LINKSYS WRV210 Users Manual
2.4
GHz
802.11g
Wireless-G
Model No.
WIRELESS
WRV210
VPN Router with RangeBooster
User Guide
Wireless-G VPN Router with RangeBooster
Copyright and Trademarks
Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2006 Cisco Systems, Inc. All
rights reserved. Other brands and product names are trademarks or registered trademarks of their respective
holders.
WARNING: This product contains chemicals, including lead, known
to the State of California to cause cancer, and birth defects or other
reproductive harm. Wash hands after handling.
How to Use this Guide
This User Guide has been designed to make understanding networking with the Router easier than ever. Look for
the following items when reading this User Guide:
This checkmark means there is a note of interest and is something you should
pay special attention to while using the Router.
This exclamation point means there is a caution or warning and is something
that could damage your property or the Router.
This question mark provides you with a reminder about something you
might need to do while using the Router.
In addition to these symbols, there are definitions for technical terms that are presented like this:
word: definition.
Also, each figure (diagram, screenshot, or other image) is provided with a figure number and description, like
this:
Figure numbers and descriptions can also be found in the “List of Figures” section in the “Table of Contents”.
WRV210-UG-60407NC BW
Figure 0-1: Sample Figure Description
Wireless-G VPN Router with RangeBooster
Table of Contents
Chapter 1: Introduction 1
Welcome 1
What’s in this Guide? 2
Chapter 2: Planning Your Wireless Network 4
Network Topology 4
Ad-Hoc versus Infrastructure Mode 4
Network Layout 4
Chapter 3: Planning Your Virtual Private Network (VPN) 6
Why do I need a VPN? 6
What is a VPN? 7
Chapter 4: Getting to Know the Wireless-G VPN Router 9
The Back Panel 9
The Front Panel 10
Chapter 5: Connecting the Wireless-G VPN Router 11
Overview 11
Wired Connection to a PC 11
Wireless Connection to a PC 12
Chapter 6: Configuring the Wireless-G VPN Router 13
Overview 13
How to Access the Web-based Utility 15
The Setup Tab - Basic Setup 15
The Setup Tab - DDNS 21
The Setup Tab - MAC Address Clone 22
The Setup Tab - Advanced Routing 23
The Wireless Tab - Basic Wireless Settings 25
The Wireless Tab - Wireless Security 26
The Wireless Tab - Wireless Network Access 30
The Wireless Tab - Advanced Wireless Settings 31
The Firewall Tab - General 33
Wireless-G VPN Router with RangeBooster
The Firewall Tab - Port Forwarding 34
The Firewall Tab - Port Triggering 35
The Firewall Tab - DMZ 36
The Firewall Tab - Access Restriction 37
The Firewall Tab - URL Filtering 38
The VPN Tab 39
The VPN Tab - VPN Client Access 39
The VPN Tab - VPN Passthrough 40
The VPN Tab - IPSec VPN 41
The VPN Tab - VPN Summary 46
The QoS Tab - Application-based QoS 48
The QoS Tab - Port-based QoS 49
The Administration Tab - Management 50
The Administration Tab - Log 53
The Administration Tab - Diagnostics 54
The Administration Tab - Factory Defaults 55
The Administration Tab - Firmware Upgrade 55
The Administration Tab - Reboot 55
The Status Tab - Router 56
The Status Tab - Local Network 57
The Status Tab - System Performance 59
The Status Tab - VPN Clients 60
Appendix A: Troubleshooting 61
Common Problems and Solutions 61
Frequently Asked Questions 69
Appendix B: Wireless Security 77
Security Precautions 77
Security Threats Facing Wireless Networks 77
Appendix C: Using the Linksys QuickVPN Software for Windows 2000 or XP 80
Overview 80
Before You Begin 80
Using the Linksys QuickVPN Software 82
Wireless-G VPN Router with RangeBooster
Appendix D: Configuring IPSec between a Windows 2000 or XP Computer
and the Router 84
Introduction 84
Environment 84
How to Establish a Secure IPSec Tunnel 85
Appendix E: Configuring a Gateway-to-Gateway IPSec Tunnel 95
Overview 95
Before You Begin 95
Configuring the VPN Settings for the VPN Routers 96
Configuring the Key Management Settings 98
Configuring PC 1 and PC 2 99
Appendix F: Finding the MAC Address and IP Address for your Ethernet Adapter 100
Windows 98 or Me Instructions 100
Windows 2000 or XP Instructions 101
Appendix G: SNMP Functions 102
Appendix H: Upgrading Firmware 103
Appendix I: Windows Help 104
Appendix J: Glossary 105
Appendix K: Specifications 110
Appendix L: Warranty Information 111
Appendix M: Regulatory Information 112
Appendix N: Contact Information 118
Wireless-G VPN Router with RangeBooster
List of Figures
Figure 2-1: Network Diagram 5
Figure 3-1: VPN Router to VPN Router 8
Figure 3-2: Computer to VPN Router 8
Figure 4-1: Back Panel 9
Figure 4-2: Front Panel 10
Figure 5-1: Connect to LAN Ports 11
Figure 5-2: Connect to Internet Port 11
Figure 5-3: Connect to Power Port 11
Figure 5-4: Connect to Internet Port 12
Figure 5-5: Connect to Power Port 12
Figure 6-1: Login Screen 15
Figure 6-2: Setup Tab - Automatic Configuration - DHCP 15
Figure 6-3: Internet Connection Type - Static IP 16
Figure 6-4: Internet Connection Type - PPPoE 16
Figure 6-5: Internet Connection Type - PPTP 17
Figure 6-6: Internet Connection Type - L2TP 18
Figure 6-7: Static Table 20
Figure 6-8: The Setup Tab - VLAN 20
Figure 6-9: The Setup Tab - DDNS - DynDNS.org 21
Figure 6-10: The Setup Tab - DDNS - TZO.com 21
Figure 6-11: Setup Tab - MAC Address Clone 22
Figure 6-12: The Setup Tab - Advanced Routing 23
Figure 6-13: Routing Table Entry List 24
Figure 6-14: The Wireless Tab - Basic Wireless Settings 25
Figure 6-15: Wireless Security - WPA-Personal 26
Figure 6-16: Wireless Security - WPA2-Personal 26
Figure 6-17: Wireless Security - WPA Enterprise 27
Figure 6-18: Wireless Security - WPA2 Enterprise 27
Figure 6-19: Wireless Security - WPA2 Personal Mixed 28
Figure 6-20: Wireless Security - WPA2 Enterprise Mixed 28
Wireless-G VPN Router with RangeBooster
Figure 6-21: Wireless Security - RADIUS 29
Figure 6-22: Wireless Security - WEP 29
Figure 6-23: Wireless Tab - Wireless Network Access 30
Figure 6-24: Networked Computers 30
Figure 6-25: The Wireless Tab - Advanced Wireless Settings 31
Figure 6-26: Wireless Tab - WDS 32
Figure 6-27: The Firewall Tab - General 33
Figure 6-28: The Firewall Tab - Port Forwarding 34
Figure 6-29: The Firewall Tab - Port Triggering 35
Figure 6-30: The Firewall Tab - DMZ 36
Figure 6-31: The Firewall Tab - Access Restriction 37
Figure 6-32: The Firewall Tab - URL Filtering 38
Figure 6-33: The VPN Tab - VPN Client Access 39
Figure 6-34: The VPN Tab - VPN Client Access Warning 39
Figure 6-35: The VPN Tab - VPN Passthrough 40
Figure 6-36: The VPN Tab - IPSec VPN 41
Figure 6-37: Local Secure Group - Subnet and Remote Secure Group - IP Addr. 41
Figure 6-38: Local Secure Group - IP Address and Remote Secure Group - IP Address 42
Figure 6-39: Local Secure Group - Host and Remote Secure Group - IP Addr. 42
Figure 6-40: Local Secure Group - IP Addr. and Remote Secure Group - Any 42
Figure 6-41: Key Exchange Method - Auto (IKE) 43
Figure 6-42: Advanced Settings 43
Figure 6-43: Global NAT Traversal Advanced Settings 45
Figure 6-44: The VPN Tab - VPN Summary 46
Figure 6-45: The QoS Tab - Application-based QoS -Priority Queue 48
Figure 6-46: The QoS Tab - Application-based QoS -Bandwidth Allocation 48
Figure 6-47: The QoS Tab - Port-based QoS 49
Figure 6-48: The Administration Tab - Management 50
Figure 6-49: The Administration Tab - Log 53
Figure 6-50: The Administration Tab - Diagnostics 54
Figure 6-51: Ping Test 54
Figure 6-52: Traceroute Test 54
Figure 6-53: The Administration Tab - Factory Default 55
Wireless-G VPN Router with RangeBooster
Figure 6-54: The Administration Tab - Firmware Upgrade 55
Figure 6-55: The Administration Tab - Reboot 55
Figure 6-56: The Status Tab - Router 56
Figure 6-57: The Status Tab - Local Network 57
Figure 6-58: DHCP Active IP Table 57
Figure 6-59: The Status Tab - Wireless 58
Figure 6-60: The Status Tab - System Performance 59
Figure 6-61: The Status Tab - VPN Clients 60
Figure C-1: Access Restrictions - VPN Client Access Screen 80
Figure C-2: Setup Wizard - Welcome Screen 81
Figure C-3: QuickVPN Desktop Icon 82
Figure C-4: QuickVPN Tray Icon - No Connection 82
Figure C-5: QuickVPN Software - Profile 82
Figure C-6: Connecting 82
Figure C-7: Activating Policy 82
Figure C-8: Verifying Network 82
Figure C-9: QuickVPN QuickVPN Software - Status 83
Figure C-10: QuickVPN Tray Icon - Connection 83
Figure C-11: QuickVPN Tray Icon - No Connection 83
Figure C-12: QuickVPN QuickVPN Software - Change Password 83
Figure D-1: Local Security Screen 85
Figure D-2: Rules Tab 85
Figure D-3: IP Filter List Tab 85
Figure D-4: IP Filter LIst 86
Figure D-5: Filters Properties 86
Figure D-6: New Rule Properties 86
Figure D-7: IP Filter List 87
Figure D-8: Filters Properties 87
Figure D-9: New Rule Properties 87
Figure D-10: IP Filter List Tab 88
Figure D-11: Filter Action Tab 88
Figure D-12: Security Methods Tab 88
Figure D-13: Authentication Methods 89
Wireless-G VPN Router with RangeBooster
Figure D-14: Preshared Key 89
Figure D-15: New Preshared Key 89
Figure D-16: Tunnel Setting Tab 90
Figure D-17: Connection Type Tab 90
Figure D-18: Properties Screen 90
Figure D-19: IP Filter List Tab 91
Figure D-20: Filter Action Tab 91
Figure D-21: Authentication Methods Tab 91
Figure D-22: Preshared Key 92
Figure D-23: New Preshared Key 92
Figure D-24: Tunnel Setting Tab 92
Figure D-25: Connection Type 93
Figure D-26: Rules 93
Figure D-27: Local Computer 93
Figure D-28: VPN Tab 94
Figure E-1: Diagram of All VPN Tunnels 95
Figure E-2: Login Screen 96
Figure E-3: Security - VPN Screen (VPN Tunnel) 96
Figure E-4: Security - VPN Screen (VPN Tunnel) 97
Figure E-5: Auto (IKE) Advanced Settings Screen 98
Figure F-1: IP Configuration Screen 100
Figure F-2: MAC Address/Adapter Address 100
Figure F-3: MAC Address/Physical Address 101
Figure H-1: Upgrade Firmware 103
Wireless-G VPN Router with RangeBooster
Wireless-G VPN Router with RangeBooster
Chapter 1: Introduction
Welcome
Thank you for choosing the Linksys Wireless-G VPN Router with RangeBooster. The Wireless-G VPN Router will
allow you to network wirelessly better than ever, sharing Internet access, files and fun, easily and securely.
How does the Wireless-G VPN Router do all of this? A router is a device that allows access to an Internet
connection over a network. With the Wireless-G VPN Router, this access can be shared over the four switched
ports or via the wireless network, broadcast at either 11Mbps for Wireless-B or 54Mbps for Wireless-G.
To protect your data and privacy, the Wireless-G VPN Router can encrypt all wireless transmissions with up to
128-bit WEP encryption and supports the WPA standard, which provides greater security opportunities. The
Router also has a powerful Stateful Packet Inspection (SPI) firewall and Network Address Translation (NAT)
technology to protect your PCs against intruders and most known Internet attacks. Its Virtual Private Network
(VPN) function creates encrypted “tunnels” through the Internet so up to 50 remote or traveling users can
securely connect to your office network from off-site, or users in your branch office can connect to a corporate
network. All of these security features, as well as full configurability, are accessed through the easy-to-use
browser-based utility.
But what does all of this mean?
Networks are useful tools for sharing computer resources. You can access one printer from different computers
and access data located on another computer's hard drive. Networks are even used for playing multiplayer video
games. So, networks are not only useful in homes and offices, they can also be fun.
PCs on a wired network create a LAN, or Local Area Network. They are connected with Ethernet cables, which is
why the network is called “wired”.
PCs equipped with wireless cards or adapters can communicate without cumbersome cables. By sharing the
same wireless settings, within their transmission radius, they form a wireless network. The Wireless-G VPN
Router bridges wireless networks of both 802.11b and 802.11g standards and wired networks, allowing them to
communicate with each other.
With your networks all connected, wired, wireless, and the Internet, you can now share files and Internet
access—and even play games. All the while, the Wireless-G VPN Router protects your networks from
unauthorized and unwelcome users.
vpn (virtual private network): A security measure
to protect data as it leaves one network and goes to
another over the Internet
802.11b: an IEEE wireless networking standard that
specifies a maximum data transfer rate of 11Mbps
and an operating frequency of 2.4GHz
802.11g: an IEEE wireless networking standard that
specifies a maximum data transfer rate of 54Mbps,
an operating frequency of 2.4GHz, and backward
compatibility with 802.11b devices
wpa (wi-fi protected access): a wireless
security protocol using TKIP (Temporal Key
Integrity Protocol) encryption, which can be
used in conjunction with a RADIUS server
nat (network address translation): NAT technology
translates IP addresses of a local area network to a
different IP address for the Internet
spi (stateful packet inspection) firewall: A
technology that inspects incoming packets of
information before allowing them to enter the
network
ethernet: an IEEE standard network protocol that
specifies how data is placed on and retrieved from
a common transmission medium
lan (local area network): The computers and
networking products that make up the network in
your home or office
Chapter 1: Introduction
Welcome
1
Wireless-G VPN Router with RangeBooster
You should always use the Setup CD-ROM when you first install the Router. If you do not wish to run the Setup
Wizard on the Setup CD-ROM, then use the instructions in this Guide to help you connect the Wireless-G VPN
Router, set it up, and configure it to bridge your different networks. These instructions should be all you need to
get the most out of the Wireless-G VPN Router with RangeBooster.
What’s in this Guide?
This user guide covers the steps for setting up and using the Wireless-G VPN Router with RangeBooster.
• Chapter 1: Introduction
This chapter describes the Wireless-G VPN Router applications and this User Guide.
• Chapter 2: Planning Your Wireless Network
This chapter describes the basics of wireless networking.
• Chapter 3: Planning Your Virtual Private Network (VPN)
This chapter describes a VPN and its various applications.
• Chapter 4: Getting to Know the Wireless-G VPN Router
This chapter describes the physical features of the Router.
• Chapter 5: Connecting the Wireless-G VPN Router
This chapter instructs you on how to connect the Router to your network.
• Chapter 6: Configuring the Wireless-G VPN Router
This chapter explains how to use the Web-Based Utility to configure the settings on the Router.
• Appendix A: Troubleshooting
This appendix describes some problems and solutions, as well as frequently asked questions, regarding
installation and use of the Wireless-G VPN Router with RangeBooster.
• Appendix B: Wireless Security
This appendix explains the risks of wireless networking and some solutions to reduce the risks.
• Appendix C: Using the Linksys QuickVPN Software for Windows 2000 or XP
This appendix instructs you on how to use the Linksys QuickVPN software if you are using a Windows 2000 or
XP PC.
• Appendix D: Configuring IPSec between a Windows 2000 or XP PC and the Router
This appendix instructs you on how to establish a secure IPSec tunnel using preshared keys to join a private
network inside the VPN Router and a Windows 2000 or XP PC.
Chapter 1: Introduction
What’s in this Guide?
2
Wireless-G VPN Router with RangeBooster
• Appendix E: Configuring VPN Tunnels
This appendix describes how to configure VPN IPSec tunnels using the VPN Routers and a VPN client.
• Appendix F: Finding the MAC Address and IP Address for your Ethernet Adapter.
This appendix describes how to find the MAC address for your computer’s Ethernet adapter so you can use
the MAC filtering and/or MAC address cloning feature of the Router. It also explains how to find the IP address
for your computer.
• Appendix G: SNMP Functions
This appendix explains SNMP (Simple Network Management Protocol).
• Appendix H: Upgrading Firmware
This appendix instructs you on how to upgrade the firmware on your Router should you need to do so.
• Appendix I: Windows Help
This appendix describes how you can use Windows Help for instructions about networking, such as installing
the TCP/IP protocol.
• Appendix J: Glossary
This appendix gives a brief glossary of terms frequently used in networking.
• Appendix K: Specifications
This appendix provides the technical specifications for the Router.
• Appendix L: Warranty Information
This appendix supplies the warranty information for the Router.
• Appendix M: Regulatory Information
This appendix supplies the regulatory information regarding the Router.
• Appendix N: Contact Information
This appendix provides contact information for a variety of Linksys resources, including Technical Support.
Chapter 1: Introduction
What’s in this Guide?
3
Wireless-G VPN Router with RangeBooster
Chapter 2: Planning Your Wireless Network
Network Topology
A wireless local area network (WLAN) is exactly like a regular local area network (LAN), except that each
computer in the WLAN uses a wireless device to connect to the network. Computers in a WLAN share the same
frequency channel and SSID, which is an identification name shared by the wireless devices belonging to the
same wireless network.
Ad-Hoc versus Infrastructure Mode
Unlike wired networks, wireless networks have two different modes in which they may be set up: infrastructure
and ad-hoc. An infrastructure configuration is a WLAN and wired LAN communicating to each other through an
access point. An ad-hoc configuration is wireless-equipped computers communicating directly with each other.
Choosing between these two modes depends on whether or not the wireless network needs to share data or
peripherals with a wired network or not.
If the computers on the wireless network need to be accessible by a wired network or need to share a peripheral,
such as a printer, with the wired network computers, the wireless network should be set up in Infrastructure
mode. The basis of Infrastructure mode centers around an access point or wireless router, such as the
Wireless-G VPN Router, which serves as the main point of communications in a wireless network. The Router
transmits data to PCs equipped with wireless network adapters, which can roam within a certain radial range of
the Router. You can arrange the Router and multiple access points to work in succession to extend the roaming
range, and you can set up your wireless network to communicate with your Ethernet hardware as well.
If the wireless network is relatively small and needs to share resources only with the other computers on the
wireless network, then the Ad-Hoc mode can be used. Ad-Hoc mode allows computers equipped with wireless
transmitters and receivers to communicate directly with each other, eliminating the need for a wireless router or
access point. The drawback of this mode is that in Ad-Hoc mode, wireless-equipped computers are not able to
communicate with computers on a wired network. And, of course, communication between the wirelessequipped computers is limited by the distance and interference directly between them.
Network Layout
network: a series of computers or devices
connected for the purpose of data sharing,
storage, and/or transmission between users
lan (local area network): The computers and
networking products that make up the network in
your home or office
ssid: your wireless network’s name
ad-hoc: a group of wireless devices
communicating directly to each other
(peer-to-peer) without the use of an
access point
infrastructure: a wireless network
that is bridged to a wired network via
an access point
adapter: a device that adds
network functionality to your PC
ethernet: IEEE standard network protocol that
specifies how data is placed on and retrieved
from a common transmission medium
access point: a device that allows wirelessequipped computers and other devices to
communicate with a wired network. Also used
to expand the range of a wireless network
The Wireless-G VPN Router has been specifically designed for use with both your 802.11b and 802.11g products.
Now, products using these standards can communicate with each other.
Chapter 2: Planning Your Wireless Network
Network Topology
4
Wireless-G VPN Router with RangeBooster
The Wireless-G VPN Router is compatible with all 802.11b and 802.11g adapters, such as the Notebook Adapters
(WPC54G, WPC11) for your laptop computers, PCI Adapter (WMP54G, WMP11) for your desktop PC, and USB
Adapter (WUSB54G, WUSB11) when you want to enjoy USB connectivity. The Router will also communicate with
the Wireless PrintServer (WPS54GU2, WPS11) and Wireless Ethernet Bridges (WET54G, WET11).
When you wish to connect your wireless network with your wired network, you can use the Router’s three LAN
ports. To add more ports, any of the Router's LAN ports can be connected to any of Linksys's switches (such as
the EZXS55W or EZXS88W).
With these, and many other, Linksys products, your networking options are limitless. Go to the Linksys website at
www.linksys.com for more information about products that work with the Wireless-G VPN Router with
RangeBooster.
Figure 2-1: Network Diagram
Chapter 2: Planning Your Wireless Network
Network Layout
5
Wireless-G VPN Router with RangeBooster
Chapter 3: Planning Your Virtual Private Network (VPN)
Why do I need a VPN?
Computer networking provides a flexibility not available when using an archaic, paper-based system. With this
flexibility, however, comes an increased risk in security. This is why firewalls were first introduced. Firewalls help
to protect data inside of a local network. But what do you do once information is sent outside of your local
network, when e-mails are sent to their destination, or when you have to connect to your company's network
when you are out on the road? How is your data protected?
That is when a VPN can help. VPNs are called Virtual Private Networks because they secure data moving outside
of your network as if it were still within that network.
When data is sent out across the Internet from your computer, it is always open to attacks. You may already have
a firewall, which will help protect data moving around or held within your network from being corrupted or
intercepted by entities outside of your network, but once data moves outside of your network—when you send
data to someone via e-mail or communicate with an individual over the Internet—the firewall will no longer
protect that data.
At this point, your data becomes open to hackers using a variety of methods to steal not only the data you are
transmitting but also your network login and security data. Some of the most common methods are as follows:
1) MAC Address Spoofing
Packets transmitted over a network, either your local network or the Internet, are preceded by a packet header.
These packet headers contain both the source and destination information for that packet to transmit efficiently.
A hacker can use this information to spoof (or fake) a MAC address allowed on the network. With this spoofed
MAC address, the hacker can also intercept information meant for another user.
vpn (virtual private network): a security
measure to protect data as it leaves one
network and goes to another over the Internet
packet: a unit of data sent over a network
2) Data Sniffing
Data “sniffing” is a method used by hackers to obtain network data as it travels through unsecured networks,
such as the Internet. Tools for just this kind of activity, such as protocol analyzers and network diagnostic tools,
are often built into operating systems and allow the data to be viewed in clear text.
3) Man in the middle attacks
Once the hacker has either sniffed or spoofed enough information, he can now perform a “man in the middle”
attack. This attack is performed, when data is being transmitted from one network to another, by rerouting the
Chapter 3: Planning Your Virtual Private Network (VPN)
Why do I need a VPN?
6
Wireless-G VPN Router with RangeBooster
data to a new destination. Even though the data is not received by its intended recipient, it appears that way to
the person sending the data.
These are only a few of the methods hackers use and they are always developing more. Without the security of
your VPN, your data is constantly open to such attacks as it travels over the Internet. Data travelling over the
Internet will often pass through many different servers around the world before reaching its final destination.
That's a long way to go for unsecured data and this is when a VPN serves its purpose.
What is a VPN?
A VPN, or Virtual Private Network, is a connection between two endpoints—a VPN Router, for instance—in
different networks that allows private data to be sent securely over a shared or public network, such as the
Internet. This establishes a private network that can send data securely between these two locations or
networks.
This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or networks and allows data to be
transmitted over the Internet as if it were still within those networks. Not a literal tunnel, it is a connection
secured by encrypting the data sent between the two networks.
VPN was created as a cost-effective alternative to using a private, dedicated, leased line for a private network.
Using industry standard encryption and authentication techniques—IPSec, short for IP Security—the VPN creates
a secure connection that, in effect, operates as if you were directly connected to your local network. Virtual
Private Networking can be used to create secure networks linking a central office with branch offices,
telecommuters, and/or professionals on the road (travelers can connect to a VPN Router using any computer with
the Linksys VPN client software.)
There are two basic ways to create a VPN connection:
• VPN Router to VPN Router
• Computer (using the Linksys VPN client software) to VPN Router
IMPORTANT: You must have at least one VPN Router on one end of the VPN
tunnel. At the other end of the VPN tunnel, you must have a second VPN
Router or a computer with the Linksys VPN client software.
The VPN Router creates a “tunnel” or channel between two endpoints, so that data transmissions between them
are secure. A computer with the Linksys VPN client software can be one of the two endpoints (refer to “Appendix
C: Using the Linksys QuickVPN Software for Windows 2000 or XP”). If you choose not to run the VPN client
software, any computer with the built-in IPSec Security Manager (Microsoft 2000 and XP) allows the VPN Router
to create a VPN tunnel using IPSec (refer to “Appendix D: Configuring IPSec between a Windows 2000 or XP PC
Chapter 3: Planning Your Virtual Private Network (VPN)
What is a VPN?
encryption: encoding data transmitted in a network
ip (internet protocol): a protocol used to send data
over a network
software: instructions for the computer
7
Wireless-G VPN Router with RangeBooster
and the Router”). Other versions of Microsoft operating systems require additional, third-party VPN client
software applications that support IPSec to be installed.
VPN Router to VPN Router
An example of a VPN Router-to-VPN Router VPN would be as follows. At home, a telecommuter uses his VPN
Router for his always-on Internet connection. His router is configured with his office's VPN settings. When he
connects to his office's router, the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs
utilize the Internet, distance is not a factor. Using the VPN, the telecommuter now has a secure connection to the
central office's network, as if he were physically connected. For more information, refer to “Appendix E:
Configuring VPN Tunnels.”
Computer (using the Linksys VPN client software) to VPN Router
The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling businesswoman
dials up her ISP. Her notebook computer has the Linksys VPN client software, which is configured with her office's
IP address. She accesses the Linksys VPN client software and connects to the VPN Router at the central office. As
VPNs utilize the Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure
connection to the central office's network, as if she were physically connected.
For additional information and instructions about creating your own VPN, please visit Linksys’s website at
www.linksys.com. You can also refer to “Appendix C: Using the Linksys QuickVPN Software for Windows 2000 or
XP”, “Appendix D: Configuring IPSec between a Windows 2000 or XP PC and the Router,” and “Appendix E:
Configuring VPN Tunnels.”
Figure 3-1: VPN Router to VPN Router
Chapter 3: Planning Your Virtual Private Network (VPN)
What is a VPN?
Figure 3-2: Computer to VPN Router
8
Wireless-G VPN Router with RangeBooster
Chapter 4: Getting to Know the Wireless-G VPN Router
The Back Panel
The Router’s ports, where a network cable is connected, are located on the back panel.
Power The Power port is where you will connect the power adapter.
Figure 4-1: Back Panel
Reset Button There are two ways to reset the Router's factory defaults. Either press the Reset Button, for
approximately five seconds, or restore the defaults from the Administration tab - Factory
Defaults in the Router's Web-based Utility.
Ethernet (1-4) The Ethernet ports connect to your PCs and other network devices.
Internet The Internet port connects to your cable or DSL modem.
Chapter 4: Getting to Know the Wireless-G VPN Router
The Back Panel
IMPORTANT: If you reset the Router, all of
your settings, including Internet connection,
wireless, and security, will be deleted and
replaced with the factory defaults. Do not
reset the Router if you want to retain these
settings.
9
Wireless-G VPN Router with RangeBooster
The Front Panel
The Router's LEDs, where information about network activity is displayed, are located on the front panel.
Figure 4-2: Front Panel
Power Green. The Power LED lights up when the Router is powered on.
DMZ Red. The DMZ LED lights up when the Router has an available DMZ port. If the LED is flashing,
the Router is sending or receiving data over the DMZ port.
Internet Green. The Internet LED lights up when the Router is connected to your cable or DSL modem.
If the LED is flashing, the Router is sending or receiving data over the Internet port.
Wireless Green. The Wireless-G LED lights whenever there is a successful wireless connection. If the
LED is flashing, the Router is actively sending or receiving data over the wireless network.
Ethernet (1-4) Green. The LAN LED serves two purposes. If the LED is solidly lit, the Router is connected to a
device through the corresponding port (LAN 1, 2, or 3). If the LED is flashing, the Router is
sending or receiving data over that port.
Chapter 4: Getting to Know the Wireless-G VPN Router
The Front Panel
10
Wireless-G VPN Router with RangeBooster
Chapter 5: Connecting the Wireless-G VPN Router
Overview
To begin installation of the Router, you will connect the Router to your PCs, other network devices, and cable or
DSL modem. If you want to use a PC with an Ethernet adapter to configure the Router, go to “Wired Connection to
a PC.” If you want to use a PC with a wireless adapter to configure the Router, go to “Wireless Connection to a PC.”
Wired Connection to a PC
1. Make sure that all of your network’s hardware is powered off, including the Router, PCs, and cable or DSL
modem.
2. Connect one end of an Ethernet network cable to one of the LAN ports (labeled 1-4) on the back of the Router.
Then connect the other end to an Ethernet port on a PC.
3. Repeat step 2 to connect additional PCs or other network devices to the Router.
4. Connect a different Ethernet network cable from your cable or DSL modem to the Internet port on the Router’s
rear panel.
5. Power on the cable or DSL modem.
NOTE: You should always plug the Router’s power adapter into a power strip with surge protection.
6. Connect the power adapter to the Router’s Power port, and then plug the power adapter into a
power outlet.
The Power LED on the front panel will light up green as soon as the power adapter is connected properly. The
Power LED will flash for a few seconds, and then it will be solidly lit when the self-test is complete. If the LED
flashes for one minute or longer, see “Appendix A: Troubleshooting.”
7. Power on one of your PCs that is connected to the Router.
The Router’s hardware installation is now complete.
Go to “Chapter 6: Configuring the Wireless-G VPN Router with RangeBooster.”
Chapter 5: Connecting the Wireless-G VPN Router
Overview
Figure 5-1: Connect to LAN Ports
Figure 5-2: Connect to Internet Port
Figure 5-3: Connect to Power Port
11
Wireless-G VPN Router with RangeBooster
Wireless Connection to a PC
If you want to use a wireless connection to access the Router, follow these instructions:
1. Make sure that all of your network’s hardware is powered off, including the Router, PCs, and cable or DSL
modem.
2. Connect an Ethernet network cable from your cable or DSL modem to the Internet port on the Router’s rear
panel.
3. Power on the cable or DSL modem.
4. Connect the power adapter to the Router’s Power port, and then plug the power adapter into a power outlet.
NOTE: You should always plug the Router’s power adapter into a power strip with surge protection.
The Power LED on the front panel will light up green as soon as the power adapter is connected properly. The
Power LED will flash for a few seconds, and then it will be solidly lit when the self-test is complete. If the LED
flashes for one minute or longer, see “Appendix A: Troubleshooting.”
5. Power on one of the PCs on your wireless network(s).
6. For initial access to the Router through a wireless connection, make sure the PC’s wireless adapter has its
SSID set to linksys (the Router’s default setting) and its WEP encryption disabled. After you have accessed
the Router, you can change the Router and this PC’s adapter settings to match your usual network settings.
The Router’s hardware installation is now complete.
Go to “Chapter 6: Configuring the Wireless-G VPN Router with RangeBooster.”
Figure 5-4: Connect to Internet Port
Figure 5-5: Connect to Power Port
NOTE: You should change the SSID from its
default, linksys, and enable security after you
have accessed the Router.
Chapter 5: Connecting the Wireless-G VPN Router
Wireless Connection to a PC
12
Wireless-G VPN Router with RangeBooster
Chapter 6: Configuring the Wireless-G VPN Router
Overview
Linksys recommends using the Setup CD-ROM for first-time installation of the Router. If you do not wish to run
the Setup Wizard on the Setup CD-ROM, then follow the steps in this chapter and use the Router’s Web-based
Utility to configure the Router. For advanced users, you may configure the Router’s advanced settings through the
Web-based Utility.
This chapter will describe each web page in the Utility and each page’s key functions. The Utility can be accessed
via your web browser through use of a computer connected to the Router. For a basic network setup, most users
only have to use the following screens of the Utility:
Basic Setup. On the Basic Setup screen, enter the settings provided by your ISP.
Management. Click the Administration tab and then the Management tab. The Router’s default password is
admin. To secure the Router, change the Password from its default.
There are seven main tabs: Setup, Wireless, Firewall, VPN, QoS, Administration, and Status. Additional tabs will
be available after you click one of the main tabs.
Setup
• Basic Setup. Enter the Internet connection and network settings on this screen.
• VLAN. The Router provides a port-based VLAN feature.
• DDNS. On this screen, enable the Router’s Dynamic Domain Name System (DDNS) feature.
• MAC Address Clone. If you need to clone a MAC address onto the Router, use this screen.
• Advanced Routing. On this screen, configure the dynamic and static routing configuration.
NOTE: When first installing the Router, you
should use the Setup Wizard on the Setup CDROM. If you want to configure advanced
settings, use this chapter to learn about the
Web-based Utility.
HAVE YOU: Enabled TCP/IP on your PCs? PCs
communicate over the network with this
protocol. Refer to “Appendix I: Windows Help”
for more information on TCP/IP.
NOTE: For added security, you should change
the password through the Administration screen
of the Web-based Utility.
nat (network address translation): NAT technology
translates IP addresses of a local area network to a
different IP address for the Internet
Wireless
• Basic Wireless Settings. You can choose your wireless network settings on this screen.
• Wireless Security. You can choose your wireless security settings on this screen.
Chapter 6: Configuring the Wireless-G VPN Router
Overview
13
Wireless-G VPN Router with RangeBooster
• Wireless Network Access. This screen displays your network access list.
• Advanced Wireless Settings. For advanced users, you can alter data transmission settings on this screen.
• WDS. This tab is used for Wireless Distribution System (WDS).
Firewall
• General. On this screen, you can configure a variety of filters to enhance the security of your network.
• Port Forwarding. To set up public services or other specialized Internet applications on your network, click
this tab.
• Port Triggering. To set up triggered ranges and forwarded ranges for Internet applications, click this tab.
• DMZ. Click this tab to allow one local user to be exposed to the Internet for use of special-purpose services.
• Access Restriction. This tab allows you to block or allow specific kinds of Internet usage and traffic during
specific days and times.
• URL Filtering. This tab allows you to create an URL Filtering policy.
VPN
• VPN Client Access. Use this screen to designate VPN clients and their passwords.
• VPN Passthrough. This tab is used to allow VPN tunnels to pass through the Router’s firewall using IPSec,
L2TP, or PPTP protocols.
• IPSec VPN. The VPN Router creates a tunnel or secure channel between two endpoints, so that the
transmitted data or information between these endpoints is secure.
• VPN Summary. This page summarizes the comprehensive details of IPSec VPN Tunnels.
QoS
• Application-based QoS. This involves Internet traffic, which may involve demanding, real-time applications,
such as videoconferencing.
• Port-based QoS. This ensures better service to a specific LAN port.
Chapter 6: Configuring the Wireless-G VPN Router
Overview
14
Wireless-G VPN Router with RangeBooster
Administration
• Management. Alter the Router’s password, its access privileges, SNMP settings, and UPnP settings.
• Log. If you want to view or save activity logs, click this tab.
• Diagnostics. Use this screen to check the connection between the Router and a PC.
• Factory Defaults. If you want to restore the Router’s factory defaults, then use this screen.
• Firmware Upgrade. Click this tab if you want to upgrade the Router’s firmware.
• Reboot. Use this to restart the Router.
Status
• Router. This screen provides status information about the Router.
• Local Network. This provides status information about the local network.
• Wireless. Status information about the wireless network is displayed here.
• System Performance. Status information is provided for all network traffic.
• VPN Clients. This screen provides status information about the Router’s VPN clients.
How to Access the Web-based Utility
To access the web-based utility, launch Internet Explorer or Netscape Navigator, and enter the Router’s default IP
address, 192.168.1.1, in the Address field. Then press Enter.
A password request page will appear. (Windows XP users will see a similar screen.) Enter admin (the default user
name) in the User Name field, and enter admin (the default password) in the Password field. Then click the OK .
Make the necessary changes through the Utility. When you have finished making changes to a screen, click the
Save Settings button to save the changes, or click the Cancel Changes button to undo your changes. Help
information is shown on the right-hand side of a screen. For additional information, click More.
The Setup Tab - Basic Setup
Figure 6-1: Login Screen
The first screen that appears is the Basic Setup tab. This tab allows you to change the Router's general settings.
Chapter 6: Configuring the Wireless-G VPN Router
How to Access the Web-based Utility
Figure 6-2: Setup Tab - Automatic Configuration - DHCP
15
Wireless-G VPN Router with RangeBooster
Internet Setup
The Internet Setup section configures the Router for your Internet connection type. This information can be
obtained from your ISP.
Internet Connection Type
The Router supports four connection types: Automatic Configuration - DHCP (the default connection type), PPPoE,
Static IP, and PPTP. Each Basic Setup screen and available features will differ depending on what kind of
connection type you select.
Automatic Configuration - DHCP
By default, the Router’s Configuration Type is set to Automatic Configuration - DHCP, and it should be kept
only if your ISP supports DHCP or you are connecting through a dynamic IP address.
Static IP
If you are required to use a permanent IP address to connect to the Internet, then select Static IP.
IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide
you with the IP Address you need to specify here.
Figure 6-3: Internet Connection Type - Static IP
static ip address: a fixed address
assigned to a computer or device
connected to a network.
subnet mask: an address code that
determines the size of the network
default gateway: a device that forwards
Internet traffic from your local area network
Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet (including your
ISP). Your ISP will provide you with the Subnet Mask.
Default Gateway. Your ISP will provide you with the Default Gateway Address, which is the ISP server’s IP
address.
Primary DNS (Required) and Secondary DNS (Optional). Your ISP will provide you with at least one DNS
(Domain Name System) Server IP Address.
When you have finished making changes to the screen, click the Save Settings button to save the changes,
or click the Cancel Changes button to undo your changes.
PPPoE
Some DSL-based ISPs use PPPoE (Point-to-Point Protocol over Ethernet) to establish Internet connections. If
you are connected to the Internet through a DSL line, check with your ISP to see if they use PPPoE. If they do,
you will have to enable PPPoE.
Chapter 6: Configuring the Wireless-G VPN Router
The Setup Tab - Basic Setup
Figure 6-4: Internet Connection Type - PPPoE
pppoe: a type of broadband connection that
provides authentication (username and
password) in addition to data transport
16
Wireless-G VPN Router with RangeBooster
User Name and Password. Enter the User Name and Password provided by your ISP. Then, enter the
Password again to confirm it.
Auth Type: Select from two authentication protocols as required by your ISP: Password Authentication
Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection after it has
been inactive for a specified period of time (Max Idle Time). If your Internet connection has been terminated
due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as
soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, click the radio
button. In the Max Idle Time field, enter the number of minutes you want to have elapsed before your Internet
connection terminates.
Keep Alive Option: Redial Period. If you select this option, the Router will periodically check your Internet
connection. If you are disconnected, then the Router will automatically re-establish your connection. To use
this option, click the radio button next to Keep Alive. In the Redial Period field, you specify how often you
want the Router to check the Internet connection. The default Redial Period is 30 seconds.
When you have finished making changes to the screen, click the Save Settings button to save the changes,
or click the Cancel Changes button to undo your changes.
PPTP
Figure 6-5: Internet Connection Type - PPTP
Point-to-Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only.
IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide
you with the IP Address you need to specify here.
Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet (including your
ISP). Your ISP will provide you with the Subnet Mask.
Default Gateway. Your ISP will provide you with the Default Gateway Address.
PPPTP Server IP. Enter the IP address of the PPPTP server.
User Name and Password. Enter the User Name and Password provided by your ISP.
Auth Type: Select from two authentication protocols as required by your ISP: Password Authentication
Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection after it has
been inactive for a specified period of time (Max Idle Time). If your Internet connection has been terminated
Chapter 6: Configuring the Wireless-G VPN Router
The Setup Tab - Basic Setup
17
Wireless-G VPN Router with RangeBooster
due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as
soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, click the radio
button. In the Max Idle Time field, enter the number of minutes you want to have elapsed before your Internet
connection terminates.
Keep Alive Option: Redial Period. If you select this option, the Router will periodically check your Internet
connection. If you are disconnected, then the Router will automatically re-establish your connection. To use
this option, click the radio button next to Keep Alive. In the Redial Period field, you specify how often you
want the Router to check the Internet connection. The default Redial Period is 30 seconds.
When you have finished making changes to the screen, click the Save Settings button to save the changes,
or click the Cancel Changes button to undo your changes.
L2TP
Layer 2 Tunneling Protocol (L2TP) is a service that tunnels Point-to-Point Protocol (PPP) across the Internet. It
is used mostly in European countries. Check with your ISP for the necessary setup information.
IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide
you with the IP Address you need to specify here.
Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet (including your
ISP). Your ISP will provide you with the Subnet Mask.
Default Gateway. Your ISP will provide you with the Default Gateway Address.
L2TP Server IP. Enter the IP address of the L2TP server.
User Name and Password. Enter the User Name and Password provided by your ISP.
Auth Type: Select from two authentication protocols as required by your ISP: Password Authentication
Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
Connect on Demand and Max Idle Time. You can configure the Router to cut the Internet connection after it
has been inactive for a specific period of time (Max Idle Time). If your Internet connection has been
terminated due to inactivity, Connect on Demand enables the Router to automatically re-establish your
connection as soon as you attempt to access the Internet again. To use Connect on Demand, click the radio
button. If you want your Internet connection to remain on at all times, enter 0 in the Max Idle Time field.
Otherwise, enter the number of minutes you want to have elapsed before your Internet access disconnects.
Keep Alive and Redial Period. This option keeps your Internet access connected indefinitely, even when it
sits idle. If you select this option, the Router will periodically check your Internet connection. If the connection
Chapter 6: Configuring the Wireless-G VPN Router
The Setup Tab - Basic Setup
Figure 6-6: Internet Connection Type - L2TP
18
Wireless-G VPN Router with RangeBooster
is down, then the Router will automatically re-establish the connection. To use this option, click the radio
button next to Keep Alive. The default Redial Period is 30 seconds.
Click the Save Settings button. Then click the Status tab, and click the Connect button.
Optional Settings (Required by some ISPs)
Some of these settings may be required by your ISP. Verify with your ISP before making any changes.
Host Name and Domain Name. These fields allow you to supply a host and domain name for the Router. Some
ISPs require these names as identification. You may have to check with your ISP to see if your broadband Internet
service has been configured with a host and domain name. In most cases, leaving these fields blank will work.
MTU. The MTU (Maximum Transmission Unit) setting specifies the largest packet size permitted for network
transmission. Select Enabled and enter the value desired. It is recommended that you leave this value in the
1200 to 1500 range. For most DSL users, it is recommended to use the value 1492. By default, MTU is set at 1500
when disabled.
LAN Setup
The LAN Setup section allows you to change the Router’s local network settings.
LAN IP
The Router’s Local IP Address and Subnet Mask are shown here. In most cases, you can keep the defaults.
Local IP Address. The default value is 192.168.1.1.
Subnet Mask. The default value is 255.255.255.0.
Network Address Server Settings (DHCP)
The Router can be used as your network’s DHCP (Dynamic Host Configuration Protocol) server, which
automatically assigns an IP address to each PC on your network. Unless you already have one, it is highly
recommended that you leave the Router enabled as a DHCP server.
Local DHCP Server. DHCP is already enabled by factory default. If you already have a DHCP server on your
network, set the Router’s DHCP option to Disabled. If you disable DHCP, assign a static IP address to the Router.
Chapter 6: Configuring the Wireless-G VPN Router
The Setup Tab - Basic Setup
19
Wireless-G VPN Router with RangeBooster
Start IP Address. Enter a value for the DHCP server to start with when issuing IP addresses. This value must be
192.168.1. 2 or greater, but smaller than 192.168.1.254, because the default IP address for the Router is
192.168.1.1, and 192.168.1.255 is the broadcast IP address.
Number of Address. Enter the maximum number of PCs that you want the DHCP server to assign IP addresses
to. This number cannot be greater than 253. In order to determine the DHCP IP Address range, add the starting IP
address (e.g., 100) to the number of DHCP users.
IP Address Range. The range of DHCP addresses is displayed here.
Client Lease Time. This is the amount of time a DHCP client can keep the assigned IP address before it sends a
renewal request to the DHCP server.
The Static Table shows the mapping of MAC addresses to IP addresses. To use this feature, enter the Static IP
Address and MAC address in the fields, then click Add. To edit an entry, highlight the entry in the table, click the
Edit button, make your changes in the fields, then click Add. To remove an entry, highlight the entry, then click
Remove.
Manual DNS Setting. To enter the DNS IP addresses manually, enter up to two in the fields provided.
Time Setting
This is where you set the time for the Router. You can set the time and date manually or automatically.
Figure 6-7: Static Table
Manually. Select the date from the Date drop-down menus. Then enter the time in the Time fields.
Automatically. Select your time zone from the Time Zone drop-down menu. If you want to enable the Automatic
Daylight Savings feature, click the Enabled radio button.
When you have finished making changes to the screen, click the Save Settings button to save the changes, or
click the Cancel Changes button to undo your changes.
The Setup Tab - VLAN
The Router provides a port-based VLAN feature.
Port-based VLAN. Select Enabled to enable the feature. When enabled, and a VLAN is selected, VLAN1 will be
enabled as a default VLAN, so you will have two VLANs. Select Disabled to disable the feature. When this feature
is disabled, all LAN ports are on the same LAN.
Number of VLAN. Select the number of the VLAN from the drop-down menu.
Chapter 6: Configuring the Wireless-G VPN Router
The Setup Tab - Basic Setup
Figure 6-8: The Setup Tab - VLAN
20
Loading...