User ManualTable of ContentsP-2608HWL-Dx Series1Copyright3Certifications4Safety Warnings6ZyXEL Limited Warranty8Customer Support9Table of Contents11List of Figures25List of Tables33Preface39Getting To Know the ZyXEL Device411.1 Overview411.1.1 VoIP Features411.1.2 DSL Router421.2 LEDs (Lights)42Introducing the Web Configurator452.1 Web Configurator Overview452.1.1 Accessing the Web Configurator452.1.2 The RESET Button482.1.2.1 Using The Reset Button482.2 Web Configurator Main Screen482.2.1 Title Bar492.2.2 Navigation Panel492.2.3 Status Bar52Internet and Wireless Setup Wizard533.1 Introduction533.2 Internet Access Wizard Setup533.2.1 Manual Configuration553.3 Wireless Connection Wizard Setup603.3.1 Automatically assign a WPA key633.3.2 Manually Assign a WPA key633.3.3 Manually Assign a WEP key63VoIP Wizard And Example674.1 Introduction674.2 VoIP Wizard Setup67Bandwidth Management Wizard735.1 Introduction735.2 Predefined Media Bandwidth Management Services735.3 Bandwidth Management Wizard Setup74Status Screens796.1 Status Screen796.2 Any IP Table826.3 WLAN Status836.4 Packet Statistics836.5 VoIP Statistics85WAN Setup897.1 WAN Overview897.1.1 Encapsulation897.1.1.1 ENET ENCAP897.1.1.2 PPP over Ethernet897.1.1.3 PPPoA907.1.1.4 RFC 1483907.1.2 Multiplexing907.1.2.1 VC-based Multiplexing907.1.2.2 LLC-based Multiplexing907.1.3 VPI and VCI907.1.4 IP Address Assignment917.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation917.1.4.2 IP Assignment with RFC 1483 Encapsulation917.1.4.3 IP Assignment with ENET ENCAP Encapsulation917.1.5 Nailed-Up Connection (PPP)917.1.6 NAT917.2 Metric927.3 Traffic Shaping927.3.1 ATM Traffic Classes937.3.1.1 Constant Bit Rate (CBR)937.3.1.2 Variable Bit Rate (VBR)937.3.1.3 Unspecified Bit Rate (UBR)947.4 Zero Configuration Internet Access947.5 Internet Access Setup947.5.1 Advanced Internet Access Setup977.6 WAN More Connections987.6.1 WAN More Connections Modify Screen997.7 Traffic Redirect1027.8 WAN Backup Setup103LAN Setup1058.1 LAN Overview1058.1.1 LANs, WANs and the ZyXEL Device1058.1.2 DHCP Setup1068.1.2.1 IP Pool Setup1068.1.3 DNS Server Address1068.1.4 DNS Server Address Assignment1078.2 LAN TCP/IP1078.2.1 IP Address and Subnet Mask1078.2.1.1 Private IP Addresses1088.2.2 RIP Setup1088.2.3 Multicast1098.2.4 Any IP1098.2.4.1 How Any IP Works1108.3 Configuring LAN IP1118.3.1 Configuring Advanced LAN Setup1118.4 DHCP Setup1138.5 LAN Client List1148.6 LAN IP Alias115Wireless LAN1199.1 Wireless Network Overview1199.2 Wireless Security Overview1209.2.1 SSID1209.2.2 MAC Address Filter1209.2.3 User Authentication1209.2.4 Encryption1219.2.5 One-Touch Intelligent Security Technology (OTIST)1229.3 Wireless Performance Overview1229.3.1 Quality of Service (QoS)1229.4 Additional Wireless Terms1229.5 General Wireless LAN Screen1239.5.1 No Security1249.5.2 WEP Encryption Screen1259.5.3 WPA(2)-PSK1269.5.4 WPA(2) Authentication Screen1289.5.5 Wireless LAN Advanced Setup1299.6 OTIST Screen1309.6.1 Notes on OTIST1339.7 MAC Filter1349.8 QoS Screen1359.8.1 Application Priority Configuration136Network Address Translation (NAT) Screens13910.1 NAT Overview13910.1.1 NAT Definitions13910.1.2 What NAT Does14010.1.3 How NAT Works14010.1.4 NAT Application14110.1.5 NAT Mapping Types14110.2 SUA (Single User Account) Versus NAT14210.3 NAT General Setup14210.4 Port Forwarding14310.4.1 Default Server IP Address14410.4.2 Port Forwarding: Services and Port Numbers14410.4.3 Configuring Servers Behind Port Forwarding (Example)14410.5 Configuring Port Forwarding14510.5.1 Port Forwarding Rule Edit14610.6 Address Mapping14710.6.1 Address Mapping Rule Edit14810.6.2 SIP ALG149SIP15111.1 SIP Overview15111.1.1 Introduction to VoIP15111.1.2 Introduction to SIP15111.1.3 SIP Identities15111.1.3.1 SIP Number15111.1.3.2 SIP Service Domain15211.1.4 SIP Call Progression15211.1.5 SIP Client Server15211.1.5.1 SIP User Agent15311.1.5.2 SIP Proxy Server15311.1.5.3 SIP Redirect Server15411.1.5.4 SIP Register Server15411.1.6 RTP15411.1.7 NAT and SIP15511.1.7.1 SIP ALG15511.1.7.2 Use NAT15511.1.7.3 STUN15511.1.7.4 Outbound Proxy15611.1.8 Voice Coding15611.1.9 PSTN Call Setup Signaling15611.1.10 MWI (Message Waiting Indication)15711.1.11 Custom Tones (IVR)15711.1.11.1 Recording Custom Tones15711.1.11.2 Listening to Custom Tones15711.1.11.3 Deleting Custom Tones15711.1.12 Quality of Service (QoS)15811.1.12.1 Type Of Service (ToS)15811.1.12.2 DiffServ15811.1.12.3 DSCP and Per-Hop Behavior15811.1.12.4 VLAN15911.2 SIP Screens15911.2.1 SIP Settings Screen15911.2.2 Advanced SIP Setup Screen16111.2.3 SIP QoS Screen165Phone16712.1 Phone Overview16712.1.1 Voice Activity Detection/Silence Suppression/Comfort Noise16712.1.2 Echo Cancellation16712.1.3 Supplementary Phone Services Overview16712.1.3.1 The Flash Key16812.1.3.2 Europe Type Supplementary Phone Services16812.1.3.3 USA Type Supplementary Services17012.2 Phone Screens17112.2.1 Analog Phone Screen17112.2.2 Advanced Analog Phone Setup Screen17212.2.3 Common Phone Settings Screen17412.2.4 Phone Region Screen174Phone Book17713.1 Phone Book Overview17713.2 Speed Dial Screen17713.3 Incoming Call Policy Screen17913.4 Group Ring Screen181PSTN Line18514.1 PSTN Line Overview18514.2 PSTN Line Screen185Firewalls18715.1 Firewall Overview18715.2 Types of Firewalls18715.2.1 Packet Filtering Firewalls18715.2.2 Application-level Firewalls18815.2.3 Stateful Inspection Firewalls18815.3 Introduction to ZyXEL’s Firewall18815.3.1 Denial of Service Attacks18915.4 Denial of Service18915.4.1 Basics18915.4.2 Types of DoS Attacks19015.4.2.1 ICMP Vulnerability19215.4.2.2 Illegal Commands (NetBIOS and SMTP)19215.4.2.3 Traceroute19315.5 Stateful Inspection19315.5.1 Stateful Inspection Process19415.5.2 Stateful Inspection on Your ZyXEL Device19415.5.3 TCP Security19515.5.4 UDP/ICMP Security19515.5.5 Upper Layer Protocols19615.6 Guidelines for Enhancing Security with Your Firewall19615.6.1 Security In General19615.7 Packet Filtering Vs Firewall19715.7.1 Packet Filtering:19715.7.1.1 When To Use Filtering19815.7.2 Firewall19815.7.2.1 When To Use The Firewall198Firewall Configuration19916.1 Access Methods19916.2 Firewall Policies Overview19916.3 Rule Logic Overview20016.3.1 Rule Checklist20016.3.2 Security Ramifications20016.3.3 Key Fields For Configuring Rules20116.3.3.1 Action20116.3.3.2 Service20116.3.3.3 Source Address20116.3.3.4 Destination Address20116.4 Connection Direction20116.4.1 LAN to WAN Rules20216.4.2 Alerts20216.5 General Firewall Policy20216.6 Firewall Rules Summary20316.6.1 Configuring Firewall Rules20516.6.2 Customized Services20816.6.3 Configuring A Customized Service20916.7 Example Firewall Rule20916.8 DoS Thresholds21316.8.1 Threshold Values21316.8.2 Half-Open Sessions21416.8.2.1 TCP Maximum Incomplete and Blocking Time21416.8.3 Configuring Firewall Thresholds215Content Filtering21717.1 Content Filtering Overview21717.2 Configuring Keyword Blocking21717.3 Configuring the Schedule21817.4 Configuring Trusted Computers219IPSec VPN22118.1 IPSec VPN Overview22118.1.1 IKE SA Overview22218.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router22218.1.1.2 IKE SA Proposal22318.1.1.3 Diffie-Hellman (DH) Key Exchange22318.1.1.4 Authentication22418.1.1.5 Extended Authentication22518.1.2 Additional Topics for IKE SA22618.1.2.1 Negotiation Mode22618.1.2.2 VPN, NAT and NAT Traversal22618.1.3 IPSec SA Overview22718.1.3.1 Local Network and Remote Network22818.1.3.2 Active Protocol22818.1.3.3 Encapsulation22818.1.3.4 IPSec SA Proposal and Perfect Forward Secrecy22918.1.4 Additional Topics for IPSec SA22918.1.4.1 IPSec SA using Manual Keys22918.2 VPN Setup Screen23018.3 Editing VPN Policies23218.4 Configuring Advanced IKE Settings23718.5 Configuring Manual Key24018.6 Viewing SA Monitor24318.7 Configuring Global Setting24518.8 Telecommuter VPN/IPSec Examples24518.8.1 Telecommuters Sharing One VPN Rule Example24518.8.2 Telecommuters Using Unique VPN Rules Example24618.9 VPN and Remote Management248Certificates24919.1 Certificates Overview24919.1.1 Advantages of Certificates25019.2 Self-signed Certificates25019.3 Configuration Summary25019.4 My Certificates25119.5 My Certificate Import25319.5.1 Certificate File Formats25319.6 My Certificate Create25419.7 My Certificate Details25619.8 Trusted CAs25919.9 Trusted CA Import26119.10 Trusted CA Details26219.11 Trusted Remote Hosts26419.12 Verifying a Trusted Remote Host’s Certificate26619.12.1 Trusted Remote Host Certificate Fingerprints26619.13 Trusted Remote Hosts Import26719.14 Trusted Remote Host Certificate Details26719.15 Directory Servers27019.16 Directory Server Add or Edit271Static Route27320.1 Static Route27320.2 Configuring Static Route27320.2.1 Static Route Edit274Bandwidth Management27721.1 Bandwidth Management Overview27721.2 Application-based Bandwidth Management27721.3 Subnet-based Bandwidth Management27721.4 Application and Subnet-based Bandwidth Management27821.5 Scheduler27821.5.1 Priority-based Scheduler27821.5.2 Fairness-based Scheduler27921.6 Maximize Bandwidth Usage27921.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic27921.6.2 Maximize Bandwidth Usage Example28021.6.2.1 Priority-based Allotment of Unused & Unbudgeted Bandwidth28021.6.2.2 Fairness-based Allotment of Unused & Unbudgeted Bandwidth28121.6.3 Bandwidth Management Priorities28121.7 Over Allotment of Bandwidth28221.8 Configuring Summary28221.9 Bandwidth Management Rule Setup28321.9.1 Rule Configuration28521.10 Bandwidth Monitor287Dynamic DNS Setup28922.1 Dynamic DNS Overview28922.1.1 DYNDNS Wildcard28922.2 Configuring Dynamic DNS289Remote Management Configuration29323.1 Remote Management Overview29323.1.1 Remote Management Limitations29323.1.2 Remote Management and NAT29423.1.3 System Timeout29423.2 Introduction to HTTPS29423.3 WWW29523.4 Telnet29623.5 Configuring Telnet29723.6 Configuring FTP29823.7 SNMP29923.7.1 Supported MIBs30023.7.2 SNMP Traps30023.7.3 Configuring SNMP30023.8 Configuring DNS30223.9 Configuring ICMP30223.10 TR-069304Universal Plug-and-Play (UPnP)30724.1 Introducing Universal Plug and Play30724.1.1 How do I know if I'm using UPnP?30724.1.2 NAT Traversal30724.1.3 Cautions with UPnP30824.2 UPnP and ZyXEL30824.2.1 Configuring UPnP30824.3 Installing UPnP in Windows Example30924.4 Using UPnP in Windows XP Example312System31925.1 General Setup and System Name31925.1.1 General Setup31925.2 Time Setting321Logs32526.1 Logs Overview32526.1.1 Alerts and Logs32526.2 Viewing the Logs32526.3 Configuring Log Settings32626.4 SMTP Error Messages32926.4.1 Example E-mail Log329Tools33127.1 Introduction33127.2 Filename Conventions33127.3 File Maintenance Over WAN33227.4 Firmware Upgrade Screen33227.5 Backup and Restore33427.5.1 Backup Configuration33527.5.2 Restore Configuration33527.5.3 Reset to Factory Defaults33627.6 Restart33727.7 Using FTP or TFTP to Back Up Configuration33727.7.1 Using the FTP Commands to Back Up Configuration33727.7.2 FTP Command Configuration Backup Example33827.7.3 Configuration Backup Using GUI-based FTP Clients33827.7.4 Backup Configuration Using TFTP33927.7.5 TFTP Command Configuration Backup Example33927.7.6 Configuration Backup Using GUI-based TFTP Clients34027.8 Using FTP or TFTP to Restore Configuration34027.8.1 Restore Using FTP Session Example34127.9 FTP and TFTP Firmware and Configuration File Uploads34127.9.1 FTP File Upload Command from the DOS Prompt Example34127.9.2 FTP Session Example of Firmware File Upload34227.9.3 TFTP File Upload34227.9.4 TFTP Upload Command Example343Diagnostic34528.1 General Diagnostic34528.2 DSL Line Diagnostic345Troubleshooting34929.1 Problems Starting Up the ZyXEL Device34929.2 Problems with the LAN34929.3 Problems with the WAN35029.4 Problems Accessing the ZyXEL Device35129.4.1 Pop-up Windows, JavaScripts and Java Permissions35129.4.1.1 Internet Explorer Pop-up Blockers35229.4.1.2 JavaScripts35529.4.1.3 Java Permissions35729.5 Telephone Problems359Product Specifications361Setting up Your Computer’s IP Address367IP Addresses and Subnetting379Common Services387Importing Certificates389Triangle Route399Log Descriptions403Internal SPTGEN415Index441A441B441C441D442E443F443G444H444I444J445K445L445M446N446O446P446Q447R447S448T449U449V449W450Z451Size: 13.2 MBPages: 451Language: EnglishOpen manual
