Linksys RV0041 User Manual
A Division of Cisco Systems, Inc.
®
Model No.
WIRED
RV0041
10/100/1000 4-Port
VPN Router
User Guide
10/100/1000 4-Port VPN Router
Copyright and Trademarks
Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2005 Cisco Systems, Inc. All
rights reserved. Other brands and product names are trademarks or registered trademarks of their respective
holders.
WARNING: This product contains chemicals, including lead, known
to the State of California to cause cancer, and birth defects or other
reproductive harm. Wash hands after handling.
This User Guide has been designed to make understanding networking with the Router easier than ever. Look for
the following items when reading this Guide:
This checkmark means there is a Note of interest and
is something you should pay special attention to while
using the Router.
This exclamation point means there is a Caution or
Warning and is something that could damage your
property or the Router.
This question mark provides you with a reminder about
something you might need to do while using the Router.
In addition to these symbols, there are definitions for technical terms that are presented like this:
word: definition.
Also, each figure (diagram, screenshot, or other image) is provided with a figure number and description, like
this:
Figure 0-1: Sample Figure Description
Figure numbers and descriptions can also be found in the “List of Figures” section in the “Table of Contents”.
RV0041-UG-50505 KL
10/100/1000 4-Port VPN Router
Table of Contents
Chapter 1: Introduction 1
Welcome 1
What’s in this Guide? 2
Chapter 2: Networking Basics 4
An Introduction to LANs 4
The Use of IP Addresses 4
Why do I need a VPN? 5
What is a VPN? 6
Chapter 3: Getting to Know the Router 8
The Front Panel 8
The Back Panel 9
Chapter 4: Connecting the Router 10
Overview 10
Connection Instructions 11
Chapter 5: Setting Up and Configuring the Router 12
Overview 12
How to Access the Web-based Utility 15
System Summary Tab 15
Setup Tab - Network 18
Setup Tab - Password 20
Setup Tab - Time 20
Setup Tab - DMZ Host 21
Setup Tab - Forwarding 21
Setup Tab - UPnP Page 23
Setup Tab - One-to-One NAT 23
Setup Tab - MAC Clone 24
Setup Tab - DDNS 24
Setup Tab - Advanced Routing 25
DHCP Tab - Setup 27
DHCP Tab - Status 28
System Management Tab - SNMP 28
System Management Tab - Diagnostic 29
10/100/1000 4-Port VPN Router
System Management Tab - Factory Default 30
System Management Tab - Firmware Upgrade 30
System Management Tab - Restart 31
System Management Tab - Setting Backup 31
Port Management Tab - Port Setup 32
Port Management Tab - Port Status 33
Firewall Tab - General 34
Firewall Tab - Access Rules 35
Firewall Tab - Content Filter 37
VPN Tab - Summary 38
VPN Tab - Gateway to Gateway 40
VPN Tab - Client to Gateway 46
VPN Tab - VPN Pass Through 52
Log Tab - System Log 53
Log Tab - System Statistics 54
Wizard Tab 55
Support Tab 60
Logout Tab 60
Appendix A: Troubleshooting 61
Common Problems and Solutions 61
Frequently Asked Questions 71
Appendix B: Finding the MAC Address and IP Address for Your Ethernet Adapter 75
Windows 98 or Me Instructions 75
Windows 2000 or XP Instructions 75
For the Router’s Web-based Utility 76
Appendix C: Physical Setup of the Router 77
Setting up the Router 77
Appendix D: Battery Replacement 81
Replacing a Lithium Battery 81
Appendix E: Upgrading Firmware 82
Appendix F: Windows Help 83
Appendix G: Glossary 84
Appendix H: Specifications 88
Appendix I: Warranty Information 89
10/100/1000 4-Port VPN Router
Appendix J: Regulatory Information 90
Appendix K: Contact Information 91
10/100/1000 4-Port VPN Router
List of Figures
Figure 2-1: VPN Router-to-VPN Router VPN 7
Figure 2-2: Computer-to-VPN Router VPN 7
Figure 3-1: Front Panel 8
Figure 3-2: Back Panel 9
Figure 4-1: Example of a Typical Network 10
Figure 5-1: Router’s IP Address 15
Figure 5-2: Login Screen 15
Figure 5-3: System Summary 15
Figure 5-4: Site Map 16
Figure 5-5: Setup Tab - Network 18
Figure 5-6: WAN Connection Type - Obtain an IP Automatically 18
Figure 5-7: WAN Connection Type - Static IP 19
Figure 5-8: WAN Connection Type - PPPoE 19
Figure 5-9: WAN Connection Type - PPTP 19
Figure 5-10: Setup Tab - Password 20
Figure 5-11: Setup Tab - Time 20
Figure 5-12: Setup Tab - DMZ Host 21
Figure 5-13: Setup Tab - Forwarding 21
Figure 5-14: Port Range Forwarding - Service Management 22
Figure 5-15: Setup Tab - UPnP 23
Figure 5-16: Setup Tab - One-to-One NAT 23
Figure 5-17: Setup Tab - MAC Clone 24
Figure 5-18: Setup Tab - DDNS 24
Figure 5-19: Setup Tab - Advanced Routing 25
Figure 5-20: Setup Tab - Routing Table Entry List 26
Figure 5-21: DHCP Setup 27
Figure 5-22: DHCP Status 28
Figure 5-23: System Management Tab - SNMP 28
10/100/1000 4-Port VPN Router
Figure 5-24: System Management Tab - DNS Name Lookup 29
Figure 5-25: System Management Tab - Ping 29
Figure 5-26: System Management Tab - Factory Default 30
Figure 5-27: Are You Sure 30
Figure 5-28: System Management Tab - Firmware Upgrade 30
Figure 5-29: System Management Tab - Restart 31
Figure 5-30: System Management Tab - Setting Backup 31
Figure 5-31: Port Management Tab - Port Setup 32
Figure 5-32: Port Management Tab - Port Status 33
Figure 5-33: Firewall Tab - General 34
Figure 5-34: Firewall Tab - Access Rules 35
Figure 5-35: Firewall Tab - Content Filter 37
Figure 5-36: VPN Tab - Summary 38
Figure 5-37: VPN Tab - Summary Detail 39
Figure 5-38: VPN tab - Gateway to Gateway 40
Figure 5-39: VPN tab - Gateway to Gateway Local Group Setup 40
Figure 5-40: VPN tab - Gateway to Gateway Remote Group Setup 41
Figure 5-41: VPN tab - Gateway to Gateway IPSec Setup 42
Figure 5-42: VPN tab - Gateway to Gateway Advanced 45
Figure 5-43: VPN tab - Client to Gateway 46
Figure 5-44: VPN tab - Client to Gateway Local Group Setup 46
Figure 5-45: VPN tab - Client to Gateway Remote Group Setup 47
Figure 5-46: VPN tab - Client to Gateway IPSec Setup 49
Figure 5-47: VPN tab - Client to Gateway Advanced 51
Figure 5-48: VPN tab - VPN Pass Through 52
Figure 5-49: Log tab - System Log 53
Figure 5-50: Log tab - View Log 54
Figure 5-51: Log tab - System Statistics 54
Figure 5-52: Wizard tab 55
Figure 5-53: Basic Setup Wizard - Dual WAN or DMZ 55
10/100/1000 4-Port VPN Router
Figure 5-54: Basic Setup Wizard - Host and Domain Name 55
Figure 5-55: Basic Setup Wizard - Selecting WAN Connection Types 56
Figure 5-56: Basic Setup Wizard - Save Settings 56
Figure 5-57: Access Rule Wizard - What is Access Rules 57
Figure 5-58: Access Rule Wizard - Select the Action 57
Figure 5-59: Access Rule Wizard - Select the Service 58
Figure 5-60: Access Rule Wizard - Select the Source 58
Figure 5-61: Access Rule Wizard - Select the Destination 59
Figure 5-62: Access Rule Wizard - When it Works 59
Figure 5-63: Support tab 60
Figure 5-64: Access Rule Wizard - When it Works 60
Figure 5-65: Save Settings 60
Figure 5-66: Settings are Successful 60
Figure 5-67: Support 60
Figure B-1: IP Configuration Screen 75
Figure B-2: MAC Address/Adapter Address 75
Figure B-3: MAC Address/Physical Address 76
Figure B-4: MAC Address Clone 76
Figure C-1: Mounting Brackets 77
Figure C-2: Attaching the Brackets to the Router and Rack-Mounting the Router 78
Figure C-3: Wall-Mounting the Router 79
Figure C-4: Wall-Mounting Hardware 80
Figure E-1: Upgrade Firmware 82
10/100/1000 4-Port VPN Router
Chapter 1: Introduction
Welcome
Thank you for choosing the 10/100/1000 4-Port VPN Router. The Linksys 10/100/1000 4-Port VPN Router is an
advanced Internet-sharing network solution for your small business needs. Like any router, it lets multiple
computers in your office share an Internet connection. But the 10/100/1000 4-Port VPN Router allows you to
connect gigabit-equipped PCs for gigabit networking, as well as including four 10/100/1000 ports for network
connectivity.
The Virtual Private Network (VPN) capability creates encrypted “tunnels” through the Internet, allowing up to 50
remote office or traveling users to securely connect into your office network from off-site. Users connecting
through a VPN tunnel are attached to your company's network — with secure access to files, e-mail, and your
intranet — just as if they were in the building. You can also use the VPN capability to allow users on your small
office network to securely connect out to a corporate network.
The 10/100/1000 4-Port VPN Router can serve as a DHCP Server, and has a powerful SPI firewall to protect your
PCs against intruders and most known Internet attacks. It can be configured to filter internal users' access to the
Internet, and has IP address filtering so you can specify exactly who has access to your network. Configuration is
a snap with the web browser-based configuration utility.
As the heart of your small office network, the 10/100/1000 4-Port VPN Router gives you the connection reliability
your business needs.
Bandwidth: the transmission capacity of
a given device or network
network: a series of computers or devices
connected for the purpose of data sharing,
storage, and/or transmission between users
Full-duplex: the ability of a networking device to
receive and transmit data simultaneously
LAN (Local Area Network): the computers
and networking products that make up the
network in your home or office.
Ethernet: a network protocol that specifies how
data is placed on and retrieved from a common
transmission medium.
firewall: security measures that protect the
resources of a local network from intruders
Browser: an application program that
provides a way to look at and interact with all
the information on the World Wide Web.
Chapter 1: Introduction
Welcome
IP: a protocol used to send data over a network
IP Address: the address used to identify a
computer or device on a network
1
10/100/1000 4-Port VPN Router
What’s in this Guide?
This user guide covers the steps for setting up and using the 10/100/1000 4-Port VPN Router.
• Chapter 1: Introduction
This chapter describes the 10/100/1000 4-Port VPN Router and this User Guide.
• Chapter 2: Networking Basics
This chapter describes the basics of networking.
• Chapter 3: Getting to Know the 10/100/1000 4-Port VPN Router
This chapter describes the physical features of the Router.
• Chapter 4: Connecting the 10/100/1000 4-Port VPN Router
This chapter instructs you on how to connect the Router to your network.
• Chapter 5: Set Up and Configure the Router
This chapter explains how to use the Web-Based Utility to set up the Router and configure its settings.
• Appendix A: Troubleshooting
This appendix describes some problems and solutions, as well as frequently asked questions, regarding
installation and use of the 10/100/1000 4-Port VPN Router.
• Appendix B: Finding the MAC Address and IP Address for your Ethernet Adapter.
This appendix describes how to find the MAC address for your computer’s Ethernet adapter so you can use
the Router’s MAC address cloning feature.
Adapter: a device that adds network functionality to your PC.
• Appendix C: Physical Setup of the Router
This appendix describes the physical setup of the Router, including the installation of the mounting brackets.
• Appendix D: Battery Replacement
This appendix instructs you how to replace the Router’s battery.
• Appendix E: Upgrading Firmware
This appendix instructs you on how to upgrade the Router’s firmware if you should need to do so.
• Appendix F: Windows Help
This appendix describes how you can use Windows Help for instructions about networking, such as installing
the TCP/IP protocol.
• Appendix G: Glossary
This appendix gives a brief glossary of terms frequently used in networking.
Chapter 1: Introduction
What’s in this Guide?
mac address: the unique address that a
manufacturer assigns to each networking
2
10/100/1000 4-Port VPN Router
• Appendix H: Specifications
This appendix provides the Router’s technical specifications.
• Appendix I: Warranty Information
This appendix supplies the Router’s warranty information.
• Appendix J: Regulatory Information
This appendix supplies the Router’s regulatory information.
• Appendix K: Contact Information
This appendix provides contact information for a variety of Linksys resources, including Technical Support.
Chapter 1: Introduction
What’s in this Guide?
3
10/100/1000 4-Port VPN Router
Chapter 2: Networking Basics
An Introduction to LANs
A Router is a network device that connects two networks together.
The Router connects your local area network (LAN), or the group of PCs in your home or office, to the Internet. The
Router processes and regulates the data that travels between these two networks.
The Router’s Network Address Translation (NAT) technology protects your network of PCs so users on the Internet
cannot “see” your PCs. This is how your LAN remains private. The Router protects your network by inspecting the
first packet coming in through the Internet port before delivery to the final destination on one of the Ethernet
ports. The Router inspects Internet port services like the web server, ftp server, or other Internet applications,
and, if allowed, it will forward the packet to the appropriate PC on the LAN side.
The Use of IP Addresses
IP stands for Internet Protocol. Every device in an IP-based network, including PCs, print servers, and routers,
requires an IP address to identify its location, or address, on the network. This applies to both the Internet and
LAN connections.
NAT (Network Address Translation): NAT
technology translates IP addresses of a local area
network to a different IP address for the Internet.
FTP: a standard protocol for sending files between
computers over a TCP/IP network and the Internet
packet: a unit of data sent over a network
There are two ways of assigning IP addresses to your network devices.
A static IP address is a fixed IP address that you assign manually to a PC or other device on the network. Since a
static IP address remains valid until you disable it, static IP addressing ensures that the device assigned it will
always have that same IP address until you change it. Static IP addresses are commonly used with network
devices such as server PCs or print servers.
If you use the Router to share your cable or DSL Internet connection, contact your ISP to find out if they have
assigned a static IP address to your account. If so, you will need that static IP address when configuring the
Router. You can get the information from your ISP.
A dynamic IP address is automatically assigned to a device on the network. These IP addresses are called
dynamic because they are only temporarily assigned to the PC or other device. After a certain time period, they
expire and may change. If a PC logs onto the network (or the Internet) and its dynamic IP address has expired, the
DHCP server will assign it a new dynamic IP address.
Chapter 2: Networking Basics
An Introduction to LANs
Static IP address: a fixed address
assigned to a computer or device that
is connected to a network.
ISP: a company that provides access to the Internet
Dynamic IP address: a temporary IP
address assigned by a DHCP server.
DSL: an always-on broadband
connection over traditional phone lines
DHCP (Dynamic Host Configuration Protocol): a
protocol that lets one device on a local network, known
as a DHCP server, assign temporary IP addresses to the
other network devices, typically computers.
4
10/100/1000 4-Port VPN Router
A DHCP server can either be a designated PC on the network or another network device, such as the Router. By
default, the Router’s Internet Connection Type is Obtain an IP automatically (DHCP).
The PC or network device obtaining an IP address is called the DHCP client. DHCP frees you from having to assign
IP addresses manually every time a new user is added to your network.
For DSL users, many ISPs may require you to log on with a user name and password to gain access to the
Internet. This is a dedicated, high-speed connection type called Point to Point Protocol over Ethernet (PPPoE).
PPPoE is similar to a dial-up connection, but PPPoE does not dial a phone number when establishing a
connection. It also will provide the Router with a dynamic IP address to establish a connection to the Internet.
By default, a DHCP server (on the LAN side) is enabled on the Router. If you already have a DHCP server running
on your network, you MUST disable one of the two DHCP servers. If you run more than one DHCP server on your
network, you will experience network errors, such as conflicting IP addresses. To disable DHCP on the Router, see
the Basic Setup section in “Chapter 5: Setting up and Configuring the Router.”
Why do I need a VPN?
Computer networking provides a flexibility not available when using an archaic, paper-based system. With this
flexibility, however, comes an increased risk in security. This is why firewalls were first introduced. Firewalls help
to protect data inside of a local network. But what do you do once information is sent outside of your local
network, when e-mails are sent to their destination, or when you have to connect to your company's network
when you are out on the road? How is your data protected?
That is when a VPN can help. VPNs are called Virtual Private Networks because they secure data moving outside
of your network as if it were still within that network.
When data is sent out across the Internet from your computer, it is always open to attacks. You may already have
a firewall, which will help protect data moving around or held within your network from being corrupted or
intercepted by entities outside of your network, but once data moves outside of your network - when you send
data to someone via e-mail or communicate with an individual over the Internet - the firewall will no longer
protect that data.
At this point, your data becomes open to hackers using a variety of methods to steal not only the data you are
transmitting but also your network login and security data. Some of the most common methods are as follows:
1) MAC Address Spoofing
Packets transmitted over a network, either your local network or the Internet, are preceded by a packet header.
These packet headers contain both the source and destination information for that packet to transmit efficiently.
Chapter 2: Networking Basics
Why do I need a VPN?
LAN: the computers and networking products that
make up your local network
NOTE: Since the Router is a device that connects two
networks, it needs two IP addresses—one for the
LAN, and one for the Internet. In this User Guide, you’ll
see references to the “Internet IP address” and the
“LAN IP address.”
Since the Router uses NAT technology, the only IP
address that can be seen from the Internet for your
network is the Router’s Internet IP address. However,
even this Internet IP address can be blocked, so that
the Router and network seem invisible to the Internet.
5
10/100/1000 4-Port VPN Router
A hacker can use this information to spoof (or fake) a MAC address allowed on the network. With this spoofed
MAC address, the hacker can also intercept information meant for another user.
2) Data Sniffing
Data “sniffing” is a method used by hackers to obtain network data as it travels through unsecured networks,
such as the Internet. Tools for just this kind of activity, such as protocol analyzers and network diagnostic tools,
are often built into operating systems and allow the data to be viewed in clear text.
3) Man in the middle attacks
Once the hacker has either sniffed or spoofed enough information, he can now perform a “man in the middle”
attack. This attack is performed, when data is being transmitted from one network to another, by rerouting the
data to a new destination. Even though the data is not received by its intended recipient, it appears that way to
the person sending the data.
These are only a few of the methods hackers use and they are always developing more. Without the security of
your VPN, your data is constantly open to such attacks as it travels over the Internet. Data travelling over the
Internet will often pass through many different servers around the world before reaching its final destination.
That's a long way to go for unsecured data and this is when a VPN serves its purpose.
What is a VPN?
A VPN, or Virtual Private Network, is a connection between two endpoints - a VPN Router, for instance - in
different networks that allows private data to be sent securely over a shared or public network, such as the
Internet. This establishes a private network that can send data securely between these two locations or
networks.
This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or networks and allows data to be
transmitted over the Internet as if it were still within those networks. Not a literal tunnel, it is a connection
secured by encrypting the data sent between the two networks.
VPN was created as a cost-effective alternative to using a private, dedicated, leased line for a private network.
Using industry standard encryption and authentication techniques - IPSec, short for IP Security - the VPN creates
a secure connection that, in effect, operates as if you were directly connected to your local network. Virtual
Private Networking can be used to create secure networks linking a central office with branch offices,
telecommuters, and/or professionals on the road (travelers can connect to a VPN Router using any computer with
VPN client software that supports IPSec, such as SSH Sentinel.)
There are two basic ways to create a VPN connection:
Chapter 2: Networking Basics
What is a VPN?
encryption: encoding data to prevent it from being
read by unauthorized people
IPSec: a VPN protocol used to implement
secure exchange of packets at the IP layer
6
10/100/1000 4-Port VPN Router
•VPN Router to VPN Router
•Computer (using VPN client software that supports IPSec) to VPN Router
The VPN Router creates a “tunnel” or channel between two endpoints, so that data transmissions between them
are secure. A computer with VPN client software that supports IPSec can be one of the two endpoints. Any
computer with the built-in IPSec Security Manager (Microsoft 2000 and XP) allows the VPN Router to create a VPN
tunnel using IPSec). Other versions of Microsoft operating systems require additional, third-party VPN client
software applications that support IPSec to be installed.
VPN Router to VPN Router
An example of a VPN Router-to-VPN Router VPN would be as follows. (See Figure 2-1.) At home, a telecommuter
uses his VPN Router for his always-on Internet connection. His router is configured with his office's VPN settings.
When he connects to his office's router, the two routers create a VPN tunnel, encrypting and decrypting data. As
VPNs utilize the Internet, distance is not a factor. Using the VPN, the telecommuter now has a secure connection
to the central office's network, as if he were physically connected.
Computer (using VPN client software that supports IPSec) to VPN Router
The following is an example of a computer-to-VPN Router VPN. (See Figure 2-2.) In her hotel room, a traveling
businesswoman dials up her ISP. Her notebook computer has VPN client software that is configured with her
office's VPN settings. She accesses the VPN client software that supports IPSec and connects to the VPN Router
at the central office. As VPNs utilize the Internet, distance is not a factor. Using the VPN, the businesswoman now
has a secure connection to the central office's network, as if she were physically connected.
Figure 2-1: VPN Router-to-VPN Router VPN
For additional information and instructions about creating your own VPN, please visit Linksys’s website at
www.linksys.com.
Chapter 2: Networking Basics
What is a VPN?
Figure 2-2: Computer-to-VPN Router VPN
7
10/100/1000 4-Port VPN Router
Chapter 3: Getting to Know the Router
The Front Panel
The Router’s LEDs, ports, and Reset button are located on the front panel of the Router.
LAN
Figure 3-1: Front Panel
Ports
1-4 (Gigabit) These four Gigabit (10/100/1000) ports connect to network devices, such as PCs,
print servers, or additional switches.
10/100 (WAN) The 10/100 port connects to a cable or DSL modem.
SFP The SFP (Small Fiber Pluggable) port can be used to connect a 10/100 network,
through either a hub or switch.
NOTE: The WAN and SFP ports cannot be used at the same time. One one of
these port may be used at a time.
LEDs
Diag Orange. The Diag LED lights up when the system is not ready. The LED goes off when
the system is ready.
System Green. The System LED lights up when the Router is powered on. If the LED is flashing,
the Router is running a diagnostic test.
WAN
SFP
Chapter 3: Getting to Know the Router
The Front Panel
8
10/100/1000 4-Port VPN Router
1-4 (Gigabit) Green. The Gigabit LEDs serve two purposes. If an LED is continuously lit, the Router is
connected to a device through the corresponding port (1, 2, 3, or 4). If the LED is
flashing, the Router is actively sending or receiving data over that port.
10/100 Green. The 10/100 LED lights up when the Router is connected to your cable or DSL
modem.
SFP Green. The SFP (Small Fiber Pluggable) LED lights up when connected to a 10/100
network.
Reset Button The Reset button can be used in one of two ways:
If the Router is having problems connecting to the Internet, press the Reset button for
just a second with a paper clip or a pencil tip. This is similar to pressing the Reset
button on your PC to reboot it.
If you are experiencing extreme problems with the Router and have tried all other
troubleshooting measures, press and hold in the Reset button for 30 seconds. This will
restore the factory defaults and clear all of the Router’s settings, such as port
forwarding or a new password.
The Back Panel
Boot: to start a device and cause it to
start executing instructions
The Router’s Power port is located on the back panel of the Router.
Figure 3-2: Back Panel
Power The Power port is where you connect the AC power cord.
Proceed to “Chapter 4: Connecting the Router.”
Chapter 3: Getting to Know the Router
The Back Panel
9
10/100/1000 4-Port VPN Router
Chapter 4: Connecting the Router
Overview
To set up your network, you will do the following:
• Connect the Router to one of your PCs according to the instructions in this chapter.
• If necessary, configure your PCs to obtain an IP address automatically from the Router, according to
“Appendix F: Windows Help”. (By default, Windows 98, 2000, Millennium, and XP computers are set to obtain
an IP address automatically, so unless you have changed the default setting, then you will not need to
configure your PCs.)
• Set up and configure the Router with the setting(s) provided by your Internet Service Provider (ISP) according
to “Chapter 5: Setting up and Configuring the Router.”
The installation technician from your ISP should have left the setup information with you after installing your
broadband connection. If not, you can call your ISP to request the information. Once you have the setup
information for your specific type of Internet connection, then you can begin installation and setup of the Router.
Notebook with
Ethernet Adapter
Cable or DSL
Modem
VPN Router
PC with Ethernet
Adapter
Figure 4-1: Example of a Typical Network
Chapter 4: Connecting the Router
Overview
Broadband: an always-on, fast Internet connection
10
10/100/1000 4-Port VPN Router
Connection Instructions
1. Before you begin, make sure that all of your hardware is powered off, including the Router, PCs, hubs,
switches, and cable or DSL modem.
2. Connect one end of an Ethernet network cable to one of the numbered ports on the front of the Router.
Connect the other end to an Ethernet port on a network device, e.g., a PC, print server, hub, or switch.
Repeat this step to connect more PCs or other network devices to the Router.
3. Connect your cable or DSL modem’s Ethernet cable to the Router’s Internet port.
4. Power on the cable or DSL modem and the other network device if using one.
5. Connect the included power cord to the Router’s Power port on the back of the Router, and plug the power
cord into an electrical outlet.
The System LED on the front panel will light up as soon as the power adapter is connected properly.
If you need to configure your PCs, proceed to “Appendix F: Windows Help.” Otherwise, proceed to
“Chapter 5: Setting Up and Configuring the Router.”
Hardware: the physical aspect of computers,
telecommunications, and other information technology devices
Chapter 4: Connecting the Router
Connection Instructions
11
10/100/1000 4-Port VPN Router
Chapter 5: Setting Up and Configuring the Router
Overview
The Router comes with a Web-based Utility that allows for easy set up and configuration. This chapter will explain
all of the functions in this Utility. (You can access the web-based utility by accessing 192.168.1.1.)
There are eleven main tabs in the Utility: System Summary, Setup, DHCP, System Management, Port
Management, Firewall, VPN, Log, Wizard, Support, and Logout. Sub-tabs are available when you click one of the
main tabs. The tabs are described below:
System Summary Tab
The System Summary Tab displays the Router’s current status and settings. This information is read only. Some
words are underlined on this screen and, if you click them, will take you to the Utility page appropriate for that
word.
Setup Tab
From this tab, you can set the basic settings on your network. The screens available from this tab include:
• Network. Enter the Internet connection and network settings on this screen.
• Password. From this screen, you can change the Router’s password on this screen. For network security, you
should always change the password from its default setting.
• Time. Change the time shown on the network from this screen.
• DMZ Host. The DMZ (Demilitarized Zone) Host feature allows one network PC to be exposed to the Internet to
use special-purpose services such as Internet gaming or video conferencing.
• Forwarding. Port forwarding can be used to set up public services on your network. You may use this function
to establish a Web server or FTP server via an IP Gateway.
• UPnP. UPnP forwarding, set up on this screen, can be used to set up public services on your network.
• One-to-One NAT. Like the DMZ feature, One-to-One NAT opens the NAT firewall for one computer, but does it
only for one Internet address. This feature is administered through this screen.
Chapter 5: Setting Up and Configuring the Router
Overview
12
10/100/1000 4-Port VPN Router
• MAC Clone. Some ISPs require that you register a MAC address. From this screen, you can “clone” your
network adapter's MAC address onto the Router. This prevents you from having to call your ISP to change the
registered MAC address to the Router's MAC address.
• DDNS. DDNS (Dynamic DNS) service, on this screen, allows you to assign a fixed domain name to a dynamic
Internet IP address. This allows you to host your own Web, FTP or other type of TCP/IP server in your network.
• Advanced Routing. The Router's dynamic routing feature can be set up on this screen to automatically adjust
to physical changes in the network's layout.
DHCP Tab
• Setup. From this screen, you can enable/disable the DHCP server, set up client lease time, DHCP IP Range,
and the WINS Server IP address.
• Status. This Status page is available to review DHCP Server Status.
System Management Tab
• SNMP. SNMP, or Simple Network Management Protocol, is a network protocol that provides network
administrators with the ability to monitor the status of the Router and receive notification of any critical
events as they occur on the network. SNMP can be managed from this screen.
• Diagnostic. From this screen, you can use the Router’s two built-in tools to troubleshoot network problems.
• Factory Default. The “Factory Default” button on this screen can be used to clear all of your configuration
information and restore the Router to its factory default settings. Only use this feature if you wish to discard
all other configuration preferences.
• Firmware Upgrade. Users can use the function on this screen to upgrade the Router’s firmware to the newest
version.
DDNS: the capability of having a website, FTP, or e-mail
server-with a dynamic IP address-use a fixed domain name
• Restart. The recommended method of restarting your Router is to use the “Restart Router” button on this
screen. Restarting with this button will send out your log file before the box is reset.
• Setting Backup. This screen allows you to make or import a backup file of your Preferences file for the Router.
Port Management Tab
• Port Setup. From this screen, users can configure the functionality for each port.
• Port Status. Users can choose this screen to see the status of a selected port.
Chapter 5: Setting Up and Configuring the Router
Overview
13
10/100/1000 4-Port VPN Router
Firewall Tab
• General. From this screen, you can configure the Router’s broadest settings for denying or allowing specific
users from accessing the Internet.
• Access Rules. Access Rules determine how and when network traffic will be allowed access to the network
or to the Internet, determining when traffic is allowed to pass through the firewall.
• Content Filter. This screen allows you to filter web access by site, keyword and time.
VPN Tab
• Summary. The VPN Summary screen displays a quick view of VPN activity and status.
• Gateway to Gateway. From this screen, users can administer tunnels between two VPN devices.
• Client to Gateway. From this screen, tunnels between a Local VPN device and a mobile user can be
administered.
• VPN Pass Through. This tab allows you to enable or disable IPSec Pass Through, PPTP Pass Through, and
L2TP Pass Through.
Log Tab
• System Log. The System Log allows you to administer the Syslog, E-mail and Log Settings.
• System Statistics. This screen displays the system statistics.
Wizard Tab
• Wizard. Use this tab to access two Setup Wizards, the Basic Setup Wizard and Access Rule Setup Wizard.
Support Tab
• Support. The buttons on this tab allow you to access the user guide and the Linksys website.
Logout Tab
• Logout. Clicking this tab exits you from the Utility.
Chapter 5: Setting Up and Configuring the Router
Overview
14
10/100/1000 4-Port VPN Router
How to Access the Web-based Utility
To access the Router’s Web-based Utility, launch Internet Explorer or Netscape Navigator, and enter the Router’s
default IP address, 192.168.1.1, in the Address field. Then, press the Enter key.
A Login screen will appear asking you for your User name and Password. Enter admin in the User name field, and
enter admin in the Password field. Then, click the OK button.
System Summary Tab
The first screen that appears is System Summary Tab. This screen displays the Router’s current status and
settings. This information is read-only. Words that are underlined will, when clicked, open the Setup page for that
feature. On the right side of the screen and all other screens in the Utility will be a link to the Site Map, which has
links to all of the Utility’s tabs. Click the Site Map button to view the Site Map (shown in Figure 5-4). Then, click
on desired tab subject.
System Information
Serial Number: The Router’s serial number is displayed here.
Firmware version: This shows the current version number of the firmware installed on this unit.
CPU: This shows the type of processor installed on the Router.
Figure 5-1: Router’s IP Address
Figure 5-2: Login Screen
DRAM: This displays the amount of Dynamic Random Access Memory (DRAM), in Megabytes, the Router has.
Flash: This displays the amount of Flash Memory, in Megabytes, the Router has.
System Up Time: This displays the length of time in Days, Hours, and Minutes that the Router has been active,
along with the current time.
Configuration
If you need help configuring the router, click the Setup Wizard button. A complete walk-through of the Setup
Wizard is shown in the Wizard Tab section.
Chapter 5: Setting Up and Configuring the Router
How to Access the Web-based Utility
Figure 5-3: System Summary
15
10/100/1000 4-Port VPN Router
Port Statistics
You can check the status of any of the Router’s ports simply by clicking the port number on the port diagram. If
the port is disabled, it will be red; if enabled, it will be black. If it is connected, it will be green.
This will open up a summary table. This summary table will show the port’s settings, such as Type, Link Status
(up or down), Port Disable (on or off), Priority (High or Normal), Speed Status (10Mbps,100Mbps, or 1000Mbps),
Duplex Status (half or full), Auto negotiation (enable or disable). The LAN ports can be configured from the LAN
Setup page of the LAN Management Tab.
Network Setting Status
LAN IP: This shows the Router’s current LAN IP Address, and hyperlinks to that section of the Setup Tab.
WAN IP: This shows the IP Address of the WAN port, hyperlinked to that section of the Setup Tab. When WAN is
set up to Obtain an IP automatically, two buttons will be shown here: Release and Renew. Click the Release
button to release the current IP Address and click the Renew button to update the DHCP Lease Time or get a new
IP. When the WAN port is set up with PPPoE or PPTP, these two buttons will be displayed as Connect and
Disconnect.
Mode: This tells you if the Router’s Working Mode is Gateway or Router, hyperlinked to that section of the Setup
Tab
Figure 5-4: Site Map
DNS: All DNS Server Addresses are displayed here, with hyperlinks to that section of the Setup Tab.
DDNS: This shows if the DDNS status is On or Off, with hyperlinks to that section of the Setup Tab.
DMZ Host: If this feature is enabled, the DMZ Private Address will be displayed. This is also hyperlinked to that
section of the Setup Tab.
Firewall Setting Status
SPI (Stateful Packet Inspection): This shows if the SPI status is On or Off, hyperlinked to that section of the
Firewall Tab.
DoS (Denial of Service): This shows if the DoS status is On or Off, hyperlinked to that section of the Firewall Tab.
Block WAN Request: This shows if the Block WAN Request status is On or Off, hyperlinked to that section of the
Firewall Tab.
Chapter 5: Setting Up and Configuring the Router
System Summary Tab
DNS the IP address of your ISP's server, which
translates the names of websites into IP addresses
16
10/100/1000 4-Port VPN Router
VPN Setting Status
VPN Summary: This hyperlink will take you to the Summary page of the VPN Tab.
Tunnel(s) Used: This displays the amount of VPN Tunnels used.
Tunnel(s) Available: This displays the amount of VPN Tunnels available.
Current Connected (The Group Name of GroupVPN) users: This displays the amount of VPN users connected
via GroupVPN.
(If GroupVPN is disabled, it will show “No Group VPN was defined.”)
Log Setting Status:
This hyperlink will take you to the System Log page of the Log Tab.
If you have not set up the Log’s mail server, this will show “E-mail cannot be sent because you have not specified
an outbound SMTP server address.”
If you have set up the mail server but the log has not come out due to Log Queue Length and Log Time Threshold
settings, this will show “E-mail settings have been configured.”
If you have set up the mail server and the log has been sent to the mail server, this will show “E-mail settings
have been configured and sent out normally.”
If you have set up the mail server and the log cannot be sent to mail server successfully, this will show “E-mail
cannot be sent out, probably use incorrect settings.”
Chapter 5: Setting Up and Configuring the Router
System Summary Tab
17
10/100/1000 4-Port VPN Router
Setup Tab - Network
The Setup screen contains all of the Router’s basic setup functions. These functions can be set from this screen
but normally don’t need to be adjusted, as the Router has been designed to be used in most network settings
without changing any of the default values. Some users, however, may need to enter additional information in
order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL, cable modem)
carrier.
Network
Host Name & Domain Name: Some ISPs may require a Host Name and Domain Name for identification, and can
provide them to you. In most cases, though, leaving these fields blank will work.
LAN Setting
This shows the Router’s MAC Address, LAN IP Address and Subnet Mask. The MAC Address is the physical
address for the Router. The default value is 192.168.1.1 for IP address and 255.255.255.0 for the Subnet Mask.
WAN Interface Setting
Choose which port you wish to use, the WAN port (for connecting a broadband Internet connection) or the SFP
port, for 10/100 networking. Only one of these ports can be used at a time.
WAN Connection Type
Obtain an IP Automatically
If your ISP automatically assigns an IP Address, select Obtain an IP automatically. If you check the box for Use
the Following DNS Server Addresses, enter a specific DNS Server IP Address. Multiple DNS IP Settings are
common. In most cases, the first available DNS entry is used.
Figure 5-5: Setup Tab - Network
Figure 5-6: WAN Connection Type -
Obtain an IP Automatically
Chapter 5: Setting Up and Configuring the Router
Setup Tab - Network
18
10/100/1000 4-Port VPN Router
Static IP
If you have to specify the WAN IP Address, Subnet Mask, Default Gateway Address, and DNS Server, select Static
IP. All of this information can be obtained from your ISP.
PPPoE (Point-to-Point Protocol over Ethernet) (most DSL users)
Your ISP will let you know whether PPPoE should be enabled or not, which will be determined by if they use this
protocol. To enable PPPoE:
1. Enter the User Name and Password you use to access your ISP account.
2. By selecting the Connect on Demand option, the PPPoE connection will be disconnected if it has been idle
for a period longer than the Max Idle Time setting.
3. By selecting the Keep Alive option, the Router will keep the connection alive by sending out a few data
packets at the Redial Period, so your Internet service thinks that the connection is still active.
Figure 5-7: WAN Connection Type - Static IP
Figure 5-8: WAN Connection Type - PPPoE
PPTP (Point-to-Point Tunneling Protocol)
1. Enter the WAN IP Address, Subnet Mask and Default Gateway Address provided by your ISP.
2. Enter the User Name and Password you use to access your ISP account.
3. By selecting the Connect on Demand option, the connection will be disconnected if it has been idle for a
period longer than the Max Idle Time setting.
By selecting the Keep Alive option, the Router will keep the connection alive by sending out a few data packets
at the Redial Period, so your Internet service thinks that the connection is still active.
Chapter 5: Setting Up and Configuring the Router
Setup Tab - Network
Figure 5-9: WAN Connection Type - PPTP
19
10/100/1000 4-Port VPN Router
Setup Tab - Password
The Router's default User Name and Password is admin. For greater network security, you should change the
Router's password from this default. If you leave the password field blank, all users on your network will be able
to access the Router simply by entering admin into the password field.
Old Password: Enter the old password.
NOTE: The password cannot be recovered if it is lost or forgotten. If the password is
lost or forgotten, you have to reset the Router to its factory default settings.
New Password: Enter a new password for the Router. Your password must be less than 64 alphanumeric
characters long and it can’t contain any spaces.
Confirm New Password: Re-enter the new password for confirmation.
Click the Save Settings button to save the Password settings or click the Cancel Changes button to undo the
changes.
Setup Tab - Time
Time
The Router uses the time settings to time stamp log events, to automatically update the Content Filter List, and to
synchronize time on your networked devices.
Set the local time with Set the local time using Network Time Protocol (NTP) automatically or Set the local
time Manually. When you choose to have the time set by using Network Time Protocol, the Router will
automatically connect to the NTP server whose address is input, providing the correct time.
Automatic: Select the Time Zone and enter the Daylight Saving and NTP Server. The default Time Zone is Pacific
Time.
Manual: Enter the Hours, Minutes, Seconds, Month, Day and Year.
Click the Save Settings button to save the Time settings or click the Cancel Changes button to undo the
changes.
Figure 5-10: Setup Tab - Password
Figure 5-11: Setup Tab - Time
Chapter 5: Setting Up and Configuring the Router
Setup Tab - Password
20
10/100/1000 4-Port VPN Router
Setup Tab - DMZ Host
The DMZ (Demilitarized Zone) Host feature opens the firewall for one of your network’s users so they can access
the Internet to use a special-purpose service such as Internet gaming or video conferencing. This user, however,
is unprotected by the firewall.
To open the firewall for one network user to access one website, and visa versa, utilize the One-to-One NAT
feature.
Enter the DMZ Private IP Address to access the DMZ Host settings. The Default value zero (0) will deactivate
the DMZ Host.
Click the Save Settings button to save the DMZ Host setting or click the Cancel Changes button to undo the
changes.
Setup Tab - Forwarding
Port forwarding can be used to set up public services on your network. When users outside your network (i.e.,
from the Internet) make certain requests on your network, the Router can forward those requests to the
appropriate computers equipped to handle the requests. If, for example, you set port number 80 (HTTP) to be
forwarded to IP Address 192.168.1.2, then all HTTP requests from outside users will be forwarded to 192.168.1.2.
You may use this function to establish a Web server or FTP server via an IP Gateway. Be sure that you enter a
valid IP Address. (You may need to establish a static IP address in order to properly run an Internet server.) For
added security, those outside your network (i.e., from the Internet) will be able to communicate with the server
but they will not actually be connected. Those packets will simply be forwarded through the Router.
Figure 5-12: Setup Tab - DMZ Host
http: the communications protocol used to
connect to servers on the World Wide Web.
Chapter 5: Setting Up and Configuring the Router
Setup Tab - DMZ Host
Figure 5-13: Setup Tab - Forwarding
21
10/100/1000 4-Port VPN Router
Port Range Forwarding
1. Select the Service from the pull-down menu, shown in Figure 5-15.
2. If the Service you need is not listed in the menu, please click the Service Management button to add the
new Service Name, and enter the Protocol and Port Range. This will open the Service Management screen.
Click the Add to List button. Then, click the Save Setting button. Click the Exit button.
3. Enter the IP Address of the server that you want the Internet users to access. Then enable the entry.
4. Click the Add to List button, and configure as many entries as you would like. You also can Delete selected
application.
Port Triggering
Some Internet applications or games use alternate ports to communicate between server and LAN host. When
you want to use those applications, enter the triggering (outgoing) port and alternate incoming port in this table.
The Router will forward the incoming packets to the LAN host.
Figure 5-14: Port Range Forwarding -
Service Management
1. Enter the application name, range of port numbers, and the incoming port range.
2. You can click the Add to List button, shown in Figure 5-15, to add Port Triggering or Delete selected
application.
Click the Save Settings button to save the settings, click the Cancel Changes button to undo your changes, click
the Show Tables to see the details.
NOTE: The Router’s WAN IP (NAT Public) Address may not be included in a range.
NOTE: One-to-One NAT does not change the way the firewall functions work. Access to
machines on the LAN from the Internet will not be allowed unless Network Access Rules are set.
Chapter 5: Setting Up and Configuring the Router
Setup Tab - Forwarding
22
Loading...