Manuale d’uso / di manutenzione del prodotto BRV204 del fabbricante TRENDnet
Vai alla pagina of 146
.
.
i Table of Contents CHAPTER 1 INTRODUCTION ............................................................................................. 1 TW100-BRV204 Features...........................................................................................
ii VPN Configuration ......................................................................................................... 73 VPN Examples ............................................................................................................
1 Chapter 1 Introduction This Chapter provides an overview of the TW100-BRV204 's features and capabilities. Congratulations on the purchase of y our new TW100-BRV204 . The TW100-BRV204 is a multi-funct ion device providing the fol lowing services: • Shared Broadband Internet Access for all LAN users.
TW100-BRV204 User’s Guide 2 Advanced Internet Functions • Communication Applications. Support for Internet com municat ion applications, such as interactive Gam es, Telephony, and Conferencing appl ications, which are often di fficult to use when behind a Firewall, is i ncluded.
Introduction 3 Security Features • Password - protected Configuration . Optional password protecti on is provided to prevent unauthorized users from modifyi ng the configuration data and set tings.
TW100-BRV204 User’s Guide 4 Physical Details Front-mounted LEDs Figure 2: Front Panel Power On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. LAN Each port has 2 LEDs • Link/Act • On - Corresponding LAN (hub) port is acti ve.
Introduction 5 Rear Panel Figure 3: Rear Panel Reset Button This button has two (2) functi ons: • Reboot . When pressed and released, the TW100-BRV204 will reboot (restart). • Clear All Data . This button can also be used to clear ALL data and restore ALL settings to the factory defaul t values.
TW100-BRV204 User’s Guide 6 • PCs connected to the DMZ port are on the sa me LAN segm ent as PCs connected to the Hub ports. They must use t he same IP address range. • PCs connected to the DMZ port are NOT visi ble to PCs on the hub (LAN) ports.
7 Chapter 2 Installation This Chapter covers the physical installation of the TW100-BRV204 . Requirements • Network cables. Use standard 10/100BaseT network (UTP) cabl es with RJ45 connectors.
TW100-BRV204 User’s Guide 8 3. Connect WAN Cable Connect the Broadband m odem to the WAN port on the TW100-BRV204 . Use the cable supplied with y our Broadband modem . If no cable was supplied, use a st andard LAN cable. 4. Power Up • Power on the Broadband modem .
9 Chapter 3 Setup This Chapter provides Set up details of the TW100-BRV204 . Overview This chapter describes the setup procedure for: • Internet Access • LAN configuration PCs on your local LAN m ay also require configurati on. For details, see Chapter 4 - PC Con- figuration .
TW100-BRV204 User’s Guide 10 Use the Microsoft VPN feature: • PPTP Server in the TW100-BRV204 . • User and Client setup. • Checking VPN connection Status. Chapter 9: Microsoft VPN Configure or use any of the followi ng: • Configuration Fil e backup and restore.
Setup 11 • Double - click the icon for t he TW100-BRV204 (either on the Desktop, or in My Network Places ) to start the configu r ation. Refer to the following section Setup Wizard for details of the initial con f iguration process. Using your Web Browser To establish a connection from your PC to t he TW100-BRV204 : 1.
TW100-BRV204 User’s Guide 12 • These are the default values. Both the name and password can (and shoul d) be changed, using the Admin Login screen.
Setup 13 Setup Wizard The first time you connect to the TW100-BRV204 , the Setup Wizard will run automatically. (The Setup Wizard will also run if the TW 100-BRV204 's default setting are restored.) 1. Step through the Wizard until finished. • You need to know the type of Internet connect ion service used by your ISP.
TW100-BRV204 User’s Guide 14 PPTP Mainly used in Europe. You connect to the ISP only when required. The IP address is usually allocated auto m ati- cally, but may be Static (Fixed). • PPTP Server IP Address. • User name and password. • IP Address allocated to you, if Static (Fixed).
Setup 15 Home Screen After finishing or exitin g the Setup Wizard, you will see the Home screen. When you connect in future, you will see this sc reen when you connect.
TW100-BRV204 User’s Guide 16 LAN Screen Use the LAN link on the main m enu to reach the LAN screen An example screen is shown below. Figure 7: LAN Screen Data - LAN Screen TCP/IP IP Address IP address for the TW100-BRV204 , as seen from the local LAN.
Setup 17 DHCP What DHCP Does A DHCP (Dynami c Host Configuration Prot ocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request. • The client request is m ade when the client device starts up (boots). • The DHCP Server provides the Gateway and DNS addresses to the client, as well as allocating an IP Address.
18 Chapter 4 PC Configuration This Chapter detail s the PC Configurat ion required on the local ( "Internal") LAN. Overview For each PC, the following may need to be configured: • TCP/IP n.
PC Configuration 19 Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Net work . You should see a screen like t he following: Figure 8: Network Configuration 2. Select the TCP/IP protocol for your net work card. 3. Click on the Properti es button.
TW100-BRV204 User Guide 20 • On the Gateway tab, enter the TW100-BRV204 's IP address i n the New Gateway field and click Add , as shown below. Your LAN adm inistrator can advise y ou of the IP Address they assigned to the TW100-BRV204 . Figure 10: Gateway Tab (Win 95/98) • On the DNS Configurati on tab, ensure Enable DNS is selected.
PC Configuration 21 Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Net work , and, on the Protocols tab, select the TCP/IP prot ocol, as shown below. Figure 12: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below.
TW100-BRV204 User Guide 22 4. Select the appropriate radio button - Obtain an IP address from a DHC P Server or Specify an IP Address , as explained below. Obtain an IP address from a DHCP Server This is the default Windows setting. Using this is recommended .
PC Configuration 23 Figure 15: Windows NT4.0 - DNS.
TW100-BRV204 User Guide 24 Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Net work and Dial-up Connecti on . 2. Right - click t he Local Area Connection icon and select Properties . You shoul d see a screen like the following : Figure 16: Network Configuration (Win 2000) 3.
PC Configuration 25 5. Ensure your TCP/IP settings are correct , as described below. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatical ly . This is the default Windows setting. Using this is recommended . By default, the TW100-BRV204 will act as a DHCP Server.
TW100-BRV204 User Guide 26 Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Net work Connection . 2. Right click t he Local Area Connection and choose Properties . You should see a screen like the following: Figure 18: Network Configuration (Windows XP) 3.
PC Configuration 27 Figure 19: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatical ly . This is the default Windows setting. Using this is recommended .
TW100-BRV204 User Guide 28 Internet Access To configure your PCs to use th e TW100-BRV204 for Internet access: • Ensure that the DSL modem , Cable m odem, or other perm anent connection is funct ional. • Use the following procedure to configure your Browser to access the Internet via the LAN, rather than by a Dial-up connection.
PC Configuration 29 Macintosh Clients From your Macintosh, you can access the Inte rnet via the TW100-BRV204 . The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up m enu. 3. Select Using DHCP Server from the Confi gure pop-up menu.
30 Chapter 5 Operation and Status This Chapter details the operation of the TW100-BRV204 and the status screens. Operation Once both the TW100-BRV204 and the PCs are configured, operation is automatic.
Operation and Status 31 Data - Status Screen Internet Connection Method This indicates the current connect ion method, as set in the Setup Wizard. Broadband Modem This shows the connection status of the m odem.
TW100-BRV204 User Guide 32 Connection Status - PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the "Connectio n Details" button is clicked.
Operation and Status 33 Buttons Connect If not connected, establish a connect ion to your ISP. Disconnect If connected to your ISP, hang up the connection. Clear Log Delete all data currently in the Log . This will make it easier to read new messages.
TW100-BRV204 User Guide 34 Connection Status - PPTP If using PPTP (Peer-to-Peer Tunne ling Protocol), a screen like the following example will be displayed when the "Connect ion Details" but ton is clicked.
Operation and Status 35 Clear Log Delete all data currently in the Log . This will make it easier to read new messages. Refresh Update the data on screen.
TW100-BRV204 User Guide 36 Connection Log Connection Log • The Connection Log shows status messages relating t o the existing connection. • The Clear Log button will restart th e Log, while the Refresh button will update the messages shown on screen.
Operation and Status 37 DNS IP Address The IP Address of the Domain Name Server which is currently used. DHCP Client This will show "Enabled" or "Disab led", depending on whether or not this device is funct ioning as a DHCP client .
TW100-BRV204 User Guide 38 Connection Details - Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the follo wing exam ple will be displayed when the "Connect ion Details" but ton is clicked.
Operation and Status 39 the "Release" button will break th e connection and release the IP Address. Refresh Update the data shown on screen..
40 Chapter 6 Internet Features This Chapter explains when and how to use the TW100-BRV204 's "Internet" Features. Overview The following advanced features are provided.
Internet Features 41 WAN Port Configuration The WAN Port Configuration screen provides an alte rnative to using the Wizard. It can be accessed from the Internet m enu.
TW100-BRV204 User Guide 42 Specified IP Address Also called Static IP Address . Select this if your ISP has allocated you a fixed IP Address. If this option i s selected, the followi ng data must be entered. • IP Address . The IP Address allocated by the ISP.
Internet Features 43 Advanced Internet Figure 27: Internet Screen This screen allows configuration of all advanced features relating to Internet access. • Comm unication Appli cations • Special Applications • Multi-DMZ • URL filter Communication Applications Most applications are support ed transparently by t he TW100-BRV204 .
TW100-BRV204 User Guide 44 Send incoming calls to This lists the PCs on your LAN. • If necessary, you can add PCs m anually, using the PC Database option on the Other m enu.
Internet Features 45 Incoming Ports • Type - Select the protocol (TCP or UDP) used when you receive data from the special application or service. (Note: Som e applications use different protocols for outgoi ng and incoming dat a). • Start - Enter the beginning of the range of port num bers used by the application server, for data you recei ve.
TW100-BRV204 User Guide 46 URL Filter The URL Filter allows you to block access to undesirable Web site • To use this feature, you must define "filter string s". If th e "filter string" appears in a requested URL, the request is blocked.
Internet Features 47 Dynamic DNS (Domain Name Server) This free service is very usef ul when combined with the Virtual Server feature. It allows Internet users to connect to your Vi rtual Serv ers using a URL, rather than an IP Address. This also solves the problem of having a dynami c IP address.
TW100-BRV204 User Guide 48 NOT need to use the "Client" program provided by som e DDNS Service providers.) • From the Internet, users will now be able to connect to your Virtual Servers (or DMZ PC) usi ng your Domain nam e. DDNS Data DDNS Service Select the desired DDNS Service provider.
Internet Features 49 Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Norm ally, Internet users would not be able to access a server on your LAN because: • Your Server does not have a valid external IP Address.
TW100-BRV204 User Guide 50 • For each enabled Virtual Server, a firewall rule to allow incoming traffic from the Internet (WAN) to the DMZ is automat ically created. If the Server is connect ed to the LAN (hub) ports, you must add the firewall rule m anually.
Internet Features 51 http://203.70.212.52 ftp://203.70.212.52 It is more convenient if you are using a Fixed IP Address from your ISP, rather than Dynam ic. However, you can use the Dynamic DNS feature, described in the followi ng section, to allow users to connect to your Virtual Servers usi ng a URL, rather than an IP Address.
52 Chapter 7 Security Configuration This Chapter explains the settings ava ilable via the security configuration section of the "Security " menu.
Security Configuration 53 Figure 35: Password Dialog Enter the "User Name" and "Password" y ou set on the Admin Login screen above.
TW100-BRV204 User Guide 54 Access Control This feature is accessed by the Access Control link on the Security m enu. The Access Control feature allows administrators to restrict the level of Internet Access avail- able to PCs on your LAN. With the default se ttings, everyone has unrestricted Internet access.
Security Configuration 55 "Members" Button Click this but ton to add or remove m em bers from the current Group. • If the current group is "Default", t hen mem bers can not be added or deleted. This group contai ns PCs not allocated to any other group.
TW100-BRV204 User Guide 56 Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Figure 37: Group Members Use this screen to add or remove m em bers (PCs) from the current group. • The "Del >>" button will remove the selected PC (in th e Members list) from the current group.
Security Configuration 57 Firewall Rules For normal operati on and LAN protection, it i s not necessary to use this screen. The Firewall will always block DoS (Denial of Serv ice) attack s. A DoS attack does not attempt to steal data or dam age your PCs, but overloads y our Internet connection so you can not use it - the service is unavailable.
TW100-BRV204 User Guide 58 Data For each rule, the following data is shown: • Name - The name you assigned t o the rule. • Source - The traffic covered by this rule, defi ned by the source IP address. If the IP address is follo wed by ... this indicates there is range of IP addresses, rather than a single address.
Security Configuration 59 Define Firewall Rule Clicking the "Add" but ton in the Firewall Rules screen will display a screen like the ex ample below. Figure 39: Define Firewall Rule Data - Define Firewall Rule Screen Name Enter a suitable name for this rule.
TW100-BRV204 User Guide 60 Dest IP These settings determ ine which traffic, based on their dest ination IP address, is covered by this rule. Select the desired option: • Any - All traffic from the source port is covered b y this rule. • Single address - Enter the required IP address in the "St art IP address" field".
Security Configuration 61 Logs The Logs record various types of activit y on the TW100-BRV204 . This data is useful for troubleshooting, but enabling all l ogs will generate a large amount of data and adversely affect performance.
TW100-BRV204 User Guide 62 Outgoing Traffic Select the desired option: • All IP traffic - - this will log all outgoi ng TCP/IP connections, of any type. This will generate the larg est logs, and fill the internal log buffer more quickl y. • All TCP/UDP/ICMP traffic - These 3 protocols are used by most internet traffic.
Security Configuration 63 E-mail Figure 41: E-Mail Screen Data – E-Mail Screen E-Mail Alerts Send E-Mail alert If enabled, an E-mail will be sent immediately if a DoS (Denial of Service) attack is detected. If enabled, the E-mail address infor- mation m ust be provided.
TW100-BRV204 User Guide 64 Subject Enter the te xt string to be shown in the "Subject" fi eld for the E- mail. SMTP Server Enter the address or address or IP address of the SMTP (Simple Mail Transport Prot ocol) Server you use for outgoing E-m ail.
Security Configuration 65 Security Options This screen allows you to set Firewall and other security-related options. Figure 42: Security Options Screen Data - Security Options Screen Firew all Enable DoS Firewall If enabled, DoS (Denial of Service) attacks will be detected an d blocked.
TW100-BRV204 User Guide 66 Options Respond to ICMP (ping) The ICMP protocol is used by the "ping" and "trace route" program s, and by network moni toring and diagnostic programs. • If checked, the TW100-BRV204 will respond to ICMP packets received from the Internet.
Security Configuration 67 Scheduling • This schedule can be (optionall y) applied to any Access C ontrol Group. • Blocking will be performed dur in g the scheduled time (between the "Start" and "Finish" times.) • Two (2) separate sessions or periods can be defined.
TW100-BRV204 User Guide 68 Services Services are used in defining traffic to be bl ocked or allowed by the Access Control or Fire- wall Rules features. Many comm on Services are pre-defined, but you can also defi ne your own services if required. To view the Services screen, select the Services link on the Securit y menu.
69 Chapter 8 VPN (IPSec) This Chapter describes the VPN c apabilities and configuration required for common situations. Overview This section describes the VPN (Virt ual Private Network) support provided by your TW100- BRV204 .
TW100-BRV204 User Guide 70 • Phase I is the negotiati on and establishm ent up of the IKE connection. • Phase II is the negotiation and est ablishm ent up of the IPsec connection. Because the IKE and IPsec connections are separa te, they have different SAs (security associa- tions).
Microsoft VPN 71 Common VPN Situations VPN Pass-through Figure 45: VPN Pass-through Here, a PC on the LAN behind the Router/Gat eway is using VPN software, but t he Router/Gateway is NOT acting as a VPN endpoint. It is only allowing the VPN connect ion.
TW100-BRV204 User Guide 72 Connecting 2 LANs via VPN Figure 47: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN.
Microsoft VPN 73 VPN Configuration This section covers the configurati on re quired on the TW100-BRV204 when using M anual Key Exchange (Manual Policies) or IKE (Automatic Policies). Details of using Certificates are cov ered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu.
TW100-BRV204 User Guide 74 Move The order i n which policies are l isted is onl y import ant if you have multiple polices for the same remote site. In that case, the first matching policy is used. There are 2 ways t o change the order of policies: • Use the up and down indicators on the right t o move the selected row.
Microsoft VPN 75 Figure 50: VPN Wizard – General Screen General Settings Policy Name Enter a suitable name. This name is not supplied to the remote VPN. It is used only to help you m anage the policie s. Enable Policy Enable or disable the policy as re quired.
TW100-BRV204 User Guide 76 Figure 51: VPN Wizard - Traffic Selector Screen • For outgoing VPN conn ectio ns, these settings determine which traffic will cause a VPN tunnel to be created, and which tra ffic will be sent through the tunnel.
Microsoft VPN 77 Remote IP addresses Type • Single address - enter an IP address in the "Start IP address" field. • Range address - enter the starting IP address in th e "Start IP address" field, and the finish IP address in the "Fini sh IP ad- dress" field.
TW100-BRV204 User Guide 78 • For SHA-1, the keys should be 40 hex/20 ASCII charact ers. SPI • Each SPI (Security Parame ter Index) must be uni que. • The "in" SPI here must m atch the "out" SPI on the rem ote VPN, and the "out" SPI here must m atch the "in" SPI on the remote VPN.
Microsoft VPN 79 IKE Phase 1 If you selected IKE , the following screen is displayed after th e Traffic S e lecto r screen. This screen sets the parameters for the IKE SA. Figure 53: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE SA) Local Identity This setting must match the "Remote Identity" on the remote VPN.
TW100-BRV204 User Guide 80 Authentication • RSA Signature requires that both VPN endpoint s have valid Certificates issued by a CA (Certification Author ity). • For Pre-shared key , enter the same key value in both endpoints. The key should be at least 8 characters (m axim um is 128 charac- ters).
Microsoft VPN 81 IKE Phase 2 Screen This screen sets the parameters for the IPSec SA. When using IKE, there are separate connec- tions (SAs) for IKE and IPSec. Figure 54: VPN Wizard - IKE Phase 2 Screen IKE Phase 2 (IPsec SA) IPsec SA Life Time This setting does not have t o match the rem ote VPN endpoint; the shorter time will be used.
TW100-BRV204 User Guide 82 For IKE, configuration is now com plete. Click "Next" to view the final screen. Figure 55: VPN Wizard - Final Screen On the final screen, click "Finish " to save your settings, then "Close" to ex it the Wizard.
Microsoft VPN 83 VPN Examples This section describes som e examples of usi ng the TW100-BRV204 in comm on VPN situa- tions. Example 1: Connecting 2 TW100-BRV204 s In this example, 2 LANs are connected via VPN. Figure 56: Connecting 2 TW100-BRV204 s Note • The LANs MUST use different IP address ranges.
TW100-BRV204 User Guide 84 IKE Authentication method Pre-shared Key Pre-shared Key Certificates are not widely used. Pre-shared Key Xxxxxxxxxx Xxxxxxxxxx Must match IKE Authentication algorithm MD5 MD.
Microsoft VPN 85 Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to the TW100-BRV204 and gains access to the local LAN. Figure 57: Windows 2000/XP Client to T W100-BRV204 To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.
TW100-BRV204 User Guide 86 DH Group Group 1 (768 bit) Must mat ch client PC IKE SA Life tim e 28800 Does not have to match client PC. Shorter period will be used. IKE PFS Disable Must m atch client PC IPSec SA Parameters IPSec SA Life time 28800 Do not have to match.
Microsoft VPN 87 Figure 59: Windows 2000/XP - Policy Properties • Note that no rules are in use. Two (2) rul es are required - incoming and outgoing. • The outgoing rule will be ad ded first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" to view t he screen below.
TW100-BRV204 User Guide 88 Figure 61: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address . • Since this is the outgo in g filter, the Source IP address is "My IP address" and the Destination IP address is t h e address range used on the remote LAN.
Microsoft VPN 89 Figure 63: New Rule Properties: Filter Action 11. Select Require Security , then click the "Edit" button, to v iew the Requi re Security Proper- ties screen. Figure 64: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add".
TW100-BRV204 User Guide 90 Figure 65: Modify Security Method 13. On the resulting screen (above), select Hi gh [ESP] then click "OK" to save your changes and return to the Require Security Properties screen. Figure 66: Require Security Properties 14.
Microsoft VPN 91 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address . Enter the WAN (Internet) IP address of the TW100-BRV204 , as shown below. Figure 67: Tunnel Setting 16. Click the Authentication Methods tab, then click the "Edit" to see the screen like the example below.
TW100-BRV204 User Guide 92 Figure 69: Windows 2000/XP Client to T W100-BRV204 20. To add the second (incomi ng) rule, click "Add". For the nam e, enter "To Win2K", then click "Add". Figure 70: Windows 2000/XP Client to T W100-BRV204 21.
Microsoft VPN 93 Figure 71: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Cl ose". Figure 72: Filter List 23.
TW100-BRV204 User Guide 94 Figure 73: Filter Action 24. Select Require Security , then click "Edit". On the Require Security Methods screen below, select Negotiate security . Figure 74: Security Methods 25. Click the "Add" butt on.
Microsoft VPN 95 Figure 75: Modify Security Method 26. Click "OK" to save your chan g es, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the WAN (In tern et) IP address of this PC (172.
TW100-BRV204 User Guide 96 Figure 77: Authentication Method 29. Select Use this string to protect the key exchange (preshared key) , then enter your pre- shared key in the field provided. 30. Click "OK" to save your setting s, then "Close" to return to the DUT to Win2K Properties screen.
Microsoft VPN 97 Figure 79: Properties - General Tab 32. Click the "Advanced" button t o see the screen below. Figure 80: Key Exchange Settings 33.
TW100-BRV204 User Guide 98 Figure 81: Key Exchange Security Methods 34. Select the first entry, and click the "Edit" b utton to see the following screen. Figure 82: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm , "3DES" for Encryption algorithm , and "Low(1)" for the Diffie-Hellman Group .
Microsoft VPN 99 Example 3: Windows 2000 Server to VPN Gatew ay In this example, a Windows 2000 Server connects to the TW100-BRV204 . Users on each LAN can then gain access to the remote LAN.
TW100-BRV204 User Guide 100 Windows 2000 Server Configuration Configuration is t he same as for Example 2: Window s 2000/XP Client t o except for specify- ing the Source and Destination addresses for the "Filter Pro perties". Instead , for both IP Filters, the Filter Properties- Addressin g should be completed as follows.
Microsoft VPN 101 Certificates Certificates are used to authen ticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificat e to itself.
TW100-BRV204 User Guide 102 Figure 87: Add Trusted Certificate 3. Click the "Browse" butt on, and locat e the certificate file on your PC 4. Select the file. The name will appear in the "Certificate File" field. 5. Click "Upload" to upload t h e certificate file to the TW100-BRV204 .
Microsoft VPN 103 Delete button Use t h is button to delete a Self Certificate. Select t he checkbox in the Delete column for any Certificates you wish to d elete, th en click the "Delete" button. Self Certificate Requests Request List Any current requests are list ed.
TW100-BRV204 User Guide 104 Name Enter a name which helps to identify this p articular certifi- cate. This name i s only for your reference, it is not visible to other people. Subject Name This is the name which other organizatio n s will see as the Holder (owner) of this Certi ficate.
Microsoft VPN 105 • Start the Self Certificate request procedure. • When prompted for the request data, suppl y the data you copied and saved i n step 5 above. • Submit the CA's form. • If there are no problems, the Certificate will then be issu ed.
TW100-BRV204 User Guide 106 Figure 92: Certificate Revocation Lists 3. Click the "Add New CRL" button . You will see a screen like the following: Figure 93: Upload CRL 4. Upload the CRL file: • Click the "Browse" butt on, and locate the CRL file on your PC • Select the file.
Microsoft VPN 107 Data – VPN Status Screen VPN Status Policy Name The name of the VPN Polic y which triggered thi s VPN connection. SPI Each SA (Securi ty Association) has a unique SPI. For m anual keys, this SPI is specified by user input. If using IKE, the SPI is generate d by the IKE negotiation process.
108 Chapter 9 Microsoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. Overview Microsoft VPN uses the Microsoft VPN Adapter which is provided in recent versions of Windows. This feature can be used to provide remote access to your L AN by individual PCs.
Microsoft VPN 109 Data – Microsoft VPN Screen PPTP Server Enable Use this checkbox to enable or disable this feature as required. To allow connection by rem ote Windows clients, you must enable t h is feature, and enter the client d etails (o n the Clients screen) to allow them to login to this Server.
TW100-BRV204 User Guide 110 Delete Button Use this to delete the selected user if required. Properties Allow connection Use this to enable or disable access by this user, as required. Login Name Enter the login name . The remote user m ust provide this name when they connect.
Microsoft VPN 111 Status Screen The Status screen is accessed by selecting the Status opt ion on the Microsoft VPN menu. Figure 97: Microsoft VPN Status Screen Data - Microsoft VPN Status Screen Server Status Status This indicates whether or not th e PPTP (VPN) Server is enabled.
TW100-BRV204 User Guide 112 Windows Client Setup To connect to the PPTP (VPN) Server in the VPN Broadband Gateway: • The Microsoft VPN feature in the VPN Broadband Gat eway must be enabl ed and config- ured, as described in the previous section.
Microsoft VPN 113 5. Click "Finish" to exit the W izard. The new entry will now be listed in "Dial-up Networking". If necessary, you can change the settings for this connection by right -clicking on it, and select- ing Properties .
TW100-BRV204 User Guide 114 Windows 2000 Ensure you have logged on with Adm inistrato r rights before attem pting this procedure. 1. Open "Network Connections", and st art the "New Connection" Wizard. Figure 100: Windows 2000 Network Connection 2.
Microsoft VPN 115 Figure 102: Windows 2000 VPN Host 4. On the screen above, enter the Doma in Name or Internet IP address of the TW100- BRV204 you wish to connect t o . Click Next to continue. Figure 103: Windows 2000 Connection Availability 5. Choose whether to allow this connection for ev eryone, or only for y ourself, as required.
TW100-BRV204 User Guide 116 Figure 104: Windows 2000 Finish Wiz ard 6. Enter a suitable name, and click "Finish" to save an d exit. Setup is now complete. To establish a connection: 1. Right-click the connect ion in "Network Connections", and select "Connect".
Microsoft VPN 117 Windows XP Ensure you have logged on with Adm inistrato r rights before attem pting this procedure. 1. Open Network Connecti ons (Start-Settings-Network Conn ections), and start the New Connection Wizard. Figure 105: Windows XP Network Connection Type 2.
TW100-BRV204 User Guide 118 Figure 107: Windows XP Connection Name 4. Enter a suitable name for this connection. Click Next to continue. Figure 108: Windows XP Public Network 5. On the screen above, select "Do not dial the initial connection".
Microsoft VPN 119 6. On the screen above, enter the Doma in Name or Internet IP address of the TW100- BRV204 you wish to connect t o . Click Next to continue. Figure 110: Windows XP Connection Availability 7. Choose whether to allow this connection for ev eryone, or only for y ourself, as required.
120 Chapter 10 Other Features & Settings This Chapter explains the screens and settings available via the "Other" menu. Overview Normally, it is not necessary to use these scr eens, or change any settings. These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users.
Other Features and Settings 121 Config File This feature allows you to backup (downloa d) the current settings from the TW100-BRV204 , and save them to a file on your PC. You can restore a previously-downloaded confi guration file to t he TW100-BRV204 , by uploading it to t he TW100-BRV204 .
TW100-BRV204 User Guide 122 Network Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These activities can be useful in solving network problem s.
Other Features and Settings 123 PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It elimi- nates the need to enter IP addresses. Also, y ou do not need to use fixed IP addresses on your LAN. PC Database Screen An example PC Data base screen is shown below.
TW100-BRV204 User Guide 124 Data - PC Database Screen Known PCs This lists all current entries. Data displayed is name (IP Address) type . The "type" indicates whether the PC is connected to the LAN. Name If adding a new PC to the list, en ter its n am e here.
Other Features and Settings 125 PC Database (Admin) This screen is display ed if the "Advanced Admi nistration" button on t h e PC Database is clicked. It provides m ore control than the standard PC Database screen. Figure 114: PC Database (Admin) Data - PC Database ( Admin) Screen Known PCs This lists all current entries.
TW100-BRV204 User Guide 126 MAC Address Select the appropriate opt ion • Automatic discovery - Select this to have the TW100-BRV204 contact the PC and find its MAC address. This is only possible if the PC is connected to the LAN and powered On. • MAC is - Enter the MAC address on the PC.
Other Features and Settings 127 Remote Administration Remote Administration allows you to connect to this interface vi a the Internet, using your Web browser. Figure 115: Remote Administration Screen Data - Remote Administration Screen Information Information To establish a connection fro m the Internet: 1.
TW100-BRV204 User Guide 128 nected to the Internet. But if u sing a Dynamic IP Address, this value can change each time you connect to your ISP. There are 2 solutions to this prob lem: • Have your ISP allocate you a Fixed IP address. • Use the DDNS feature (Internet m enu) so you can connect using a Domain Nam e, rather than an IP address.
Other Features and Settings 129 Routing Overview • If you don't have other R outers or Gateways on your LAN, y ou can ignore the "Routing" page completely. • If the TW100-BRV204 is only acting as a Gat eway for the local LAN segm ent, ignore the "Routing" page even if your LAN has other R outers.
TW100-BRV204 User Guide 130 Figure 116: Routing Screen Data - Routing Screen RIP Enable RIP Check this to enable the RIP (Routing Inform ation Protocol) feature of the TW100-BRV204 . The TW100-BRV204 supports RIP 1 only. Static Routing Static Routing Table Entries This list shows all entries in the Routing Table.
Other Features and Settings 131 Properties • Destina tion Network - The network address of the remot e LAN segment. For standard class "C " LANs, the network address is the first 3 fields of the Desti n ation IP Address. The 4th (last) field can be left at 0.
TW100-BRV204 User Guide 132 Other Routers on the Local LAN Other routers on the local LAN m u st use the TW100-BRV204 's Local Router as the Default Route . The entries will be the same as the TW100- BRV204 's local router, with the exception of the Gateway IP Address .
Other Features and Settings 133 Metric 3 For Router A's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.0.1 (TW100-BRV204 's IP Address) Interface LAN For Router B's Default Route Destination IP Address 0.
TW100-BRV204 User Guide 134 Upgrade Firmware Use this screen to upgrade your TW100-BRV204 's fi rmware. • You must download the requi red firmware file, and store it on your PC . • During the upgrade process, all existing Inte rnet connections will be terminated.
Other Features and Settings 135 UPnP An example UPnP screen is shown bel ow. Figure 119: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Services • UPnP (Universal Plug and Play) all o ws automatic discovery and configuration of equipm ent attached to your LAN.
136 Appendix A T roubleshooting This Appendix covers the most likely probl ems and their solutions. Overview This chapter covers some comm on problems that m ay be encountered while using the TW100- BRV204 and some possi ble solutions to them .
Appendix A - Troubleshooting 137 Solution 2: The TW100-BRV204 processes the data passing through it, so i t is not transparent. Use the Special Applicati ons feature to allow the use of Internet applications which do not function correct ly. If this does solve the problem you can use the DMZ function.
138 Appendix B Specifications TW100-BRV204 Model TW100-BRV204 Dimensions 141mm(W) * 100m m(D) * 27mm(H) Operating Temperature 0 ° C to 40 ° C Storage Temperature -10 ° C to 70 ° C Network Protocol.
Appendix B - Specifications 139 FCC Radiation Exposure Statement This equipment complies with FCC RF radiat ion exposure limits set forth for an uncontrol led environment. Thi s equipment shoul d be installed and operated with a mi nimum distance of 20 centimeters bet w een the radiator and your body.
TW100-BRV204 User Guide 140 Limited Warranty TRENDware warrants its products against def ects in material and workmanship, under normal use and service, for the following lengths of time from the date of pur- chase.
Appendix B - Specifications 141 PERSON’S MISUSE, NEGLECT, IMPRO PER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR OR MODIFY, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
TW100-BRV204 User Guide 142.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il TRENDnet BRV204 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del TRENDnet BRV204 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso TRENDnet BRV204 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul TRENDnet BRV204 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il TRENDnet BRV204, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del TRENDnet BRV204.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il TRENDnet BRV204. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo TRENDnet BRV204 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.