Authentication, Algorithm, Encryption, Mode | TRENDnet BRV204

TW100-BRV204 User Guide

Authentication	• RSA Signature requires that both VPN endpoints have valid
	Certificates issued by a CA (Certification Authority).
	• For Pre-shared key, enter the same key value in both endpoints.
	The key should be at least 8 characters (maximum is 128 charac-
	ters). Note that this key is used for the IKE SA only. The keys
	used for the IPsec SA are automatically generated.
Authentication	Select the desired option, and ensure that both endpoints have the
Algorithm	same settings.
Encryption	Select the desired method, and ensure the remote VPN endpoint uses
Algorithm	the same method.
	• The 3DES algorithm provides greater security than DES, but is
	slower.
	• If using AES, you must select the Key Size. If using DES or
	3DES, this field is ignored.
IKE Exchange	Select the desired option, and ensure the remote VPN endpoint uses
Mode	the same mode.
	• Main Mode provides identity protection for the hosts initiating
	the IPSec session, but takes slightly longer to complete.
	• Aggressive Mode provides no identity protection, but is quicker.
Direction	Select the desired option:
	• Initiator - Only outgoing connections will be created. Incoming
	connection attempts will be rejected.
	• Responder - Only incoming connections will be accepted.
	Outgoing traffic which would otherwise result in a connection
	will be ignored.
	• Both Directions - Both incoming and outgoing connections are
	allowed.
IKE SA Life Time	This setting does not have to match the remote VPN endpoint; the
	shorter time will be used. Although measured in seconds, it is com-
	mon to use time periods of several hours, such 28,800 seconds.
DH Group	Select the desired method, and ensure the remote VPN endpoint uses
	the same method. The smaller bit size is slightly faster.
IKE PFS	If enabled, PFS (Perfect Forward Security) enhances security by
	changing the IPsec key at regular intervals, and ensuring that each
	key has no relationship to the previous key. Thus, breaking 1 key
	will not assist in breaking the next key.
	This setting should match the remote endpoint.
IKE Keep Alive

Click Next to see the following IKE Phase 2 screen.

80

Image 84

TRENDnet BRV204 manual Authentication, Algorithm, Encryption, IKE Exchange, Mode, Direction, IKE SA Life Time, DH Group

Contents

Page Page Table of Contents Overview 136 General Problems Internet Access 108120 136 TW100-BRV204 Features Internet Access Features LAN Features Configuration & ManagementAdvanced Internet Functions Package Contents Physical Details Front-mounted LEDs Using the DMZ Port Rear Panel Advantages of the DMZ Port Procedure Choose an Installation SiteRequirements Connect LAN Cables Power Up Connect WAN CableCheck the LEDs Overview To Do thisRefer to Configuration Program Using UPnPPreparation Using your Web Browser If you cant connect TW100-BRV204 User’s Guide Setup Wizard Common Connection TypesCable Modems DSL Modems Other Modems e.g. Broadband Wireless Big Pond Cable AustraliaSingTel RAS Home Screen Navigation & Data Input LAN Screen Data LAN ScreenButtons Using the TW100-BRV204 s Dhcp Server Using another Dhcp ServerTo Configure your PCs to use Dhcp What Dhcp Does TCP/IP Settings Overview Windows Clients Checking TCP/IP Settings Windows 9x/ME Using DhcpUsing Specify an IP Address Gateway Tab Win 95/98 Checking TCP/IP Settings Windows NT4.0 Windows NT4.0 TCP/IP Obtain an IP address from a Dhcp Server Specify an IP Address Windows NT4.0 DNS Checking TCP/IP Settings Windows Network Configuration Win Using a fixed IP Address Use the following IP Address Checking TCP/IP Settings Windows XP Network Configuration Windows XP TCP/IP Properties Windows XP Internet Access Accessing AOLFor Windows 9x/ME/2000 For Windows XP Macintosh Clients Linux ClientsOther Unix Systems Fixed IP Address Operation Status Screen Data Status Screen InternetSystem Connection Status PPPoE Data PPPoE ScreenConnection Connection Log Connection Log Messages Message Description Connection Status Pptp Data Pptp ScreenPptp Status Connect Disconnect Connection Status Telstra Big Pond Data Telstra Big Pond Screen Default Gateway Connection Details SingTel RASData SingTel RAS Screen RAS Plan DNS IP Address Dhcp Client Connection Details Fixed/Dynamic IP Address Data Fixed/Dynamic IP address ScreenRelease/Renew Button will display Either Release Or Renew Update the data shown on screen Internet Features WAN Port Configuration Data WAN Port Configuration ScreenIdentification IP Address Login Advanced Internet Communication ApplicationsCommunication Applications Special Applications Special Applications ScreenData Special Applications Screen Using a Special Application Multi-DMZIncoming Ports Outgoing Ports URL Filter URL Filter ScreenData URL Filter Screen Filter Strings Ddns Service Dynamic DNS Domain Name ServerDynamic DNS Screen Data Dynamic DNS Screen Ddns Service User Name Password/Key Domain Name Ddns Status Ddns Data Using the DMZ port for Virtual Servers Virtual ServersIP Address seen by Internet Users Connecting to the Virtual Servers Virtual Servers ScreenDefining your own Virtual Servers Data Virtual Servers Screen Backup DNS OptionsData Options Screen MTU size Admin Login Admin Login Screen Security Configuration Access Control Access Control ScreenTo use this feature Data Access Control Screen Internet Access Access Control Log Group Members ScreenDate/Time Source IP address This feature is for advanced administrators only Firewall RulesFirewall Rules Screen Data Firewall Rules Screen Data Add Edit Move Delete View Log System Rules Define Firewall Rule Data Define Firewall Rule ScreenType Source IP Dest IP ActionLog Enable Logs LogsData Logs Screen Timezone Syslog Server Mail Data E-Mail ScreenMail Alerts Mail Logs Subject Smtp ServerPort No Enable DoS Firewall Threshold Security OptionsData Security Options Screen Firewall Options Scheduling Define Schedule ScreenData Define Schedule Screen Services Data Services ScreenAvailable Services Add New Service TW100-BRV204 does not support Transport Mode TW100-BRV204 always uses Tunnel ModeIPSec VPN Configuration PoliciesVPN Endpoint Address Common VPN Situations VPN Pass-throughClient PC to VPN Gateway Connecting 2 LANs via VPN Connecting 2 VPN Gateways VPN Configuration VPN Policies ScreenData VPN Policies Screen VPN List Enable/Disable Adding a New PolicyCopy General Settings VPN Wizard General Screen VPN Wizard Traffic Selector Screen Local IP addresses Manual Key Exchange Remote IP addressesManually assigned Keys ESP Authentication Tion is enabledESP Encryption Encryption Algorithm IKE Phase IKE Phase 1 IKE SA Authentication AlgorithmEncryption IKE Exchange IKE Phase 2 Screen IKE Phase 2 IPsec SAAH Authentication IPsec SA Life Time VPN Wizard Final Screen Example 1 Connecting 2 TW100-BRV204 s Configuration SettingsSetting LAN a Gate LAN B Gate Way VPN Examples DES IPSec SA Parameters TW100-BRV204 Configuration Setting ValueExample 2 Windows 2000/XP Client to LAN Windows Client Configuration Windows 2000/XP Local Security Settings Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action VPN Setting Windows Setting Modify Security Method Tunnel Setting Windows 2000/XP Client to TW100-BRV204 Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab Key Exchange Security Methods IKE Security Algorithms Setting Example 3 Windows 2000 Server to VPN GatewaySingle Client Server/Gateway Windows 2000 Server Configuration Windows 2000 Server Addressing Certificates Trusted CertificatesRequesting a Trusted Certificate Data Trusted Certificates Screen Self Certificates Data Self Certificates ScreenActive Self Certificates Requesting a Self Certificate Self Certificate Requests Hash Algorithm Signature AlgorithmSignature Key Length CRLs To add a New CRL Status Certificate Revocation Lists Data VPN Status Screen VPN StatusSA Type Data Transfered Server Setup Microsoft VPN Screen Client Database Data Microsoft VPN ScreenData Microsoft VPN Client Database Screen Pptp Server Button Data Microsoft VPN Status Screen Server StatusTions Server Log Windows Client Setup Windows 98/ME To establish a connection Windows ME VPN Dialing Properties Windows Windows 2000 Network Connection Windows 2000 VPN Host Changing the connection settings Windows 2000 Finish Wizard Windows XP Windows XP Network Connection Type Windows XP Connection Name Windows XP Connection Availability Diagnostics PC Database Remote AdminUpgrade Network Config File Data Config File Screen Network Diagnostics Data Network Diagnostics ScreenPing DNS Lookup PC Database PC Database Screen Administration Data PC Database ScreenKnown PCs Generate Report PC Database Admin Data PC Database Admin ScreenPC Properties Add as New EntryStandard Screen Remote Administration Data Remote Administration ScreenSettings Information Access To connect from a remote PC via the InternetPort Number Allow Remote Using this Screen RoutingOverview Routing Screen Enable RIP Data Routing ScreenStatic Routing Static Routing Table Entries Configuring Other Routers on your LAN Local Router Static Routing Example Other Routers on the Local LANFor the TW100-BRV204 s Routing Table Entry 1 Segment For Router As Default Route Upgrade Firmware Data Upgrade Firmware ScreenTo perform the Firmware Upgrade Upgrade Firmware Enable UPnP Services Allow Configu Ration Allow Internet access to be disabledUPnP Data UPnP Screen General Problems Internet AccessProblem 1 Cant connect to the TW100-BRV204 to configure it Appendix a Troubleshooting TW100-BRV204 FCC Statement CE Marking Warning FCC Radiation Exposure StatementCE Standards Limited Warranty Technical Support 142