VPN

Phase I is the negotiation and establishment of the IKE connection.

Phase II is the negotiation and establishment of the IPsec connection.

Because the IKE and IPsec connections are separate, they have different SAs (security associa- tions).

Policies

VPN configuration settings are stored in Policies.

Each policy defines:

The address of the remote VPN endpoint

The traffic which is allowed to use the VPN connection.

The parameters (settings) for the IPsec SA (Security Association)

If IKE is used, the parameters (settings) for the IKE SA (Security Association)

Generally, you will need at least one (1) VPN Policy for each remote site for which you wish to establish VPN connections.

It is possible, and sometimes necessary, to have multiple Policies for the same remote site. In this case, the order (sequence) of the policies is important. The policies are examined in turn, and the first matching policy will be used.

VPN Configuration

The general rule is that each endpoint must have matching Policies, as follows:

Remote VPN address

Each VPN endpoint must be configured to initiate or accept con-

 

nections to the remote VPN client or Gateway.

 

Usually, this requires having a fixed Internet IP address. However,

 

it is possible for a VPN Gateway to accept incoming connections

 

from a remote client where the client's IP address is not known in

 

advance.

Traffic Selector

This determines which outgoing traffic will cause a VPN connec-

 

tion to be established, and which incoming traffic will be accepted.

 

Each endpoint must be configured to pass and accept the desired

 

traffic from the remote endpoint.

 

If connecting 2 LANs, this requires that:

 

• Each endpoint must be aware of the IP addresses used on the

 

other endpoint.

 

• The 2 LANs MUST use different IP address ranges.

IKE parameters

If using IKE (recommended), the IKE parameters must match

 

(except for the SA lifetime, which can be different).

IPsec parameters

The IPsec parameters at each endpoint must match.

69

Page 72
Image 72
TRENDnet TW100-BRV204, VPN Firewall Router manual Policies, VPN Configuration

VPN Firewall Router, TW100-BRV204 specifications

The TRENDnet TW100-BRV204 is a versatile broadband router that caters to small office and home office environments. This device is designed to streamline connectivity and enhance network performance, making it an excellent choice for users looking to optimize their internet experience.

One of the primary features of the TW100-BRV204 is its integrated four-port 10/100 Mbps Ethernet switch, allowing users to connect multiple devices directly via Ethernet cables. This ensures fast and reliable wired connections for computers, printers, and other networked devices, reducing latency and improving overall performance.

Additionally, the router boasts a built-in firewall that provides crucial security features. The NAT (Network Address Translation) and SPI (Stateful Packet Inspection) firewalls help protect the network from external threats while allowing seamless communication between devices on the local network. This level of security is essential for small business owners who need to safeguard sensitive data.

The TW100-BRV204 also supports advanced QoS (Quality of Service) technology, which prioritizes bandwidth allocation. This ensures that critical applications, such as VoIP (Voice over Internet Protocol) and video conferencing, receive the necessary bandwidth for optimal performance. By minimizing lag and interruptions, users can maintain a smooth online experience.

Another notable characteristic of the TRENDnet TW100-BRV204 is its support for PPPoE (Point-to-Point Protocol over Ethernet) and static IP connections. This versatility makes it compatible with various types of internet service providers, ensuring that users can easily configure their network settings without hassle.

For wireless connectivity, the TW100-BRV204 is equipped with robust wireless capabilities, adhering to the 802.11g standard, allowing for wireless communication with compatible devices. Though not as speedy as the newer 802.11n or 802.11ac standards, it still offers good performance for basic browsing and streaming tasks within its range.

In summary, the TRENDnet TW100-BRV204 is an excellent choice for those seeking a reliable and secure broadband router for small office applications. With its built-in Ethernet switch, strong firewall, QoS support, and compatibility with various ISP configurations, it stands out as a dependable solution for enhancing connectivity and productivity in a compact design. Whether for business or personal use, this router offers the essential features needed to facilitate a robust network environment.