Manuals / TRENDnet / Computer Equipment / Network Router

TRENDnet manual Example 2 Windows 2000/XP Client to LAN, Windows 2000/XP Client to TW100-BRV204

Models: BRV204

1 146

Download 146 pages 58.45 Kb

Page 89

Example 2: Windows 2000/XP Client to LAN

Microsoft VPN

Example 2: Windows 2000/XP Client to LAN

In this example, a Windows 2000/XP client connects to the TW100-BRV204 and gains access to the local LAN.

Figure 57: Windows 2000/XP Client to TW100-BRV204

To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.

TW100-BRV204 Configuration

Setting	Value	Notes
Name	Win Client	Name does not affect operation. Select a
		meaningful name.
Remote Endpoint	172.16.9.10	Other endpoint's WAN (Internet) IP address.
Local	Subnet address:	Allows access to entire LAN. Use a more
IP addresses	192.168.0.0	restrictive definition if possible.
	255.255.255.0
Remote	172.16.9.10	For a single client, this address is the same as
IP addresses		the endpoint address.
Key Exchange	IKE	Must match client PC
IKE SA Parameters
IKE Direction	Both ways	Using "Responder only" is not possible.
Local Identity	IP address	Required.
Remote Identity	IP address	Required
IKE Authentication	Pre-shared Key	Certificates are not widely used.
method
Pre-shared Key	Xxxxxxxxxx	Must match client PC
IKE Authentication	SHA-1	Must match client PC
algorithm
IKE Encryption	3DES	Must match client PC
IKE Exchange	Main Mode	Windows 2000 only supports Main Mode.
mode

85

Image 89

TRENDnet manual Example 2 Windows 2000/XP Client to LAN, Windows 2000/XP Client to TW100-BRV204, Setting, Value

Contents

Page Page TW100-BRV204 Features Table of ContentsPackage Contents CHAPTER 2 INSTALLATIONServer Setup VPN ConfigurationWindows Client Setup CHAPTER 10 OTHER FEATURES & SETTINGSInternet Access Features TW100-BRV204 FeaturesIntroduction ChapterAdvanced Internet Functions LAN FeaturesConfiguration & Management Security Features Package ContentsIPSec VPN Gateway Features Microsoft VPN Gateway SupportFront-mounted LEDs Physical DetailsPower Figure 2 Front PanelRear Panel Using the DMZ PortReset Button To Clear All Data and restore the factory default valuesAdvantages of the DMZ Port Procedure InstallationRequirements This Chapter covers the physical installation of the TW100-BRV2045. Check the LEDs 4. Power Up3. Connect WAN Cable Overview SetupThis Chapter provides Setup details of the TW100-BRV204 ChapterPreparation Configuration ProgramIf you cant connect Using your Web BrowserFigure 5 Password Dialog TW100-BRV204 User’s Guide Common Connection Types Setup WizardType DetailsBig Pond Cable Australia Other Modems e.g. Broadband WirelessSingTel RAS TypeFigure 6 Home Screen Home ScreenNavigation & Data Input Save Cancel LAN ScreenFigure 7 LAN Screen TCP/IPUsing the TW100-BRV204 s DHCP Server DHCPUsing another DHCP Server To Configure your PCs to use DHCPTCP/IP Settings - Overview PC ConfigurationWindows Clients ChapterUsing DHCP Checking TCP/IP Settings - Windows 9x/MEUsing Specify an IP Address Figure 8 Network ConfigurationTW100-BRV204 User Guide Figure 10 Gateway Tab Win 95/98Figure 11 DNS Tab Win 95/98 PC Configuration Checking TCP/IP Settings - Windows NT4.0Figure 12 Windows NT4.0 - TCP/IP Figure 13 Windows NT4.0 - IP AddressFigure 14 - Windows NT4.0 - Add Gateway Obtain an IP address from a DHCP ServerSpecify an IP Address Figure 15 Windows NT4.0 - DNS PC ConfigurationFigure 16 Network Configuration Win Checking TCP/IP Settings - Windows1. Select Control Panel - Network and Dial-up Connection Figure 17 TCP/IP Properties WinUsing a fixed IP Address Use the following IP Address Using DHCP1. Select Control Panel - Network Connection Checking TCP/IP Settings - Windows XPFigure 18 Network Configuration Windows XP Figure 19 TCP/IP Properties Windows XP Using DHCPUsing a fixed IP Address Use the following IP Address Accessing AOL Internet Access1. Select Start Menu - Settings - Control Panel - Internet Options 2. Select Set up or change your Internet ConnectionLinux Clients Macintosh ClientsOther Unix Systems Ensure you are logged in as root before attempting any changesOperation Operation and StatusStatus Screen ChapterConnection Method InternetBroadband Modem Internet ConnectionFigure 21 PPPoE Status Screen Connection Status - PPPoEConnection Physical AddressConnect ButtonsDisconnect Clear LogFigure 22 PPTP Status Screen Connection Status - PPTPConnection Physical AddressClear Log Connection Status - Telstra Big PondRefresh Figure 23 Telstra Big Pond Status ScreenDefault Gateway Connection Details - SingTel RASConnection Log Connection LogRelease/Renew Button will display EITHER Release OR Renew Refresh DNS IP Address DHCP ClientButtons Physical Address IP Address Network Mask Default Gateway Connection Details - Fixed/Dynamic IP AddressFigure 25 Connection Details - Fixed/Dynamic IP Address InternetOperation and Status Update the data shown on screenRefresh The following advanced features are provided WAN Port Configuration Internet FeaturesChapter OverviewFigure 26 WAN Port Configuration Screen WAN Port ConfigurationIdentification HostnameDisable NAT Enable NATDisabling NAT will disable Internet access, unless all PCs have LoginCommunication Applications Advanced InternetFigure 27 Internet Screen Communication ApplicationsUse this to Enable or Disable this Special Application as required Special ApplicationsFigure 28 Special Applications Screen CheckboxUsing a Special Application Multi-DMZIncoming Ports Outgoing PortsURL Filter Screen URL FilterFigure 29 URL Filter Screen Filter StringsDynamic DNS Screen Dynamic DNS Domain Name ServerThe Service works as follows DDNS ServiceDDNS Data DDNS Service User Name Password/Key Domain Name DDNS StatusFigure 31 Virtual Servers Virtual ServersIP Address seen by Internet Users Virtual Servers Screen Connecting to the Virtual ServersDefining your own Virtual Servers EnableBackup DNS OptionsFigure 33 Options Screen IP AddressAdmin Login Security ConfigurationFigure 34 Admin Login Screen ChapterSecurity Configuration Figure 35 Password DialogAccess Control Screen Access ControlIf required, you can also define your own Services Figure 36 Access Control ScreenServices Internet AccessCancel Members ButtonGroup Members Screen Access Control LogPCs not assigned to any group will be in the Default group PCs deleted from any other Group will be added to the Default groupFirewall Rules Screen Firewall RulesThis feature is for advanced administrators only Figure 38 Firewall Rules ScreenData Add Edit Move Delete View Log System Rules Figure 39 Define Firewall Rule Define Firewall RuleName TypeAction ServicesDest IP Enable Logs LogsData - Logs Screen Figure 40 Logs ScreenSystem Log Enable SyslogRouter operations start up, get time etc - This option will log Connections to the Web - based interface of this Router - ThisFigure 41 E-Mail Screen E-mailE-Mail Alerts Send E-Mail alertSubject default value isEnter the text string to be shown in the Subject field for the E mailEnable DoS Firewall Threshold Security OptionsData - Security Options Screen Figure 42 Security Options ScreenRespond to ICMP ping Allow VPN pass- through OptionsDrop fragmented IP packets Block TCP Flood Block UDP Flood Block non- standard packetsDefine Schedule Screen SchedulingEnter the start using a 24 hr clock Enter the finish time using a 24 hr clockFigure 44 Services Screen ServicesAvailable Services Available ServicesIPSec VPN IPSecThe TW100-BRV204 does NOT support Transport Mode The TW100-BRV204 always uses Tunnel ModePolicies VPN ConfigurationVPN Endpoint addressVPN Pass-through Common VPN SituationsClient PC to VPN Gateway Figure 45 VPN Pass-throughFigure 47 Connecting 2 VPN Gateways Connecting 2 LANs via VPNVPN Policies Screen VPN ConfigurationEnable Figure 48 VPN Policies ScreenEnable/Disable Adding a New PolicyMove CopyPolicy Name Enable Policy Allow NetBIOS traffic Remote VPN Endpoint General SettingsFigure 50 VPN Wizard - General Screen KeysType Figure 51 VPN Wizard - Traffic Selector ScreenLocal IP addresses Type Remote IP addressesFigure 52 VPN Wizard - Manual Key Exchange Screen Manually assigned Keystion is enabled ESP AuthenticationESP Encryption Encryption AlgorithmIKE Phase 1 IKE SA IKE PhaseFigure 53 VPN Wizard - IKE Phase 1 Screen Authentication AuthenticationAlgorithm EncryptionIKE Phase 2 IPsec SA Figure 54 VPN Wizard - IKE Phase 2 ScreenAH Authentication ESP AuthenticationClick Next to view the final screen For IKE, configuration is now completeFigure 55 VPN Wizard - Final Screen TW100-BRV204 User GuideVPN Examples Example 1 Connecting 2 TW100-BRV204 sFigure 56 Connecting 2 TW100-BRV204 s SettingIPSec SA Parameters Setting Example 2 Windows 2000/XP Client to LANFigure 57 Windows 2000/XP Client to TW100-BRV204 ValueFigure 58 Windows 2000/XP - Local Security Settings Windows Client ConfigurationDeselect Activate the default response rule. Click Next IPSec SA ParametersFigure 60 IP Filter List Figure 59 Windows 2000/XP - Policy PropertiesFigure 62 New Rule Properties IP Filter List Figure 61 Filter Properties Addressing8. Enter the Source IP address and the Destination IP address Figure 64 Require Security Properties Figure 63 New Rule Properties Filter Action12. Select Negotiate security this selects IKE, then click Add Microsoft VPNWindows Setting VPN SettingFigure 65 Modify Security Method Figure 66 Require Security PropertiesFigure 68 Authentication Method Figure 67 Tunnel SettingFigure 70 Windows 2000/XP Client to TW100-BRV204 Figure 69 Windows 2000/XP Client to TW100-BRV20422. Click OK to save your changes, then Close Figure 71 Filter Properties AddressingFigure 72 Filter List Microsoft VPNFigure 74 Security Methods Figure 73 Filter ActionFigure 75 Modify Security Method Figure 76 Tunnel SettingFigure 78 DUT to Win2K Properties Figure 77 Authentication Method31. Select the General tab TW100-BRV204 User GuideFigure 79 Properties - General Tab Figure 80 Key Exchange Settings32. Click the Advanced button to see the screen below 33. Click the Methods button to see the screen belowFigure 81 Key Exchange Security Methods Configuration is now completeFigure 82 IKE Security Algorithms Figure 83 Windows 2000/XP Client to TW100-BRV204Setting Example 3 Windows 2000 Server to VPN GatewayFigure 84 TW100-BRV204 to Windows 2000 Server Single ClientFigure 85 Windows 2000 Server - Addressing Windows 2000 Server ConfigurationTrusted Certificates CertificatesRequesting a Trusted Certificate Issuer NameIssuer Name Self CertificatesFigure 87 Add Trusted Certificate Figure 88 Self Certificates ScreenDelete button Requesting a Self CertificateSelf Certificate Requests Request ListSubject Name NameHash Algorithm Signature AlgorithmFigure 91 Upload Self Certificate CRLsTo add a New CRL Figure 92 Certificate Revocation Lists StatusFigure 93 Upload CRL Figure 94 VPN Status ScreenPolicy Name VPN StatusSA Type VPN EndpointMicrosoft VPN Server SetupChapter OverviewEnable Client DatabaseAuthentication PPTP ServerLogin Password Login NameVerify Password Update SelectedStatus Screen This indicates whether or not the PPTP VPN Server is enabledFigure 97 Microsoft VPN Status Screen Server StatusWindows 98/ME Windows Client Setup1. Click Start - Settings - Dial-up Networking 2. Select Make New ConnectionWindows ME VPN Dialing Properties 2. Select Start - Settings - Dial-up NetworkingTo establish a connection Figure 101 Windows 2000 Public Network WindowsFigure 100 Windows 2000 Network Connection Click Next to continue Figure 102 Windows 2000 VPN HostFigure 103 Windows 2000 Connection Availability Microsoft VPNFigure 104 Windows 2000 Finish Wizard Figure 106 Windows XP Network Connection Windows XPFigure 105 Windows XP Network Connection Type 4. Enter a suitable name for this connection. Click Next to continue Figure 107 Windows XP Connection NameFigure 108 Windows XP Public Network Figure 109 Windows XP VPN ServerFigure 110 Windows XP Connection Availability Changing the connection settingsTo establish a connection Config File Other Features & SettingsDiagnostics Remote AdminFigure 111 Config File Screen Config FileData - Config File Screen Figure 112 Network Diagnostics Screen Network DiagnosticsPing IP AddressFigure 113 PC Database PC DatabasePC Database Screen Known PCs AdministrationName IP AddressFigure 114 PC Database Admin PC Database AdminKnown PCs PC PropertiesButtons Update SelectedAdd as New EntryFigure 115 Remote Administration Screen Remote AdministrationSettings EnableTo connect from a remote PC via the Internet AccessPort Number Allow RemoteOverview RoutingRouting Screen Open Routing and Remote AccessData - Routing Screen Enable RIPFigure 116 Routing Screen Static RoutingSave Add Update Delete Clear Form Generate Report Configuring Other Routers on your LANProperties ButtonsOther Routers on the Local LAN Static Routing - ExampleFor the TW100-BRV204 s Routing Table Figure 117 Routing ExampleOther Features and Settings For Router As Default RouteFor Router Bs Default Route Figure 118 Upgrade Firmware Screen Upgrade FirmwareUpgrade Firmware PasswordEnable UPnP Services Allow Configu ration UPnPAllow Internet access to be disabled Figure 119 UPnP ScreenGeneral Problems TroubleshootingInternet Access Appendix AIt is a security risk, since the firewall is disabled FCC Statement Appendix B SpecificationsTW100-BRV204 FCC Radiation Exposure Statement CE Marking WarningTW100-BRV204 - 5 Years Warranty Limited WarrantyE-mail support@trendware.com Technical SupportTRENDware Technical Support Tel +1-310-891-1100 Fax +1-310-8911111 TW100-BRV204 User Guide