Zyxel-communications Internet Security Gateway ZyWALL 100 Manuel d'utilisateur Page 283
- Page / 356
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
ZyWALL 100 Internet Security Gateway
27-6 Introduction to IPSec
A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one
of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by
computing its own hash value, and complain that the hash value appended to the received packet doesn't
match. The VPN device at the receiving end doesn't know about the NAT in the middle, so it assumes that
the data has been maliciously altered.
IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP
packet. The new IP packet's source address is the outbound address of the sending VPN gateway, and its
destination address is the inbound address of the VPN device at the receiving end. When using ESP protocol
with authentication, the packet contents (in this case, the entire original packet) are encrypted. The encrypted
contents, but not the new headers, are signed with a hash value appended to the packet.
Tunnel mode ESP with authentication is compatible with NAT because integrity checks are performed over
the combination of the "original header plus original payload," which is unchanged by a NAT device.
Transport mode ESP with authentication is not compatible with NAT.
Table 27-1 VPN and NAT
SECURITY PROTOCOL MODE NAT
AH
Transport N
AH
Tunnel N
ESP
Transport N
ESP
Tunnel Y
- ZyWALL 100 1
- Copyright 2
- Interference Statement 3
- ZyXEL Limited Warranty 5
- Customer Support 6
- Table of Contents 7
- List of Figures 14
- List of Diagrams 21
- List of Tables 22
- Preface 26
- Part I: 28
- Chapter 1 30
- Getting to Know Your ZyWALL 30
- 1.4.2 VPN Application 36
- Chapter 2 38
- Hardware Installation 38
- 2-2 Hardware Installation 39
- UPLINK button “off” (out) 41
- Chapter 3 42
- Initial Setup 42
- Enter Password : XXXX 43
- 3.2.1 Main Menu 44
- 3-4 Initial Setup 45
- Initial Setup 3-5 46
- 3-6 Initial Setup 47
- 3.4 Resetting the ZyWALL 49
- Chapter 4 50
- SMT Menu 1 - General Setup 50
- 4.3 General Setup 51
- Chapter 5 54
- WAN Setup 54
- 5.4 Advanced WAN Setup 56
- 5.4.3 Response Strings 57
- WAN Setup 5-5 58
- Chapter 6 60
- LAN Setup 60
- 6.3 TCP/IP and LAN DHCP 61
- Private IP Addresses 62
- 6.3.4 RIP Setup 63
- 6.3.5 IP Multicast 63
- 6.3.6 IP Alias 64
- 6.4.1 IP Alias Setup 67
- 6.5 Wireless LAN Setup 69
- LAN Setup 6-13 72
- Chapter 7 74
- DMZ Setup 74
- 7.3 TCP/IP Setup 75
- 7.3.2 IP Alias Setup 76
- Chapter 8 78
- Internet Access 78
- 8.1.2 PPTP Encapsulation 79
- 8.1.4 PPPoE Encapsulation 80
- 8.2 Basic Setup Complete 82
- Part II: 83
- Chapter 9 84
- Remote Node Setup 84
- 9.2 Remote Node Profile 85
- Remote Node Setup 9-3 86
- 9.2.2 PPPoE Encapsulation 87
- 9.2.3 PPTP Encapsulation 89
- Remote Node Setup 9-9 92
- 9.4 Remote Node Filter 95
- 9.5 Traffic Redirect 96
- 9-16 Remote Node Setup 99
- Chapter 10 100
- Backup Remote Node Setup 100
- 10.2 Editing PPP Options 102
- 10.3 Editing TCP/IP Options 104
- 10.4 Editing Login Script 105
- 10.5 Remote Node Filter 107
- Chapter 11 110
- IP Static Route Setup 110
- 11.1 IP Static Route Setup 111
- IP Static Route Setup 11-3 112
- Chapter 12 114
- 12.1.2 What NAT Does 115
- 12.1.3 How NAT Works 115
- NAT 12-3 116
- Figure 12-1 How NAT Works 116
- 12.1.4 NAT Application 117
- 12.1.5 NAT Mapping Types 117
- 12.2 Using NAT 119
- 12.3 NAT Setup 121
- 12.3.1 Address Mapping Sets 122
- 12.5 General NAT Examples 130
- Part III: 141
- Chapter 13 143
- Firewalls 143
- 13.4 Denial of Service 145
- 13.4.2 Types of DoS Attacks 146
- 5 REDIRECT 148
- 13 TIMESTAMP_REQUEST 148
- 14 TIMESTAMP_REPLY 148
- 17 ADDRESS_MASK_REQUEST 148
- 18 ADDRESS_MASK_REPLY 148
- 13.5 Stateful Inspection 149
- 13.5.3 TCP Security 152
- 13.5.4 UDP/ICMP Security 152
- 13.5.5 Upper Layer Protocols 153
- 13.6.1 Security In General 154
- 13.7.1 Packet Filtering: 155
- 13.7.2 Firewall 155
- Chapter 14 157
- Chapter 15 161
- 15.3 E-mail 162
- 15.3.2 Logs 163
- Table 15-1 E-mail 164
- 15.3.3 SMTP Error Messages 165
- 15.3.4 Example E-mail Log 165
- 15.4 Attack Alert 166
- 15.4.2 Half-Open Sessions 167
- Chapter 16 171
- Creating Custom Rules 171
- 16.2 Rule Logic Overview 172
- 16.3.1 LAN to WAN Rules 173
- 16.3.2 WAN to LAN Rules 174
- 16.4 Rule Summary 175
- 16.5 Predefined Services 177
- 16.6 Custom Ports 184
- Select WAN to LAN from the 186
- Chapter 17 191
- 17-2 Logs 192
- Table 17-1 Log Screen 192
- Chapter 18 193
- Content Filtering 193
- 18.4 Customizing 194
- 18.5 Keywords 194
- 18.6 Logs 194
- Part IV: 195
- Chapter 19 196
- Filter Configuration 196
- Outgoing 197
- Filter Rule 198
- Filter Set 198
- 19.2.2 TCP/IP Filter Rule 201
- 19-8 Filter Configuration 203
- Filter Configuration 19-9 204
- 19-10 Filter Configuration 205
- 19.2.3 Generic Filter Rule 206
- 19-12 Filter Configuration 207
- 19.3 Example Filter 208
- 19.4 Filter Types and NAT 211
- 19.5 Firewall 211
- 19.6.1 LAN Filters 212
- 19.6.2 DMZ Filters 212
- 19.6.3 Remote Node Filters 213
- Chapter 20 214
- SNMP Configuration 214
- 20.2 Supported MIBs 216
- 20.3 SNMP Configuration 216
- 20.4 SNMP Traps 217
- Chapter 21 218
- 1. System Information 220
- 2. Console Port Speed 220
- 21.2.1 System Information 221
- 21.3 Log and Trace 222
- 21.3.2 UNIX Syslog 223
- 4. PPP log 226
- 5. Firewall log 226
- 3. Filter log 226
- 21.4 Diagnostic 227
- 21.4.1 WAN DHCP 228
- Chapter 22 230
- Maintenance 230
- 22.2 Backup Configuration 231
- 22.2.1 Backup Configuration 232
- 22.2.4 GUI-based FTP Clients 233
- 22.2.7 TFTP Command Example 235
- 22.3 Restore Configuration 237
- 22.4.1 Firmware File Upload 241
- 22.4.5 TFTP File Upload 243
- Choose the Xmodem protocol 246
- Then click Send 246
- Chapter 23 250
- 23.2 Call Control Support 251
- 23.2.1 Budget Management 252
- 23.2.2 Call History 253
- 23.3 Time and Date Setting 254
- 23.3.1 Resetting the Time 256
- Chapter 24 258
- Remote Management 258
- 24.3 Web 259
- 24.4 SNMP 259
- 24.5 DNS 259
- 24.6 Remote Management 259
- Remote Management 24-3 260
- 24.8 System Timeout 261
- Part V: 262
- Chapter 25 264
- IP Policy Routing 264
- IP Policy Routing 25-5 268
- 25.5 Applying an IP Policy 269
- 25-10 IP Policy Routing 273
- Chapter 26 274
- Call Scheduling 274
- Call Scheduling 26-3 276
- Chapter 27 278
- Introduction to IPSec 278
- 27.1.5 VPN Applications 279
- 27.2 IPSec Architecture 280
- 27.2.1 IPSec Algorithms 281
- 27.2.2 Key Management 281
- 27.3 Encapsulation 282
- 27.4 IPSec and NAT 282
- Chapter 28 284
- VPN/IPSec Setup 284
- 28.2 IPSec Algorithms 285
- 28.3 IPSec Summary 286
- 28.3.1 My IP Address 287
- VPN/IPSec Setup 28-7 290
- 28-8 VPN/IPSec Setup 291
- 28.4 IPSec Setup 292
- 28-10 VPN/IPSec Setup 293
- VPN/IPSec Setup 28-11 294
- 28.5 IKE Setup 295
- 28.5.2 Negotiation Mode 296
- 28.5.3 Pre-Shared Key 297
- 28-16 VPN/IPSec Setup 299
- 28.6 Manual Setup 300
- VPN/IPSec Setup 28-19 302
- Chapter 29 304
- SA Monitor 304
- 29-2 SA Monitor 305
- Chapter 30 306
- IPSec Log 306
- IPSec Log 30-3 308
- IPSec Log 30-5 310
- Part VI: 311
- Chapter 31 313
- Troubleshooting 313
- 31-2 Troubleshooting 314
- Troubleshooting 31-3 315
- Appendix A 317
- The Big Picture 317
- Appendix B 318
- Appendix C 323
- Appendix D 325
- Call Connection 326
- PPP Data Connection 326
- PPTP K 327
- Appendix E 328
- Hardware Specifications 328
- Appendix F 330
- Appendix G 331
- Command Interpreter 331
- Appendix H 332
- Firewall Commands 332
- Firewall Commands Q 333
- R Firewall Commands 334
- Firewall Commands S 335
- T Firewall Commands 336
- Firewall Commands U 337
- V Firewall Commands 338
- Appendix I 339
- NetBIOS Filter Commands 339
- Appendix J 342
- Boot Commands 342
- Appendix K 344
- Index CC 345
- DD Index 346
- Index EE 347
- FF Index 348
- Index GG 349
- HH Index 350
- Index II 351
- JJ Index 352
- Index KK 353
- LL Index 354
- Index MM 355
Produits connexes et manuels pour Matériel Zyxel-communications Internet Security Gateway ZyWALL 100
(22 pages)
(3 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.034 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels