Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual ZYXEL ZYWALL SSL 10 S. We hope that this ZYXEL ZYWALL SSL 10 S user guide will be useful to you.
Lastmanuals help download the user guide ZYXEL ZYWALL SSL 10 S.
Detailed instructions for use are in the User's Guide.
[. . . ] ZyWALL SSL 10 Support Notes
ZyWALL SSL 10
Integrated SSL-VPN Appliance
Support Notes
Revision 2. 01 April. 2007
1 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL SSL 10 Support Notes
INDEX
1. Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. 1 DMZ Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] If ZyWALL uses PPPoE or Ethernet/DHCP for its Internet connection, WAN IP address is dynamically assigned by ISP. Since ZyWALL has no idea about its WAN IP address before it is assigned, it is difficult/impossible to use WAN IP Address for My Address in Gateway Policy. To overcome this problem, Dynamic DNS can be used to resolving the VPN gateway. When new IP address is assigned to ZyWALL's WAN interface, ZyWALL will updates the related record in DDNS server. Therefore the peer VPN gateway can resolve ZyWALL's IP address to make a VPN tunnel.
In following example, local VPN gateway (ZyWALL) uses a dynamic WAN IP address
59 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL SSL 10 Support Notes
(PPPoE with dynamic IP assignment).
4) Configure the DDNS entry under DNS-> DDNS and bind it to a WAN interface (WAN1 or WAN2). 5) Under Gateway Policy menu, select the DDNS entry from drop-down list and use it as My Domain Name. 6) Configure the DDNS entry in Remote Gateway Address on peer VPN gateway. 7) Both DNS and E-mail can be used as the Local ID & Peer ID for authentication. Note: If Hi-Available (HA) for incoming VPN HA is necessary, enable the HA option while configure the DDNS entry under DNS-> DDNS ZyWALL will update its DDNS entry with another WAN interface when the specified WAN interface is not available. Therefore, the next coming VPN connection will go through second WAN interface. Configure ZyWALL behind NAT Router This section describes an example configuration ZyWALL behind NAT Router (Internet
60 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL SSL 10 Support Notes
Gateway). NAT routers sit on the border between private and public (Internet) networks, converting private addresses in each IP packet into legally registered public ones. NAT is commonly supported by Internet access routers that sit at the network edge. However, IPSec is NAT-sensitive protocol which means modification on IPSec traffic may cause failure of VPN connection.
By far the easiest way to combine IPSec and NAT is to completely avoid these problems by locating IPSec endpoints in public address space. This can be accomplished in two ways: 1) Perform NAT on a device located behind IPSec gateway 2) Use an IPSec gateway for both IPSec (VPN) and NAT (Internet Access). However, in some situation, it is inevitable to locate IPSec gateway in public IP address and it must be placed behind the NAT router. For example, the NAT router has a different interface (e. g. leased line, ISDN) which are not supported by IPSec gateway. This example gives some guideline for configuring ZyWALL behind NAT router.
61 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL SSL 10 Support Notes
1) UDP 500 (IKE) must be forwarded to ZyWALL to accept incoming VPN connection from peer VPN gateway or client. 2) If Firewall is running on the same NAT router, make sure a firewall rule is configured to allow IKE/IPSec (AH/ESP) traffic to pass-through.
Configuration on Local ZyWALL Configuration on Peer VPN gateway
WAN->WAN1 or WAN2
VPN->VPN Rule (IKE) on ZyWALL
4 3
VPN->VPN Rule (IKE) on ZyWALL VPN->VPN Rule (IKE) on ZyWALL
5
6
3) On ZyWALL, enable "NAT Traversal" no matter if the front NAT router supports NAT Traversal (IPSec pass-through) or not. With this option enabled, ZyWALL can detect if it is placed behind NAT when peer VPN entity also support NAT Traversal function. If yes, the IPSec traffic will be encapsulated in UDP packet to avoid traversal problem on NAT routers. [. . . ] It will activate the SSL-VPN applications for 10 users or 25 users.
D. Matrix table for the SSL VPN terms Modes for SSL VPN Reverse Proxy Mode Port Forwarding Mode Full Tunnel Mode / Network Extension Mode Corresponding setting in ZyWALL SSL10 Choose Web-Application type or File-Sharing type in GUI menu SSL application Choose Application type in GUI menu SSL application Configure in GUI menu VPN network and Private IP Pool. Or configure SSL VPN via Wizard.
D02. Why cannot some web pages displayed correctly? [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE ZYXEL ZYWALL SSL 10 S
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.
Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual ZYXEL ZYWALL SSL 10 S will begin.