Cisco Linksys RVL200 User Manual Download Page 106

Page: 106 / 118

Access of Multiple VLANs over a SSL VPN Tunnel

4-Port SSL/IPSec VPN Router

Appendx N

Appendx N:

Access of Multple VLANs

over a SSL VPN Tunnel

Overview

The 4-Port SSL/IPSec VPN Router (model number: RVL200)

can allow a computer on the Internet to communicate with

a local computer, even though they belong to different

Virtual Local Area Networks (VLANs).

SSL VPN Connection

Establish an SSL VPN connection between the computer

on the Internet, designated PC 1, and the RVL200. (Refer to

“Appendix B: Virtual Passage SSL VPN Client” for details.)
In the configuration example, the RVL200 assigns

192.168.1.201 to PC 1.

NOTE:

By default, the SSL VPN client is a member

of default VLAN1.

RVL00

192.168.3.201

Default VLAN1

VLAN2

WAN

192.168.1.201

SSL VPN Client Communicating with a Client Belonging to a

Different VLAN

Static Route

On the local computer, designated PC 2, configure a static

route to access a member of a different VLAN.
Follow the instructions for the operating system of PC 2.

Windows Operating System (OS)

Click

Start

Select

Programs > Accessores > Command

Prompt

1.
2.

At the cmd prompt, enter the following:
route add <destination ip> mask 255.255.255.0

<gateway ip>
Example:
route

add

192.168.3.0

mask

255.255.255.0

192.168.1.201
Press the

Enter

key.

Mac OS X

Click

Fnder

Select

Applcatons > Utltes > Termnal

Enter one of the following:
sudo route add -net <destination ip> <gateway ip>

<subnet mask>
Example #1:
sudo route add -net 192.168.3.0 192.168.1.201

255.255.255.0
or
sudo route add -net <destination network> <gateway

ip>
Example #2:
sudo route add -net 192.168.3.0/24 192.168.1.201
Press the

Enter

key.

Linux OS

Enter the following:
route add -net <destination ip> netmask 255.255.255.0

gw <gateway ip>
Example:
route add -net 192.168.3.0 netmask 255.255.255.0 gw

192.168.1.201

1.
2.
3.

Summary of Contents for Linksys RVL200

Page 1: ...USER GUIDE BUSINESS SERIES 4 Port SSL IPSec VPN Router Model RVL200 ...

Page 2: ...equire it If you use an older web browser you may have to add http in front of the web address Resource Website Linksys www linksys com Linksys International www linksys com international Glossary www linksys com glossary Network Security www linksys com security Copyright andTrademarks Linksys is a registered trademark or trademark of Cisco Systems Inc and or its affiliates in the U S and certain...

Page 3: ...nt 4 Wall Mounting Placement 4 Cable Connection 5 Chapter 4 Advanced Configuration 6 Overview 6 Before You Begin 6 Internet Explorer 6 0 or Higher 6 Netscape Communicator 8 0 or Higher 6 How to Access the Web Based Utility 7 System Summary 8 System Information 8 Port Statistics 9 Network Setting Status 9 Firewall Setting Status 9 IPSec VPN Setting Status 9 SSL VPN Setting Status 9 Log Setting Stat...

Page 4: ...ult 22 Factory Default 22 System Management Firmware Upgrade 22 Firmware Upgrade 22 System Management Restart 22 Restart 23 System Management Setting Backup 23 Import Configuration File 23 Export Configuration File 23 System Management Port Mirroring 23 Port Mirroring 23 System Management IGMP Snooping 23 Port Management Port Setup 24 Basic Per Port Config 24 Port Management Port Status 24 Port St...

Page 5: ...Gateway 35 Add a New Tunnel 35 IPSec Setup 38 IPSec VPN VPN Pass Through 40 VPN Pass Through 40 SSL VPN Summary 40 Summary 40 SSL VPN Certificate Management 40 SSL VPN User Management 41 User Management 41 SSL VPN Virtual Passage 42 Virtual Passage 43 SNMP Global Parameters 43 Global Parameters 43 SNMP Views 44 Views 44 SNMP Group Profile 44 Group Profile 44 SNMP Group Membership 45 Group Membersh...

Page 6: ...ortal Windows OS 59 Windows Vista Usage 60 Login for the SSL VPN Portal Mac OS X 60 Installation of the Virtual Passage Client Mac OS X 60 Removal of the Virtual Passage Client Mac OS X 61 Before You Begin Linux OS 62 Login for the SSL VPN Portal Linux OS 62 Installation of the Virtual Passage Client Linux OS 62 Removal of the Virtual Passage Client Linux OS 63 Appendix C Bandwidth Management 64 O...

Page 7: ... 85 Configuration when Both Gateways Use Dynamic IP Addresses 85 Configuration of the RVL200 85 Configuration of the RV082 86 Configuration of PC 1 and PC 2 86 Appendix J IPSec NATTraversal 87 Overview 87 Before You Begin 87 Configuration of Scenario 1 87 Configuration of Router A 87 Configuration of Router B 88 Configuration of Scenario 2 89 Configuration of the One to One NAT Rules 89 Configurat...

Page 8: ... Explorer 6 0 or Higher 99 How to Access the Web Based Utility 99 Upgrade the Firmware 100 Appendix P Battery Replacement 101 Overview 101 Replace the Lithium Battery 101 Appendix Q Specifications 102 Appendix R Warranty Information 103 Exclusions and Limitations 103 Obtaining Warranty Service 103 Technical Support 104 Appendix S Regulatory Information 105 FCC Statement 105 Safety Notices 105 Indu...

Page 9: ...s and allows data to be transmitted over the Internet as if it were still within those networks A VPN tunnel uses industry standard encryption and authentication techniques to secure the data sent between the two networks Virtual Private Networking was created as a cost effective alternative to using a private dedicated leased line for a private network It can be used to create secure networks lin...

Page 10: ...VPN client software that is configured with her office s VPN settings She accesses the VPN client software and connects to theVPN Router at the central office As VPNs utilize the Internet distance is not a factor Using the VPN the businesswoman now has a secure connection to the central office s network as if she were physically connected Internet Central Office Off Site Notebook with VPN Client S...

Page 11: ...used in one of two ways warm reset and reset to factory defaults WarmReset IftheRouterishavingproblems connecting to the Internet press and hold in the Reset button for four seconds using the tip of a pen This is similar to pressing the power button on your computer to reboot it The Diag LED will flash slowly during a warm reset Reset to Factory Defaults If you are experiencing extreme problems wi...

Page 12: ... distance between the two slots is 64 4 mm 2 535 inches Two screws are needed to mount the Router Suggested Mounting Hardware 3 0 3 8 mm 5 0 6 0 mm 1 6 2 0 mm Note Mounting hardware illustrations are not true to scale NOTE Linksys is not responsible for damages incurred by insecure wall mounting hardware Follow these instructions Determine where you want to mount the Router Make sure that the wall...

Page 13: ...em Connect one end of an Ethernet network cable to one of the numbered ports on the back of the Router Connect the other end to an Ethernet port on a network device such as a computer or switch Repeat this step to connect more computers or other network devices to the Router Connect to the Network Device Connect the included power adapter to the Router s Power port and then plug the power adapter ...

Page 14: ...ady enabled proceed to the next section How to Access the Web Based Utility If the settings are disabled you should enable them before configuring the Router Proceed to the instructions for your web browser Internet Explorer 6 0 or Higher Open Internet Explorer Click Tools Click Internet Options Click the Advanced tab Select Use SSL 2 0 and Use SSL 3 0 Internet Explorer Tools Internet Options Adva...

Page 15: ...e Management feature on the Firewall General screen has been enabled then users with administrative privileges can remotely access the web based utility Use https WAN IP address of the Router A login screen prompts you for your User Name and Password Enter admin in the User Name field and enter admin in the Password field You can change the Password on the Setup Password screen Then click Login Lo...

Page 16: ...nd settings This information is read only Underlined text is hyperlinked to related setup pages so if you click a hyperlink the related setup screen will appear On the right hand side of this screen and all other screens of the utility is a link to the Site Map which has links to all of the utility s tabs Click Site Map to view the Site Map Then click the desired tab 4 5 System Summary Site Map Sy...

Page 17: ...lick Renew to update the DHCP Lease Time or get a new IP address If the WAN port is set to PPPoE or PPTP two buttons Connect and Disconnect will be available Mode It shows the Router s Working Mode Gateway or Router and it hyperlinks to the Dynamic Routing section on the Advanced Routing screen of the Setup tab DNS It shows all DNS Server Addresses and hyperlinks to the WAN Connection Type setting...

Page 18: ...names as identification You may have to check with your ISP to see if your broadband Internet service has been configured with a host and domain name In most cases you can leave these fields blank LAN Setting The MAC Address of the Router is displayed Device IP Address and Subnet Mask The default values are 192 168 1 1 for the Router s local IP address and 255 255 255 0 for the subnet mask Multipl...

Page 19: ...ss es enter at least one Multiple DNS server IP settings are common In most cases the first available DNS entry is used MTU The MTU Maximum Transmission Unit setting specifies the largest packet size permitted for network transmission To manually set a value select Manual and enter the value desired in the field provided You should leave this value in the 1200 to 1500 range and most DSL users shou...

Page 20: ...ollowing DNS Server Addresses enter your DNS server IP address es enter at least one Multiple DNS server IP settings are common In most cases the first available DNS entry is used User Name and Password Enter your account s User Name and Password The maximum number of characters is 60 Connect on Demand If you select the Connect on Demand option the connection will be disconnected after a specified...

Page 21: ...Zone Select your time zone the default Time Zone is Pacific Time DaylightSaving Tousethedaylightsavingfeature select Enabled Enter the Month and Day of the start date and then enter the Month and Day of the end date NTP Server Enter the URL or IP address of the NTP server The default is time nist gov Manual Setup Time Manual Time Zone Select your time zone the default Time Zone is Pacific Time Hou...

Page 22: ...ll simply be forwarded through the Router Service Select the Service you want If the Service you need is not listed in the menu click Service Management to add the new service The Service Management screen appears Service Management Service Name Enter a name Protocol Select the protocol it uses Port Range Enter its range ClickAddtoList ClickSaveSettingstosaveyourchanges or click Cancel Changes to ...

Page 23: ...ublic services on your network When the UPnP function is enabled Windows XP can modify these entries via UPnP Setup UPnP UPnP UPnP Function Select Yes to enable the UPnP function Otherwise keep the default No Service Select the Service you want If the Service you need is not listed in the menu click Service Management to add the new service The Service Management screen appears Service Management ...

Page 24: ...ccessed at the corresponding external IP addresses NOTE The Router s WAN IP address should not be included in the range you specify Setup One to One NAT One to One NAT One to One NAT Select Enable to use the One to One NAT function Private Range Begin Enter the starting IP address of the internal IP address range This is the IP address of the first device that Public Range Begin Enter the starting...

Page 25: ...n the three Host Name fields For example if your host name were myhouse dyndns org then myhouse would go into the first field dyndns would go into the second field and org would go into the last field Click Save Settings and the status of the DDNS function will be updated Internet IP Address The Router s current Internet IP address is displayed Because it is dynamic this will change Status The sta...

Page 26: ... Static routing is an advanced feature Create these routes with care To create a static route entry enter the following information Destination IP Enter the network address of the remote LAN segment For a standard Class C IP domain the network address is the first three fields of the Destination LAN IP while the last field should be 0 Subnet Mask Enter the subnet mask used on the destination LAN I...

Page 27: ...ses and MAC addresses to the Static IP list click Select All To update the on screen information click Refresh To exit this screen and return to the DHCP Setup screen click Close Static IP Address Enter the static IP address You can enter 0 0 0 0 if you want the Router to assign a static IP address to the device MAC Address Enter the MAC address of the device Name Enter a descriptive name for the ...

Page 28: ...er of dynamic IP addresses that can be assigned by the DHCP server ClientTable For all network clients using the DHCP server the Client Table shows the current DHCP Client information Client Host Name This is the name assigned to a client host IP Address It is the dynamic IP address assigned to a client MAC Address This indicates the MAC address of a client Leased Time It displays the amount of ti...

Page 29: ...m Management Diagnostic The Router has two built in tools DNS Name Lookup and Ping which are used for troubleshooting network problems The Internet has a service called the Domain Name Service DNS which allows users to enter an easily remembered host name such as www linksys com instead of numerical TCP IP addresses to access Internet resources The DNS NameLookuptoolwillreturnthenumericalTCP IPadd...

Page 30: ...ment Firmware Upgrade Firmware Upgrade Todownloadthefirmware refertotheFirmwareDownload instructions If you have already downloaded the firmware onto your computer then click the Browse button to look for the file NOTE If you are using Internet Explorer on Windows XP disable the pop up blocking function before you upgrade the Router s firmware Refer to Appendix O Firmware Upgrade for more informat...

Page 31: ...lled RVL200 exp by default but you may rename it if you wish This process may take up to a minute System Management Port Mirroring Port Mirroring monitors and copies network traffic by transferring copies of incoming and outgoing packets from source ports to a target port This feature is used as a monitoring diagnostic and debugging tool System Management Port Mirroring Port Mirroring Enable Port ...

Page 32: ...nterface The port s interface type LAN or WAN is displayed Disable To disable a port select Disable Speed Select the port speed 10M or 100M Duplex Select the duplex mode Half or Full Auto Neg Select Enable if you want the Router s ports to auto negotiate connection speeds and duplex mode then you will not need to set up speed and duplex settings separately Click Save Settings to save your changes ...

Page 33: ...er a VLAN ID number from 2 to 4094 The defaultVLAN ID 1 is assigned to untagged frames received on the interface Click Add VLAN to add the single VLAN ID VLAN ID Range Enter the starting and ending port numbers of the VLAN ID Range Then click Add Range VLAN ID and Description All of the VLAN IDs that you have set up and the VLAN descriptions you have defined for each VLAN on the VLAN Membership sc...

Page 34: ...Tagged U status for each port is displayed in this column Click Save Settings to save your changes or click Cancel Changes to undo them QoS Bandwidth Management Quality of Service QoS features let you control how the Router manages network traffic With Bandwidth Management Layer 3 the Router can provide better service to selected types of network traffic There are two types of functionality availa...

Page 35: ...hem Click Exit to return to the Bandwidth Management screen IP Enter the IP address or range you need to control To include all internal IP addresses keep the default 0 Direction Select Upstream for outbound traffic or select Downstream for inbound traffic Min Rate Enter the minimum rate for the guaranteed bandwidth Max Rate Enter the maximum rate for the maximum bandwidth Enable Select Enable to ...

Page 36: ... the total bandwidth The default is Middle Enable Select Enable to use this Priority rule Click Add to List and configure as many rules as you would like up to a maximum of 50 To delete a rule select it and click Delete selected application Click Summary to see a summary of the Priority rules The Summary screen appears Summary Priority Selected To change a rule click Edit To update the list click ...

Page 37: ...to which the CoS priority is mapped You can designate up to four traffic priority queues configured on the Queue Settings screen To reset the CoS queue settings to their factory defaults click Restore Defaults The defaults are 2 1 1 2 3 4 and 4 for the Priority values 0 to 7 Click Save Settings to save your changes or click Cancel Changes to undo them QoS Queue Settings You can set the Router to s...

Page 38: ...Remote Management feature will be enabled SPI Stateful Packet Inspection This option is enabled by default The Router s firewall uses Stateful Packet Inspection to review the information that passes through thefirewall Itinspectsallpacketsbasedontheestablished connection prior to passing the packets for processing through a higher protocol layer DoS DenialofService Thisoptionisenabledbydefault It ...

Page 39: ...ock access select Access to HTTP Proxy Servers Don t block Java ActiveX Cookies Proxy to Trusted Domains To keep trusted sites unblocked select this option Click Save Settings to save your changes or click Cancel Changes to undo them Firewall Access Rules Access rules evaluate network traffic to decide whether or not it is allowed to pass through the Router s firewall Access Rules look specificall...

Page 40: ...nge ClickAddtoList ClickSaveSettingstosaveyourchanges or click Cancel Changes to undo them Click Exit to return to the Add a New Access Rule screen If you want to modify a service you have created select it and click Update this service Make changes Click Save Settings to save your changes or click Cancel Changes to undo them Click Exit to return to the Add a New Access Rule screen If you want to ...

Page 41: ...ding IP addresses in the Addr Range Begin and Addr Range End fields Scheduling Apply this rule Decide when you want the access rule to be enforced and enter the hours and minutes in 24 hour format The default condition for any new rule is to always enforce it Decide which days of the week you want the access rule to be enforced and select the appropriate days Click Save Settings to save your chang...

Page 42: ...ed To add an entry click Add to list To remove an entry from the list select the entry and click the Delete selected entry Click Save Settings to save your changes or click Cancel Changes to undo them Click Exit to return to the Content Filter screen To delete a group select it and click Delete selected group on the Content Filter screen To change the settings of a group select it and click Edit G...

Page 43: ...emote Gateway It shows the IP address of the Remote Gateway Tunnel Test Click Connect to verify the status of the VPN tunnel The test result will be updated in the Status column If the tunnel is connected a Disconnect button will be available so you can end the connection Config Click Edit to open a new screen where you can change the tunnel s settings Refer to the Gateway to Gateway section for m...

Page 44: ...he IP address When the Remote Security Gateway requests to create a tunnel with the Router the Router will work as a responder E mail address Enter the e mail address for authentication Local Security GroupType Select the local LAN user s behind the Router that can use this VPN tunnel Select the type you want to use IP Subnet or IP Range Follow the instructions for the type you want to use NOTE Th...

Page 45: ... of the tunnel and then enter the IP address IP by DNS Resolved Select this option if you do not know the static IP address of the remote VPN device but you do know its domain name Then enter the remoteVPN device s domain name on the Internet The Router will retrieve the IP address of the remote VPN device E mail address Enter the e mail address as an ID Dynamic IP Domain Name FQDN Authentication ...

Page 46: ...me authentication method Phase 1 SA Life Time Configure the length of time a VPN tunnel is active in Phase 1 The default value is 28800 seconds Perfect Forward Secrecy If the Perfect Forward Secrecy PFS feature is enabled IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication so hackers using brute force to break encryption keys will not be able to obta...

Page 47: ...ues thentherestoftheAuthenticationKey will be automatically completed with zeroes until it has 32 hexadecimal values If SHA is selected the Authentication Key is 40 bit which requires 40 hexadecimal values If you do not enter enough hexadecimal values then the rest of the Authentication Key will be automatically completed with zeroes until it has 40 hexadecimal values Make sure both ends of the VP...

Page 48: ...le Point to Point sessions via the Internet on the Layer 2 level L2TP PassThrough is enabled by default Click Save Settings to save your changes or click Cancel Changes to undo them SSLVPN Summary This screen displays general information about the SSL VPN tunnels The Router supports up to five SSL VPN tunnels SSL VPN Summary Summary Tunnel Used The number of VPN tunnels being used is displayed Tun...

Page 49: ... and follow the on screen instructions After you have selected the file click Import ExistingCertificate Thefilenameofthecurrentcertificate is displayed SSLVPN User Management Define users for your SSL VPN tunnels SSL VPN User Management User Management Edit Group AuthenticationType Select the type you want to use Local User Database RADIUS PAP RADIUS CHAP RADIUS MSCHAP RADIUS MSCHAPV2 NT Domain A...

Page 50: ...Config Click Edit to change the user s settings on the User Management screen To add a new user click Add User The maximum number of users is 128 The User Management screen appears Add a User to the Local User Database Configure the following settings User Name Enter the name the user will use to log into the SSL VPN Portal User Type For users with Local User Database authentication select User or...

Page 51: ...ation SNMP Global Parameters Global Parameters Enable SNMP To use SNMP select this option SNMPv3 Local Engine ID If you want to manually generate the local engine ID enter the values in text form and then click Save Settings The Router will automatically generate an engine ID in hexadecimal characters Use Default If you want the Router to generate engine IDs based on the device MAC address select ...

Page 52: ... a new view name SubTree ID Tree Linksys supports user defined OIDs These are some of the common MIB OIDs IP MB 1 3 1 2 1 48 IF MIB 1 3 6 1 2 1 31 TCP MIB 1 3 6 1 2 1 49 UDP MIB 1 3 6 1 2 1 50 SNMPv2 MIB 1 3 6 1 6 3 1 RCF1213 MIB 1 3 6 1 2 1 1 SNMP VIEW BASED ACM MIB 1 3 6 1 6 3 16 SNMP COMMUNITY MIB 1 3 6 1 6 3 18 SNMP FRAMEWORK MIB 1 3 6 1 6 3 10 SNMP MPD MIB 1 3 6 1 6 3 11 SNMP USER BASED SM MI...

Page 53: ...er Engine ID Select Local if the user is connected to a local SNMP entity Select Remote if the user is connect to a remote SNMP entity Then enter the remote engine ID Group Name Select a group for the user Authentication Method Select the appropriate method MD5 Password SHA1 Password MD5 Key or SHA1 Key Password If MD5 or SHA1 Password is selected then only the password will be used for authentica...

Page 54: ...n entry select it and click Delete Click Save Settings to save your changes or click Cancel Changes to undo them SNMP Notification Recipient Define the types and frequencies of the notifications SNMP Notification Recipient Notification Recipient Recipient IP Enter the IP address that will receive the SNMP traps Notification Type Select the appropriate type Trap or Inform An Inform type requires re...

Page 55: ...transferred Enter the Syslog server name or IP address Click Save Settings to save your changes and then restart the Router for the changes to take effect E mail You may want logs or alert messages to be e mailed to you If so then configure the E mail settings Enable E Mail Alert Select this option to enable the Router s E Mail Alert feature Mail Server If you want any log or alert information e m...

Page 56: ...ses and failures and packet filtering policies The Firewall Log displays all activities regarding the Router s firewall The IPSec Log shows information about IPSec VPN tunnel activity The SSL Log shows information about SSL VPN tunnel activity Select the severity level of log events you wish to view Time The time of each log event is displayed You can sort each log by time sequence Event Type The ...

Page 57: ...n the Basic Setup Wizard 1 Your Internet Service Provider ISP may require you to use a host and domain name for your Internet connection If your ISP requires them complete the Host Name and Domain Name fields otherwise leave these blank Click Next to continue Click Exit if you want to exit the Setup Wizard Host and Domain Name Select the WAN or Internet Connection Type for the WAN port Select the ...

Page 58: ...Click Previous if you want to return to the previous screen Click Exit if you want to exit the Setup Wizard Static IP 4 On the DNS Servers screen enter the DNS server IP addresses you want to use you must enter at least one Click Next to continue and proceed to step 5 Click Previous if you want to return to the previous screen Click Exit if you want to exit the Setup Wizard DNS Servers PPPoE Compl...

Page 59: ... Exit if you want to exit the Setup Wizard Connect on Demand or Keep Alive If you want to save your changes click Save Settings Click Previous if you want to return to the previous screen Click Exit if you want to exit the Setup Wizard Save Settings Access Rule Setup Click Launch Now to run the Access Rule Setup Wizard 5 1 This screen explains the Access Rules including the Router s Default Rules ...

Page 60: ...the Interface pull down menu Select the Source IP address es for this Access Rule If it can be any IP address select Any If it is one IP address select Single and enter the IP address in the Source IP fields If it is a range of IP addresses select Range and enter the IP addresses in the Source IP fields Click Next to continue Click Previous if you want to return to the previous screen Click Exit i...

Page 61: ...you want to exit the Setup Wizard Save Settings 8 9 A screen appears to notify you that the settings have been saved If you want to add another Access Rule click OK and the first screen of the Access Rule Setup Wizard will appear If you want to exit the Access Rule Setup Wizard click Cancel and the Firewall Access Rules screen will appear Settings are Successful Support Access a variety of resourc...

Page 62: ...r Name and Password to log in and then manage the Router After you click the Logout tab a Warningscreen appears It will ask you to confirm that you want to delete the History Item for the Router The Web Cache Cleaner will prompt you to delete all temporary Internet files cookies and browser history during logout Click Yes Logout ...

Page 63: ...he Power LED should be green and not flashing If the Power LED is flashing then power off all of your network devices including the modem Router and computers Then power on each device in the following order Cable or DSL modem Router Computer Check the cable connections The computer should be connected to one of the ports numbered 1 4 on the Router and the modem must be connected to the Internet p...

Page 64: ...nt To configure the SSL VPN software your web browser must have SSL JavaScript ActiveX and cookies enabled these settings are enabled by default If the settings are already enabled proceed to the next section Make the SSL VPN Portal a Trusted Site If the settings are disabled you should enable them before configuring the Router Proceed to the instructions for your web browser Internet Explorer 6 0...

Page 65: ...l aTrusted Site Windows OS Most web browsers support multiple security zones with different permission levels Trusted sites have a lower security setting that will allow the Java and ActiveX content to work properly If your web browser s security settings are set to High you may need to add the SSL VPN Portal to your browser s list of trusted sites The following instructions are provided for Inter...

Page 66: ...only Installation of theVirtual Passage Client Windows OS The first time you create an SSL VPN tunnel you have to install the Virtual Passage Client on your computer Before you begin make sure you have administrative rights on your computer Then follow these instructions 1 2 3 Click the Unlock icon Click the Unlock Icon After you have logged in you will be asked to install the Web Cache Cleaner ap...

Page 67: ...uter System Tray Icon When you right click the icon you have three options Virtual Passage Menu Virtual Passage Status Click Virtual Passage Status to display a status screen indicating the connection status interfaces activity and status message Click Disconnect to end your session or click Close to exit this screen Disconnect Virtual Passage Click Disconnect Virtual Passage to end the session Di...

Page 68: ...tion Linksys recommends that you enable the User Account Control UAC feature Login for the SSLVPN Portal Mac OS X Follow these instructions to log in Enter the IP address of the Router https WAN IP address of the Router in your web browser Then press the Enter key A login screen appears Enter your user name in the User Name field and enter your password in the Password field 1 2 3 4 5 6 1 2 Click ...

Page 69: ...ed SSL VPN Tunnel Established To end the SSL VPN connection click Disconnect 2 3 4 NOTE If you used Safari or Firefox to establish theSSLVPNconnectionthroughHTTPandwant to switch to HTTPS to re establish the SSL VPN connection you must close your web browser before switching to HTTPS Removal of theVirtual Passage Client Mac OS X To remove the Virtual Passage Client follow these instructions In the...

Page 70: ... field and enter your password in the Password field Click Login SSL VPN Portal Login Screen If your user type is Administrator then you can access the web based utility If your user type is User then you can use Virtual Passage only Installation of theVirtual Passage Client Linux OS The first time you create an SSL VPN tunnel you have to install the Virtual Passage Client on your computer 1 2 3 B...

Page 71: ...N tunnel has been established SSL VPN Tunnel Established To end the SSL VPN connection click Disconnect Removal of theVirtual Passage Client Linux OS To remove the Virtual Passage Client follow these instructions In the sentence Click here to Uninstall VPN Tunnel client click the word here Click the Word Here 4 1 After the software is removed you will be notified Click OK Click OK 2 ...

Page 72: ...andwidth Management On the Service Management screen enter a name such as Vonage VoIP in the Service Name field 1 2 3 4 5 Add Vonage VoIP Service From the Protocol drop down menu select the protocol the VoIP service uses For example some VoIP devices use UDP Enter its SIP port range in the Port Range fields For example you can set the Port Range to 5060 to 5070 to make sure that all active ports a...

Page 73: ...ter the maximum rate for the maximum bandwidth For example you can set a maximum rate of 80 kbit sec Select Enable to enable this rule 1 2 3 4 5 6 7 8 9 10 11 12 13 After you have set up the rule click Add to list Set up a rule for Vonage 2 Select Vonage 2 from the Service drop down menu Enter the IP address or range you need to control To include all internal IP addresses keep the default 0 From ...

Page 74: ... feature To configure an Active Directory server Click the Start button of your Windows computer Click Settings Click Control Panel Double click Administrative Tools Click Next Welcome to the Configure Your Server Wizard Click Next Preliminary Steps 1 2 3 4 5 6 Select Domain Controller Active Directory and then click Next Server Role Click Next Summary of Selections 7 8 ...

Page 75: ...Click Next Welcome to the Active Directory Installation Wizard Click Next Operating System Compatibility 9 10 Select Domain controller for a new domain and then click Next Domain Controller Type Select Domain in a new forest and then click Next Create New Domain 11 12 ...

Page 76: ...ick Next New Domain Name Enter a domain NetBIOS name and then click Next NetBIOS Domain Name 13 14 Select the folders that will store the Active Directory database and log Then click Next Database and Log Folders Enter a location for the SYSVOL folder and then click Next Shared System Volume 15 16 ...

Page 77: ...2000 or Windows Server 2003 operating systems Then click Next Permissions 17 18 Enter your Administrator password for the Active Directory server Then enter it again in the Confirm password field Click Next Directory Services Restore Mode Administrator Password Click Next Summary The wizard configures Active Directory automatically and it notifies you when the configuration is complete Active Dire...

Page 78: ...ntication used by Active Directory to authenticate clients permits a maximum of a 15 minute time difference between the Windows server and the client the Router Make sure that your Windows server is configured for Active Directory authentication If you are using a Windows NT 4 0 server then your server only supports NT Domain authentication Typically Windows 2000 and 2003 servers are also configur...

Page 79: ...er Click Settings Click Control Panel Double click Administrative Tools Click Active Directory Users and Computers To create a user right click Users Active Directory Users and Computers 1 2 3 4 5 6 Enter the user information in the various name fields Enter a User login name and select the appropriate domain from the drop down menu Then click Next New Object User Name Enter the user password and ...

Page 80: ...72 User for the Active Directory Server 4 Port SSL IPSec VPN Router Appendix E Click Finish to create the new user New Object User Summary 9 ...

Page 81: ...e Programs Click Add Remove Windows Components Add or Remove Programs 1 2 3 In the Components section click Networking Services Click Details Select Internet Authentication Service Click OK Then click Next Windows Components Click the Start button of your Windows computer Click Settings Click Control Panel Double click Administrative Tools Click Internet Authentication Service Right click Remote A...

Page 82: ...cess Policy Wizard Select Set up a custom policy and enter a policy name Then click Next Policy Configuration Method 11 12 To add a policy click Add Policy Conditions Select Client IP Address and then click Add Select Attribute Enter an IP address and then click OK Enter the Router s LAN IP address Client IP Address 13 14 15 ...

Page 83: ...ext Policy Conditions Select Grant remote access permission and then click Next Permissions 16 17 Click Edit Profile Profile On the Authentication tab deselect remove the checkmark from Microsoft Encryption Authentication version 2 and Microsoft Encrypted Authentication Select Unencrypted authentication Click Apply Authentication 18 19 ...

Page 84: ...y Encryption Click Finish Completing the New Remote Access Policy Wizard Make sure the policy has been added Click the Start button Click Settings Click Control Panel Double click Administrative Tools 20 21 22 23 24 25 26 Click Internet Authentication Service Internet Authentication Service Right click Remote Access Policies and click New Connection Request Policy Connection Request Policies 27 28...

Page 85: ...on Request Policy Wizard Select A custom policy and enter a policy name Then click Next Policy Configuration Method 29 30 To add a policy click Add Policy Conditions Select Client IP Address and then click Add Select Attribute Enter an IP address and then click OK Enter the Router s LAN IP address Client IP Address 31 32 33 ...

Page 86: ...a policy has been added and then click Next Policy Conditions Click Edit Profile Request Processing Method 34 35 On the Authentication tab select Authenticate request on this server and then click OK Authentication Click Finish Completing the New Connection Request Processing Policy Wizard 36 37 ...

Page 87: ...ation Type drop down menu select LDAP SSL VPN User Management In the Server Address field enter the IP address or domain name of the server In the LDAPBaseDN field enter the Base Distinguished Name defined in the configuration file of your LDAP server NOTE User names and passwords should be defined in the configuration file of your LDAP server For more information refer to the documentation for yo...

Page 88: ...e RV082 LAN Physically connect a numbered port Ethernet 1 4 on the RVL200 to a LAN port on the RV082 Access the web based utility of the RVL200 Refer to Chapter 4 Advanced Configuration for details Click the DHCP tab 1 2 3 Remove the checkmark from the Enable DHCP Server setting Click Save Settings Click the Setup tab Click the Advanced Routing tab In the Static Routing section enter 0 0 0 0 in th...

Page 89: ... Virtual Passage via the WAN IP of the RV082 WAN1 WAN2 Corporate Network LAN 192 168 1 100 192 168 1 200 Headquarters RV082 RVL200 WAN to RV082 LAN To connect the RVL200 WAN to the RV082 LAN Physically connect the Internet port on the RVL200 to a LAN port on the RV082 Configure the Virtual Passage IP so it is in the network range of the RV082 LAN side After an SSL VPN client establishes its connec...

Page 90: ...ay Uses a Dynamic IP Address RVL200 WAN A A A A LAN 192 168 5 1 RV082 WAN B B B B LAN 192 168 1 1 Gateway to Gateway IPSec VPN Tunnel Remote Gateway Using Static IP NOTE Each computer must have a network adapter installed Configuration of the RVL200 Follow these instructions for the first VPN Router designated RVL200 The other VPN Router is designated the RV082 Launch the web browser for a network...

Page 91: ...the RV082 will be automatically detected For the Local Security GroupType select Subnet Enter the RV082 s local network settings in the IPAddressand Subnet Mask fields RV082 VPN Settings 10 11 12 1 2 3 4 5 6 7 For the Remote Security Gateway Type select IP address Enter the RVL200 s WAN IP address in the IP Address field For the Remote Security Group Type select Subnet Enter the RVL200 s local net...

Page 92: ... A A A A of the RVL200 will be automatically detected For the Local Security GroupType select Subnet Enter the RVL200 s local network settings in the IP Address and Subnet Mask fields 1 2 3 4 5 6 7 RVL200 IPSec VPN Settings For the Remote Security Gateway Type select IP by DNS Resolved Enter the RV082 s domain name in the field provided For the Remote Security Group Type select Subnet Enter the RV...

Page 93: ...8 9 10 11 12 Configuration when Both Gateways Use Dynamic IP Addresses ThisexampleassumesbothGatewaysareusingdynamicIP addresses If the Remote Gateway uses a static IP address refer to Configuration when the Remote Gateway Uses a Static IP Address If only the Remote Gateway uses a dynamic IP address refer to Configuration when the Remote Gateway Uses a Dynamic IP Address RVL200 Dynamic IP A A A A ...

Page 94: ... Gateway to Gateway tab Enter a name in the Tunnel Name field For the VPN Tunnel setting select Enable 8 9 10 11 12 1 2 3 4 5 6 The WAN IP address B B B B of the RV082 will be automatically detected For the Local Security GroupType select Subnet Enter the RV082 s local network settings in the IPAddressand Subnet Mask fields RV082 VPN Settings For the Remote Security Gateway Type select IP by DNS R...

Page 95: ... number RVL200 one of which is connected to the Internet Two 10 100 4 Port VPN Routers model number RV042 one of which is connected to the Internet Configuration of Scenario 1 In this scenario Router A is the RVL200 Initiator while Router B is the RVL200 Responder 192 168 2 100 192 168 1 101 WAN 192 168 99 22 Router B RVL200 Responder LAN 192 168 2 0 24 WAN 192 168 99 11 NAT 2 RV042 LAN 192 168 11...

Page 96: ...uctions for Router B Launch the web browser for a networked computer designated PC 2 Access the web based utility of the Router B Refer to Chapter 4 Advanced Configuration for details Click the IPSec VPN tab Click the Gateway to Gateway tab Enter a name in the Tunnel Name field For the VPN Tunnel setting select Enable The WAN IP address of Router B will be automatically detected For the Local Secu...

Page 97: ...ype select Subnet Enter Router B s local network settings in the IP Address and Subnet Mask fields For the Remote Security Gateway Type select IP address Enter 192 168 99 1 in the IP Address field Router B s IPSec VPN Settings 1 2 3 4 5 6 7 8 Configuration of Scenario 2 In this scenario Router B is the RVL200 Initiator while Router A is the RVL200 Responder Router B will have the Remote Security G...

Page 98: ...ab Click the Gateway to Gateway tab Enter a name in the Tunnel Name field For the VPN Tunnel setting select Enable The WAN IP address of Router A will be automatically detected For the Local Security GroupType select Subnet Enter Router A s local network settings in the IP Address and Subnet Mask fields Router A s IPSec VPN Settings NOTE This configuration is the same as the configuration of Route...

Page 99: ...cess the web based utility of the RVL200 Refer to Chapter 4 Advanced Configuration for details Click the Setup tab 1 2 3 RVL200 with Multiple Subnets RVL200 LAN IP 192 168 1 1 Multiple Subnet IP 192 168 7 0 24 Multiple Subnet IP 192 168 20 0 24 Static Route 1 Destination IP 192 168 7 0 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 2 Interface LAN Static Route 2 Destination IP 192 168 20 0 Su...

Page 100: ... 168 1 2 in the Default Gateway field Enter 1 in the Hop Count field Select LAN from the Interface drop down menu To create the first static route click Add to list In the Static Routing section enter 192 168 20 0 in the Destination IP field Enter 255 255 255 0 in the Subnet Mask field Enter 192 168 1 20 in the Default Gateway field Enter 1 in the Hop Count field Select LAN from the Interface drop...

Page 101: ...ccess the web based utility of the RV042 2 Refer to the User Guide of the RV042 for details Click the Setup tab Click the More tab Click the Advanced Routing tab For the Working Mode setting select Router In the Static Routing section enter 192 168 20 0 in the Destination IP field Enter 255 255 255 0 in the Subnet Mask field Enter 192 168 1 20 in the Default Gateway field Enter 1 in the Hop Count ...

Page 102: ...rt SSL IPSecVPN Router model number RVL200 can support multipleVirtual Local Area Networks VLANs The configuration example shows the Router deploying a Layer 2 managed switch which deploys three VLANs This example uses the Linksys 48 Port 10 100 1000 4 Port miniGBIC Switch with WebView model number SRW2048 however any of the Linksys SRW switches with 802 1Q VLAN support can also be used RVL200 to ...

Page 103: ...ID drop down menu Enter a description in the Description field Select Tagged in the Port 4 column Select 3 from the VLAN ID drop down menu Enter a description in the Description field Select Tagged in the Port 4 column Select 4 from the VLAN ID drop down menu 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Enter a description in the Description field Select Tagged in the Port 4 column Click Save ...

Page 104: ...inksys SRW switches with 802 1Q VLAN support can also be used RVL200 Configuration Basic Instructions To configure the multiple subnets refer to Appendix K Configuration of Multiple Subnets 1 To configure the multiple VLANs refer to Appendix L Multiple VLANs with Computers Access the web based utility of the RVL200 Refer to Chapter 4 Advanced Configuration for details Click the DHCP tab Click the ...

Page 105: ...ss Enter 192 168 4 1 This is the default which you can overwrite Subnet Mask Select 255 255 255 0 Range Start Enter 100 Range End Enter 149 Click Save Settings Inter VLAN Routing Option To allow packets to travel from one VLAN to another follow these instructions optional Access the web based utility of the RVL200 Refer to Chapter 4 Advanced Configuration for details Click the DHCP tab Click the I...

Page 106: ...fferent VLAN Static Route On the local computer designated PC 2 configure a static route to access a member of a different VLAN Follow the instructions for the operating system of PC 2 Windows Operating System OS Click Start Select Programs Accessories Command Prompt 1 2 At the cmd prompt enter the following route add destination ip mask 255 255 255 0 gateway ip Example route add 192 168 3 0 mask ...

Page 107: ... Explorer Click Tools Click Internet Options Internet Explorer Tools Click the Privacy tab Internet Explorer Tools Tools 1 2 3 4 Deselect remove the checkmark from Block pop ups Internet Explorer Tools Internet Options Privacy Click OK How to Access theWeb Based Utility For local access of the Router s web based utility launch your web browser and enter the Router s default IP address 192 168 1 1 ...

Page 108: ...mware Download from Linksys Web Site System Management Firmware Upgrade The Support page of the Linksys website appears Select 4 Port SSL IPSec VPN Router from the drop down menu and choose the firmware from the available options After downloading the firmware file extract it on your computer In the Firmware Upgrade instructions click the Browse button to look for the file After you have selected ...

Page 109: ...Battery NOTE To replace the battery the top case of the Router must be removed Disassembling the Router will void its warranty however the battery s operating life is longer than the one year warranty of the Router To replace the battery follow these instructions Obtain a replacement CR2032 lithium battery Power off the Router Remove the four rubber feet from the bottom panel of the Router Remove ...

Page 110: ...ervice DoS Prevention Ping of Death SYN Flood IP Spoofing Secure Management HTTPS Username Password QoS Layer 2 Prioritization Based on DSCP 802 1p or Physical Ports Bandwidth Management of WAN Upstream and Downstream based on Services TCP UDP Ports Network VLAN Support Supports 16 802 1Q VLANs DHCP DHCP Server DHCP Client DNS Relay Proxy Dynamic DNS NAT PAT NAPT SIP ALG Support DMZ One PC in the ...

Page 111: ...n Materials Authorization RMA number You are responsible for properly packaging and shipping your product to Linksys at your cost and risk You must include the RMA number and a copy of your dated proof of Appendix R Warranty Information Linksys warrants this Linksys hardware product against defects in materials and workmanship under normal use for the Warranty Period which begins on the date of pu...

Page 112: ...anada are responsible for all shipping and handling charges custom duties VAT and other associated taxes and charges Repairs or replacements not covered under this limited warranty will be subject to charge at Linksys then current rates Technical Support This limited warranty is neither a service nor a support contract Information about Linksys current technical support offerings and policies incl...

Page 113: ...her than the receiver s Consult a dealer or an experienced radio TV technician for assistance Safety Notices Caution To reduce the risk of fire use only No 26 AWG or larger telecommunication line cord Do not use this product near water for example in a wet basement or near a swimming pool Avoid using this product during an electrical storm There may be a remote risk of electric shock from lightnin...

Page 114: ...ěrnice 2002 96 ES zakazuje aby zařízení označené tímto symbolem na produktu anebo na obalu bylo likvidováno s netříděným komunálním odpadem Tento symbol udává že daný produkt musí být likvidován odděleně od běžného komunálního odpadu Odpovídáte za likvidaci tohoto produktu a dalších elektrických a elektronických zařízení prostřednictvím určených sběrných míst stanovených vládou nebo místními úřady...

Page 115: ...οίο αγοράσατε το προϊόν Français French Informations environnementales pour les clients de l Union européenne La directive européenne 2002 96 CE exige que l équipement sur lequel est apposé ce symbole sur le produit et ou son emballage ne soit pas jeté avec les autres ordures ménagères Ce symbole indique que le produit doit être éliminé dans un circuit distinct de celui pour les déchets des ménage...

Page 116: ...rendezéseinek felszámolásához további részletes információra van szüksége kérjük lépjen kapcsolatba a helyi hatóságokkal a hulladékfeldolgozási szolgálattal vagy azzal üzlettel ahol a terméket vásárolta Nederlands Dutch Milieu informatie voor klanten in de Europese Unie DeEuropeseRichtlijn2002 96 ECschrijftvoordatapparatuurdie is voorzien van dit symbool op het product of de verpakking nietmagword...

Page 117: ...že zabrániť prípadným negatívnym dopadom na životné prostredie a zdravie ľudí Ak máte záujem o podrobnejšie informácie o likvidácii starého zariadenia obráťte sa prosím na miestne orgány organizácie zaoberajúce sa likvidáciou odpadov alebo obchod v ktorom ste si produkt zakúpili Slovenčina Slovene Okoljske informacije za stranke v Evropski uniji Evropska direktiva 2002 96 EC prepoveduje odlaganje ...

Page 118: ...n Website http www linksys com Support Site http www linksys com support FTP Site ftp linksys com Advice Line 800 546 5797 LINKSYS Support 800 326 7114 RMA Return Merchandise Authorization http www linksys com warranty NOTE Details on warranty and RMA issues can be found in the Warranty section of this Guide 7112610C JL ...

Search results

Summary of Contents for Linksys RVL200

Reviews:

Cisco Linksys RVL200, User Manual, Page: 106 / 118

Search results

Summary of Contents for Linksys RVL200

Reviews: