Manuals / TRENDnet / Computer Equipment / Network Router

TRENDnet TW100-BRV324 Example 2 Windows 2000/XP Client to LAN, Setting, Value, IKE SA Parameters

Models: TW100-BRV324

1 136

Download 136 pages 15.48 Kb

Page 88

Example 2: Windows 2000/XP Client to LAN

Broadband VPN Gateway User Guide

Example 2: Windows 2000/XP Client to LAN

In this example, a Windows 2000/XP client connects to the Broadband VPN Gateway and gains access to the local LAN.

Figure 49: Windows 2000/XP Client to Broadband VPN Gateway

To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.

Broadband VPN Gateway Configuration

Setting		Value	Notes

Name		Win Client	Name does not affect operation. Select a
			meaningful name.

Remote Endpoint		172.16.9.10	Other endpoint's WAN (Internet) IP address.

Local		Subnet address:	Allows access to entire LAN. Use a more
IP addresses		192.168.0.0	restrictive definition if possible.
		255.255.255.0

Remote		172.16.9.10	For a single client, this address is the same as
IP addresses			the endpoint address.

Key Exchange		IKE	Must match client PC

IKE SA Parameters

IKE Direction		Both ways	Using "Responder only" is not possible.

Local Identity		IP address	Required.

Remote Identity		IP address	Required

IKE Authentication		Pre-shared Key	Certificates are not widely used.
method

Pre-shared Key		Xxxxxxxxxx	Must match client PC

IKE Authentication		SHA-1	Must match client PC
algorithm

IKE Encryption		3DES	Must match client PC

IKE Exchange		Main Mode	Windows 2000 only supports Main Mode.
mode

DH Group		Group 1 (768 bit)	Must match client PC

IKE SA Life time		28800	Does not have to match client PC. Shorter

84

Image 88

TRENDnet TW100-BRV324 manual Example 2 Windows 2000/XP Client to LAN, Broadband VPN Gateway Configuration, Setting, Value

Contents

Page Page Table of Contents P/N 956YH10001 Copyright 2007. All Rights Reserved Document Version1.0Broadband VPN Gateway Features Internet Access FeaturesIntroduction ChapterLAN Features Configuration & ManagementPackage Contents Security FeaturesIPSec VPN Gateway Features Microsoft VPN Gateway SupportPhysical Details Front-mounted LEDsRear Panel Installation ProcedureRequirements ChapterThe Power LED should be ON Installation5. Check the LEDs The WAN1 or WAN2 LED should be ONSetup OverviewThis Chapter provides Setup details of the Broadband VPN Gateway ChapterConfiguration Program PreparationFigure 5 Password Dialog If you cant connectHome Screen Navigation & Data InputWAN Port Configuration WAN Port SettingsStatic IP Settings Data - WAN Port ScreenPPPoE Dial-up ButtonsPort Options Screen Data - Port Options ScreenPort Options Also called Network Adapter Address or Physical Address. This is aBind Service MTU SizePPPoE Connection Automatic Dial-upData - LAN Port Screen LAN Port ScreenButtons DHCP Using the Broadband VPN Gateway s DHCP ServerUsing another DHCP Server To Configure your PCs to use DHCPLoad/Backup Screen Data - Load/Backup ScreenAdministration Equilibrium Type has 2 optionsSetup PC Configuration TCP/IP Settings - OverviewWindows Clients ChapterUsing DHCP Checking TCP/IP Settings - Windows 9x/MEUsing Specify an IP Address Figure 14 DNS Tab Win 95/98 Figure 13 Gateway Tab Win 95/98Broadband VPN Gateway User Guide Figure 15 Windows NT4.0 - TCP/IP Checking TCP/IP Settings - Windows NT4.0Figure 16 Windows NT4.0 - IP Address Specify an IP Address Obtain an IP address from a DHCP ServerFigure 17 - Windows NT4.0 - Add Gateway PC Configuration Figure 18 Windows NT4.0 - DNSChecking TCP/IP Settings - Windows Figure 19 Network Configuration Win1. Select Control Panel - Network and Dial-up Connection Figure 20 TCP/IP Properties WinUsing a fixed IP Address Use the following IP Address Using DHCPPC Configuration Figure 21 Network Configuration Windows XP Checking TCP/IP Settings - Windows XP1. Select Control Panel - Network Connection Using a fixed IP Address Use the following IP Address Using DHCPFigure 22 TCP/IP Properties Windows XP Checking TCP/IP Settings - Windows Vista PC Configuration Internet Access Accessing AOL1. Select Start Menu - Settings - Control Panel - Internet Options 2. Select Set up or change your Internet ConnectionMacintosh Clients Linux ClientsOther Unix Systems Fixed IP AddressOperation and Status OperationStatus Screen ChapterFigure 23 General Status Screen Operation and StatusWAN1/2 FirewallKernel SystemPort Status Data - Port Status ScreenPort Status ButtonsEvent Log Data - Event Log ScreenEvent Log ButtonsURL Log Data - URL LogInternet ButtonsData - System Log Screen System LogSystem Log Internet Features The following advanced features are provided Address List PC DatabaseChapter OverviewData - Address List Screen Address ListAddress List PC Database PC Database Screendress, IP Address and Certify Data - PC Database ScreenButtons Data - URL Filter Screen URL FilterFilter Strings To add an entry to the list, enter it here, and click the Add button ButtonsDynamic DNS Dynamic DNS ScreenWAN1/2 Data - Dynamic DNS ScreenWeb Site Button Static Routing OverviewStatic Routing Screen Open Routing and Remote AccessData - Static Routing Screen Static RoutingConfiguring Other Routers on your LAN Local RouterOther Routers on the Local LAN ButtonsStatic Routing - Example For Router As Default RouteFor Router Bs Default Route For the Broadband VPN Gateway s Routing TableInternet Features Network Mask0.0.0.0 Gateway IP AddressData - QoS Screen Broadband VPN Gateway User GuideBased on QoS rules set below Security Configuration RulesRules Screen ChapterData - Rules Screen Outbound/Inbound ConnectionDefine Firewall Rule Inbound/Outbound Data - Define Firewall Rule ScreenServices Log SettingDest IP Advanced RuleSchedules Schedules ScreenData - Log Screen Firewall -- LogTime Zone Second Server System LogServices Data - Services ScreenAvailable Services Add New Serviceif not required Broadband VPN Gateway User GuideSecurity Data - Security ScreenFirewall MAX 3D Engine OptionsMaximum Con Figure 41 Multi-DMZ E-Mail Data - E-Mail ScreenE-Mail Alert E-Mail LogSelect the desired option for sending the log by E-mail VPN IPSec IPSecPolicies ChapterVPN Configuration VPN Endpointaddress Traffic SelectorVPN Pass-through Common VPN SituationsClient PC to VPN Gateway Connecting 2 LANs via VPN Figure 45 Connecting 2 VPN GatewaysVPN Configuration Policies ScreenVPN List OperationsEnable/Disable MoveCopy DeleteAdding a New Policy Broadband VPN Gateway User GuideFigure 47 VPN Wizard - Start Screen Microsoft VPNGeneral Settings Enable PolicyAllow NetBIOS Authentication and EncryptionAuthentication Algorithm ESP AuthenticationAH Authentication ESP Encryptiontion is enabled ESP SPIThis is required if either ESP Encryption or ESP Authentica IKE Internet Key ExchangeAuthentication EncryptionExchange Mode IKE SA AggressiveExample 1 Connecting 2 Broadband VPN Gateways VPN ExamplesSetting LAN A GateIPSec SA Parameters Example 2 Windows 2000/XP Client to LAN Broadband VPN Gateway ConfigurationSetting ValueWindows Client Configuration Figure 50 Windows 2000/XP - Local Security SettingsDeselect Activate the default response rule. Click Next IPSec SA ParametersFigure 51 Windows 2000/XP - Policy Properties Figure 52 IP Filter List8. Enter the Source IP address and the Destination IP address Figure 53 Filter Properties AddressingFigure 54 New Rule Properties IP Filter List Figure 55 New Rule Properties Filter Action Figure 56 Require Security Properties12. Select Negotiate security this selects IKE, then click Add Broadband VPN Gateway User GuideVPN Setting Windows SettingFigure 57 Modify Security Method Figure 58 Require Security PropertiesFigure 59 Tunnel Setting Figure 60 Authentication MethodFigure 61 Windows 2000/XP Client to Broadband VPN Gateway Figure 62 Windows 2000/XP Client to Broadband VPN GatewayFigure 63 Filter Properties Addressing 22. Click OK to save your changes, then CloseFigure 64 Filter List Broadband VPN Gateway User GuideFigure 66 Security Methods Figure 65 Filter ActionMicrosoft VPN Figure 68 Tunnel Setting Figure 67 Modify Security MethodFigure 69 Authentication Method Figure 70 DUT to Win2K PropertiesFigure 72 Key Exchange Settings Figure 71 Properties - General Tab32. Click the Advanced button to see the screen below 33. Click the Methods button to see the screen belowExample 3 Windows 2000 Server to VPN Gateway SettingFigure 74 IKE Security Algorithms Figure 75 Windows 2000/XP Client to Broadband VPN GatewayRemote IP addresses 172.16.9.10For a single client, this is the same as the Gateway address Subnet address 11.5.0.0 Address range used on the remote LANWindows 2000 Server Configuration Figure 77 Windows 2000 Server - AddressingCertificates Trusted CertificatesRequesting a Trusted Certificate Trusted CertificatesPrivate Certificate Data - Private Certificate ScreenPrivate Certificate Private Certificate RequestsRequesting a Private Certificate Upload ButtonNew Request ButtonSelect the desired option. RSA is recommended To add a New CRL VPN Status Data - VPN Status ScreenVPN Status ButtonsServer Setup Microsoft VPNChapter OverviewPPTP Service UserData - VPN Adapter Screen Data - User Screen Existing UsersProperties ButtonStatus Log Screen Service LogData - Status Log Screen Status LogWindows Client Setup Windows 98/ME1. Click Start - Settings - Dial-up Networking 2. Select Make New ConnectionTo establish a connection 2. Select Start - Settings - Dial-up NetworkingWindows ME VPN Dialing Properties Figure 92 Windows 2000 Network Connection WindowsFigure 93 Windows 2000 Public Network Figure 94 Windows 2000 VPN Host Figure 95 Windows 2000 Connection AvailabilityFigure 96 Windows 2000 Finish Wizard Figure 97 Windows XP Network Connection Type Windows XPFigure 98 Windows XP Network Connection Figure 100 Windows XP Public Network Figure 99 Windows XP Connection NameFigure 101 Windows XP VPN Server To establish a connection Changing the connection settingsFigure 102 Windows XP Connection Availability Chapter Other Features & SettingsOverview Diagnostics Data - Diagnostics ScreenPing DNS LookupSearch Button Broadband VPN Gateway User GuidePassword Password ScreenData - Account Management Screen Settings Web ManagementData - Web Management Screen To connect from a remote PC via the Internet HTTPS//123.123.123.1238080Firmware Upgrade Data - Firmware Upgrade ScreenTo perform the Firmware Upgrade Firmware UpgradeBackup/Restore Data - Backup/Restore ScreenThis will delete ALL of the existing settings Default Configu- rationBroadband VPN Gateway User Guide Troubleshooting General ProblemsInternet Access Appendix AIt is a security risk, since the firewall is disabled Appendix B Specifications Broadband VPN GatewayFCC Statement FCC Radiation Exposure StatementCE Marking Warning CE StandardsAppendix B - Specifications Broadband VPN Gateway User Guide