Manuals / TRENDnet / Computer Equipment / Network Router

TRENDnet BRV204 manual VPN Wizard - IKE Phase 2 Screen, IKE Phase 2 IPsec SA, IPsec SA Life Time

Models: BRV204

1 146

Download 146 pages 58.45 Kb

Page 85

Figure 54: VPN Wizard - IKE Phase 2 Screen

Microsoft VPN

IKE Phase 2 Screen

This screen sets the parameters for the IPSec SA. When using IKE, there are separate connec- tions (SAs) for IKE and IPSec.

Figure 54: VPN Wizard - IKE Phase 2 Screen

IKE Phase 2 (IPsec SA)

IPsec SA Life Time	This setting does not have to match the remote VPN endpoint; the
	shorter time will be used. Although measured in seconds, it is
	common to use time periods of several hours, such 28,800 seconds.
IPSec PFS	If enabled, PFS (Perfect Forward Security) enhances security by
	changing the IPsec key at regular intervals, and ensuring that each
	key has no relationship to the previous key. Thus, breaking 1 key
	will not assist in breaking the next key.
AH Authentication	AH (Authentication Header) specifies the authentication protocol
	for the VPN header, if used.
	AH is often NOT used. If you do enable it, ensure the algorithm
	selected matches the other VPN endpoint.
ESP Encryption	ESP (Encapsulating Security Payload) provides security for the
	payload (data) sent through the VPN tunnel. Generally, you will
	want to enable both ESP Encryption and ESP Authentication.
	Select the desired method, and ensure the remote VPN endpoint
	uses the same method.
	• The 3DES algorithm provides greater security than DES, but is
	slower.
	• If using AES, you must select the Key Size. If using DES or
	3DES, this field is ignored.
ESP Authentication	Generally, you should enable ESP Authentication. There is little
	difference between the available algorithms. Just ensure each
	endpoint use the same setting.

81

Image 85

TRENDnet BRV204 VPN Wizard - IKE Phase 2 Screen, IKE Phase 2 IPsec SA, IPsec SA Life Time, IPSec PFS, AH Authentication

Contents

Page Page TW100-BRV204 Features Table of ContentsPackage Contents CHAPTER 2 INSTALLATIONServer Setup VPN ConfigurationWindows Client Setup CHAPTER 10 OTHER FEATURES & SETTINGSInternet Access Features TW100-BRV204 FeaturesIntroduction ChapterConfiguration & Management LAN FeaturesAdvanced Internet Functions Security Features Package ContentsIPSec VPN Gateway Features Microsoft VPN Gateway SupportFront-mounted LEDs Physical DetailsPower Figure 2 Front PanelRear Panel Using the DMZ PortReset Button To Clear All Data and restore the factory default valuesAdvantages of the DMZ Port Procedure InstallationRequirements This Chapter covers the physical installation of the TW100-BRV2043. Connect WAN Cable 4. Power Up5. Check the LEDs Overview SetupThis Chapter provides Setup details of the TW100-BRV204 ChapterPreparation Configuration ProgramFigure 5 Password Dialog Using your Web BrowserIf you cant connect TW100-BRV204 User’s Guide Common Connection Types Setup WizardType DetailsBig Pond Cable Australia Other Modems e.g. Broadband WirelessSingTel RAS TypeNavigation & Data Input Home ScreenFigure 6 Home Screen Save Cancel LAN ScreenFigure 7 LAN Screen TCP/IPUsing the TW100-BRV204 s DHCP Server DHCPUsing another DHCP Server To Configure your PCs to use DHCPTCP/IP Settings - Overview PC ConfigurationWindows Clients ChapterUsing DHCP Checking TCP/IP Settings - Windows 9x/MEUsing Specify an IP Address Figure 8 Network ConfigurationFigure 11 DNS Tab Win 95/98 Figure 10 Gateway Tab Win 95/98TW100-BRV204 User Guide PC Configuration Checking TCP/IP Settings - Windows NT4.0Figure 12 Windows NT4.0 - TCP/IP Figure 13 Windows NT4.0 - IP AddressSpecify an IP Address Obtain an IP address from a DHCP ServerFigure 14 - Windows NT4.0 - Add Gateway Figure 15 Windows NT4.0 - DNS PC ConfigurationFigure 16 Network Configuration Win Checking TCP/IP Settings - Windows1. Select Control Panel - Network and Dial-up Connection Figure 17 TCP/IP Properties WinUsing a fixed IP Address Use the following IP Address Using DHCPFigure 18 Network Configuration Windows XP Checking TCP/IP Settings - Windows XP1. Select Control Panel - Network Connection Using a fixed IP Address Use the following IP Address Using DHCPFigure 19 TCP/IP Properties Windows XP Accessing AOL Internet Access1. Select Start Menu - Settings - Control Panel - Internet Options 2. Select Set up or change your Internet ConnectionLinux Clients Macintosh ClientsOther Unix Systems Ensure you are logged in as root before attempting any changesOperation Operation and StatusStatus Screen ChapterConnection Method InternetBroadband Modem Internet ConnectionFigure 21 PPPoE Status Screen Connection Status - PPPoEConnection Physical AddressConnect ButtonsDisconnect Clear LogFigure 22 PPTP Status Screen Connection Status - PPTPConnection Physical AddressClear Log Connection Status - Telstra Big PondRefresh Figure 23 Telstra Big Pond Status ScreenDefault Gateway Connection Details - SingTel RASConnection Log Connection LogButtons DNS IP Address DHCP ClientRelease/Renew Button will display EITHER Release OR Renew Refresh Physical Address IP Address Network Mask Default Gateway Connection Details - Fixed/Dynamic IP AddressFigure 25 Connection Details - Fixed/Dynamic IP Address InternetRefresh Update the data shown on screenOperation and Status The following advanced features are provided WAN Port Configuration Internet FeaturesChapter OverviewFigure 26 WAN Port Configuration Screen WAN Port ConfigurationIdentification HostnameDisable NAT Enable NATDisabling NAT will disable Internet access, unless all PCs have LoginCommunication Applications Advanced InternetFigure 27 Internet Screen Communication ApplicationsUse this to Enable or Disable this Special Application as required Special ApplicationsFigure 28 Special Applications Screen CheckboxUsing a Special Application Multi-DMZIncoming Ports Outgoing PortsURL Filter Screen URL FilterFigure 29 URL Filter Screen Filter StringsDynamic DNS Screen Dynamic DNS Domain Name ServerThe Service works as follows DDNS ServiceDDNS Data DDNS Service User Name Password/Key Domain Name DDNS StatusIP Address seen by Internet Users Virtual ServersFigure 31 Virtual Servers Virtual Servers Screen Connecting to the Virtual ServersDefining your own Virtual Servers EnableBackup DNS OptionsFigure 33 Options Screen IP AddressAdmin Login Security ConfigurationFigure 34 Admin Login Screen ChapterSecurity Configuration Figure 35 Password DialogAccess Control Screen Access ControlIf required, you can also define your own Services Figure 36 Access Control ScreenServices Internet AccessCancel Members ButtonGroup Members Screen Access Control LogPCs not assigned to any group will be in the Default group PCs deleted from any other Group will be added to the Default groupFirewall Rules Screen Firewall RulesThis feature is for advanced administrators only Figure 38 Firewall Rules ScreenData Add Edit Move Delete View Log System Rules Figure 39 Define Firewall Rule Define Firewall RuleName TypeDest IP ServicesAction Enable Logs LogsData - Logs Screen Figure 40 Logs ScreenSystem Log Enable SyslogRouter operations start up, get time etc - This option will log Connections to the Web - based interface of this Router - ThisFigure 41 E-Mail Screen E-mailE-Mail Alerts Send E-Mail alertSubject default value isEnter the text string to be shown in the Subject field for the E mailEnable DoS Firewall Threshold Security OptionsData - Security Options Screen Figure 42 Security Options ScreenRespond to ICMP ping Allow VPN pass- through OptionsDrop fragmented IP packets Block TCP Flood Block UDP Flood Block non- standard packetsDefine Schedule Screen SchedulingEnter the start using a 24 hr clock Enter the finish time using a 24 hr clockFigure 44 Services Screen ServicesAvailable Services Available ServicesIPSec VPN IPSecThe TW100-BRV204 does NOT support Transport Mode The TW100-BRV204 always uses Tunnel ModePolicies VPN ConfigurationVPN Endpoint addressVPN Pass-through Common VPN SituationsClient PC to VPN Gateway Figure 45 VPN Pass-throughFigure 47 Connecting 2 VPN Gateways Connecting 2 LANs via VPNVPN Policies Screen VPN ConfigurationEnable Figure 48 VPN Policies ScreenEnable/Disable Adding a New PolicyMove CopyPolicy Name Enable Policy Allow NetBIOS traffic Remote VPN Endpoint General SettingsFigure 50 VPN Wizard - General Screen KeysLocal IP addresses Figure 51 VPN Wizard - Traffic Selector ScreenType Type Remote IP addressesFigure 52 VPN Wizard - Manual Key Exchange Screen Manually assigned Keystion is enabled ESP AuthenticationESP Encryption Encryption AlgorithmFigure 53 VPN Wizard - IKE Phase 1 Screen IKE PhaseIKE Phase 1 IKE SA Authentication AuthenticationAlgorithm EncryptionIKE Phase 2 IPsec SA Figure 54 VPN Wizard - IKE Phase 2 ScreenAH Authentication ESP AuthenticationClick Next to view the final screen For IKE, configuration is now completeFigure 55 VPN Wizard - Final Screen TW100-BRV204 User GuideVPN Examples Example 1 Connecting 2 TW100-BRV204 sFigure 56 Connecting 2 TW100-BRV204 s SettingIPSec SA Parameters Setting Example 2 Windows 2000/XP Client to LANFigure 57 Windows 2000/XP Client to TW100-BRV204 ValueFigure 58 Windows 2000/XP - Local Security Settings Windows Client ConfigurationDeselect Activate the default response rule. Click Next IPSec SA ParametersFigure 60 IP Filter List Figure 59 Windows 2000/XP - Policy Properties8. Enter the Source IP address and the Destination IP address Figure 61 Filter Properties AddressingFigure 62 New Rule Properties IP Filter List Figure 64 Require Security Properties Figure 63 New Rule Properties Filter Action12. Select Negotiate security this selects IKE, then click Add Microsoft VPNWindows Setting VPN SettingFigure 65 Modify Security Method Figure 66 Require Security PropertiesFigure 68 Authentication Method Figure 67 Tunnel SettingFigure 70 Windows 2000/XP Client to TW100-BRV204 Figure 69 Windows 2000/XP Client to TW100-BRV20422. Click OK to save your changes, then Close Figure 71 Filter Properties AddressingFigure 72 Filter List Microsoft VPNFigure 74 Security Methods Figure 73 Filter ActionFigure 75 Modify Security Method Figure 76 Tunnel SettingFigure 78 DUT to Win2K Properties Figure 77 Authentication Method31. Select the General tab TW100-BRV204 User GuideFigure 79 Properties - General Tab Figure 80 Key Exchange Settings32. Click the Advanced button to see the screen below 33. Click the Methods button to see the screen belowFigure 81 Key Exchange Security Methods Configuration is now completeFigure 82 IKE Security Algorithms Figure 83 Windows 2000/XP Client to TW100-BRV204Setting Example 3 Windows 2000 Server to VPN GatewayFigure 84 TW100-BRV204 to Windows 2000 Server Single ClientFigure 85 Windows 2000 Server - Addressing Windows 2000 Server ConfigurationTrusted Certificates CertificatesRequesting a Trusted Certificate Issuer NameIssuer Name Self CertificatesFigure 87 Add Trusted Certificate Figure 88 Self Certificates ScreenDelete button Requesting a Self CertificateSelf Certificate Requests Request ListSubject Name NameHash Algorithm Signature AlgorithmTo add a New CRL CRLsFigure 91 Upload Self Certificate Figure 92 Certificate Revocation Lists StatusFigure 93 Upload CRL Figure 94 VPN Status ScreenPolicy Name VPN StatusSA Type VPN EndpointMicrosoft VPN Server SetupChapter OverviewEnable Client DatabaseAuthentication PPTP ServerLogin Password Login NameVerify Password Update SelectedStatus Screen This indicates whether or not the PPTP VPN Server is enabledFigure 97 Microsoft VPN Status Screen Server StatusWindows 98/ME Windows Client Setup1. Click Start - Settings - Dial-up Networking 2. Select Make New ConnectionTo establish a connection 2. Select Start - Settings - Dial-up NetworkingWindows ME VPN Dialing Properties Figure 100 Windows 2000 Network Connection WindowsFigure 101 Windows 2000 Public Network Click Next to continue Figure 102 Windows 2000 VPN HostFigure 103 Windows 2000 Connection Availability Microsoft VPNFigure 104 Windows 2000 Finish Wizard Figure 105 Windows XP Network Connection Type Windows XPFigure 106 Windows XP Network Connection 4. Enter a suitable name for this connection. Click Next to continue Figure 107 Windows XP Connection NameFigure 108 Windows XP Public Network Figure 109 Windows XP VPN ServerTo establish a connection Changing the connection settingsFigure 110 Windows XP Connection Availability Config File Other Features & SettingsDiagnostics Remote AdminData - Config File Screen Config FileFigure 111 Config File Screen Figure 112 Network Diagnostics Screen Network DiagnosticsPing IP AddressPC Database Screen PC DatabaseFigure 113 PC Database Known PCs AdministrationName IP AddressFigure 114 PC Database Admin PC Database AdminKnown PCs PC PropertiesButtons Update SelectedAdd as New EntryFigure 115 Remote Administration Screen Remote AdministrationSettings EnableTo connect from a remote PC via the Internet AccessPort Number Allow RemoteOverview RoutingRouting Screen Open Routing and Remote AccessData - Routing Screen Enable RIPFigure 116 Routing Screen Static RoutingSave Add Update Delete Clear Form Generate Report Configuring Other Routers on your LANProperties ButtonsOther Routers on the Local LAN Static Routing - ExampleFor the TW100-BRV204 s Routing Table Figure 117 Routing ExampleFor Router Bs Default Route For Router As Default RouteOther Features and Settings Figure 118 Upgrade Firmware Screen Upgrade FirmwareUpgrade Firmware PasswordEnable UPnP Services Allow Configu ration UPnPAllow Internet access to be disabled Figure 119 UPnP ScreenGeneral Problems TroubleshootingInternet Access Appendix AIt is a security risk, since the firewall is disabled TW100-BRV204 Appendix B SpecificationsFCC Statement FCC Radiation Exposure Statement CE Marking WarningTW100-BRV204 - 5 Years Warranty Limited WarrantyTRENDware Technical Support Tel +1-310-891-1100 Fax +1-310-8911111 Technical SupportE-mail support@trendware.com TW100-BRV204 User Guide