While reading through the User Guide you may see
various icons that call attention to specific items. Below is
a description of these icons:
NOTE: This check mark indicates that there is
a note of interest and is something that you
should pay special attention to while using the
product.
WARNING: This exclamation point indicates
that there is a caution or warning and it is
something that could damage your property or
product.
WEB: This globe icon indicates a noteworthy
website address or e-mail address.
Open Source
This product may contain material licensed to you under
the GNU General Public License or other open-source
software licenses. Upon request, open-source software
source code is available at cost from Linksys for at least
three years from the product purchase date.
WEB: For detailed license terms and additional
information visit: www.linksys.com/gpl
Online Resources
Website addresses in this document are listed without
http:// in front of the address because most current web
browsers do not require it. If you use an older web browser,
you may have to add http:// in front of the web address.
ResourceWebsite
Linksyswww.linksys.com
Linksys International www.linksys.com/international
Thank you for choosing the Linksys 4-Port SSL/IPSec
VPN Router. The Router is an advanced Internet-sharing
network solution for your small business needs. Like any
router, it lets multiple computers in your office share an
Internet connection. It features a built-in, 4-port, fullduplex, 10/100 Ethernet switch to connect four computers
directly, or you can connect more switches to create as
big a network as you need. If you have multiple routers in
your Local Area Network (LAN), you can use the Router’s
multiple subnet feature to support those routers.
The five Secure Sockets Layer (SSL) Virtual Private
Network (VPN) tunnels gives your mobile workers a
secure and easy way to stay connected. Additionally, an
IPSec (Internet Protocol Security), gateway-to-gateway
VPN tunnel facilitates branch office connectivity. As an
essential element of your business, the Router provides
security functions for authentication, encryption, and
firewall. Additional security features includes Denial of
Service (DoS) prevention and HTTPS management, while
the Quality of Service (QoS) features provide consistent
voice and video quality throughout your business.
Use the browser-based utility to configure settings and
run convenient wizards that will help you set up the
Router and its access rules.
Introduction to Virtual Private Networks
(VPNs)
A VPN is a connection between two endpoints—a VPN
Router, for instance—in different networks that allows
private data to be sent securely over a shared or public
network, such as the Internet. This establishes a private
network that can send data securely between these two
locations or networks.
VPN Router supports two of the most popular VPN tunnel
types, SSL and IPSec.
There are two basic ways to create a VPN connection:
VPN Router to VPN Router
•
computer (using SSL VPN client software) to
•
VPN Router
NOTE: The 4-Port SSL/IPSec VPN Router does
not support IPSec VPN client software.
The VPN Router creates a “tunnel” or channel between two
endpoints, so that data transmissions between them are
secure. A computer with SSL or IPSec VPN client software
can be one of the two endpoints.
For an IPSec VPN tunnel, any computer with the built-in
IPSec Security Manager (Windows 2000 and XP) allows the
VPN Router to create a VPN tunnel using IPSec (Windows
Vista uses a similar utility). Other Windows operating
systems require additional, third-party VPN client software
applications that support IPSec to be installed.
For an SSL VPN tunnel, a computer can download the
Virtual Passage SSL VPN client software during first-time
connection to the SSL VPN Portal. (See “Appendix B: Virtual
Passage SSL VPN Client.”)
VPN Router to VPN Router
An example of a VPN Router-to-VPN Router VPN would
be as follows. At home, a telecommuter uses his VPN
Router for his always-on Internet connection. His Router
is configured with his office’s VPN settings. When he
connects to his office’s router, the two routers create a VPN
tunnel, encrypting and decrypting data. As VPNs utilize
the Internet, distance is not a factor. Using the VPN, the
telecommuter now has a secure connection to the central
office’s network, as if he were physically connected.
The private network is established by creating a “tunnel”. A
VPN tunnel connects the two computers or networks and
allows data to be transmitted over the Internet as if it were
still within those networks. A VPN tunnel uses industrystandard encryption and authentication techniques to
secure the data sent between the two networks.
Virtual Private Networking was created as a cost-effective
alternative to using a private, dedicated, leased line for a
private network. It can be used to create secure networks
linking a central office with branch offices, telecommuters,
and/or professionals on the road. The 4-Port SSL/IPSec
4-Port SSL/IPSec VPN Router
1
Chapter 1
Introduction
Home
VPN Router
VPN Router
VPN Router to VPN Router
Internet
Central Office
Computer (using SSL VPN client software) to
VPN Router
For additional information and instructions about
creating your own VPN, visit the Linksys website at
www.linksys.com.
The following is an example of a computer-to-VPN Router
VPN. In her hotel room, a traveling businesswoman
connects to her Internet Service Provider (ISP). Her
notebook computer has VPN client software that is
configured with her office’s VPN settings. She accesses the
VPN client software and connects to the VPN Router at the
central office. As VPNs utilize the Internet, distance is not
a factor. Using the VPN, the businesswoman now has a
secure connection to the central office’s network, as if she
were physically connected.
Off-Site
Internet
Notebook with VPN
Client Software
VPN
Router
Central Office
Computer to VPN Router
4-Port SSL/IPSec VPN Router
2
Chapter 2
Product Overview
Chapter 2:
Product Overview
Front Panel
Power (Green) The Power LED lights up green
and stays on while the Router is powered on.
Diag (Orange) The Diag LED lights up when
the Router is not ready for use. During a warm
reset, it flashes slowly. During a reset to factory
defaults, it flashes quickly. The LED turns off
when the Router is ready for use.
Internet (Green) The Internet LED lights up
and stays on when there is a connection made
through the Internet port. It flashes to indicate
network activity over the Internet port.
Ethernet 1-4 (Green) These numbered LEDs,
corresponding with the numbered ports on the
Router’s back panel, serve two purposes. If the
LED is solidly lit, the Router is connected to a
device through that port. It flashes to indicate
network activity over that port.
Back Panel
Reset The Reset button can be used in one
of two ways, warm reset and reset to factory
defaults.
Warm Reset If the Router is having problems
•
connecting to the Internet, press and hold in
the Reset button for four seconds using the
tip of a pen. This is similar to pressing the
power button on your computer to reboot
it. The Diag LED will flash slowly during a
warm reset.
Reset to Factory Defaults If you are
•
experiencing extreme problems with
the Router and have tried all other
troubleshooting measures, press and hold
in the Reset button for ten seconds. This will
restore the factory defaults and clear all of
the Router’s custom settings. The Diag LED
will flash quickly during a reset to factory
defaults.
You can also reset the Router to factory
defaults using the System Management > Factory Defaults screen of the Router’s
web-based utility.
4) connect the Router to wired computers and
other Ethernet network devices.
Power The Power port is where you connect
the power adapter.
3
Chapter 3
64.4 mm
Installation
Chapter 3:
Installation
Physical Installation
There are three ways to place the Router. The first way is to
place it horizontally on a surface, so it sits on its four rubber
feet. The second way is to stand the Router vertically on a
surface. The third way is to mount it on a wall.
Horizontal Placement
The Router has four rubber feet on its bottom panel. Set
the Router on a flat surface near an electrical outlet.
WARNING: Do not place excessive weight
on top of the Router; too much weight could
damage it.
Wall-Mounting Placement
The Router has two wall-mount slots on its bottom. The
distance between the two slots is 64.4 mm (2.535 inches).
Two screws are needed to mount the Router.
Suggested Mounting Hardware
5.0-6.0 mm1.6-2.0 mm
Note: Mounting hardware illustrations are not
†
true to scale.
NOTE: Linksys is not responsible for damages
incurred by insecure wall-mounting hardware.
Follow these instructions:
Determine where you want to mount the Router. Make
1.
sure that the wall you use is smooth, flat, dry, and
sturdy. Also make sure the location is within reach of
an electrical outlet.
3.0-3.8 mm
Vertical Placement
Line up the edges of the Router with the two stands.
1.
Insert the Router into the stands.
2.
Set the Router on a flat surface near an electrical
3.
outlet.
Drill two holes into the wall. Make sure the holes are
2.
64.4 mm (2.535 inches) apart.
Insert a screw into each hole and leave 5 mm
3.
(0.2 inches) of its head exposed.
Maneuver the Router so the wall-mount slots line up
4.
with the two screws.
Place the wall-mount slots over the screws and slide
5.
the Router down until the screws fit snugly into the
wall-mount slots.
Print this page at 100% size. Cut along
the dotted line, and place on the wall
to drill precise spacing.
4-Port SSL/IPSec VPN Router
Wall Mounting Template
4
Chapter 3
Cable Connection
To connect network devices to the Router, follow these
instructions:
Before you begin, make sure that all of your hardware
1.
is powered off, including the Router, computers,
switches, and cable or DSL modem.
Connect your cable or DSL modem’s Ethernet cable to
2.
the Router’s Internet port.
Connect to the Internet Port
Installation
Power on the cable or DSL modem.
3.
Connect one end of an Ethernet network cable to
4.
one of the numbered ports on the back of the Router.
Connect the other end to an Ethernet port on a
network device, such as a computer or switch.
Repeat this step to connect more computers or other
network devices to the Router.
Connect to the Network Device
Connect the included power adapter to the Router’s
5.
Power port, and then plug the power adapter into an
electrical outlet.
Connect the Power
The Power LED on the front panel will light up as soon
6.
as the power adapter is connected properly.
Power on your computers and other network devices.
7.
4-Port SSL/IPSec VPN Router
5
Chapter 4
Chapter 4:
Advanced Configuration
Overview
For your convenience, use the Router’s web-based utility
to set it up and configure it. This chapter will explain all of
the functions in this utility.
These are the main tabs of the utility: System Summary,
Setup, DHCP, System Management, Port Management,
QoS, Firewall, IPSec VPN, SSL VPN, SNMP, Log, Wizard,
Support, and Logout. Additional tabs will be available
after you click one of the main tabs.
Before You Begin
The Router’s web-based utility and SSL VPN Portal
support Internet Explorer 6.0 (or higher) and Netscape
Communicator 8.0 (or higher) running in a Windows
environment.
To configure the SSL VPN software, your web browser must
have SSL, JavaScript, ActiveX, and cookies enabled (these
settings are enabled by default). If the settings are already
enabled, proceed to the next section, “How to Access the
Web-Based Utility”. If the settings are disabled, you should
enable them before configuring the Router. Proceed to
the instructions for your web browser.
Advanced Configuration
Click OK.
6.
Click the Security tab.
7.
Click Custom Level.
8.
Select Enable for Active scripting, Allow paste operations
9.
via script, and Scripting of Java applets.
Internet Explorer > Tools > Internet Options > Security
Click OK.
10.
Click the Privacy tab.
11.
Click Advanced.
12.
Deselect (remove the checkmark from) Override
13.
automatic cookie handling.
Internet Explorer 6.0 or Higher
Open Internet Explorer.
1.
Click Tools.
2.
Click Internet Options.
3.
Click the Advanced tab.
4.
Select Use SSL 2.0 and Use SSL 3.0.
5.
Internet Explorer > Tools > Internet Options > Advanced
Internet Explorer > Tools > Internet Options > Privacy
Click OK.
14.
Click OK again.
15.
Netscape Communicator 8.0 or Higher
Open Netscape Communicator.
1.
Click Tools.
2.
Click Options.
3.
Click Site Controls.
4.
Click the Trust Preferences tab.
5.
In the Master Settings section, click I’m Not Sure.
6.
4-Port SSL/IPSec VPN Router
6
Chapter 4
Select Allow cookies.
7.
Select Enable JavaScript.
8.
Click Advanced.
9.
Select Enable ActiveX.
10.
Netscape Communicator > Options > Site Controls > Web Features
Click OK.
11.
Advanced Configuration
How to Access the Web-Based Utility
For local access of the Router’s web-based utility,
1.
launch your web browser, and enter the Router’s
default IP address, 192.168.1.1, in the Address field.
Press the Enter key.
Address Bar
NOTE: If the Remote Management feature on
the Firewall > General screen has been enabled,
then users with administrative privileges can
remotely access the web-based utility. Use
https://<WAN IP address of the Router>.
A login screen prompts you for your User Name and
2.
Password. Enter admin in the User Name field, and
enter admin in the Password field. (You can change
the Password on the Setup > Password screen.) Then
click Login.
After you have logged in, you will be asked to install
3.
the Web Cache Cleaner application. This will prompt
any user of the Router to delete all temporary
Internet files, cookies, and browser history when the
user logs out or closes the web browser window.
(The ActiveX web cache control will be ignored by
web browsers that do not support ActiveX.)
Click the link to install the Web Cache Cleaner.
4-Port SSL/IPSec VPN Router
7
Chapter 4
Click to Install the Web Cache Cleaner
On the Security Warning screen, click Yes.
4.
Advanced Configuration
Click Yes to Install
The Web Cache Cleaner will be installed in C:\\
5.
WINDOWS\Downloaded Program Files. Proceed to
the rest of this chapter for information about the webbased utility.
When you or another user logs out, a Warning screen
will appear. It will ask you to confirm that you want to
delete the History Item for the Router. Click Yes.
Click Yes to Delete History
System Summary
The first screen that appears is the System Summary
screen, which displays the Router’s current status and
settings. This information is read-only. Underlined text
is hyperlinked to related setup pages, so if you click a
hyperlink, the related setup screen will appear. On the
right-hand side of this screen and all other screens of the
utility is a link to the Site Map, which has links to all of the
utility’s tabs. Click Site Map to view the Site Map. Then,
click the desired tab.
System Summary
Site Map
System Information
Serial Number Displayed here is the serial number of the
Router.
Firmware version Displayed here is the current version
number of the firmware installed on the Router.
CPU Displayed here are the type and speed of the
processor installed on the Router.
DRAM Displayed here is the size of DRAM installed on
the Router’s motherboard.
Flash Displayed here is the size of flash memory installed
on the Router’s board.
4-Port SSL/IPSec VPN Router
8
Chapter 4
Advanced Configuration
System Up Time This is the length of time in days, hours,
and minutes that the Router has been active. The current
time and date are also displayed.
Port Statistics
Click any port on the Router’s rear panel image to see the
status of the selected port. If the port is disabled, it will
be red; if enabled, it will be black. If the port is connected,
it will be green. Information about the selected port will
appear in a separate window.
The port’s Summary table shows the settings of the
selected port, including Type, Interface, Link Status, Port
Activity, Priority, Speed Status, Duplex Status, and Auto
negotiation.
click Renew to update the DHCP Lease Time or get a new
IP address. If the WAN port is set to PPPoE or PPTP, two
buttons, Connect and Disconnect, will be available.
Mode It shows the Router’s Working Mode (Gateway or
Router), and it hyperlinks to the Dynamic Routing section
on the Advanced Routing screen of the Setup tab.
DNS It shows all DNS Server Addresses and hyperlinks to
the WAN Connection Type settings on the Network screen
of the Setup tab.
DDNS It shows the DDNS settings of the Router’s WAN
port and hyperlinks to the DDNS screen of the Setup tab.
DMZ Host It shows the DMZ Private IP Address and
hyperlinks to the DMZ Host screen of the Setup tab. The
default is Disabled.
Firewall Setting Status
SPI (Stateful Packet Inspection) It shows the status
(On/Off) of the SPI setting and hyperlinks to the General
screen of the Firewall tab.
DoS (Denial of Service) It shows the status (On/Off) of
the DoS setting and hyperlinks to the General screen of
the Firewall tab.
Port 1 Information
For the selected port, the statistics table shows this
information: number of packets received, number of
packet bytes received, number of packets transmitted,
number of packet bytes transmitted, and number of
packet errors.
To update the on-screen information, click Refresh. To
exit this screen, click Close.
Network Setting Status
LAN IP It shows the current LAN IP Address of the Router,
as seen by internal users on the network, and it hyperlinks
to the LAN Setting section on the Network screen of the
Setup tab.
WAN IP This shows the current WAN IP address of the
Router, as seen by external users on the Internet and
hyperlinks to the WAN Connection Type settings on the
Network screen of the Setup tab. If the port is set to Obtain
an IP automatically, two buttons, Release and Renew, will
be available. Click Release to release the IP address, and
Block WAN Request It shows the status (On/Off) of the
Block WAN Request setting and hyperlinks to the General
screen of the Firewall tab.
Remote Management It shows the status (On/Off) of
the Remote Management setting and hyperlinks to the
General screen of the Firewall tab.
IPSec VPN Setting Status
IPSec VPN Summary It hyperlinks to the Summary screen
of the IPSec VPN tab.
Tunnel(s) Used It shows the number of VPN tunnels
used.
Tunnel(s) Available It shows the number of VPN tunnels
available.
SSL VPN Setting Status
SSL VPN Summary It hyperlinks to the Summary screen
of the SSL VPN tab.
Tunnel(s) Used It shows the number of VPN tunnels
used.
Tunnel(s) Available It shows the number of VPN tunnels
available.
Log Setting Status
It hyperlinks to the System Log screen of the Log tab.
4-Port SSL/IPSec VPN Router
9
Chapter 4
Advanced Configuration
If you have not set up the e-mail server on the Log tab,
the message, “E-mail cannot be sent because you have
not specified an outbound SMTP server address,” will be
displayed.
If you have set up the mail server but the log has not been
generated due to the Log Queue Length and Log Time
Threshold settings, the message, “E-mail settings have
been configured,” will be displayed.
If you have set up the e-mail server and the log has been
sent to the e-mail server, the message, “E-mail settings
have been configured and sent out normally,” will be
displayed.
If you have set up the e-mail server and the log cannot
be sent to the e-mail server, the message, “E-mail cannot
be sent out, probably use incorrect settings,” will be
displayed.
Setup Tab > Network
The Setup > Network screen shows all of the Router’s basic
setup functions. The Router can be used in most network
setups without changing any of the default values;
however, you may need to enter additional information in
order to connect to the Internet through an ISP (Internet
Service Provider) or broadband (DSL or cable) carrier. The
setup information is provided by your ISP.
LAN Setting
The MAC Address of the Router is displayed.
Device IP Address and Subnet Mask The default values
are 192.168.1.1 for the Router’s local IP address and
255.255.255.0 for the subnet mask.
Multiple Subnet Select this option to enable the Multiple
Subnet feature. Then click Add/Edit to create or modify
subnet(s). A new screen appears.
Create or Modify a Subnet
Setup > Network
Network
Host Name and Domain Name Enter a host and domain
name for the Router. Some ISPs require these names as
identification. You may have to check with your ISP to see
if your broadband Internet service has been configured
with a host and domain name. In most cases, you can
leave these fields blank.
LAN IP Address Enter the LAN IP address.
Subnet Mask Enter the subnet mask.
Click Add to List. Click Save Settings to save your changes,
or click Cancel Changes to undo them. Click Exit to return
to the Network screen.
If you want to modify a subnet you have created, select
it and Make changes.. Click Save Settings to save your
changes, or click Cancel Changes to undo them. Click
Exit to return to the Network screen.
If you want to delete a subnet you have created, select it
and click Delete selected subnet. Click Save Settings
to save your changes, or click Cancel Changes to undo
them. Click Exit to return to the Network screen.
WAN Connection Type
WAN
There are four connection types available: Obtain an IP
automatically, Static IP, PPPoE, and PPTP. Depending on
which connection type you select, you will see various
settings.
Obtain an IP Automatically
If your ISP automatically assigns an IP address, select
Obtain an IP automatically. (Most cable modem
4-Port SSL/IPSec VPN Router
10
Chapter 4
Advanced Configuration
subscribers use this connection type.) Your ISP assigns
these values.
Obtain an IP Automatically
DNS Server (Required) 1/2 If you select Use the
Following DNS Server Addresses, enter your DNS server
IP address(es) (enter at least one). Multiple DNS server
IP settings are common. In most cases, the first available
DNS entry is used.
MTU The MTU (Maximum Transmission Unit) setting
specifies the largest packet size permitted for network
transmission. To manually set a value, select Manual and
enter the value desired in the field provided. You should
leave this value in the 1200 to 1500 range, and most DSL
users should use the value 1492. The default is Auto,
which allows the Router to select the best MTU for your
Internet connection.
Default Gateway Address Enter the IP address of the
default gateway.
DNS Server (Required) 1/2 If you select Use the
Following DNS Server Addresses, enter your DNS server
IP address(es) (enter at least one). Multiple DNS server
IP settings are common. In most cases, the first available
DNS entry is used.
MTU The MTU (Maximum Transmission Unit) setting
specifies the largest packet size permitted for network
transmission. To manually set a value, select Manual and
enter the value desired in the field provided. You should
leave this value in the 1200 to 1500 range, and most DSL
users should use the value 1492. The default is Auto,
which allows the Router to select the best MTU for your
Internet connection.
Click Save Settings to save your changes, or click Cancel Changes to undo them.
PPPoE (Point-to-Point Protocol over Ethernet)
Some DSL-based Internet Service Providers (ISPs) use
PPPoE (Point-to-Point Protocol over Ethernet) to establish
Internet connections for end-users. If you use a DSL
line, check with your ISP to see if they use PPPoE, select
PPPoE.
Click Save Settings to save your changes, or click Cancel Changes to undo them.
Static IP
If you are required to use a permanent IP address, select
Static IP.
Static IP
Specify WAN IP Address Enter the external IP address of
the Router.
Subnet Mask Enter the subnet mask of the Router.
PPPoE
User Name and Password Enter your account’s User
Name and Password. The maximum number of characters
is 60.
Connect on Demand If you select the Connect on
Demand option, the connection will be disconnected
after a specified period of inactivity (Max Idle Time). If you
have been disconnected due to inactivity, Connect on
Demand enables the Router to automatically re-establish
your connection as soon as you attempt to access the
Internet again. Enter the number of minutes you want to
have elapsed before your Internet access disconnects. The
default Max Idle Time is 5 minutes.
4-Port SSL/IPSec VPN Router
11
Chapter 4
Advanced Configuration
Keep Alive: Interval If you select the Keep Alive option,
the Router will send keep-alive packets as often as you
specify. The default Interval is 30 seconds.
Keep Alive: Retry Times If you select the Keep Alive
option, the Router will send keep-alive packets as many
times as you specify. If the Router does not receive a
response from the ISP, then the Router will terminate the
connection and start sending PADI packets after the Redial
Period. The default Retry Times is 5 times.
Keep Alive: Redial Period If you select the Keep Alive
option, the Router will keep the connection alive by
sending out a few data packets periodically, so your ISP
thinks that the connection is still active. This option keeps
your connection active indefinitely, even when it sits idle.
The default Redial Period is 30 seconds.
MTU The MTU (Maximum Transmission Unit) setting
specifies the largest packet size permitted for network
transmission. To manually set a value, select Manual and
enter the value desired in the field provided. You should
leave this value in the 1200 to 1500 range, and most DSL
users should use the value 1492. The default is Auto,
which allows the Router to select the best MTU for your
Internet connection.
Click Save Settings to save your changes, or click Cancel
Changes to undo them.
Default Gateway Address Enter the IP address of the
default gateway.
DNS Server (Required) 1/2 If you select Use the
Following DNS Server Addresses, enter your DNS server
IP address(es) (enter at least one). Multiple DNS server
IP settings are common. In most cases, the first available
DNS entry is used.
User Name and Password Enter your account’s User
Name and Password. The maximum number of characters
is 60.
Connect on Demand If you select the Connect on
Demand option, the connection will be disconnected
after a specified period of inactivity (Max Idle Time). If you
have been disconnected due to inactivity, Connect on
Demand enables the Router to automatically re-establish
your connection as soon as you attempt to access the
Internet again. Enter the number of minutes you want to
have elapsed before your Internet access disconnects. The
default Max Idle Time is 5 minutes.
Keep Alive If you select the Keep Alive option, the Router
will keep the connection alive by sending out a few data
packets periodically, so your ISP thinks that the connection
is still active. This option keeps your connection active
indefinitely, even when it sits idle. The default Redial
Period is 30 seconds.
PPTP (Point-to-Point Tunneling Protocol)
Point to Point Tunneling Protocol (PPTP) is a service that
applies to connections in Europe and Israel only.
PPTP
Specify WAN IP Address Enter the external IP address of
the Router.
MTU The MTU (Maximum Transmission Unit) setting
specifies the largest packet size permitted for network
transmission. To manually set a value, select Manual and
enter the value desired in the field provided. You should
leave this value in the 1200 to 1500 range, and most DSL
users should use the value 1492. The default is Auto,
which allows the Router to select the best MTU for your
Internet connection.
Click Save Settings to save your changes, or click Cancel Changes to undo them.
Setup > Password
The Router’s default User Name and Password is admin,
and Linksys strongly recommends that you change the
Router’s password from the default to a unique password.
NOTE: The password cannot be recovered if
it is lost or forgotten. If the password is lost or
forgotten, you have to reset the Router to its
factory default settings; this will remove all of
your configuration changes.
Subnet Mask Enter the subnet mask of the Router.
4-Port SSL/IPSec VPN Router
12
Chapter 4
Setup > Password
Password
The User Name is admin; it cannot be changed.
Old Password Enter the old password. The default is
admin when you first power up the Router.
Advanced Configuration
Daylight Saving To use the daylight saving feature, select
Enabled. Enter the Month and Day of the start date, and
then enter the Month and Day of the end date.
NTP Server Enter the URL or IP address of the NTP server.
The default is time.nist.gov.
Manual
New Password Enter a new password for the Router. Your
password must have 20 or fewer characters and cannot
contain any spaces.
Confirm New Password Re-enter the new password to
confirm it.
Click Save Settings to save your change, or click Cancel Changes to undo it.
Setup > Time
The Router uses the time settings to time stamp log events,
automatically apply the Access Rules and Content Filter,
and perform other activities for other internal purposes.
Time
To set the local time, select Set the local time using the
Network Time Protocol (NTP) automatically or Set the
local time Manually.
Automatic
Setup > Time > Manual
Time Zone Select your time zone (the default Time Zone
is Pacific Time).
Hours, Minutes, Seconds Enter the time.
Month, Day, Year Enter the date.
Click Save Settings to save your changes, or click Cancel
Changes to undo them.
Setup > DMZ Host
The DMZ (Demilitarized Zone) Host feature allows one
local user to be exposed to the Internet for use of a
special-purpose service such as Internet gaming or
videoconferencing. Although Port Range Forwarding can
only forward 10 ranges of ports maximum, DMZ hosting
forwards all the ports to one computer at the same time.
Setup > Time > Automatic
Time Zone Select your time zone (the default Time Zone
is Pacific Time).
4-Port SSL/IPSec VPN Router
Setup > DMZ Host
DMZ Host
DMZ Private IP Address Enter the local IP address of
the computer you want to expose. The default value of 0
deactivates the DMZ Host.
13
Chapter 4
Advanced Configuration
Click Save Settings to save your change, or click Cancel
Changes to undo it.
Setup Tab > Forwarding
The Forwarding screen allows you to set up port range
forwarding and port triggering applications. Port range
forwarding can be used to set up public services or other
specialized Internet applications on your network, while
port triggering can be used to set up triggered ranges and
forwarded ranges for Internet applications.
If the Service you need is not listed in the menu, click
Service Management to add the new service. The Service
Management screen appears.
Service Management
Service Name Enter a name.
Protocol Select the protocol it uses.
Setup > Forwarding
Forwarding
Port Range Forwarding
Port forwarding can be used to set up public services on
your network. When users from the Internet make certain
requests on your network, the Router can forward those
requests to computers equipped to handle the requests.
If, for example, you set the port number 80 (HTTP) to be
forwarded to IP address 192.168.1.2, then all HTTP requests
from outside users will be forwarded to 192.168.1.2.
NOTE: You must disable the Router’s DHCP
function to use port forwarding.
You may use this function to establish a web server or FTP
server via an IP gateway. Make sure that you enter a valid
IP address. (You may need to establish a static IP address
in order to properly run an Internet server.) For added
security, Internet users will be able to communicate with
the server, but they will not actually be connected. The
packets will simply be forwarded through the Router.
Service Select the Service you want.
Port Range Enter its range.
Click Add to List. Click Save Settings to save your changes,
or click Cancel Changes to undo them. Click Exit to return
to the Forwarding screen.
If you want to modify a service you have created, select it
and click Update this service. Make changes. Click Save Settings to save your changes, or click Cancel Changes to
undo them. Click Exit to return to the Forwarding screen.
If you want to delete a service you have created, select it
and click Delete selected service. Click Save Settings
to save your changes, or click Cancel Changes to undo
them. Click Exit to return to the Forwarding screen.
IP Address Enter the IP address of the server that you
want the Internet users to access.
Enable Select Enable to enable this port range forwarding
entry.
Click Add to List, and configure as many entries as you
would like, up to a maximum of 30. To delete an entry,
select it and click Delete selected application.
Port Triggering
Port triggering allows the Router to watch outgoing data
for specific port numbers. The IP address of the computer
that sends the matching data is remembered by the
Router, so that when the requested data returns through
the Router, the data is pulled back to the proper computer
by way of IP address and port mapping rules.
4-Port SSL/IPSec VPN Router
14
Chapter 4
Advanced Configuration
Some Internet applications or games use alternate ports
to communicate between the server and LAN host. When
you want to use these applications, enter the triggering
(outgoing) port and alternate incoming port in the
Port Triggering table. Then the Router will forward the
incoming packets to the LAN host.
Application Name Enter the name of the application.
Trigger Port Range Enter the starting and ending port
numbers of the trigger port range.
Incoming Port Range Enter the starting and ending port
numbers of the incoming port range.
Click Add to List, and configure as many entries as you
would like, up to a maximum of 30. To delete an entry,
select it and click Delete selected application.
Click Show Tables to see the details of your entries. The
Port Range Forwarding Table List appears.
Port Range Forwarding Table List
Port Range Forwarding Select this option to view the
Port Range Forwarding entries.
UPnP
UPnP Function Select Yes to enable the UPnP function.
Otherwise, keep the default, No.
Service Select the Service you want.
If the Service you need is not listed in the menu, click
Service Management to add the new service. The Service
Management screen appears.
Port Triggering Select this option to view the Port
Triggering entries.
Click Refresh to update the on-screen information. Click
Close to exit this screen and return to the Forwarding
screen.
On the Forwarding screen, click Save Settings to save your
changes, or click Cancel Changes to undo them.
Setup > UPnP
Universal Plug and Play (UPnP) can be used to set up public
services on your network. When the UPnP function is
enabled, Windows XP can modify these entries via UPnP.
Setup > UPnP
Service Management
Service Name Enter a name.
Protocol Select the protocol it uses.
External Port Enter the external port number.
Internal Port Enter the internal port number.
Click Add to List. Click Save Settings to save your changes,
or click Cancel Changes to undo them. Click Exit to return
to the UPnP screen.
If you want to modify a service you have created, select it
and click Update this service. Make changes. Click Save Settings to save your changes, or click Cancel Changes
to undo them. Click Exit to return to the UPnP screen.
If you want to delete a service you have created, select it
and click Delete selected service. Click Save Settings
to save your changes, or click Cancel Changes to undo
them. Click Exit to return to the UPnP screen.
Name or IP Address Enter the name or IP address of the
server that you want the Internet users to access.
Enable Select Enable to enable this UPnP entry.
Click Add to List, and configure as many entries as you
would like, up to a maximum of 30. To delete an entry,
select it and click Delete selected application.
Click Show Tables to see the details of your entries. The
UPnP Forwarding Table List appears.
4-Port SSL/IPSec VPN Router
15
Chapter 4
UPnP Forwarding Table List
Click Refresh to update the on-screen information. Click
Close to exit this screen and return to the UPnP screen.
On the UPnP screen, click Save Settings to save your
changes, or click Cancel Changes to undo them.
Setup > One-to-One NAT
One-to-One NAT (Network Address Translation) creates
a relationship that maps valid external IP addresses to
internal IP addresses hidden by NAT. A device with an
internal IP address may be accessed at the corresponding
external valid IP address.
To create this relationship, define internal and external
IP address ranges of equal length. Once the relationship
is defined, the device with the first internal IP address is
accessible at the first IP address in the external IP address
range, and so forth.
For example, you have a Local Area Network (LAN) for which
the ISP has assigned the IP address range of 209.19.28.16
to 209.19.28.31, with 209.19.28.16 used as the Wide Area
Network (WAN) or NAT public IP address of the Router.
The address range of 192.168.168.1 to 192.168.168.255 is
used for the devices on the LAN. With One-to-One NAT,
the devices with the internal IP addresses of 192.168.168.2
to 192.168.168.15 may be accessed at the corresponding
external IP addresses.
Advanced Configuration
Setup > One-to-One NAT
One-to-One NAT
One-to-One NAT Select Enable to use the One-to-One
NAT function.
Private Range Begin Enter the starting IP address of the
internal IP address range. This is the IP address of the first
device that
Public Range Begin Enter the starting IP address of the
public IP address range. This IP address is provided by the
ISP. (Do not include the Router’s WAN IP Address.)
Range Length Enter the number of IP addresses in the
range. The range length cannot exceed the number of
valid IP addresses. To map a single address, enter 1.
Click Add to List, and configure as many entries as you
would like, up to a maximum of 64. To delete an entry,
select it and click Delete selected range.
NOTE: One-to-One NAT affects how the firewall
functions work. Access to LAN devices from the
Internet is allowed unless access rules are set.
Click Save Settings to save your changes, or click Cancel
Changes to undo them.
NOTE: The Router’s WAN IP address should not
be included in the range you specify.
4-Port SSL/IPSec VPN Router
Setup > MAC Clone
Some ISPs require that you register a MAC address, which
is a 12-digit code assigned to a unique piece of hardware
for identification. The MAC Clone feature “clones” your
network adapter’s MAC address onto the Router, so you
don’t have to call your ISP to change the registered MAC
address to the Router’s MAC address.
For the WAN port, you can assign or clone a MAC address.
16
Chapter 4
Advanced Configuration
User Name and Password Enter your DynDNS.org
account information.
Host Name Enter your host name in the three Host Name
fields. For example, if your host name were myhouse.
dyndns.org, then myhouse would go into the first field,
dyndns would go into the second field, and org would go
into the last field.
Click Save Settings, and the status of the DDNS function
will be updated.
Setup > MAC Clone
MAC Clone
User Defined WAN MAC Address To manually clone a
MAC address, select User Defined WAN MAC Address,
and then enter the 12 digits of your adapter’s MAC
address.
MAC Address from this PC To clone the MAC address
of the computer you are currently using to configure the
Router, select MAC Address from this PC.
Click Save Settings to save your changes, or click Cancel Changes to undo them.
Setup > DDNS
Dynamic Domain Name System (DDNS) service allows
you to assign a fixed domain name to a dynamic WAN IP
address, so you can host your own web, FTP or other type
of TCP/IP server in your LAN. The DDNS feature is disabled
by default.
Before configuring DDNS, visit www.dyndns.org and
register a domain name. (The DDNS service is provided by
DynDNS.org).
Internet IP Address The Router’s current Internet IP
address is displayed. Because it is dynamic, this will
change.
Status The status of the DDNS function is displayed. If
the status information indicates an error, make sure you
have correctly entered the information for your account
with your DDNS service.
Click Save Settings to save your changes, or click Cancel Changes to undo them.
Setup > Advanced Routing
The Advanced Routing screen allows you to configure the
dynamic and static routing settings.
Setup > DDNS
DDNS
DDNS Service To enable DDNS, select DynDNS.org.
Otherwise, select Disable.
4-Port SSL/IPSec VPN Router
Setup > Advanced Routing
Advanced Routing
Dynamic Routing
The Router’s dynamic routing feature can be used, so
the Router will automatically adjust to physical changes
in the network’s layout. Using the dynamic RIP protocol,
the Router calculates the most efficient route for the
network’s data packets to travel between the source and
the destination, based upon the shortest paths. The RIP
protocol regularly broadcasts routing information to
17
Chapter 4
Advanced Configuration
other routers on the network. It determines the route that
the network packets take based on the fewest number of
hops between the source and the destination.
Working Mode Select Gateway mode if the Router
is hosting your network’s connection to the Internet.
Select Router mode if the Router exists on a network
with other routers, including a separate network gateway
that handles the Internet connection. In Router mode,
any computer connected to the Router will not be able
to connect to the Internet unless you have another router
function as the gateway.
RIP (Routing Information Protocol) To use dynamic
routing for communication of network data, select
Enabled. Otherwise, keep the default, Disabled.
Receive RIP versions To use dynamic routing for
reception of network data, select the protocol you want:
None, RIPv1, RIPv2, or Both RIP v1 and v2.
Transmit RIP versions To use dynamic routing for
transmission of network data, select the protocol you want:
None, RIPv1, RIPv2 - Broadcast, or RIPv2- Multicast.
Static Routing
If the Router is connected to more than one network or
there are multiple routers installed on your network, it
may be necessary to set up static routes. The static routing
function determines the path that data follows over your
network before and after it passes through the Router. You
can use static routing to allow different IP domain users to
access the Internet through the Router.
Static routing is a powerful feature that should be used
by advanced users only. In many cases, it is better to
use dynamic routing because it enables the Router to
automatically adjust to physical changes in the network’s
layout.
If you want to use static routing, the Router’s DHCP settings
must be disabled. Then add routing entries to the Static
Routing table. These entries tell the Router where to send
all incoming packets. All of your network routers should
direct the default route entry to the 4-Port SSL/IPSec VPN
Router.
Subnet Mask Enter the subnet mask used on the
destination LAN IP domain. For Class C IP domains, the
subnet mask is 255.255.255.0.
Default Gateway Enter the IP address of your network’s
gateway. If this Router is used to connect your network to
the Internet, then the gateway IP is the Router’s Internet
IP address. If you have another router handling your
network’s Internet connection, enter the IP address of that
router instead.
Hop Count Enter the appropriate value (maximum is 15).
This indicates the number of nodes that a data packet
passes through before reaching its destination. A node is
any device on the network, such as a switch, PC, or router.
Interface Select the appropriate interface. The Interface
tells you whether your network is on the LAN or the WAN
(the Internet). If you’re connecting to a sub-network, select
LAN. If you’re connecting to another network through the
Internet, select the appropriate WAN port option.
Click Add to List, and configure as many entries as you
would like, up to a maximum of 30. To delete an entry,
select it and click Delete selected IP.
Click Show Tables to see the details of your entries. Click
Save Settings to save your changes, or click Cancel
Changes to undo them.
DHCP > Setup
The Router can be used as a DHCP (Dynamic Host
Configuration Protocol) server on your network. A DHCP
server automatically assigns available IP addresses to
computers on your network. If you choose to enable the
DHCP server option, all of the computers on your LAN
must be set to obtain an IP address automatically from a
DHCP server. (By default, Windows computers are set to
obtain an IP automatically.)
If the Router’s DHCP server function is disabled, you have
to carefully configure the IP address, subnet mask, and
DNS settings of every computer on your network. Make
sure you do not assign the same IP address to different
computers.
NOTE: Static routing is an advanced feature.
Create these routes with care.
To create a static route entry, enter the following
information:
Destination IP Enter the network address of the remote
LAN segment. For a standard Class C IP domain, the
network address is the first three fields of the Destination
LAN IP, while the last field should be 0.
4-Port SSL/IPSec VPN Router
18
Chapter 4
Advanced Configuration
Unknown MAC Address List
To add an IP address and MAC address set to the Static
IP list, select Enable, and then click Apply. To add all IP
addresses and MAC addresses to the Static IP list, click
Select All.
To update the on-screen information, click Refresh. To
exit this screen and return to the DHCP > Setup screen,
click Close.
Static IP Address Enter the static IP address. You can
enter 0.0.0.0 if you want the Router to assign a static IP
address to the device.
MAC Address Enter the MAC address of the device.
Name Enter a descriptive name for the device.
Enable Select Enable to assign the static IP address to
this device.
DHCP > Setup
Setup
Enable DHCP Server To use the Router as your network’s
DHCP server, select Enable DHCP Server. If you already
have a DHCP server on your network, remove the check
mark.
Dynamic IP
Client Lease Time The Client Lease Time is the amount
of time a network user will be allowed connection to the
Router with their current dynamic IP address. Enter the
amount of time, in minutes, that the user will be “leased”
this dynamic IP address. The range is 5-43,200 minutes.
The default is 1440 minutes.
Dynamic IP Range Start/End Enter a starting IP address
and ending IP address to create a range of available IP
addresses. The default range is 100-149. Enter a value for
the DHCP server to start with when issuing IP addresses.
This value must be 192.168.1. 2 or greater, because the
default IP address for the Router is 192.168.1.1.
Static IP
Click Add to List, and configure as many entries as you
would like, up to a maximum of 100. To delete an entry,
select it and click Delete selected Entry.
Block MAC address on the list with wrong IP address To
block traffic from devices with MAC addresses on the Static
IP list but using the wrong IP addresses, select this option.
It prevents users from changing device IP addresses
without your permission.
Block MAC address not on the list To block traffic from
devices using dynamic IP addresses, select this option. It
blocks all devices with MAC addresses not listed on the
Static IP list.
DNS
DNS Server You can assign DNS server(s) to the DHCP
clients so the Router will use the DNS server(s) for faster
access to functioning DNS server(s). Enter the IP address
of at least one DNS server.
WINS
WINS Server Windows Internet Naming Service (WINS)
is a service that resolves NetBIOS names to IP addresses.
WINS is assigned if the computer (DHCP client) requests
one. If you do not know the IP address of the WINS server,
keep the default, 0.0.0.0.
You can assign a static IP address to a specific device based
on its MAC address.
Show unknown MAC addresses Click Show unknown
MAC addresses to view all devices’ IP addresses and
corresponding MAC addresses. The Unknown MAC
Address List appears.
4-Port SSL/IPSec VPN Router
19
Chapter 4
Advanced Configuration
NOTE: To support NetBIOS for DHCP and Virtual
Passage clients, the Router uses two methods.
(Virtual Passage is an ActiveX-based VPN client
that provides full network connectivity for
Windows users. It allows remote access to the
Router’s network through a secure connection.)
First, when the DHCP and Virtual Passage clients
receive dynamic IP addresses from the Router,
it automatically includes the information of
the WINS server to support NetBIOS. Second,
if a user sets up a static IP address, then the IP
address, subnet mask, default gateway, and
DNS server settings must be configured on
the Internet Protocol (TCP/IP) screen of the
Windows operating system. Then the WINS IP
address must be configured on the advanced
TCP/IP screen. (For more information, refer to
Windows Help.)
Click Save Settings to save your changes, or click Cancel Changes to undo them.
DHCP > Status
Client Table
For all network clients using the DHCP server, the Client
Table shows the current DHCP Client information:
Client Host Name This is the name assigned to a client
host.
IP Address It is the dynamic IP address assigned to a
client.
MAC Address This indicates the MAC address of a client.
Leased Time It displays the amount of time a network
user will be allowed connection to the Router with their
current dynamic IP address.
Delete Click the Trash Can icon to delete a DHCP client,
and the client host’s IP address will be released.
Click Refresh to refresh the on-screen information.
DHCP > Multiple VLANs
Use this screen to establish relationships between multiple
subnets and Virtual Local Area Networks (VLANs).
On the Status screen, view the status information for the
DHCP server and its clients.
DHCP > Status
Status
For the DHCP server, the following information is shown:
DHCP Server This is the IP address of the DHCP server.
Dynamic IP Used It shows the number of dynamic IP
addresses used.
DHCP Available This indicates the number of dynamic IP
addresses available.
Total It shows the total number of dynamic IP addresses
that can be assigned by the DHCP server.
DHCP > Multiple VLANs
Multiple VLANs
Enable Multiple VLANs Select this option to establish a
relationship between multiple subnets and VLANs. If you
enable this option and the multiple subnets and VLANs are
not enabled, then the Router will prompt you to configure
and enable the multiple subnets and VLANs.
VLAN ID The VLANs are configured on the Port
Management > Create VLAN screen (by default, all VLANs
created on this screen are part of the default subnet).
The VLAN IDs you assigned are displayed on the Multiple VLANs screen.
Multiple Subnet Multiple subnets define different IP
networks using the subnet mask. They are created after
multiple VLANs are created. (If you want to change the
settings of VLAN 1, then use the Setup > Network screen
4-Port SSL/IPSec VPN Router
20
Chapter 4
Advanced Configuration
to configure the Device IP Address and Subnet Mask
settings.)
Subnet1-4 The subnet numbers are created according
•
to the VLAN numbers. (The multiple subnets can also
be configured on the Setup > Network screen.)
IP Address Enter an IP address.
•
Subnet Mask Select the appropriate subnet mask.
•
Dynamic IP Range When the IP Address and Subnet
Mask settings are configured, the range of IP addresses
is displayed. You can change the range of IP addresses
as long as the total number of IP addresses assigned by
DHCP is 253. The greater the number of multiple subnets,
the fewer the number of IP addresses assigned by DHCP.
NOTE: The Router’s built-in DHCP server can
assign up to 253 IP addresses.
Click Save Settings to save your changes, or click Cancel Changes to undo them.
DHCP > Inter-VLAN Routing
To route packets between different VLANs, enable the
Multiple VLANs option on the Multiple VLANs screen, and
then select the VLANs on the Inter-VLAN Routing screen.
The Internet has a service called the Domain Name Service
(DNS), which allows users to enter an easily remembered
host name, such as www.linksys.com, instead of numerical
TCP/IP addresses to access Internet resources. The DNS
Name Lookup tool will return the numerical TCP/IP address
of a host name.
The Ping test bounces a packet off a machine on the
Internet back to the sender. This test shows if the Router
is able to contact the remote host. If users on the LAN
are having problems accessing services on the Internet,
try pinging the DNS server or other machine at the ISP’s
location. If this test is successful, try pinging devices
outside the ISP. This will show if the problem lies with the
ISP’s connection.
Diagnostic
DNS Name Lookup/Ping Select which tool you want
to use, DNS Name Lookup or Ping. Then proceed to the
appropriate instructions.
DNS Name Lookup
Before using this tool, make sure the IP address of the DNS
server is entered on the Setup > Network screen; otherwise,
this tool will not work.
DHCP > Inter-VLAN Routing
Inter-VLAN Routing
VLAN1-4 Select the VLANs that can route packets to each
other. For example, if you select VLAN1 and VLAN2, then
packets can be routed between VLAN1 and VLAN2, but
packets cannot be routed between VLAN3 and VLAN4.
Click Save Settings to save your changes, or click Cancel Changes to undo them.
System Management > Diagnostic
The Router has two built-in tools, DNS Name Lookup
and Ping, which are used for troubleshooting network
problems.
4-Port SSL/IPSec VPN Router
System Management > Diagnostic > DNS Name Lookup
Look up the name Enter the host name, and click Go.
(Do not add the prefix http:// or else you will get an error
message.) The Router will then query the DNS server and
display the result at the bottom of the screen.
Ping
Before using this tool make sure you know the device or
host’s IP address. If you do not know it, use the Router’s
DNS Name Lookup tool to find the IP address.
21
Chapter 4
System Management > Diagnostic > Ping
Advanced Configuration
Ping host or IP address Enter the IP address of the device
being pinged, and click Go. The test will take a few seconds
to complete. When completed, the Router will display the
results at the bottom of the screen. The results include
this information: status; number of packets transmitted,
received, or lost; and round trip time (minimum, maximum,
and average).
System Management > Factory Default
Use this screen to clear all of your configuration information
and restore the Router to its factory default settings. Only
use this feature if you wish to discard all the settings and
preferences that you have configured.
System Management > Firmware Upgrade
Firmware Upgrade
To download the firmware, refer to the Firmware Download
instructions. If you have already downloaded the firmware
onto your computer, then click the Browse button to look
for the file.
NOTE: If you are using Internet Explorer on
Windows XP, disable the pop-up blocking
function before you upgrade the Router’s
firmware. Refer to “Appendix O: Firmware
Upgrade” for more information.
Firmware Upgrade Right Now After you have selected
the file, click Firmware Upgrade Right Now.
NOTE: The Router will take approximately ten
minutes to upgrade its firmware. During this
process, do not power off the Router or press
the Reset button.
Firmware Download
System Management > Factory Default
Factory Default
Return to Factory Default Setting Click Return to
Factory Default Setting if you want to restore the Router
to its factory default settings. After clicking the button, a
confirmation screen appears. Click OK to continue.
System Management > Firmware Upgrade
You can use this feature to upgrade the Router’s firmware
to the latest version.
4-Port SSL/IPSec VPN Router
Firmware Download from Linksys Web Site If you need
to download the latest version of the Router’s firmware,
click Firmware Download from Linksys Web Site. The
Support page of the Linksys website appears.
Select 4-Port SSL/IPSec VPN Router from the dropdown menu, and choose the firmware from the available
options. After downloading the firmware file, extract it
on your computer. Then follow the Firmware Upgrade
instructions.
For more details, refer to “Appendix O: Firmware
Upgrade”.
System Management > Restart
If you need to restart the Router, Linksys recommends that
you use the Restart tool on this screen. When you restart
22
Loading...
+ 87 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.