Zyxel NBG5615 Router Manual PDF (Setup & Configuration Guide)

Page 141 / 252 Scroll up to view Page 136 - 140

Chapter 18 IPSec VPN

NBG5715 User’s Guide

141

The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP

address, domain name, or e-mail address.

18.7.7.1

ID Type and Content Examples

Two IPSec routers must have matching ID type and content configuration in order to set up a VPN

tunnel.

The two NBG5715s in this example can complete negotiation and establish a VPN tunnel.

The two NBG5715s in this example cannot complete their negotiation because NBG5715 B’s

Local

ID type

is

IP

, but NBG5715 A’s

Remote ID type

is set to

E-mail

. An “ID mismatched” message

displays in the IPSEC LOG.

18.7.8

Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see

Section

18.7.3 on page 137

for more on IKE phases). It is called “pre-shared” because you have to share it

with another party before you can communicate with them over a secure connection.

18.7.9

Diffie-Hellman (DH) Key Groups

Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a

shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA

setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman

groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a

shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys.

Table 60

Local ID Type and Content Fields

LOCAL ID TYPE=

CONTENT=

IP

Type the IP address of your computer.

DNS

Type a domain name (up to 31 characters) by which to identify this NBG5715.

E-mail

Type an e-mail address (up to 31 characters) by which to identify this NBG5715.

The domain name or e-mail address that you use in the

Local ID

Content

field

is used for identification purposes only and does not need to be a real domain

name or e-mail address.

Table 61

Matching ID Type and Content Configuration Example

NBG5715 A

NBG5715 B

Local ID type: E-mail

Local ID type: IP

Local ID content: [email protected]

Local ID content: 1.1.1.2

Remote ID type: IP

Remote ID type: E-mail

Remote ID content: 1.1.1.2

Remote ID content: [email protected]

Table 62

Mismatching ID Type and Content Configuration Example

NBG5715 A

NBG5715 B

Local ID type: IP

Local ID content: 1.1.1.10

Local ID content: 1.1.1.2

Remote ID type: E-mail

Remote ID type: IP

Remote ID content: [email protected]

Remote ID content: 1.1.1.0

Page 142 / 252

Chapter 18 IPSec VPN

NBG5715 User’s Guide

142

Page 143 / 252

NBG5715 User’s Guide

143

C

HAPTER

19

Bandwidth Management

19.1

Overview

This chapter contains information about configuring bandwidth management and editing rules.

ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an

application.

In the figure below, uplink traffic goes from the LAN device (

A

) to the WAN device (

B

). Bandwidth

management is applied before sending the packets out to the WAN. Downlink traffic comes back

from the WAN device (

B

) to the LAN device (

A

). Bandwidth management is applied before sending

the traffic out to LAN.

Figure 87

Bandwidth Management Example

You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to individual

applications (like VoIP, Web, FTP, and E-mail for example).

19.2

What You Can Do this Chapter

•

Use the

General

screen to enable bandwidth management (

Section 19.4 on page 144

).

•

Use the

Advanced

screen to configure bandwidth managements rule for the pre-defined services

and applications (

Section 19.5 on page 144

).

19.3

What You Need To Know

The sum of the bandwidth allotments that apply to the WAN interface (LAN to WAN, WLAN to WAN)

must be less than or equal to the

Upstream Bandwidth

that you configure in the

Bandwidth

Management

Advanced

screen (

Section 19.5 on page 144

).

A

B

-> VOIP

-> FTP

-> HTTP

-> Chat, Email

Page 144 / 252

Chapter 19 Bandwidth Management

NBG5715 User’s Guide

144

The sum of the bandwidth allotments that apply to the LAN interface (WAN to LAN, WAN to WLAN)

must be less than or equal to the

Downstream Bandwidth

that you configure in the

Bandwidth

Management

Advanced

screen

Section 19.5 on page 144

.

19.4

General Screen

Use this screen to have the NBG5715 apply bandwidth management.

Click

Management

> Bandwidth MGMT

to open the bandwidth management

General

screen.

Figure 88

Management > Bandwidth MGMT > General

The following table describes the labels in this screen.

19.5

Advance Screen

Use this screen to configure bandwidth management rules for the pre-defined services or

applications.

You can also use this screen to configure bandwidth management rule for other services or

applications that are not on the pre-defined list of NBG5715. Additionally, you can define the source

and destination IP addresses and port for a service or application.

Note: The two tables shown in this screen can be configured and applied at the same

time.

Click

Management

>

Bandwidth MGMT

>

Advance

to open the bandwidth management

Advanced

screen.

Table 63

Management > Bandwidth MGMT > General

LABEL

DESCRIPTION

Enable Bandwidth

Management

This field allows you to have NBG5715 apply bandwidth management.

Enable bandwidth management to give traffic that matches a bandwidth rule

priority over traffic that does not match a bandwidth rule.

Enabling bandwidth management also allows you to control the maximum or

minimum amounts of bandwidth that can be used by traffic that matches a

bandwidth rule.

Apply

Click

Apply

to save your customized settings.

Reset

Click

Reset

to begin configuring this screen afresh.

Page 145 / 252

Chapter 19 Bandwidth Management

NBG5715 User’s Guide

145

Figure 89

Management > Bandwidth MGMT > Advance

The following table describes the labels in this screen.

Table 64

Management > Bandwidth MGMT > Advance

LABEL

DESCRIPTION

Management Bandwidth

Upstream

Bandwidth

Select the total amount of bandwidth (from 64 Kilobits to 32 Megabits) that you

want to dedicate to uplink traffic.

This is traffic from LAN/WLAN to WAN.

Downstream

Bandwidth

Select the total amount of bandwidth (from 64 Kilobits to 32 Megabits) that you

want to dedicate to uplink traffic.

This is traffic from WAN to LAN/WLAN.

Application List

Use this table to allocate specific amounts of bandwidth based on a pre-defined

service.

#

This is the number of an individual bandwidth management rule.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share