TRENDnet TW100-BRV204, VPN Firewall Router manual Policies, VPN Configuration

Page 72

VPN

Phase I is the negotiation and establishment of the IKE connection.

Phase II is the negotiation and establishment of the IPsec connection.

Because the IKE and IPsec connections are separate, they have different SAs (security associa- tions).

Policies

VPN configuration settings are stored in Policies.

Each policy defines:

The address of the remote VPN endpoint

The traffic which is allowed to use the VPN connection.

The parameters (settings) for the IPsec SA (Security Association)

If IKE is used, the parameters (settings) for the IKE SA (Security Association)

Generally, you will need at least one (1) VPN Policy for each remote site for which you wish to establish VPN connections.

It is possible, and sometimes necessary, to have multiple Policies for the same remote site. In this case, the order (sequence) of the policies is important. The policies are examined in turn, and the first matching policy will be used.

VPN Configuration

The general rule is that each endpoint must have matching Policies, as follows:

Remote VPN address

Each VPN endpoint must be configured to initiate or accept con-

 

nections to the remote VPN client or Gateway.

 

Usually, this requires having a fixed Internet IP address. However,

 

it is possible for a VPN Gateway to accept incoming connections

 

from a remote client where the client's IP address is not known in

 

advance.

Traffic Selector

This determines which outgoing traffic will cause a VPN connec-

 

tion to be established, and which incoming traffic will be accepted.

 

Each endpoint must be configured to pass and accept the desired

 

traffic from the remote endpoint.

 

If connecting 2 LANs, this requires that:

 

• Each endpoint must be aware of the IP addresses used on the

 

other endpoint.

 

• The 2 LANs MUST use different IP address ranges.

IKE parameters

If using IKE (recommended), the IKE parameters must match

 

(except for the SA lifetime, which can be different).

IPsec parameters

The IPsec parameters at each endpoint must match.

69

Page 71 Page 73
Image 72
Page 71 Page 73
Contents Cable/DSL Internet Access Port Switching Hub Users GuideTable of Contents Examples Using Certificates Config FileRemote Administration Upgrade FirmwareTW100-BRV204 Features Internet Access FeaturesLAN Features Configuration & ManagementSecurity Features Advanced Internet FunctionsPackage Contents Physical Details Front-mounted LEDsRear Panel Procedure Choose an Installation SiteRequirements Connect LAN CablesPower Up Connect WAN CableCheck the LEDs Overview To Do this Refer toConfiguration Program Using UPnPPreparation Using your Web Browser If you cant connectSetup Wizard Common Connection TypesCable Modems DSL ModemsOther Modems e.g. Broadband Wireless Big Pond Cable AustraliaSingTel RAS Home Screen Navigation & Data InputWAN Port Configuration Screen Data WAN Port ScreenIdentification IP AddressLogin MAC Address MAC AddressLAN Screen Data LAN ScreenButtons Using the TW100-BRV204 s Dhcp Server Using another Dhcp ServerTo Configure your PCs to use Dhcp What Dhcp DoesTCP/IP Settings Overview Windows ClientsChecking TCP/IP Settings Windows 9x/ME Using DhcpUsing Specify an IP Address Gateway Tab Win 95/98 Checking TCP/IP Settings Windows NT4.0 Windows NT4.0 TCP/IPObtain an IP address from a Dhcp Server Specify an IP AddressWindows NT4.0 Add Gateway Windows NT4.0 DNS Checking TCP/IP Settings Windows Network Configuration WinUsing a fixed IP Address Use the following IP Address TCP/IP Properties WinChecking TCP/IP Settings Windows XP Network Configuration Windows XPTCP/IP Properties Windows XP Internet Access Accessing AOLFor Windows 9x/ME/2000 For Windows XPMacintosh Clients Linux ClientsOther Unix Systems Fixed IP AddressOperation Status ScreenData Status Screen InternetSystem Connection Status PPPoE Data PPPoE ScreenConnection Connection LogConnection Log Messages Clear LogRefresh Message DescriptionConnection Status Pptp Data Pptp ScreenPptp Status Connection Status Telstra Big Pond Data Telstra Big Pond ScreenConnection Status Connection Details SingTel RAS Data SingTel RAS ScreenDefault Gateway Dhcp ClientRelease/Renew Button will displayConnection Details Fixed/Dynamic IP Address Data Fixed/Dynamic IP address ScreenRenew Advanced Internet Screen Internet ScreenCommunication Applications Special ApplicationsSpecial Applications Screen Communication ApplicationsUsing a Special Application Data Special Applications ScreenDMZ URL FilterURL Filter Screen Data URL Filter ScreenFilter Strings Ddns Service Dynamic DNS Domain Name ServerDynamic DNS Screen Data Dynamic DNS ScreenPassword Domain Name Ddns DataUser Name Ddns StatusVirtual Servers IP Address seen by Internet UsersConnecting to the Virtual Servers Virtual Servers ScreenDefining your own Virtual Servers Data Virtual Servers ScreenBackup DNS OptionsData Options Screen MTU sizeAdmin Login Admin Login ScreenSecurity Configuration Access Control Access Control ScreenTo use this feature Data Access Control ScreenInternet Access Access Control Log Group Members ScreenDate/Time Source IP addressThis feature is for advanced administrators only Firewall RulesFirewall Rules Screen Data Firewall Rules ScreenData EditMove DeleteDefine Firewall Rule Data Define Firewall Rule ScreenType Source IPDest IP ActionLog Enable Logs LogsData Logs Screen DoS AttacksTimezone Mail LogsSyslog Server Security Options Data Security Options ScreenSPI Firewall Options Scheduling Define Schedule ScreenData Define Schedule Screen Services Data Services ScreenAvailable Services Add New ServiceDelete the selected service from the list TW100-BRV204 does not support Transport Mode TW100-BRV204 always uses Tunnel ModeIPSec VPN Configuration PoliciesCommon VPN Situations VPN Pass-throughClient PC to VPN Gateway Connecting 2 LANs via VPN Connecting 2 VPN GatewaysVPN Configuration VPN Policies ScreenData VPN Policies Screen VPN ListEnable/Disable Adding a New PolicyCopy General Settings Enable PolicyEndpoint KeysVPN Wizard Traffic Selector Local IP addressesRemote IP addresses Manual Key ExchangeESP Authentication Tion is enabledManually assigned Keys ESP EncryptionIKE Phase IKE Phase 1 IKE SAIKE Phase 2 IPsec SA TW100-BRV204 User Guide Example 1 Connecting 2 TW100-BRV204s Configuration SettingsSetting LAN a Gate LAN B Gate Way ExamplesDES IPSec SA ParametersTW100-BRV204 Configuration Setting ValueExample 2 Windows 2000/XP Client to LAN Windows Client Configuration Windows 2000/XP Local Security SettingsWindows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action VPN Setting Windows Setting Modify Security MethodTunnel Setting Windows 2000/XP Client to Broadband VPN Gateway Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab Key Exchange Security Methods IKE Security AlgorithmsSetting Single Client Server/Gateway Example 3 Windows 2000 Server to VPN GatewayWindows 2000 Server Configuration Windows 2000 Server AddressingUsing Certificates Trusted CertificatesSelf Certificates Adding a Trusted Certificate Adding a Self CertificateHash Algorithm Signature AlgorithmSignature Key Length CRLs To add a New CRLUpload CRL Administration Routing UpgradeRemote FirmwareConfig File Data Config File ScreenBackup Config Restore ConfigPC Database PC Database ScreenAdministration Data PC Database ScreenKnown PCs Generate ReportPC Database Admin Data PC Database Admin ScreenPC Properties Update Selected Add as NewEntry Clear FormRemote Administration Data Remote Administration ScreenRemote Administration To connect from a remote PC via the InternetUsing this Screen RoutingOverview Routing ScreenData Routing Screen Static RoutingConfiguring Other Routers on your LAN Local RouterOther Routers on the Local LAN For Router As Default Route For Router Bs Default RouteStatic Routing Example For the TW100-BRV204 s Routing TableUpgrade Firmware To perform the Firmware UpgradeData Upnp Screen UPnPGeneral Problems Internet AccessProblem 1 Cant connect to the TW100-BRV204 to configure it TW100-BRV204 User Guide TW100-BRV204 FCC StatementCE Marking Warning FCC Radiation Exposure Statement
Related manuals
Manual 2 pages 3.46 Kb

VPN Firewall Router, TW100-BRV204 specifications

The TRENDnet TW100-BRV204 is a versatile broadband router that caters to small office and home office environments. This device is designed to streamline connectivity and enhance network performance, making it an excellent choice for users looking to optimize their internet experience.

One of the primary features of the TW100-BRV204 is its integrated four-port 10/100 Mbps Ethernet switch, allowing users to connect multiple devices directly via Ethernet cables. This ensures fast and reliable wired connections for computers, printers, and other networked devices, reducing latency and improving overall performance.

Additionally, the router boasts a built-in firewall that provides crucial security features. The NAT (Network Address Translation) and SPI (Stateful Packet Inspection) firewalls help protect the network from external threats while allowing seamless communication between devices on the local network. This level of security is essential for small business owners who need to safeguard sensitive data.

The TW100-BRV204 also supports advanced QoS (Quality of Service) technology, which prioritizes bandwidth allocation. This ensures that critical applications, such as VoIP (Voice over Internet Protocol) and video conferencing, receive the necessary bandwidth for optimal performance. By minimizing lag and interruptions, users can maintain a smooth online experience.

Another notable characteristic of the TRENDnet TW100-BRV204 is its support for PPPoE (Point-to-Point Protocol over Ethernet) and static IP connections. This versatility makes it compatible with various types of internet service providers, ensuring that users can easily configure their network settings without hassle.

For wireless connectivity, the TW100-BRV204 is equipped with robust wireless capabilities, adhering to the 802.11g standard, allowing for wireless communication with compatible devices. Though not as speedy as the newer 802.11n or 802.11ac standards, it still offers good performance for basic browsing and streaming tasks within its range.

In summary, the TRENDnet TW100-BRV204 is an excellent choice for those seeking a reliable and secure broadband router for small office applications. With its built-in Ethernet switch, strong firewall, QoS support, and compatibility with various ISP configurations, it stands out as a dependable solution for enhancing connectivity and productivity in a compact design. Whether for business or personal use, this router offers the essential features needed to facilitate a robust network environment.
Top Page Image Contents