Manualsbrain.com
  1. Manuals
  2. Brands
  3. ZyXEL Communications
  4. 2602HWNLI-D7A
  5. User Manual

ZyXEL Communications 2602HWNLI-D7A User Manual

Download
Page of 246
 
Prestige 2602HWNLI-D7A Support Notes 
 
 
 
All contents copyright (c) 2007 ZyXEL Communications Corporation.   
207 
What VPN protocols are supported by Prestige? 
All Prestige series support ESP (protocol number 50) and AH (protocol number 51). 
What types of encryption does Prestige VPN support? 
Prestige supports 56-bit DES and 168-bit 3DES and AES. 
What types of authentication does Prestige VPN support? 
VPN vendors support a number of different authentication methods. Prestige VPN supports both SHA1 
and MD5. 
AH provides authentication, integrity, and replay protection (but not confidentiality). Its main difference with 
ESP is that AH also secures parts of the IP header of the packet (like the source/destination addresses), but ESP 
does not. 
 
ESP can provide authentication, integrity, replay protection, and confidentiality of the data (it secures 
everything in the packet that follows the header). Replay protection requires authentication and integrity (these 
two go always together). Confidentiality   
(encryption) can be used with or without authentication/integrity. Similarly, one could use 
authentication/integrity with or without confidentiality. 
I am planning my Prestige-to-Prestige VPN configuration. What do I need to know? 
First of all, both Prestige must have VPN capabilities. Please check the firmware version, V3.50 or later 
has the VPN capability.   
If your Prestige is capable of VPN, you can find the VPN options in Advanced>VPN tab.   
For configuring a 'box-to-box VPN', there are some tips:   
1.  If there is a NAT router running in the front of Prestige, please make sure the NAT router supports 
to pass through IPSec.   
2.  In NAT case (either run on the frond end router, or in Prestige VPN box), only IPSec ESP 
tunneling mode is supported since NAT againsts AH mode.   
3.  Source IP/Destination IP-- Please do not number the LANs (local and remote) using the same 
exact range of private IP addresses. This will make VPN destination addresses and the local LAN 
addresses are indistinguishable, and VPN will not work.   
4.  Secure Gateway IP Address -- This must be a public, routable IP address, private IP is not 
allowed. That means it can not be in the 10.x.x.x subnet, the 192.168.x.x subnet, nor in the range