Cisco Systems RVL200 User Manual

0 (0)

USER GUIDE

BUSINESS SERIES

4-Port SSL/IPSec

VPN Router

Model: RVL200

About This Guide

Icon Descriptions

While reading through the User Guide you may see various icons that call attention to specific items. Below is a description of these icons:

NOTE: This check mark indicates that there is a note of interest and is something that you should pay special attention to while using the product.

WARNING: This exclamation point indicates that there is a caution or warning and it is something that could damage your property or product.

WEB: This globe icon indicates a noteworthy website address or e-mail address.

Online Resources

Website addresses in this document are listed without http:// in front of the address because most current web browsers do not require it. If you use an older web browser, you may have to add http:// in front of the web address.

Resource

Website

 

 

Linksys

www.linksys.com

Linksys International

www.linksys.com/international

Glossary

www.linksys.com/glossary

Network Security

www.linksys.com/security

 

 

Copyright and Trademarks

Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2007 Cisco Systems, Inc. All rights reserved. Other brands and product names are trademarks or registered trademarks of their respective holders.

About This Guide

Open Source

This product may contain material licensed to you under the GNU General Public License or other open-source software licenses. Upon request, open-source software source code is available at cost from Linksys for at least three years from the product purchase date.

WEB: For detailed license terms and additional information visit: www.linksys.com/gpl

4-Port SSL/IPSec VPN Router

ii

Table of Contents

Chapter 1: Introduction

 

 

 

 

1

Introduction to the Router

 

 

 

 

1

Introduction to Virtual Private Networks (VPNs) . . . . . . . . . . . .

. .

. .

.

 

. 1

VPN Router to VPN Router . . . . . . . . . . . . . . . . . . .

. .

. .

.

.

1

Computer (using SSL VPN client software) to VPN Router . . . . . .

. .

. .

.

 

. 2

Chapter 2: Product Overview

 

 

 

 

3

Front Panel

 

 

 

 

3

Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

.

 

. 3

Chapter 3: Installation

 

 

 

 

4

Physical Installation . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

.

 

. 4

Horizontal Placement . . . . . . . . . . . . . . . . . . . . .

. .

. .

.

.

4

Vertical Placement . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

4

Wall-Mounting Placement . . . . . . . . . . . . . . . . . . .

. .

. .

.

.

4

Cable Connection . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

5

Chapter 4: Advanced Configuration

 

 

 

 

6

Overview

 

 

 

 

6

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

.

.

6

Internet Explorer 6.0 or Higher . . . . . . . . . . . . . . . . .

. .

. .

.

.

6

Netscape Communicator 8.0 or Higher . . . . . . . . . . . . . .

. .

. .

.

 

. 6

How to Access the Web-Based Utility . . . . . . . . . . . . . . . .

. .

. .

. .

 

7

System Summary

 

 

 

 

8

System Information . . . . . . . . . . . . . . . . . . . . . .

. .

. .

.

 

. 8

Port Statistics . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

9

Network Setting Status . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

9

Firewall Setting Status

 

 

 

 

9

IPSec VPN Setting Status . . . . . . . . . . . . . . . . . . . .

. .

. .

.

 

. 9

SSL VPN Setting Status . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

9

Log Setting Status . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

9

Setup Tab > Network . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

.

.10

Network . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

10

Setup > Password . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

12

Password . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

13

Setup > Time . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

13

Time . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

13

Setup > DMZ Host . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

13

DMZ Host

 

 

 

 

13

Setup Tab > Forwarding . . . . . . . . . . . . . . . . . . . . . .

. .

. .

.

 

14

Forwarding

 

 

 

 

14

Setup > UPnP . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

. .

. .

 

15

UPnP

 

 

 

 

15

4-Port SSL/IPSec VPN Router

Table of Contents

Setup > One-to-One NAT

 

16

One-to-One NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . .

 

.16

Setup > MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

16

MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Setup > DDNS

 

17

DDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

17

Setup > Advanced Routing . . . . . . . . . . . . . . . . . . . . . . . . .

.

17

Advanced Routing . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

17

DHCP > Setup

 

18

Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

19

DHCP > Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

20

Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

20

DHCP > Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . .

.

20

Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

20

DHCP > Inter-VLAN Routing

 

21

Inter-VLAN Routing . . . . . . . . . . . . . . . . . . . . . . . . . .

.

21

System Management > Diagnostic . . . . . . . . . . . . . . . . . . . . . .

 

.21

Diagnostic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

21

System Management > Factory Default . . . . . . . . . . . . . . . . . . . .

 

.22

Factory Default . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

22

System Management > Firmware Upgrade . . . . . . . . . . . . . . . . . .

.

22

Firmware Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

22

System Management > Restart

 

22

Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

 

.23

System Management > Setting Backup . . . . . . . . . . . . . . . . . . . .

 

.23

Import Configuration File . . . . . . . . . . . . . . . . . . . . . . . .

 

.23

Export Configuration File

 

23

System Management > Port Mirroring . . . . . . . . . . . . . . . . . . . .

.

23

Port Mirroring

 

23

System Management > IGMP Snooping . . . . . . . . . . . . . . . . . . . .

 

.23

Port Management > Port Setup . . . . . . . . . . . . . . . . . . . . . . .

.

24

Basic Per Port Config. . . . . . . . . . . . . . . . . . . . . . . . . . .

 

.24

Port Management > Port Status . . . . . . . . . . . . . . . . . . . . . . .

.

24

Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.

24

Port Management > Create VLAN . . . . . . . . . . . . . . . . . . . . . .

.

25

Create VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

 

.25

Port Management > Port Setting

 

25

Port Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

 

.25

Port Management > VLAN Membership . . . . . . . . . . . . . . . . . . . .

 

.25

VLAN Membership

 

26

QoS > Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . .

.

26

Bandwidth Management

 

26

4-Port SSL/IPSec VPN Router

ii

Table of Contents

QoS > QoS Setup

 

 

 

 

28

QoS Setup . . . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

28

QoS > Queue Settings . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

29

Queue Settings . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

29

QoS > DSCP Settings . . . . . . . .

. . . . . . . . . . . . . . . .

. .

. .

 

.29

DSCP Settings

 

 

 

 

30

Firewall > General

 

 

 

 

30

General . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

. .

. .

 

.30

Firewall > Access Rules . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

31

Access Rules . . . . . . . . . .

. . . . . . . . . . . . . . . .

. .

. .

 

.31

Add a New Access Rule . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

32

Firewall > Content Filter . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

33

Content Filter . . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

33

IPSec VPN > Summary . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

34

Summary

 

 

 

 

35

IPSec VPN > Gateway to Gateway . . .

. . . . . . . . . . . . . . .

. .

. .

.

35

Add a New Tunnel . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

35

IPSec Setup . . . . . . . . . .

. . . . . . . . . . . . . . . .

. .

. .

 

.38

IPSec VPN > VPN Pass Through

 

 

 

 

40

VPN Pass Through . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

40

SSL VPN > Summary

 

 

 

 

40

Summary

 

 

 

 

40

SSL VPN > Certificate Management . .

. . . . . . . . . . . . . . . .

. .

. .

 

.40

SSL VPN > User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . .

. . .

. .41

User Management . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

41

SSL VPN > Virtual Passage . . . . . .

. . . . . . . . . . . . . . . .

. .

. .

 

.42

Virtual Passage . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

43

SNMP > Global Parameters . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

43

Global Parameters . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

43

SNMP > Views

 

 

 

 

44

Views . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

44

SNMP > Group Profile

 

 

 

 

44

Group Profile . . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

44

SNMP > Group Membership

 

 

 

 

45

Group Membership . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

45

SNMP > Communities

 

 

 

 

45

Communities . . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

45

SNMP > Notification Recipient . . . .

. . . . . . . . . . . . . . . .

. .

. .

 

.46

Notification Recipient . . . . . .

. . . . . . . . . . . . . . . .

. .

. .

 

.46

Log > System Log . . . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

47

System Log

 

 

 

 

47

Log > System Statistics . . . . . . . .

. . . . . . . . . . . . . . .

. .

. .

.

48

4-Port SSL/IPSec VPN Router

iii

Table of Contents

Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.49

Basic Setup

 

 

49

Access Rule Setup . . . . . . . . . . . . . . . . . . . . . . . . . .

.

.

51

Support

 

 

53

Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.53

Linksys Web Site . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.53

Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.53

Appendix A: Troubleshooting

 

 

55

Appendix B: Virtual Passage SSL VPN Client

 

 

56

Overview

 

 

56

Before You Begin (Windows OS) . . . . . . . . . . . . . . . . . . . . . .

.

.

56

Internet Explorer 6.0 or Higher . . . . . . . . . . . . . . . . . . . .

. .

 

.56

Netscape Communicator 8.0 or Higher . . . . . . . . . . . . . . . . .

.

.

57

Make the SSL VPN Portal a Trusted Site (Windows OS) . . . . . . . . . . . .

. .

 

.57

Login for the SSL VPN Portal (Windows OS) . . . . . . . . . . . . . . . . .

.

.

58

Installation of the Virtual Passage Client (Windows OS) . . . . . . . . . . . .

.

.

58

Logout of the SSL VPN Portal (Windows OS) . . . . . . . . . . . . . . . .

. .

 

.59

Windows Vista Usage . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.60

Login for the SSL VPN Portal (Mac OS X) . . . . . . . . . . . . . . . . . .

. .

 

.60

Installation of the Virtual Passage Client (Mac OS X)

 

 

60

Removal of the Virtual Passage Client (Mac OS X) . . . . . . . . . . . . . .

. .

 

.61

Before You Begin (Linux OS)

 

 

62

Login for the SSL VPN Portal (Linux OS)

 

 

62

Installation of the Virtual Passage Client (Linux OS) . . . . . . . . . . . . . .

.

.

62

Removal of the Virtual Passage Client (Linux OS)

 

 

63

Appendix C: Bandwidth Management

 

 

64

Overview

 

 

64

Creation of New Services

 

 

64

Creation of New Bandwidth Management Rules

 

 

65

Appendix D: Active Directory Server

 

 

66

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.70

Appendix E: User for the Active Directory Server

 

 

71

Appendix F: Internet Authentication Service (IAS) Server

 

 

73

Appendix G: Lightweight Directory Access Protocol (LDAP) Server

 

 

79

4-Port SSL/IPSec VPN Router

iv

Table of Contents

Appendix H: Deployment in an Existing Network

 

 

80

Overview

 

 

80

LAN-to-LAN Connection . . . . . . . . . . . . . . . . . . . . . . . . .

.

.

80

WAN-to-LAN Connection

 

 

81

Appendix I: Gateway-to-Gateway VPN Tunnel

 

 

82

Overview

 

 

82

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.82

Configuration when the Remote Gateway Uses a Static IP Address . . . . . . .

.

.

82

Configuration of the RVL200

 

 

82

Configuration of the RV082 . . . . . . . . . . . . . . . . . . . . . .

.

.

83

Configuration of PC 1 and PC 2 . . . . . . . . . . . . . . . . . . . .

. .

 

.83

Configuration when the Remote Gateway Uses a Dynamic IP Address

 

 

84

Configuration of the RVL200

 

 

84

Configuration of the RV082 . . . . . . . . . . . . . . . . . . . . . .

.

.

84

Configuration of PC 1 and PC 2 . . . . . . . . . . . . . . . . . . . .

. .

 

.85

Configuration when Both Gateways Use Dynamic IP Addresses . . . . . . . .

. .

 

.85

Configuration of the RVL200

 

 

85

Configuration of the RV082 . . . . . . . . . . . . . . . . . . . . . .

.

.

86

Configuration of PC 1 and PC 2 . . . . . . . . . . . . . . . . . . . .

. .

 

.86

Appendix J: IPSec NAT Traversal

 

 

87

Overview

 

 

87

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. .

 

.87

Configuration of Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . .

.

.

87

Configuration of Router A . . . . . . . . . . . . . . . . . . . . . .

. .

 

.87

Configuration of Router B . . . . . . . . . . . . . . . . . . . . . .

. .

 

.88

Configuration of Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . .

.

.

89

Configuration of the One-to-One NAT Rules

 

 

89

Configuration of Router B . . . . . . . . . . . . . . . . . . . . . .

. .

 

.89

Configuration of Router A . . . . . . . . . . . . . . . . . . . . . .

. .

 

.90

Appendix K: Configuration of Multiple Subnets

 

 

91

Overview

 

 

91

RVL200-to-RV042 Configuration . . . . . . . . . . . . . . . . . . . . . .

.

.

91

RVL200 Configuration

 

 

91

RV042 #1 Configuration

 

 

92

RV042 #2 Configuration

 

 

93

Appendix L: Multiple VLANs with Computers

 

 

94

Overview

 

 

94

RVL200-to-SRW2048 Configuration . . . . . . . . . . . . . . . . . . . .

. .

 

.94

RVL200 Configuration

 

 

94

SRW2048 Configuration . . . . . . . . . . . . . . . . . . . . . . .

.

.

95

4-Port SSL/IPSec VPN Router

Table of Contents

Appendix M: Multiple VLANs and Subnets

 

 

 

96

Overview

 

 

 

96

RVL200 Configuration

 

 

 

96

Basic Instructions

 

 

 

96

Inter-VLAN Routing Option . . . . . . . . . . . . . . . .

. . . . . .

.

.

97

Appendix N: Access of Multiple VLANs over a SSL VPN Tunnel

 

 

 

98

Overview

 

 

 

98

SSL VPN Connection

 

 

 

98

Static Route . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . .

. .

 

.98

Windows Operating System (OS)

 

 

 

98

Mac OS X . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . .

.

.

98

Linux OS . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . .

.

.

98

Appendix O: Firmware Upgrade

 

 

 

99

Overview

 

 

 

99

Before You Begin . . . . . . . . . . . . . . . . . . . . . .

. . . . . .

. .

 

.99

Internet Explorer 6.0 or Higher . . . . . . . . . . . . . .

. . . . . .

. .

 

.99

How to Access the Web-Based Utility . . . . . . . . . . . . . .

. . . . . .

.

.

99

Upgrade the Firmware . . . . . . . . . . . . . . . . . . . .

. . . . . .

.

100

Appendix P: Battery Replacement

 

 

101

Overview

 

 

101

Replace the Lithium Battery

 

 

101

Appendix Q: Specifications

 

 

102

Appendix S: Regulatory Information

 

 

104

FCC Statement . . . . . . . . . . . . . . . . . . . . . . .

. . . . . .

.

. 104

Safety Notices

 

 

104

Industry Canada Statement . . . . . . . . . . . . . . . . . .

. . . . . .

.

104

Avis d’Industrie Canada

 

 

104

User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste

Electric and Electronic Equipment (WEEE)

 

 

105

Appendix T: Contact Information

 

 

109

4-Port SSL/IPSec VPN Router

vi

Chapter 1

Chapter 1:

Introduction

Introduction to the Router

Thank you for choosing the Linksys 4-Port SSL/IPSec VPN Router. The Router is an advanced Internet-sharing network solution for your small business needs. Like any router, it lets multiple computers in your office share an Internet connection. It features a built-in, 4-port, fullduplex, 10/100 Ethernet switch to connect four computers directly, or you can connect more switches to create as big a network as you need. If you have multiple routers in your Local Area Network (LAN), you can use the Router’s multiple subnet feature to support those routers.

The five Secure Sockets Layer (SSL) Virtual Private Network (VPN) tunnels gives your mobile workers a secure and easy way to stay connected. Additionally, an IPSec (Internet Protocol Security), gateway-to-gateway VPN tunnel facilitates branch office connectivity. As an essential element of your business, the Router provides security functions for authentication, encryption, and firewall. Additional security features includes Denial of Service (DoS) prevention and HTTPS management, while the Quality of Service (QoS) features provide consistent voice and video quality throughout your business.

Use the browser-based utility to configure settings and run convenient wizards that will help you set up the Router and its access rules.

Introduction to Virtual Private Networks (VPNs)

A VPN is a connection between two endpoints—a VPN Router, for instance—in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. This establishes a private network that can send data securely between these two locations or networks.

The private network is established by creating a“tunnel”. A VPN tunnel connects the two computers or networks and allows data to be transmitted over the Internet as if it were still within those networks. A VPN tunnel uses industrystandard encryption and authentication techniques to secure the data sent between the two networks.

Virtual Private Networking was created as a cost-effective alternative to using a private, dedicated, leased line for a private network. It can be used to create secure networks linking a central office with branch offices, telecommuters, and/or professionals on the road. The 4-Port SSL/IPSec

Introduction

VPN Router supports two of the most popular VPN tunnel types, SSL and IPSec.

There are two basic ways to create a VPN connection:

VPN Router to VPN Router

computer (using SSL VPN client software) to

 

VPN Router

 

 

 

 

 

 

NOTE: The 4-Port SSL/IPSec VPN Router does

 

 

not support IPSec VPN client software.

The VPN Router creates a“tunnel”or channel between two endpoints, so that data transmissions between them are secure. A computer with SSL or IPSec VPN client software can be one of the two endpoints.

For an IPSec VPN tunnel, any computer with the built-in IPSec Security Manager (Windows 2000 and XP) allows the VPN Router to create a VPN tunnel using IPSec (Windows Vista uses a similar utility). Other Windows operating systems require additional, third-party VPN client software applications that support IPSec to be installed.

For an SSL VPN tunnel, a computer can download the Virtual Passage SSL VPN client software during first-time connection to the SSL VPN Portal. (See“Appendix B: Virtual Passage SSL VPN Client.”)

VPN Router to VPN Router

An example of a VPN Router-to-VPN Router VPN would be as follows. At home, a telecommuter uses his VPN Router for his always-on Internet connection. His Router is configured with his office’s VPN settings. When he connects to his office’s router, the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs utilize the Internet, distance is not a factor. Using the VPN, the telecommuter now has a secure connection to the central office’s network, as if he were physically connected.

4-Port SSL/IPSec VPN Router

 

Chapter 1

Introduction

Home

Internet

VPN Router

Central Office

VPN Router

VPN Router to VPN Router

Computer (using SSL VPN client software) to VPN Router

The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling businesswoman connects to her Internet Service Provider (ISP). Her notebook computer has VPN client software that is configured with her office’s VPN settings. She accesses the VPN client software and connects to the VPN Router at the central office. As VPNs utilize the Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure connection to the central office’s network, as if she were physically connected.

Off-Site

Internet

Notebook with VPN

Client Software

VPN

Central Office

Router

 

Computer to VPN Router

For additional information and instructions about creating your own VPN, visit the Linksys website at www.linksys.com.

4-Port SSL/IPSec VPN Router

 

Chapter 2

Chapter 2:

Product Overview

Front Panel

Power  (Green)  The Power LED lights up green and stays on while the Router is powered on.

Diag  (Orange)  The Diag LED lights up when the Router is not ready for use. During a warm reset, it flashes slowly. During a reset to factory defaults, it flashes quickly. The LED turns off when the Router is ready for use.

Internet  (Green)  The Internet LED lights up and stays on when there is a connection made through the Internet port. It flashes to indicate network activity over the Internet port.

Ethernet 1-4  (Green)  These numbered LEDs, corresponding with the numbered ports on the Router’s back panel, serve two purposes. If the LED is solidly lit, the Router is connected to a device through that port. It flashes to indicate network activity over that port.

Product Overview

Back Panel

Reset  The Reset button can be used in one of two ways, warm reset and reset to factory defaults.

WarmReset  IftheRouterishavingproblems connecting to the Internet, press and hold in the Reset button for four seconds using the tip of a pen. This is similar to pressing the power button on your computer to reboot it. The Diag LED will flash slowly during a warm reset.

Reset to Factory Defaults  If you are

experiencing extreme problems with the Router and have tried all other troubleshooting measures, press and hold in the Reset button for ten seconds. This will restore the factory defaults and clear all of the Router’s custom settings. The Diag LED will flash quickly during a reset to factory defaults.

You can also reset the Router to factory defaults using the System Management > Factory Defaults screen of the Router’s web based utility.

Internet  The Internet port is where you will connect your cable or DSL Internet connection.

Ethernet 1, 2, 3, 4  These Ethernet ports (1, 2, 3, 4) connect the Router to wired computers and other Ethernet network devices.

Power  The Power port is where you connect the power adapter.

4-Port SSL/IPSec VPN Router

 

Chapter 3

Chapter 3:

Installation

Physical Installation

There are three ways to place the Router. The first way is to place it horizontally on a surface, so it sits on its four rubber feet. The second way is to stand the Router vertically on a surface. The third way is to mount it on a wall.

Horizontal Placement

The Router has four rubber feet on its bottom panel. Set the Router on a flat surface near an electrical outlet.

WARNING: Do not place excessive weight on top of the Router; too much weight could damage it.

Vertical Placement

1.Line up the edges of the Router with the two stands.

2.Insert the Router into the stands.

3.Set the Router on a flat surface near an electrical outlet.

Installation

Wall-Mounting Placement

The Router has two wall-mount slots on its bottom. The distance between the two slots is 64.4 mm (2.535 inches).

Two screws are needed to mount the Router.

Suggested Mounting Hardware

5.0-6.0 mm

1.6-2.0 mm

-3.8 mm

3.0

 

 

Note: Mounting hardware illustrations are not true to scale.

NOTE: Linksys is not responsible for damages incurred by insecure wall-mounting hardware.

Follow these instructions:

1.Determine where you want to mount the Router. Make sure that the wall you use is smooth, flat, dry, and sturdy. Also make sure the location is within reach of an electrical outlet.

2.Drill two holes into the wall. Make sure the holes are 64.4 mm (2.535 inches) apart.

3.Insert a screw into each hole and leave 5 mm (0.2 inches) of its head exposed.

4.Maneuver the Router so the wall-mount slots line up with the two screws.

5.Place the wall-mount slots over the screws and slide the Router down until the screws fit snugly into the wall-mount slots.

64.4 mm

Print this page at 100% size. Cut along the dotted line, and place on the wall to drill precise spacing.

Wall Mounting Template

4-Port SSL/IPSec VPN Router

Chapter 3

Installation

Cable Connection

To connect network devices to the Router, follow these instructions:

1.Before you begin, make sure that all of your hardware is powered off, including the Router, computers, switches, and cable or DSL modem.

2.Connect your cable or DSL modem’s Ethernet cable to the Router’s Internet port.

Connect to the Internet Port

3.Power on the cable or DSL modem.

4.Connect one end of an Ethernet network cable to one of the numbered ports on the back of the Router. Connect the other end to an Ethernet port on a network device, such as a computer or switch.

Repeat this step to connect more computers or other network devices to the Router.

Connect to the Network Device

5.Connect the included power adapter to the Router’s Power port, and then plug the power adapter into an electrical outlet.

Connect the Power

6.The Power LED on the front panel will light up as soon as the power adapter is connected properly.

7.Power on your computers and other network devices.

4-Port SSL/IPSec VPN Router

 

Chapter 4

Chapter 4:

Advanced Configuration

Overview

For your convenience, use the Router’s web-based utility to set it up and configure it. This chapter will explain all of the functions in this utility.

These are the main tabs of the utility: System Summary, Setup, DHCP, System Management, Port Management, QoS, Firewall, IPSec VPN, SSL VPN, SNMP, Log, Wizard, Support, and Logout. Additional tabs will be available after you click one of the main tabs.

Before You Begin

The Router’s web-based utility and SSL VPN Portal support Internet Explorer 6.0 (or higher) and Netscape Communicator 8.0 (or higher) running in a Windows environment.

To configure the SSLVPN software, your web browser must have SSL, JavaScript, ActiveX, and cookies enabled (these settings are enabled by default). If the settings are already enabled, proceed to the next section, “How to Access the Web-Based Utility”. If the settings are disabled, you should enable them before configuring the Router. Proceed to the instructions for your web browser.

Internet Explorer 6.0 or Higher

1.Open Internet Explorer.

2.Click Tools.

3.Click Internet Options.

4.Click the Advanced tab.

5.Select Use SSL 2.0 and Use SSL 3.0.

Internet Explorer > Tools > Internet Options > Advanced

4-Port SSL/IPSec VPN Router

Advanced Configuration

6.Click OK.

7.Click the Security tab.

8.Click Custom Level.

9.Select Enable for Active scripting, Allow paste operations via script, and Scripting of Java applets.

Internet Explorer > Tools > Internet Options > Security

10.Click OK.

11.Click the Privacy tab.

12.Click Advanced.

13.Deselect (remove the checkmark from) Override automatic cookie handling.

Internet Explorer > Tools > Internet Options > Privacy

14.Click OK.

15.Click OK again.

Netscape Communicator 8.0 or Higher

1.Open Netscape Communicator.

2.Click Tools.

3.Click Options.

4.Click Site Controls.

5.Click the Trust Preferences tab.

6.In the Master Settings section, click I’m Not Sure.

Chapter 4

7.Select Allow cookies.

8.Select Enable JavaScript.

9.Click Advanced.

10.Select Enable ActiveX.

Netscape Communicator > Options > Site Controls > Web Features

11.Click OK.

12.Under Options, click Advanced.

13.Click Security.

14.Select Use SSL 2.0 and Use SSL 3.0.

Netscape Communicator > Options > Advanced > Security

15. Click OK.

Advanced Configuration

How to Access the Web-Based Utility

1.For local access of the Router’s web-based utility, launch your web browser, and enter the Router’s default IP address, 192.168.1.1, in the Address field. Press the Enter key.

Address Bar

NOTE: If the Remote Management feature on the Firewall > General screen has been enabled, then users with administrative privileges can remotely access the web-based utility. Use https://<WAN IP address of the Router>.

2.A login screen prompts you for your User Name and Password. Enter admin in the User Name field, and enter admin in the Password field. (You can change the Password on the Setup > Password screen.) Then click Login.

Login Screen

3.After you have logged in, you will be asked to install the Web Cache Cleaner application. This will prompt any user of the Router to delete all temporary Internet files, cookies, and browser history when the user logs out or closes the web browser window. (The ActiveX web cache control will be ignored by web browsers that do not support ActiveX.)

Click the link to install the Web Cache Cleaner.

4-Port SSL/IPSec VPN Router

 

Cisco Systems RVL200 User Manual

Chapter 4

Advanced Configuration

 

 

 

 

Click to Install the Web Cache Cleaner

4. On the Security Warning screen, click Yes.

Click Yes to Install

5.The Web Cache Cleaner will be installed in C:\\ WINDOWS\Downloaded Program Files. Proceed to the rest of this chapter for information about the webbased utility.

When you or another user logs out, a Warning screen will appear. It will ask you to confirm that you want to delete the History Item for the Router. Click Yes.

Click Yes to Delete History

System Summary

The first screen that appears is the System Summary screen, which displays the Router’s current status and settings. This information is read-only. Underlined text is hyperlinked to related setup pages, so if you click a hyperlink, the related setup screen will appear. On the right-hand side of this screen and all other screens of the utility is a link to the Site Map, which has links to all of the utility’s tabs. Click Site Map to view the Site Map. Then, click the desired tab.

System Summary

Site Map

System Information

Serial Number  Displayed here is the serial number of the Router.

Firmware version  Displayed here is the current version number of the firmware installed on the Router.

CPU  Displayed here are the type and speed of the processor installed on the Router.

DRAM  Displayed here is the size of DRAM installed on the Router’s motherboard.

Flash  Displayed here is the size of flash memory installed on the Router’s board.

4-Port SSL/IPSec VPN Router

Chapter 4

Advanced Configuration

System Up Time  This is the length of time in days, hours, and minutes that the Router has been active. The current time and date are also displayed.

Port Statistics

Click any port on the Router’s rear panel image to see the status of the selected port. If the port is disabled, it will be red; if enabled, it will be black. If the port is connected, it will be green. Information about the selected port will appear in a separate window.

The port’s Summary table shows the settings of the selected port, including Type, Interface, Link Status, Port Activity, Priority, Speed Status, Duplex Status, and Auto negotiation.

Port 1 Information

For the selected port, the statistics table shows this information: number of packets received, number of packet bytes received, number of packets transmitted, number of packet bytes transmitted, and number of packet errors.

To update the on-screen information, click Refresh. To exit this screen, click Close.

Network Setting Status

LAN IP  It shows the current LAN IP Address of the Router, as seen by internal users on the network, and it hyperlinks to the LAN Setting section on the Network screen of the Setup tab.

WAN IP  This shows the current WAN IP address of the Router, as seen by external users on the Internet and hyperlinks to the WAN Connection Type settings on the Network screen of the Setup tab. If the port is set to Obtain an IP automatically, two buttons, Release and Renew, will be available. Click Release to release the IP address, and

click Renew to update the DHCP Lease Time or get a new IP address. If the WAN port is set to PPPoE or PPTP, two buttons, Connect and Disconnect, will be available.

Mode  It shows the Router’s Working Mode (Gateway or Router), and it hyperlinks to the Dynamic Routing section on the Advanced Routing screen of the Setup tab.

DNS  It shows all DNS Server Addresses and hyperlinks to the WAN Connection Type settings on the Network screen of the Setup tab.

DDNS  It shows the DDNS settings of the Router’s WAN port and hyperlinks to the DDNS screen of the Setup tab.

DMZ Host  It shows the DMZ Private IP Address and hyperlinks to the DMZ Host screen of the Setup tab. The default is Disabled.

Firewall Setting Status

SPI (Stateful Packet Inspection)  It shows the status (On/Off) of the SPI setting and hyperlinks to the General screen of the Firewall tab.

DoS (Denial of Service)  It shows the status (On/Off) of the DoS setting and hyperlinks to the General screen of the Firewall tab.

Block WAN Request  It shows the status (On/Off) of the Block WAN Request setting and hyperlinks to the General screen of the Firewall tab.

Remote Management  It shows the status (On/Off) of the Remote Management setting and hyperlinks to the General screen of the Firewall tab.

IPSec VPN Setting Status

IPSecVPN Summary  It hyperlinks to the Summary screen of the IPSec VPN tab.

Tunnel(s) Used  It shows the number of VPN tunnels used.

Tunnel(s) Available  It shows the number of VPN tunnels available.

SSL VPN Setting Status

SSL VPN Summary  It hyperlinks to the Summary screen of the SSL VPN tab.

Tunnel(s) Used  It shows the number of VPN tunnels used.

Tunnel(s) Available  It shows the number of VPN tunnels available.

Log Setting Status

It hyperlinks to the System Log screen of the Log tab.

4-Port SSL/IPSec VPN Router

Chapter 4

Advanced Configuration

If you have not set up the e-mail server on the Log tab, the message, “E-mail cannot be sent because you have not specified an outbound SMTP server address,” will be displayed.

If you have set up the mail server but the log has not been generated due to the Log Queue Length and Log Time Threshold settings, the message, “E-mail settings have been configured,” will be displayed.

If you have set up the e-mail server and the log has been sent to the e-mail server, the message, “E-mail settings have been configured and sent out normally,” will be displayed.

If you have set up the e-mail server and the log cannot be sent to the e-mail server, the message, “E-mail cannot be sent out, probably use incorrect settings,” will be displayed.

Setup Tab > Network

The Setup > Network screen shows all of the Router’s basic setup functions. The Router can be used in most network setups without changing any of the default values; however, you may need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL or cable) carrier. The setup information is provided by your ISP.

Setup > Network

Network

Host Name and Domain Name  Enter a host and domain name for the Router. Some ISPs require these names as identification. You may have to check with your ISP to see if your broadband Internet service has been configured with a host and domain name. In most cases, you can leave these fields blank.

LAN Setting

The MAC Address of the Router is displayed.

Device IP Address and Subnet Mask  The default values are 192.168.1.1 for the Router’s local IP address and 255.255.255.0 for the subnet mask.

Multiple Subnet  Select this option to enable the Multiple Subnet feature. Then click Add/Edit to create or modify subnet(s). A new screen appears.

Create or Modify a Subnet

LAN IP Address  Enter the LAN IP address. Subnet Mask  Enter the subnet mask.

Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Network screen.

If you want to modify a subnet you have created, select it and Make changes.. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Network screen.

If you want to delete a subnet you have created, select it and click Delete selected subnet. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Network screen.

WAN Connection Type

WAN

There are four connection types available: Obtain an IP automatically, Static IP, PPPoE, and PPTP. Depending on which connection type you select, you will see various settings.

Obtain an IP Automatically

If your ISP automatically assigns an IP address, select

Obtain an IP automatically. (Most cable modem

4-Port SSL/IPSec VPN Router

10

Chapter 4

Advanced Configuration

subscribers use this connection type.) Your ISP assigns these values.

Obtain an IP Automatically

DNS Server (Required) 1/2  If you select Use the Following DNS Server Addresses, enter your DNS server IP address(es) (enter at least one). Multiple DNS server IP settings are common. In most cases, the first available DNS entry is used.

MTU  The MTU (Maximum Transmission Unit) setting specifies the largest packet size permitted for network transmission. To manually set a value, select Manual and enter the value desired in the field provided. You should leave this value in the 1200 to 1500 range, and most DSL users should use the value 1492. The default is Auto, which allows the Router to select the best MTU for your Internet connection.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Static IP

If you are required to use a permanent IP address, select

Static IP.

Static IP

Specify WAN IP Address  Enter the external IP address of the Router.

Subnet Mask  Enter the subnet mask of the Router.

Default Gateway Address  Enter the IP address of the default gateway.

DNS Server (Required) 1/2  If you select Use the Following DNS Server Addresses, enter your DNS server IP address(es) (enter at least one). Multiple DNS server IP settings are common. In most cases, the first available DNS entry is used.

MTU  The MTU (Maximum Transmission Unit) setting specifies the largest packet size permitted for network transmission. To manually set a value, select Manual and enter the value desired in the field provided. You should leave this value in the 1200 to 1500 range, and most DSL users should use the value 1492. The default is Auto, which allows the Router to select the best MTU for your Internet connection.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

PPPoE (Point-to-Point Protocol over Ethernet)

Some DSL-based Internet Service Providers (ISPs) use PPPoE (Point-to-Point Protocol over Ethernet) to establish Internet connections for end-users. If you use a DSL line, check with your ISP to see if they use PPPoE, select

PPPoE.

PPPoE

User Name and Password  Enter your account’s User Name and Password. The maximum number of characters is 60.

Connect on Demand  If you select the Connect on Demand option, the connection will be disconnected after a specified period of inactivity (Max Idle Time). If you have been disconnected due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as soon as you attempt to access the Internet again. Enter the number of minutes you want to have elapsed before your Internet access disconnects. The default Max Idle Time is 5 minutes.

4-Port SSL/IPSec VPN Router

11

Chapter 4

Advanced Configuration

Keep Alive: Interval  If you select the Keep Alive option, the Router will send keep-alive packets as often as you specify. The default Interval is 30 seconds.

Keep Alive: Retry Times  If you select the Keep Alive option, the Router will send keep-alive packets as many times as you specify. If the Router does not receive a response from the ISP, then the Router will terminate the connection and start sending PADI packets after the Redial Period. The default Retry Times is 5 times.

Keep Alive: Redial Period  If you select the Keep Alive option, the Router will keep the connection alive by sending out a few data packets periodically, so your ISP thinks that the connection is still active. This option keeps your connection active indefinitely, even when it sits idle. The default Redial Period is 30 seconds.

MTU  The MTU (Maximum Transmission Unit) setting specifies the largest packet size permitted for network transmission. To manually set a value, select Manual and enter the value desired in the field provided. You should leave this value in the 1200 to 1500 range, and most DSL users should use the value 1492. The default is Auto, which allows the Router to select the best MTU for your Internet connection.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

PPTP (Point-to-Point Tunneling Protocol)

Point to Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only.

PPTP

Specify WAN IP Address  Enter the external IP address of the Router.

Subnet Mask  Enter the subnet mask of the Router.

Default Gateway Address  Enter the IP address of the default gateway.

DNS Server (Required) 1/2  If you select Use the Following DNS Server Addresses, enter your DNS server IP address(es) (enter at least one). Multiple DNS server IP settings are common. In most cases, the first available DNS entry is used.

User Name and Password  Enter your account’s User Name and Password. The maximum number of characters is 60.

Connect on Demand  If you select the Connect on Demand option, the connection will be disconnected after a specified period of inactivity (Max Idle Time). If you have been disconnected due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as soon as you attempt to access the Internet again. Enter the number of minutes you want to have elapsed before your Internet access disconnects. The default Max Idle Time is 5 minutes.

Keep Alive  If you select the Keep Alive option, the Router will keep the connection alive by sending out a few data packets periodically, so your ISP thinks that the connection is still active. This option keeps your connection active indefinitely, even when it sits idle. The default Redial Period is 30 seconds.

MTU  The MTU (Maximum Transmission Unit) setting specifies the largest packet size permitted for network transmission. To manually set a value, select Manual and enter the value desired in the field provided. You should leave this value in the 1200 to 1500 range, and most DSL users should use the value 1492. The default is Auto, which allows the Router to select the best MTU for your Internet connection.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > Password

The Router’s default User Name and Password is admin, and Linksys strongly recommends that you change the Router’s password from the default to a unique password.

NOTE: The password cannot be recovered if it is lost or forgotten. If the password is lost or forgotten, you have to reset the Router to its factory default settings; this will remove all of your configuration changes.

4-Port SSL/IPSec VPN Router

12

Chapter 4

Advanced Configuration

Setup > Password

Password

The User Name is admin; it cannot be changed.

Old Password  Enter the old password. The default is admin when you first power up the Router.

New Password  Enter a new password for the Router. Your password must have 20 or fewer characters and cannot contain any spaces.

Confirm New Password  Re-enter the new password to confirm it.

Click Save Settings to save your change, or click Cancel Changes to undo it.

Setup > Time

The Router uses the time settings to time stamp log events, automatically apply the Access Rules and Content Filter, and perform other activities for other internal purposes.

Time

To set the local time, select Set the local time using the Network Time Protocol (NTP) automatically or Set the local time Manually.

Automatic

Setup > Time > Automatic

Time Zone  Select your time zone (the default Time Zone is Pacific Time).

Daylight Saving  To use the daylight saving feature, select Enabled. Enter the Month and Day of the start date, and then enter the Month and Day of the end date.

NTP Server  Enter the URL or IP address of the NTP server. The default is time.nist.gov.

Manual

Setup > Time > Manual

Time Zone  Select your time zone (the default Time Zone is Pacific Time).

Hours, Minutes, Seconds  Enter the time. Month, Day, Year  Enter the date.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > DMZ Host

The DMZ (Demilitarized Zone) Host feature allows one local user to be exposed to the Internet for use of a special-purpose service such as Internet gaming or videoconferencing. Although Port Range Forwarding can only forward 10 ranges of ports maximum, DMZ hosting forwards all the ports to one computer at the same time.

Setup > DMZ Host

DMZ Host

DMZ Private IP Address  Enter the local IP address of the computer you want to expose. The default value of 0 deactivates the DMZ Host.

4-Port SSL/IPSec VPN Router

13

Chapter 4

Advanced Configuration

Click Save Settings to save your change, or click Cancel Changes to undo it.

Setup Tab > Forwarding

The Forwarding screen allows you to set up port range forwarding and port triggering applications. Port range forwarding can be used to set up public services or other specialized Internet applications on your network, while port triggering can be used to set up triggered ranges and forwarded ranges for Internet applications.

Setup > Forwarding

Forwarding

Port Range Forwarding

Port forwarding can be used to set up public services on your network. When users from the Internet make certain requests on your network, the Router can forward those requests to computers equipped to handle the requests. If, for example, you set the port number 80 (HTTP) to be forwarded to IP address 192.168.1.2, then all HTTP requests from outside users will be forwarded to 192.168.1.2.

NOTE: You must disable the Router’s DHCP function to use port forwarding.

You may use this function to establish a web server or FTP server via an IP gateway. Make sure that you enter a valid IP address. (You may need to establish a static IP address in order to properly run an Internet server.) For added security, Internet users will be able to communicate with the server, but they will not actually be connected. The packets will simply be forwarded through the Router.

Service  Select the Service you want.

If the Service you need is not listed in the menu, click Service Management to add the new service. The Service Management screen appears.

Service Management

Service Name  Enter a name.

Protocol  Select the protocol it uses. Port Range  Enter its range.

Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Forwarding screen.

If you want to modify a service you have created, select it and click Update this service. Make changes. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Forwarding screen.

If you want to delete a service you have created, select it and click Delete selected service. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Forwarding screen.

IP Address  Enter the IP address of the server that you want the Internet users to access.

Enable  SelectEnabletoenablethisportrangeforwarding entry.

Click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected application.

Port Triggering

Port triggering allows the Router to watch outgoing data for specific port numbers. The IP address of the computer that sends the matching data is remembered by the Router, so that when the requested data returns through the Router, the data is pulled back to the proper computer by way of IP address and port mapping rules.

4-Port SSL/IPSec VPN Router

14

Chapter 4

Advanced Configuration

Some Internet applications or games use alternate ports to communicate between the server and LAN host. When you want to use these applications, enter the triggering (outgoing) port and alternate incoming port in the Port Triggering table. Then the Router will forward the incoming packets to the LAN host.

Application Name  Enter the name of the application.

Trigger Port Range  Enter the starting and ending port numbers of the trigger port range.

Incoming Port Range  Enter the starting and ending port numbers of the incoming port range.

Click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected application.

Click Show Tables to see the details of your entries. The Port Range Forwarding Table List appears.

Port Range Forwarding Table List

Port Range Forwarding  Select this option to view the Port Range Forwarding entries.

Port Triggering  Select this option to view the Port Triggering entries.

Click Refresh to update the on-screen information. Click Close to exit this screen and return to the Forwarding screen.

On the Forwarding screen, click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > UPnP

Universal Plug and Play (UPnP) can be used to set up public services on your network. When the UPnP function is enabled, Windows XP can modify these entries via UPnP.

Setup > UPnP

UPnP

UPnP Function  Select Yes to enable the UPnP function. Otherwise, keep the default, No.

Service  Select the Service you want.

If the Service you need is not listed in the menu, click Service Management to add the new service. The Service Management screen appears.

Service Management

Service Name  Enter a name.

Protocol  Select the protocol it uses.

External Port  Enter the external port number. Internal Port  Enter the internal port number.

Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the UPnP screen.

If you want to modify a service you have created, select it and click Update this service. Make changes. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the UPnP screen.

If you want to delete a service you have created, select it and click Delete selected service. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the UPnP screen.

Name or IP Address  Enter the name or IP address of the server that you want the Internet users to access.

Enable  Select Enable to enable this UPnP entry.

Click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected application.

Click Show Tables to see the details of your entries. The UPnP Forwarding Table List appears.

4-Port SSL/IPSec VPN Router

15

Chapter 4

Advanced Configuration

 

 

 

 

UPnP Forwarding Table List

Click Refresh to update the on-screen information. Click Close to exit this screen and return to the UPnP screen.

On the UPnP screen, click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > One-to-One NAT

One-to-One NAT (Network Address Translation) creates a relationship that maps valid external IP addresses to internal IP addresses hidden by NAT. A device with an internal IP address may be accessed at the corresponding external valid IP address.

To create this relationship, define internal and external IP address ranges of equal length. Once the relationship is defined, the device with the first internal IP address is accessible at the first IP address in the external IP address range, and so forth.

Forexample,youhaveaLocalAreaNetwork(LAN)forwhich the ISP has assigned the IP address range of 209.19.28.16 to 209.19.28.31, with 209.19.28.16 used as the Wide Area Network (WAN) or NAT public IP address of the Router. The address range of 192.168.168.1 to 192.168.168.255 is used for the devices on the LAN. With One-to-One NAT, the devices with the internal IP addresses of 192.168.168.2 to 192.168.168.15 may be accessed at the corresponding external IP addresses.

NOTE: The Router’s WAN IP address should not be included in the range you specify.

Setup > One-to-One NAT

One-to-One NAT

One-to-One NAT  Select Enable to use the One-to-One NAT function.

Private Range Begin  Enter the starting IP address of the internal IP address range. This is the IP address of the first device that

Public Range Begin  Enter the starting IP address of the public IP address range. This IP address is provided by the ISP. (Do not include the Router’s WAN IP Address.)

Range Length  Enter the number of IP addresses in the range. The range length cannot exceed the number of valid IP addresses. To map a single address, enter 1.

Click Add to List, and configure as many entries as you would like, up to a maximum of 64. To delete an entry, select it and click Delete selected range.

NOTE: One-to-One NAT affects how the firewall functions work. Access to LAN devices from the Internet is allowed unless access rules are set.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > MAC Clone

Some ISPs require that you register a MAC address, which is a 12-digit code assigned to a unique piece of hardware for identification. The MAC Clone feature “clones” your network adapter’s MAC address onto the Router, so you don’t have to call your ISP to change the registered MAC address to the Router’s MAC address.

For the WAN port, you can assign or clone a MAC address.

4-Port SSL/IPSec VPN Router

16

Chapter 4

Advanced Configuration

Setup > MAC Clone

MAC Clone

User Defined WAN MAC Address  To manually clone a MAC address, select User Defined WAN MAC Address, and then enter the 12 digits of your adapter’s MAC address.

MAC Address from this PC  To clone the MAC address of the computer you are currently using to configure the Router, select MAC Address from this PC.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > DDNS

Dynamic Domain Name System (DDNS) service allows you to assign a fixed domain name to a dynamic WAN IP address, so you can host your own web, FTP or other type of TCP/IP server in your LAN. The DDNS feature is disabled by default.

Before configuring DDNS, visit www.dyndns.org and register a domain name. (The DDNS service is provided by DynDNS.org).

Setup > DDNS

DDNS

DDNS Service  To enable DDNS, select DynDNS.org. Otherwise, select Disable.

User Name and Password  Enter your DynDNS.org account information.

Host Name  Enter your host name in the three Host Name fields. For example, if your host name were myhouse. dyndns.org, then myhouse would go into the first field, dyndns would go into the second field, and org would go into the last field.

Click Save Settings, and the status of the DDNS function will be updated.

Internet IP Address  The Router’s current Internet IP address is displayed. Because it is dynamic, this will change.

Status  The status of the DDNS function is displayed. If the status information indicates an error, make sure you have correctly entered the information for your account with your DDNS service.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

Setup > Advanced Routing

The Advanced Routing screen allows you to configure the dynamic and static routing settings.

Setup > Advanced Routing

Advanced Routing

Dynamic Routing

The Router’s dynamic routing feature can be used, so the Router will automatically adjust to physical changes in the network’s layout. Using the dynamic RIP protocol, the Router calculates the most efficient route for the network’s data packets to travel between the source and the destination, based upon the shortest paths. The RIP protocol regularly broadcasts routing information to

4-Port SSL/IPSec VPN Router

17

Chapter 4

Advanced Configuration

other routers on the network. It determines the route that the network packets take based on the fewest number of hops between the source and the destination.

Working Mode  Select Gateway mode if the Router is hosting your network’s connection to the Internet. Select Router mode if the Router exists on a network with other routers, including a separate network gateway that handles the Internet connection. In Router mode, any computer connected to the Router will not be able to connect to the Internet unless you have another router function as the gateway.

RIP (Routing Information Protocol)  To use dynamic routing for communication of network data, select Enabled. Otherwise, keep the default, Disabled.

Receive RIP versions  To use dynamic routing for reception of network data, select the protocol you want:

None, RIPv1, RIPv2, or Both RIP v1 and v2.

Transmit RIP versions  To use dynamic routing for transmission of network data, select the protocol you want:

None, RIPv1, RIPv2 - Broadcast, or RIPv2 - Multicast.

Static Routing

If the Router is connected to more than one network or there are multiple routers installed on your network, it may be necessary to set up static routes. The static routing function determines the path that data follows over your network before and after it passes through the Router. You can use static routing to allow different IP domain users to access the Internet through the Router.

Static routing is a powerful feature that should be used by advanced users only. In many cases, it is better to use dynamic routing because it enables the Router to automatically adjust to physical changes in the network’s layout.

If you want to use static routing, the Router’s DHCP settings must be disabled. Then add routing entries to the Static Routing table. These entries tell the Router where to send all incoming packets. All of your network routers should direct the default route entry to the 4-Port SSL/IPSec VPN Router.

NOTE: Static routing is an advanced feature. Create these routes with care.

To create a static route entry, enter the following information:

Destination IP  Enter the network address of the remote LAN segment. For a standard Class C IP domain, the network address is the first three fields of the Destination LAN IP, while the last field should be 0.

Subnet Mask  Enter the subnet mask used on the destination LAN IP domain. For Class C IP domains, the subnet mask is 255.255.255.0.

Default Gateway  Enter the IP address of your network’s gateway. If this Router is used to connect your network to the Internet, then the gateway IP is the Router’s Internet IP address. If you have another router handling your network’s Internet connection, enter the IP address of that router instead.

Hop Count  Enter the appropriate value (maximum is 15). This indicates the number of nodes that a data packet passes through before reaching its destination. A node is any device on the network, such as a switch, PC, or router.

Interface  Select the appropriate interface. The Interface tells you whether your network is on the LAN or the WAN (the Internet). If you’re connecting to a sub-network, select LAN. If you’re connecting to another network through the Internet, select the appropriate WAN port option.

Click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected IP.

Click Show Tables to see the details of your entries. Click Save Settings to save your changes, or click Cancel Changes to undo them.

DHCP > Setup

The Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your network. A DHCP server automatically assigns available IP addresses to computers on your network. If you choose to enable the DHCP server option, all of the computers on your LAN must be set to obtain an IP address automatically from a DHCP server. (By default, Windows computers are set to obtain an IP automatically.)

If the Router’s DHCP server function is disabled, you have to carefully configure the IP address, subnet mask, and DNS settings of every computer on your network. Make sure you do not assign the same IP address to different computers.

4-Port SSL/IPSec VPN Router

18

Chapter 4

Advanced Configuration

 

 

 

 

DHCP > Setup

Setup

Enable DHCP Server  To use the Router as your network’s DHCP server, select Enable DHCP Server. If you already have a DHCP server on your network, remove the check mark.

Dynamic IP

Client Lease Time  The Client Lease Time is the amount of time a network user will be allowed connection to the Router with their current dynamic IP address. Enter the amount of time, in minutes, that the user will be “leased” this dynamic IP address. The range is 5-43,200 minutes. The default is 1440 minutes.

Dynamic IP Range Start/End  Enter a starting IP address and ending IP address to create a range of available IP addresses. The default range is 100-149. Enter a value for the DHCP server to start with when issuing IP addresses. This value must be 192.168.1. 2 or greater, because the default IP address for the Router is 192.168.1.1.

Static IP

You can assign a static IP address to a specific device based on its MAC address.

Show unknown MAC addresses  Click Show unknown MAC addresses to view all devices’ IP addresses and corresponding MAC addresses. The Unknown MAC Address List appears.

Unknown MAC Address List

To add an IP address and MAC address set to the Static IP list, select Enable, and then click Apply. To add all IP addresses and MAC addresses to the Static IP list, click

Select All.

To update the on-screen information, click Refresh. To exit this screen and return to the DHCP > Setup screen, click Close.

Static IP Address  Enter the static IP address. You can enter 0.0.0.0 if you want the Router to assign a static IP address to the device.

MAC Address  Enter the MAC address of the device. Name  Enter a descriptive name for the device.

Enable  Select Enable to assign the static IP address to this device.

Click Add to List, and configure as many entries as you would like, up to a maximum of 100. To delete an entry, select it and click Delete selected Entry.

Block MAC address on the list with wrong IP address  To block traffic from devices with MAC addresses on the Static IP list but using the wrong IP addresses, select this option. It prevents users from changing device IP addresses without your permission.

Block MAC address not on the list  To block traffic from devices using dynamic IP addresses, select this option. It blocks all devices with MAC addresses not listed on the Static IP list.

DNS

DNS Server  You can assign DNS server(s) to the DHCP clients so the Router will use the DNS server(s) for faster access to functioning DNS server(s). Enter the IP address of at least one DNS server.

WINS

WINS Server  Windows Internet Naming Service (WINS) is a service that resolves NetBIOS names to IP addresses. WINS is assigned if the computer (DHCP client) requests one. If you do not know the IP address of the WINS server, keep the default, 0.0.0.0.

4-Port SSL/IPSec VPN Router

19

Chapter 4

Advanced Configuration

NOTE: To support NetBIOS for DHCP and Virtual Passage clients, the Router uses two methods. (Virtual Passage is an ActiveX-based VPN client that provides full network connectivity for Windows users. It allows remote access to the Router’s network through a secure connection.)

First, when the DHCP and Virtual Passage clients receive dynamic IP addresses from the Router, it automatically includes the information of the WINS server to support NetBIOS. Second, if a user sets up a static IP address, then the IP address, subnet mask, default gateway, and DNS server settings must be configured on the Internet Protocol (TCP/IP) screen of the Windows operating system. Then the WINS IP address must be configured on the advanced TCP/IP screen. (For more information, refer to Windows Help.)

Click Save Settings to save your changes, or click Cancel Changes to undo them.

DHCP > Status

On the Status screen, view the status information for the DHCP server and its clients.

DHCP > Status

Status

For the DHCP server, the following information is shown: DHCP Server  This is the IP address of the DHCP server.

Dynamic IP Used  It shows the number of dynamic IP addresses used.

DHCP Available  This indicates the number of dynamic IP addresses available.

Total  It shows the total number of dynamic IP addresses that can be assigned by the DHCP server.

Client Table

For all network clients using the DHCP server, the Client Table shows the current DHCP Client information:

Client Host Name  This is the name assigned to a client host.

IP Address  It is the dynamic IP address assigned to a client.

MAC Address  This indicates the MAC address of a client.

Leased Time  It displays the amount of time a network user will be allowed connection to the Router with their current dynamic IP address.

Delete  Click the Trash Can icon to delete a DHCP client, and the client host’s IP address will be released.

Click Refresh to refresh the on-screen information.

DHCP > Multiple VLANs

Use this screen to establish relationships between multiple subnets and Virtual Local Area Networks (VLANs).

DHCP > Multiple VLANs

Multiple VLANs

Enable Multiple VLANs  Select this option to establish a relationship between multiple subnets and VLANs. If you enable this option and the multiple subnets and VLANs are not enabled, then the Router will prompt you to configure and enable the multiple subnets and VLANs.

VLAN ID  The VLANs are configured on the Port Management > Create VLAN screen (by default, all VLANs created on this screen are part of the default subnet). The VLAN IDs you assigned are displayed on the Multiple VLANs screen.

Multiple Subnet  Multiple subnets define different IP networks using the subnet mask. They are created after multiple VLANs are created. (If you want to change the settings of VLAN 1, then use the Setup > Network screen

4-Port SSL/IPSec VPN Router

20

Chapter 4

Advanced Configuration

to configure the Device IP Address and Subnet Mask settings.)

Subnet1-4  Thesubnetnumbersarecreatedaccording to the VLAN numbers. (The multiple subnets can also be configured on the Setup > Network screen.)

IP Address  Enter an IP address.

Subnet Mask  Select the appropriate subnet mask.

Dynamic IP Range  When the IP Address and Subnet Mask settings are configured, the range of IP addresses is displayed. You can change the range of IP addresses as long as the total number of IP addresses assigned by DHCP is 253. The greater the number of multiple subnets, the fewer the number of IP addresses assigned by DHCP.

NOTE: The Router’s built-in DHCP server can assign up to 253 IP addresses.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

DHCP > Inter-VLAN Routing

To route packets between different VLANs, enable the Multiple VLANs option on the Multiple VLANs screen, and then select the VLANs on the Inter-VLAN Routing screen.

DHCP > Inter-VLAN Routing

Inter-VLAN Routing

VLAN1-4  Select the VLANs that can route packets to each other. For example, if you select VLAN1 and VLAN2, then packets can be routed between VLAN1 and VLAN2, but packets cannot be routed between VLAN3 and VLAN4.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

System Management > Diagnostic

The Router has two built-in tools, DNS Name Lookup and Ping, which are used for troubleshooting network problems.

The Internet has a service called the Domain Name Service (DNS), which allows users to enter an easily remembered host name, such as www.linksys.com, instead of numerical TCP/IP addresses to access Internet resources. The DNS Name Lookup tool will return the numericalTCP/IP address of a host name.

The Ping test bounces a packet off a machine on the Internet back to the sender. This test shows if the Router is able to contact the remote host. If users on the LAN are having problems accessing services on the Internet, try pinging the DNS server or other machine at the ISP’s location. If this test is successful, try pinging devices outside the ISP. This will show if the problem lies with the ISP’s connection.

Diagnostic

DNS Name Lookup/Ping  Select which tool you want to use, DNS Name Lookup or Ping. Then proceed to the appropriate instructions.

DNS Name Lookup

Before using this tool, make sure the IP address of the DNS server is entered on the Setup > Network screen; otherwise, this tool will not work.

System Management > Diagnostic > DNS Name Lookup

Look up the name  Enter the host name, and click Go. (Do not add the prefix http:// or else you will get an error message.) The Router will then query the DNS server and display the result at the bottom of the screen.

Ping

Before using this tool make sure you know the device or host’s IP address. If you do not know it, use the Router’s

DNS Name Lookup tool to find the IP address.

4-Port SSL/IPSec VPN Router

21

Chapter 4

Advanced Configuration

 

 

 

 

System Management > Diagnostic > Ping

Ping host or IP address  Enter the IP address of the device being pinged, and click Go.The test will take a few seconds to complete. When completed, the Router will display the results at the bottom of the screen. The results include this information: status; number of packets transmitted, received, or lost; and round trip time (minimum, maximum, and average).

System Management > Factory Default

Usethisscreentoclearallofyourconfigurationinformation and restore the Router to its factory default settings. Only use this feature if you wish to discard all the settings and preferences that you have configured.

System Management > Factory Default

Factory Default

Return to Factory Default Setting  Click Return to Factory Default Setting if you want to restore the Router to its factory default settings. After clicking the button, a confirmation screen appears. Click OK to continue.

System Management > Firmware Upgrade

You can use this feature to upgrade the Router’s firmware to the latest version.

System Management > Firmware Upgrade

Firmware Upgrade

To download the firmware, refer to the Firmware Download instructions. If you have already downloaded the firmware onto your computer, then click the Browse button to look for the file.

NOTE: If you are using Internet Explorer on Windows XP, disable the pop-up blocking function before you upgrade the Router’s firmware. Refer to “Appendix O: Firmware Upgrade” for more information.

Firmware Upgrade Right Now  After you have selected the file, click Firmware Upgrade Right Now.

NOTE: The Router will take approximately ten minutes to upgrade its firmware. During this process, do not power off the Router or press the Reset button.

Firmware Download

Firmware Download from Linksys Web Site  If you need to download the latest version of the Router’s firmware, click Firmware Download from Linksys Web Site. The Support page of the Linksys website appears.

Select 4-Port SSL/IPSec VPN Router from the dropdown menu, and choose the firmware from the available options. After downloading the firmware file, extract it on your computer. Then follow the Firmware Upgrade instructions.

For more details, refer to “Appendix O: Firmware Upgrade”.

System Management > Restart

If you need to restart the Router, Linksys recommends that you use the Restart tool on this screen. When you restart

4-Port SSL/IPSec VPN Router

22

Loading...
+ 87 hidden pages