manualshive.com logo in svg

Cisco CVR100W, Administration Manual, Page: 107 / 150

Share
Download
Cisco CVR100W Administration Manual Download Page 107

Configuring VPN

Configuring Advanced VPN Setup

Cisco CVR100W Wireless-N VPN Router Administration Guide

105

6

Managing IKE Policies

The Internet Key Exchange (IKE) protocol dynamically exchanges keys between 
two IPsec hosts. You can create IKE policies to define the security parameters, 
such as authentication of the peer and encryption algorithms, to be used in this 
process. Be sure to use compatible encryption, authentication, and key-group 
parameters for the VPN policy. 

To manage IKE policies: 

STEP 1

Choose 

VPN

 > 

Advanced VPN Setup

.

In the 

IKE Policy Table

 area, all existing IKE policies used for the VPN policies are 

displayed. 

STEP  2

To create a new IKE policy, click 

Add Row

Other options:

 To edit an IKE policy, choose an entry and click 

Edit

. To delete an 

IKE policy, choose an entry and click 

Delete

NOTE

You cannot delete an IKE policy if it is being used in a VPN policy. You must 

first disable and delete the VPN policy in the 

VPN Policy

 table.

STEP  3

Enter the following information: 

Policy Name

Enter a unique name for the policy for identification and 
management purposes. The VPN policy name cannot 
be same as the username of an existing VPN client.

Exchange Mode

Choose one of the following options:

Main Mode: 

This mode negotiates the tunnel 

with higher security, but is slower.

Aggressive Mode: 

This mode establishes a 

faster connection, but with lowered security.

Respondent Mode

Check 

Enable

 to set the CVR100W to work as a VPN 

respondent. The CVR100W can only receive the VPN 
request from remote VPN peer. 

Summary of Contents for CVR100W

Page 1: ...Cisco Small Business CVR100W Wireless N VPN Router ADMINISTRATION GUIDE ...

Page 2: ...Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R ...

Page 3: ...13 Installing the CVR100W 13 Placement Tips 13 Wall Mounting 14 Connecting the CVR100W 14 Getting Started with the Configuration 15 Changing the Default Administrative Password 16 Using the Connection Status Page 18 Using the Getting Started Page 19 Returning to the Connection Status Page 20 Changing Your Preferred Language 20 Viewing the Help Files 20 Verifying the Hardware Installation 20 Connec...

Page 4: ...k 38 Configuring WAN Settings 38 Configuring Automatic Configuration DHCP 39 Configuring PPPoE 39 Configuring Static IP 40 Configuring Optional Settings 41 Cloning the MAC Address 42 Configuring LAN Settings 43 Configuring Basic LAN Settings 43 IPv4 43 Configuring DHCP 44 Configuring VLAN 45 Configuring Static DHCP 47 Configuring a DMZ Host 48 Configuring Routing 48 Configuring Operating Mode 48 C...

Page 5: ...Configuring IPv6 to IPv4 Tunneling 61 Viewing IPv6 Tunnel Status 61 Configuring Router Advertisement 61 Configuring Advertisement Prefixes 63 Chapter 4 Configuring Wireless Network 65 Wireless Security 65 Wireless Security Tips 65 General Network Security Guidelines 67 CVR100W Wireless Networks 67 Configuring Basic Wireless Settings 68 Configuring Wireless Radio Settings 68 Configuring Wireless Ne...

Page 6: ...iguring Internet Access Rules 94 Configuring Single Port Forwarding 95 Configuring Port Range Forwarding 96 Configuring Port Range Triggering 97 Chapter 6 Configuring VPN 98 VPN Tunnel Types 98 Remote Access with Cisco QuickVPN 98 Site to Site VPN 99 Configuring VPN Clients 99 Creating and Managing QuickVPN Users 99 Importing VPN Client Settings 100 Configuring Basic VPN Setup 101 Viewing Default ...

Page 7: ...S Port Based Settings 116 Configuring CoS Settings 117 Configuring DSCP Settings 117 Chapter 8 Administering Your CVR100W 119 Configuring Password Complexity 120 Configuring Administrator Account Settings 121 Configuring Remote Management 122 Configuring Port Management 123 Configuring Do Not Disturb Mode 124 Configuring System Time 124 Configuring Bonjour 125 Using Diagnostic Tools 126 Network To...

Page 8: ...ctory Defaults 132 Running the Setup Wizard 133 Chapter 9 Using Cisco Simple Connect 136 About Cisco Simple Connect 136 Configuring Cisco Simple Connect 138 Connecting to CSC Wireless Network 140 Customizing Your QR Code 141 Appendix A Using Cisco QuickVPN 143 Before You Begin 143 Installing the Cisco QuickVPN Software 144 Using the Cisco QuickVPN Software 144 Appendix B Where to Go From Here 148 ...

Page 9: ...Changing the Default Administrative Password Using the Connection Status Page Using the Getting Started Page Verifying the Hardware Installation Connecting to Your Wireless Network Product Overview Thank you for choosing the Cisco CVR100W Wireless N VPN Router The CVR100W provides simple affordable secure business class connectivity to the Internet for small office home office SOHO and remote prof...

Page 10: ...R100W incorporates a Stateful Packet Inspection SPI based firewall with Denial of Service DoS protection URL filtering and access control by schedule to help keep business assets safe Up to three client to gateway VPN tunnels can be established by using QuickVPN to allow mobile or remote workers to securely access your corporate resources through encrypted virtual links Users connecting through a ...

Page 11: ...i Fi Multimedia Power Save WMM PS for quality of service QoS The CVR100W also supports 802 1p Differentiated Services Code Point DSCP and class of service CoS for wired QoS which can improve the quality of your network when using delay sensitive Voice over IP VoIP applications and bandwidth intensive video streaming applications Virtual Networks The CVR100W supports multiple Service Set Identifier...

Page 12: ... Button This button turns on or turns off all lights This button does not affect the normal operation of the CVR100W When this button is on all lights on the front panel are off and the Do Not Disturb Mode light on the back panel is solid green When this button is off all lights on the front panel are on and the Do Not Disturb Mode light on the back panel is off WPS Button This button configures w...

Page 13: ...ff when the WPS connection is configured or there is no WPS connection Wireless Solid blue when the wireless module is enabled with 100 Wi Fi power Solid amber when the wireless module is enabled with 50 Wi Fi power Flashes blue when the CVR100W is sending or receiving data on the wireless module Off when the wireless module is disabled WAN Solid blue when the CVR100W is connected to the Internet ...

Page 14: ...e to Factory Defaults If you are experiencing extreme problems with the CVR100W and have tried all other troubleshooting measures press and hold in the RESET button for more than five seconds This reboots the unit and restores the factory defaults The settings that you have previously made to the CVR100W are lost 12VDC The 12VDC port is where you connect the supplied power adapter 12V 0 5 A Power ...

Page 15: ... the CVR100W You can place your CVR100W on a desktop or mount it on a wall Placement Tips Ambient Temperature To prevent the CVR100W from overheating do not operate it in an area that exceeds an ambient temperature of 104 F 40 C Air Flow Be sure that there is adequate air flow around the CVR100W Mechanical Loading Be sure that the CVR100W is level and stable to avoid any hazardous conditions Place...

Page 16: ...product label at the bottom of the CVR100W See Connecting to Your Wireless Network for more information STEP 1 Power off all equipment including the cable or DSL modem the PC that you will use to connect to the CVR100W and the CVR100W itself STEP 2 Connect the supplied power adapter to the 12VDC port on the back panel of the CVR100W Plug the other end of the power adapter into an electrical outlet...

Page 17: ...sample configuration is illustrated here Getting Started with the Configuration The Setup Wizard and web based Configuration Utility are supported on Microsoft Internet Explorer 6 0 or later Mozilla Firefox 3 0 or later Apple Safari 3 0 or later and Google Chrome 5 0 or later To log in to web based Configuration Utility and complete the initial configuration by using the Setup Wizard STEP 1 Start ...

Page 18: ... recommended Passwords should not contain dictionary words from any language or be the default password They should contain a mixture of uppercase and lowercase letters numbers and symbols Passwords must be at least 8 but no more than 64 characters in length After the Setup Wizard is complete the Connection Status page appears See Using the Connection Status Page for more information Changing the ...

Page 19: ...ount Settings To enter a new password in the Change Password window STEP 1 Enter the following information Old Password Enter the current password New Password Enter a new password Confirm Password Enter the new password again for confirmation Password Strength Meter Displays the strength of the password that you entered Red Password fails to meet the minimum complexity requirements Yellow Passwor...

Page 20: ...ws whether the WAN port obtains an IP address successfully or not If the WAN port is connected to the Internet the network addressing mode that you use to connect to the Internet will be displayed IP IP address of the WAN port that is accessible from the Internet Mask Subnet mask for the WAN port Gateway Default gateway for the WAN port DNS IP addresses for the primary DNS server and the secondary...

Page 21: ...nge the administrator username and password See Configuring Administrator Account Settings Launch Setup Wizard Click this link to launch the Setup Wizard Configure WAN Settings Click this link to open the Networking WAN Internet Setup page See Configuring WAN Settings Configure LAN Settings Click this link to open the Networking LAN LAN Configuration page See Configuring LAN Settings Configure Wir...

Page 22: ...n about a configuration page click the Help link near the top right corner of the page Verifying the Hardware Installation To verify the hardware installation complete the following tasks Check the light states They are described in Getting to Know the CVR100W Device Status System Summary Click this link to open the Status System Summary page See Viewing System Summary Wireless Status Click this l...

Page 23: ... shared key are provided on the product label at the bottom of the CVR100W The following steps are provided as an example you may need to configure your device differently For instructions that are specific to your device consult its documentation STEP 1 Open the wireless connection settings window or program for your device Your computer may have special software installed to manage wireless conn...

Page 24: ...ng Connected Devices Viewing DHCP Leased Clients Viewing Port Statistics Viewing Wireless Statistics Viewing Guest Network Status Viewing VPN Status Viewing Logs Viewing IPsec Connection Status Viewing CSC Information Viewing NETSTAT Information Viewing the Dashboard The Dashboard page displays information about the CVR100W and its current settings To view the Dashboard STEP 1 Choose Status Dashbo...

Page 25: ...eet click Close The port s connection information includes The Dashboard page displays the following information Summary Type Type of the port Interface Shows if it is a WAN or a LAN interface Link Status Shows if the port is connected or disconnected Speed Status Speed and duplex settings of the port Auto Negotiation Shows if the Auto Negotiation is enabled or disabled on this port Statistics TX ...

Page 26: ...y Alert Critical Error Warning To view complete logs click details See Viewing Logs for more information To configure the logging settings click manage logging See Configuring Logging for more information LAN Local Network Interface To view complete LAN settings click details See Configuring LAN Settings for more information MAC Address MAC address of the CVR100W IPv4 Address Local IPv4 address of...

Page 27: ...AN port IPv4 Address IPv4 address of the WAN port IPv6 Address IPv6 address of the WAN port if IPv6 is enabled State Shows if the WAN port is active or inactive for routing If the WAN port is active for routing the WAN state shows Up If the WAN port is inactive for routing the WAN state shows Down NOTE The state Down means that the network detection fails Wireless Displays the status of all four p...

Page 28: ...CVR100W WAN IP WAN address of the CVR100W When the WAN port is configured to obtain an IP address from your ISP using Dynamic Host Configuration Protocol DHCP you can click Release to release its IP address or click Renew to obtain a new IP address Gateway IP address of default network gateway Mode Displays Gateway if NAT is enabled or Router DNS 1 Primary DNS server IP address of the WAN port DNS...

Page 29: ...tatus Connected Devices STEP 2 To specify the types of interfaces to display choose an option from the View according to interface type drop down menu You can choose one of the following options DNS 1 IP address of the primary DNS server Wireless Summary SSIDx Name of the wireless network Security Security setting for the wireless network Firewall Setting Status DoS Denial of Service Shows if DoS ...

Page 30: ...reless Displays a list of all wireless devices connected to the CVR100W Wired Displays a list of all devices connected through the Ethernet ports on the CVR100W WDS Displays a list of all Wireless Distribution System WDS devices connected to the CVR100W Name Name of the device connected to the CVR100W IP Address IP address of the connected device MAC Address MAC address of the connected device Typ...

Page 31: ...m To show the bytes in kilobytes KB and the numerical data in round up form check Show Simplified Statistic Data and click Save STEP 4 To reset the port statistics counters click Clear Counters The Port Statistics table displays the data transfer statistics for the WAN LAN and WLAN ports IP Address IP Address of the connected device MAC Address MAC Address of the connected device Static DHCP Bindi...

Page 32: ...tic Data and click Save STEP 4 To reset the wireless statistics counters click Clear Counters The Wireless Statistics table displays the following information Dropped Number of the received and sent packets that were dropped Multicast Number of multicast packets sent over this radio Collisions Number of signal collisions that occurred on this port A collision occurs when the port tries to send dat...

Page 33: ...mit You can also manually terminate the guest connection at any time To view guest network status STEP 1 Choose Status Guest Network Status The Guest Network Status table displays the following information Error Number of received and sent packet errors for each SSID and total number of received and sent packet errors for all SSIDs Dropped Number of received and sent packets dropped by each SSID a...

Page 34: ... Shows if the device is connected to the Internet using the CVR100W Username Username of the VPN user associated with the QuickVPN tunnel Remote IP IP address of the remote QuickVPN client This could be a NAT Public IP if the client is behind the NAT router Status Current status of QuickVPN client OFFLINE means that the QuickVPN tunnel is not initiated or established by the VPN user ONLINE means t...

Page 35: ...t them For example choosing Error logs automatically includes emergency alert and critical logs in addition to Error logs The event severity levels are listed from the highest severity to the lowest severity as follows The System Log table displays the following information Emergency System is not usable Alert Action is needed Critical System is in a critical condition Error System is in error con...

Page 36: ...ction status STEP 1 Choose Status IPSec Connection Status STEP 2 From the Refresh Rate drop down menu choose a refresh rate This action causes the page to reread the status and statistics from the CVR100W and refresh the page STEP 3 Optional By default byte data is displayed in bytes and other numerical data is displayed in long form To show the bytes in kilobytes KB and the numerical data in roun...

Page 37: ... Status CSC Information The following information for each CSC wireless client is displayed STEP 2 Click Disconnect to manually terminate a CSC wireless connection Duration Elapsed time for which the connection is or was active Packet Received Rx and transmitted Tx packets on the connection Byte Received Rx and transmitted Tx bytes on the connection State State of the connection for example active...

Page 38: ...tails for active Internet connections click Status NETSTAT The following information is displayed Proto The protocol TCP UDP or raw used by the socket Recv Q The count of bytes not copied by the user program connected to this socket Send Q The count of bytes not acknowledged by the remote host Local Address Address and port number of the local end of the socket Foreign Address Address and port num...

Page 39: ... is closed and the connection is shutting down FIN_WAIT2 The connection is closed and the socket is waiting for a shutdown from the remote end TIME_WAIT The socket is waiting after close to handle packets still in the network CLOSED The socket is not being used CLOSE_WAIT The remote end has shut down waiting for the socket to close LAST_ACK The remote end has shut down and the socket is closed Wai...

Page 40: ...s Configuring WAN properties for an IPv4 network differs depending on which type of Internet connection that you have The Internet Setup page allows you to configure how to connect the WAN interface to the Internet The CVR100W supports four types of Internet connections Configuring Automatic Configuration DHCP Configuring PPPoE Configuring Static IP Configuring Optional Settings Sometimes you may ...

Page 41: ...e Configuring PPPoE To configure the PPPoE settings STEP 1 Choose Networking WAN Internet Setup STEP 2 From the Internet Connection Type drop down menu choose PPPoE STEP 3 In the PPPoE Settings area enter the following information you may need to contact your ISP to obtain your PPPoE login information Username Enter your username assigned to you by the ISP Password Enter your password assigned to ...

Page 42: ...his option the Internet connection is always on If you click Keep Alive enter the number of seconds that the CVR100W attempts to reconnect after it is disconnected in the Redial period field Authentication Type Choose the authentication type Auto Negotiation The server sends a configuration request specifying the security algorithm set on it Then the CVR100W sends back authentication credentials w...

Page 43: ... Gateway Enter the IP address of the default gateway Static DNS 1 Enter the IP address of the primary DNS server Static DNS 2 Enter the IP address of the secondary DNS server Host Name Enter the host name of the CVR100W Domain Name Enter the domain name for your network MTU The Maximum Transmit Unit MTU is the size of the largest packet that can be sent over the network The standard MTU value for ...

Page 44: ... cable modem or DSL modem the MAC address from the CVR100W s WAN port is not recognized by the ISP In this case to configure your CVR100W to be recognized by the ISP clone the MAC address of the WAN port to be the same as your computer s MAC address To configure a MAC address clone STEP 1 Choose Networking WAN MAC Address Clone STEP 2 In the MAC Address Clone field check Enable to enable MAC addre...

Page 45: ...ave After the CVR100W s LAN IP address is changed your PC is no longer connected to the CVR100W STEP 4 To reconnect your PC to the CVR100W do one of the following If DHCP is configured on the CVR100W release and renew your PC s IP address Manually assign an IP address to your PC The address must be on the same subnet as the CVR100W For example if you change the CVR100W s IP address to 10 0 0 1 ass...

Page 46: ...168 1 100 to 192 168 1 149 If you need to set any host with a static IP address use an IP address from the 192 168 1 2 to 192 168 1 99 IP address pool This prevents conflicts with the default IP address pool To configure the DHCP settings STEP 1 Choose Networking LAN LAN Configuration STEP 2 Optional Select the VLAN that you want to edit from the drop down menu STEP 3 In the DHCP Server field sele...

Page 47: ...N Configuration STEP 2 Click Add Row STEP 3 Enter the following information Starting IP Address Enter the first address in the IP address pool Any new DHCP client joining the LAN is assigned an IP address in this range the ending IP address in the pool is determined by the value that you enter in the Maximum Number of DHCP Users field Maximum Number of DHCP Users Enter the maximum number of DHCP c...

Page 48: ...LAN ID 2 is reserved cannot be used VLAN ID 3 is reserved for the guest network Description Enter a description to identify the VLAN Port 1 You can associate VLANs on the CVR100W to the LAN ports on the device By default all 4 ports belong to VLAN1 You can edit these ports to associate them with other VLANs Choose the outgoing frame type for each port Untagged The port is an untagged member of the...

Page 49: ...ave to apply your changes Description Enter a description of the client IP Address Enter the IP address of the device The assigned IP address should be outside the pool of the DHCP addresses configured The DHCP pool is treated as a generic pool and all reserved IPs should be outside this pool Static DHCP assignment means that the DHCP server assigns the same IP to the defined MAC address every tim...

Page 50: ...tack on any of the DMZ nodes the LAN is not necessarily vulnerable You must configure a fixed static IP address for the endpoint that you designate as the DMZ host You should assign the DMZ host an IP address in the same subnet as the CVR100W s LAN IP address but it cannot be identical to the IP address given to the LAN interface of this gateway To configure DMZ STEP 1 Choose Networking LAN DMZ Ho...

Page 51: ...r routers The router determines the network packets route based on the fewest number of hops between the source and the destination NOTE RIP is disabled by default on the CVR100W To configure dynamic routing STEP 1 Choose Networking Routing STEP 2 In the Dynamic Routing area configure the following settings Gateway Recommended Click this radio button to set the CVR100W to act as a gateway Keep thi...

Page 52: ...cols Static routes can be used together with dynamic routes CAUTION Be careful not to introduce routing loops in your network To configure static routing STEP 1 Choose Networking Routing STEP 2 In the Static Routing area choose a route entry from the Route Entries drop down menu To delete the route entry click Delete This Entry STEP 3 Configure the following settings for the selected route entry R...

Page 53: ...ng information on your network click Show IPv4 Routing Table in the Routing Table area STEP 3 To view the IPv6 routing information on your network click Show IPv6 Routing Table in the Routing Table area Enter Route Name Enter the name of the route Destination LAN IP Enter the IP address of the destination LAN Subnet Mask Enter the subnet mask of the destination network Gateway Enter the IP address...

Page 54: ...he DDNS Service drop down menu choose Disable to disable this service or choose the DDNS service to use STEP 3 If you do not have a DDNS account click the URL of the service to visit the selected DDNS service s website so that you can create an account STEP 4 Configure the following information Destination LAN IP IPv4 IP address of the destination LAN Subnet Mask IPv4 Subnet mask of the destinatio...

Page 55: ...22 org Enter the host name of the DDNS server Internet IP Address 3322 org Internet IP address of the CVR100W Status 3322 org Displays the status if the DDNS update has completed successfully or if the account update information sent to the DDNS server failed Domain Name oray org Displays the domain name of the account User Level oray org Displays the user level of the account Status oray org Disp...

Page 56: ... Save Configuring IPv6 Configuring IPv6 WAN Settings Configuring WAN properties for an IPv6 network depends on the type of internet connection that you have You can configure the CVR100W to be a DHCPv6 client of the ISP for this WAN or to use a static IPv6 address provided by the ISP Setting the IP Mode To configure IPv6 WAN settings on your CVR100W you must first set the IP mode to LAN IPv6 WAN I...

Page 57: ...IPv6 address STEP 1 Choose Networking IPv6 Configuration IPv6 WAN Configuration STEP 2 In the WAN Connection Type field click the Static IPv6 radio button STEP 3 In the Static IP Address area enter the following information IPv6 Address Enter the IPv6 address of the WAN port IPv6 Prefix Length Enter the IPv6 prefix length defined by the ISP The IPv6 network subnet is identified by the initial bits...

Page 58: ...WAN IPv4 LAN IPv6 WAN IPv6 LAN IPv4 IPv6 WAN IPv4 LAN IPv4 IPv6 WAN IPv4 IPv6 See Configuring IP Mode for more information Configuring IPv6 LAN Settings To configure IPv6 LAN settings STEP 1 Choose Networking IPv6 Configuration IPv6 LAN Configuration STEP 2 In the IPv6 area enter the following information to configure the IPv6 LAN address Static DNS 1 Enter the IP address of the primary DNS server...

Page 59: ...its for their IPv6 address you set the number of common initial bits in the network s addresses in this field DHCP Status Check to enable the DHCPv6 server If enabled the CVR100W assigns an IP address within the specified range plus additional specified information to any LAN endpoint that requests DHCP served addresses Domain Name Enter the domain name of the DHCPv6 server Server Preference Enter...

Page 60: ...e Networking IPv6 Configuration IPv6 LAN Configuration STEP 2 In the IPv6 Address Pools table click Add Row STEP 3 Enter the following information STEP 4 Click Save STEP 5 To edit the settings of a pool select the pool and click Edit To delete a selected pool click Delete Click Save to apply your changes Client Lease Time Enter the client lease time Enter the duration for which IPv6 addresses are ...

Page 61: ...er with dynamic routes Be careful not to introduce routing loops in your network To create an IPv6 static route STEP 1 Choose Networking IPv6 Configuration IPv6 Static Routing STEP 2 In the IPv6 Static Routing table click Add Row STEP 3 Enter the following information Name Enter the route s name Destination Enter the IPv6 address of the destination host or net work for this route Prefix Length Ent...

Page 62: ... is greater than or equal to 16 the destination network or host is unreachable By default the routing update is sent every 30 seconds If the router receives no routing updates from a neighbor after 180 seconds the routes learned from the neighbor are considered as unreachable After another 240 seconds if no routing update is received the router removes these routes from the routing table On the CV...

Page 63: ...el status STEP 1 Choose Networking IPv6 Configuration IPv6 Tunnels Status This page displays information about the automatic tunnel set up through the dedicated WAN interface The table shows the name of tunnel and the IPv6 address that is created on the device STEP 2 Click Refresh to refresh the data on this page Configuring Router Advertisement The Router Advertisement Daemon RADVD on the CVR100W...

Page 64: ... the Minimum Router Advertisement Interval MinRtrAdvInterval and Maximum Router Advertisement Interval MaxRtrAdvInterval MinRtrAdvInterval 0 33 MaxRtrAdvInterval RA Flags Check Managed to use the administered stateful protocol for address auto configuration Check Other to use the administered stateful protocol of other non address information auto configuration Router Preference Choose low medium ...

Page 65: ...TU is not well known Router Life Time Enter the router lifetime value or the time in seconds that the advertisement messages exists on the route The default is 3600 seconds IPv6 Prefix Type Choose one of the following types 6to4 6to4 is a system that allows IPv6 packets to be transmitted over an IPv4 network It is used when an end user wants to connect to the IPv6 Internet using their existing IPv...

Page 66: ...ecifies the IPv6 network address IPv6 Prefix Length If you choose Global Local as the IPv6 prefix type enter the prefix length The prefix length variable is a decimal value that indicates the number of contiguous higher order bits of the address that make up the net work portion of the address Prefix Lifetime Enter the prefix lifetime or the length of time over which the requesting router is allow...

Page 67: ...ll so small businesses and homes with high speed Internet access are adopting them at a rapid pace Because wireless networking operates by sending information over radio waves it can be more vulnerable to intruders than a traditional wired network Wireless Security Tips You cannot physically prevent someone from connecting to your wireless network but you can take the following steps to keep your ...

Page 68: ...ability to enable MAC address filtering The MAC address is a unique series of numbers and letters assigned to every networking device With MAC address filtering enabled wireless network access is provided solely for wireless devices with specific MAC addresses For example you can specify the MAC address of each computer in your network so that only those computers can access your wireless network ...

Page 69: ...following precautions Password protect all computers on the network and individually password protect sensitive files Change passwords on a regular basis Install anti virus software and personal firewall software Disable file sharing peer to peer to prevent applications from using file sharing without your consent CVR100W Wireless Networks The CVR100W provides four virtual wireless networks or fou...

Page 70: ...3 In the Wi Fi Power field select the Wi Fi power on your network STEP 4 In the Wireless Network Mode field choose one of these options from the drop down menu SSID Isolation Disabled Disabled Disabled Enabled WMM Enabled Enabled Enabled Enabled WPS Hardware Button Enabled Disabled Disabled Disabled SSID Name cisco xxxx cisco SSID2 cisco SSID3 cisco guest B G N Mixed Choose this option if you have...

Page 71: ...STEP 8 Optional In the U APSD WMM Power Save field check Enable to enable the Unscheduled Automatic Power Save Delivery U APSD feature also referred to as WMM Power Save that allows the radio to conserve power U APSD is a power saving scheme optimized for real time applications such as VoIP transferring full duplex data over WLAN By classifying outgoing IP traffic as Voice data these types of appl...

Page 72: ...AC Filter Read Only Displays whether MAC Filter is enabled or disabled Refer to the Configuring MAC Address Filtering section to enable or disable this feature on the SSID CSC Only applicable for SSID1 SSID2 and SSID3 Check to set this SSID as the Cisco Simple Connect CSC wireless access point Refer to the Configuring Cisco Simple Connect section for more information about the Cisco Simple Connect...

Page 73: ...standard was being prepared WPA Personal supports Temporal Key Integrity Protocol TKIP and Advanced Encryption Standard AES encryption WPA2 Personal Recommended WPA2 is the implementation of the security standard specified in the final 802 11i standard WPA2 supports AES encryption and this option uses Pre shared Key PSK for authentication WPA2 Personal Mixed Allows both WPA and WPA2 clients to con...

Page 74: ...em or Shared Key if your network administrator recommends this setting If you are unsure select the default option Open System In both cases the wireless client must provide the correct shared key password to access the wireless network Encryption Choose the encryption type 10 64 bit 10 hex digits Provides a 40 bit key 26 128 bit 26 hex digits Provides a 104 bit key which offers stronger encryptio...

Page 75: ... to 63 ASCII characters or 64 hexadecimal digits Show Password Check to show the password in plaintext Key Renewal Enter the duration of time 600 to 7200 seconds between key renewals The default value is 3600 WPA Enterprise WPA2 Enterprise or WPA2 Enterprise Mixed Encryption For WPA Enterprise choose one of the following options TKIP AES Choose TKIP AES to ensure compatibility with older wireless ...

Page 76: ...C Filtering page opens STEP 3 In the Wireless MAC Filtering field check Enable to enable MAC address filtering for this SSID STEP 4 In the Connection Control field choose the type of access to the wireless network Prevent Select this option to prevent devices with the MAC addresses listed in the MAC Address Table from accessing the wireless network This option is selected by default Permit Select ...

Page 77: ...Start Time and Stop Time fields specify the time of day period when access to the network is allowed STEP 5 Click Save STEP 6 Click Back to go back to the Basic Settings page Configuring Guest Net The SSID4 default name cisco guest is used for guest access The guests can access the Internet through this SSID and the internal network security would not be affected To configure the Guest Net setting...

Page 78: ...s access point can only access the Internet through the CVR100W When configuring Cisco Simple Connect note the following Only SSID1 SSID2 or SSID3 can be set as the CSC wireless access point Enabling Cisco Simple Connect on a SSID does not affect the normal operation of other SSIDs SSID1 must be set as the CSC wireless access point when WDS is enabled on the CVR100W The VLAN to which the CSC wirel...

Page 79: ... enable Cisco Simple Connect for the first time Generally you can enter the SSID name that is provided on your CSC Simple card in this field If you want to customize the name of the CSC wireless access point enter a new SSID name in this field NOTE When you customize a new name of the CSC wireless access point you are asked to regenerate and print the QR code of the CSC card See Customizing Your Q...

Page 80: ...work Settings for more information STEP 7 Click Save STEP 8 Click Edit CSC to limit the time to access the Internet for all associated CSC wireless clients STEP 9 Enter the following information STEP 10 Click Save See Connecting to CSC Wireless Network for more information about how to connect to the CSC wireless network and get the authority to access the Internet SSID Name Displays the current n...

Page 81: ...Choose Wireless Advanced Settings The Advanced Settings page appears STEP 2 Configure these settings Frame Burst Check Enable to enable this feature to provide your wireless networks with greater performance depending on the manufacturer of your wireless products If you are not sure how to use this option keep the default enabled WMM No Acknowledgement Check Enable to enable this feature Enabling ...

Page 82: ...5 5 Mbps 11 Mbps 18 Mbps 24 Mbps and so on In addition to B and G speeds the CVR100W supports N speeds Other options are 1 2 Mbps for use with older wireless technology and All when the CVR100W can transmit at all wireless rates The Basic Rate is not the actual rate of data transmission If you want to specify the CVR100W s rate of data transmission configure the Transmission Rate setting Transmiss...

Page 83: ...nsmit to the CVR100W in an environment with heavy 802 11b traffic This function boosts the CVR100W s ability to catch all Wireless N and Wireless G transmissions but will severely decrease performance The default is Auto Beacon Interval The Beacon Interval value indicates the frequency interval of the beacon A beacon is a packet broadcast by the CVR100W to synchronize the wireless network Enter a ...

Page 84: ...mum size for a packet before data is fragmented into multiple packets If you experience a high packet error rate you may slightly increase the Fragmentation Threshold Setting the Fragmentation Threshold too low may result in poor network performance Only minor reduction of the default value is recommended In most cases it should remain at its default value of 2346 RTS Threshold If you encounter in...

Page 85: ...he entries in the table In the Available Networks Table select up to three access points to use as repeaters To add the MAC addresses of the selected access points to the MAC fields below the table click Connect STEP 6 Click Save Configuring WPS You can configure WPS on the CVR100W to allow WPS enabled devices to more easily connect to the wireless network To enable WPS on your CVR100W STEP 1 Choo...

Page 86: ...d in item 3 on the WPS page After you configure WPS the following information appears at the bottom of the WPS page Wi Fi Protected Setup Status Network Name SSID and Security The status of the WPS light on the front panel provides information about the WPS operation WPS Successfully Started WPS light turns on for 120 seconds WPS During Startup WPS light flashes 0 5 Hz for 30 seconds WPS Errors Oc...

Page 87: ...figuring Port Range Triggering CVR100W Firewall Features Access Rules You can secure your network by creating and applying rules that the CVR100W uses to selectively block and allow inbound and outbound Internet traffic You then specify how and to what devices the rules apply To do so you must define the following Services or traffic types examples web browsing VoIP other standard services and als...

Page 88: ... access specific local resources By default all access from the insecure WAN side is blocked from accessing the secure LAN except in response to requests from the LAN To allow outside devices to access services on the secure LAN you must create a firewall rule for each service If you want to allow incoming traffic you must make the CVR100W s WAN port IP address known to the public This is called e...

Page 89: ...unction properly The CVR100W must send all incoming data for that application only on the required port or range of ports The CVR100W has a list of common applications and games with corresponding outbound and inbound ports to open You can also specify a port forwarding rule by defining the type of traffic TCP or UDP and the range of incoming and outgoing ports to open when enabled Configuring Bas...

Page 90: ...n web pages that enable dynamic functionality of the page A malicious applet can be used to compromise or infect computers Enabling this setting blocks Java applets from being downloaded Click Auto to automatically block Java or click Manual Port and enter a specific port on which to block Java Block Cookies Check to block cookies Cookies are used to store session information by websites that usua...

Page 91: ...s ActiveX control can be used to compromise or infect computers Enabling this setting blocks ActiveX applets from being downloaded Click Auto to automatically block ActiveX or click Manual Port and enter a specific port on which to block ActiveX Block Proxy Check to block proxy servers A proxy server or proxy allows computers to route connections to other computers through the proxy thus circumven...

Page 92: ... STEP 8 To edit an entry select the entry and click Edit Make your changes then click Save Configuring Service Management When you create a firewall rule you can specify a service that is controlled by the rule Common types of services are available for selection and you can create your own custom services The Service Management page allows you to create custom services against which firewall rule...

Page 93: ...ol Default Access Control Policy You can configure the default access control policy for the traffic that is directed from the secure network LAN to the non secure network dedicated WAN optional To configure the default access control policy STEP 1 Choose Firewall Access Control Default Access Control Policy STEP 2 Choose Allow or Deny STEP 3 Click Save Configuring Access Rules All configured acce...

Page 94: ... down menu choose the schedule to apply this rule Optional Click Configure Schedules to go to the Schedule Management page to configure the services before applying access rules to them STEP 6 From the Services drop down menu choose the service to allow or block for this rule Choose All Traffic to allow the rule to apply to all applications and services or choose a single application to block Doma...

Page 95: ... The rule applies to traffic originating on a single IP address in the local network Enter the address in the Start IP field Address Range The rule applies to traffic originating from an IP address located in a range of addresses Enter the starting IP address in the Start IP field and the ending IP address in the Finish field STEP 9 In the Log field specify whether the packets for this rule should...

Page 96: ...nable to enable the Internet access rule STEP 4 In the Enter Policy Name filed enter a policy name for identification and management purposes STEP 5 From the Action drop down menu choose the type of access restriction that you need Block All Block all Internet traffic Block URL Block Internet traffic to specified Internet sites Block All by Schedule Blocks all types of traffic according to a sched...

Page 97: ...wn menu choose how to block a website by specifying the URL or by specifying a keyword that appears in the URL In the Value field enter the URL or keyword used to block the website For example to block the example com URL choose URL Address from the drop down menu and enter example com in the Value field To block a URL that has the keyword example in the URL choose Keyword from the drop down menu ...

Page 98: ...le STEP 8 Click Save Configuring Port Range Forwarding To add a port range forwarding rule STEP 1 Choose Firewall Port Range Forwarding STEP 2 In the Service Name field enter the name of the service to configure port forwarding STEP 3 In the Start Port field specify the port number that begins the range of ports to forward STEP 4 In the End Port field specify the port number that ends the range of...

Page 99: ...wall rules because a rule does not have to reference a specific LAN IP or IP range Ports are also not left open when not in use thereby providing a level of security that port forwarding does not offer To add a port triggering rule STEP 1 Choose Firewall Port Range Triggering STEP 2 In the Service Name field enter the name of the service to configure port triggering for STEP 3 In the Triggered Ran...

Page 100: ... a gateway router You can create different types of VPN tunnels depending on the needs of your business Remote Access with Cisco QuickVPN For quick setup with basic VPN security settings distribute the Cisco QuickVPN software to your users who can then securely access your network resources Use this option if you want to simplify the VPN setup process You do not have to configure VPN policies Remo...

Page 101: ...information on configuring site to site VPN Configuring VPN Clients This section describes how to create and manage the QuickVPN users Creating and Managing QuickVPN Users To create QuickVPN users STEP 1 Choose VPN VPN Clients STEP 2 In the VPN Client Settings table click Add Row STEP 3 Enter the following information STEP 4 Click Save STEP 5 To edit the settings of a QuickVPN user check the relat...

Page 102: ...nt settings The file should contain one row for the headings and one or more rows for the VPN clients For example the following specifies the settings of two users to import CAUTION Importing VPN client settings deletes the existing settings To import VPN client settings STEP 1 Choose VPN VPN Clients STEP 2 Click Browse to locate a CSV file containing the VPN client settings STEP 3 Click Import to...

Page 103: ... that supports ten site to site VPN tunnels and have a CVR100W at each remote site to provide secure connectivity Viewing Default VPN Settings The basic VPN setup sets most parameters to defaults as proposed by the VPN Consortium VPNC and assumes a pre shared key which greatly simplifies the setup To view the default VPN settings on your CVR100W STEP 1 Choose VPN Basic VPN Setup STEP 2 Click View ...

Page 104: ...tegrity Algorithm SHA 1 SA Lifetime 1 Hours PFS Key Group DH Group 2 1024 bit Policy Name and Remote IP Type Policy Name Enter a unique name for the VPN policy The VPN policy name cannot be same as the username of an existing VPN client Pre Shared Key Enter the pre shared key or password that will be exchanged between the two routers It must be between 8 and 49 characters Endpoint Information Remo...

Page 105: ...at the remote redundancy endpoint or the router to which the CVR100W will connect is identified by IP address or FQDN Redundancy WAN Internet IP Address Enter the public IP address or domain name of the remote redundancy endpoint Local WAN Internet IP Address Enter the public IP address or domain name of the local endpoint CVR100W Secure Connection Remote Accessibility Remote LAN Local Network IP ...

Page 106: ... To configure NAT Traversal and NetBIOS on your CVR100W STEP 1 Choose VPN Advanced VPN Setup STEP 2 Enter the following information NAT Traversal Check Enable to apply the NAT settings for both the local network and the remote network communicating over the VPN tunnel This option is particularly useful in cases where both sides of a tunnel use either the same or overlapping subnets NetBIOS Check E...

Page 107: ... policy click Add Row Other options To edit an IKE policy choose an entry and click Edit To delete an IKE policy choose an entry and click Delete NOTE You cannot delete an IKE policy if it is being used in a VPN policy You must first disable and delete the VPN policy in the VPN Policy table STEP 3 Enter the following information Policy Name Enter a unique name for the policy for identification and...

Page 108: ...hentication algorithm for the VPN header MD5 SHA 1 or SHA2 256 Ensure that the authentication algorithm is configured identically on both sides of the VPN tunnel for example the CVR100W and the router to which it is connecting Pre Shared Key Enter the key in the space provided Note that the double quote character is not supported in the key Diffie Hellman DH Group Specify the DH Group algorithm wh...

Page 109: ...hoose an entry and click Edit To delete a VPN policy choose an entry and click Delete To enable a VPN policy choose an entry and click Enable To disable a VPN policy and terminate the corresponding VPN connection if applicable choose an entry and click Disable NOTE If you have a VPN connection already configured you cannot add another without deleting the existing VPN connection STEP 3 Enter the f...

Page 110: ...ay feature so that the CVR100W can connect to a backup VPN endpoint when the primary VPN connection fails If you enable this feature specify the IP address or FQDN of the remote redundancy endpoint or the router to which the CVR100W will connect when the primary VPN connection fails Rollback enable Check to switch to the primary VPN connection by disabling the backup VPN connection when the primar...

Page 111: ...he IP Address field and enter the subnet mask in the Subnet Mask field IP Address Enter the IP address of the remote host if the Remote IP is set to Single or enter the remote network address if the Remote IP is set to Subnet Subnet Mask Enter the subnet mask such as 255 255 255 0 if the Remote IP is set to Subnet IMPORTANT Make sure that you avoid using overlapping subnets for remote or local tra...

Page 112: ...hm used to verify the integrity of the data MD5 SHA 1 or SHA2 256 Key In Enter the integrity key for ESP with Integrity mode for the inbound policy The length of the key depends on the algorithm chosen MD5 16 characters SHA 1 20 characters SHA2 256 32 characters Key Out Enter the integrity key for ESP with Integrity mode for the outbound policy The length of the key depends on the algorithm chosen...

Page 113: ...erate a new certificate to replace the existing certificate on the CVR100W To generate a certificate STEP 1 Choose VPN Certificate Management STEP 2 Click the Generate a New Certificate radio button STEP 3 Click Generate Certificate Integrity Algorithm Select the algorithm used to verify the integrity of the data PFS Key Group Check Enable to enable Perfect Forward Secrecy PFS to improve security ...

Page 114: ... be stored in a safe place as a backup If the CVR100W s configuration is restored to the factory default settings this certificate can be imported and restored on the CVR100W To export a certificate for Admin STEP 1 Choose VPN Certificate Management STEP 2 Click Export Certificate for Admin The certificate for administrator admin pem will be saved to your local PC Exporting Certificates for Client...

Page 115: ...through your CVR100W To configure VPN passthrough STEP 1 Choose VPN VPN Passthrough STEP 2 Choose the type of traffic to allow to pass through the CVR100W STEP 3 Click Save IPsec Passthrough Check Enable to allow IP security tunnels to pass through the CVR100W PPTP Passthrough Check Enable to allow Point to Point Tunneling Protocol PPTP tunnels to pass through the CVR100W L2TP Passthrough Check En...

Page 116: ...lowing from the secure network LAN to the insecure network WAN Configuring Bandwidth You can limit the bandwidth to reduce the rate at which the CVR100W transmits data You can also use a bandwidth profile to limit the outbound traffic thus preventing the LAN users from consuming all of the bandwidth of the Internet link To set the upstream and downstream bandwidth STEP 1 Choose QoS Bandwidth Manag...

Page 117: ...ings of an entry in the table check the relevant box and click Edit When you are done making changes click Save STEP 7 To delete an entry from the table check the relevant box and click Delete Then click Save STEP 8 To add a new service definition click Configure Services You can define a new service to use for all firewall and QoS definitions See Configuring Service Management for more informatio...

Page 118: ...based QoS settings click Restore Default Then click Save Trust Mode Choose one of the following options from the drop down menu Port This setting enables the port based on QoS You can then set the traffic priority for a particular port The traffic queue priority starts at the lowest priority of 1 and ends with the highest priority of 4 DSCP Differentiated Services Code Point DSCP Enabling this fea...

Page 119: ...lues mark traffic types with higher or lower traffic priority depending on the type of traffic STEP 3 Click Save STEP 4 To restore the default CoS settings click Restore Default Configuring DSCP Settings You can use the DSCP Settings page to configure DSCP to QoS queue mapping NOTE You first need to go to the QoS Port Based Settings page by clicking the link on this page to set the trust mode to D...

Page 120: ...Configuring Quality of Service QoS Configuring DSCP Settings Cisco CVR100W Wireless N VPN Router Administration Guide 118 7 STEP 5 To restore the default DSCP settings click Restore Default ...

Page 121: ...d other settings It includes the following sections Configuring Password Complexity Configuring Administrator Account Settings Configuring Remote Management Configuring Port Management Configuring Do Not Disturb Mode Configuring System Time Configuring Bonjour Using Diagnostic Tools Configuring Logging Backing Up and Restoring System Configuration Upgrading Firmware Rebooting the CVR100W Restoring...

Page 122: ...er the minimum password length 0 to 64 characters The default is 8 characters Minimum number of character classes Enter a number representing one of the following character classes Uppercase letters Lowercase letters Numbers Special characters available on a standard keyboard By default passwords must contain characters from at least three of these classes The new password must be different than t...

Page 123: ...ded STEP 5 Check Disable Password Strength Enforcement to disable password strength enforcement nor recommended Disabling password strength enforcement will increase your network security risk STEP 6 Click Save New Username Enter a new username Old Password Enter the current password New Password Enter the new password We recommended that you ensure that the password contains no dictionary words f...

Page 124: ...able to enable remote management Enabling this feature allows you to remotely manage the CVR100W from the WAN side by using the CVR100W s WAN IP address STEP 4 In the Remote Access field select the way that you access web based Configuration Utility from a remote WAN network HTTP Check to allow you to access web based Configuration Utility from a remote WAN network by using the CVR100W s WAN IP ad...

Page 125: ...current duplex mode and speed Flow Control Shows if flow control is enabled or disabled on the port STEP 2 To configure the duplex mode and speed of a port choose an option from the Mode drop down menu The available options are Auto Negotiation Lets the system and network determine the optimal port speed 10 Mbps Half Duplex or 100 Mbps Half Duplex The 10 100 Mbps port supports transmissions betwee...

Page 126: ...ne whether or not to adjust for Daylight Savings Time and with which Network Time Protocol NTP server to synchronize the date and time The CVR100W then gets its date and time information from the NTP server To configure NTP and time settings STEP 1 Choose Administration Time Settings The current time is displayed STEP 2 Specify the time zone from the Time zone drop down menu STEP 3 In the Adjust f...

Page 127: ...tocol On the CVR100W it only advertises the default services configured on the device when Bonjour is enabled To enable Bonjour STEP 1 Choose Administration Bonjour STEP 2 Check Enable to enable Bonjour STEP 3 To enable Bonjour for a VLAN listed in the Bonjour Interface Control table check the corresponding Enable Bonjour box You can enable Bonjour on specific VLANs Enabling Bonjour on a VLAN allo...

Page 128: ...n the IP Address Domain Name field enter the device s IP address or a fully qualified domain name FQDN such as www cisco com to ping STEP 3 Click Ping The ping results appear These results tell you whether the device is reachable STEP 4 Click Close when done and return to the Network Tools page Using Traceroute The Traceroute utility displays all the routers present between the destination IP addr...

Page 129: ...n the Internet Name field enter the Internet name of the host STEP 3 Click Look up The nslookup results appear STEP 4 Click Close when done and return to the Network Tools page Configuring Port Mirroring Port mirroring monitors network traffic by sending copies of all incoming and outgoing packets from one port to a monitoring port You can use port mirroring as a diagnostic or debugging tool espec...

Page 130: ... In the Log Severity for Local Log field check the log severities for the events that you want to log For example If you check Critical all log messages listed under the Critical Emergency and Alert categories are saved to the local syslog daemon STEP 4 Click Save Emergency System is not usable Alert Action is needed Critical System is in a critical condition Error System is in error condition War...

Page 131: ... field check which severity of events to log STEP 6 In the Enable field check the box to enable the remote syslog server STEP 7 Click Save STEP 8 To delete an entry in the Remote Log Server table select the entry and click Delete To edit an entry in the Remote Log Server table select the entry and click Edit Make your changes then click Save Backing Up and Restoring System Configuration You can ba...

Page 132: ... STEP 1 Choose Administration Backup Restore Settings STEP 2 Click Backup Configuration Restoring Your Configuration from a Saved Configuration File You can restore the system configuration from a previously saved configuration file To restore the settings from a saved configuration file on your local PC STEP 1 Choose Administration Backup Restore Settings STEP 2 Click Browse to locate the configu...

Page 133: ...Administration Firmware Upgrade The following information is displayed Device Model Displays the device model PID VID Displays the product ID and version ID Current Firmware Version Displays the firmware version that the CVR100W is currently using STEP 2 In the Download the latest firmware field click Download to download the latest version of the firmware from the specified website to your local ...

Page 134: ...essions and the system will be down for several seconds Restoring the Factory Defaults To restore the CVR100W to the factory default settings you can press and hold the RESET button on the back panel for more than 5 seconds or perform the Reset to Factory Defaults operation from web based Configuration Utility CAUTION During a restore operation do not try to go online turn off the router shut down...

Page 135: ...assword The administrative password protects your CVR100W from unauthorized access For security reasons you should change the password from its default setting Write this password down for future reference A blank password is not recommended Router Password Enter a new password Passwords should not contain dictionary words from any language They should contain a mixture of letters both uppercase a...

Page 136: ...gns an IP address on connection PPPoE PPPoE uses Point to Point Protocol over Ethernet PPPoE to connect to the Internet Choose this option if your ISP provides you with client software username and password Use the necessary PPPoE information from your ISP to complete the PPPoE configuration Account Name Enter your username assigned to you by the ISP Password Enter your password assigned to you by...

Page 137: ... the highest level of security that is supported by the devices in your network See Configuring Wireless Security for more information on configure the wireless security settings STEP 4 Click Next to continue The Confirm Setup Wizard Configuration page opens From this page you can see the summary information for all configuration STEP 5 If the configuration is correct click Save and Exit to comple...

Page 138: ...Connect makes accessing wireless access points simple and allows you to expand more business applications See www cisco com go cn cvr100w for more information By default Cisco Simple Connect is disabled on the CVR100W You can set one of the SSIDs SSID1 SSID2 or SSID3 as the CSC wireless access point The wireless clients that are associated with the CSC wireless access point can only access the Int...

Page 139: ... strongly recommend that you configure the CSC wireless access point with the highest level of security that is supported by the devices into your wireless network The wireless clients that are associated with the CSC wireless access point can only access the Internet They cannot manage and configure the CVR100W through web based Configuration Utility and access the CVR100W s local network resourc...

Page 140: ...nerally you can enter the SSID name that is provided on your CSC card in this field If you want to customize the name of the CSC wireless access point enter a new SSID name in this field NOTE When you customize a new name of the CSC wireless access point you are asked to regenerate and print the QR code of the CSC card See Customizing Your QR Code for more information Security Mode By default the ...

Page 141: ...C wireless access point See Configuring Wireless Network Settings for more information STEP 7 Click Save STEP 8 Click Edit CSC to limit the time to access the Internet for all wireless clients that are associated with the CSC wireless network STEP 9 Enter the following information STEP 10 Click Save SSID Name Displays the current name of the CSC wireless access point By default it is named as Cisc...

Page 142: ...om Cisco com go to www cisco com go cn cvr100w open the Cisco Simple Connect tab and click the download link and then install it on your device Or Connect your device to the CSC wireless network You must first know the SSID name and password of the CSC wireless network and then open the web browser on your device to try to access a website The Cisco Simple Connect Hotspot opens Click the correspon...

Page 143: ...ey The wireless clients need to rescan the new QR code that you print from the CVR100W Resources page to connect to the CSC wireless network STEP 1 Launch your web browser and access the CVR100W Resources page http www cisco com go cn cvr100w STEP 2 Click the Cisco Simple Connect 思科锐联 tab STEP 3 In the Customize QR Code 定制二维码 area enter the following information Wireless Security 连接类型 Displays the...

Page 144: ...g Your QR Code Cisco CVR100W Wireless N VPN Router Administration Guide 142 9 The wireless clients can now use the CSC client application on their CSC enabled devices to interact with the new QR code and connect to the CSC wireless network ...

Page 145: ...ftware This appendix includes the following sections Before You Begin Installing the Cisco QuickVPN Software Using the Cisco QuickVPN Software Before You Begin The QuickVPN program only works with the CVR100W that is properly configured to accept a QuickVPN connection You must perform the following steps STEP 1 Enable remote management See Configuring Remote Management for complete details STEP 2 ...

Page 146: ...in the search box in the Downloads tab and find the QuickVPN software STEP 3 Save the zip file to your PC and extract the zip file STEP 4 Double click the exe file and follow the on screen instructions to install the Cisco QuickVPN software Using the Cisco QuickVPN Software To launch the Cisco QuickVPN software and establish the VPN connection with a remote VPN server STEP 1 Double click the Cisco...

Page 147: ...eld enter the port number that the QuickVPN client uses to communicate with the remote VPN router or keep the default setting Auto STEP 6 To save this profile click Save To delete this profile click Delete For information click Help NOTE If there are multiple sites to which you need to create a tunnel you can create multiple profiles but only one tunnel can be active at a time STEP 7 To begin your...

Page 148: ...n active To terminate the VPN tunnel click Disconnect To change your password click Change Password For information click Help STEP 9 If you clicked Change Password and have permission to change your own password the Connect Virtual Private Connection window appears STEP 10 Enter your password in the Old Password field Enter your new password in the New Password field Then enter the new password a...

Page 149: ...ckVPN Software Cisco CVR100W Wireless N VPN Router Administration Guide 147 A NOTE You can change your password only if the Allow User to Change Password box has been checked for that username See Configuring VPN Clients for complete details ...

Page 150: ...l Business Support and Resources www cisco com go smallbizhelp Phone Support Contacts www cisco com go sbsc Cisco Small Business Firmware Downloads www cisco com go smallbizfirmware Select a link to download firmware for Cisco Small Business Products No login is required Product Documentation Cisco CVR100W www cisco com go cvr100w Cisco Small Business Cisco Partner Central for Small Business Partn...

Reviews:

No comments