Trendnet Tw100-brv324 User manual

Table of Contents

CHAPTER 1 INTRODUCTION .............................................................................................1

Broadband VPN Gateway Features ................................................................................1

Package Contents ..............................................................................................................3

Physical Details..................................................................................................................4

CHAPTER 2 INSTALLATION...............................................................................................6

Requirements.....................................................................................................................6

Procedure...........................................................................................................................6

CHAPTER 3 SETUP ................................................................................................................8

Overview ............................................................................................................................8

Configuration Program ....................................................................................................9

WAN Port Configuration ...............................................................................................12

Port Options Screen........................................................................................................14

LAN Port Screen .............................................................................................................16

Load/Backup Screen.......................................................................................................18

CHAPTER 4 PC CONFIGURATION..................................................................................20

Overview ..........................................................................................................................20

Windows Clients..............................................................................................................20

Macintosh Clients............................................................................................................33

Linux Clients....................................................................................................................33

Other Unix Systems.........................................................................................................33

CHAPTER 5 OPERATION AND STATUS.........................................................................34

Operation.........................................................................................................................34

Status Screen....................................................................................................................34

Port Status........................................................................................................................37

Event Log.........................................................................................................................38

URL Log...........................................................................................................................39

System Log.......................................................................................................................40

CHAPTER 6 INTERNET FEATURES................................................................................41

Overview ..........................................................................................................................41

Address List.....................................................................................................................42

PC Database.....................................................................................................................43

URL Filter........................................................................................................................45

Dynamic DNS...................................................................................................................47

Static Routing..................................................................................................................49

QoS ...................................................................................................................................54

CHAPTER 7 SECURITY CONFIGURATION...................................................................56

Overview ..........................................................................................................................56

Rules.................................................................................................................................56

Schedules..........................................................................................................................60

Firewall -- Log .................................................................................................................61

Services.............................................................................................................................63

Security.............................................................................................................................64

DMZ .................................................................................................................................66

E-Mail...............................................................................................................................67

CHAPTER 8 VPN (IPSEC)....................................................................................................69

Overview ..........................................................................................................................69

Common VPN Situations................................................................................................71

VPN Configuration .........................................................................................................73

VPN Examples.................................................................................................................81

Certificates.......................................................................................................................99

CRL ................................................................................................................................103

VPN Status.....................................................................................................................104

Add Certificate .................................................................... Error! Bookmark not defined.

Get Certificate ID................................................................ Error! Bookmark not defined.

CHAPTER 9 MICROSOFT VPN .......................................................................................105

Overview ........................................................................................................................105

Server Setup...................................................................................................................105

User.................................................................................................................................106

Status Log Screen..........................................................................................................108

Windows Client Setup...................................................................................................109

CHAPTER 10 OTHER FEATURES & SETTINGS .........................................................117

Overview ........................................................................................................................117

Diagnostics.....................................................................................................................118

Password Screen............................................................................................................120

Web Management .........................................................................................................121

Firmware Upgrade........................................................................................................123

Backup/Restore..............................................................................................................124

APPENDIX A TROUBLESHOOTING..............................................................................126

Overview ........................................................................................................................126

General Problems..........................................................................................................126

Internet Access...............................................................................................................126

APPENDIX B SPECIFICATIONS......................................................................................128

Broadband VPN Gateway............................................................................................128

FCC Statement ..............................................................................................................128

CE Marking Warning...................................................................................................129

P/N: 956YH10001

Document Version:1.0

All trademarks and trade names are the properties of their respective owners.

Chapter 1

Introduction

This Chapter provides an overview of the Broadband VPN Gateway's features and capabilities.

Congratulations on the purchase of your new Broadband VPN Gateway. The Broadband VPN Gateway is a multi-function device

providing the following services:

•Shared Broadband Internet Access for all LAN users.

•VPN Gateway for IPSec VPN connections to remote PCs or sites.

•4-Port Switching Hub for 10BaseT or 100BaseT connections.

Figure 1: Broadband VPN Gateway

Broadband VPN Gateway Features

The Broadband VPN Gateway incorporates many advanced features, carefully designed to provide sophisticated functions while

being easy to use.

Internet Access Features

•Shared Internet Access. All users on the LAN or WAN can access the Internet through the Broadband VPN Gateway, using

only a single external IP Address. The local (invalid) IP Addresses are hidden from external sources. This process is called NAT

(Network Address Translation).

•Dual WAN Support. Dual 10/100 WAN ports let you have a second link to your ISP, providing failover protection. You can

use both WAN ports simultaneously, and let the router balance the requirements between them for maximum bandwidth efficien-

cy.

•Fixed or Dynamic IP Address. On the Internet (WAN port) connection, the Broadband VPN Gateway supports both Dynamic

IP Address (IP Address is allocated on connection) and Fixed IP Address.

Advanced Internet Functions

•Communication Applications. Support for Internet communication applications, such as interactive Games, Telephony, and

Conferencing applications, which are often difficult to use when behind a Firewall, is included.

•Special Internet Applications. Applications which use non-standard connections or port numbers are normally blocked by the

Firewall. The ability to define and allow such applications is provided, to enable such applications to be used normally.

Broadband VPN Gateway User Guide

•Virtual Servers. This feature allows Internet users to access Internet servers on your LAN. The required setup is quick and

easy.

•Multi-DMZ. For each WAN (Internet) IP address allocated to you, one (1) PC on your local LAN can be configured to allow

unrestricted 2-way communication with Servers or individual users on the Internet. This provides the ability to run programs

which are incompatible with Firewalls.

•Address List. Use address list to block access to undesirable Web sites by LAN users. Up to 40 addresses can be listed.

•IM/P2P Control. The IM/P2P control allows you to better manage your employees’ network activities and prevent possible

misuse of IM and P2P applications.

•URL Filter. Use the URL Filter to block access to undesirable Web sites by LAN users.

•Internet Access Log. See which Internet connections have been made.

•VPN Pass through Support. PCs with VPN (Virtual Private Networking) software using PPTP, L2TP and IPSec are transpa-

rently supported - no configuration is required.

•QoS Support Quality of Service can be used to handle packets so that more important connections receive priority over less

important one.

LAN Features

•4-Port Switching Hub. The Broadband VPN Gateway incorporates a 4-port 10/100BaseT switching hub, making it easy to

create or extend your LAN.

•DHCP Server Support. Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon

request. The Broadband VPN Gateway can act as a DHCP Server for devices on your local LAN and WAN.

Configuration & Management

•Easy Setup. Use your WEB browser from anywhere on the LAN or WAN for configuration.

•Remote Management. The Broadband VPN Gateway can be managed from any PC on your LAN. And, if the Internet connec-

tion exists, it can also (optionally) be configured via the Internet.

•UPnP Support. UPnP (Universal Plug and Play) allows automatic discovery and configuration of the Broadband VPN Gate-

way. UPnP is by supported by Windows ME, XP, or later.

•Multi-Language Support. Multi-Language Pack facilitates the process of creating multi-language applications. Add support

for as many languages as you like.

•Configuration File Backup & Restore. You can backup (download) the Broadband VPN Gateway's configuration file to

your PC, and restore (upload) a previously-saved configuration file to the Broadband VPN Gateway.

Introduction

Security Features

•Password - protected Configuration. Optional password protection is provided to prevent unauthorized users from modifying

the configuration data and settings.

•NAT Protection. An intrinsic side effect of NAT (Network Address Translation) technology is that by allowing all LAN users

to share a single IP address, the location and even the existence of each PC is hidden. From the external viewpoint, there is no

network, only a single device - the Broadband VPN Gateway.

•NATT (NAT-Traversal). NAT Traversal is a method to allow IPSec to work through NAT devices. It is encapsulating IPsec

ESP packets into UDP packets for passing through routers or firewalls employing Network Address Translation (NAT).

•Stateful Inspection Firewall. All incoming data packets are monitored and all incoming server requests are filtered, thus

protecting your network from malicious attacks from external sources.

•IP/MAC Binding. Users cannot change the IP address unless they have the permission of the IT manager.

•Protection against DoS attacks. DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and

connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. The Broadband

VPN Gateway incorporates protection against DoS attacks.

•Rule-based Policy Firewall. To provide additional protection against malicious packets, you can define your own firewall

rules. This can also be used to control the Internet services available to LAN users.

IPSec VPN Gateway Features

•IPSec. Support for IPSec standards, including IKE and certificates.

•100 Tunnels. Up to 100 VPN tunnels can be created.

•High performance. High performance encryption engine maintains high throughput even when using 3DES.

•DPD Support Dead Peer Detection is a method of detecting a dead Internet Key Exchange (IKE) peer. The method uses IPSec

traffic patterns to minimize the number of messages required to confirm the liveness of a peer. DPD is used to reclaim the lost re-

sources in case a peer is found dead.

Microsoft VPN Gateway Support

•PPTP Server. The Broadband VPN Gateway emulates a Microsoft PPTP VPN Server, allowing clients to use the Microsoft

VPN client provided in Windows.

•Windows Client Support. Remote users can use the Microsoft VPN client (VPN Adapter) provided in recent versions of

Windows.

•Easy Setup. For both the Administrator and remote users, the Microsoft VPN is much easier to configure than IPSec VPN.

Package Contents

The following items should be included:

•The Broadband VPN Gateway Unit

•Power Adapter

•Quick Installation Guide

•CD-ROM containing the on-line manual.

If any of the above items are damaged or missing, please contact your dealer immediately.

Broadband VPN Gateway User Guide

Physical Details

Front-mounted LEDs

Figure 2: Front Panel

Power On - Power on.

Off - No power.

Status (Red) On - Error condition.

Off - Normal operation.

Blinking - This LED blinks during start up.

WAN ports

(10/100BaseT) Connect the DSL or Cable Modem here. If your modem came with a

cable, use the supplied cable. Otherwise, use a standard LAN cable.

LAN Each port has 2 LEDs

•Link/Act

•On - Corresponding LAN (hub) port is active.

•Off - No active connection on the corresponding LAN (hub)

port.

•Flashing - Data is being transmitted or received via the corres-

ponding LAN (hub) port.

•100

•On - Corresponding LAN (hub) port is using 100BaseT.

•Off - Corresponding LAN (hub) port connection is using

10BaseT, or no active connection.

WAN LED On - Wireless enabled.

Off - No Wireless connections currently exist.

Flashing - Data is being transmitted or received via the Wireless access

point. This includes "network traffic" as well as user data.

Introduction

Rear Panel

Figure 3: Rear Panel

WAN port 1/2

(10/100BaseT) Connect the DSL or Cable Modem here. If your modem came with a

cable, use the supplied cable. Otherwise, use a standard LAN cable.

10/100BaseT

LAN connections Use standard LAN cables (RJ45 connectors) to connect your PCs to

these ports.

Note:

Any LAN port on the Broadband VPN Gateway will automatically

function as an "Uplink" port when required. Just connect any port to

a normal port on the other hub, using a standard LAN cable.

Console Port Use the supplied cable to connect the router to a terminal or PC.

Reset Button This button has two (2) functions:

•Reboot. When pressed and released, the Broadband VPN

Gateway will reboot (restart).

•Clear All Data. This button can also be used to clear ALL data

and restore ALL settings to the factory default values.

To Clear All Data and restore the factory default values:

1. Power Off.

2. Hold the Reset Button down while you Power On.

3. Keep holding the Reset Button for a few seconds, until the RED

LED has flashed TWICE.

4. Release the Reset Button. The Broadband VPN Gateway is now

using the factory default values.

Power port Connect the supplied power adapter here.

Chapter 2

Installation

This Chapter covers the physical installation of the Broadband VPN Gateway.

Requirements

•Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors.

•TCP/IP protocol must be installed on all PCs.

•For Internet Access, an Internet Access account with an ISP, and a Broadband modem (usually, DSL or Cable modem).

Procedure

Figure 4: Installation Diagram

1. Choose an Installation Site

Select a suitable place on the network to install the Broadband VPN Gateway.

Ensure the Broadband VPN Gateway and the DSL/Cable modem are powered OFF.

2. Connect LAN Cables

•Use standard LAN cables to connect PCs to the Switching Hub ports on the Broadband VPN Gateway. Both 10BaseT and

100BaseT connections can be used simultaneously.

•If required, you can connect any LAN port to another Hub. Any LAN port on the Broadband VPN Gateway will automatically

function as an "Uplink" port when required. Just connect any LAN port to a normal port on the other hub, using a standard LAN

cable.

3. Connect WAN Cable

Connect the Broadband modem to the WAN port on the Broadband VPN Gateway. Use the cable supplied with your Broadband

modem. If no cable was supplied, use a standard LAN cable.

4. Power Up

•Power on the Broadband modem.

•Connect the supplied power adapter to the Broadband VPN Gateway and power up.

Use only the power adapter provided. Using a different one may cause hardware damage.

Installation

5. Check the LEDs

•The Power LED should be ON.

•The Status LED should blink during start up, then turn Off. If it stays on, there is a hardware error.

•For each LAN (PC) connection, the LAN Link/Act LED should be ON (provided the PC is also ON.)

•The WAN1 or WAN2 LED should be ON.

For more information, refer to Front-mounted LEDs in Chapter 1.

Chapter 3

Setup

This Chapter provides Setup details of the Broadband VPN Gateway.

Overview

This chapter describes the setup procedure for:

•Internet Access

•LAN configuration

PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Configuration.

Other configuration may also be required, depending on which features and functions of the Broadband VPN Gateway you wish to

use. Use the table below to locate detailed instructions for the required functions.

To Do this: Refer to:

Configure PCs on your LAN. Chapter 4:

PC Configuration

Check Broadband VPN Gateway operation and Status. Chapter 5:

Operation and Status

Use any of the following Internet features:

•WAN Port

•Advanced Setup

•Dynamic DNS

•Virtual Servers

•Options

Chapter 6:

Internet Features

Change any of the following Security-related settings:

•Admin Login

•Access Control

•Firewall Rules

•Logs

•E-mail

•Security Options

•Scheduling

•Services

Chapter 7:

Security Configuration

Use the IPSec VPN features:

•VPN Policies

•Certificates

•CRLs

•VPN Status

Chapter 8:

VPN (IPSec)

Setup

Use the Microsoft VPN feature:

•PPTP Server in the Broadband VPN Gateway.

•User and Client setup.

•Checking VPN connection Status.

Chapter 9:

Microsoft VPN

Configure or use any of the following:

•Configuration File backup and restore.

•Network Diagnostic

•PC Database

•Remote Administration

•Routing

•Upgrade Firmware

•UPnP

Chapter 9:

Other Features and Settings

Where use of a certain feature requires that

PCs or other LAN devices be configured, this

is also explained in the relevant chapter.

Configuration Program

The Broadband VPN Gateway contains an HTTP server. This enables you to connect to it, and configure it, using your Web Browser.

Your Browser must support JavaScript. The configuration program has been tested on the following browsers:

•Netscape V4.08 or later

•Internet Explorer V4 or later

Preparation

Before attempting to configure the Broadband VPN Gateway, please ensure that:

•Your PC can establish a physical connection to the Broadband VPN Gateway. The PC and the Broadband VPN Gateway must be

directly connected (using the Hub ports on the Broadband VPN Gateway) or on the same LAN segment.

•The Broadband VPN Gateway must be installed and powered ON.

•If the Broadband VPN Gateway 's default IP Address (192.168.0.1) is already used by another device, the other device must be

turned OFF until the Broadband VPN Gateway is allocated a new IP Address during configuration.

Using UPnP

If your Windows system supports UPnP, an icon for the Broadband VPN Gateway will appear in the system tray, notifying you that a

new network device has been found, and offering to create a new desktop shortcut to the newly-discovered device.

•Unless you intend to change the IP Address of the Broadband VPN Gateway, you can accept the desktop shortcut.

•Whether you accept the desktop shortcut or not, you can always find UPnP devices in My Network Places (previously called

Network Neighborhood).

•Double - click the icon for the Broadband VPN Gateway (either on the Desktop, or in My Network Places) to start the configura-

tion.

Using your Web Browser

To establish a connection from your PC to the Broadband VPN Gateway:

1. After installing the Broadband VPN Gateway in your LAN, start your PC. If your PC is already running, restart it.

2. Start your WEB browser.

Broadband VPN Gateway User Guide

3. In the Address box, enter "HTTP://" and the IP Address of the Broadband VPN Gateway, as in this example, which uses the

Broadband VPN Gateway 's default IP Address:

HTTP://192.168.0.1

If you can't connect

If the Broadband VPN Gateway does not respond, check the following:

•The Broadband VPN Gateway is properly installed, LAN connection is OK,

and it is powered ON. You can test the connection by using the "Ping" com-

mand:

•Open the MS-DOS window or command prompt window.

•Enter the command:

ping 192.168.0.1

If no response is received, either the connection is not working, or your

PC's IP address is not compatible with the Broadband VPN Gateway 's IP

Address. (See next item.)

•If your PC is using a fixed IP Address, its IP Address must be within the range

192.168.0.2 to 192.168.0.254 to be compatible with the Broadband VPN Ga-

teway 's default IP Address of 192.168.0.1. Also, the Network Mask must be

set to 255.255.255.0. See Chapter 4 - PC Configuration for details on check-

ing your PC's TCP/IP settings.

•Ensure that your PC and the Broadband VPN Gateway are on the same net-

work segment. (If you don't have a router, this must be the case.)

4. You will be prompted for a username and password, as shown below.

Figure 5: Password Dialog

•Enter admin for the User Name, and password for the Password.

•These are the default values. Both the name and password can (and should) be changed, using the Admin Login screen. Once you

have changed either the name or the password, you must use the current values.

Setup

Home Screen

After logging, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example

screen is shown below.

Figure 6: Home Screen

Navigation & Data Input

•Use the menu bar on the left of the screen, and the "Back" button on your Browser, for navigation.

•Changing to another screen without clicking "Save" does NOT save any changes you may have made. You must "Save" before

changing screens or your data will be ignored.

Broadband VPN Gateway User Guide

WAN Port Configuration

The WAN Port option is on the Setup menu.

Figure 7: WAN Port Screen

Data - WAN Port Screen

WAN Port Settings

Connections Normally, this can be left at "Automatic". If the device attached to

the WAN Port has problems making a connection, you can select the

setting required or preferred by the other device.

Connection Type Select the login method used, and enter the required data.

•Static IP - Select this if your ISP has allocated you a fixed IP

Address. If this option is selected, you must enter the data in the

Static IP Settings section.

•Dynamic IP - This is the default, and the most common. Leave

this selected if your ISP allocates an IP Address to the Wireless

Router upon connection.

•PPPoE - This is the most common login method, widely used

with DSL modems. Normally, your ISP will have provided some

software to connect and login. This software is no longer re-

quired, and should not be used.

Static IP Settings

IP Address The IP Address allocated by the ISP.

Subnet Mask This is also supplied by your ISP. It must be compatible with the IP

Address above.

Setup

Gateway The address of the router or gateway, as supplied by your ISP.

PPPoE Dial-up

User Name The User Name (or account name) provided by your ISP.

Password Enter the password for the login name above.

Hostname Normally, there is no need to change the default name, but if your

ISP requests that you use a particular Hostname, enter it here.

DNS

DNS 1 Enter the IP address of the DNS (Domain Name Server) you wish to

use.

DNS 2 DNS 2 will be used if the DNS 1 is not available.

Buttons

Save Save your changes to the Wireless Router.

Cancel Reverse any changes made since the last "Save".

Broadband VPN Gateway User Guide

Port Options Screen

Use the Port Options link on the Setup menu. An example screen is shown below.

Figure 8: Port Options Screen

Data - Port Options Screen

Port Options

Symmetric NAT If Enabled, all requests from the same internal IP address and port to

a specific destination IP address and port are mapped to a unique

external source IP address and port.

Compatible NAT The default value is Disabled.

Hostname Normally, there is no need to change the default name, but if your

ISP requests that you use a particular Hostname, enter it here.

Domain Name If your ISP provided a domain name, enter it here. Otherwise, this

may be left blank.

MAC Address Also called Network Adapter Address or Physical Address. This is a

low-level identifier, as seen from the WAN port.

Normally there is no need to change this, but some ISPs require a

particular value, often that of the PC initially used for Internet access.

You can use the Clone button to copy your PC's address into this

field, the Default button to insert the default value, or enter a value

directly.

Setup

MTU Size •MTU (Maximum Transmission Unit) value should only be

changed if advised to do so by Technical Support.

•Enter a value between 1 and 1500.

•This device will still auto-negotiate with the remote server, to set

the MTU size. The smaller of the 2 values (auto-negotiated, or

entered here) will be used.

PPPoE Connection

Automatic Dial-up An Internet connection is automatically made when required, and

disconnected when idle for the time period specified by the "Discon-

nect after Idling".

Disconnect After

Idling This field has no effect unless using the Automatic Dial-up setting.

If using this setting, enter the desired idle time-out period (in mi-

nutes). After the connection to your ISP has been idle for this time

period, the connection will be terminated.

Bind Service

IPSec Pass

Through IPSec protocol is used to establish a secure connection, and is widely

used by VPN (Virtual Private Networking) programs.

VPN (PPTP) PPTP (Point to Point Tunneling Protocol) is widely used by VPN

(Virtual Private Networking) programs.

Network Card

Speed Select the desired option from the drop-down list.

Broadband VPN Gateway User Guide

LAN Port Screen

Use the LAN Port link on the main menu to reach the LAN Port screen. An example screen is shown below.

Figure 9: LAN Port Screen

Data - LAN Port Screen

LAN

LAN IP Address IP address for the Broadband VPN Gateway, as seen from the local

LAN. Use the default value unless the address is already in use or your

LAN is using a different IP address range. In the latter case, enter an

unused IP Address from within the range used by your LAN.

Subnet Mask The default value 255.255.255.0 is standard for small (class "C")

networks. For other networks, use the Subnet Mask for the LAN

segment to which the Broadband VPN Gateway is attached (the same

value as the PCs on that LAN segment).

DHCP Server •If Enabled, the Broadband VPN Gateway will allocate IP Ad-

dresses to PCs (DHCP clients) on your LAN when they start up.

The default (and recommended) value is Enabled.

•If you are already using a DHCP Server, this setting must be

Disabled, and the existing DHCP server must be re-configured to

treat the Broadband VPN Gateway as the default Gateway. See the

following section for further details.

•The Start IP Address, Number of IP Address Pool, Client Side

DNS and DHCP Lease Time fields set the values used by the

DHCP server when allocating IP Addresses to DHCP clients. This

range also determines the number of DHCP clients supported.

See the following section for further details on using DHCP.

Buttons

Save Save the data on screen.

Cancel The "Cancel" button will discard any data you have entered and reload

the file from the Broadband VPN Gateway.

Other manuals for TW100-BRV324

Table of contents

Other TRENDnet Gateway manuals

TRENDnet

TRENDnet TVP-221H User manual

TRENDnet

TRENDnet TVP-221H User manual

TRENDnet

TRENDnet TVP-224HR User manual

TRENDnet

TRENDnet TVP-221H User manual

TRENDnet

TRENDnet TEW-734APO User manual

TRENDnet

TRENDnet TPE-105i User manual

Popular Gateway manuals by other brands

HP Aruba EC-S-P Product End-of-Life Disassembly Instructions

ZyXEL Communications

ZyXEL Communications Prestige 792H Specifications

Benair

Benair BeanGateway user manual

2N EasyGate Pro quick start

Avaya

Avaya Media Gateway G250 Administration guide

ADF Web

ADF Web HD67F33-B2 Series manual

Huawei

Huawei B260 user guide

Motorola

Motorola NVG510 Administrator's handbook

RTA

RTA 460MRSQT-N2E Product user guide

RTA

RTA 460PSBMS-N2E Product user guide

Shaw

Shaw Gateway HDPVR installation instructions

Huawei

Huawei HG530 user guide

schmersal

schmersal SD-I-U Series Mounting and wiring instructions

RTA

RTA 460MSUSB-NNCU user guide

Symantec

Symantec 360R - Security Gateway SGS Administration guide

AT&T

AT&T U-verse TV installation guide

THOMSON

THOMSON R7.4 Configuration guide

Moxa Technologies

Moxa Technologies MGate 5105-MB-EIP-T user manual

TRENDnet TW100-BRV324 User manual

Popular Gateway manuals by other brands