793H v 2 Support Notes 004d 004f Pv6 Header Compression 0051 KNX Bridging Data [ianp] 0053 Encryption [Meyer] 0055 Individual Link Encryption [Meyer] 0057 Internet Protocol version 6 [Hinden] 006f Stampede Bridging 0071 Reserved [Fox] 0073 MP+ Protocol [Smith] 007d reserved (Control Escape) [RFC1661] 007f reserved (compression inefficient) [RFC1662]...
  • Page 113 P-793H v 2 Support Notes 802b Novell IPX Control Protocol 802d reserved 802f reserved 8031 Bridging NCP 8033 Stream Protocol Control Protocol 8035 Banyan Vines Control Protocol 8037 reserved till 1993 8039 reserved 803b reserved 803d Multi-Link Control Protocol 803f NETBIOS Framing Control Protocol 8041 Cisco Systems Control Protocol...
  • Page 114 P-793H v 2 Support Notes c021 Link Control Protocol c023 Password Authentication Protocol c025 Link Quality Report c027 Shiva Password Authentication Protocol c029 CallBack Control Protocol (CBCP) c02b BACP Bandwidth Allocation Control Protocol [RFC2125] c02d BAP [RFC2125] c081 Container Control Protocol [KEN] c223 Challenge Handshake Authentication Protocol c225...
  • Page 115 P-793H v 2 Support Notes Code-Reject Protocol-Reject Echo-Request 10 * Echo-Reply 11 * Discard-Request 12 * Identification 13 * Time-Remaining 14 + Reset-Request [RFC1962] 15 + Reset-Reply [RFC1962] LCP Only CCP Only PPP LCP CONFIGURATION OPTION TYPES The Point-to-Point Protocol (PPP) Link Control Protocol (LCP) specifies a number of Configuration Options which are distinguished by an 8 bit Type field.
  • Page 116 P-793H v 2 Support Notes DCE-Identifier [SCHNEIDER] Multi-Link-Plus-Procedure [Smith] Link Discriminator for BACP [RFC2125] LCP-Authentication-Option [ Culbert] Consistent Overhead Byte Stuffing (COBS) [Carlson] Prefix elision [Bormann] Multilink header format [Bormann] IPV6CP CONFIGURATION OPTIONS IPV6CP Configuration Options allow negotiation of desirable IPv6 parameters. IPV6CP uses the same Configuration Option format defined for LCP, with a separate set of Options.
  • Page 117 P-793H v 2 Support Notes Puddle Jumper [RFC1962] 4-15 unassigned Hewlett-Packard PPC [RFC1962] Stac Electronics LZS [RFC1974] Microsoft PPC [RFC2118] Gandalf FZA [RFC1962] V.42bis compression [RFC1962] BSD Compress [RFC1977] unassigned LZS-DCP [RFC1967] MVRCA (Magnalink) [RFC1975] DCE [RFC1976] Deflate [RFC1979] 27-254 unassigned Reserved [RFC1962] The unassigned values 4-15 are intended to be assigned to other freely...
  • Page 118 P-793H v 2 Support Notes A one octet field is used in the Challenge-Handshake Authentication Protocol (CHAP) to indicate which algorithm is in use [RFC1994]. Number Name ------------------------------------------------------------------ Reserved [RFC1994] Reserved [RFC1994] Reserved [RFC1994] Reserved [RFC1994] Reserved [RFC1994] CHAP with MD5 [RFC1994] MS-CHAP [Crocker] LCP FCS-ALTERNATIVES The Point-to-Point Protocol (PPP) Link Control Protocol (LCP)
  • Page 119 P-793H v 2 Support Notes The Point-to-Point Protocol (PPP) Link Control Protocol (LCP) Callback Configuration Option contains an 8-bit Operations field which identifies the format of the Message. These are assigned as follows: Operation Description ---------------------------------------------------------------------------------- Location determined by user authentication. Dialing string.
  • Page 120 P-793H v 2 Support Notes AT-Compression-Protocol Reserved Server-information Zone-information Default-Router-Address PPP OSINLCP CONFIGURATION OPTION TYPES The Point-to-Point Protocol (PPP) OSI Network Layer Control Protocol (OSINLCP) specifies a number of Configuration Options [RFC1377] which are distinguished by an 8 bit Type field. These Types are assigned as follows: Type Configuration Option --------------------------------------------------------...
  • Page 121 P-793H v 2 Support Notes MAC-Address Spanning-Tree-Protocol PPP BRIDGING MAC TYPES The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP) contains an 8 bit MAC Type field which identifies the MAC encapsulated. These Types are assigned as follows: Type -------------------------------------------------------------------------------- Reserved IEEE 802.3/Ethernet with cannonical addresses IEEE 802.4 with cannonical addresses IEEE 802.5 with non-cannonical addresses...
  • Page 122 P-793H v 2 Support Notes IPX-Node-Number [RFC1552] IPX-Compression-Protocol [RFC1552] IPX-Routing-Protocol [RFC1552] IPX-Router-Name [RFC1552] IPX-Configuration-Complete [RFC1552] IPX COMPRESSION PROTOCOL VALUES Value Protocol Reference ----------------------------------------------------------------------- Telebit Compressed IPX [Fox] Shiva Compressed NCP/IPX [Fox] IPX-ROUTING-PROTOCOL OPTIONS Value Protocol Reference ----------------------------------------------------------- No routing protocol required [RFC1552] RESERVED [RFC1552] Novell RIP/SAP required [RFC1552] Novell NLSP required [RFC1552]...

  • Page 123: Port Numbers

    P-793H v 2 Support Notes PPP EAP REQUEST/RESPONSE TYPES A one octet field is used in the Extensible Authentication Protocol (EAP) to indicate the function and structure of EAP Request and Response packets [RFC2284]. Type Description ----------------------------------------------------------------- Identity [RFC2284] Notification [RFC2284] Nak (Response only) [RFC2284] MD5-Challenge [RFC2284] One Time Password (OTP) [RFC2289]...
  • Page 124 P-793H v 2 Support Notes discard 9/tcp sink null discard 9/udp sink null systat 11/tcp systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp qotd 17/tcp quote qotd 17/udp quote chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp 21/tcp telnet 23/tcp...
  • Page 125 P-793H v 2 Support Notes sunrpc 111/udp auth 113/tcp authentication sftp 115/tcp path 117/tcp uucp-path 117/tcp nntp 119/tcp usenet # Network News Transfer 123/udp ntpd ntp # network time protocol nbname 137/udp nbdatagram 138/udp nbsession 139/tcp NeWS 144/tcp news sgmp 153/udp sgmp tcprepo...
  • Page 126 P-793H v 2 Support Notes monitor 561/udp # experimental garcon 600/tcp maitrd 601/tcp busboy 602/tcp acctmaster 700/udp acctslave 701/udp acct 702/udp acctlogin 703/udp acctprinter 704/udp elcsd 704/udp # errlog acctinfo 705/udp acctslave2 706/udp acctdisk 707/udp kerberos 750/tcp kdc # Kerberos authentication--tcp kerberos 750/udp # Kerberos authentication--udp...

  • Page 127: Protocol Numbers

    P-793H v 2 Support Notes rscs6 10006/udp rscs7 10007/udp rscs8 10008/udp rscs9 10009/udp rscsa 10010/udp rscsb 10011/udp qmaster 10012/tcp qmaster 10012/udp 3. Protocol Numbers In the Internet Protocol version 4 (IPv4) [RFC791] there is a field, called "Protocol", to identify the next level protocol. This is an 8 bit field. In Internet Protocol version 6 (IPv6) [RFC1883] this field is called the "Next Header"...
  • Page 128 P-793H v 2 Support Notes XNS-IDP XEROX NS IDP [ETHERNET,XEROX] TRUNK-1 Trunk-1 [BWB6] TRUNK-2 Trunk-2 [BWB6] LEAF-1 Leaf-1 [BWB6] LEAF-2 Leaf-2 [BWB6] Reliable Protocol [RFC908,RH6] Data IRTP Internet Reliable Transaction[RFC938,TXM] ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77] NETBLT Bulk Data Transfer Protocol [RFC969,DDC1] MFE-NSP MFE Network...
  • Page 129 P-793H v 2 Support Notes KRYPTOLAN Kryptolan [PXL1] MIT Remote Disk Protocol [MBG] Virtual IPPC Internet Pluribus Packet Core [SHB] any distributed file system [IANA] SAT-MON SATNET Monitoring [SHB] VISA VISA Protocol [GXT1] Packet Core Utility [SHB] Protocol Network Executive[DXM2] Protocol Heart Beat [DXM2] Wang Span Network...

  • Page 130: L2Tp Layer Two Tunneling Protocol

    P-793H v 2 Support Notes Sitara Networks Protocol [Sridhar] Compaq-Peer Compaq Peer Protocol [Volpe] IPX-in-IP IPX in IP [Lee] VRRP Virtual Router Redundancy Protocol [Hinden] Reliable Transport Protocol[Speakman] 0-hop protocol [IANA] L2TP Layer Tunneling Protocol [Aboba] 116-254 Unassigned [IANA] Reserved [IANA] All contents copy right ©...

Table of Contents