TRENDnet TW100-BRV324 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung TRENDnet TW100-BRV324 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von TRENDnet TW100-BRV324, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung TRENDnet TW100-BRV324 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung TRENDnet TW100-BRV324. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung TRENDnet TW100-BRV324 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts TRENDnet TW100-BRV324
- Den Namen des Produzenten und das Produktionsjahr des Geräts TRENDnet TW100-BRV324
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts TRENDnet TW100-BRV324
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von TRENDnet TW100-BRV324 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von TRENDnet TW100-BRV324 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service TRENDnet finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von TRENDnet TW100-BRV324 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts TRENDnet TW100-BRV324, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von TRENDnet TW100-BRV324 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    [...]

  • Seite 2

    [...]

  • Seite 3

    Table of Contents CHAPTER 1 INTRODUCTION ............................................................................................. 1 Broadband VPN Gateway Features ................................................................................ 1 Package Contents ..................................................................................[...]

  • Seite 4

    ii VPN Examples ................................................................................................................. 82 Certificates .................................................................................................................. ... 100 CRL .............................................................................[...]

  • Seite 5

    1 Chapter 1 Introduction This Chapter provides an overview of th e Broadband VPN Gateway's features and capabilities. Congratulations on the purchase of your new Broadband VPN Gateway. The Br oadband VPN Gateway is a multi-function device providing the following servi ces: • Shared Broadband Internet Access for all LAN users. • VPN Gateway[...]

  • Seite 6

    Broadband VPN Gateway User Guide • Virtual Servers. This feature allows Internet us ers to access Internet servers on your LAN. The required se tup is quick and easy. • Multi-DMZ. For each WAN (Internet) IP address allocated to you, one (1) PC on your local LAN can be configured to allow unrestricted 2-way communication with Servers or ind ivid[...]

  • Seite 7

    Introduction Security Features • Password - protected Configuration . Optional password protecti on is provided to prevent unauthorized users from m odifying the configuration data and set tings. • NAT Protection. An intrinsic side effect of NAT (Network Address Transl ation) technology is that by allowi ng all LAN users to share a single IP ad[...]

  • Seite 8

    Broadband VPN Gateway User Guide Physical Details Front-mounted LEDs Figure 2: Front Panel Power On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. WAN ports (10/100BaseT) Connect the DSL or Cable Modem here. If your modem cam e with a cable, use the supplied cable. [...]

  • Seite 9

    Introduction 5 Rear Panel Figure 3: Rear Panel WAN port 1/2 (10/100BaseT) Connect the DSL or Cable Modem here. If your modem cam e with a cable, use the supplied cable. Otherwise, use a standard LAN cable. 10/100BaseT LAN connections Use standard LAN cables (RJ45 connectors) to connect y our PCs to these ports. Note: Any LAN port on th e Broadband [...]

  • Seite 10

    2 Chapter 2 Installation This Chapter covers the physical i nstallation of the Broadband VPN Gateway. Requirements • Network cables. Use standard 10/100BaseT net work (UTP) cables with RJ45 connectors. • TCP/IP protocol m ust be installed on all PCs. • For Internet Access, an Internet Access account wi th an ISP, and a Broadband modem (usuall[...]

  • Seite 11

    Installation 7 5. Check the LEDs • The Power LED should be ON. • The Status LED should blink duri ng start up, then turn Off. If it stays on, there is a hardware error. • For each LAN (PC) connection, the LAN Link/Act LED should be ON (provided the PC i s also ON.) • The WAN1 or WAN2 LED should be ON. For more information, refer to Front-mo[...]

  • Seite 12

    Chapter 3 Setup This Chapter provides Setup det ails of the Broadband VPN Gateway. Overview This chapter describes the setup procedure for: • Internet Access • LAN configuration PCs on your local LAN m ay also require configuration. For details, see Chapt er 4 - PC Configuration . Other configuration m ay also be required, depending on which fe[...]

  • Seite 13

    Setup Use the Microsoft VPN feature: • PPTP Server in the Broadband VPN Gateway. • User and Client setup. • Checking VPN connection Status. Chapter 9: Microsoft VPN Configure or use any of the followi ng: • Configuration File backup and restore. • Network Diagnostic • PC Database • Remote Administration • Routing • Upgrade Firmwar[...]

  • Seite 14

    Broadband VPN Gateway User Guide 3. In the Address box, enter "HTTP://" and the IP Address of the Broadband VPN Gateway, as in this example, which uses the Broadband VPN Gateway 's defaul t IP Address: HTTP://192.168.0.1 If you can't connect If the Broadband VPN Gateway does not respond, check t he following: • The Broadband V[...]

  • Seite 15

    Setup Home Screen After logging, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below. Figure 6: Home Screen Navigation & Data Input • Use the menu bar on the l eft of the screen, and the "Back" button on your Browser, for navigation. • Changing to an[...]

  • Seite 16

    Broadband VPN Gateway User Guide WAN Port Configuration The WAN Port option is on the Setup m enu. Figure 7: WAN Port Screen Data - WAN Port Screen WAN Port Settings Connections Normally, this can be left at "Aut omatic". If the device attached to the WAN Port has problems m aking a connection, you can select the setting required or prefe[...]

  • Seite 17

    Setup Gateway The address of the router or gateway, as suppli ed by your ISP. PPPoE Dial-up User Name The User Name (or account nam e) provided by your ISP. Password Enter the password for the login nam e above. Hostname Normally , there is no need to change the default name, but if y our ISP requests that you use a particul ar Hostname, enter it h[...]

  • Seite 18

    Broadband VPN Gateway User Guide Port Options Screen Use the Port Options link on the Set up menu. An example screen is shown below. Figure 8: Port Options Screen Data - Port Options Screen Port Options Symmetric NAT If Enabled, all requests from the same internal IP address and p o rt to a specific destination IP address and port are mapped to a u[...]

  • Seite 19

    Setup MTU Size • MTU (Maxim um Transmission Unit) val ue should only be changed if advised to do so by Technical Support . • Enter a value between 1 and 1500. • This device will still auto-neg o tiate with the remote server, to set the MTU size. The smal ler of the 2 values (auto-negotiated, or entered here) will be used. PPPoE Connection Aut[...]

  • Seite 20

    Broadband VPN Gateway User Guide LAN Port Screen Use the LAN Port link on the main m enu to reach the LAN Port screen. An example screen is shown below. Figure 9: LAN Port Screen Data - LAN Port Screen LAN LAN IP Address IP address for the Broadband VPN Gateway, as seen from the local LAN. Use the default value unless the address is already in use [...]

  • Seite 21

    Setup DHCP What DHCP Does A DHCP (Dynami c Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request . • The client request is m ade when the client device starts up (boots). • The DHCP Server provides the Gateway and DNS addresses to the client, as well as allocating an IP Add r ess. • The [...]

  • Seite 22

    Broadband VPN Gateway User Guide Load/Backup Screen Use the Load/Backup link on the Setup m enu. An example screen is shown below. Figure 10: Load/Back Screen Data - Load/Backup Screen Administration WAN There are 3 modes: 1. If Enable is select ed for W AN 1, then choose Backup for WAN 2. 2. If Load Balance is selected for WAN 1, then choose Load [...]

  • Seite 23

    Setup 19[...]

  • Seite 24

    4 Chapter 4 PC Configuration This Chapter detail s the PC Configuration required on the local ( " Internal") LAN. Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration Windows Clients This section describes how to configure Windows clients for Internet access via the B[...]

  • Seite 25

    PC Configuration Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Net work . You should see a screen like the following: Figure 11: Network Configuration 2. Select the TCP/IP protocol for your net work card. 3. Click on the Properti es button. You should then see a screen like the following. Figure 12: IP Address (Win 95) Ensure [...]

  • Seite 26

    Broadband VPN Gateway User Guide Figure 13: Gateway Tab (Win 95/98) • On the DNS Configurati on tab, en su re Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields besi de the Add bu tton, then click Add . Figure 14: DNS Tab (Win 95/98) 22[...]

  • Seite 27

    PC Configuration Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Net work , and, on the Protocols tab, select the TCP/ IP protocol, as shown below. Figure 15: Windows NT4.0 - TCP/ IP 2. Click the Properties button to see a screen like the one below. Figure 16: Windows NT4.0 - IP Address 3. Select the network card for your LAN. 4.[...]

  • Seite 28

    Broadband VPN Gateway User Guide Obtain an IP address from a DHCP Server This is the default Windows setting. Using this is recommended . By default, the Broadband VPN Gateway will act as a DHCP Server. Restart your PC t o ensure it obtains an IP Address from the Broadband VPN Gateway. Specify an IP Address If your PC is already confi gured, check [...]

  • Seite 29

    PC Configuration Figure 18: Windows NT4.0 - DNS 25[...]

  • Seite 30

    Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Net work and Dial-up Connection . 2. Right - click t he Local Area Connection icon and select Properties . You should see a screen like the followi ng: Figure 19: Network Configuration (Win 2000) 3. Select the TCP/IP protocol for your net work card. [...]

  • Seite 31

    PC Configuration Using DHCP To use DHCP, select the radio butt on Obtain an IP Address automatically . This is the default Windows setting. Using this is recom- mended . By default, the Broadband VPN Gateway will act as a DHCP Server. Restart your PC t o ensure it obtains an IP Address from the Broadband VPN Gateway. Using a fixed IP Address ("[...]

  • Seite 32

    Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Net work Connection . 2. Right click t he Local Area Connection and choose Properties . You should see a screen like the following: Figure 21: Network Configuration (Windows XP) 3. Select the TCP/IP protocol for your net work card. 4. Click on the Prope[...]

  • Seite 33

    PC Configuration Figure 22: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio butt on Obtain an IP Address automatically . This is the default Windows setting. Using this is recom- mended . By default, the Broadband VPN Gateway will act as a DHCP Server. Restart your PC t o ensure it[...]

  • Seite 34

    Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows Vista 1. From the Start menu, right-click Network, then cli ck Properties. Now, the Network and Sharing Center displa ys. 2. Under Tasks located on the left-hand side of the window, click Manage network connections. 3. In Network Connections window di splays, right click on the cor[...]

  • Seite 35

    PC Configuration 31[...]

  • Seite 36

    Broadband VPN Gateway User Guide Internet Access To configure your PCs to use the Br oadband VPN Gateway for Internet access: • Ensure that the DSL modem , Cable modem, or ot her permanent connection is functional. • Use the following procedure to configure your Browser to access the Internet via the LAN, rather than by a Dial-up connection. Fo[...]

  • Seite 37

    PC Configuration 33 Macintosh Clients From your Macintosh, you can access th e Internet via the Broadband VPN Gate way. The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up m enu. 3. Select Using DHCP Server from the Confi gure pop-up menu. The DHCP Client ID fi eld can be left blank. 4. Clos[...]

  • Seite 38

    5 Chapter 5 Operation and Status This Chapter details the operation of the Broadband VPN Gateway and the status screens. Operation Once both the Broadband VPN Gateway and the PC s are configured, operation is automatic. However, there are some situations where add iti onal Internet configuration may be required: • If using Internet-based Communic[...]

  • Seite 39

    Operation and Status Figure 23: General Status Screen 35[...]

  • Seite 40

    Broadband VPN Gateway User Guide Data - General Status Screen WAN1/2 Connection Method This indicates the current connect ion method. IP Address This IP Address is allocated by the ISP (Internet Service Provid- er). Subnet Mask The Subnet Mask associated with the IP Address above. Gateway The IP Address of the remote Gate way or Router associated w[...]

  • Seite 41

    Operation and Status Show Status Display the usage of the C PU and Memory in a sub-window. Port Status Click the "Port Stat us" button on the Status Log menu. An exampl e screen is shown below. Figure 24: Port Status Screen Data - Port Status Screen Port Status Network Flow The picture shows the current net work flow. Buttons Refresh Upda[...]

  • Seite 42

    Broadband VPN Gateway User Guide Event Log An example screen is shown below. Figure 25: Event Log Screen Data - Event Log Screen Event Log Time It displays the time wh en the event occurred. Event It describes the details of th e event. Host It displays the IP Address of the server. Buttons Refresh Update the data shown on screen. Clear Delete all [...]

  • Seite 43

    Operation and Status URL Log An example screen is shown below. Figure 26: URL Log Data - URL Log Internet Time It displays the time when the log occurred. Event It describes the address of the URL. PC It displays the IP Address of t h e PC. Buttons Refresh Update the data shown on screen. Clear Delete all data currently in the Log . 39[...]

  • Seite 44

    Broadband VPN Gateway User Guide 40 System Log An example screen is shown below. Figure 27: System Log Data - System Log Screen System Log Search Type Select the desired options of sear ch type. Click the “Search” button to see the logs in th e fo llowing log table. Time It displays the time when the system log occurred. Event It describes the [...]

  • Seite 45

    6 Chapter 6 Internet Features This Chapter explains when and how to use the Broadband VPN Gateway's "Internet" Features. Overview The following advanced features are provided. • Address List • PC Database • URL Filter • Dynamic DNS • Static Routing • QoS 41[...]

  • Seite 46

    Broadband VPN Gateway User Guide Address List Click the "Address List" on the Advanced m enu to access the screen. An ex ample screen is shown below. Figure 28: Address List Screen Data - Address List Screen Address List Address List This lists any existin g entries. If you have n ot entered any values, this list will be empty. Select All[...]

  • Seite 47

    Internet Features PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It elim inates the need to enter IP addresses. Also, you do not need to use fixed IP addresses on your LAN. PC Database Screen An example PC Dat abase screen is shown below. Figure 29: PC Database • PCs which are "DHCP Cl[...]

  • Seite 48

    Broadband VPN Gateway User Guide Data - PC Database Screen PC List This lists all current entries. Data displayed is PC Name, MAC Ad- dress, IP Address and Certify . Buttons Edit To Edit or modify an ex istin g entry, select it and click the "Ed it" button. Delete Delete the selected PC from the list. This should be done in 2 sit u a- tio[...]

  • Seite 49

    Internet Features URL Filter The URL Filter allows you to block access to undesirable Web site. An example screen is shown below. Figure 30: URL Filter Screen Data - URL Filter Screen Filter Strings Current Entries This lists any existing entries. If you have n o t entered any values, this list will be empty. URL Filter Rule List Select the desired[...]

  • Seite 50

    Broadband VPN Gateway User Guide Add Key Words To add an entry to th e list, enter it here, and click the "Ad d" button. An entry may be a Dom ain name (e.g. www.trash.com) or sim p ly a string. (e.g. ads/ ) Any URL which contains ANY entry ANYWHERE in the URL will be blocked. Buttons Delete Se- lected/Delete All Use these buttons to dele[...]

  • Seite 51

    Internet Features Dynamic DNS This free service is very usef ul when combined with the Virtual Server feature. It allows Internet us ers to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address m ay change whenever you connect, [...]

  • Seite 52

    Broadband VPN Gateway User Guide Data - Dynamic DNS Screen WAN1/2 DDNS Service Select the desired DDNS Service provider. Web Site Button Click this button t o open a new window and connect to the Web site for the selected DDNS service provider. DDNS Status • This message is returned by the DDNS Server • Normally , this message should be somet h[...]

  • Seite 53

    Internet Features Static Routing Overview • If you don't have other R outers or Gateways on your LAN, you can ignore the "Rout ing" page completely. • If the Broadband VPN Gateway is only acting as a Gateway for the local LAN segment , ignore the "Routing" page even if your LAN has other Routers. • If your LAN has a s[...]

  • Seite 54

    Broadband VPN Gateway User Guide Figure 32: Static Routing Screen Data - Static Routing Screen RIP RIP Version Select the desired option from the drop-down list. Static Routing Static Routing Table Entries This list shows all entries in th e Routing Table. • The "Properties" area shows d etails of the selected item in the list. • Chan[...]

  • Seite 55

    Internet Features Buttons Save Save the RIP setting. This has no effect on the St atic Routing Table. Add Route Add a new entry to the Stati c Routing table, using the data shown in the "Properties" area on screen. Th e entry selected in the list is ignored, and has no effect. Update Route Update the current Stati c Routing Table entry, u[...]

  • Seite 56

    Broadband VPN Gateway User Guide Static Routing - Example Figure 33: Routing Example For the Broadband VPN Gateway 's Routing Table For the LAN shown above, with 2 routers and 3 LAN segm ents , the Broadband VPN Gateway requires 2 entries as foll ows. Entry 1 (Segment 1) Destination IP Address 192.168.1.0 Network Mask 255.255.255.0 (Standard C[...]

  • Seite 57

    Internet Features Network Mask 0.0.0.0 Gateway IP Address 192.168.1.80 (Broadband VPN Gateway ' s local router) Interface LAN 53[...]

  • Seite 58

    Broadband VPN Gateway User Guide QoS Quality of Service (QoS) ensures better serv ice to high-priority service. Figure 34: QoS Screen Data - QoS Screen QoS Setting QoS Method Select the desired option. • Disabled • Based on data packet type 54[...]

  • Seite 59

    Internet Features 55 • QoS Queue: It displays t he queue type. • Priority: Enter the priority v alue (1~20) of th e policy. • Reliability: Select the desired optio n from the drop-do wn list. • Speed Limit: Enter the desired values for the inbound and outbound traffic li mitation. • Based on QoS rules set below • Policy Name: It display[...]

  • Seite 60

    7 Chapter 7 Security Configuration This Chapter explains the settings available via the s ecurity configuration secti on of the "Security" menu. Overview The following advanced configurations are provi ded. • Rules • Schedules • Log Setting • Services • Security • DMZ • E-Mail Rules For normal operati on and LAN protection, [...]

  • Seite 61

    Security Configuration Data - Rules Screen Outbound/Inbound Connection View Rules for.. Select the desired option; the scr een will update and list any current rules. If you have not defin ed any rules, the list will be empty. Data For each rule, the following data is shown: • Name - The name you assigned t o the rule. • Source - The traffic co[...]

  • Seite 62

    Broadband VPN Gateway User Guide Define Firewall Rule (Inbound/Outbound) Clicking the "Add" but ton in the Firewall Rules screen will display a screen like the example below. Figure 36: Define Firewall Rule Data - Define Firewall Rule Screen Name Enter a suitable name for this rule. Port Select the desired port as required. Type This dete[...]

  • Seite 63

    Security Configuration Dest IP These settings determ ine which traffic, based on their destination IP address, is covered by this rule . Select the desired option: • Any - All traffic from the source port is covered b y this ru le. • Single address - Enter the required IP address in t he "Start IP address" field". You can ignore [...]

  • Seite 64

    Broadband VPN Gateway User Guide Schedules • Blocking will be performed during th e scheduled time (between the "Begin" and "End" times.) • Two (2) separate sessions or periods can be defined. • Times m ust be entered using a 24 hr clock. • If the time for a particular day is blank, no action will be p erfo rmed. Schedul[...]

  • Seite 65

    Security Configuration Firewall -- Log The Logs record various types of activit y on the Broadband VPN Ga teway. This data is useful for troubleshooting, but enabling a ll logs will generate a large amount of data and adversely affect perform ance. Since only a lim ited amount of log data can be st ored in the Broadband VPN Gateway, log data can al[...]

  • Seite 66

    Broadband VPN Gateway User Guide Second Server Name/IP Address This is option al. System Log Enable System Log If enabled, lo g data will be sent to your system log Server. System Log Server Enter the IP address of your System Log Server. Include Select the logs you wish to be included in the data sent to the System Log Server. 62[...]

  • Seite 67

    Security Configuration Services Services are used in defining traffic t o be blocked or allowed by the Firewall Rules features. Many common Services are pre-defined, but you can also define your own servi ces if required. To view the Services screen, select the Services link on the Firewal l menu. Figure 39: Services Screen Data - Services Screen A[...]

  • Seite 68

    Broadband VPN Gateway User Guide if not required. 64[...]

  • Seite 69

    Security Configuration Security This screen allows you to set Firewall and o ther security-related options. Figure 40: Security Screen Data - Security Screen Firew all Echo ICMP on LAN Port The ICMP protocol is used by the "ping" and "trace route" programs, and by network moni toring and diagnostic programs. • If checked, the [...]

  • Seite 70

    Broadband VPN Gateway User Guide Maximum Con- nections per PC Enter the maxim u m value for the connections of each PC. Maximum Appli- cations per host Enter the maximum value for the applications of each host. Set New Connec- tion(s) not upto: Set the value to contro l th e speed of the intern et. Connection Priori- ty There are 2 options to set t[...]

  • Seite 71

    Security Configuration DMZ This feature, if enabled, all ows the DMZ computer or computers on your LAN to be exposed t o all users on the Internet. • This allows almost any application to b e used on the "DMZ PC". • The "DMZ PC" will receive all "Unknown" connections and data. • If the DMZ feature is enabled, you[...]

  • Seite 72

    Broadband VPN Gateway User Guide E-Mail Figure 42: E-Mail Screen Data - E-Mail Screen E-Mail Alert Send E-Mail alert If enabled, an E-Mail will be sen t imm ed iately if a Do S (Den ial of Service) attack is detected . If enabled, the E-mail address information m ust be provided. Send E-Mail alert… If enabled, an E-Mail will be sen t immediately [...]

  • Seite 73

    Security Configuration 69 Send Select the desired option for sendi ng the log by E-mail. • When the log is full - The time is not fixed. The log will be sent when the log is full, which will d epend on the volume of traffic. • Every day, Every Monday... - The log is sent on the inter- val specified. • If "Every day" is selected, th [...]

  • Seite 74

    8 Chapter 8 VPN (IPSec) This Chapter describes the VPN capabilities and c onfiguration required fo r common situations. Overview This section describes the VPN (Virtual Private Net w ork) support provided by your Broadband VPN Gateway. A VPN (Virtual Private Network) provides a secure connect ion betw een 2 points, over an insecure network - typica[...]

  • Seite 75

    Microsoft VPN Note that different vendors use di fferent terms. Generally, th e term s "VPN Policy", "IPSec Policy", and "IPSec Proposal" have t he same m eaning. However, some vendors separate IKE Policies (Pha se 1 param eters) from IPSec Policie s (Phase 2 parameters). For the Broadband VPN Gateway; each VPN polic y[...]

  • Seite 76

    Broadband VPN Gateway User Guide Common VPN Situations VPN Pass-through Figure 43: VPN Pass-through Here, a PC on the LAN behind the Router/Gat eway is using VPN so ftware, but the Router/Gateway is NOT acting as a VPN endpoi nt. It is only all owing the VPN connection. • The PC software can use any VPN protocol support ed by the remote VPN. • [...]

  • Seite 77

    Microsoft VPN Connecting 2 LANs via VPN Figure 45: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. • The 2 LANs MUST use different IP address ranges. • The VPN Policies at each end determine when a VPN tunnel will be established, and what system s on the remote LAN c[...]

  • Seite 78

    Broadband VPN Gateway User Guide VPN Configuration This section covers the configurati on re quired on the Broadband VPN Gateway when usi ng Manual Key Exchange (Manual Policies) or IKE (Automatic Policies). Details of using Certificates are cov ered in a later section. Policies Screen To view this screen, select Policies from the VPN menu. This sc[...]

  • Seite 79

    Microsoft VPN Move The order in whi ch policies are listed is onl y important if you have multiple polices for the same remote site. In that case, the first matching policy is used. There are 2 ways t o change the order of policies: • Use the up and down indicators on the right t o move the selected row. You must confirm your changes by clicking [...]

  • Seite 80

    Broadband VPN Gateway User Guide Adding a New Policy To create a new VPN Policy, click the Add New Policy button on the Policies screen. 76[...]

  • Seite 81

    Microsoft VPN Figure 47: VPN Wizard - Start Screen 77[...]

  • Seite 82

    Broadband VPN Gateway User Guide General Settings Policy Name Enter a suitab le name. This name is not supplied to the remote VPN. It is used only to hel p you manage the policies. Enable Policy Enable or disable the policy as required. For each remote VPN, only 1 policy can be enabled at any time. Allow NetBIOS Transmission Select the desired opti[...]

  • Seite 83

    Microsoft VPN ESP Encryption ESP (Encapsulating Securit y Payload) provides security for the payload (data) sent through the VPN tunnel. Generally, you will want to enable both Encrypt ion and Authentication. Authentication Algorithm • The 3DES algorithm provi des greater security than DES, but is slower. • If using AES, you must sel ect the Ke[...]

  • Seite 84

    Broadband VPN Gateway User Guide ESP Authentication Generally, you should enable ESP Authentication. There is little difference between the availabl e algorithms. Just ensure each endpoint use the same setting. • The "In" key here must m atch the "Out" key on the remote VPN, and the "Out" key here must match the &quo[...]

  • Seite 85

    Microsoft VPN Authentication • RSA Signature requires that both VPN endpoint s have valid Certificates issued by a CA (Certification Authority). • For Pre-shared key , enter the same key value in both end- points. The key should be at least 8 characters (maximum is 128 characters). Note that this key is used for the IKE SA only. The keys used f[...]

  • Seite 86

    Broadband VPN Gateway User Guide VPN Examples This section describes som e examples of using the Broadband VPN Gateway i n common VPN situations. Example 1: Connecting 2 Broadband VPN Gateways In this example, 2 LANs are connected via VPN. Figure 48: Connecting 2 Broadband VPN Gateways Note • The LANs MUST use different IP address ranges. • Bot[...]

  • Seite 87

    Microsoft VPN IKE Authentication algorithm MD5 MD5 Must match IKE Encryption DES DES Must m atch IKE Exchange mode Main Mode Main Mode Mu st match DH Group Group 1 (768 bit) Group 1 (768 bit) Must m atch IKE SA Life tim e 28800 28800 Does not have to matc h. Shorter period will be used. IKE PFS Disable Disable Must match IPSec SA Parameters IPSec S[...]

  • Seite 88

    Broadband VPN Gateway User Guide Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to the Broadband VPN Gateway and gains access to the local LAN. Figure 49: Windows 2000/XP Client to Broadband VPN Gatew ay To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed. Broadband VPN Gat[...]

  • Seite 89

    Microsoft VPN period will be used. IKE PFS Disable Must match client PC IPSec SA Parameters IPSec SA Life time 28800 Do not have to match. Shorter period will be used. IPSec PFS Disable Must match client PC AH authentication Disab led AH is rarely used ESP authentication Enable/MD5 Must match client PC ESP encryption Enable/DES Must match client PC[...]

  • Seite 90

    Broadband VPN Gateway User Guide Figure 51: Windows 2000/XP - Policy Properties • Note that no rules are i n use. Two 2 rules are required - incoming and outgoing. • The outgoing rule will be ad d ed first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" t o view the screen below. Figure 52: IP Filter List 7. Typ[...]

  • Seite 91

    Microsoft VPN Figure 53: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address . • Since this is the outgo in g filter, the Source IP address is "My IP address" and the Destinat ion IP address is the address range used on the remote LAN. • Ensure the Mirrored option is checked. 9. Click "OK&q[...]

  • Seite 92

    Broadband VPN Gateway User Guide Figure 55: New Rule Properties: Filter Action 11. Select Require Security , then click the "Edit" button, to view the Require Security Properties screen. Figure 56: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add". 88[...]

  • Seite 93

    Microsoft VPN Figure 57: Modify Security Method 13. On the resulting screen (above), select Hi gh [ESP] then click "OK" to save your changes and return to the Require Security Properties screen. 0 Figure 58: Require Security Properties 14. Ensure the following setting s are co rrect, then click "OK" to return to the Filter Actio[...]

  • Seite 94

    Broadband VPN Gateway User Guide Figure 59: Tunnel Setting 16. Click the Authentication Methods tab, then click the "Edit" to see the screen like the example below. Figure 60: Authentication Method 17. Select Use this string to protect the key exchange (preshared key) , then ente r your preshared key in the field provided. 18. Click "[...]

  • Seite 95

    Microsoft VPN Figure 61: Windows 2000/XP Client to Broadband VPN Gatew ay 20. To add the second (incomi ng) rule, click "Add". Fo r the name, enter "To Win2K", then clic k "Add". Figure 62: Windows 2000/XP Client to Broadband VPN Gatew ay 21. Enter the Source IP address and the Destination IP address as shown below. ?[...]

  • Seite 96

    Broadband VPN Gateway User Guide Figure 63: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Close". Figure 64: Filter List 23. Ensure the "To Win 2 K" filter is selected, then click the Filter Action tab. 92[...]

  • Seite 97

    Microsoft VPN Figure 65: Filter Action 24. Select Require Security , then click "Edit". On the Require Security Methods screen below, select Nego tiate security . Figure 66: Security Methods 25. Click the "Add" butt on. On the resulting Modify Security Method screen below, select High [ESP] . 93[...]

  • Seite 98

    Broadband VPN Gateway User Guide Figure 67: Modify Security Method 26. Click "OK" to save your chang es, th en click "OK" again to return to th e Filter Actio n screen. 27. Select the Tunnel Setting tab, and enter the WAN (Internet) IP address of thi s PC (172.16.9.10 in this example). Figure 68: Tunnel Setting 28. Select the Au[...]

  • Seite 99

    Microsoft VPN Figure 69: Authentication Method 29. Select Use this string to protect the key exchange (preshared key) , then ente r your preshared key in the field provided. 30. Click "OK" to save your settin g s, then "Close" to return to the DUT to Win2K Propert ies screen. There should now be 2 IP Filers listed, as shown belo[...]

  • Seite 100

    Broadband VPN Gateway User Guide Figure 71: Properties - General Tab 32. Click the "Advanced" butt on to see the screen below. Figure 72: Key Exchange Settings 33. Click the "Methods" butt on to see the screen below. Figure 73: Key Exchange Security Methods 96[...]

  • Seite 101

    Microsoft VPN 34. Select the first entry, and click the "Ed it" button to see the fo llo wing screen. Figure 74: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm , "3DES" for Encryption algorithm , and "Low(1)" for the Diffie-Hellman Group . 36. Click "OK" to save, then "OK&quo[...]

  • Seite 102

    Broadband VPN Gateway User Guide Remote IP addresses 172.16.9.10 For a single client, this is the same as the Gateway address Subnet address: 11.5.0.0 255.255.0.0 Address range used on the remote LAN. 98[...]

  • Seite 103

    Microsoft VPN Windows 2000 Server Configuration Configuration is t he same as for Example 2: Windows 2000/XP Client to except for specifying the Source and Destinatio n addresses for the "Filter Properties". Instead, for bo th IP Filters, th e Filter Properties- Addressing should be completed as fol lows. Figure 77: Windows 2000 Server - [...]

  • Seite 104

    Broadband VPN Gateway User Guide Certificates Certificates are used to authen ticate u ser s. Certificates are issued to you by va rious CAs (Certification Autho rities). These C ertificates are called "Self Certificates". Each CA also issues a certificat e to itself. This Certificate is required in order to validate communication with th[...]

  • Seite 105

    Microsoft VPN 3. Click the "Browse" but ton, and locat e the certificate file on your PC 4. Select the file. The name will appear in the "Certificate File" field. 5. Click "Upload" to upl oad the certificate file to the Broadband VPN Gateway. 6. Click "Back" to return to th e Tru sted Certificate list. The ne[...]

  • Seite 106

    Broadband VPN Gateway User Guide Upload Button After you have received a Certificat e, use this to upload the certifi- cate to the Broadband VPN Router. You must select the correct cer tificate request , so the Broadband VPN Router can correctly match the request and the certificate. New Request Button Use this to generate a new request to be sup p[...]

  • Seite 107

    Microsoft VPN Authentication Algo- rithm Select the desired option. R SA is recommended. Key Size Select the desired option. Norm ally, 1024 bits provides adequate security. IP address Enter your public (Internet) IP address. Domain Name This is optional. If you have a domai n name, enter it here. E-mail This is optional. If you have perm anent E-m[...]

  • Seite 108

    Broadband VPN Gateway User Guide • When prompted for the request data, suppl y the data you copied and saved in step 5 above. • Submit the CA's form. • If there are no problems, the Certificate will then be issued . 8. After obtaining a new Ce rtificate, as described above , you need to upload it the Broadband VPN Gateway. • Return to [...]

  • Seite 109

    Microsoft VPN Figure 85: Upload CRL 4. Upload the CRL file: • Click the "Browse" butt on, and locate the CRL file on your PC • Select the file. The name will appear in the "Upload File" field. • Click "Upload" to upl oad the CRL file to the Broadband VPN Gateway. • Click "Back" to return to th e CRL l[...]

  • Seite 110

    Broadband VPN Gateway User Guide 9 Check Log Open a new window and view the contents of the VPN log. Chapter 9 Microsoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. Overview Microsoft VPN uses the Microsoft VPN Adapter which is provided in recent versions of W indows. This feature can be used to prov[...]

  • Seite 111

    Microsoft VPN Data - VPN Adapter Screen PPTP Service Enable PPTP Use this checkbox to enable or disable this feature as required. To allow connection by rem ote Windows clients, you must enabl e this feature, and enter the clien t details (on the Clients screen) to allow them to login to this Server. Authentication Methods Enable the desired authen[...]

  • Seite 112

    Broadband VPN Gateway User Guide Data - User Screen Existing Users User List All existing users are listed. If you have not added any users, this list will be empty. When a user is selected, thei r details are displayed in the Properties panel. You can then edit the user' s information as required; click Update Selected User to save your chang[...]

  • Seite 113

    Microsoft VPN Status Log Screen The Status Log screen is accessed by selecting the Status Log opti on on the VPN (PPTP) menu. Figure 89: Status Log Screen Data - Status Log Screen Status Log Status This indicates whether or not th e PPTP (VPN) Server is enabled. Current Connec- tions This indicates t he number of remote clients currentl y logged in[...]

  • Seite 114

    Broadband VPN Gateway User Guide Windows Client Setup To connect to the PPTP (VPN) Server in the VPN Broadband Gateway : • The Microsoft VPN feature in the VPN Broadband Gat eway must be enabled and configured, as described in the previous sec- tion. • Each user must have a login (usernam e and password) on the VPN client database on the VPN Br[...]

  • Seite 115

    Microsoft VPN To force all outgoing traffic t o be sent via VPN, enable the setting This is the default Internet con nection on the Dialing tab. (Do NOT enable this setting if using Dial -up or PPPoE client software.) Windows ME VPN Dialing Properties To establish a connection: 1. Ensure you are connected to the Internet. 2. Select Start - Setti ng[...]

  • Seite 116

    Broadband VPN Gateway User Guide Windows 2000 Ensure you have logged on with Adm inistrato r rights before attem pting this procedure. 1. Open "Network Connections", and st art the "New Connection" Wizard. Figure 92: Windows 2000 Network Connection 2. Select the VPN option ("Connect to a private network through the Internet[...]

  • Seite 117

    Microsoft VPN Figure 94: Windows 2000 VPN Host 4. On the screen above, enter the Dom ain Name or Internet IP address of the Broadband VPN Gateway you wi sh to connect to. Click Next to continue. Figure 95: Windows 2000 Connection Availability 5. Choose whether to allow thi s connection for ev eryone, or only for yourself, as required. Click Next to[...]

  • Seite 118

    Broadband VPN Gateway User Guide Figure 96: Windows 2000 Finish Wi zard 6. Enter a suitable name, and click "Finish" to sav e and exit. Setup is now complete. To establish a connection: 1. Right-click t he connection in "Network Connections", and select "Connect". 2. You will then be prompted for the usern ame and pass[...]

  • Seite 119

    Microsoft VPN Windows XP Ensure you have logged on with Adm inistrato r rights before attem pting this procedure. 1. Open Network Connecti ons (Start-Settings-Network Connections), and start the New Connection Wizard. Figure 97: Windows XP Network Connection Type 2. Select the option "Connect to the network at m y workplace", as shown abo[...]

  • Seite 120

    Broadband VPN Gateway User Guide Figure 99: Windows XP Connection Name 4. Enter a suitable name for this connection. Click Next to continue. Figure 100: Windows XP Public Network 5. On the screen above, select "Do not dial the initial connection". Click Next to continue. Figure 101: Windows XP VPN Server 6. On the screen above, enter the [...]

  • Seite 121

    Microsoft VPN 117 Figure 102: Windows XP Connection Availability 7. Choose whether to allow thi s connection for ev eryone, or only for yourself, as required. Click Next to continue. 8. On the final screen, click Finish to save an d exit. Setup is now complete. To establish a connection: 1. Right-click t he connection in "Network Connections&q[...]

  • Seite 122

    10 Chapter 10 Other Features & Settings This Chapter explains the screens and se ttings available via the "Other" menu. Overview Normally, it is not necessary to use these screens, or change any settings. These screens and setti ngs are provided to deal wit h non- standard situations, or to provi de a dditional options for advanced us[...]

  • Seite 123

    Other Features and Settings Diagnostics This screen allows you to perform a "P ing" or a "DNS lookup". These activities can be useful in solving network problem s. An example Diagnosti cs screen is shown below. Figure 103: Diagnostics Screen Data - Diagnostics Screen Ping Ping This IP Address Ent er the IP address you wish to pi[...]

  • Seite 124

    Broadband VPN Gateway User Guide Search Button After enterin g the Domain name/URL, click this button to start th e "DNS Search" procedure. The resu lts will be displayed in the DNS Search Result pane. 120[...]

  • Seite 125

    Other Features and Settings Password Screen The password screen allows you to assign a password to the Wireless R outer. Figure 104: Account Management Screen Data - Account Management Screen Passw ord User Name It displays the current existi ng user names. User Rights It describes the rights of the current user. Latest Login It displays the last l[...]

  • Seite 126

    Broadband VPN Gateway User Guide Web Management Web Management allows you to connect to this in terface via the Internet, using your Web browser. Figure 106: Web Management Screen Data - Web Management Screen Settings Web Management Select WAN1, WAN2 or LAN to allow administ ration/management via the Internet. (To connect, see above). If Disabled, [...]

  • Seite 127

    Other Features and Settings External Port Number The default value is 8080. Allow Web Login by This allows you to restrict remote access by IP address. Select the desired option. • Anyone - Remote user's IP address is not checked. • IP Address Range - Only the PCs in the selected IP address range will be allowed. • This PC Only - Only th[...]

  • Seite 128

    Broadband VPN Gateway User Guide Firmware Upgrade Use this screen to upgrade your Broadband VPN Gateway 's firmware. • You must download the requi red firmware file, and store it on your PC . • During the upgrade process, all existing Inte rnet connections will be terminated. • The upgrade process must NOT be interrupt ed! Figure 107: Up[...]

  • Seite 129

    Other Features and Settings Backup/Restore This feature allows you to backup (downloa d) the current settings from the Broadband VPN Gateway, and save them to a file on yo ur PC. You can restore a previously-downloaded confi guration file to the Broadband VPN Gateway, by uploading it to the Broadband VPN Gateway. This screen also allows you to set [...]

  • Seite 130

    Broadband VPN Gateway User Guide 126 Default Configu- ration Enable the Restore the default language if required. Clicki ng the Factory Defaults button will reset the Bro ad band VPN Gateway to its factory default setti ngs. WARNING ! This will delete ALL of the existin g settings.[...]

  • Seite 131

    A Appendix A Troubleshooting This Appendix covers the most likel y problems and their solutions. Overview This chapter covers some common problems t hat may be encount ered while using t he Broadband VPN Gateway and some possible solutions to them. If you follow the sugge sted steps and the Broadband VPN Gateway still does not function properly, co[...]

  • Seite 132

    Broadband VPN Gateway User Guide 128 Solution 2: The Broadband VPN Gateway processes the data passi ng through it, so it is not transparent. Use the Special Applicati ons feature to allow the use of Internet applications which do not function correct ly. If this does solve the problem you can use the DMZ function. This should work with almost every[...]

  • Seite 133

    B Appendix B Specifications Broadband VPN Gateway Model Broadband VPN Gateway Dimensions 235mm(W) * 147m m(D) * 33mm (H) Operating Temperature 0 ° C to 40 ° C Storage Temperature -10 ° C to 70 ° C Network Protocol: TCP/IP Network Interface: 6 Ethernet: 4 * 10/100BaseT (RJ45) LAN connection 2 * 10/100BaseT (RJ45) for WAN LEDs 15 Power Adapter 5 [...]

  • Seite 134

    Broadband VPN Gateway User Guide This transmitter must not be co-located or operating in co njunction with any o th er an tenna or transmitter. CE Marking Warning CE Standards This product compli es with the 99/5/EEC directives, including t he following safety and EMC standards: • EN301489-1/-17 • EN60950 This is a Class B product . In a domest[...]

  • Seite 135

    Appendix B - Specifications 131[...]

  • Seite 136

    Broadband VPN Gateway User Guide 132[...]