ZyXEL NBG420N Manuel d'utilisateur Page 190
- Page / 340
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 15 IPSec VPN
NBG420N User’s Guide
190
Additional IPSec VPN Topics
This section discusses other IPSec VPN topics that apply to either IKE SAs or IPSec SAs or
both. Relationships between the topics are also highlighted.
SA Life Time
SAs have a lifetime that specifies how long the SA lasts until it times out. When an SA times
out, the NBG420N automatically renegotiates the SA in the following situations:
• There is traffic when the SA life time expires
• The IPSec SA is configured on the NBG420N as nailed up (see below)
Otherwise, the NBG420N must re-negotiate the SA the next time someone wants to send
traffic.
Note: If the IKE SA times out while an IPSec SA is connected, the IPSec SA stays
connected.
An IPSec SA can be set to keep alive Normally, the NBG420N drops the IPSec SA when the
life time expires or after two minutes of outbound traffic with no inbound traffic. If you set the
IPSec SA to keep alive , the NBG420N automatically renegotiates the IPSec SA when the SA
life time expires, and it does not drop the IPSec SA if there is no inbound traffic.
Note: The SA life time and keep alive settings only apply if the rule identifies the
remote IPSec router by a static IP address or a domain name. If the Secure
Gateway Address field is set to 0.0.0.0, the NBG420N cannot initiate the
tunnel (and cannot renegotiate the SA).
Encryption and Authentication Algorithms
In most NBG420Ns, you can select one of the following encryption algorithms for each
proposal. The encryption algorithms are listed here in order from weakest to strongest.
• Data Encryption Standard (DES) is a widely used (but breakable) method of data
encryption. It applies a 56-bit key to each 64-bit block of data.
• Triple DES (3DES) is a variant of DES. It iterates three times with three separate keys,
effectively tripling the strength of DES.
You can select one of the following authentication algorithms for each proposal. The
algorithms are listed here in order from weakest to strongest.
• MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data.
• SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data.
Private DNS Server
In cases where you want to use domain names to access Intranet servers on a remote private
network that has a DNS server, you must identify that DNS server. You cannot use DNS
servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to
private IP addresses on the remote private network.
- User’s Guide 1
- About This User's Guide 3
- Document Conventions 4
- Icons Used in Figures 5
- Safety Warnings 6
- Safety Warnings 7
- Contents Overview 10
- NBG420N User’s Guide 10
- Table of Contents 11
- Chapter 7 13
- List of Figures 19
- List of Tables 25
- Introduction 29
- CHAPTER 1 31
- 1.3 AP Mode 32
- 1.7 LEDs 33
- CHAPTER 2 35
- Chapter 2 The WPS Button 36
- CHAPTER 3 37
- Chapter 23 on page 257 38
- 3.3 Resetting the NBG420N 39
- 3.5.1 Navigation Panel 42
- Table 5 Screens Summary 43
- 3.5.2 Summary: Any IP Table 44
- Table 6 Summary: DHCP Table 45
- 3.5.6 Summary: VPN Monitor 47
- CHAPTER 4 49
- 4.2.1 System Name 50
- 4.2.2 Domain Name 51
- Chapter 4 Connection Wizard 52
- 4.3.1 Basic (WEP) Security 53
- 4.4.1 Ethernet Connection 55
- 4.4.2 PPPoE Connection 55
- 4.4.3 PPTP Connection 56
- Chapter 4 Connection Wizard 57
- 4.4.4 Your IP Address 58
- 4.4.9 WAN MAC Address 61
- CHAPTER 5 65
- Chapter 5 AP Mode 66
- Figure 32 Status: AP Mode 66
- Chapter 5 AP Mode 67
- 5.3.1 Navigation Panel 68
- 5.4.1 LAN Settings 69
- CHAPTER 6 73
- Chapter 6 Tutorials 74
- Wireless Client 75
- NBG420N 75
- SSID SSID_Example3 76
- Chapter 6 Tutorials 77
- Figure 39 Status: AP Mode 78
- Figure 45 Property 81
- Figure 46 Local Policy 81
- Figure 47 Remote Policy 82
- Figure 49 IPSec Algorithm 82
- Figure 55 IPSec Algorithm 84
- Figure 56 VPN Summary 84
- Figure 58 SA Monitor 85
- CHAPTER 7 89
- 7.2.1 SSID 90
- 7.2.2 MAC Address Filter 90
- 7.2.3 User Authentication 90
- 7.2.4 Encryption 91
- 7.3 Roaming 92
- 7.4 Quality of Service 93
- 7.4.1 WMM QoS 94
- 7.5.1 No Security 96
- 7.5.2 WEP Encryption 96
- 7.5.3 WPA-PSK/WPA2-PSK 98
- 7.5.4 WPA/WPA2 99
- Chapter 7 Wireless LAN 100
- 7.6 MAC Filter 101
- Chapter 7 Wireless LAN 103
- 7.9 WiFi Protected Setup 106
- 7.9.2 WPS Station Screen 107
- 7.9.3 Scheduling 107
- Figure 72 Scheduling 108
- Table 39 Scheduling 108
- 7.10.1 Login Screen 109
- 7.10.2 System Status 110
- 7.10.3 WPS in Progress 112
- 7.10.4 Port Forwarding 113
- Figure 76 Port Forwarding 114
- Table 42 Port Forwarding 114
- Figure 77 Login Screen 115
- CHAPTER 8 117
- 8.4 Internet Connection 118
- 8.4.2 PPPoE Encapsulation 119
- Chapter 8 WAN 120
- Chapter 8 WAN 121
- 8.4.3 PPTP Encapsulation 122
- 8.5 Advanced WAN Screen 125
- Table 46 WAN > Advanced 126
- CHAPTER 9 127
- 9.2.3 Multicast 128
- 9.2.4 Any IP 128
- Chapter 9 LAN 129
- Figure 82 Any IP Example 129
- 9.3 LAN IP Screen 130
- 9.4 LAN IP Alias 130
- 9.5 Advanced LAN Screen 131
- Chapter 9 LAN 132
- CHAPTER 10 133
- Chapter 10 DHCP 134
- 10.4 Client List Screen 135
- CHAPTER 11 137
- 11.3 General NAT Screen 138
- Table 54 NAT Application 140
- 11.4.1 Game List Example 141
- Figure 92 Game List Example 142
- 11.6 NAT Advanced Screen 143
- CHAPTER 12 147
- Chapter 12 Dynamic DNS 148
- Figure 95 Dynamic DNS 148
- Table 56 Dynamic DNS 148
- Chapter 12 Dynamic DNS 149
- PART III 151
- CHAPTER 13 153
- 13.2 Triangle Routes 154
- Chapter 13 Firewall 155
- 13.4 Services Screen 156
- Chapter 13 Firewall 158
- CHAPTER 14 161
- Chapter 14 Content Filtering 162
- 14.5 Schedule 163
- CHAPTER 15 165
- Chapter 15 IPSec VPN 166
- 15.2 The General Screen 167
- Chapter 15 IPSec VPN 169
- 15.3 The SA Monitor Screen 183
- IKE SA Proposal 185
- Authentication 186
- Negotiation Mode 187
- VPN, NAT, and NAT Traversal 187
- IPSec Protocol 188
- Encapsulation 188
- Additional IPSec VPN Topics 190
- Management 193
- CHAPTER 16 195
- CHAPTER 17 199
- Advanced screen 203
- CHAPTER 18 209
- 18.2 WWW Screen 210
- 18.3 Telnet 211
- 18.4 Telnet Screen 211
- 18.5 FTP Screen 212
- 18.6 DNS Screen 212
- Chapter 18 Remote Management 213
- Chapter 18 Remote Management 214
- CHAPTER 19 215
- 19.2 UPnP and ZyXEL 216
- 19.3 UPnP Screen 216
- Figure 140 System Tray Icon 223
- Network 224
- Maintenance and 227
- Troubleshooting 227
- CHAPTER 20 229
- 20.3 Time Setting Screen 230
- Chapter 20 System 231
- Chapter 20 System 232
- CHAPTER 21 233
- 21.2 Log Settings 234
- Chapter 21 Logs 235
- Chapter 21 Logs 236
- 21.3 Log Descriptions 237
- Table 89 System Error Logs 238
- Table 91 TCP Reset Logs 238
- Table 92 Packet Filter Logs 239
- Table 93 ICMP Logs 239
- Table 98 Attack Logs 241
- Table 99 IPSec Logs 242
- Table 100 IKE Logs 242
- Table 101 PKI Logs 245
- Table 102 802.1X Logs 246
- Table 103 ACL Setting Notes 247
- Table 104 ICMP Notes 247
- Table 105 Syslog Logs 248
- CHAPTER 22 251
- 22.2 Configuration Screen 252
- 22.2.1 Backup Configuration 253
- 22.2.2 Restore Configuration 253
- 22.3 Restart Screen 254
- 22.4 Wake On LAN 255
- Chapter 22 Tools 256
- CHAPTER 23 257
- Chapter 23 Configuration Mode 258
- CHAPTER 24 259
- Internet 260
- Chapter 24 Sys Op Mode 262
- CHAPTER 25 263
- Chapter 25 Language 264
- CHAPTER 26 265
- V I forgot the password 266
- FTP to upload new firmware 267
- 26.3 Internet Access 268
- AP or router) 269
- 26.6 Advanced Features 270
- Appendices and 271
- APPENDIX A 273
- Table 114 Firmware Features 274
- Wall-mounting Instructions 276
- APPENDIX B 279
- JavaScripts 282
- Java Permissions 283
- JAVA (Sun) 284
- APPENDIX C 285
- Subnet Masks 286
- Notation 287
- Subnetting 288
- Example: Four Subnets 289
- Example: Eight Subnets 290
- Subnet Planning 291
- Configuring IP Addresses 292
- APPENDIX D 293
- Installing Components 294
- Configuring 295
- Windows 2000/NT/XP 296
- Macintosh OS 8/9 301
- Macintosh OS X 303
- Verifying Settings 304
- Using Configuration Files 307
- 26.6.1 Verifying Settings 308
- APPENDIX E 309
- Appendix E Wireless LANs 310
- Appendix E Wireless LANs 311
- Fragmentation Threshold 312
- Preamble Type 313
- IEEE 802.1x 313
- Types of RADIUS Messages 314
- Types of Authentication 315
- PEAP (Protected EAP) 316
- Dynamic WEP Key Exchange 316
- Encryption 317
- Security Parameters Summary 319
- APPENDIX F 321
- Appendix F Services 322
- Appendix F Services 323
- APPENDIX G 325
- ZyXEL Limited Warranty 327
- Appendix G Legal Information 328
- APPENDIX H 329
- Appendix H Customer Support 330
- Appendix H Customer Support 331
Produits connexes et manuels pour Routeurs ZyXEL NBG420N
Routeurs ZyXEL NBG4115 Manuel d'utilisateur
(274 pages)
(274 pages)
Routeurs ZyXEL P-661H-D Manuel d'utilisateur
(113 pages)
(113 pages)
Routeurs ZyXEL ADSL2+ Manuel d'utilisateur
(302 pages)
(302 pages)
Routeurs ZyXEL B-500 Manuel d'utilisateur
(209 pages)
(209 pages)
(126 pages)
Routeurs ZyXEL ZYAIR B-1000 Manuel d'utilisateur
(231 pages)
(231 pages)
Routeurs ZyXEL AMG1302 Manuel d'utilisateur
(320 pages)
(320 pages)
Routeurs ZyXEL Prestige 643 Manuel d'utilisateur
(179 pages)
(179 pages)
Routeurs ZyXEL P-2302R Manuel d'utilisateur
(384 pages)
(384 pages)
Routeurs ZyXEL EMG5324-D10A Manuel d'utilisateur
(382 pages)
(382 pages)
Routeurs ZyXEL NBG4615 Manuel d'utilisateur
(364 pages)
(364 pages)
Routeurs ZyXEL 100 Series Manuel d'utilisateur
(902 pages)
(902 pages)
Routeurs ZyXEL ZyWALL 2WG Manuel d'utilisateur
(264 pages)
(264 pages)
© 2020, manymanuals.fr. Tous droits réservés | 0.810 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels