Manuals / TRENDnet / Computer Equipment / Network Router

TRENDnet BRV204 manual Options, Respond to ICMP ping Allow VPN pass- through

Models: BRV204

1 146

Download 146 pages 58.45 Kb

Page 70

Options

TW100-BRV204 User Guide

Options

Respond to ICMP (ping)

Allow VPN pass- through

Drop fragmented IP packets

Block TCP Flood

Block UDP Flood

Block non- standard packets

The ICMP protocol is used by the "ping" and "trace route" programs, and by network monitoring and diagnostic programs.

•If checked, the TW100-BRV204 will respond to ICMP packets received from the Internet.

•If not checked, ICMP packets from the Internet will be ignored. Disabling this option provides a slight increase in security.

If enabled, PCs on the LAN can use VPN software to connect to remote clients via the Internet connection. The protocols supported are:

•IPSec

IPSec protocol is used to establish a secure connection, and is widely used by VPN (Virtual Private Networking) programs.

•PPTP

PPTP (Point to Point Tunneling Protocol) is widely used by VPN (Virtual Private Networking) programs.

•L2TP

L2TP is a protocol developed by Cisco for VPNs (Virtual Pri- vate Networks).

If enabled, fragmented IP packets are discarded, forcing re- transmission of these packets. In some situations, this could prevent successful communication.

Normally, this setting should be disabled.

A TCP flood is excessively large number of TCP connection re- quests. This is usually a DoS (Denial of Service) attack.

This setting should normally be enabled.

A UDP flood is excessively large number of UDP packets. This is usually a DoS (Denial of Service) attack.

This setting should normally be enabled.

Abnormal packets are often used by hackers and in DoS attacks, but may also be generated by incorrectly configured network devices. (PCs will normally not generate non-standard packets.)

This setting should normally be enabled.

66

Image 70

TRENDnet BRV204 manual Options, Respond to ICMP ping Allow VPN pass- through, Block non- standard packets

Contents

Page Page Package Contents Table of ContentsTW100-BRV204 Features CHAPTER 2 INSTALLATIONWindows Client Setup VPN ConfigurationServer Setup CHAPTER 10 OTHER FEATURES & SETTINGSIntroduction TW100-BRV204 FeaturesInternet Access Features ChapterConfiguration & Management LAN FeaturesAdvanced Internet Functions IPSec VPN Gateway Features Package ContentsSecurity Features Microsoft VPN Gateway SupportPower Physical DetailsFront-mounted LEDs Figure 2 Front PanelReset Button Using the DMZ PortRear Panel To Clear All Data and restore the factory default valuesAdvantages of the DMZ Port Requirements InstallationProcedure This Chapter covers the physical installation of the TW100-BRV2043. Connect WAN Cable 4. Power Up5. Check the LEDs This Chapter provides Setup details of the TW100-BRV204 SetupOverview ChapterConfiguration Program PreparationFigure 5 Password Dialog Using your Web BrowserIf you cant connect TW100-BRV204 User’s Guide Type Setup WizardCommon Connection Types DetailsSingTel RAS Other Modems e.g. Broadband WirelessBig Pond Cable Australia TypeNavigation & Data Input Home ScreenFigure 6 Home Screen Figure 7 LAN Screen LAN ScreenSave Cancel TCP/IPUsing another DHCP Server DHCPUsing the TW100-BRV204 s DHCP Server To Configure your PCs to use DHCPWindows Clients PC ConfigurationTCP/IP Settings - Overview ChapterUsing Specify an IP Address Checking TCP/IP Settings - Windows 9x/MEUsing DHCP Figure 8 Network ConfigurationFigure 11 DNS Tab Win 95/98 Figure 10 Gateway Tab Win 95/98TW100-BRV204 User Guide Figure 12 Windows NT4.0 - TCP/IP Checking TCP/IP Settings - Windows NT4.0PC Configuration Figure 13 Windows NT4.0 - IP AddressSpecify an IP Address Obtain an IP address from a DHCP ServerFigure 14 - Windows NT4.0 - Add Gateway PC Configuration Figure 15 Windows NT4.0 - DNS1. Select Control Panel - Network and Dial-up Connection Checking TCP/IP Settings - WindowsFigure 16 Network Configuration Win Figure 17 TCP/IP Properties WinUsing DHCP Using a fixed IP Address Use the following IP AddressFigure 18 Network Configuration Windows XP Checking TCP/IP Settings - Windows XP1. Select Control Panel - Network Connection Using a fixed IP Address Use the following IP Address Using DHCPFigure 19 TCP/IP Properties Windows XP 1. Select Start Menu - Settings - Control Panel - Internet Options Internet AccessAccessing AOL 2. Select Set up or change your Internet ConnectionOther Unix Systems Macintosh ClientsLinux Clients Ensure you are logged in as root before attempting any changesStatus Screen Operation and StatusOperation ChapterBroadband Modem InternetConnection Method Internet ConnectionConnection Connection Status - PPPoEFigure 21 PPPoE Status Screen Physical AddressDisconnect ButtonsConnect Clear LogConnection Connection Status - PPTPFigure 22 PPTP Status Screen Physical AddressRefresh Connection Status - Telstra Big PondClear Log Figure 23 Telstra Big Pond Status ScreenConnection Log Connection Details - SingTel RASDefault Gateway Connection LogButtons DNS IP Address DHCP ClientRelease/Renew Button will display EITHER Release OR Renew Refresh Figure 25 Connection Details - Fixed/Dynamic IP Address Connection Details - Fixed/Dynamic IP AddressPhysical Address IP Address Network Mask Default Gateway InternetRefresh Update the data shown on screenOperation and Status Chapter Internet FeaturesThe following advanced features are provided WAN Port Configuration OverviewIdentification WAN Port ConfigurationFigure 26 WAN Port Configuration Screen HostnameDisabling NAT will disable Internet access, unless all PCs have Enable NATDisable NAT LoginFigure 27 Internet Screen Advanced InternetCommunication Applications Communication ApplicationsFigure 28 Special Applications Screen Special ApplicationsUse this to Enable or Disable this Special Application as required CheckboxIncoming Ports Multi-DMZUsing a Special Application Outgoing PortsFigure 29 URL Filter Screen URL FilterURL Filter Screen Filter StringsThe Service works as follows Dynamic DNS Domain Name ServerDynamic DNS Screen DDNS ServiceDDNS Service User Name Password/Key Domain Name DDNS Status DDNS DataIP Address seen by Internet Users Virtual ServersFigure 31 Virtual Servers Defining your own Virtual Servers Connecting to the Virtual ServersVirtual Servers Screen EnableFigure 33 Options Screen OptionsBackup DNS IP AddressFigure 34 Admin Login Screen Security ConfigurationAdmin Login ChapterFigure 35 Password Dialog Security ConfigurationIf required, you can also define your own Services Access ControlAccess Control Screen Figure 36 Access Control ScreenCancel Internet AccessServices Members ButtonPCs not assigned to any group will be in the Default group Access Control LogGroup Members Screen PCs deleted from any other Group will be added to the Default groupThis feature is for advanced administrators only Firewall RulesFirewall Rules Screen Figure 38 Firewall Rules ScreenData Add Edit Move Delete View Log System Rules Name Define Firewall RuleFigure 39 Define Firewall Rule TypeDest IP ServicesAction Data - Logs Screen LogsEnable Logs Figure 40 Logs ScreenRouter operations start up, get time etc - This option will log Enable SyslogSystem Log Connections to the Web - based interface of this Router - ThisE-Mail Alerts E-mailFigure 41 E-Mail Screen Send E-Mail alertEnter the text string to be shown in the Subject field for the E default value isSubject mailData - Security Options Screen Security OptionsEnable DoS Firewall Threshold Figure 42 Security Options ScreenDrop fragmented IP packets Block TCP Flood Block UDP Flood OptionsRespond to ICMP ping Allow VPN pass- through Block non- standard packetsEnter the start using a 24 hr clock SchedulingDefine Schedule Screen Enter the finish time using a 24 hr clockAvailable Services ServicesFigure 44 Services Screen Available ServicesThe TW100-BRV204 does NOT support Transport Mode VPN IPSecIPSec The TW100-BRV204 always uses Tunnel ModeVPN Endpoint VPN ConfigurationPolicies addressClient PC to VPN Gateway Common VPN SituationsVPN Pass-through Figure 45 VPN Pass-throughConnecting 2 LANs via VPN Figure 47 Connecting 2 VPN GatewaysEnable VPN ConfigurationVPN Policies Screen Figure 48 VPN Policies ScreenMove Adding a New PolicyEnable/Disable CopyFigure 50 VPN Wizard - General Screen General SettingsPolicy Name Enable Policy Allow NetBIOS traffic Remote VPN Endpoint KeysLocal IP addresses Figure 51 VPN Wizard - Traffic Selector ScreenType Figure 52 VPN Wizard - Manual Key Exchange Screen Remote IP addressesType Manually assigned KeysESP Encryption ESP Authenticationtion is enabled Encryption AlgorithmFigure 53 VPN Wizard - IKE Phase 1 Screen IKE PhaseIKE Phase 1 IKE SA Algorithm AuthenticationAuthentication EncryptionAH Authentication Figure 54 VPN Wizard - IKE Phase 2 ScreenIKE Phase 2 IPsec SA ESP AuthenticationFigure 55 VPN Wizard - Final Screen For IKE, configuration is now completeClick Next to view the final screen TW100-BRV204 User GuideFigure 56 Connecting 2 TW100-BRV204 s Example 1 Connecting 2 TW100-BRV204 sVPN Examples SettingIPSec SA Parameters Figure 57 Windows 2000/XP Client to TW100-BRV204 Example 2 Windows 2000/XP Client to LANSetting ValueDeselect Activate the default response rule. Click Next Windows Client ConfigurationFigure 58 Windows 2000/XP - Local Security Settings IPSec SA ParametersFigure 59 Windows 2000/XP - Policy Properties Figure 60 IP Filter List8. Enter the Source IP address and the Destination IP address Figure 61 Filter Properties AddressingFigure 62 New Rule Properties IP Filter List 12. Select Negotiate security this selects IKE, then click Add Figure 63 New Rule Properties Filter ActionFigure 64 Require Security Properties Microsoft VPNFigure 65 Modify Security Method VPN SettingWindows Setting Figure 66 Require Security PropertiesFigure 67 Tunnel Setting Figure 68 Authentication MethodFigure 69 Windows 2000/XP Client to TW100-BRV204 Figure 70 Windows 2000/XP Client to TW100-BRV204Figure 72 Filter List Figure 71 Filter Properties Addressing22. Click OK to save your changes, then Close Microsoft VPNFigure 73 Filter Action Figure 74 Security MethodsFigure 76 Tunnel Setting Figure 75 Modify Security Method31. Select the General tab Figure 77 Authentication MethodFigure 78 DUT to Win2K Properties TW100-BRV204 User Guide32. Click the Advanced button to see the screen below Figure 80 Key Exchange SettingsFigure 79 Properties - General Tab 33. Click the Methods button to see the screen belowFigure 82 IKE Security Algorithms Configuration is now completeFigure 81 Key Exchange Security Methods Figure 83 Windows 2000/XP Client to TW100-BRV204Figure 84 TW100-BRV204 to Windows 2000 Server Example 3 Windows 2000 Server to VPN GatewaySetting Single ClientWindows 2000 Server Configuration Figure 85 Windows 2000 Server - AddressingRequesting a Trusted Certificate CertificatesTrusted Certificates Issuer NameFigure 87 Add Trusted Certificate Self CertificatesIssuer Name Figure 88 Self Certificates ScreenSelf Certificate Requests Requesting a Self CertificateDelete button Request ListHash Algorithm NameSubject Name Signature AlgorithmTo add a New CRL CRLsFigure 91 Upload Self Certificate Figure 93 Upload CRL StatusFigure 92 Certificate Revocation Lists Figure 94 VPN Status ScreenSA Type VPN StatusPolicy Name VPN EndpointChapter Server SetupMicrosoft VPN OverviewAuthentication Client DatabaseEnable PPTP ServerVerify Password Login NameLogin Password Update SelectedFigure 97 Microsoft VPN Status Screen This indicates whether or not the PPTP VPN Server is enabledStatus Screen Server Status1. Click Start - Settings - Dial-up Networking Windows Client SetupWindows 98/ME 2. Select Make New ConnectionTo establish a connection 2. Select Start - Settings - Dial-up NetworkingWindows ME VPN Dialing Properties Figure 100 Windows 2000 Network Connection WindowsFigure 101 Windows 2000 Public Network Figure 103 Windows 2000 Connection Availability Figure 102 Windows 2000 VPN HostClick Next to continue Microsoft VPNFigure 104 Windows 2000 Finish Wizard Figure 105 Windows XP Network Connection Type Windows XPFigure 106 Windows XP Network Connection Figure 108 Windows XP Public Network Figure 107 Windows XP Connection Name4. Enter a suitable name for this connection. Click Next to continue Figure 109 Windows XP VPN ServerTo establish a connection Changing the connection settingsFigure 110 Windows XP Connection Availability Diagnostics Other Features & SettingsConfig File Remote AdminData - Config File Screen Config FileFigure 111 Config File Screen Ping Network DiagnosticsFigure 112 Network Diagnostics Screen IP AddressPC Database Screen PC DatabaseFigure 113 PC Database Name AdministrationKnown PCs IP AddressKnown PCs PC Database AdminFigure 114 PC Database Admin PC PropertiesAdd as New Update SelectedButtons EntrySettings Remote AdministrationFigure 115 Remote Administration Screen EnablePort Number AccessTo connect from a remote PC via the Internet Allow RemoteRouting Screen RoutingOverview Open Routing and Remote AccessFigure 116 Routing Screen Enable RIPData - Routing Screen Static RoutingProperties Configuring Other Routers on your LANSave Add Update Delete Clear Form Generate Report ButtonsFor the TW100-BRV204 s Routing Table Static Routing - ExampleOther Routers on the Local LAN Figure 117 Routing ExampleFor Router Bs Default Route For Router As Default RouteOther Features and Settings Upgrade Firmware Upgrade FirmwareFigure 118 Upgrade Firmware Screen PasswordAllow Internet access to be disabled UPnPEnable UPnP Services Allow Configu ration Figure 119 UPnP ScreenInternet Access TroubleshootingGeneral Problems Appendix AIt is a security risk, since the firewall is disabled TW100-BRV204 Appendix B SpecificationsFCC Statement CE Marking Warning FCC Radiation Exposure StatementLimited Warranty TW100-BRV204 - 5 Years WarrantyTRENDware Technical Support Tel +1-310-891-1100 Fax +1-310-8911111 Technical SupportE-mail support@trendware.com TW100-BRV204 User Guide