ZyXEL P-661H-D Bedienungsanleitung

P-661H-D Series ADSL2+ 4-port Security Gateway Support Notes Version3.40 Mar. 2006

P-661H-D Series Support Notes The following table summarizes the five types. NAT Type IP Mapping One-to-O

P-661H-D Series Support Notes (2) My IP Address is the WAN IP of Prestige in Branch_B, 202.2.1.1 in the examp

P-661H-D Series Support Notes Remote Address Type is Range Address and IP Address Start is 192.168.2.0, IP Ad

P-661H-D Series Support Notes Support Tool 1. LAN/WAN Packet Trace The Prestige packet trace records and anal

P-661H-D Series Support Notes (2) Trace WAN packet • Disable the capture of the LAN packet by entering: s

P-661H-D Series Support Notes • Offline Trace • Disable the capture of the WAN packet by entering: sys t

P-661H-D Series Support Notes • Capture the detailed logs by Hyper Terminal Step 1: Initiate a hyper termina

P-661H-D Series Support Notes Step 3: So that after you invoke the relevant commands, you could save the lo

P-661H-D Series Support Notes 2. Firmware/Configurations Uploading and Downloading using TFTP • Using TFT

P-661H-D Series Support Notes The 192.168.1.1 is the IP address of the Prestige. The local file is the sou

P-661H-D Series Support Notes  The 192.168.1.1 is the IP address of the Prestige.  The local file is th

P-661H-D Series Support Notes • Allow everything that is not spoofing us Filter rule setup: • Filter type

P-661H-D Series Support Notes [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 put [local-ras] ras <- upload fi

P-661H-D Series Support Notes 'Binary'. Step 2: Press 'OK' to ignore the 'Username&

P-661H-D Series Support Notes Step 4: The Prestige reboots automatically after the uploading is finished. Ple

P-661H-D Series Support Notes CI Command Reference Command Syntax and General User Interface CI has the fo

P-661H-D Series Support Notes Product FAQ 1. How can I manage P-661H-D?  Multilingual Embedded Web GUI

P-661H-D Series Support Notes do not interfere with your voice transmissions. For the details about how to co

P-661H-D Series Support Notes The outside users can always access the web server using the www.zyxel.com.tw r

P-661H-D Series Support Notes For forwarding the inbound IPSec ESP tunnel, A 'Default' server set i

P-661H-D Series Support Notes 16. What do the parameters (PCR, SCR, MBS) mean? Traffic shaping parameters (PC

P-661H-D Series Support Notes when the P-661H-D performs content filtering. You can also specify trusted IP A

P-661H-D Series Support Notes ADSL FAQ 1. How does ADSL compare to Cable modems? ADSL provides a dedicated se

P-661H-D Series Support Notes 6. Does the VC-based multiplexing perform better than the LLC-based multiplexin

P-661H-D Series Support Notes FAQ ...

P-661H-D Series Support Notes More and more Telco/ISPs are providing three kinds of services (VoIP, Video and

P-661H-D Series Support Notes Firewall FAQ General 1. What is a network firewall? A firewall is a system

P-661H-D Series Support Notes address and protocol. They also 'inspect' the session data to assure

P-661H-D Series Support Notes 1. Those that exploits bugs in a TCP/IP implementation such as Ping of Death a

P-661H-D Series Support Notes 11 What is Brute-force attack? A Brute-force attack, such as 'Smurf&apos

P-661H-D Series Support Notes 1. Change the default Administrator password since it is required when setting

P-661H-D Series Support Notes (3) WWW/Telnet service is enabled but your host IP is not the secured host ent

P-661H-D Series Support Notes (2) You have disabled FTP service in Web Configurator, Advanced setup, Advanced

P-661H-D Series Support Notes • Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings

P-661H-D Series Support Notes VPN FAQ General FAQ 1. What is VPN? A VPN gives users a secure link to access c

P-661H-D Series Support Notes 17. What do the ATM QoS Types (CBR, UBR, VBR-nRT, VBR-RT) mean?...

P-661H-D Series Support Notes PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets

P-661H-D Series Support Notes There is no restriction that the IPSec hosts and the security gateway must be s

P-661H-D Series Support Notes IP address dynamically assigned from ISP, so P-661H-D needs additional informat

P-661H-D Series Support Notes 2. What kind of VPN protocols are supported on P-661H-D? All P-661H-D series s

P-661H-D Series Support Notes VPN Gateway behind NAT ESP Tunnel mode NAT in Transport mode None (3) Source I

P-661H-D Series Support Notes We have tested P-661H-D successfully with the following third party VPN gateway

P-661H-D Series Support Notes NAT*NAT in Transport mode None * The NAT router must support IPSec pass throug

P-661H-D Series Support Notes disconnected either manually, by idle timer, or because of power cycle, packet

P-661H-D Series Support Notes Application Notes General Application Notes 1. Internet Access Using P-661H-D u

P-661H-D Series Support Notes Setup your P-661H-D under bridge mode The following procedure shows you how

P-661H-D Series Support Notes General FAQ...

P-661H-D Series Support Notes Internet Connection. Key Settings: Option Description Encapsulation Sele

P-661H-D Series Support Notes Connect the LAN ports of all computers to the LAN Interface of P-661H-D using E

P-661H-D Series Support Notes Option Description Encapsulation Select the correct Encapsulation type that yo

P-661H-D Series Support Notes 4. SUA Notes Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting)

P-661H-D Series Support Notes mIRC None for Chat. For DCC, please set Default/Client IP . Windows PPTP No

P-661H-D Series Support Notes Network Time Protocol (NTP) None 123 /server IP Win2k Terminal Server None

P-661H-D Series Support Notes Configure an Internal Server behind SUA Introduction If you wish, you can

P-661H-D Series Support Notes Setup, Network -> NAT -> Port Forwarding. The outside users can access th

P-661H-D Series Support Notes FTP 21 Telnet 23 SMTP 25 DNS (Domain Name Server) 53 www-http (Web) 80 Config

P-661H-D Series Support Notes Window98 PPTP Client / Internet / NT RAS Server Protocol Stack PPTP appears

P-661H-D Series Support Notes 3. Setup the P-661H-D as a DHCP Relay ...41 4. SUA

P-661H-D Series Support Notes Example The following example shows how to dial to an ISP via the P-661H-D an

P-661H-D Series Support Notes Select service name as ‘PPTP’, fill in the Server IP Address, then press button

P-661H-D Series Support Notes 5. Using Full Feature NAT When P-661H-D is in Routing mode, you can select NA

P-661H-D Series Support Notes The P-661H-D has 8 remote nodes and so allows you to configure 8 NAT Address Ma

P-661H-D Series Support Notes IP. Global End IP This is the ending global IP address (IGA). N/A Type This i

P-661H-D Series Support Notes The following table describes the fields in this screen. Field Descripti

P-661H-D Series Support Notes Setp 3: Set NAT address mapping rule for the Address Mapping Set you just confi

P-661H-D Series Support Notes server sets ip nat server save Save the NAT server set buffer into flash ip na

P-661H-D Series Support Notes Please note that a server can support more than one service, e.g., a server can

P-661H-D Series Support Notes In our Internet Access example, we only need one rule where all our ILAs map to

P-661H-D Series Support Notes FAQ ZyNOS FAQ 1. What is ZyNOS? ZyNOS is ZyXEL's proprietary Network Op

P-661H-D Series Support Notes below: (3) Using Multiple Global IP addresses for clients and servers (One-to-O

P-661H-D Series Support Notes Step 1: In this case, we need to map ILA to more than one IGA, therefore we mus

P-661H-D Series Support Notes Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3 (200.0.

P-661H-D Series Support Notes Step 3: Now we configure all other incoming traffic to go to our web server an

P-661H-D Series Support Notes One rule configured for using Many-to-Many No Overload mapping type is shown b

P-661H-D Series Support Notes When the ISP assigns the P-661H-D a new IP, the P-661H-D must inform the DDNS s

P-661H-D Series Support Notes User Name Enter the user name that the DDNS server gives to you. Password Enter

P-661H-D Series Support Notes When receiving any SNMP get or set requirement with wrong community, this trap

P-661H-D Series Support Notes The SNMP related settings in P-661H-D are configured in Web Configurator, Adva

P-661H-D Series Support Notes Trap Destination Enter the IP address of the NMS that you wish to send the trap

P-661H-D Series Support Notes b. Enter CI command 'sys stdio 0' to disable Stdio idle timeout c.

P-661H-D Series Support Notes The P-661H-D supports three virtual LAN interfaces via its single physical Eth

P-661H-D Series Support Notes You can edit filter rule to accept or deny LAN packets from/to the IP alias 1/2

P-661H-D Series Support Notes and remote node connections, we can route the Web packets to the Internet using

P-661H-D Series Support Notes The actions that can be taken include routing the packet to a different gateway

P-661H-D Series Support Notes (Set the protocol ID as 6(TCP) for the rule) ip policyrouting set criteria serv

P-661H-D Series Support Notes 11. Using Call Scheduling • What is Call Scheduling? Call scheduling enables

P-661H-D Series Support Notes wan callsch oncedate 2005 12 27 (Set the schedule used just once, it works on 2

P-661H-D Series Support Notes • Time Service in P-661H-D There is no RTC (Real-Time Clock) chip so the P-6

P-661H-D Series Support Notes needs to be forwarded. At start up, the P-661H-D queries all directly connected

P-661H-D Series Support Notes Fairness-Based is chosen, then the bandwidth is allocated by ratio. Which means

P-661H-D Series Support Notes with its own address and the source port in the TCP or UDP header with another

P-661H-D Series Support Notes Step 3: You can modify the rule by clicking the button ‘Edit’ on the rule: Ke

P-661H-D Series Support Notes Destination Subnet Mask Enter the destination subnet mask. Destination Port Ent

P-661H-D Series Support Notes services of the line will be. After that, system will save back the correct VPI

P-661H-D Series Support Notes (3) Delete items from the auto-haunting preconfigured table by useing command:

P-661H-D Series Support Notes (4) Basically the zero configuration only work on the VC that was preconigured

P-661H-D Series Support Notes The packet filter function on P-661H-D is the same as before, just that you cou

P-661H-D Series Support Notes • Apply to LAN Interface: lan index [index#] Usage: index#=1 main LAN

P-661H-D Series Support Notes mask] the rule sys filter set destport [port#] [compare type = none|equal|noteq

P-661H-D Series Support Notes IPSEC VPN Application Notes 1. How to use P-661H-D to build VPN Tunnel with ano

P-661H-D Series Support Notes The IP addresses we use in this example are as below. PC 1 Prestige A Pr

P-661H-D Series Support Notes must be configured. (You can configure it in Web Configurator, Advanced Setup,

P-661H-D Series Support Notes (3) On the SUMMARY menu, select a policy to edit by clicking Edit. On P-661H-D

P-661H-D Series Support Notes (6) Fill in the VPN Gateway information in the Address Information field. My I

P-661H-D Series Support Notes Note: If there’s a NAT router between the two VPN Secure Gateways, we should on

P-661H-D Series Support Notes Secure Gateway Address is the remote secure gateway, Prestige A’s WAN IP, 202.1

P-661H-D Series Support Notes Prestige> ipsec debug 1 IPSEC debug level 1 Prestige> catcher(): recv pkt

P-661H-D Series Support Notes Most of the cases, static IP addresses are used for VPN tunneling endpoints. Bu

P-661H-D Series Support Notes Step 1: In Prestige A, please register a DDNS account from http://www.dyndns.or

P-661H-D Series Support Notes internal server according to the service port and private IP entered in SUA/NAT

P-661H-D Series Support Notes The IP addresses we use in this example are as shown below. Branch_A Headquart

P-661H-D Series Support Notes Be very careful about the remote IP address in branch office B, because systems