Manuals / TRENDnet / Computer Equipment / Network Router

TRENDnet BRV204 manual Windows Client Configuration, IPSec SA Parameters

Models: BRV204

1 146

Download 146 pages 58.45 Kb

Page 90

Windows Client Configuration

TW100-BRV204 User Guide

DH Group	Group 1 (768 bit)	Must match client PC
IKE SA Life time	28800	Does not have to match client PC. Shorter
		period will be used.
IKE PFS	Disable	Must match client PC
IPSec SA Parameters
IPSec SA Life time	28800	Do not have to match. Shorter period will be
		used.
IPSec PFS	Disable	Must match client PC
AH authentication	Disabled	AH is rarely used
ESP authentication	Enable/MD5	Must match client PC
ESP encryption	Enable/DES	Must match client PC

Windows Client Configuration

1.Select Start - Programs - Administrative Tools - Local Security Policy.

2.Right click IP Security Policy on Local Machine and select Create IP Security Policy

Figure 58: Windows 2000/XP - Local Security Settings

3.Click "Next", then enter a policy name, for example "DUT To Win2K", then click "Next".

4.Step through the Wizard:

•Deselect Activate the default response rule. Click "Next",

•Leave Edit Properties checked. Click "Finish".

5.The following "Properties - Rules" screen will be displayed.

86

Image 90

TRENDnet BRV204 manual Windows Client Configuration, IPSec SA Parameters, Windows 2000/XP - Local Security Settings

Contents

Page Page Package Contents Table of ContentsTW100-BRV204 Features CHAPTER 2 INSTALLATIONWindows Client Setup VPN ConfigurationServer Setup CHAPTER 10 OTHER FEATURES & SETTINGSIntroduction TW100-BRV204 FeaturesInternet Access Features ChapterLAN Features Configuration & ManagementAdvanced Internet Functions IPSec VPN Gateway Features Package ContentsSecurity Features Microsoft VPN Gateway SupportPower Physical DetailsFront-mounted LEDs Figure 2 Front PanelReset Button Using the DMZ PortRear Panel To Clear All Data and restore the factory default valuesAdvantages of the DMZ Port Requirements InstallationProcedure This Chapter covers the physical installation of the TW100-BRV2044. Power Up 3. Connect WAN Cable5. Check the LEDs This Chapter provides Setup details of the TW100-BRV204 SetupOverview ChapterConfiguration Program PreparationUsing your Web Browser Figure 5 Password DialogIf you cant connect TW100-BRV204 User’s Guide Type Setup WizardCommon Connection Types DetailsSingTel RAS Other Modems e.g. Broadband WirelessBig Pond Cable Australia TypeHome Screen Navigation & Data InputFigure 6 Home Screen Figure 7 LAN Screen LAN ScreenSave Cancel TCP/IPUsing another DHCP Server DHCPUsing the TW100-BRV204 s DHCP Server To Configure your PCs to use DHCPWindows Clients PC ConfigurationTCP/IP Settings - Overview ChapterUsing Specify an IP Address Checking TCP/IP Settings - Windows 9x/MEUsing DHCP Figure 8 Network ConfigurationFigure 10 Gateway Tab Win 95/98 Figure 11 DNS Tab Win 95/98TW100-BRV204 User Guide Figure 12 Windows NT4.0 - TCP/IP Checking TCP/IP Settings - Windows NT4.0PC Configuration Figure 13 Windows NT4.0 - IP AddressObtain an IP address from a DHCP Server Specify an IP AddressFigure 14 - Windows NT4.0 - Add Gateway PC Configuration Figure 15 Windows NT4.0 - DNS1. Select Control Panel - Network and Dial-up Connection Checking TCP/IP Settings - WindowsFigure 16 Network Configuration Win Figure 17 TCP/IP Properties WinUsing DHCP Using a fixed IP Address Use the following IP AddressChecking TCP/IP Settings - Windows XP Figure 18 Network Configuration Windows XP1. Select Control Panel - Network Connection Using DHCP Using a fixed IP Address Use the following IP AddressFigure 19 TCP/IP Properties Windows XP 1. Select Start Menu - Settings - Control Panel - Internet Options Internet AccessAccessing AOL 2. Select Set up or change your Internet ConnectionOther Unix Systems Macintosh ClientsLinux Clients Ensure you are logged in as root before attempting any changesStatus Screen Operation and StatusOperation ChapterBroadband Modem InternetConnection Method Internet ConnectionConnection Connection Status - PPPoEFigure 21 PPPoE Status Screen Physical AddressDisconnect ButtonsConnect Clear LogConnection Connection Status - PPTPFigure 22 PPTP Status Screen Physical AddressRefresh Connection Status - Telstra Big PondClear Log Figure 23 Telstra Big Pond Status ScreenConnection Log Connection Details - SingTel RASDefault Gateway Connection LogDNS IP Address DHCP Client ButtonsRelease/Renew Button will display EITHER Release OR Renew Refresh Figure 25 Connection Details - Fixed/Dynamic IP Address Connection Details - Fixed/Dynamic IP AddressPhysical Address IP Address Network Mask Default Gateway InternetUpdate the data shown on screen RefreshOperation and Status Chapter Internet FeaturesThe following advanced features are provided WAN Port Configuration OverviewIdentification WAN Port ConfigurationFigure 26 WAN Port Configuration Screen HostnameDisabling NAT will disable Internet access, unless all PCs have Enable NATDisable NAT LoginFigure 27 Internet Screen Advanced InternetCommunication Applications Communication ApplicationsFigure 28 Special Applications Screen Special ApplicationsUse this to Enable or Disable this Special Application as required CheckboxIncoming Ports Multi-DMZUsing a Special Application Outgoing PortsFigure 29 URL Filter Screen URL FilterURL Filter Screen Filter StringsThe Service works as follows Dynamic DNS Domain Name ServerDynamic DNS Screen DDNS ServiceDDNS Service User Name Password/Key Domain Name DDNS Status DDNS DataVirtual Servers IP Address seen by Internet UsersFigure 31 Virtual Servers Defining your own Virtual Servers Connecting to the Virtual ServersVirtual Servers Screen EnableFigure 33 Options Screen OptionsBackup DNS IP AddressFigure 34 Admin Login Screen Security ConfigurationAdmin Login ChapterFigure 35 Password Dialog Security ConfigurationIf required, you can also define your own Services Access ControlAccess Control Screen Figure 36 Access Control ScreenCancel Internet AccessServices Members ButtonPCs not assigned to any group will be in the Default group Access Control LogGroup Members Screen PCs deleted from any other Group will be added to the Default groupThis feature is for advanced administrators only Firewall RulesFirewall Rules Screen Figure 38 Firewall Rules ScreenData Add Edit Move Delete View Log System Rules Name Define Firewall RuleFigure 39 Define Firewall Rule TypeServices Dest IPAction Data - Logs Screen LogsEnable Logs Figure 40 Logs ScreenRouter operations start up, get time etc - This option will log Enable SyslogSystem Log Connections to the Web - based interface of this Router - ThisE-Mail Alerts E-mailFigure 41 E-Mail Screen Send E-Mail alertEnter the text string to be shown in the Subject field for the E default value isSubject mailData - Security Options Screen Security OptionsEnable DoS Firewall Threshold Figure 42 Security Options ScreenDrop fragmented IP packets Block TCP Flood Block UDP Flood OptionsRespond to ICMP ping Allow VPN pass- through Block non- standard packetsEnter the start using a 24 hr clock SchedulingDefine Schedule Screen Enter the finish time using a 24 hr clockAvailable Services ServicesFigure 44 Services Screen Available ServicesThe TW100-BRV204 does NOT support Transport Mode VPN IPSecIPSec The TW100-BRV204 always uses Tunnel ModeVPN Endpoint VPN ConfigurationPolicies addressClient PC to VPN Gateway Common VPN SituationsVPN Pass-through Figure 45 VPN Pass-throughConnecting 2 LANs via VPN Figure 47 Connecting 2 VPN GatewaysEnable VPN ConfigurationVPN Policies Screen Figure 48 VPN Policies ScreenMove Adding a New PolicyEnable/Disable CopyFigure 50 VPN Wizard - General Screen General SettingsPolicy Name Enable Policy Allow NetBIOS traffic Remote VPN Endpoint KeysFigure 51 VPN Wizard - Traffic Selector Screen Local IP addressesType Figure 52 VPN Wizard - Manual Key Exchange Screen Remote IP addressesType Manually assigned KeysESP Encryption ESP Authenticationtion is enabled Encryption AlgorithmIKE Phase Figure 53 VPN Wizard - IKE Phase 1 ScreenIKE Phase 1 IKE SA Algorithm AuthenticationAuthentication EncryptionAH Authentication Figure 54 VPN Wizard - IKE Phase 2 ScreenIKE Phase 2 IPsec SA ESP AuthenticationFigure 55 VPN Wizard - Final Screen For IKE, configuration is now completeClick Next to view the final screen TW100-BRV204 User GuideFigure 56 Connecting 2 TW100-BRV204 s Example 1 Connecting 2 TW100-BRV204 sVPN Examples SettingIPSec SA Parameters Figure 57 Windows 2000/XP Client to TW100-BRV204 Example 2 Windows 2000/XP Client to LANSetting ValueDeselect Activate the default response rule. Click Next Windows Client ConfigurationFigure 58 Windows 2000/XP - Local Security Settings IPSec SA ParametersFigure 59 Windows 2000/XP - Policy Properties Figure 60 IP Filter ListFigure 61 Filter Properties Addressing 8. Enter the Source IP address and the Destination IP addressFigure 62 New Rule Properties IP Filter List 12. Select Negotiate security this selects IKE, then click Add Figure 63 New Rule Properties Filter ActionFigure 64 Require Security Properties Microsoft VPNFigure 65 Modify Security Method VPN SettingWindows Setting Figure 66 Require Security PropertiesFigure 67 Tunnel Setting Figure 68 Authentication MethodFigure 69 Windows 2000/XP Client to TW100-BRV204 Figure 70 Windows 2000/XP Client to TW100-BRV204Figure 72 Filter List Figure 71 Filter Properties Addressing22. Click OK to save your changes, then Close Microsoft VPNFigure 73 Filter Action Figure 74 Security MethodsFigure 76 Tunnel Setting Figure 75 Modify Security Method31. Select the General tab Figure 77 Authentication MethodFigure 78 DUT to Win2K Properties TW100-BRV204 User Guide32. Click the Advanced button to see the screen below Figure 80 Key Exchange SettingsFigure 79 Properties - General Tab 33. Click the Methods button to see the screen belowFigure 82 IKE Security Algorithms Configuration is now completeFigure 81 Key Exchange Security Methods Figure 83 Windows 2000/XP Client to TW100-BRV204Figure 84 TW100-BRV204 to Windows 2000 Server Example 3 Windows 2000 Server to VPN GatewaySetting Single ClientWindows 2000 Server Configuration Figure 85 Windows 2000 Server - AddressingRequesting a Trusted Certificate CertificatesTrusted Certificates Issuer NameFigure 87 Add Trusted Certificate Self CertificatesIssuer Name Figure 88 Self Certificates ScreenSelf Certificate Requests Requesting a Self CertificateDelete button Request ListHash Algorithm NameSubject Name Signature AlgorithmCRLs To add a New CRLFigure 91 Upload Self Certificate Figure 93 Upload CRL StatusFigure 92 Certificate Revocation Lists Figure 94 VPN Status ScreenSA Type VPN StatusPolicy Name VPN EndpointChapter Server SetupMicrosoft VPN OverviewAuthentication Client DatabaseEnable PPTP ServerVerify Password Login NameLogin Password Update SelectedFigure 97 Microsoft VPN Status Screen This indicates whether or not the PPTP VPN Server is enabledStatus Screen Server Status1. Click Start - Settings - Dial-up Networking Windows Client SetupWindows 98/ME 2. Select Make New Connection2. Select Start - Settings - Dial-up Networking To establish a connectionWindows ME VPN Dialing Properties Windows Figure 100 Windows 2000 Network ConnectionFigure 101 Windows 2000 Public Network Figure 103 Windows 2000 Connection Availability Figure 102 Windows 2000 VPN HostClick Next to continue Microsoft VPNFigure 104 Windows 2000 Finish Wizard Windows XP Figure 105 Windows XP Network Connection TypeFigure 106 Windows XP Network Connection Figure 108 Windows XP Public Network Figure 107 Windows XP Connection Name4. Enter a suitable name for this connection. Click Next to continue Figure 109 Windows XP VPN ServerChanging the connection settings To establish a connectionFigure 110 Windows XP Connection Availability Diagnostics Other Features & SettingsConfig File Remote AdminConfig File Data - Config File ScreenFigure 111 Config File Screen Ping Network DiagnosticsFigure 112 Network Diagnostics Screen IP AddressPC Database PC Database ScreenFigure 113 PC Database Name AdministrationKnown PCs IP AddressKnown PCs PC Database AdminFigure 114 PC Database Admin PC PropertiesAdd as New Update SelectedButtons EntrySettings Remote AdministrationFigure 115 Remote Administration Screen EnablePort Number AccessTo connect from a remote PC via the Internet Allow RemoteRouting Screen RoutingOverview Open Routing and Remote AccessFigure 116 Routing Screen Enable RIPData - Routing Screen Static RoutingProperties Configuring Other Routers on your LANSave Add Update Delete Clear Form Generate Report ButtonsFor the TW100-BRV204 s Routing Table Static Routing - ExampleOther Routers on the Local LAN Figure 117 Routing ExampleFor Router As Default Route For Router Bs Default RouteOther Features and Settings Upgrade Firmware Upgrade FirmwareFigure 118 Upgrade Firmware Screen PasswordAllow Internet access to be disabled UPnPEnable UPnP Services Allow Configu ration Figure 119 UPnP ScreenInternet Access TroubleshootingGeneral Problems Appendix AIt is a security risk, since the firewall is disabled Appendix B Specifications TW100-BRV204FCC Statement CE Marking Warning FCC Radiation Exposure StatementLimited Warranty TW100-BRV204 - 5 Years WarrantyTechnical Support TRENDware Technical Support Tel +1-310-891-1100 Fax +1-310-8911111E-mail support@trendware.com TW100-BRV204 User Guide