Cisco Systems RV042RF User Manual

10/100 4-Port VPN Router

USER GUIDE

BUSINESS SERIES

Model: RV042

About This Guide

Icon Descriptions

While reading through the User Guide you may see various icons that call attention to specific items. Below is a description of these icons:

NOTE: This check mark indicates that there is

a note of interest and is something that you should pay special attention to while using the product.

WARNING: This exclamation point indicates

that there is a caution or warning and it is something that could damage your property or product.

WEB: This globe icon indicates a noteworthy

website address or e-mail address.

Linksys, Cisco and the Cisco Logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2008 Cisco Systems, Inc. All rights reserved. Trend Micro, InterScan, and ProtectLink are trademarks of Trend Micro Incorporated. Other brands and product names are trademarks or registered trademarks of their respective holders.

Online Resources

Website addresses in this document are listed without http:// in front of the address because most current web browsers do not require it. If you use an older web browser, you may have to add http:// in front of the web address.

Resource Website

Linksys www.linksys.com

Linksys International www.linksys.com/international

Glossary www.linksys.com/glossary

Network Security www.linksys.com/security

10/100 4-Port VPN Router

Table of Contents

Chapter 1: Introduction 1

Introduction to the Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Introduction to VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

VPN Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

VPN Router to VPN Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Computer (using VPN client software) to VPN Router . . . . . . . . . . . . . . . . . . . . 2

Chapter 2: Product Overview 3

Front Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Right Side Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Left Side Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 3: Installation 4

Physical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Horizontal Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Wall-Mounting Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Cable Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 4: Advanced Conguration 6

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

How to Access the Web-Based Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

System Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Network Setting Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Firewall Setting Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

VPN Setting Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Log Setting Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Setup Tab > Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Setup > Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Setup > Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Setup > DMZ Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

DMZ Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Setup Tab > Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Setup > UPnP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

UPnP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Setup > One-to-One NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

10/100 4-Port VPN Router

Table of Contents

One-to-One NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Setup > MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Setup > DDNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Setup > Advanced Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Advanced Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

DHCP > Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

DHCP > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

System Management Tab > Dual-WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Dual-WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

System Management > Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . . . .23

Bandwidth Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

System Management > SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

System Management > Diagnostic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Diagnostic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

System Management > Factory Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Factory Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

System Management > Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

System Management > Setting Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Import Conguration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Export Conguration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Port Management > Port Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Basic Per Port Cong. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Port Management > Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Firewall > General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Firewall > Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Access Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Add a New Access Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Firewall > Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

ProtectLink. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

VPN > Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

VPN > Gateway to Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Add a New Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

IPSec Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

10/100 4-Port VPN Router

iii

Table of Contents

VPN > Client to Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

Add a New Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

IPSec Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

VPN > VPN Client Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

VPN Client Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

VPN > VPN Pass Through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

VPN Pass Through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

VPN > PPTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

PPTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Connection List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Log > System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

System Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Log > System Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Basic Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Access Rule Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Linksys Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Appendix A: Troubleshooting 57

Appendix B:

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Router Conguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Linksys QuickVPN Client Installation and Conguration . . . . . . . . . . . . . . . . . . . . .59

Use of the Linksys QuickVPN Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Linksys QuickVPN for Windows 2000, XP, or Vista 58

Computer (using VPN client software) to VPN Router . . . . . . . . . . . . . . . . . . . .58

Linksys QuickVPN Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Export a Client Certicate from the Router. . . . . . . . . . . . . . . . . . . . . . . . . . .58

Add VPN Client Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Install from the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Download from the Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Install the Client Certicate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Linksys QuickVPN Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Version Number of Linksys QuickVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Appendix C: Gateway-to-Gateway VPN Tunnel 62

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Conguration when the Remote Gateway Uses a Static IP Address . . . . . . . . . . . . . .62

Conguration of the RVL200. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Conguration of the RV042 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

10/100 4-Port VPN Router

Table of Contents

Conguration of PC 1 and PC 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Conguration when the Remote Gateway Uses a Dynamic IP Address. . . . . . . . . . . .64

Conguration of the RVL200. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Conguration of the RV042 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Conguration of PC 1 and PC 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Conguration when Both Gateways Use Dynamic IP Addresses . . . . . . . . . . . . . . . .65

Conguration of the RVL200. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Conguration of the RV042 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

Conguration of PC 1 and PC 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

Appendix D: IPSec NAT Traversal 67

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Conguration of Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Conguration of Router A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Conguration of Router B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Conguration of Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Conguration of the One-to-One NAT Rules. . . . . . . . . . . . . . . . . . . . . . . . . .69

Conguration of Router B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

Conguration of Router A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

Appendix E: Bandwidth Management 72

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Creation of New Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Creation of New Bandwidth Management Rules. . . . . . . . . . . . . . . . . . . . . . . . . .73

Appendix F: Firmware Upgrade 74

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

How to Access the Web-Based Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Alternative Firmware Upgrade Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Appendix G: Trend Micro ProtectLink Gateway Service 76

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

How to Access the Web-Based Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

How to Purchase, Register, or Activate the Service. . . . . . . . . . . . . . . . . . . . . . . . .76

System Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

ProtectLink. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

How to Use the Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

ProtectLink > Web Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

ProtectLink > Email Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79

ProtectLink > License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79

10/100 4-Port VPN Router

Appendix H: Specications 81

Table of Contents

Appendix I: Warranty Information 82

Exclusions and Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Obtaining Warranty Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Appendix J: Software License Agreement 84

Software in Linksys Products: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Software Licenses: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Schedule 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Linksys Software License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

END OF SCHEDULE 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

Schedule 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

GNU GENERAL PUBLIC LICENSE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

END OF SCHEDULE 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Schedule 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

OpenSSL License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Original SSLeay License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

END OF SCHEDULE 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90

Appendix K: Regulatory Information 91

FCC Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Safety Notices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Industry Canada Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Avis d’Industrie Canada. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste

Electric and Electronic Equipment (WEEE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Appendix L: Contact Information 96

10/100 4-Port VPN Router

Chapter 1

Introduction

Chapter 1: Introduction

Introduction to the Router

Thank you for choosing the Linksys 10/100 4-Port VPN Router. The Router lets multiple computers in your office share an Internet connection. The dual Internet ports let you connect a second Internet line as a backup, or you can use both Internet ports at the same time, allowing the Router to manage bandwidth demands for maximum efficiency.

The Router features a built-in, 4-port, full-duplex, 10/100 Ethernet switch to connect four computers directly, or you can connect more switches to expand your network. For remote connections, up to 50 remote office or traveling users can securely connect to your office network using the Router’s Virtual Private Network (VPN) capability.

Use the browser-based utility to configure settings and run convenient wizards that will help you set up the Router and its access rules.

For an IPSec VPN tunnel, the VPN Router and any computer with the built-in IPSec Security Manager (Windows 2000 and XP) can create a VPN tunnel using IPSec (Windows Vista uses a similar utility). Other Windows operating systems require additional, third-party VPN client software applications that support IPSec to be installed.

NOTE: The 10/100 4-Port VPN Router supports

IPSec VPN client software, including the Linksys QuickVPN software. (For more information, refer to “Appendix B: Linksys QuickVPN for Windows 2000, XP, or Vista”.)

For a PPTP VPN tunnel, the 10/100 4-Port VPN Router and any computer running Windows 2000 or XP can create a VPN tunnel using PPTP.

VPN Examples

The following are examples of a VPN tunnel between two VPN routers and a VPN tunnel between a computer using VPN client software and a VPN router.

VPN Router to VPN Router

Introduction to VPNs

A VPN is a connection between two endpoints—a VPN Router, for instance—in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. This establishes a private network that can send data securely between these two locations or networks.

The private network is established by creating a “tunnel”. A VPN tunnel connects the two computers or networks and allows data to be transmitted over the Internet as if it were still within those networks. A VPN tunnel uses industry-standard encryption and authentication techniques to secure the data sent between the two networks.

Virtual Private Networking was created as a cost-effective alternative to using a private, dedicated, leased line for a private network. It can be used to create secure networks linking a central office with branch offices, telecommuters, and/or professionals on the road.

There are two basic ways to create a VPN connection:

•

VPN Router to VPN Router

For example, at home, a telecommuter uses his VPN Router for his always-on Internet connection. His Router is configured with his office’s VPN settings. When he connects to his office’s router, the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs use the Internet, distance is not a factor. Using the VPN, the telecommuter now has a secure connection to the central office’s network, as if he were physically connected.

Home

VPN Router

Internet

Central Office

computer (using VPN client software) to VPN Router •

The VPN Router creates a “tunnel” or channel between two endpoints, so that data transmissions between them are secure. A computer with VPN client software can be one of the two endpoints.

10/100 4-Port VPN Router

VPN Router

VPN Router to VPN Router

Chapter 1

Computer (using VPN client software) to VPN Router

The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling businesswoman connects to her Internet Service Provider (ISP). Her notebook computer has VPN client software that is configured with her office’s VPN settings. She accesses the VPN client software and connects to the VPN Router at the central office. As VPNs use the Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure connection to the central office’s network, as if she were physically connected.

Off-Site

Internet

Introduction

Notebook with VPN

Client Software

VPN

Router

For additional information and instructions about creating your own VPN, visit the Linksys website at www.linksys.com.

Central Office

Computer to VPN Router

10/100 4-Port VPN Router

Chapter 2

Product Overview

Chapter 2: Product Overview

Front Panel

Diag (Red) The Diag LED lights up when the

Router is not ready for use. It turns off when the Router is ready for use.

System (Green) The System LED lights up

when the Router is powered on. It flashes when the Router is running a diagnostic test.

Internet (Green) The Internet LED lights up

when the Router is connected to a cable or DSL modem through the Internet (WAN1) port.

DMZ/Internet (Green) The DMZ/Internet LED

lights up when the Router is actively connected through the DMZ/Internet (WAN2) port.

DMZ Mode (Green) The DMZ Mode LED lights

up when the Router is using DMZ mode.

1, 2, 3, 4 (LAN) (Green) These numbered LEDs,

corresponding with the numbered ports on the Router’s back panel, serve two purposes. The LED is solidly lit when the Router is connected to a device through that port. The LED flashes to indicate network activity over that port.

Reset The Reset button can be used for a warm

reset or a reset to factory defaults.

Warm Reset • If the Router is having

problems connecting to the Internet, press and hold in the Reset button for a second using the tip of a pen. This is similar to pressing the power button on your computer to reboot it.

Reset to Factory Defaults • If you are

experiencing extreme problems with the Router and have tried all other troubleshooting measures, press and hold in the Reset button for 30 seconds. This will restore the factory defaults and clear all of the Router’s custom settings.

You can also reset the Router to factory defaults using the System Management > Factory Default screen of the Router’s web-based utility.

1, 2, 3, 4 (LAN) These Ethernet ports connect

the Router to wired computers and other Ethernet network devices.

Internet (WAN1) This port connects to a cable

or DSL modem.

DMZ/Internet (WAN2) This port can be used

in one of two ways, a second Internet port or DMZ port. When used as an additional Internet port, it connects to a cable or DSL modem. When used as a DMZ port, it connects to a switch or public server.

Right Side Panel

Back Panel

10/100 4-Port VPN Router

Power The Power port connects to the AC

power adapter.

Left Side Panel

Security Slot You can attach a lock to the

security slot so the Router will be protected from theft.

Chapter 3

57 mm

Installation

Chapter 3: Installation

Physical Installation

There are two ways to place the Router. The first way is to place the Router horizontally on a surface. The second way is to mount the Router on a wall.

Horizontal Placement

The Router has four rubber feet on its bottom panel. Set the Router on a flat surface near an electrical outlet.

WARNING: Do not place excessive weight

on top of the Router; too much weight could damage it.

Follow these instructions:

Determine where you want to mount the Router. Make 1. sure that the wall you use is smooth, flat, dry, and sturdy. Also make sure the location is within reach of an electrical outlet.

Drill two holes into the wall. Make sure the holes are 2. 57 mm (2.24 inches) apart.

Insert a screw into each hole and leave 2 mm 3. (0.8 inches) below the head exposed.

Maneuver the Router so two of the wall-mount slots 4. line up with the two screws.

Place the wall-mount slots over the screws and slide 5. the Router down until the screws fit snugly into the wall-mount slots.

Wall-Mounting Placement

The Router has two wall-mount slots on its bottom panel. The distance between the two slots is 57 mm (2.24 inches).

Two screws are needed to mount the Router.

Suggested Mounting Hardware

4.5-5 mm 1.5-1.8 mm

Note: Mounting hardware illustrations are not † true to scale.

NOTE: Linksys is not responsible for damages

incurred by insecure wall-mounting hardware.

2.5-2.9 mm

Print this page at 100% size. Cut along the dotted line, and place on the wall to drill precise spacing.

Wall Mounting Template

Cable Connections

To connect network devices to the Router, follow these instructions:

Before you begin, make sure that all of your hardware 1. is powered off, including the Router, computers, switches, and cable or DSL modem.

10/100 4-Port VPN Router

Chapter 3

Installation

Connect one end of an Ethernet network cable to 2. one of the numbered ports on the back of the Router. Connect the other end to an Ethernet port on a network device, such as a computer or switch.

Repeat this step to connect more computers or other network devices to the Router.

Connect to Port 1

Connect your cable or DSL modem’s 3. Ethernet cable to the Router’s Internet port.

If you are using the DMZ/Internet port, then connect an Ethernet cable to the DMZ/Internet port. Connect the other end to a network device, such as a modem or public server.

Connect the included power adapter to the Router’s 5. Power port, and then plug the power adapter into an electrical outlet.

Connect the Power

The System LED on the front panel will light up as soon 6. as the power adapter is connected properly.

Power on your computers and other network devices.7.

Connect to the Internet Port

Connect to the DMZ/Internet Port

Power on the cable or DSL modem. If you have a 4. network device connected to the DMZ/Internet port, power on the network device.

10/100 4-Port VPN Router

Chapter 4

Advanced Configuration

Chapter 4: Advanced Configuration

Overview

The Router’s web-based utility allows you to set up the Router and perform advanced configuration and troubleshooting. This chapter will explain all of the functions in this utility.

These are the main tabs of the utility: System Summary, Setup, DHCP, System Management, Port Management, Firewall, VPN, Log, Wizard, Support, and Logout. Additional tabs will be available after you click one of the main tabs.

How to Access the Web-Based Utility

For local access of the Router’s web-based utility, 1. launch your web browser, and enter the Router’s default IP address, 192.168.1.1, in the Address field. Press the Enter key.

System Summary

The first screen that appears is the System Summary screen, which displays the Router’s current status and settings. This information is read-only. Underlined text is hyperlinked to related setup pages, so if you click a hyperlink, the related setup screen will appear. On the right-hand side of this screen and all other screens of the utility is a link to the Site Map, which has links to all of the utility’s tabs. Click Site Map to view the Site Map. Then, click the desired tab.

Address Bar

NOTE: If the Remote Management feature on

the Firewall > General screen has been enabled, then users with administrative privileges can remotely access the web-based utility. Use http://<WAN IP address of the Router>, or use https://<WAN IP address of the Router> if you have enabled the HTTPS feature.

A login screen prompts you for your User name and 2. Password. Enter admin in the User name field, and enter admin in the Password field. (You can change the Password on the Setup > Password screen.) Then click OK.

System Summary

10/100 4-Port VPN Router

Chapter 4

Advanced Configuration

System Up Time This is the length of time in days, hours,

and minutes that the Router has been active. The current time and date are also displayed.

Trend Micro™ ProtectLink Gateway

The optional Trend Micro ProtectLink Gateway service provides security for your network. It checks e-mail messages, filters website addresses (URLs), and blocks potentially malicious websites.

NOTE: If the Trend Micro ProtectLink Gateway

options are not displayed on the System Summary screen, you can upgrade the Router’s

firmware if you want to purchase and use this optional service. Refer to “Appendix F: Firmware Upgrade” for instructions.

Go buy To purchase a license to use this service, click Go

buy. You will be redirected to a list of Linksys resellers on the

Linksys website. Then follow the on-screen instructions.

System Summary (ProtectLink™ Available)

Site Map

System Information

Serial Number Displayed here is the serial number of the

Router.

Firmware version Displayed here is the current version

number of the firmware installed on the Router.

CPU Displayed here are the type and speed of the

processor installed on the Router.

DRAM Displayed here is the size of DRAM installed on

the Router’s motherboard.

Flash Displayed here is the size of flash memory installed

on the Router’s board.

will be redirected to the Trend Micro ProtectLink Gateway website. Then follow the on-screen instructions.

NOTE: To have your e-mail checked, you will

need to provide the domain name and IP address of your e-mail server. If you do not know this information, contact your Internet Service Provider (ISP).

Activate If you have registered, click Activate. You will

be redirected to the Trend Micro ProtectLink Gateway website. Follow the on-screen instructions.

For more information, refer to “Appendix G: Trend Micro ProtectLink Gateway Service.”

Configuration

If you need help to configure the Router, click Setup Wizard, and follow the on-screen instructions. For

additional information, refer to the “Wizard” section of this chapter.

Port Statistics

The image of the Router’s back panel displays the status of each port. If a port is disabled, it will be red; if a port is enabled, it will be black. If a port is connected, it will be green. Click any port to view the port’s Summary table in a separate window.

The Summary table shows the settings of the selected port, including Type, Interface, Link Status, Port Activity, Priority, Speed Status, Duplex Status, and Auto negotiation.

10/100 4-Port VPN Router

Chapter 4

Port 1 Information

Advanced Configuration

DDNS It shows the DDNS settings of the Router’s WAN

port(s) and hyperlinks to the Setup > DDNS screen.

DMZ Host It shows the DMZ private IP address and

hyperlinks to the Setup > DMZ Host screen. The default is Disabled.

Firewall Setting Status

SPI (Stateful Packet Inspection) It shows the status

(On/Off) of the SPI setting and hyperlinks to the Firewall > General screen.

DoS (Denial of Service) It shows the status (On/Off) of

the DoS setting and hyperlinks to the Firewall > General screen.

Block WAN Request It shows the status (On/Off) of

the Block WAN Request setting and hyperlinks to the Firewall > General screen.

For the selected port, the statistics table shows this information: number of packets received, number of packet bytes received, number of packets transmitted, number of packet bytes transmitted, and number of packet errors.

To update the on-screen information, click Refresh. To exit this screen, click Close.

Network Setting Status

LAN IP It shows the current LAN IP address of the Router,

as seen by internal users on the network, and it hyperlinks to the LAN Setting section on the Network screen of the Setup tab.

WAN1 IP This shows the current WAN1 IP address of

the Router, as seen by external users on the Internet and hyperlinks to the WAN Connection Type settings on the Setup > Network screen. If the port is set to Obtain an IP automatically, two buttons, Release and Renew, will be available. Click Release to release the IP address, and click Renew to update the DHCP Lease Time or get a new IP address. If the WAN port is set to PPPoE or PPTP, two buttons, Connect and Disconnect, will be available.

WAN2/DMZ IP This shows the current WAN2 IP address

of the Router, or DMZ IP address when DMZ is selected, as seen by external users on the Internet and hyperlinks to the WAN Connection Type settings on the Setup > Network screen.

Mode It shows the Router’s Working Mode (Gateway or

Router), and it hyperlinks to the Dynamic Routing section on the Setup > Advanced Routing screen.

DNS It shows all DNS server IP addresses and hyperlinks

to the WAN Connection Type settings on the Setup > Network screen.

VPN Setting Status

VPN Summary It hyperlinks to the VPN > Summary

screen.

Tunnel(s) Used It shows the number of VPN tunnels

used.

Tunnel(s) Available It shows the number of VPN tunnels

available.

Current Connected (The Group Name of GroupVPN1) users It shows the number of users. (If the GroupVPN

feature is disabled, the message, “No Group VPN was defined”, is displayed.)

Current Connected (The Group Name of GroupVPN2) users It shows the number of users.

Log Setting Status

It hyperlinks to the Log > System Log screen of the Log tab.

If you have not set up the e-mail server on the Log tab, the message, “E-mail cannot be sent because you have not specified an outbound SMTP server address,” will be displayed.

If you have set up the mail server but the log has not been generated due to the Log Queue Length and Log Time Threshold settings, the message, “E-mail settings have been configured,” will be displayed.

If you have set up the e-mail server and the log has been sent to the e-mail server, the message, “E-mail settings have been configured and sent out normally,” will be displayed.

If you have set up the e-mail server and the log cannot be sent to the e-mail server, the message, “E-mail cannot

10/100 4-Port VPN Router

Chapter 4

be sent out, probably use incorrect settings,” will be displayed.

Setup Tab > Network

The Network screen shows all of the Router’s basic setup functions. The Router can be used in most network setups without changing any of the default values; however, you may need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL or cable) carrier. The setup information is provided by your ISP.

Advanced Configuration

Create or Modify a Subnet

Setup > Network

Network

Host Name and Domain Name Enter a host and domain

name for the Router. Some ISPs require these names as identification. You may have to check with your ISP to see if your broadband Internet service has been configured with a host and domain name. In most cases, you can leave these fields blank.

LAN IP Address Enter the LAN IP address.

Subnet Mask Enter the subnet mask.

For example, the current LAN settings show the Device IP Address as 192.168.1.1 and the Subnet Mask as

255.255.255.0. To add one more Class C network, enter the following:

LAN IP Address • 192.168.2.1

Subnet Mask • 255.255.255.0

Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Network screen.

LAN Setting

The LAN MAC address of the Router is displayed.

Device IP Address and Subnet Mask The default values

are 192.168.1.1 for the Router’s local IP address and

255.255.255.0 for the subnet mask.

Multiple Subnet You can add more Class C networks

to expand the network. Select this option to enable the Multiple Subnet feature. Then click Add/Edit to create or modify subnet(s). A new screen appears.

10/100 4-Port VPN Router

Add One More Class C Network

Chapter 4

Advanced Configuration

If you want to modify a subnet you have created, select it and make changes. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Network screen.

If you want to delete a subnet you have created, select it and click Delete selected subnet. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Network screen.

You can also divide a Class C network into four subnets. For example, the current LAN settings show the Device IP Address as 192.168.1.1 and the Subnet Mask as

255.255.255.192.

LAN Settings Example

To get the other three subnets, enter the following:

Subnet 1

LAN IP Address • 192.168.2.65

Subnet Mask • 255.255.255.192

Subnet 2

LAN IP Address • 192.168.2.129

Dual-WAN/DMZ Setting

Before configuring the WAN Connection Type settings, select Dual WAN or DMZ. The Dual WAN setting allows you to simultaneously connect two broadband connections to the Router. On the System Management > Dual-WAN screen, you can specify using one as a primary connection, with Smart Link Backup or using both connections in concert, with Load Balance. The DMZ setting allows one network PC to be exposed to the Internet to use special-purpose services, such as Internet gaming or videoconferencing.

WAN Connection Type

Configure the settings for the WAN or DMZ ports.

WAN1/2

These are the available connection types: Obtain an IP automatically, Static IP, PPPoE, PPTP, and Heart Beat Signal. Depending on which connection type you select, you will see various settings.

Obtain an IP Automatically

If your ISP automatically assigns an IP address, select Obtain an IP automatically. (Most cable modem subscribers use this connection type.) Your ISP assigns these values.

Subnet Mask • 255.255.255.192

Subnet 3

LAN IP Address • 192.168.2.193

Subnet Mask • 255.255.255.192

Click Add to List. Then click Save Settings.

Obtain an IP Automatically

Use the Following DNS Server Addresses If you want to

specify DNS server IP addresses, select this option.

DNS Server (Required) 1/2 If you select Use the Following

DNS Server Addresses, enter at least one DNS server IP address. Multiple DNS server IP settings are common. In most cases, the first available DNS entry is used.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Static IP

If you are required to use a permanent IP address, select Static IP.

Create Three Additional Subnets

10/100 4-Port VPN Router

Chapter 4

Static IP

Specify WAN IP Address Enter the external IP address of

the Router.

Subnet Mask Enter the subnet mask of the Router.

Default Gateway Address Enter the IP address of the

default gateway.

DNS Server (Required) 1/2 Enter at least one DNS server

IP address. Multiple DNS server IP settings are common. In most cases, the first available DNS entry is used.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

PPPoE (Point-to-Point Protocol over Ethernet)

Some DSL-based Internet Service Providers (ISPs) use PPPoE (Point-to-Point Protocol over Ethernet) to establish Internet connections for end-users. If you use a DSL line, check with your ISP to see if they use PPPoE, select PPPoE.

Advanced Configuration

Service Name Enter the Service Name, if provided by

your ISP.

Connect on Demand If you select the Connect on

Demand option, the connection will be disconnected after a specified period of inactivity (Max Idle Time). If you have been disconnected due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as soon as you attempt to access the Internet again. Enter the number of minutes you want to have elapsed before your Internet access disconnects. The default Max Idle Time is 5 minutes.

Keep Alive: Interval If you select the Keep Alive option,

the Router will send keep-alive packets as often as you specify. The default Interval is 30 seconds.

Keep Alive: Retry Times If you select the Keep Alive

option, the Router will send keep-alive packets as many times as you specify. If the Router does not receive a response from the ISP, then the Router will terminate the connection and start sending PADI packets after the Redial Period. The default Retry Times is 5 times.

Keep Alive: Redial Period If you select the Keep Alive

option, the Router will keep the connection alive by sending out a few data packets periodically, so your ISP thinks that the connection is still active. This option keeps your connection active indefinitely, even when it sits idle. The default Redial Period is 30 seconds.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

PPTP (Point-to-Point Tunneling Protocol)

Point to Point Tunneling Protocol (PPTP) is a service used in Europe, Israel, and other countries.

PPPoE

User Name and Password Enter your account’s User

Name and Password. The maximum number of characters is 60.

10/100 4-Port VPN Router

PPTP

Specify WAN IP Address Enter the external IP address of

the Router.

Subnet Mask Enter the subnet mask of the Router.

Chapter 4

Default Gateway Address Enter the IP address of the

default gateway.

User Name and Password Enter your account’s User

Name and Password. The maximum number of characters is 60.

Connect on Demand If you select the Connect on

Keep Alive If you select the Keep Alive option, the Router

will keep the connection alive by sending out a few data packets periodically, so your ISP thinks that the connection is still active. This option keeps your connection active indefinitely, even when it sits idle. The default Redial Period is 30 seconds.

Advanced Configuration

DMZ (Subnet)

Subnet To specify a subnet, select this option and

configure the following:

Specify DMZ IP Address • Enter the IP address of the

computer connected to the DMZ port.

Subnet Mask • Enter the subnet mask of the computer

connected to the DMZ port.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Heart Beat Signal

Heart Beat Signal is a service used in Australia only.

Heart Beat Signal

User Name and Password Enter your account’s User

Name and Password. The maximum number of characters is 60.

Heart Beat Server Enter the IP address of the Heart Beat

server.

DMZ (Range)

Range If Range is selected, the DMZ port and the WAN

port will be in the same subnet. To specify a range, select this option and configure the following:

IP Range for DMZ port • Enter the starting and ending

IP addresses.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > Password

The Router’s default User Name and Password is admin, and Linksys strongly recommends that you change the Router’s password from the default to a unique password.

NOTE: The password cannot be recovered if

it is lost or forgotten. If the password is lost or forgotten, you have to reset the Router to its factory default settings; this will remove all of your configuration changes.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

DMZ

Static IP is automatically selected. There are two different DMZ settings: Subnet and Range.

10/100 4-Port VPN Router

Chapter 4

Setup > Password

Password

The User Name is admin; it cannot be changed.

Old Password Enter the old password. The default is

admin when you first power up the Router.

Advanced Configuration

Daylight Saving To use the daylight saving feature, select

Enabled. Enter the Month and Day of the start date, and

then enter the Month and Day of the end date.

NTP Server Enter the URL or IP address of the NTP server.

The default is time.nist.gov.

Manual

New Password Enter a new password for the Router. Your

password must have 20 or fewer characters and cannot contain any spaces.

Confirm New Password Re-enter the new password to

confirm it.

Click Save Settings to save your change, or click Cancel Changes to undo it.

Setup > Time

The Router uses the time settings to time stamp log events, automatically apply the Access Rules and Content Filter, and perform other activities for other internal purposes.

Time

To set the local time, select Set the local time using the Network Time Protocol (NTP) automatically or Set the local time Manually.

Automatic

Setup > Time > Manual

Hours, Minutes, Seconds Enter the time.

Month, Day, Year Enter the date.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > DMZ Host

The DMZ (Demilitarized Zone) Host feature allows one local user to be exposed to the Internet for use of a special-purpose service such as Internet gaming or videoconferencing. Although Port Range Forwarding can only forward ten ranges of ports maximum, DMZ hosting forwards all the ports to one computer at the same time.

Setup > Time > Automatic

Time Zone Select your time zone. The default is (GMT-

08:00) Pacific Time (US & Canada); Tijuana.

10/100 4-Port VPN Router

Setup > DMZ Host

DMZ Host

DMZ Private IP Address Enter the local IP address of

the computer you want to expose. The default value of 0 deactivates the DMZ Host.

Click Save Settings to save your change, or click Cancel

Changes to undo it.

Chapter 4

Advanced Configuration

Setup Tab > Forwarding

The Forwarding screen allows you to set up port range forwarding and port triggering applications. Port range forwarding can be used to set up public services or other specialized Internet applications on your network, while port triggering can be used to set up triggered ranges and forwarded ranges for Internet applications.

Enable Select Enable to enable this port range forwarding

entry.

If the Service you need is not listed in the menu, click

Service Management to add the new service. The Service Management screen appears.

Service Management

Setup > Forwarding

Forwarding

Port Range Forwarding

Port forwarding can be used to set up public services on your network. When users from the Internet make certain requests on your network, the Router can forward those requests to computers equipped to handle the requests. If, for example, you set the port number 80 (HTTP) to be forwarded to IP address 192.168.1.2, then all HTTP requests from outside users will be forwarded to 192.168.1.2.

NOTE: You must disable the Router’s DHCP

function to use port forwarding.

You may use this function to establish a web server or FTP server via an IP gateway. Make sure that you enter a valid IP address. (You may need to establish a static IP address in order to properly run an Internet server.) For added security, Internet users will be able to communicate with the server, but they will not actually be connected. The packets will simply be forwarded through the Router.

Service Select the Service you want.

IP Address Enter the IP address of the server that you

want the Internet users to access.

Service Name Enter a name.

Protocol Select the protocol it uses.

Port Range Enter its range.

Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Forwarding screen.

If you want to modify a service you have created, select it and click Update this service. Make changes. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Forwarding screen.

If you want to delete a service you have created, select it and click Delete selected service. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Forwarding screen.

On the Forwarding screen, click Add to List, and configure as many entries as you would like, up to a maximum of

30. To delete an entry, select it and click Delete selected application.

Port Triggering

Port triggering allows the Router to watch outgoing data for specific port numbers. The IP address of the computer that sends the matching data is remembered by the Router, so that when the requested data returns through the Router, the data is pulled back to the proper computer by way of IP address and port mapping rules.

10/100 4-Port VPN Router

Chapter 4

Some Internet applications or games use alternate ports to communicate between the server and LAN host. When you want to use these applications, enter the triggering (outgoing) port and alternate incoming port in the Port Triggering table. Then the Router will forward the incoming packets to the LAN host.

Application Name Enter the name of the application.

Trigger Port Range Enter the starting and ending port

numbers of the trigger port range.

Incoming Port Range Enter the starting and ending port

numbers of the incoming port range.

Click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected application.

Click Show Tables to see the details of your entries. The Port Range Forwarding Table List appears.

Advanced Configuration

Setup > UPnP

UPnP

UPnP Function Select Yes to enable the UPnP function.

Otherwise, keep the default, No.

Service Select the Service you want.

Port Range Forwarding Table List

Port Range Forwarding Select this option to view the

Port Range Forwarding entries.

Port Triggering Select this option to view the Port

Triggering entries.

Port Triggering Table List

Click Refresh to update the on-screen information. Click Close to exit this screen and return to the Forwarding screen.

On the Forwarding screen, click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > UPnP

Universal Plug and Play (UPnP) can be used to set up public services on your network. When the UPnP function is enabled, Windows XP or Vista can modify these entries via UPnP.

Name or IP Address Enter the name or IP address of the

server that you want the Internet users to access.

Enable Select Enable to enable this UPnP entry.

If the Service you need is not listed in the menu, click

Service Management to add the new service. The Service Management screen appears.

Service Management

Service Name Enter a name.

10/100 4-Port VPN Router

Protocol Select the protocol it uses.

External Port Enter the external port number.

Internal Port Enter the internal port number.

Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the UPnP screen.

Chapter 4

On the UPnP screen, click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected application.

Click Show Tables to see the details of your entries. The UPnP Forwarding Table List appears.

Advanced Configuration

Setup > One-to-One NAT

One-to-One NAT

One-to-One NAT Select Enable to use the One-to-One

NAT function.

UPnP Forwarding Table List

Click Refresh to update the on-screen information. Click Close to exit this screen and return to the UPnP screen.

On the UPnP screen, click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > One-to-One NAT

One-to-One NAT (Network Address Translation) creates a relationship that maps valid external IP addresses to internal IP addresses hidden by NAT. A device with an internal IP address may be accessed at the corresponding external valid IP address.

To create this relationship, define internal and external IP address ranges of equal length. Once the relationship is defined, the device with the first internal IP address is accessible at the first IP address in the external IP address range, and so forth.

For example, you have a Local Area Network (LAN) for which the ISP has assigned the IP address range of 209.19.28.16 to 209.19.28.31, with 209.19.28.16 used as the Wide Area Network (WAN) or NAT public IP address of the Router. The address range of 192.168.168.1 to 192.168.168.255 is used for the devices on the LAN. With One-to-One NAT, the devices with the internal IP addresses of 192.168.168.2 to 192.168.168.15 may be accessed at the corresponding external IP addresses.

NOTE: The Router’s WAN IP address should not

be included in the range you specify.

Add Range

Private Range Begin Enter the starting IP address of the

internal IP address range. This is the IP address of the first device that can be accessed from the Internet.

Public Range Begin Enter the starting IP address of the

public IP address range. This IP address is provided by the ISP. (Do not include the Router’s WAN IP Address.)

Range Length Enter the number of IP addresses in the

range. The range length cannot exceed the number of valid IP addresses. To map a single address, enter 1.

Click Add to List, and configure as many entries as you would like, up to a maximum of ten. To delete an entry, select it and click Delete selected range.

NOTE: One-to-One NAT affects how the firewall

functions work. Access to LAN devices from the Internet is allowed unless additional Deny access rules are configured on the Firewall > Access Rules screen.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > MAC Clone

Some ISPs require that you register a MAC address, which is a 12-digit code assigned to a unique piece of hardware for identification. The MAC Clone feature “clones” your network adapter’s MAC address onto the Router, so you don’t have to call your ISP to change the registered MAC address to the Router’s MAC address.

10/100 4-Port VPN Router

Chapter 4

Setup > MAC Clone

MAC Clone

WAN1/2

If you have enabled the Dual WAN feature, then you will have two ports, WAN1 and WAN2, available for MAC address assignment or cloning.

User Defined WAN MAC Address To manually clone a

MAC address, select User Defined WAN MAC Address, and then enter the 12 digits of your adapter’s MAC address.

MAC Address from this PC To clone the MAC address

of the computer you are currently using to configure the Router, select MAC Address from this PC.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Advanced Configuration

DynDNS.org

Setup > DDNS > DynDNS.org

User name Enter your DynDNS.org account information.

Password Enter your DynDNS.org account information.

Host Name Enter your host name in the three Host Name

fields. For example, if your host name were myhouse. dyndns.org, then myhouse would go into the first field, dyndns would go into the second field, and org would go into the last field.

Custom DNS DynDNS.org offers a free account and a paid

account, which use different authentication methods. If you have a paid account, select this option to register the paid account with the DDNS server of DynDNS.org.

Setup > DDNS

Dynamic Domain Name System (DDNS) service allows you to assign a fixed domain name to a dynamic WAN IP address, so you can host your own web, FTP or other type of TCP/IP server in your LAN. The DDNS feature is disabled by default.

Before configuring DDNS, visit the website of the DDNS service you want to use: www.dyndns.org, www.3322.org, or www.oray.net. Then register a domain name.

DDNS

WAN1/2

If you have enabled the Dual WAN feature, then you will have two ports, WAN1 and WAN2, available for DDNS service.

DDNS Service The DDNS feature is disabled by default.

To enable this feature, select DynDNS.org, 3322.org, or Oray.net PeanutHull DDNS.

Click Save Settings, and the status of the DDNS function will be updated.

3322.org

Setup > DDNS > 3322.org

User name Enter your 3322.org account information.

Password Enter your 3322.org account information.

10/100 4-Port VPN Router

Chapter 4

Host Name Enter your host name in the three Host Name

fields. For example, if your host name were myhouse.3322. org, then myhouse would go into the first field, 3322 would go into the second field, and org would go into the last field.

Click Save Settings, and the status of the DDNS function will be updated.

Oray.net PeanutHull DDNS

Advanced Configuration

Setup > Advanced Routing

Setup > DDNS > Oray.net PeanutHull DDNS

User name Enter your PeanutHull account information.

Password Enter your PeanutHull account information.

Host Name Enter your host name in the three Host Name

fields. For example, if your host name were myhouse. oray.net, then myhouse would go into the first field, oray would go into the second field, and net would go into the last field.

Click Save Settings, and the status of the DDNS function will be updated.

Internet IP Address The Router’s current Internet IP

address is displayed. Because it is dynamic, this will change.

Status The status of the DDNS function is displayed. If

the status information indicates an error, make sure you have correctly entered the information for your account with your DDNS service.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > Advanced Routing

The Advanced Routing screen allows you to configure the dynamic and static routing settings.

Advanced Routing

Dynamic Routing

The Router’s dynamic routing feature can be used, so the Router will automatically adjust to physical changes in the network’s layout. Using the dynamic RIP protocol, the Router calculates the most efficient route for the network’s data packets to travel between the source and the destination, based upon the shortest paths. The RIP protocol regularly broadcasts routing information to other routers on the network. It determines the route that the network packets take based on the fewest number of hops between the source and the destination.

Working Mode Select Gateway mode if the Router

is hosting your network’s connection to the Internet. Select Router mode if the Router exists on a network with other routers, including a separate network gateway that handles the Internet connection. In Router mode, any computer connected to the Router will not be able to connect to the Internet unless you have another router function as the gateway.

RIP (Routing Information Protocol) To use dynamic

routing for communication of network data, select

Enabled. Otherwise, keep the default, Disabled.

Receive RIP versions To use dynamic routing for

reception of network data, select the protocol you want:

None, RIPv1, RIPv2, or Both RIP v1 and v2.

Transmit RIP versions To use dynamic routing for

transmission of network data, select the protocol you want:

None, RIPv1, RIPv2 - Broadcast, or RIPv2 - Multicast.

10/100 4-Port VPN Router

Chapter 4

Static Routing

If the Router is connected to more than one network or there are multiple routers installed on your network, it may be necessary to set up static routes. The static routing function determines the path that data follows over your network before and after it passes through the Router. You can use static routing to allow different IP domain users to access the Internet through the Router.

Static routing is a powerful feature that should be used by advanced users only. In many cases, it is better to use dynamic routing because it enables the Router to automatically adjust to physical changes in the network’s layout.

Advanced Configuration

Routing Table Entry List

Click Refresh to update the on-screen information. Click

Close to exit this screen and return to the Advanced Routing screen.

On the Advanced Routing screen, click Save Settings to save your changes, or click Cancel Changes to undo them.

NOTE: Static routing is an advanced feature.

Create these routes with care.

To create a static route entry, enter the following information:

Destination IP Enter the network address of the remote

LAN segment. For a standard Class C IP domain, the network address is the first three fields of the Destination LAN IP, while the last field should be 0.

Subnet Mask Enter the subnet mask used on the

destination LAN IP domain. For Class C IP domains, the subnet mask is 255.255.255.0.

Default Gateway Enter the IP address of the router of the

network, for which this static route is created. For example, if this network is connected to the local router’s LAN port through another router, use the WAN IP address of that router.

Hop Count Enter the appropriate value (maximum is 15).

This indicates the number of nodes that a data packet passes through before reaching its destination. A node is any device on the network, such as a computer or router.

Interface Select the appropriate interface. The Interface

tells you whether your network is on the LAN, WAN1, or WAN2/DMZ. If the gateway router is on a LAN port, then select LAN. If you’re connecting to another network through the Internet, select the appropriate WAN port option.

DHCP > Setup

The Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your network. A DHCP server automatically assigns available IP addresses to computers on your network. If you choose to enable the DHCP server option, all of the computers on your LAN must be set to obtain an IP address automatically from a DHCP server. (By default, Windows computers are set to obtain an IP automatically.)

If the Router’s DHCP server function is disabled, do one of the following:

Configure the IP address, subnet mask, and DNS • settings of every computer on your network. (Make sure you do not assign the same IP address to different computers.)

Set up a stand-alone DHCP server with the Router as • the default gateway.

Click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected IP.

Click Show Routing Table to see the details of your entries.

10/100 4-Port VPN Router

Chapter 4

Advanced Configuration

corresponding MAC addresses. The Unknown MAC Addresses List appears.

Unknown MAC Addresses List

To add an IP address and MAC address set to the Static IP list, select Enable, and then click Apply. To add all IP addresses and MAC addresses to the Static IP list, click Select All.

To update the on-screen information, click Refresh. To exit this screen and return to the Setup screen, click Close.

Static IP Address Enter the static IP address. You can

enter 0.0.0.0 if you want the Router to assign a static IP address to the device.

MAC Address Enter the MAC address of the device.

DHCP > Setup

Setup

Enable DHCP Server To use the Router as your network’s

DHCP server, select Enable DHCP Server. If you already have a DHCP server on your network, remove the check mark.

Dynamic IP

Client Lease Time The Client Lease Time is the amount

of time a network user will be allowed connection to the Router with their current dynamic IP address. Enter the amount of time, in minutes, that the user will be “leased” this dynamic IP address. The range is 5-43,200 minutes. The default is 1440 minutes.

Dynamic IP Range Start/End Enter a starting IP address

and ending IP address to create a range of available IP addresses. The default range is 100-149. (Make sure the Router’s LAN IP address is not in this dynamic IP range.) For example, if the Router uses the default LAN IP address,

192.168.1.1, then the starting value must be 192.168.1.2 or greater.

Static IP

You can assign a static IP address to a specific device based on its MAC address.

Name Enter a descriptive name for the device.

Enable Select Enable to assign the static IP address to

this device.

Click Add to List, and configure as many entries as you would like, up to a maximum of 100. To delete an entry, select it and click Delete selected Entry.

Block MAC address on the list with wrong IP address To

block traffic from devices with MAC addresses on the Static IP list but using the wrong IP addresses, select this option. It prevents users from changing device IP addresses without your permission.

Block MAC address not on the list To block traffic from

devices using dynamic IP addresses, select this option. It blocks all devices with MAC addresses not listed on the Static IP list.

DNS

DNS Server You can assign DNS server(s) to the DHCP

clients so the Router will use the DNS server(s) for faster access to functioning DNS server(s). Enter the IP address of at least one DNS server.

WINS

WINS Server Windows Internet Naming Service (WINS)

is a service that resolves NetBIOS names to IP addresses. WINS is assigned if the computer (DHCP client) requests one. If you do not know the IP address of the WINS server, keep the default, 0.0.0.0.

Show unknown MAC addresses Click Show unknown

MAC addresses to view all devices’ IP addresses and

10/100 4-Port VPN Router

Chapter 4

Advanced Configuration

NOTE: To support NetBIOS for DHCP

clients, the Router uses two methods.

First, when the DHCP clients receive dynamic IP addresses from the Router, it automatically includes the information of the WINS server to support NetBIOS. Second, if a user sets up a static IP address, then the IP address, subnet mask, default gateway, and DNS server settings must be configured on the Internet Protocol (TCP/IP) screen of the Windows operating system. Then the WINS IP address must be configured on the advanced TCP/IP screen. (For more information, refer to Windows Help.)

Click Save Settings to save your changes, or click Cancel Changes to undo them.

DHCP > Status

On the Status screen, view the status information for the DHCP server and its clients.

Client Host Name This is the name assigned to a client

host.

IP Address It is the dynamic IP address assigned to a

client.

MAC Address This indicates the MAC address of a client.

Leased Time It displays the amount of time a network

user will be allowed connection to the Router with their current dynamic IP address.

Delete Click the Trash Can icon to delete a DHCP client,

and the client host’s IP address will be released.

Click Refresh to update the on-screen information.

System Management Tab > Dual-WAN

There are two functions provided for users, Smart Link Backup and Load Balance. If you selected DMZ on the Setup > Network screen, you will not be able to configure the Dual-WAN settings.

Dual-WAN

Smart Link Backup/Load Balance If you want to use one

of the WAN ports as the primary port and the other WAN port as backup, then select Smart Link Backup.

DHCP > Status

Status

For the DHCP server, the following information is shown:

DHCP Server This is the IP address of the DHCP server.

Dynamic IP Used It shows the number of dynamic IP

addresses used.

Static IP Used It shows the number of static IP addresses

used.

DHCP Available This indicates the number of dynamic IP

addresses available.

Total It shows the total number of dynamic IP addresses

that can be assigned by the DHCP server.

If you want the Router to automatically manage the Internet connection through both WAN ports, then select Load Balance. The Router will automatically compute the ratio of the bandwidths of WAN1 and WAN2, and then it will use Weighted Round Robin (WRR) to balance the loads of the two WANs.

Proceed to the appropriate section for further instructions.

Smart Link Backup

Client Table

For all network clients using the DHCP server, the Client Table shows the current DHCP Client information:

10/100 4-Port VPN Router

System Management > Dual-WAN > Smart Link Backup

Primary WAN Specify the primary connection, WAN1 or

WAN2.

Chapter 4

Advanced Configuration

Network Service Detection

Enable Network Service Detection Network Service

Detection helps manage your connection and can report when your connection experiences problems. To use this service, select this option.

Retry Count Enter the number of times the Router will

try to reconnect if the connection fails.

Retry Timeout Enter the number of times the Router will

try to make a connection to your ISP before it times out.

When Fail Should the connection be lost, set the Router

to perform one of the following actions, Remove the Connection or Generate the Error Condition in the System Log.

Remove the Connection • Failover will occur; the

backup will be used. When the primary WAN port’s connectivity is restored, the backup WAN port will return to standby mode.

Generate the Error Condition in the System • Log Failover will not occur; only an error condition

will be logged.

Network Service Detection can test a WAN port’s network connectivity by pinging the Default Gateway or a specific IP address.

WAN1/2

Default Gateway Select this option to ping the Default

Gateway.

ISP Host Select this option to ping the ISP Host. Then

enter the IP address.

Remote Host Select this option to ping the Remote Host.

Then enter the IP address.

DNS Lookup Host Select this option to ping the DNS

Lookup Host. Then enter the IP address.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Load Balance

System Management > Dual-WAN > Load Balance

Network Service Detection

Enable Network Service Detection Network Service

Detection helps manage your connection and can report when your connection experiences problems. To use this service, select this option.

Retry Count Enter the number of times the Router will

try to reconnect if the connection fails.

Retry Timeout Enter the number of times the Router will

try to make a connection to your ISP before it times out.

When Fail Should the connection not be reestablished,

set the Router to perform one of the following actions,

Remove the Connection or Generate the Error Condition in the System Log.

10/100 4-Port VPN Router

Network Service Detection can test this connection by pinging the Default Gateway or a specific IP address.

WAN1/2

Default Gateway Select this option to ping the Default

Gateway.

ISP Host Select this option to ping the ISP Host. Then

enter the IP address.

Remote Host Select this option to ping the Remote Host.

Then enter the IP address.

Chapter 4

Advanced Configuration

DNS Lookup Host Select this option to ping the DNS

Lookup Host. Then enter the IP address.

Bandwidth

WAN1/2

Upstream Enter the maximum upstream bandwidth

provided by your ISP. The default is 512 kbit/sec.

Downstream Enter the maximum downstream

bandwidth provided by your ISP. The default is 512 kbit/sec.

Protocol Binding

Service Select the Service you want.

If the Service you need is not listed in the menu, click

Service Management to add the new service. The Service Management screen appears.

Source IP Enter the source IP address or range. If you

need Service Binding only, then you can keep the default, which is 0.

Destination IP Enter the destination IP address or range.

If you need Service Binding only, then you can keep the default, which is 0.

Interface Select the appropriate WAN interface, WAN1

or WAN2.

Enable Select Enable to use this Protocol Binding rule.

Click Add to List, and configure as many rules as you would like, up to a maximum of 100. To delete a rule, select it and click Delete selected application.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

System Management > Bandwidth Management

Quality of Service (QoS) features let you control how the Router manages network traffic. With Bandwidth Management (Layer 3), the Router can provide better service to selected types of network traffic. There are two types of functionality available, and only one type can work at one time. Rate Control functionality is for minimum (guaranteed) bandwidth and maximum bandwidth by service or IP address, while Priority functionality is for services. Both types can control inbound or outbound traffic.

Service Management

Service Name Enter a name. For IP Binding only, select

All.

Protocol Select the protocol it uses.

Port Range Enter its range.

Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Dual-WAN screen.

10/100 4-Port VPN Router

System Management > Bandwidth Management > Rate Control

+ 73 hidden pages