1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-Z-70-UTM
    5. /
  5. 3
Page 11 / 15 Scroll up to view Page 6 - 10
ZyWALL 70 Internet Security Appliance
10
3.2 Using the Wizard to Configure for Internet Access
Step 1.
Click
Internet Access
in the
HOME
screen to help you configure your WAN1 on the ZyWALL
to access the Internet. The first wizard screen has three variations depending on what
encapsulation type you use. Use the information in
Internet Account Information
to fill in fields.
Choose
Ethernet
when the WAN port is used
as a regular Ethernet. Choose from
Standard
or a RoadRunner version. You’ll need
User
Name
,
Password
and
Login Server IP
Address
for some Roadrunner versions.
Point-to-Point Protocol over Ethernet (
PPPoE
)
also functions as a dial-up connection.
Therefore you’ll also need a username and
password and possibly the PPPoE service
name.
Your ISP will give you all needed information.
Choose
PPTP
if your service provider uses a
DSL terminator with PPTP login. The ZyWALL
must have a static IP address in this case.
You’ll also need a login name, associated
password, the DSL terminator IP address and
possibly a connection ID.
Click
Next
to continue.
Step 2.
Fill in the fields and click
Finish
to save and complete the wizard setup.
WAN IP Address Assignment
Select
Get automatically from ISP
if your ISP
did not assign you a fixed IP address. Select
Use fixed IP address
if the ISP assigned a
fixed IP address and then enter your IP
address and subnet mask in the next two
fields. Enter the gateway IP address in this field
(if provided) when you select
Use Fixed IP
Address
.
System DNS Servers
Select
From ISP
if your ISP dynamically
assigns DNS server information (and the
ZyWALL's WAN IP address).
Select
User-Defined
if you have the IP
address of a DNS server. Enter the DNS
server's IP address in the field to the right.
Select
None
if you do not want to configure
DNS servers. If you do not configure a DNS
server, you must know the IP address of a
machine in order to access it.
Page 12 / 15
ZyWALL 70 Internet Security Appliance
11
WAN MAC Address
Select
Factory Default
to use the factory assigned default MAC address. Alternatively, select
Spoof this Computer's MAC
address - IP Address
and enter the IP address of the computer on the LAN whose MAC address you are cloning.
3.3 Test Your Internet Connection
Launch your web browser and navigate to
www.zyxel.com
. You don’t need a dial-up program such as Dial
Up Networking. Refer to the
User’s Guide
for more detailed information on the complete range of ZyWALL
features.
3.4 Using the Wizard to Configure a VPN Policy
Step 1.
Click
VPN Wizard
in the
HOME
screen to help you edit a VPN rule that use a pre-shared key
and configure IKE settings to establish a VPN tunnel.
Enter the WAN IP address of your ZyWALL.
The ZyWALL uses its current WAN IP
address (static or dynamic) in setting up the
VPN tunnel if you leave this field as
0.0.0.0
.
Select
IP Address
and then enter IP address
to identify the remote IPSec router by its IP
address.
Otherwise, select
Domain Name
and enter
the domain name.
Click
Next
to continue.
Step 2.
Fill in the fields and click
Next
to continue.
Select
Single
for a single IP address. Select
Range IP
for a specific range of IP
addresses. Select
Subnet
to specify IP
addresses on a network by their subnet
mask.
Local Network
If the
Local Network
field is configured to
Single
, enter a (static) IP address on the
LAN behind your ZyWALL. If the
Local
Network
field is configured to
Range IP
,
enter the beginning and end (static) IP
address, in a range of computers on the LAN
behind your ZyWALL. If the
Local Network
field is configured to
Subnet
, enter a (static)
IP address and subnet mask on the LAN
behind your ZyWALL.
Page 13 / 15
ZyWALL 70 Internet Security Appliance
12
Remote Network
If the
Remote Network
field is configured to
Single
, enter a (static) IP address on the network behind the remote IPSec
router. If the
Remote Network
field is configured to
Range IP
, enter the beginning and end (static) IP address, in a range of
computers on the network behind the remote IPSec router. If the
Remote Network
field is configured to
Subnet
, enter a
(static) IP address and subnet mask on the network behind the remote IPSec router.
Step 3.
Use the third wizard screen to configure IKE tunnel settings.
Negotiation Mode
Select
Main Mode
or
Aggressive Mode
.
Multiple SAs connecting through a secure
gateway must have the same negotiation
mode.
Encryption Algorithm
Select the method of data encryption using a
private (secret) key.
The
DES
encryption algorithm uses a 56-bit
key. Triple DES (
3DES
) is a variation on
DES
that uses a 168-bit key. As a result,
3DES
is more secure than
DES
. It also
requires more processing power, resulting in
increased latency and decreased throughput.
This implementation of
AES
uses a 128-bit
key.
AES
is faster than
3DES
.
Authentication Algorithm
MD5
(Message Digest 5) and
SHA1
(Secure Hash Algorithm) are hash algorithms used to authenticate packet data. Select
MD5
for minimal security and
SHA-1
for maximum security.
Key Group
Choose a key group for phase 1 IKE setup.
DH1
(default) refers to Diffie-Hellman Group 1 a 768 bit random number.
DH2
refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
SA Life Time (Minutes)
Define the length of time before an IKE SA automatically renegotiates in this field. The minimum value is 180 seconds.
Pre-Shared Key
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters. You must
precede a hexadecimal key with a "0x” (zero x), which is not counted as part of the 16 to 62 character range for the key.
Click
Next
to continue.
Page 14 / 15
ZyWALL 70 Internet Security Appliance
13
Step 4.
Use the forth wizard screen to configure IPSec settings.
Choose
Tunnel
mode or
Transport
mode.
Choose which protocol to use (
ESP
or
AH
)
for the IKE key exchange.
Choose an encryption algorithm or select
NULL
to set up a tunnel without encryption.
Choose an authentication algorithm.
Set the IPSec SA lifetime. This field allows
you to determine how long the IPSec SA
should stay up before it times out.
Choose whether to enable Perfect Forward
Secrecy (PFS) using Diffie-Hellman public-
key cryptography. Select
None
(the default)
to disable PFS.
DH1
refers to Diffie-Hellman
Group 1 a 768 bit random number.
DH2
refers to Diffie-Hellman Group 2 a 1024 bit
(1Kb) random number (more secure, yet
slower).
Step 5.
This read-only screen shows the status of the current VPN setting. Use the summary table to
check whether what you have configured is correct.
Click
Finish
to save and complete the wizard
setup. Otherwise, click
Back
to return to the
previous screen.
Page 15 / 15
ZyWALL 70 Internet Security Appliance
14
4 Troubleshooting
PROBLEM
CORRECTIVE ACTION
None of the
LEDs turn on
when you turn
on the ZyWALL.
Make sure that you have the power cord connected to the ZyWALL and an appropriate power
source. Make sure the fuse is not burnt out (see the
User’s Guide
appendices for details). Check all
cable connections.
If the LEDs still do not turn on, you may have a hardware problem. In this case, you should contact
your local vendor.
Cannot access
the ZyWALL
from the LAN.
Check the cable connection between the ZyWALL and your computer or hub. Refer to the section on
front panel for details.
Ping the ZyWALL from a LAN computer. Make sure your computer’s Ethernet card is installed and
functioning properly.
Cannot ping any
computer on the
LAN.
If the 10/100M LAN LEDs are off, check the cable connections between the ZyWALL and your LAN
computers.
Verify that the IP address and subnet mask of the ZyWALL and the LAN computers are in the same
IP address range.
The WAN IP is provided after the ISP verifies the MAC address, host name or user ID.
Find out the verification method used by your ISP and configure the corresponding fields.
If the ISP checks the WAN MAC address, you should clone the MAC address from a LAN computer.
Click
WAN
and then the
WAN1
or
WAN2
tab, select
Spoof WAN MAC Address
and enter the IP
address of the computer on the LAN whose MAC address you are cloning.
If the ISP checks the host name, enter your computer’s name in the
System Name
field in the
MAINTENANCE General
screen (refer to the
Maintenance
part in the
User’s Guide
).
Cannot get a
WAN IP address
from the ISP.
If the ISP checks the user ID, click
WAN
and then the
WAN1
or
WAN2
tab. Check your service type,
user name, and password.
Check the ZyWALL’s connection to the cable/DSL device.
Cannot access
the Internet.
Click
WAN
to verify your settings.

Rate

4 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top