ZyXEL Communications NWD-210N - FOR MAC V1.00 Guide de l'utilisateur Page 143
- Page / 292
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 18 IPSec VPN
NBG5715 User’s Guide
143
• Main Mode ensures the highest level of security when the communicating parties are
negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation,
Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number). This mode
features identity protection (your identity is not revealed in the negotiation).
• Aggressive Mode is quicker than Main Mode because it eliminates several steps when the
communicating parties are negotiating authentication (phase 1). However the trade-off is that
faster speed limits its negotiating power and it also does not provide identity protection. It is
useful in remote access situations where the address of the initiator is not know by the responder
and both parties want to use pre-shared key authentication.
18.7.5 IPSec and NAT
Read this section if you are running IPSec on a host computer behind the NBG5715.
NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using
the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash
value appended to the packet. When using AH protocol, packet contents (the data payload) are not
encrypted.
A NAT device in between the IPSec endpoints will rewrite either the source or destination address
with one of its own choosing. The VPN device at the receiving end will verify the integrity of the
incoming packet by computing its own hash value, and complain that the hash value appended to
the received packet doesn't match. The VPN device at the receiving end doesn't know about the
NAT in the middle, so it assumes that the data has been maliciously altered.
IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a
new IP packet. The new IP packet's source address is the outbound address of the sending VPN
gateway, and its destination address is the inbound address of the VPN device at the receiving end.
When using ESP protocol with authentication, the packet contents (in this case, the entire original
packet) are encrypted. The encrypted contents, but not the new headers, are signed with a hash
value appended to the packet.
Tunnel mode ESP with authentication is compatible with NAT because integrity checks are
performed over the combination of the "original header plus original payload," which is unchanged
by a NAT device.
Transport mode ESP with authentication is not compatible with NAT.
18.7.6 VPN, NAT, and NAT Traversal
NAT is incompatible with the AH protocol in both transport and tunnel mode. An IPSec VPN using
the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash
value appended to the packet, but a NAT device between the IPSec endpoints rewrites the source or
destination address. As a result, the VPN device at the receiving end finds a mismatch between the
hash value and the data and assumes that the data has been maliciously altered.
Table 57 VPN and NAT
SECURITY PROTOCOL MODE NAT
AH Transport N
AH Tunnel N
ESP Transport N
ESP Tunnel Y
- Default Login Details 1
- About This User's Guide 3
- Need More Help? 4
- Customer Support 4
- Document Conventions 5
- Icons Used in Figures 6
- Safety Warnings 7
- Contents Overview 10
- NBG5715 User’s Guide 10
- Table of Contents 11
- Table of Contents 13
- User’s Guide 19
- CHAPTER 1 21
- 1.2 Applications 22
- 1.5 LEDs 23
- CHAPTER 2 25
- CHAPTER 3 26
- 3.2.1 The Menus 28
- CHAPTER 4 33
- 4.2.2 Weather Edit 34
- 4.3 Resetting the NBG5715 35
- CHAPTER 5 37
- 5.3 The Log Screen 38
- 5.4 DHCP Table 38
- 5.5 Packet Statistics 40
- 5.6 VPN Monitor 41
- Chapter 5 Monitor and Summary 42
- CHAPTER 6 43
- CHAPTER 7 44
- 7.3 Navigation Panel 45
- Status Screen 45
- 7.4 Network Map 46
- 7.5 Control Panel 47
- 7.5.1 Game Engine 48
- 7.5.2 Power Saving 48
- 7.5.3 Content Filter 49
- 7.5.4 Bandwidth MGMT 50
- 7.5.5 Firewall 51
- 7.5.6 Wireless Security 51
- 7.5.7 WPS 52
- Chapter 7 Easy Mode 54
- ITEM DESCRIPTION 54
- CHAPTER 8 55
- to open the status screen 56
- 8.2.1 Navigation Panel 58
- Chapter 8 Router Mode 59
- LINK TAB FUNCTION 59
- Chapter 8 Router Mode 60
- CHAPTER 9 61
- Wireless Client 62
- Access Point 62
- 9.2.2 PIN Configuration 63
- Wireless LAN Mode 2.4G 64
- SSID SSID_Example3 64
- Channel 6 64
- Security WPA-PSK 64
- Chapter 9 Tutorials 66
- Technical Reference 69
- CHAPTER 10 71
- Encapsulation Method 72
- WAN IP Address 72
- DNS Server Address Assignment 72
- WAN MAC Address 72
- 10.4 The Broadband Screen 73
- 10.4.2 PPPoE Encapsulation 75
- Chapter 10 WAN 76
- 10.5 The Advanced Screen 77
- CHAPTER 11 79
- 11.1.2 What You Should Know 80
- 11.3 Wireless Security Modes 84
- 11.3.2 WEP Encryption 85
- 11.3.3 WPA-PSK/WPA2-PSK 86
- 11.3.4 WPA/WPA2 87
- 11.4 The MAC Filter Screen 88
- 11.6 The QoS Screen 90
- 11.7 The WPS Screen 91
- 11.8 The WPS Station Screen 92
- 11.9 The Scheduling Screen 93
- Chapter 11 Wireless LAN 94
- CHAPTER 12 95
- 12.3 What You Need To Know 96
- 12.4 The LAN IP Screen 97
- 12.5 The IP Alias Screen 97
- Chapter 12 LAN 98
- CHAPTER 13 99
- 13.4 The Client List Screen 101
- CHAPTER 14 103
- 14.1.2 What You Need To Know 104
- 14.2 The NAT General Screen 105
- 14.4 The NAT Advance Screen 109
- 14.5 Technical Reference 110
- Chapter 14 NAT 112
- CHAPTER 15 113
- CHAPTER 16 115
- Chapter 16 Static Route 117
- LABEL DESCRIPTION 117
- Chapter 16 Static Route 118
- CHAPTER 17 119
- What is a Firewall? 120
- Stateful Inspection Firewall 120
- About the NBG5715 Firewall 120
- Chapter 17 Firewall 123
- CHAPTER 18 124
- 18.3 What You Need To Know 125
- 18.4 The General Screen 126
- 18.5 Edit VPN Rule 128
- 18.5.1 IKEKey Setup 129
- Chapter 18 IPSec VPN 133
- 18.5.2 Manual Key Setup 134
- 18.6 The SA Monitor Screen 139
- 18.7 Technical Reference 139
- 18.7.1 IPSec Architecture 140
- 18.7.2 Encapsulation 141
- 18.7.3 IKE Phases 142
- 18.7.5 IPSec and NAT 143
- 18.7.7 ID Type and Content 144
- 18.7.8 Pre-Shared Key 145
- CHAPTER 19 147
- 19.4 General Screen 148
- 19.5 Advance Screen 148
- CHAPTER 20 152
- 20.4 WWW Screen 153
- 20.5 Telnet Screen 154
- CHAPTER 21 155
- 21.3 UPnP Screen 156
- 21.4 Technical Reference 156
- CHAPTER 22 163
- 22.4 Password Screen 164
- 22.5 Time Setting Screen 165
- 22.6 Firmware Upgrade Screen 166
- 22.7 Backup/Restore Screen 167
- 22.8 The Language Screen 169
- Chapter 22 Maintenance 170
- CHAPTER 23 171
- I forgot the password 172
- 23.4 Internet Access 174
- 23.7 USB Device Problems 176
- Chapter 23 Troubleshooting 178
- APPENDIX A 179
- APPENDIX B 183
- JavaScript 186
- Java Permissions 188
- JAVA (Sun) 189
- Mozilla Firefox 190
- Allowing Pop-Ups 192
- Enabling Java 192
- APPENDIX C 195
- Subnet Masks 196
- Network Size 197
- Notation 197
- Subnetting 198
- Example: Four Subnets 199
- Example: Eight Subnets 200
- Subnet Planning 201
- Configuring IP Addresses 202
- Private IP Addresses 202
- IP Address Conflicts 203
- APPENDIX D 205
- Windows XP/NT/2000 206
- Verifying Settings 208
- Windows Vista 209
- Windows 7 213
- Mac OS X: 10.3 and 10.4 217
- Mac OS X: 10.5 and 10.6 220
- Linux: Ubuntu 8 (GNOME) 223
- Linux: openSUSE 10.3 (KDE) 227
- APPENDIX E 233
- Fragmentation Threshold 236
- Preamble Type 237
- IEEE 802.11g Wireless LAN 237
- Wireless Security Overview 237
- IEEE 802.1x 238
- Types of RADIUS Messages 239
- Types of EAP Authentication 239
- Encryption 241
- WPA and WPA2 241
- User Authentication 242
- Security Parameters Summary 244
- Antenna Overview 244
- Appendix E Wireless LANs 246
- APPENDIX F 247
- Appendix F Common Services 248
- Appendix F Common Services 249
- APPENDIX G 251
- APPENDIX H 281
- Viewing Certifications 282
- ZyXEL Limited Warranty 282
- Registration 282
- End-User License Agreement 283
- Appendix H Legal Information 286
- NBG5715 User’s Guide292 292
Produits connexes et manuels pour Routeurs ZyXEL Communications NWD-210N - FOR MAC V1.00
(341 pages)© 2020, manymanuals.fr. Tous droits réservés | 1.007 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels