Table of Contents CHAPTER 1 INTRODUCTION ............................................................................................. 1 TW100-BRV204 Features................................................................................................ 1 Package Contents .............................................................................................................. 3 Physical Details.............................................................................................................
VPN Configuration ......................................................................................................... 73 VPN Examples ................................................................................................................. 83 Certificates ..................................................................................................................... 101 CRLs....................................................................................................................
Chapter 1 Introduction 1 This Chapter provides an overview of the TW100-BRV204 's features and capabilities. Congratulations on the purchase of your new TW100-BRV204 . The TW100-BRV204 is a multi-function device providing the following services: • • • Shared Broadband Internet Access for all LAN users. VPN Gateway for IPSec VPN connections to remote PCs or sites. 3-Port Switching Hub for 10BaseT or 100BaseT connections.
TW100-BRV204 User’s Guide Advanced Internet Functions • Communication Applications. Support for Internet communication applications, such as interactive Games, Telephony, and Conferencing applications, which are often difficult to use when behind a Firewall, is included. • Special Internet Applications. Applications which use non-standard connections or port numbers are normally blocked by the Firewall.
Introduction Security Features • Password - protected Configuration. Optional password protection is provided to prevent unauthorized users from modifying the configuration data and settings. • NAT Protection. An intrinsic side effect of NAT (Network Address Translation) technology is that by allowing all LAN users to share a single IP address, the location and even the existence of each PC is hidden. From the external viewpoint, there is no network, only a single device - the TW100-BRV204 .
TW100-BRV204 User’s Guide Physical Details Front-mounted LEDs Figure 2: Front Panel Power On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. LAN Each port has 2 LEDs • • DMZ • • WAN Link/Act • On - Corresponding LAN (hub) port is active. • Off - No active connection on the corresponding LAN (hub) port. • Flashing - Data is being transmitted or received via the corresponding LAN (hub) port.
Introduction Rear Panel Figure 3: Rear Panel Reset Button This button has two (2) functions: • Reboot. When pressed and released, the TW100-BRV204 will reboot (restart). • Clear All Data. This button can also be used to clear ALL data and restore ALL settings to the factory default values. To Clear All Data and restore the factory default values: 1. Power Off. 2. Hold the Reset Button down while you Power On. 3. Keep holding the Reset Button for a few seconds, until the RED LED has flashed TWICE. 4.
TW100-BRV204 User’s Guide • PCs connected to the DMZ port are on the same LAN segment as PCs connected to the Hub ports. They must use the same IP address range. • PCs connected to the DMZ port are NOT visible to PCs on the hub (LAN) ports. So you cannot use Microsoft networking or other networking protocols to connect to PCs on the DMZ. The connection must be made via the Internet. • PCs connected to the DMZ port still share the WAN port IP address for Internet access.
2 Chapter 2 Installation This Chapter covers the physical installation of the TW100-BRV204 . Requirements • Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors. • TCP/IP protocol must be installed on all PCs. • For Internet Access, an Internet Access account with an ISP, and a Broadband modem (usually, DSL or Cable modem). Procedure Figure 4: Installation Diagram 1. Choose an Installation Site Select a suitable place on the network to install the TW100-BRV204 .
TW100-BRV204 User’s Guide 3. Connect WAN Cable Connect the Broadband modem to the WAN port on the TW100-BRV204 . Use the cable supplied with your Broadband modem. If no cable was supplied, use a standard LAN cable. 4. Power Up • Power on the Broadband modem. • Connect the supplied power adapter to the TW100-BRV204 and power up. Use only the power adapter provided. Using a different one may cause hardware damage 5. Check the LEDs • The Power LED should be ON.
3 Chapter 3 Setup This Chapter provides Setup details of the TW100-BRV204 . Overview This chapter describes the setup procedure for: • Internet Access • LAN configuration PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Configuration. Other configuration may also be required, depending on which features and functions of the TW100-BRV204 you wish to use. Use the table below to locate detailed instructions for the required functions.
TW100-BRV204 User’s Guide Use the Microsoft VPN feature: • PPTP Server in the TW100-BRV204 . • User and Client setup. • Checking VPN connection Status. Configure or use any of the following: • Configuration File backup and restore.
Setup • Double - click the icon for the TW100-BRV204 (either on the Desktop, or in My Network Places) to start the configuration. Refer to the following section Setup Wizard for details of the initial configuration process. Using your Web Browser To establish a connection from your PC to the TW100-BRV204 : 1. After installing the TW100-BRV204 in your LAN, start your PC. If your PC is already running, restart it. 2. Start your WEB browser. 3.
TW100-BRV204 User’s Guide • These are the default values. Both the name and password can (and should) be changed, using the Admin Login screen. Once you have changed either the name or the password, you must use the current values.
Setup Setup Wizard The first time you connect to the TW100-BRV204 , the Setup Wizard will run automatically. (The Setup Wizard will also run if the TW100-BRV204 's default setting are restored.) 1. Step through the Wizard until finished. • 2. 3. You need to know the type of Internet connection service used by your ISP. Check the data supplied by your ISP. • The common connection types are explained in the tables below.
TW100-BRV204 User’s Guide PPTP Mainly used in Europe. • PPTP Server IP Address. You connect to the ISP only when required. The IP address is usually allocated automatically, but may be Static (Fixed). • User name and password. • IP Address allocated to you, if Static (Fixed). Other Modems (e.g. Broadband Wireless) Type Details ISP Data required Dynamic IP Address Your IP Address is allocated automatically, when you connect to you ISP. Usually, none.
Setup Home Screen After finishing or exiting the Setup Wizard, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below. Figure 6: Home Screen Navigation & Data Input • Use the menu bar on the top of the screen, and the "Back" button on your Browser, for navigation. • Changing to another screen without clicking "Save" does NOT save any changes you may have made.
TW100-BRV204 User’s Guide LAN Screen Use the LAN link on the main menu to reach the LAN screen An example screen is shown below. Figure 7: LAN Screen Data - LAN Screen TCP/IP IP Address IP address for the TW100-BRV204 , as seen from the local LAN. Use the default value unless the address is already in use or your LAN is using a different IP address range. In the latter case, enter an unused IP Address from within the range used by your LAN. Subnet Mask The default value 255.255.255.
Setup DHCP What DHCP Does A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request. • The client request is made when the client device starts up (boots). • The DHCP Server provides the Gateway and DNS addresses to the client, as well as allocating an IP Address. • The TW100-BRV204 can act as a DHCP server. • Windows 95/98/ME and other non-Server versions of Windows will act as a DHCP client.
Chapter 4 PC Configuration 4 This Chapter details the PC Configuration required on the local ("Internal") LAN. Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration Windows Clients This section describes how to configure Windows clients for Internet access via the TW100BRV204 . The first step is to check the PC's TCP/IP settings.
PC Configuration Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Network. You should see a screen like the following: Figure 8: Network Configuration 2. 3. Select the TCP/IP protocol for your network card. Click on the Properties button. You should then see a screen like the following. Figure 9: IP Address (Win 95) Ensure your TCP/IP settings are correct, as follows: Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically.
TW100-BRV204 User Guide • On the Gateway tab, enter the TW100-BRV204 's IP address in the New Gateway field and click Add, as shown below. Your LAN administrator can advise you of the IP Address they assigned to the TW100-BRV204 . Figure 10: Gateway Tab (Win 95/98) • On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add.
PC Configuration Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below. Figure 12: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below. Figure 13: Windows NT4.0 - IP Address 3. Select the network card for your LAN.
TW100-BRV204 User Guide 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address, as explained below. Obtain an IP address from a DHCP Server This is the default Windows setting. Using this is recommended. By default, the TW100BRV204 will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the TW100-BRV204 .
PC Configuration Figure 15: Windows NT4.
TW100-BRV204 User Guide Checking TCP/IP Settings - Windows 2000: 1. 2. Select Control Panel - Network and Dial-up Connection. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure 16: Network Configuration (Win 2000) 3. 4. Select the TCP/IP protocol for your network card. Click on the Properties button. You should then see a screen like the following.
PC Configuration 5. Ensure your TCP/IP settings are correct, as described below. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the TW100-BRV204 will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the TW100-BRV204 .
TW100-BRV204 User Guide Checking TCP/IP Settings - Windows XP 1. 2. Select Control Panel - Network Connection. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure 18: Network Configuration (Windows XP) 3. 4. Select the TCP/IP protocol for your network card. Click on the Properties button. You should then see a screen like the following.
PC Configuration Figure 19: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the TW100-BRV204 will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the TW100-BRV204 .
TW100-BRV204 User Guide Internet Access To configure your PCs to use the TW100-BRV204 for Internet access: • Ensure that the DSL modem, Cable modem, or other permanent connection is functional. • Use the following procedure to configure your Browser to access the Internet via the LAN, rather than by a Dial-up connection. For Windows 9x/ME/2000 1. 2. 3. 4. 5. 6. 7. Select Start Menu - Settings - Control Panel - Internet Options. Select the Connection tab, and click the Setup button.
PC Configuration Macintosh Clients From your Macintosh, you can access the Internet via the TW100-BRV204 . The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up menu. 3. Select Using DHCP Server from the Configure pop-up menu. The DHCP Client ID field can be left blank. 4. Close the TCP/IP panel, saving your settings.
Chapter 5 Operation and Status 5 This Chapter details the operation of the TW100-BRV204 and the status screens. Operation Once both the TW100-BRV204 and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: • If using Internet-based Communication Applications, it may be necessary to specify which PC receives an incoming connection. Refer to Chapter 6 - Internet Features for further details.
Operation and Status Data - Status Screen Internet Connection Method This indicates the current connection method, as set in the Setup Wizard. Broadband Modem This shows the connection status of the modem. Internet Connection Current connection status: • Active • Idle • Unknown • Failed If there is an error, you can click the "Connection Details" button to find out more information. Internet IP Address This IP Address is allocated by the ISP (Internet Service Provider).
TW100-BRV204 User Guide Connection Status - PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 21: PPPoE Status Screen Data - PPPoE Screen Connection Physical Address The hardware address of this device, as seen by remote devices on the Internet. (This is different to the hardware address seen by devices on the local LAN.) IP Address The IP Address of this device, as seen by Internet users.
Operation and Status Buttons Connect If not connected, establish a connection to your ISP. Disconnect If connected to your ISP, hang up the connection. Clear Log Delete all data currently in the Log. This will make it easier to read new messages. Refresh Update the data on screen. Connection Log Messages Message Description Connect on Demand Connection attempt has been triggered by the "Connect automatically, as required" setting.
TW100-BRV204 User Guide Connection Status - PPTP If using PPTP (Peer-to-Peer Tunneling Protocol), a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 22: PPTP Status Screen Data - PPTP Screen Connection Physical Address The hardware address of this device, as seen by remote devices on the Internet. (This is different to the hardware address seen by devices on the local LAN.) IP Address The IP Address of this device, as seen by Internet users.
Operation and Status Clear Log Delete all data currently in the Log. This will make it easier to read new messages. Refresh Update the data on screen. Connection Status - Telstra Big Pond An example screen is shown below. Figure 23: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection Physical Address The hardware address of this device, as seen by remote devices. (This is different to the hardware address seen by devices on the local LAN.
TW100-BRV204 User Guide Connection Log Connection Log • The Connection Log shows status messages relating to the existing connection. • The Clear Log button will restart the Log, while the Refresh button will update the messages shown on screen. Buttons Connect If not connected, establish a connection to Telstra Big Pond. Disconnect If connected to Telstra Big Pond, terminate the connection. Clear Log Delete all data currently in the Log. This will make it easier to read new messages.
Operation and Status DNS IP Address The IP Address of the Domain Name Server which is currently used. DHCP Client This will show "Enabled" or "Disabled", depending on whether or not this device is functioning as a DHCP client. If "Enabled" the "Remaining lease time" field indicates when the IP Address allocated by the DHCP Server will expire. The lease is automatically renewed on expiry; use the "Renew" button if you wish to manually renew the lease immediately.
TW100-BRV204 User Guide Connection Details - Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 25: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Internet Physical Address The hardware address of this device, as seen by remote devices on the Internet. (This is different to the hardware address seen by devices on the local LAN.
Operation and Status the "Release" button will break the connection and release the IP Address. Refresh Update the data shown on screen.
Chapter 6 Internet Features 6 This Chapter explains when and how to use the TW100-BRV204 's "Internet" Features. Overview The following advanced features are provided.
Internet Features WAN Port Configuration The WAN Port Configuration screen provides an alternative to using the Wizard. It can be accessed from the Internet menu. An example screen is shown below. Figure 26: WAN Port Configuration Screen Data – WAN Port Configuration Screen Identification Hostname Normally, there is no need to change the default name, but if your ISP requests that you use a particular “Hostname”, enter it here. Domain name If your ISP provided a domain name, enter it here.
TW100-BRV204 User Guide Specified IP Address Also called Static IP Address. Select this if your ISP has allocated you a fixed IP Address. If this option is selected, the following data must be entered. • IP Address. The IP Address allocated by the ISP. • Network Mask (Not required for PPPoE) This is also supplied by your ISP. It must be compatible with the IP Address above. • Gateway IP Address (Not required for PPPoE) The address of the router or gateway, as supplied by your ISP.
Internet Features Advanced Internet Figure 27: Internet Screen This screen allows configuration of all advanced features relating to Internet access. • Communication Applications • Special Applications • Multi-DMZ • URL filter Communication Applications Most applications are supported transparently by the TW100-BRV204 . But sometimes it is not clear which PC should receive an incoming connection. This problem could arise with the Communication Applications listed on this screen.
TW100-BRV204 User Guide Send incoming calls to This lists the PCs on your LAN. • If necessary, you can add PCs manually, using the PC Database option on the Other menu. • For each application listed above, you can choose a destination PC. • There is no need to "Save" after each change; you can set the destination PC for each application, then click "Save".
Internet Features Incoming Ports Outgoing Ports • Type - Select the protocol (TCP or UDP) used when you receive data from the special application or service. (Note: Some applications use different protocols for outgoing and incoming data). • Start - Enter the beginning of the range of port numbers used by the application server, for data you receive. If the application uses a single port number, enter it in both the "Start" and "Finish" fields.
TW100-BRV204 User Guide URL Filter The URL Filter allows you to block access to undesirable Web site • To use this feature, you must define "filter strings". If the "filter string" appears in a requested URL, the request is blocked. • Enabling the URL Filter also affects the Internet Access Log. If Enabled, the "Destination" field in the log will display the URL. Otherwise, it will display the IP Address. • The URL Filter can be Enabled or Disabled on the Advanced Internet screen.
Internet Features Dynamic DNS (Domain Name Server) This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect, which makes it difficult to connect to you. The Service works as follows: 1.
TW100-BRV204 User Guide NOT need to use the "Client" program provided by some DDNS Service providers.) • From the Internet, users will now be able to connect to your Virtual Servers (or DMZ PC) using your Domain name. DDNS Data DDNS Service Select the desired DDNS Service provider. User Name Enter your Username for the DDNS Service. Password/Key Enter your current password for the DDNS Service. Domain Name Enter the domain name allocated to you by the DDNS Service.
Internet Features Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: • Your Server does not have a valid external IP Address. • Attempts to connect to devices on your LAN are blocked by the firewall in this device. The "Virtual Server" feature solves these problems and allows Internet users to connect to your servers, as illustrated below.
TW100-BRV204 User Guide • For each enabled Virtual Server, a firewall rule to allow incoming traffic from the Internet (WAN) to the DMZ is automatically created. If the Server is connected to the LAN (hub) ports, you must add the firewall rule manually. Note that the DMZ port is a normal port, not an "uplink" port. If connecting to a hub, connect to the standard port on the hub. Virtual Servers Screen The Virtual Servers screen is reached by the Virtual Servers link on the Internet menu.
Internet Features http://203.70.212.52 ftp://203.70.212.52 It is more convenient if you are using a Fixed IP Address from your ISP, rather than Dynamic. However, you can use the Dynamic DNS feature, described in the following section, to allow users to connect to your Virtual Servers using a URL, rather than an IP Address. Options This screen allows advanced users to enter or change a number of settings. For normal operation, there is no need to use this screen or change any settings.
Chapter 7 Security Configuration 7 This Chapter explains the settings available via the security configuration section of the "Security" menu. Overview The following advanced configurations are provided. • Admin Login • Access Control • Firewall Rules • Logs • E-mail • Security Options • Scheduling • Services Admin Login The Admin Login screen allows you to assign a user name and password to the TW100BRV204 . Figure 34: Admin Login Screen 1. 2. 3. The default login name is "admin".
Security Configuration Figure 35: Password Dialog Enter the "User Name" and "Password" you set on the Admin Login screen above.
TW100-BRV204 User Guide Access Control This feature is accessed by the Access Control link on the Security menu. The Access Control feature allows administrators to restrict the level of Internet Access available to PCs on your LAN. With the default settings, everyone has unrestricted Internet access. To use this feature: 1. 2. 3. Set the desired restrictions on the "Default" group. All PCs are in the "Default" group unless explicitly moved to another group.
Security Configuration "Members" Button Click this button to add or remove members from the current Group. • If the current group is "Default", then members can not be added or deleted. This group contains PCs not allocated to any other group. • To remove PCs from the Default Group, assign them to another Group. • To assign PCs to the Default Group, delete them from the Group they are currently in. See the following section for details of the Group Members screen.
TW100-BRV204 User Guide Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Figure 37: Group Members Use this screen to add or remove members (PCs) from the current group. • The "Del >>" button will remove the selected PC (in the Members list) from the current group. • The "<< Add" button will add the selected PC (in the Other PCs list) to the current group. PCs not assigned to any group will be in the "Default" group.
Security Configuration Firewall Rules For normal operation and LAN protection, it is not necessary to use this screen. The Firewall will always block DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it - the service is unavailable. As well, you can use this screen to create Firewall rules to block or allow specific traffic. But incorrect configuration may cause serious problems.
TW100-BRV204 User Guide Data For each rule, the following data is shown: • Name - The name you assigned to the rule. • Source - The traffic covered by this rule, defined by the source IP address. If the IP address is followed by ... this indicates there is range of IP addresses, rather than a single address. • Destination - The traffic covered by this rule, defined by destination IP address. If the IP address is followed by ...
Security Configuration Define Firewall Rule Clicking the "Add" button in the Firewall Rules screen will display a screen like the example below. Figure 39: Define Firewall Rule Data - Define Firewall Rule Screen Name Enter a suitable name for this rule. Type This determines the source and destination ports for traffic covered by this rule. Select the desired option. Source IP These settings determine which traffic, based on their source IP address, is covered by this rule.
TW100-BRV204 User Guide Dest IP These settings determine which traffic, based on their destination IP address, is covered by this rule. Select the desired option: • Any - All traffic from the source port is covered by this rule. • Single address - Enter the required IP address in the "Start IP address" field". You can ignore the "Subnet Mask" field. • Range address - If this option is selected, you must complete both the "Start IP address" and "Finish IP address" fields.
Security Configuration Logs The Logs record various types of activity on the TW100-BRV204 . This data is useful for troubleshooting, but enabling all logs will generate a large amount of data and adversely affect performance. Since only a limited amount of log data can be stored in the TW100-BRV204 , log data can also be E-mailed to your PC or sent to a Syslog Server.
TW100-BRV204 User Guide Outgoing Traffic System Log Select the desired option: • All IP traffic - - this will log all outgoing TCP/IP connections, of any type. This will generate the largest logs, and fill the internal log buffer more quickly. • All TCP/UDP/ICMP traffic - These 3 protocols are used by most internet traffic. TCP is used by HTTP, FTP, Telnet, E-mail and other common Internet protocols and applications.
Security Configuration E-mail Figure 41: E-Mail Screen Data – E-Mail Screen E-Mail Alerts Send E-Mail alert If enabled, an E-mail will be sent immediately if a DoS (Denial of Service) attack is detected. If enabled, the E-mail address information must be provided. E-Mail Logs Send Logs by E-Mail If enabled, logs will be logs to the specified E-mail address. You need to select the Logs to be E-mailed, and complete the E-mail address settings on this screen.
TW100-BRV204 User Guide Subject Enter the text string to be shown in the "Subject" field for the Email. SMTP Server Enter the address or address or IP address of the SMTP (Simple Mail Transport Protocol) Server you use for outgoing E-mail. Port No. Enter the port number used to connect to the SMTP Server. The default value is 25.
Security Configuration Security Options This screen allows you to set Firewall and other security-related options. Figure 42: Security Options Screen Data - Security Options Screen Firewall Enable DoS Firewall If enabled, DoS (Denial of Service) attacks will be detected and blocked. The default is enabled. It is strongly recommended that this setting be left enabled.
TW100-BRV204 User Guide Options Respond to ICMP (ping) Allow VPN passthrough Drop fragmented IP packets The ICMP protocol is used by the "ping" and "trace route" programs, and by network monitoring and diagnostic programs. • If checked, the TW100-BRV204 will respond to ICMP packets received from the Internet. • If not checked, ICMP packets from the Internet will be ignored. Disabling this option provides a slight increase in security.
Security Configuration Scheduling • This schedule can be (optionally) applied to any Access Control Group. • Blocking will be performed during the scheduled time (between the "Start" and "Finish" times.) • Two (2) separate sessions or periods can be defined. • Times must be entered using a 24 hr clock. • If the time for a particular day is blank, no action will be performed. Define Schedule Screen This screen is accessed by the Scheduling link on the Security menu.
TW100-BRV204 User Guide Services Services are used in defining traffic to be blocked or allowed by the Access Control or Firewall Rules features. Many common Services are pre-defined, but you can also define your own services if required. To view the Services screen, select the Services link on the Security menu. Figure 44: Services Screen Data - Services Screen Available Services Available Services This lists all defined Services. Delete Button Use this to delete the selected Service from the list.
Chapter 8 VPN (IPSec) 8 This Chapter describes the VPN capabilities and configuration required for common situations. Overview This section describes the VPN (Virtual Private Network) support provided by your TW100BRV204 . A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network - typically the Internet. This secure connection is called a VPN Tunnel. There are many standards and protocols for VPNs. The standard implemented in the TW100BRV204 is IPSec.
TW100-BRV204 User Guide • Phase I is the negotiation and establishment up of the IKE connection. • Phase II is the negotiation and establishment up of the IPsec connection. Because the IKE and IPsec connections are separate, they have different SAs (security associations). Policies VPN configuration settings are stored in Policies. Note that different vendors use different terms. Generally, the terms "VPN Policy", "IPSec Policy", and "IPSec Proposal" have the same meaning.
Microsoft VPN Common VPN Situations VPN Pass-through Figure 45: VPN Pass-through Here, a PC on the LAN behind the Router/Gateway is using VPN software, but the Router/Gateway is NOT acting as a VPN endpoint. It is only allowing the VPN connection. • The PC software can use any VPN protocol supported by the remote VPN. • The remote VPN Server must support client PCs which are behind a NAT router, and so have an IP address which is not valid on the Internet.
TW100-BRV204 User Guide Connecting 2 LANs via VPN Figure 47: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. • The 2 LANs MUST use different IP address ranges. • The VPN Policies at each end determine when a VPN tunnel will be established, and what systems on the remote LAN can be accessed once the VPN connection is established. • It is possible to have simultaneous VPN connections to many remote sites.
Microsoft VPN VPN Configuration This section covers the configuration required on the TW100-BRV204 when using Manual Key Exchange (Manual Policies) or IKE (Automatic Policies). Details of using Certificates are covered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu. This screen lists all existing VPN policies. If no policies exist, the list will be empty.
TW100-BRV204 User Guide Move The order in which policies are listed is only important if you have multiple polices for the same remote site. In that case, the first matching policy is used. There are 2 ways to change the order of policies: • Use the up and down indicators on the right to move the selected row. You must confirm your changes by clicking "OK". If you change your mind before clicking "OK", click "Cancel" to reverse your changes.
Microsoft VPN Figure 50: VPN Wizard – General Screen General Settings Policy Name Enter a suitable name. This name is not supplied to the remote VPN. It is used only to help you manage the policies. Enable Policy Enable or disable the policy as required. For each remote VPN, only 1 policy can be enabled at any time. Allow NetBIOS traffic Enable this if you require NetBIOS traffic to be transferred through the VPN tunnel. NetBIOS is used by Microsoft (Windows) networking.
TW100-BRV204 User Guide Figure 51: VPN Wizard - Traffic Selector Screen • For outgoing VPN connections, these settings determine which traffic will cause a VPN tunnel to be created, and which traffic will be sent through the tunnel. • For incoming VPN connections, these settings determine which systems on your local LAN will be available to the remote endpoint. • The 2 VPN endpoints MUST use different address ranges.
Microsoft VPN Remote IP addresses Type • Single address - enter an IP address in the "Start IP address" field. • Range address - enter the starting IP address in the "Start IP address" field, and the finish IP address in the "Finish IP address" field. • Subnet address - enter the desired IP address in the "Start IP address" field, and the network mask in the "Subnet Mask" field. The remote VPN should have these IP addresses entered as it's "Local" addresses. 3. Click Next to continue.
TW100-BRV204 User Guide • For SHA-1, the keys should be 40 hex/20 ASCII characters. SPI ESP Encryption • Each SPI (Security Parameter Index) must be unique. • The "in" SPI here must match the "out" SPI on the remote VPN, and the "out" SPI here must match the "in" SPI on the remote VPN. • Each SPI should be at least 3 characters. ESP (Encapsulating Security Payload) provides security for the payload (data) sent through the VPN tunnel.
Microsoft VPN IKE Phase 1 If you selected IKE, the following screen is displayed after the Traffic Selector screen. This screen sets the parameters for the IKE SA. Figure 53: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE SA) Local Identity Remote Identity This setting must match the "Remote Identity" on the remote VPN. Select the desired option, and enter the required data in the "Local Identity Data" field. • WAN IP Address - This is the most common method. If selected, no input is required.
TW100-BRV204 User Guide Authentication • RSA Signature requires that both VPN endpoints have valid Certificates issued by a CA (Certification Authority). • For Pre-shared key, enter the same key value in both endpoints. The key should be at least 8 characters (maximum is 128 characters). Note that this key is used for the IKE SA only. The keys used for the IPsec SA are automatically generated. Authentication Algorithm Select the desired option, and ensure that both endpoints have the same settings.
Microsoft VPN IKE Phase 2 Screen This screen sets the parameters for the IPSec SA. When using IKE, there are separate connections (SAs) for IKE and IPSec. Figure 54: VPN Wizard - IKE Phase 2 Screen IKE Phase 2 (IPsec SA) IPsec SA Life Time This setting does not have to match the remote VPN endpoint; the shorter time will be used. Although measured in seconds, it is common to use time periods of several hours, such 28,800 seconds.
TW100-BRV204 User Guide For IKE, configuration is now complete. Click "Next" to view the final screen. Figure 55: VPN Wizard - Final Screen On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard.
Microsoft VPN VPN Examples This section describes some examples of using the TW100-BRV204 in common VPN situations. Example 1: Connecting 2 TW100-BRV204 s In this example, 2 LANs are connected via VPN. Figure 56: Connecting 2 TW100-BRV204 s Note • The LANs MUST use different IP address ranges. • Both endpoints have fixed WAN (Internet) IP addresses. Configuration Settings Setting LAN A Gateway LAN B Gateway Notes Name Policy 1 Policy 1 Name does not affect operation. Select a meaningful name.
TW100-BRV204 User Guide IKE Authentication method Pre-shared Key Pre-shared Key Certificates are not widely used. Pre-shared Key Xxxxxxxxxx Xxxxxxxxxx Must match IKE Authentication algorithm MD5 MD5 Must match IKE Encryption DES DES Must match IKE Exchange mode Main Mode Main Mode Must match DH Group Group 1 (768 bit) Group 1 (768 bit) Must match IKE SA Life time 28800 28800 Does not have to match. Shorter period will be used.
Microsoft VPN Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to the TW100-BRV204 and gains access to the local LAN. Figure 57: Windows 2000/XP Client to TW100-BRV204 To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed. TW100-BRV204 Configuration Setting Value Notes Name Win Client Name does not affect operation. Select a meaningful name. Remote Endpoint 172.16.9.10 Other endpoint's WAN (Internet) IP address.
TW100-BRV204 User Guide DH Group Group 1 (768 bit) Must match client PC IKE SA Life time 28800 Does not have to match client PC. Shorter period will be used. IKE PFS Disable Must match client PC IPSec SA Parameters IPSec SA Life time 28800 Do not have to match. Shorter period will be used.
Microsoft VPN Figure 59: Windows 2000/XP - Policy Properties 6. • Note that no rules are in use. Two (2) rules are required - incoming and outgoing. • The outgoing rule will be added first. Deselect the "Use Add Wizard" checkbox, then click "Add" to view the screen below. Figure 60: IP Filter List 7. Type "To DUT" for the name, then click "Add" to see a screen like the following.
TW100-BRV204 User Guide Figure 61: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address. • 9. Since this is the outgoing filter, the Source IP address is "My IP address" and the Destination IP address is the address range used on the remote LAN. • Ensure the Mirrored option is checked. Click "OK" to save your settings and close this dialog. Figure 62: New Rule Properties: IP Filter List 10.
Microsoft VPN Figure 63: New Rule Properties: Filter Action 11. Select Require Security, then click the "Edit" button, to view the Require Security Properties screen. Figure 64: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add".
TW100-BRV204 User Guide Figure 65: Modify Security Method 13. On the resulting screen (above), select High [ESP] then click "OK" to save your changes and return to the Require Security Properties screen. Figure 66: Require Security Properties 14. Ensure the following settings are correct, then click "OK" to return to the Filter Action tab of the Edit Rule Properties screen.
Microsoft VPN 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address. Enter the WAN (Internet) IP address of the TW100-BRV204 , as shown below. Figure 67: Tunnel Setting 16. Click the Authentication Methods tab, then click the "Edit" to see the screen like the example below. Figure 68: Authentication Method 17. Select Use this string to protect the key exchange (preshared key), then enter your preshared key in the field provided. 18.
TW100-BRV204 User Guide Figure 69: Windows 2000/XP Client to TW100-BRV204 20. To add the second (incoming) rule, click "Add". For the name, enter "To Win2K", then click "Add". Figure 70: Windows 2000/XP Client to TW100-BRV204 21. Enter the Source IP address and the Destination IP address as shown below. • Since this is the incoming filter, the Source IP address is the address range used on the remote LAN and the Destination IP address is "My IP address". • Ensure the Mirrored option is checked.
Microsoft VPN Figure 71: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Close". Figure 72: Filter List 23. Ensure the "To Win2K" filter is selected, then click the Filter Action tab.
TW100-BRV204 User Guide Figure 73: Filter Action 24. Select Require Security, then click "Edit". On the Require Security Methods screen below, select Negotiate security. Figure 74: Security Methods 25. Click the "Add" button. On the resulting Modify Security Method screen below, select High [ESP].
Microsoft VPN Figure 75: Modify Security Method 26. Click "OK" to save your changes, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the WAN (Internet) IP address of this PC (172.16.9.10 in this example). Figure 76: Tunnel Setting 28. Select the Authentication Methods tab, and click the "Edit" button to see the screen below.
TW100-BRV204 User Guide Figure 77: Authentication Method 29. Select Use this string to protect the key exchange (preshared key), then enter your preshared key in the field provided. 30. Click "OK" to save your settings, then "Close" to return to the DUT to Win2K Properties screen. There should now be 2 IP Filers listed, as shown below. Figure 78: DUT to Win2K Properties 31. Select the General tab.
Microsoft VPN Figure 79: Properties - General Tab 32. Click the "Advanced" button to see the screen below. Figure 80: Key Exchange Settings 33. Click the "Methods" button to see the screen below.
TW100-BRV204 User Guide Figure 81: Key Exchange Security Methods 34. Select the first entry, and click the "Edit" button to see the following screen. Figure 82: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm, "3DES" for Encryption algorithm, and "Low(1)" for the Diffie-Hellman Group. 36. Click "OK" to save, then "OK" again, and then "Close" to return to the Local Security Settings screen. 37. Right click the DUT to Win2K Policy and select "Assign" to make your policy active.
Microsoft VPN Example 3: Windows 2000 Server to VPN Gateway In this example, a Windows 2000 Server connects to the TW100-BRV204 . Users on each LAN can then gain access to the remote LAN. Figure 84: TW100-BRV204 to Windows 2000 Server TW100-BRV204 Configuration This is the same as for the client setup earlier, with the exception of the IP address range for the remote endpoint. Setting Single Client Server/Gateway Remote IP addresses 172.16.9.10 Subnet address: 11.5.0.0 255.255.0.
TW100-BRV204 User Guide Windows 2000 Server Configuration Configuration is the same as for Example 2: Windows 2000/XP Client to except for specifying the Source and Destination addresses for the "Filter Properties". Instead, for both IP Filters, the Filter Properties- Addressing should be completed as follows.
Microsoft VPN Certificates Certificates are used to authenticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificate to itself. This Certificate is required in order to validate communication with the CA. These certificates are called "Trusted Certificates.
TW100-BRV204 User Guide Figure 87: Add Trusted Certificate 3. 4. 5. 6. Click the "Browse" button, and locate the certificate file on your PC Select the file. The name will appear in the "Certificate File" field. Click "Upload" to upload the certificate file to the TW100-BRV204 . Click "Back" to return to the Trusted Certificate list. The new Certificate will appear in the list.
Microsoft VPN Delete button Use this button to delete a Self Certificate. Select the checkbox in the Delete column for any Certificates you wish to delete, then click the "Delete" button. Self Certificate Requests Request List Any current requests are listed. These requests are generated by using the New Request button described below. • After you have received the Certificate file for a request, you must select the request in the list, and upload the certificate file.
TW100-BRV204 User Guide 3. Name Enter a name which helps to identify this particular certificate. This name is only for your reference, it is not visible to other people. Subject Name This is the name which other organizations will see as the Holder (owner) of this Certificate. This should be your registered business name or official company name. Generally, all Certificates should have the same value in the Subject field. Hash Algorithm Select the desired option.
Microsoft VPN 8. • Start the Self Certificate request procedure. • When prompted for the request data, supply the data you copied and saved in step 5 above. • Submit the CA's form. • If there are no problems, the Certificate will then be issued. After obtaining a new Certificate, as described above, you need to upload it the TW100BRV204 . • Return to the Self Certificates screen. • In the Self Certificate Requests list, select the request matching this certificate.
TW100-BRV204 User Guide Figure 92: Certificate Revocation Lists 3. Click the "Add New CRL" button. You will see a screen like the following: Figure 93: Upload CRL 4. 5. Upload the CRL file: • Click the "Browse" button, and locate the CRL file on your PC • Select the file. The name will appear in the "File to Upload" field. • Click "Upload" to upload the CRL file to the TW100-BRV204 . • Click "Back" to return to the CRL list. The new CRL will appear in the list.
Microsoft VPN Data – VPN Status Screen VPN Status Policy Name The name of the VPN Policy which triggered this VPN connection. SPI Each SA (Security Association) has a unique SPI. For manual keys, this SPI is specified by user input. If using IKE, the SPI is generated by the IKE negotiation process. SA Type Each SAs (Security Association) will be either IKE or IPSec. VPN Endpoint The IP address of the remote VPN Endpoint.
Chapter 9 Microsoft VPN 9 This Chapter explains the screens and settings available for the Microsoft VPN function. Overview Microsoft VPN uses the Microsoft VPN Adapter which is provided in recent versions of Windows. This feature can be used to provide remote access to your LAN by individual PCs. This method provides an alternative to using IPSec VPN, which is described in the previous chapter. Using Microsoft VPN provides easier setup than using IPSec VPN.
Microsoft VPN Data – Microsoft VPN Screen PPTP Server Enable Use this checkbox to enable or disable this feature as required. To allow connection by remote Windows clients, you must enable this feature, and enter the client details (on the Clients screen) to allow them to login to this Server. Authentication Methods Enable the desired authentication methods. The methods are listed with the most secure first, least secure last. If multiple methods are checked, the most secure will be tried first.
TW100-BRV204 User Guide Delete Button Use this to delete the selected user if required. Properties Allow connection Use this to enable or disable access by this user, as required. Login Name Enter the login name. The remote user must provide this name when they connect. The name must not contain spaces, punctuation, or special characters. Login Password Enter the login password. The remote user must provide this password when they connect. Verify Password Re-enter the password above.
Microsoft VPN Status Screen The Status screen is accessed by selecting the Status option on the Microsoft VPN menu. Figure 97: Microsoft VPN Status Screen Data - Microsoft VPN Status Screen Server Status Status This indicates whether or not the PPTP (VPN) Server is enabled. Current Connections This indicates the number of remote clients currently logged into the PPTP (VPN) Server. Server Log Server Log This displays details of each connection or connection attempt.
TW100-BRV204 User Guide Windows Client Setup To connect to the PPTP (VPN) Server in the VPN Broadband Gateway: • The Microsoft VPN feature in the VPN Broadband Gateway must be enabled and configured, as described in the previous section. • Each user must have a login (username and password) on the VPN client database on the VPN Broadband Gateway. • The remote client PC must be configured as described in the following sections.
Microsoft VPN 5. Click "Finish" to exit the Wizard. The new entry will now be listed in "Dial-up Networking". If necessary, you can change the settings for this connection by right-clicking on it, and selecting Properties. To force all outgoing traffic to be sent via VPN, enable the setting This is the default Internet connection on the Dialing tab. (Do NOT enable this setting if using Dial-up or PPPoE client software.) Windows ME VPN Dialing Properties To establish a connection: 1. 2. 3. 4. 5.
TW100-BRV204 User Guide Windows 2000 Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open "Network Connections", and start the "New Connection" Wizard. Figure 100: Windows 2000 Network Connection 2. Select the VPN option ("Connect to a private network through the Internet"), as shown above, and click Next. Figure 101: Windows 2000 Public Network 3. On the screen above: • Select "Do not dial the initial connection" if Internet access is via the LAN.
Microsoft VPN Figure 102: Windows 2000 VPN Host 4. On the screen above, enter the Domain Name or Internet IP address of the TW100BRV204 you wish to connect to. Click Next to continue. Figure 103: Windows 2000 Connection Availability 5. Choose whether to allow this connection for everyone, or only for yourself, as required. Click Next to continue.
TW100-BRV204 User Guide Figure 104: Windows 2000 Finish Wizard 6. Enter a suitable name, and click "Finish" to save and exit. Setup is now complete. To establish a connection: 1. 2. 3. Right-click the connection in "Network Connections", and select "Connect". You will then be prompted for the username and password. Enter the username and password assigned to you, as recorded in the VPN client database on the TW100BRV204 .
Microsoft VPN Windows XP Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network Connections (Start-Settings-Network Connections), and start the New Connection Wizard. Figure 105: Windows XP Network Connection Type 2. Select the option "Connect to the network at my workplace", as shown above, and click Next. Figure 106: Windows XP Network Connection 3. On the next screen, shown above, select the "Virtual Private Network connection" option.
TW100-BRV204 User Guide Figure 107: Windows XP Connection Name 4. Enter a suitable name for this connection. Click Next to continue. Figure 108: Windows XP Public Network 5. On the screen above, select "Do not dial the initial connection". Click Next to continue.
Microsoft VPN 6. On the screen above, enter the Domain Name or Internet IP address of the TW100BRV204 you wish to connect to. Click Next to continue. Figure 110: Windows XP Connection Availability 7. 8. Choose whether to allow this connection for everyone, or only for yourself, as required. Click Next to continue. On the final screen, click Finish to save and exit. Setup is now complete. To establish a connection: 1. 2. 3. Right-click the connection in "Network Connections", and select "Connect".
Chapter 10 Other Features & Settings 10 This Chapter explains the screens and settings available via the "Other" menu. Overview Normally, it is not necessary to use these screens, or change any settings. These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users. The screens available are: Config File Backup or restore the configuration file for the TW100-BRV204 . This file contains all the configuration data.
Other Features and Settings Config File This feature allows you to backup (download) the current settings from the TW100-BRV204 , and save them to a file on your PC. You can restore a previously-downloaded configuration file to the TW100-BRV204 , by uploading it to the TW100-BRV204 . This screen also allows you to set the TW100-BRV204 back to its factory default configuration. Any existing settings will be deleted. An example Config File screen is shown below.
TW100-BRV204 User Guide Network Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These activities can be useful in solving network problems. An example Network Diagnostics screen is shown below. Figure 112: Network Diagnostics Screen Data - Network Diagnostics Screen Ping IP Address Enter the IP address you wish to ping. The IP address can be on your LAN, or on the Internet.
Other Features and Settings PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It eliminates the need to enter IP addresses. Also, you do not need to use fixed IP addresses on your LAN. PC Database Screen An example PC Database screen is shown below. Figure 113: PC Database • PCs which are "DHCP Clients" are automatically added to the database, and updated as required.
TW100-BRV204 User Guide Data - PC Database Screen Known PCs This lists all current entries. Data displayed is name (IP Address) type. The "type" indicates whether the PC is connected to the LAN. Name If adding a new PC to the list, enter its name here. It is best if this matches the PC's "hostname". IP Address Enter the IP Address of the PC. The PC will be sent a "ping" to determine its hardware address. If the PC is not available (not connected, or not powered On) you will not be able to add it.
Other Features and Settings PC Database (Admin) This screen is displayed if the "Advanced Administration" button on the PC Database is clicked. It provides more control than the standard PC Database screen. Figure 114: PC Database (Admin) Data - PC Database ( Admin) Screen Known PCs This lists all current entries. Data displayed is name (IP Address) type. The "type" indicates whether the PC is connected to the LAN. PC Properties Name If adding a new PC to the list, enter its name here.
TW100-BRV204 User Guide MAC Address Select the appropriate option • Automatic discovery - Select this to have the TW100-BRV204 contact the PC and find its MAC address. This is only possible if the PC is connected to the LAN and powered On. • MAC is - Enter the MAC address on the PC. The MAC address is also called the "Hardware Address", "Physical Address", or "Network Adapter Address". The TW100-BRV204 uses this to provide a unique identifier for each PC.
Other Features and Settings Remote Administration Remote Administration allows you to connect to this interface via the Internet, using your Web browser. Figure 115: Remote Administration Screen Data - Remote Administration Screen Information Information To establish a connection from the Internet: 1. Enable Remote Administration and configure this screen. 2. From a remote location, start your Browser. 3.
TW100-BRV204 User Guide nected to the Internet. But if using a Dynamic IP Address, this value can change each time you connect to your ISP. There are 2 solutions to this problem: Port Number • Have your ISP allocate you a Fixed IP address. • Use the DDNS feature (Internet menu) so you can connect using a Domain Name, rather than an IP address. Enter a port number between 1024 and 65535. The default for HTTP connections is port 80, and for HTTPS port 443. Using either of these is NOT recommended.
Other Features and Settings Routing Overview • If you don't have other Routers or Gateways on your LAN, you can ignore the "Routing" page completely. • If the TW100-BRV204 is only acting as a Gateway for the local LAN segment, ignore the "Routing" page even if your LAN has other Routers. • If your LAN has a standard Router (e.g. Cisco) on your LAN, and the TW100-BRV204 is to act as a Gateway for all LAN segments, enable RIP (Routing Information Protocol) and ignore the Static Routing table.
TW100-BRV204 User Guide Figure 116: Routing Screen Data - Routing Screen RIP Enable RIP Check this to enable the RIP (Routing Information Protocol) feature of the TW100-BRV204 . The TW100-BRV204 supports RIP 1 only. Static Routing Static Routing Table Entries This list shows all entries in the Routing Table. • The "Properties" area shows details of the selected item in the list. • Change any the properties as required, then click the "Update" button to save the changes to the selected entry.
Other Features and Settings Properties • Destination Network - The network address of the remote LAN segment. For standard class "C" LANs, the network address is the first 3 fields of the Destination IP Address. The 4th (last) field can be left at 0. • Network Mask - The Network Mask for the remote LAN segment. For class "C" networks, the default mask is 255.255.255.
TW100-BRV204 User Guide Other Routers on the Local LAN Other routers on the local LAN must use the TW100-BRV204 's Local Router as the Default Route. The entries will be the same as the TW100-BRV204 's local router, with the exception of the Gateway IP Address. • For a router with a direct connection to the TW100-BRV204 's local Router, the Gateway IP Address is the address of the TW100-BRV204 's local router.
Other Features and Settings Metric 3 For Router A's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.0.1 (TW100-BRV204 's IP Address) Interface LAN For Router B's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.1.
TW100-BRV204 User Guide Upgrade Firmware Use this screen to upgrade your TW100-BRV204 's firmware. • You must download the required firmware file, and store it on your PC. • During the upgrade process, all existing Internet connections will be terminated. • The upgrade process must NOT be interrupted!. Figure 118: Upgrade Firmware Screen Data – Upgrade Firmware Screen Upgrade Firmware TW100-BRV204 Password Enter the current password assigned to the TW100-BRV204 .
Other Features and Settings UPnP An example UPnP screen is shown below. Figure 119: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Services Allow Configuration... Allow Internet access to be disabled • UPnP (Universal Plug and Play) allows automatic discovery and configuration of equipment attached to your LAN. UPnP is by supported by Windows ME, XP, or later. • If Enabled, this device will be visible via UPnP. • If Disabled, this device will not be visible via UPnP.
Appendix A Troubleshooting A This Appendix covers the most likely problems and their solutions. Overview This chapter covers some common problems that may be encountered while using the TW100BRV204 and some possible solutions to them. If you follow the suggested steps and the TW100-BRV204 still does not function properly, contact your dealer for further advice. General Problems Problem 1: Can't connect to the TW100-BRV204 to configure it.
Appendix A - Troubleshooting Solution 2: The TW100-BRV204 processes the data passing through it, so it is not transparent. Use the Special Applications feature to allow the use of Internet applications which do not function correctly. If this does solve the problem you can use the DMZ function. This should work with almost every application, but: • It is a security risk, since the firewall is disabled. • Only one (1) PC can use this feature.
Appendix B Specifications B TW100-BRV204 Model TW100-BRV204 Dimensions 141mm(W) * 100mm(D) * 27mm(H) Operating Temperature 0° C to 40° C Storage Temperature -10° C to 70° C Network Protocol: TCP/IP Network Interface: 5 Ethernet: 3 * 10/100BaseT (RJ45) LAN connection 1 * 10/100BaseT (RJ45) DMZ connection 1 * 10/100BaseT (RJ45) for WAN LEDs 11 Power Adapter 9 V DC External FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant
Appendix B - Specifications FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body. This device complies with Part 15 of the FCC Rules.
TW100-BRV204 User Guide Limited Warranty TRENDware warrants its products against defects in material and workmanship, under normal use and service, for the following lengths of time from the date of purchase.
Appendix B - Specifications PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR OR MODIFY, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
TW100-BRV204 User Guide 142
