Mitel WRV54G User Manual
A Division of Cisco Systems, Inc.
®
2.4
Model No.
GHz
802.11g
WIRELESS
WRV54G
Wireless-G
VPN Broadband Router
Wireless-G VPN Broadband Router
Copyright and Trademarks
Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2006 Cisco Systems, Inc. All
rights reserved. Other brands and product names are trademarks or registered trademarks of their respective
holders.
WARNING: This product contains chemicals, including lead, known
to the State of California to cause cancer, and birth defects or other
reproductive harm. Wash hands after handling.
How to Use this Guide
This User Guide has been designed to make understanding networking with the Router easier than ever. Look for
the following items when reading this User Guide:
This checkmark means there is a note of interest and is something you should
pay special attention to while using the Router.
This exclamation point means there is a caution or warning and is something
that could damage your property or the Router.
This question mark provides you with a reminder about something you
might need to do while using the Router.
In addition to these symbols, there are definitions for technical terms that are presented like this:
word: definition.
Also, each figure (diagram, screenshot, or other image) is provided with a figure number and description, like
this:
Figure numbers and descriptions can also be found in the “List of Figures” section in the “Table of Contents”.
WRV54G-UG-60306D JL
Figure 0-1: Sample Figure Description
Wireless-G VPN Broadband Router
Table of Contents
Chapter 1: Introduction 1
Welcome 1
What’s in this Guide? 2
Chapter 2: Planning Your Wireless Network 4
Network Topology 4
Ad-Hoc versus Infrastructure Mode 4
Network Layout 4
Chapter 3: Planning Your Virtual Private Network (VPN) 6
Why do I need a VPN? 6
What is a VPN? 7
Chapter 4: Getting to Know the Wireless-G VPN Broadband Router 9
The Back Panel 9
The Front Panel 10
Chapter 5: Connecting the Wireless-G VPN Broadband Router 11
Overview 11
Wired Connection to a PC 11
Wireless Connection to a PC 12
Chapter 6: Configuring the Wireless-G VPN Broadband Router 13
Overview 13
How to Access the Web-based Utility 15
The Setup Tab - Basic Setup 15
The Setup Tab - DDNS 19
The Setup Tab - MAC Address Clone 20
The Setup Tab - Advanced Routing 21
The Setup Tab - Hot Spot 23
The Wireless Tab - Basic Wireless Settings 24
The Wireless Tab - Wireless Security 25
The Wireless Tab - Wireless Network Access 27
The Wireless Tab - Advanced Wireless Settings 28
Wireless-G VPN Broadband Router
The Security Tab - Firewall 30
The Security Tab - VPN 31
The Access Restrictions Tab - Internet Access 37
The Access Restrictions Tab - VPN Client Access 40
The Applications and Gaming Tab - Port Range Forwarding 41
The Applications and Gaming Tab - Port Triggering 42
The Applications and Gaming Tab - UPnP Forwarding 43
The Applications and Gaming Tab - DMZ 44
The Administration Tab - Management 45
The Administration Tab - Log 47
The Administration Tab - Diagnostics 49
The Administration Tab - Factory Defaults 50
The Administration Tab - Firmware Upgrade 51
The Status Tab - Router 52
The Status Tab - Local Network 53
The Status Tab - System Performance 55
The Status Tab - VPN Clients 57
Chapter 7: Boingo™ Hot Spot in a Box® Program for Hot Spot Businesses 58
Program Overview 58
Simple Hot Spot in a Box Program 58
How the Boingo Hot Spot in a Box Feature Impacts the Linksys Wireless-G
Broadband Router 59
Excellent Customer Support 60
Getting Started 60
Administration Site 71
Appendix A: Troubleshooting 78
Common Problems and Solutions 78
Frequently Asked Questions 86
Appendix B: Wireless Security 94
Security Precautions 94
Security Threats Facing Wireless Networks 94
Wireless-G VPN Broadband Router
Appendix C: Using the Linksys QuickVPN Software for Windows 2000 or XP 97
Overview 97
Before You Begin 97
Installing the LInksys QuickVPN Software 97
Using the Linksys QuickVPN Software 98
Appendix D: Configuring IPSec between a Windows 2000 or XP Computer
and the Router 99
Introduction 99
Environment 99
How to Establish a Secure IPSec Tunnel 100
Appendix E: Configuring VPN Tunnels 110
Overview 110
Before You Begin 110
Configuring the VPN Settings for the VPN Routers 111
Configuring the Key Management Settings 113
Configuring PC 1 and PC 2 114
Connecting a VPN Client 114
Appendix F: Finding the MAC Address and IP Address for Your
Ethernet Adapter 117
Windows 98 or Me Instructions 117
Windows 2000 or XP Instructions 118
Appendix G: SNMP Functions 119
Appendix H: Upgrading Firmware 120
Appendix I: Windows Help 121
Appendix J: Glossary 122
Appendix K: Specifications 127
Appendix L: Warranty Information 128
Appendix M: Regulatory Information 129
Appendix N: Contact Information 135
Wireless-G VPN Broadband Router
List of Figures
Figure 2-1: Network Diagram 5
Figure 3-1: VPN Router to VPN Router 8
Figure 3-2: Computer to VPN Router 8
Figure 4-1: Back Panel 9
Figure 4-2: Front Panel 10
Figure 5-1: Connect to LAN Ports 11
Figure 5-2: Connect to Internet Port 11
Figure 5-3: Connect to Power Port 11
Figure 5-4: Connect to Internet Port 12
Figure 5-5: Connect to Power Port 12
Figure 6-1: Login Screen 15
Figure 6-2: Setup Tab - Automatic Configuration - DHCP 15
Figure 6-3: Internet Connection Type - Static IP 16
Figure 6-4: Internet Connection Type - PPPoE 16
Figure 6-5: Internet Connection Type - PPTP 17
Figure 6-6: DDNS Tab - DynDNS.org 19
Figure 6-7: DDNS Tab - TZO.com 19
Figure 6-8: Setup Tab - MAC Address Clone 20
Figure 6-9: Setup Tab - Advanced Routing 21
Figure 6-10: Routing Table Entry List 22
Figure 6-11: Setup Tab - Hot Spot in a Box 23
Figure 6-12: Wireless Tab - Basic Wireless Settings 24
Figure 6-13: Wireless Security - WPA Pre-Shared Key 25
Figure 6-14: Wireless Security - WPA RADIUS 25
Figure 6-15: Wireless Security - RADIUS 26
Figure 6-16: Wireless Security - WEP 26
Figure 6-17: Wireless Tab - Wireless Network Access 27
Figure 6-18: Networked Computers 27
Figure 6-19: Wireless Tab - Advanced Wireless Settings 28
Figure 6-20: Security Tab - Firewall 30
Wireless-G VPN Broadband Router
Figure 6-21: Security Tab - VPN 31
Figure 6-22: Local Secure Group - Subnet and Remote Secure Group - Subnet 31
Figure 6-23: Local Secure Group - IP Address and Remote Secure Group - IP Address 32
Figure 6-24: Local Secure Group - IP Range and Remote Secure Group - IP Range 32
Figure 6-25: Local Secure Group - Host and Remote Secure Group - Host 32
Figure 6-26: Local Secure Group - Subnet and Remote Secure Group - Any 32
Figure 6-27: Remote Secure Group - Any and Remote Secure Gateway - FQDN 33
Figure 6-28: Remote Security Group - Any and Remote Secure Gateway - Any 33
Figure 6-29: Key Exchange Method - Auto(IKE) 33
Figure 6-30: Key Exchange Method - Manual 34
Figure 6-31: Advanced VPN Tunnel Setup 35
Figure 6-32: Access Restrictions Tab - Internet Access 37
Figure 6-33: Internet Filter Summary 37
Figure 6-34: List of PCs 38
Figure 6-35: Blocked Services 38
Figure 6-36: Access Restrictions Tab - VPN Client Access 40
Figure 6-37: Applications & Gaming Tab - Port Range Forwarding 41
Figure 6-38: Applications & Gaming Tab - Port Triggering 42
Figure 6-39: Applications & Gaming Tab - UPnP Forwarding 43
Figure 6-40: Applications & Gaming Tab - DMZ 44
Figure 6-41: Administration Tab - Management 45
Figure 6-42: Administration Tab - Log 47
Figure 6-43: Administration Tab - Diagnostics 49
Figure 6-44: Administration Tab - Factory Default 50
Figure 6-45: Administration Tab - Firmware Upgrade 51
Figure 6-46: Status Tab - Router 52
Figure 6-47: Status Tab - Local Network 53
Figure 6-48: DHCP Active IP Table 53
Figure 6-49: Status Tab - Wireless 54
Figure 6-50: Status Tab - System Performance 55
Figure 6-51: Status Tab - VPN Clients 57
Figure 7-1: Registration Login 61
Figure 7-2: Welcome 61
Wireless-G VPN Broadband Router
Figure 7-3: Operator Agreement 62
Figure 7-4: Business Contact Information 62
Figure 7-5: Credit Card Information 63
Figure 7-6: Select a Username and Password 63
Figure 7-7: Confirmation 64
Figure 7-8: Registration Complete 64
Figure 7-9: Device Location 65
Figure 7-10: Onsite Contact 65
Figure 7-11: Device Configuration 66
Figure 7-12: View/Edit Settings 66
Figure 7-13: Your Location Page 67
Figure 7-14: Sample Page 67
Figure 7-15: Free Access 68
Figure 7-16: Confirmation 69
Figure 7-17: Almost Done 70
Figure 7-18: Administration Login 72
Figure 7-19: Home 72
Figure 7-20: Device View 73
Figure 7-21: Edit Current Configuration 74
Figure 7-22: Map 74
Figure 7-23: User Statistics 75
Figure 7-24: Device Statistics 75
Figure 7-25: Device Performance 76
Figure 7-26: Device Alerts 77
Figure C-1: Setup Wizard - Welcome Screen 97
Figure C-2: QuickVPN Desktop Icon 98
Figure C-3: QuickVPN Tray Icon - No Connection 98
Figure C-4: QuickVPN Software - Profile 98
Figure C-5: QuickVPN Software - Status 98
Figure C-6: QuickVPN Tray Icon - Connection Available 98
Figure C-7: QuickVPN Software - Change Password 98
Figure D-1: Local Security Screen 100
Figure D-2: Rules Tab 100
Wireless-G VPN Broadband Router
Figure D-3: IP Filter List Tab 100
Figure D-4: IP Filter LIst 101
Figure D-5: Filters Properties 101
Figure D-6: New Rule Properties 101
Figure D-7: IP Filter List 102
Figure D-8: Filters Properties 102
Figure D-9: New Rule Properties 102
Figure D-10: IP Filter List Tab 103
Figure D-11: Filter Action Tab 103
Figure D-12: Security Methods Tab 103
Figure D-13: Authentication Methods 104
Figure D-14: Preshared Key 104
Figure D-15: New Preshared Key 104
Figure D-16: Tunnel Setting Tab 105
Figure D-17: Connection Type Tab 105
Figure D-18: Properties Screen 105
Figure D-19: IP Filter List Tab 106
Figure D-20: Filter Action Tab 106
Figure D-21: Authentication Methods Tab 106
Figure D-22: Preshared Key 107
Figure D-23: New Preshared Key 107
Figure D-24: Tunnel Setting Tab 107
Figure D-25: Connection Type 108
Figure D-26: Rules 108
Figure D-27: Local Computer 108
Figure D-28: VPN Tab 109
Figure E-1: Diagram of All VPN Tunnels 110
Figure E-2: Login Screen 111
Figure E-3: Setup - Basic Setup (Internet Setup) 111
Figure E-4: Security - VPN Screen (VPN Tunnel) 111
Figure E-5: Setup - Basic Setup (Internet Setup) 112
Figure E-6: Security - VPN Screen (VPN Tunnel) 112
Figure E-7: Diagram of VPN Tunnel between VPN Routers 113
Wireless-G VPN Broadband Router
Figure E-8: Security - VPN Screen (Key Management) 113
Figure E-9: Advanced Tunnel Setup Screen 114
Figure E-10: Access Restrictions - VPN Client Access Screen 115
Figure E-11: Diagram of VPN Tunnel between VPN Router 1 and VPN Client 115
Figure E-12: QuickVPN Desktop Icon 115
Figure E-13: QuickVPN Software - Profile 115
Figure E-14: Connecting 116
Figure E-15: Activating Policy 116
Figure E-16: Verifying Network 116
Figure E-17: QuickVPN Software - Status 116
Figure E-18: QuickVPN Tray Icon - Connection 116
Figure E-19: QuickVPN Tray Icon - No Connection 116
Figure F-1: IP Configuration Screen 117
Figure F-2: MAC Address/Adapter Address 117
Figure F-3: MAC Address/Physical Address 118
Figure H-1: Upgrade Firmware 120
Wireless-G VPN Broadband Router
Chapter 1: Introduction
Welcome
Thank you for choosing the Linksys Wireless-G VPN Broadband Router. The Wireless-G VPN Broadband Router
will allow you to network wirelessly better than ever, sharing Internet access, files and fun, easily and securely.
How does the Wireless-G VPN Broadband Router do all of this? A router is a device that allows access to an
Internet connection over a network. With the Wireless-G VPN Broadband Router, this access can be shared over
the four switched ports or via the wireless network, broadcast at either 11Mbps for Wireless-B or 54Mbps for
Wireless-G.
To protect your data and privacy, the Wireless-G VPN Broadband Router can encrypt all wireless transmissions
with up to 128-bit WEP encryption and supports the WPA standard, which provides greater security opportunities.
The Router also has a powerful Stateful Packet Inspection (SPI) firewall and Network Address Translation (NAT)
technology to protect your PCs against intruders and most known Internet attacks. Its Virtual Private Network
(VPN) function creates encrypted “tunnels” through the Internet so up to 50 remote or traveling users can
securely connect to your office network from off-site, or users in your branch office can connect to a corporate
network. All of these security features, as well as full configurability, are accessed through the easy-to-use
browser-based utility.
But what does all of this mean?
Networks are useful tools for sharing computer resources. You can access one printer from different computers
and access data located on another computer's hard drive. Networks are even used for playing multiplayer video
games. So, networks are not only useful in homes and offices, they can also be fun.
PCs on a wired network create a LAN, or Local Area Network. They are connected with Ethernet cables, which is
why the network is called “wired”.
PCs equipped with wireless cards or adapters can communicate without cumbersome cables. By sharing the
same wireless settings, within their transmission radius, they form a wireless network. The Wireless-G VPN
Broadband Router bridges wireless networks of both 802.11b and 802.11g standards and wired networks,
allowing them to communicate with each other.
With your networks all connected, wired, wireless, and the Internet, you can now share files and Internet
access—and even play games. All the while, the Wireless-G VPN Broadband Router protects your networks from
unauthorized and unwelcome users.
vpn (virtual private network): A security measure
to protect data as it leaves one network and goes to
another over the Internet
802.11b: an IEEE wireless networking standard that
specifies a maximum data transfer rate of 11Mbps
and an operating frequency of 2.4GHz
802.11g: an IEEE wireless networking standard that
specifies a maximum data transfer rate of 54Mbps,
an operating frequency of 2.4GHz, and backward
compatibility with 802.11b devices
wpa (wi-fi protected access): a wireless
security protocol using TKIP (Temporal Key
Integrity Protocol) encryption, which can be
used in conjunction with a RADIUS server
nat (network address translation): NAT technology
translates IP addresses of a local area network to a
different IP address for the Internet
spi (stateful packet inspection) firewall: A
technology that inspects incoming packets of
information before allowing them to enter the
network
ethernet: an IEEE standard network protocol that
specifies how data is placed on and retrieved from
a common transmission medium
lan (local area network): The computers and
networking products that make up the network in
your home or office
Chapter 1: Introduction
Welcome
1
Wireless-G VPN Broadband Router
You should always use the Setup CD-ROM when you first install the Router. If you do not wish to run the Setup
Wizard on the Setup CD-ROM, then use the instructions in this Guide to help you connect the Wireless-G VPN
Broadband Router, set it up, and configure it to bridge your different networks. These instructions should be all
you need to get the most out of the Wireless-G VPN Broadband Router.
What’s in this Guide?
This user guide covers the steps for setting up and using the Wireless-G VPN Broadband Router.
• Chapter 1: Introduction
This chapter describes the Wireless-G VPN Broadband Router applications and this User Guide.
• Chapter 2: Planning Your Wireless Network
This chapter describes the basics of wireless networking.
• Chapter 3: Planning Your Virtual Private Network (VPN)
This chapter describes a VPN and its various applications.
• Chapter 4: Getting to Know the Wireless-G VPN Broadband Router
This chapter describes the physical features of the Router.
• Chapter 5: Connecting the Wireless-G VPN Broadband Router
This chapter instructs you on how to connect the Router to your network.
• Chapter 6: Configuring the Wireless-G VPN Broadband Router
This chapter explains how to use the Web-Based Utility to configure the settings on the Router.
• Chapter 7: Boingo Hot Spot in a Box for Hot Spot Businesses
This chapter explains how to sign up for the Boingo Hot Spot in a Box program.
• Appendix A: Troubleshooting
This appendix describes some problems and solutions, as well as frequently asked questions, regarding
installation and use of the Wireless-G VPN Broadband Router.
• Appendix B: Wireless Security
This appendix explains the risks of wireless networking and some solutions to reduce the risks.
• Appendix C: Using the Linksys QuickVPN Software for Windows 2000 or XP
This appendix instructs you on how to use the Linksys QuickVPN software if you are using a Windows 2000 or
XP PC.
Chapter 1: Introduction
What’s in this Guide?
2
Wireless-G VPN Broadband Router
• Appendix D: Configuring IPSec between a Windows 2000 or XP PC and the Router
This appendix instructs you on how to establish a secure IPSec tunnel using preshared keys to join a private
network inside the VPN Router and a Windows 2000 or XP PC.
• Appendix E: Configuring VPN Tunnels
This appendix describes how to configure VPN IPSec tunnels using the VPN Routers and a VPN client.
• Appendix F: Finding the MAC Address and IP Address for your Ethernet Adapter.
This appendix describes how to find the MAC address for your computer’s Ethernet adapter so you can use
the MAC filtering and/or MAC address cloning feature of the Router. It also explains how to find the IP address
for your computer.
• Appendix G: SNMP Functions
This appendix explains SNMP (Simple Network Management Protocol).
• Appendix H: Upgrading Firmware
This appendix instructs you on how to upgrade the firmware on your Router should you need to do so.
• Appendix I: Windows Help
This appendix describes how you can use Windows Help for instructions about networking, such as installing
the TCP/IP protocol.
• Appendix J: Glossary
This appendix gives a brief glossary of terms frequently used in networking.
• Appendix K: Specifications
This appendix provides the technical specifications for the Router.
• Appendix L: Warranty Information
This appendix supplies the warranty information for the Router.
• Appendix M: Regulatory Information
This appendix supplies the regulatory information regarding the Router.
• Appendix N: Contact Information
This appendix provides contact information for a variety of Linksys resources, including Technical Support.
Chapter 1: Introduction
What’s in this Guide?
3
Wireless-G VPN Broadband Router
Chapter 2: Planning Your Wireless Network
Network Topology
A wireless local area network (WLAN) is exactly like a regular local area network (LAN), except that each
computer in the WLAN uses a wireless device to connect to the network. Computers in a WLAN share the same
frequency channel and SSID, which is an identification name shared by the wireless devices belonging to the
same wireless network.
Ad-Hoc versus Infrastructure Mode
Unlike wired networks, wireless networks have two different modes in which they may be set up: infrastructure
and ad-hoc. An infrastructure configuration is a WLAN and wired LAN communicating to each other through an
access point. An ad-hoc configuration is wireless-equipped computers communicating directly with each other.
Choosing between these two modes depends on whether or not the wireless network needs to share data or
peripherals with a wired network or not.
If the computers on the wireless network need to be accessible by a wired network or need to share a peripheral,
such as a printer, with the wired network computers, the wireless network should be set up in Infrastructure
mode. The basis of Infrastructure mode centers around an access point or wireless router, such as the
Wireless-G VPN Broadband Router, which serves as the main point of communications in a wireless network. The
Router transmits data to PCs equipped with wireless network adapters, which can roam within a certain radial
range of the Router. You can arrange the Router and multiple access points to work in succession to extend the
roaming range, and you can set up your wireless network to communicate with your Ethernet hardware as well.
If the wireless network is relatively small and needs to share resources only with the other computers on the
wireless network, then the Ad-Hoc mode can be used. Ad-Hoc mode allows computers equipped with wireless
transmitters and receivers to communicate directly with each other, eliminating the need for a wireless router or
access point. The drawback of this mode is that in Ad-Hoc mode, wireless-equipped computers are not able to
communicate with computers on a wired network. And, of course, communication between the wirelessequipped computers is limited by the distance and interference directly between them.
Network Layout
network: a series of computers or devices
connected for the purpose of data sharing,
storage, and/or transmission between users
lan (local area network): The computers and
networking products that make up the network in
your home or office
ssid: your wireless network’s name
ad-hoc: a group of wireless devices
communicating directly to each other
(peer-to-peer) without the use of an
access point
infrastructure: a wireless network
that is bridged to a wired network via
an access point
adapter: a device that adds
network functionality to your PC
ethernet: IEEE standard network protocol that
specifies how data is placed on and retrieved
from a common transmission medium
access point: a device that allows wirelessequipped computers and other devices to
communicate with a wired network. Also used
to expand the range of a wireless network
The Wireless-G VPN Broadband Router has been specifically designed for use with both your 802.11b and
802.11g products. Now, products using these standards can communicate with each other.
Chapter 2: Planning Your Wireless Network
Network Topology
4
Wireless-G VPN Broadband Router
The Wireless-G VPN Broadband Router is compatible with all 802.11b and 802.11g adapters, such as the
Notebook Adapters (WPC54G, WPC11) for your laptop computers, PCI Adapter (WMP54G, WMP11) for your
desktop PC, and USB Adapter (WUSB54G, WUSB11) when you want to enjoy USB connectivity. The Broadband
Router will also communicate with the Wireless PrintServer (WPS54GU2, WPS11) and Wireless Ethernet Bridges
(WET54G, WET11).
When you wish to connect your wireless network with your wired network, you can use the Broadband Router’s
three LAN ports. To add more ports, any of the Broadband Router's LAN ports can be connected to any of
Linksys's switches (such as the EZXS55W or EZXS88W).
With these, and many other, Linksys products, your networking options are limitless. Go to the Linksys website at
www.linksys.com for more information about products that work with the Wireless-G VPN Broadband Router.
Figure 2-1: Network Diagram
Chapter 2: Planning Your Wireless Network
Network Layout
5
Wireless-G VPN Broadband Router
Chapter 3: Planning Your Virtual Private Network (VPN)
Why do I need a VPN?
Computer networking provides a flexibility not available when using an archaic, paper-based system. With this
flexibility, however, comes an increased risk in security. This is why firewalls were first introduced. Firewalls help
to protect data inside of a local network. But what do you do once information is sent outside of your local
network, when e-mails are sent to their destination, or when you have to connect to your company's network
when you are out on the road? How is your data protected?
That is when a VPN can help. VPNs are called Virtual Private Networks because they secure data moving outside
of your network as if it were still within that network.
When data is sent out across the Internet from your computer, it is always open to attacks. You may already have
a firewall, which will help protect data moving around or held within your network from being corrupted or
intercepted by entities outside of your network, but once data moves outside of your network—when you send
data to someone via e-mail or communicate with an individual over the Internet—the firewall will no longer
protect that data.
At this point, your data becomes open to hackers using a variety of methods to steal not only the data you are
transmitting but also your network login and security data. Some of the most common methods are as follows:
1) MAC Address Spoofing
Packets transmitted over a network, either your local network or the Internet, are preceded by a packet header.
These packet headers contain both the source and destination information for that packet to transmit efficiently.
A hacker can use this information to spoof (or fake) a MAC address allowed on the network. With this spoofed
MAC address, the hacker can also intercept information meant for another user.
vpn (virtual private network): a security
measure to protect data as it leaves one
network and goes to another over the Internet
packet: a unit of data sent over a network
2) Data Sniffing
Data “sniffing” is a method used by hackers to obtain network data as it travels through unsecured networks,
such as the Internet. Tools for just this kind of activity, such as protocol analyzers and network diagnostic tools,
are often built into operating systems and allow the data to be viewed in clear text.
3) Man in the middle attacks
Once the hacker has either sniffed or spoofed enough information, he can now perform a “man in the middle”
attack. This attack is performed, when data is being transmitted from one network to another, by rerouting the
Chapter 3: Planning Your Virtual Private Network (VPN)
Why do I need a VPN?
6
Wireless-G VPN Broadband Router
data to a new destination. Even though the data is not received by its intended recipient, it appears that way to
the person sending the data.
These are only a few of the methods hackers use and they are always developing more. Without the security of
your VPN, your data is constantly open to such attacks as it travels over the Internet. Data travelling over the
Internet will often pass through many different servers around the world before reaching its final destination.
That's a long way to go for unsecured data and this is when a VPN serves its purpose.
What is a VPN?
A VPN, or Virtual Private Network, is a connection between two endpoints—a VPN Router, for instance—in
different networks that allows private data to be sent securely over a shared or public network, such as the
Internet. This establishes a private network that can send data securely between these two locations or
networks.
This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or networks and allows data to be
transmitted over the Internet as if it were still within those networks. Not a literal tunnel, it is a connection
secured by encrypting the data sent between the two networks.
VPN was created as a cost-effective alternative to using a private, dedicated, leased line for a private network.
Using industry standard encryption and authentication techniques—IPSec, short for IP Security—the VPN creates
a secure connection that, in effect, operates as if you were directly connected to your local network. Virtual
Private Networking can be used to create secure networks linking a central office with branch offices,
telecommuters, and/or professionals on the road (travelers can connect to a VPN Router using any computer with
the Linksys VPN client software.)
There are two basic ways to create a VPN connection:
• VPN Router to VPN Router
• Computer (using the Linksys VPN client software) to VPN Router
IMPORTANT: You must have at least one VPN Router on one end of the VPN
tunnel. At the other end of the VPN tunnel, you must have a second VPN
Router or a computer with the Linksys VPN client software.
The VPN Router creates a “tunnel” or channel between two endpoints, so that data transmissions between them
are secure. A computer with the Linksys VPN client software can be one of the two endpoints (refer to “Appendix
C: Using the Linksys QuickVPN Software for Windows 2000 or XP”). If you choose not to run the VPN client
software, any computer with the built-in IPSec Security Manager (Microsoft 2000 and XP) allows the VPN Router
to create a VPN tunnel using IPSec (refer to “Appendix D: Configuring IPSec between a Windows 2000 or XP PC
Chapter 3: Planning Your Virtual Private Network (VPN)
What is a VPN?
encryption: encoding data transmitted in a network
ip (internet protocol): a protocol used to send data
over a network
software: instructions for the computer
7
Wireless-G VPN Broadband Router
and the Router”). Other versions of Microsoft operating systems require additional, third-party VPN client
software applications that support IPSec to be installed.
VPN Router to VPN Router
An example of a VPN Router-to-VPN Router VPN would be as follows. At home, a telecommuter uses his VPN
Router for his always-on Internet connection. His router is configured with his office's VPN settings. When he
connects to his office's router, the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs
utilize the Internet, distance is not a factor. Using the VPN, the telecommuter now has a secure connection to the
central office's network, as if he were physically connected. For more information, refer to “Appendix E:
Configuring VPN Tunnels.”
Computer (using the Linksys VPN client software) to VPN Router
The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling businesswoman
dials up her ISP. Her notebook computer has the Linksys VPN client software, which is configured with her office's
IP address. She accesses the Linksys VPN client software and connects to the VPN Router at the central office. As
VPNs utilize the Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure
connection to the central office's network, as if she were physically connected.
For additional information and instructions about creating your own VPN, please visit Linksys’s website at
www.linksys.com. You can also refer to “Appendix C: Using the Linksys QuickVPN Software for Windows 2000 or
XP”, “Appendix D: Configuring IPSec between a Windows 2000 or XP PC and the Router,” and “Appendix E:
Configuring VPN Tunnels.”
Figure 3-1: VPN Router to VPN Router
Chapter 3: Planning Your Virtual Private Network (VPN)
What is a VPN?
Figure 3-2: Computer to VPN Router
8
Wireless-G VPN Broadband Router
Chapter 4: Getting to Know the Wireless-G VPN Broadband Router
The Back Panel
The Router’s ports, where a network cable is connected, are located on the back panel.
Figure 4-1: Back Panel
Internet The Internet port connects to your cable or DSL modem.
LAN (1-4) The LAN (Local Area Network) ports connect to your PCs and other network devices.
Reset Button There are two ways to reset the Router's factory defaults. Either press the Reset Button, for
approximately five seconds, or restore the defaults from the Administration tab - Factory
Defaults in the Router's Web-based Utility.
Power The Power port is where you will connect the power adapter.
Chapter 4: Getting to Know the Wireless-G VPN Broadband Router
The Back Panel
IMPORTANT: If you reset the Router, all of
your settings, including Internet connection,
wireless, and security, will be deleted and
replaced with the factory defaults. Do not
reset the Router if you want to retain these
settings.
9
Wireless-G VPN Broadband Router
The Front Panel
The Router's LEDs, where information about network activity is displayed, are located on the front panel.
Figure 4-2: Front Panel
Power Green. The Power LED lights up when the Router is powered on.
DMZ Red. The DMZ LED lights up when the Router has an available DMZ port. If the LED is flashing,
the Router is sending or receiving data over the DMZ port.
Internet Green. The Internet LED lights up when the Router is connected to your cable or DSL modem.
If the LED is flashing, the Router is sending or receiving data over the Internet port.
Wireless-G Green. The Wireless-G LED lights whenever there is a successful wireless connection. If the
LED is flashing, the Router is actively sending or receiving data over the wireless network.
LAN (1-4) Green. The LAN LED serves two purposes. If the LED is solidly lit, the Router is connected to a
device through the corresponding port (LAN 1, 2, or 3). If the LED is flashing, the Router is
sending or receiving data over that port.
Chapter 4: Getting to Know the Wireless-G VPN Broadband Router
The Front Panel
10
Wireless-G VPN Broadband Router
Chapter 5: Connecting the Wireless-G VPN Broadband Router
Overview
To begin installation of the Router, you will connect the Router to your PCs, other network devices, and cable or
DSL modem. If you want to use a PC with an Ethernet adapter to configure the Router, continue to “Wired
Connection to a PC.” If you want to use a PC with a wireless adapter to configure the Router, continue to “Wireless
Connection to a PC.”
Wired Connection to a PC
1. Make sure that all of your network’s hardware is powered off, including the Router, PCs, and cable or DSL
modem.
2. Connect one end of an Ethernet network cable to one of the LAN ports (labeled 1-4) on the back of the Router.
Then connect the other end to an Ethernet port on a PC.
3. Repeat step 2 to connect additional PCs or other network devices to the Router.
4. Connect a different Ethernet network cable from your cable or DSL modem to the Internet port on the Router’s
rear panel.
5. Power on the cable or DSL modem.
6. Connect the power adapter to the Router’s Power port, and then plug the power adapter into a power outlet.
NOTE: You should always plug the Router’s power adapter into a power strip with surge protection.
The Power LED on the front panel will light up green as soon as the power adapter is connected properly. The
Power LED will flash for a few seconds, and then it will be solidly lit when the self-test is complete. If the LED
flashes for one minute or longer, see “Appendix A: Troubleshooting.”
7. Power on one of your PCs that is connected to the Router.
The Router’s hardware installation is now complete.
Go to “Chapter 6: Configuring the Wireless-G VPN Broadband Router.”
Chapter 5: Connecting the Wireless-G VPN Broadband Router
Overview
Figure 5-1: Connect to LAN Ports
Figure 5-2: Connect to Internet Port
Figure 5-3: Connect to Power Port
11
Wireless-G VPN Broadband Router
Wireless Connection to a PC
If you want to use a wireless connection to access the Router, follow these instructions:
1. Make sure that all of your network’s hardware is powered off, including the Router, PCs, and cable or DSL
modem.
2. Connect an Ethernet network cable from your cable or DSL modem to the Internet port on the Router’s rear
panel.
3. Power on the cable or DSL modem.
4. Connect the power adapter to the Router’s Power port, and then plug the power adapter into a power outlet.
NOTE: You should always plug the Router’s power adapter into a power strip with surge protection.
The Power LED on the front panel will light up green as soon as the power adapter is connected properly. The
Power LED will flash for a few seconds, and then it will be solidly lit when the self-test is complete. If the LED
flashes for one minute or longer, see “Appendix A: Troubleshooting.”
5. Power on one of the PCs on your wireless network(s).
6. For initial access to the Router through a wireless connection, make sure the PC’s wireless adapter has its
SSID set to linksys-g (the Router’s default setting) and its WEP encryption disabled. After you have accessed
the Router, you can change the Router and this PC’s adapter settings to match your usual network settings.
The Router’s hardware installation is now complete.
Go to “Chapter 6: Configuring the Wireless-G VPN Broadband Router.”
Figure 5-4: Connect to Internet Port
Figure 5-5: Connect to Power Port
NOTE: You should change the SSID from its
default, linksys, and enable WEP encryption
after you have accessed the Router.
Chapter 5: Connecting the Wireless-G VPN Broadband Router
Wireless Connection to a PC
12
Wireless-G VPN Broadband Router
Chapter 6: Configuring the Wireless-G VPN Broadband Router
Overview
Linksys recommends using the Setup CD-ROM for first-time installation of the Router. If you do not wish to run
the Setup Wizard on the Setup CD-ROM, then follow the steps in this chapter and use the Router’s Web-based
Utility to configure the Router. For advanced users, you may configure the Router’s advanced settings through the
Web-based Utility.
This chapter will describe each web page in the Utility and each page’s key functions. The Utility can be accessed
via your web browser through use of a computer connected to the Router. For a basic network setup, most users
only have to use the following screens of the Utility:
Basic Setup. On the Basic Setup screen, enter the settings provided by your ISP.
Management. Click the Administration tab and then the Management tab. The Router’s default password is
admin. To secure the Router, change the Password from its default.
There are seven main tabs: Setup, Wireless, Security, Access Restrictions, Applications & Gaming, Administration,
and Status. Additional tabs will be available after you click one of the main tabs.
Setup
• Basic Setup. Enter the Internet connection and network settings on this screen.
• DDNS. On this screen, enable the Router’s Dynamic Domain Name System (DDNS) feature.
• MAC Address Clone. If you need to clone a MAC address onto the Router, use this screen.
• Advanced Routing. On this screen, configure the dynamic and static routing configuration.
• Hot Spot. To enable the Hot Spot in a Box feature and turn your Router into a commercial Hot Sport, register
with your Hot Spot service provider on this screen.
NOTE: When first installing the Router, you
should use the Setup Wizard on the Setup CDROM. If you want to configure advanced
settings, use this chapter to learn about the
Web-based Utility.
HAVE YOU: Enabled TCP/IP on your PCs? PCs
communicate over the network with this
protocol. Refer to “Appendix I: Windows Help”
for more information on TCP/IP.
NOTE: For added security, you should change
the password through the Administration screen
of the Web-based Utility.
nat (network address translation): NAT technology
translates IP addresses of a local area network to a
different IP address for the Internet
Wireless
• Basic Wireless Settings. You can choose your Wireless Network Mode and security settings on this screen.
• Wireless Network Access. This screen displays your network access list.
Chapter 6: Configuring the Wireless-G VPN Broadband Router
Overview
13
Wireless-G VPN Broadband Router
• Advanced Wireless Settings. For advanced users, you can alter data transmission settings on this screen.
Security
• Firewall. On this screen, you can configure a variety of filters to enhance the security of your network.
• VPN. To enable or disable IPSec, L2TP, and/or PPTP Pass-through, and set up VPN tunnels, use this screen.
Access Restrictions
• Internet Access. This screen allows you to permit or block specific users from connecting to your network.
• VPN Client Access. Use this screen to designate VPN clients and their passwords.
Applications & Gaming
• Port Range Forwarding. To set up public services or other specialized Internet applications on your network,
click this tab.
• Port Triggering. To set up triggered ranges and forwarded ranges for Internet applications, click this tab.
• UPnP Forwarding. Use this screen to alter UPnP forwarding settings.
• DMZ. Click this tab to allow one local user to be exposed to the Internet for use of special-purpose services.
Administration
• Management. Alter the Router’s password, its access privileges, SNMP settings, and UPnP settings.
• Log. If you want to view or save activity logs, click this tab.
• Diagnostics. Use this screen to check the connection between the Router and a PC.
• Factory Defaults. If you want to restore the Router’s factory defaults, then use this screen.
• Firmware Upgrade. Click this tab if you want to upgrade the Router’s firmware.
Status
• Router. This screen provides status information about the Router.
Chapter 6: Configuring the Wireless-G VPN Broadband Router
Overview
14
Wireless-G VPN Broadband Router
• Local Network. This provides status information about the local network.
• Wireless. Status information about the wireless network is displayed here.
• System Performance. Status information is provided for all network traffic.
• VPN Clients. This screen provides status information about the Router’s VPN clients.
How to Access the Web-based Utility
To access the web-based utility, launch Internet Explorer or Netscape Navigator, and enter the Router’s default IP
address, 192.168.1.1, in the Address field. Then press Enter.
A password request page will appear. (Non-Windows XP users will see a similar screen.) Enter admin (the default
user name) in the User Name field, and enter admin (the default password) in the Password field. Then click the
OK button.
Make the necessary changes through the Utility. When you have finished making changes to a screen, click the
Save Settings button to save the changes, or click the Cancel Changes button to undo your changes. Help
information is shown on the right-hand side of a screen. For additional information, click More.
The Setup Tab - Basic Setup
Figure 6-1: Login Screen
The first screen that appears is the Basic Setup tab. This tab allows you to change the Router's general settings.
Internet Setup
The Internet Setup section configures the Router for your Internet connection type. This information can be
obtained from your ISP.
Internet Connection Type
The Router supports four connection types: Automatic Configuration - DHCP (the default connection type), PPPoE,
Static IP, and PPTP. Each Basic Setup screen and available features will differ depending on what kind of
connection type you select.
Automatic Configuration - DHCP
By default, the Router’s Configuration Type is set to Automatic Configuration - DHCP, and it should be kept
only if your ISP supports DHCP or you are connecting through a dynamic IP address.
Chapter 6: Configuring the Wireless-G VPN Broadband Router
How to Access the Web-based Utility
Figure 6-2: Setup Tab - Automatic Configuration - DHCP
15
Wireless-G VPN Broadband Router
Static IP
If you are required to use a permanent IP address to connect to the Internet, then select Static IP.
IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide
you with the IP Address you need to specify here.
Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet (including your
ISP). Your ISP will provide you with the Subnet Mask.
Default Gateway. Your ISP will provide you with the Default Gateway Address, which is the ISP server’s IP
address.
Primary DNS (Required) and Secondary DNS (Optional). Your ISP will provide you with at least one DNS
(Domain Name System) Server IP Address.
When you have finished making changes to the screen, click the Save Settings button to save the changes,
or click the Cancel Changes button to undo your changes.
PPPoE
Some DSL-based ISPs use PPPoE (Point-to-Point Protocol over Ethernet) to establish Internet connections. If
you are connected to the Internet through a DSL line, check with your ISP to see if they use PPPoE. If they do,
you will have to enable PPPoE.
Figure 6-3: Internet Connection Type - Static IP
static ip address: a fixed address
assigned to a computer or device
connected to a network.
subnet mask: an address code that
determines the size of the network
default gateway: a device that forwards
Internet traffic from your local area network
User Name and Password. Enter the User Name and Password provided by your ISP.
Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection after it has
been inactive for a specified period of time (Max Idle Time). If your Internet connection has been terminated
due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as
soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, click the radio
button. In the Max Idle Time field, enter the number of minutes you want to have elapsed before your Internet
connection terminates.
Keep Alive Option: Redial Period. If you select this option, the Router will periodically check your Internet
connection. If you are disconnected, then the Router will automatically re-establish your connection. To use
this option, click the radio button next to Keep Alive. In the Redial Period field, you specify how often you
want the Router to check the Internet connection. The default Redial Period is 30 seconds.
When you have finished making changes to the screen, click the Save Settings button to save the changes,
or click the Cancel Changes button to undo your changes.
Chapter 6: Configuring the Wireless-G VPN Broadband Router
The Setup Tab - Basic Setup
Figure 6-4: Internet Connection Type - PPPoE
pppoe: a type of broadband connection that
provides authentication (username and
password) in addition to data transport
16
Wireless-G VPN Broadband Router
PPTP
Point-to-Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only.
IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide
you with the IP Address you need to specify here.
Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet (including your
ISP). Your ISP will provide you with the Subnet Mask.
Default Gateway. Your ISP will provide you with the Default Gateway Address.
User Name and Password. Enter the User Name and Password provided by your ISP.
Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection after it has
been inactive for a specified period of time (Max Idle Time). If your Internet connection has been terminated
due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as
soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, click the radio
button. In the Max Idle Time field, enter the number of minutes you want to have elapsed before your Internet
connection terminates.
Keep Alive Option: Redial Period. If you select this option, the Router will periodically check your Internet
connection. If you are disconnected, then the Router will automatically re-establish your connection. To use
this option, click the radio button next to Keep Alive. In the Redial Period field, you specify how often you
want the Router to check the Internet connection. The default Redial Period is 30 seconds.
When you have finished making changes to the screen, click the Save Settings button to save the changes,
or click the Cancel Changes button to undo your changes.
Optional Settings (Required by some ISPs)
Some of these settings may be required by your ISP. Verify with your ISP before making any changes.
Host Name and Domain Name. These fields allow you to supply a host and domain name for the Router. Some
ISPs require these names as identification. You may have to check with your ISP to see if your broadband Internet
service has been configured with a host and domain name. In most cases, leaving these fields blank will work.
MTU. The MTU (Maximum Transmission Unit) setting specifies the largest packet size permitted for network
transmission. Select Enabled and enter the value desired. It is recommended that you leave this value in the
1200 to 1500 range. For most DSL users, it is recommended to use the value 1492. By default, MTU is set at 1500
when disabled.
Figure 6-5: Internet Connection Type - PPTP
packet: a unit of data sent over a network
Chapter 6: Configuring the Wireless-G VPN Broadband Router
The Setup Tab - Basic Setup
17
Wireless-G VPN Broadband Router
Network Setup
The Network Setup section allows you to change the Router’s local network settings.
Gateway IP
The Router’s Local IP Address and Subnet Mask are shown here. In most cases, you should keep the defaults.
Local IP Address. The default value is 192.168.1.1.
Subnet Mask. The default value is 255.255.255.0.
Network Address Server Settings (DHCP)
The Router can be used as your network’s DHCP (Dynamic Host Configuration Protocol) server, which
automatically assigns an IP address to each PC on your network. Unless you already have one, it is highly
recommended that you leave the Router enabled as a DHCP server.
Local DHCP Server. DHCP is already enabled by factory default. If you already have a DHCP server on your
network, set the Router’s DHCP option to Disabled. If you disable DHCP, assign a static IP address to the Router.
Start IP Address. Enter a value for the DHCP server to start with when issuing IP addresses. This value must be
192.168.1. 2 or greater, but smaller than 192.168.1.254, because the default IP address for the Router is
192.168.1.1.
Number of Address. Enter the maximum number of PCs that you want the DHCP server to assign IP addresses
to. This number cannot be greater than 253. In order to determine the DHCP IP Address range, add the starting IP
address (e.g., 100) to the number of DHCP users.
IP Address Range. The range of DHCP addresses is displayed here.
Time Setting
This is where you set the time for the Router. You can set the time and date manually or automatically.
Manually. Select the date from the Date drop-down menus. Then enter the time in the Time fields.
Automatically. Select your time zone from the Time Zone drop-down menu. If you want to enable the Automatic
Daylight Savings feature, click the Enabled radio button.
When you have finished making changes to the screen, click the Save Settings button to save the changes, or
click the Cancel Changes button to undo your changes.
Chapter 6: Configuring the Wireless-G VPN Broadband Router
The Setup Tab - Basic Setup
18
Wireless-G VPN Broadband Router
The Setup Tab - DDNS
The Router offers a Dynamic Domain Name System (DDNS) feature. DDNS lets you assign a fixed host and domain
name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other
server behind the Router.
Before you can use this feature, you need to sign up for DDNS service at one of two DDNS service providers,
DynDNS.org or TZO.com.
DDNS
If your DDNS service is provided by DynDNS.org, then select DynDNS.org in the drop-down menu. If your DDNS
service is provided by TZO, then select TZO.com. The features available on the DDNS screen will vary, depending
on which DDNS service provider you use.
DynDNS.org
User Name, Password, and Host Name. Enter the User Name, Password, and Host Name of the account you set
up with DynDNS.org.
Internet IP Address. The Router’s current Internet IP Address is displayed here. Because it is dynamic, it will
change.
Status. The status of the DDNS service connection is displayed here.
When you have finished making changes to the screen, click the Save Settings button to save the changes, or
click the Cancel Changes button to undo your changes. For help information, click More.
ddns: allows the hosting of a website, FTP server, or
e-mail server with a fixed domain name (e.g.,
www.xyz.com) and a dynamic IP address
Figure 6-6: DDNS Tab - DynDNS.org
TZO.com
Email, TZO Password Key, and Domain Name. Enter the Email Address, TZO Password Key, and Domain Name
of the service you set up with TZO.
Internet IP Address. The Router’s current Internet IP Address is displayed here. Because it is dynamic, this will
change.
Status. The status of the DDNS service connection is displayed here.
When you have finished making changes to the screen, click the Save Settings button to save the changes, or
click the Cancel Changes button to undo your changes.
Chapter 6: Configuring the Wireless-G VPN Broadband Router
The Setup Tab - DDNS
Figure 6-7: DDNS Tab - TZO.com
19
Wireless-G VPN Broadband Router
The Setup Tab - MAC Address Clone
The Router’s MAC address is a 12-digit code assigned to a unique piece of hardware for identification, like a
social security number. Some ISPs require you to register a MAC address in order to access the Internet. If you do
not wish to re-register the MAC address with your ISP, you may assign the MAC address you have currently
registered with your ISP to the Router using the MAC Address Clone feature. If you need to find your adapter’s
MAC address, follow the instructions in “Appendix F: Finding the MAC Address and IP Address for Your Ethernet
Adapter.”
MAC Clone
To use MAC address cloning, select Enabled.
MAC Clone Address. Enter the MAC Address registered with your ISP. Then click the Save Settings button.
Clone My MAC Address. If you want to clone the MAC address of the PC you are currently using to configure the
Router, then click the Clone My MAC Address button. The Router will automatically detect your PC’s MAC
address, so you do NOT have to call your ISP to change the registered MAC address to the Router’s MAC address.
It is recommended that the PC registered with the ISP is used to open the MAC Address Clone tab.
When you have finished making changes to the screen, click the Save Settings button to save the changes, or
click the Cancel Changes button to undo your changes. For help information, click More.
Figure 6-8: Setup Tab - MAC Address Clone
mac address: the unique address that a
manufacturer assigns to each networking device.
Chapter 6: Configuring the Wireless-G VPN Broadband Router
The Setup Tab - MAC Address Clone
20
Loading...