Example 2 Windows 2000/XP Client to LAN | LevelOne FBR-1404TX

LevelOne Broadband VPN Gateway User Guide

Example 2: Windows 2000/XP Client to LAN

In this example, a Windows 2000/XP client connects to the LevelOne Broadband VPN Gate- way and gains access to the local LAN.

Figure 63: Windows 2000/XP Client to LevelOne Broadband VPN Gateway

To use 3DES encryption, you need Service Pack 3 or later installed on Windows 2000.

LevelOne Broadband VPN Gateway Configuration

Setting		Value	Notes

Name		Win Client	Name does not affect operation. Select a
			meaningful name.

Remote Endpoint		172.16.9.10	Other endpoint's WAN (Internet) IP address.

Local		Subnet address:	Allows access to entire LAN. Use a more
IP addresses		192.168.0.0	restrictive definition if possible.
		255.255.255.0

Remote		172.16.9.10	For a single client, this is the same as the
IP addresses			Gateway.

Key Exchange		IKE	Must match

IKE SA Parameters

IKE Direction		Responder	Only want to accept client connections.

Local Identity		IP address	Required.

Remote Identity		IP address	Required

IKE Authentication		Pre-shared Key	Certificates are not widely used.
method

Pre-shared Key		Xxxxxxxxxx	Must match client PC

IKE Authentication		SHA-1	Must match client PC
algorithm

IKE Encryption		3DES	Must match client PC

IKE Exchange		Main Mode	Must match client PC
mode

88

Image 91

LevelOne FBR-1404TX Example 2 Windows 2000/XP Client to LAN, LevelOne Broadband VPN Gateway Configuration, Setting Value

Contents

LevelOne Table of Contents Internet Access Remote AdministrationUpgrade Firmware General Problems Internet Access Features LevelOne Broadband VPN Gateway Features Advanced Internet Functions LAN FeaturesConfiguration & Management Security Features Package Contents Front-mounted LEDs Physical Details Rear Panel Connect LAN Cables ProcedureChoose an Installation Site Requirements Connect WAN Cable Power UpCheck the LEDs To Do this Refer to Overview Using UPnP Configuration ProgramPreparation If you cant connect Using your Web Browser DSL Modems Setup WizardCommon Connection Types Cable Modems Big Pond Cable Australia Other Modems e.g. Broadband WirelessSingTel RAS Navigation & Data Input Home Screen Data LAN Screen LAN ScreenButtons What Dhcp Does Using the LevelOne Broadband VPN Gateway s Dhcp ServerUsing another Dhcp Server To Configure your PCs to use Dhcp Password Screen Windows Clients TCP/IP Settings Overview Using Dhcp Checking TCP/IP Settings Windows 9x/MEUsing Specify an IP Address Gateway Tab Win 95/98 Windows NT4.0 TCP/IP Checking TCP/IP Settings Windows NT4.0 Specify an IP Address Obtain an IP address from a Dhcp Server Windows NT4.0 Add Gateway Windows NT4.0 DNS Network Configuration Win Checking TCP/IP Settings Windows TCP/IP Properties Win Using a fixed IP Address Use the following IP Address Network Configuration Windows XP Checking TCP/IP Settings Windows XP TCP/IP Properties Windows XP For Windows XP Internet AccessAccessing AOL For Windows 9x/ME/2000 Fixed IP Address Macintosh ClientsLinux Clients Other Unix Systems Status Screen Operation Internet Data Status ScreenSystem Connection Log Connection Status PPPoEData PPPoE Screen Connection Message Description Connection Log Messages Data Pptp Screen Connection Status PptpPptp Status Data Telstra Big Pond Screen Connection Status Telstra Big PondConnection Status Data SingTel RAS Screen Connection Details SingTel RASRAS Plan Release/Renew Default GatewayDNS IP Address Dhcp Client Data Fixed/Dynamic IP address Screen Connection Details Fixed/Dynamic IP Address Update the data shown on screen Internet Features IP Address WAN Port Configuration ScreenData WAN Port Screen Identification Login Communication Applications Advanced Internet ScreenCommunication Applications MAC Address Send incoming calls to Special ApplicationsSpecial Applications Screen Data Special Applications Screen Outgoing Using a Special ApplicationIncoming Ports Filter Strings URL FilterURL Filter Screen Data URL Filter Screen Data Dynamic DNS Screen Ddns ServiceDynamic DNS Domain Name Server Dynamic DNS Screen Ddns Status Password Domain NameDdns Data User Name IP Address seen by Internet Users Virtual Servers Data Virtual Servers Screen Connecting to the Virtual ServersVirtual Servers Screen Defining your own Virtual Servers MTU size Backup DNSInternet Options Data Options Screen Security Configuration Data Access Control Screen Access ControlAccess Control Screen To use this feature Internet Access Source IP address Access Control LogGroup Members Screen Date/Time Data Firewall Rules Screen This feature is for advanced administrators onlyFirewall Rules Firewall Rules Screen Delete DataEdit Move Source IP Firewall RuleData Firewall Rule Screen Type Action Dest IPLog Logs Enable LogsData Logs Screen Syslog Server Mail Logs Data Security Options Screen Security OptionsSPI Firewall Options Define Schedule Screen SchedulingData Define Schedule Screen Add New Service ServicesData Services Screen Available Services Cancel IPSec LevelOne Broadband VPN Gateway always uses Tunnel Mode Policies VPN Configuration VPN Pass-through Common VPN SituationsClient PC to VPN Gateway Connecting 2 VPN Gateways Connecting 2 LANs via VPN VPN List VPN PoliciesVPN Policies Screen Data VPN Policies Screen Adding a New Policy Enable/DisableCopy Keys General SettingsEnable Policy Endpoint Local IP addresses VPN Wizard Traffic Selector Manual Key Exchange Remote IP addresses ESP Encryption ESP AuthenticationTion is enabled Manually assigned Keys IKE Phase 1 IKE SA IKE Phase IKE Phase 2 IPsec SA Want to enable both ESP Encryption and ESP Authentication Trusted Certificates CertificatesSelf Certificates Adding a Self Certificate Adding a Trusted Certificate Signature Algorithm Hash AlgorithmSignature Key Length Add Self Certificate To add a New CRL CRLs Data VPN Status Screen VPN StatusCurrent VPN SAs Examples Example 1 Connecting 2 LevelOne Broadband VPN GatewaysConfiguration Settings Setting LAN a Gate LAN B Gate Way IPSec SA Parameters DES Setting Value LevelOne Broadband VPN Gateway ConfigurationExample 2 Windows 2000/XP Client to LAN Windows 2000/XP Local Security Settings Windows Client Configuration Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action Modify Security Method VPN Setting Windows Setting Tunnel Setting Windows 2000/XP Client to LevelOne Broadband VPN Gateway Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab IKE Security Algorithms Key Exchange Security Methods Example 3 Windows 2000 Server to VPN Gateway Setting Single Client Server/Gateway Windows 2000 Server Addressing Windows 2000 Server Configuration Firmware AdministrationUpgrade Remote PC Database Screen PC Database Advanced Data PC Database ScreenKnown PCs Generate Report Data PC Database Admin Screen PC Database AdminPC Properties Clear Form Update SelectedAdd as New Entry To connect from a remote PC via the Internet Remote AdministrationData Remote Administration Screen Remote Administration Routing Screen Using this ScreenRouting Overview Static Routing Data Routing Screen Local Router Configuring Other Routers on your LANOther Routers on the Local LAN For the LevelOne Broadband VPN Gateway s Routing Table For Router As Default RouteFor Router Bs Default Route Static Routing Example To perform the Firmware Upgrade Upgrade Firmware Data Upnp Screen UPnPUPnP Internet Access General Problems Appendix a Troubleshooting FCC Statement LevelOne Broadband VPN Gateway FCC Radiation Exposure Statement CE Marking Warning