Related Manuals for ZyXEL Communications ISG50
Summary of Contents for ZyXEL Communications ISG50
- Page 1 ISG50 Application Note Version 1.0 June, 2011...
- Page 2 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements, you can connect the ISG50 to the LAN or DMZ of the ZyWALL. The USG provides security services and the ISG50 acts as a pure IP PBX to provide VoIP services.
- Page 3 1.2 Configuration Guide Network Conditions USG 20W: ISG50: WAN IP: 59.124.163.156 WAN IP: 172.16.1.10 SIP server IP (ISG50): 172.16.1.10 USG 20W: Step 1. Click CONFIGURATION > Network > Interface > Ethernet to assign USG 20W a WAN IP.
- Page 4 Step 2. Assume ISG50’s WAN port is connected to LAN2 (port 4) of USG 20W. Configure an IP for this interface.
- Page 5 Fill in the Mapped IP (ISG’s IP) address. Configure the Original Port and the Mapped Port; here we set the SIP signaling port 5060 and RTP port range 10000-20000. Make sure these ports setting are the same as those set in ISG50.
- Page 6 Step 4. The user can create an address object for ISG50 for further configuration usage. Click Create new object for this function.
- Page 7 Step 5. Click CONFIGURATION > Network >Firewall to open the firewall configuration screen. Click on the Add button to create a firewall rule to enable the VoIP service to pass from the WAN to LAN2.
- Page 8 Step 6. Disable SIP ALG.
- Page 9 ISG50: Step 1. Set the WAN IP of USG 20W in the Fake IP field.
- Page 10 Step 2. Make sure the SIP signaling port and the RTP port range are the same as those you configured in the port forwarding in USG 20W.
- Page 11 Step 3. Disable the firewall in ISG50 since USG 20W acts as firewall.
- Page 12 Besides, road warriors and telecommuters can access the company’s network by installing the ZyXEL IPSec VPN client software. Goal to Achieve 1. Build an IPSec VPN tunnel between ISG50 and USG 20W. 2. Build an IPSec VPN tunnel for PC/laptop user’s dynamic access to ISG50.
- Page 13 2.2 Configuration Guide 2.2.1 Secure site-to-site connections using IPSec VPN Network Conditions ISG50: USG 20W: WAN IP: 59.124.163.156 WAN IP: 59.124.163.151 Local subnet: 10.5.5.0/24 Local subnet: 192.168.2.0/24 IPSec VPN Conditions Phase 1: Phase 2: Authentication: 1234567890 Active Protocol: ESP Negotiation mode: Main...
- Page 14 ISG50: Step 1. Click on the Add button to add a VPN gateway rule.
- Page 15 Step 2. To configure the VPN gateway rule, the user needs to fill in the following: - VPN gateway name. - Gateway address: My Address (ISG50’s IP) and Peer Gateway Address (USG’s IP). - Authentication setting. -Shared Key. ID Type setting (Local and Peer side).
- Page 16 - Phase-1 setting Negotiation mode Encryption algorithm Authentication algorithm Key Group Step 3. Click CONFIGURATION > VPN > IPSec VPN > VPN Connection to configure the phase-2 rule.
- Page 17 Step 4. To configure the phase 2 rule, the user needs to fill in the following: - VPN connection name - VPN gateway selection...
- Page 18 - Policy for Local network side Remote network side - Phase 2 Settings Active protocol Encapsulation mode Encryption algorithm Authentication algorithm Perfect Forward Secrecy Step 5. Click the Connect button to establish the VPN link. Once the tunnel is established, a connected icon will be displayed in front of the rule.
- Page 19 To configure the VPN gateway rule, user needs to fill in: - VPN gateway name - Gateway address: My Address (USG’s IP) and Peer Gateway Address (ISG50’s IP) - Authentication setting -Shared Key ID Type setting (Local and Peer side)
- Page 20 - Phase-1 setting Negotiation mode Encryption algorithm Authentication algorithm Key Group Step 3. Configure the phase-2 rule.
- Page 21 Step 4. To configure the phase 2 rule, user needs to fill in: - VPN connection name - VPN gateway selection - Policy for Local network side Remote network side - Phase 2 Settings Active protocol Encapsulation mode Encryption algorithm Authentication algorithm Perfect Forward Secrecy...
- Page 22 Before configuring Remote Policy in step 4, the user can create a specific object for the VPN subnet. Step 5. Click on the Connect button to establish the VPN link. Once the tunnel is established, a connected icon will be displayed in front of the rule.
- Page 23 Result: When the VPN tunnel is established, the user can find the SA information on MONITOR > VPN MONITOR > IPSec. ISG50: USG:...
- Page 24 5.2.2 Secure client-to-site connections using IPSec VPN ISG50: WAN IP: 59.124.163.156 Local subnet: 192.168.1.0/24 IPSec VPN Conditions Phase 1: Phase 2: Authentication: 111111111 Active Protocol: ESP Negotiation mode: Main Encapsulation Mode: Tunnel Encryption Algorithm: DES Encryption Algorithm: DES Authentication Algorithm: MD5...
- Page 25 Click on the Add button to add a VPN gateway rule. Step 2. To configure the VPN gateway rule, the user needs to fill in the following: - VPN gateway name - Gateway address: My Address (ISG50) peer (Dynamic Address) - Authentication setting -Shared Key ...
- Page 26 - Phase 1 Setting Step 3. Click CONFIGURATION > VPN > IPSec VPN > VPN Connection to configure the phase 2 rule.
- Page 27 Step 4. To configure the phase-2 rule, the user needs to fill in the following: - VPN connection name - VPN gateway selection - Policy for - Phase-2 setting...
- Page 28 Step 5. Start the ZyXEL IPSec VPN Client. Fill in the Phase 1 configuration.
- Page 29 Step 6. Configure the phase-2 parameters. Since it is a dynamic rule, the user MUST enable it from the VPN client. Click Open Tunnel to enable it. The icon will turn green if the VPN connection is established successfully.
- Page 30 Step 7. When the VPN tunnel is established, the user can find the SA information on MONITOR > VPN MONITOR > IPSec. Result: The user from IP 10.59.1.71 can ping the ISG50’s LAN1 IP 192.168.1.1.
Need help?
Do you have a question about the ISG50 and is the answer not in the manual?
Questions and answers