manualshive.com logo in svg

Cisco QuickVPN - PC, Administration Manual

Cisco QuickVPN is a user-friendly VPN solution for PCs, empowering secure remote access. Simplify network administration with our comprehensive Administration Manual, available for free download at manualshive.com. This manual offers step-by-step instructions and comprehensive guidance to ensure a seamless setup and usage experience for our valued users.

Share
Download
background image

Networking and Security Basics

The Intrusion Prevention System (IPS)

Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide

19

2

 

The Intrusion Prevention System (IPS)

IPS is an advanced technology to protect your network from malicious attacks. IPS 
works together with your SPI Firewall, IP Based Access Control List (ACL), 
Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to 
achieve the highest level of security. IPS works by providing real-time detection 
and prevention as an in-line module in a router.

The WRVS4400N wireless router has hardware-based acceleration for real-time 
pattern matching for detecting malicious attacks. It actively filters and drops 
malicious TCP/UDP/ICMP/IGMP packets and can reset TCP connections. This 
protects your client personal computers and servers running various operating 
systems including Windows, Linux, and Solaris from network worm attacks. 
However, this system does not prevent viruses contained in e-mail attachments.

The P2P (peer to peer) and IM (instant messaging) control allows you to prevent 
network users from using those protocols to communicate with people over the 
Internet. This helps the administrators to set up company policies on how to use 
their Internet bandwidth wisely. 

The signature file is the heart of the IPS system. It is similar to the virus definition 
files on your personal computer’s Anti-Virus programs. IPS uses this file to match 
against packets coming in to the Router and performs actions accordingly. As of 
today, the Wireless-N Router is shipped with signature file version 1.3.8 and with a 
total of 1101 rules. The rules cover the following categories: DDoS, Buffer 
Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus, Worm, and 
Web Attacks. 

It is recommended that you update your IPS signature file regularly to thwart new 
attack types. 

The following diagram illustrates a number of IPS scenarios.

Summary of Contents for QuickVPN - PC

Page 1: ...Cisco Small Business WRVS4400N Wireless N Gigabit Security Router with VPN ADMINISTRATION GUIDE ...

Page 2: ...llaboration Without Limitation EtherFast EtherSwitch Event Center Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone iQuick Study IronPort the IronPort logo LightStream Linksys MediaTone MeetingPlace MeetingPlace Chime Sound MGX Networkers Networking Academy Network Registrar PCNow PIX PowerPanels ProConnect ScriptShare SenderBase SMARTnet Spectrum Expert StackW...

Page 3: ...d Security Basics 16 An Introduction to LANs 16 The Use of IP Addresses 17 The Intrusion Prevention System IPS 19 Chapter 3 Planning Your Virtual Private Network VPN 21 Why do I need a VPN 21 MAC Address Spoofing 22 Data Sniffing 22 Man in the Middle Attacks 22 What is a VPN 23 VPN Router to VPN Router 24 Computer to VPN Router 25 Chapter 4 Getting Started with the WRVS4400N Router 26 Front Panel ...

Page 4: ...Setup Settings 45 Displaying A Read Only Summary of the Basic Router Information 46 Configuring Internet Connection Settings 48 Configuring Local Area Network LAN Settings 60 Using The DMZ Demilitarized Zone Host Feature to Access Special Purpose Internet Services 63 Cloning Your Network Adapter s MAC Address onto Your Router 65 Configuring the Router s Advanced Settings 66 Changing the Router s T...

Page 5: ...g 110 Configuring the ProtectLink Gateway service 112 Configuring the VPN Settings 113 Displaying A VPN Status Summary of the IPSec Tunnel and Clients 113 Configuring IPSec VPN 116 Configuring VPN Client Accounts 123 Configuring VPN Passthrough 125 Configuring the QoS Settings 126 Managing Bandwidth 127 Configuring QoS 129 Configuring DSCP 130 Configuring the Administration Settings 131 Configurin...

Page 6: ...d Port Assignment 152 Configuring RADIUS Mode 154 Configuring Port Settings 155 Viewing Statistics Overview 157 Mirroring Ports 158 Configuring RSTP 159 Viewing Status 160 Viewing WAN Gateway Status 161 Viewing Local Network Status 163 Viewing Wireless LAN Status 165 Viewing System Performance 166 Chapter 6 Using the VPN Setup Wizard 168 VPN Setup Wizard 168 Before You Begin 168 Running the VPN Ro...

Page 7: ...ent 212 Configuring the VPN Settings for the VPN Routers 212 Configuring the VPN Settings for VPN Router 1 212 Configuring the VPN Settings for VPN Router 2 213 Configuring the Key Management Settings 214 Configuring the Key Management Settings for VPN Router 1 214 Configuring the Key Management Settings for VPN Router 2 215 Configuring PC 1 and PC 2 215 Appendix D Finding Out MAC and IP Addresses...

Page 8: ...e Service 222 ProtectLink Web Protection 222 ProtectLink Email Protection 226 ProtectLink License 226 Appendix F Specifications 228 General 228 Performance 229 Management 229 Security 230 QoS 230 Layer 2 231 Environmental 231 Appendix G Where to Go From Here 232 Product Resources 232 Related Documentation 233 ...

Page 9: ...TE This checkmark indicates there is a note of interest and is something you should pay special attention to while using the router Organization This table describes the contents of each chapter in this document Chapter Title Description Chapter 1 Introduction Introduces the product and this user manual Chapter 2 Networking and Security Basics Introduces basic networking and security concepts Chap...

Page 10: ...uickVPN for Windows 2000 XP or Vista Explains how to install and use the Cisco QuickVPN software Appendix C Configuring a Gateway to Gateway IPSec Tunnel Explains how to establish a secure IPSec tunnel using preshared keys to join a private network inside the router and a Windows 2000 or XP computer Appendix D Finding Out MAC and IP Addresses Describes how to find the MAC address for your computer...

Page 11: ...a specific folder or disk drive Perform advanced searches Finding Text in a PDF Follow this procedure to find text in a PDF file STEP 1 Enter your search terms in the Find text box on the toolbar NOTE By default the Find tool is available at the right end of the Acrobat toolbar If the Find tool does not appear choose Edit Find STEP 2 Optionally click the arrow next to the Find text box to refine y...

Page 12: ... Professional or Adobe Reader STEP 2 Choose Edit Search or click the arrow next to the Find box and then choose Open Full Acrobat Search STEP 3 In the Search window complete the following steps a Enter the text that you want to find b Choose All PDF Documents in From the drop down box choose Browse for Location Then choose the location on your computer or local network and click OK c If you want t...

Page 13: ...th VPN Administration Guide xiii d Click Search STEP 4 When the Results appear click to open a folder and then click any link to open the file where the search terms appear For more information about the Find and Search functions see the Adobe Acrobat online help ...

Page 14: ...tion by IEEE The WRVS4400N wireless router also supports 802 11g and 802 11b clients in a mixed environment The built in access point can support an 11n data rate of up to 300 Mbps In addition to having a higher data rate 802 11n technology also promises longer coverage by using multiple antennas to transmit and receive data streams in different directions U The Cisco WRVS4400N Wireless N Gigabit ...

Page 15: ...ling users to securely connect into your office network from off site Users connecting through a VPN tunnel are attached to your company s network with secure access to files e mail and your intranet as if they were in the building You can also use the VPN capability to allow users on your small office network to securely connect out to a corporate network The QoS features of the Cisco WRVS4400N W...

Page 16: ...ernet cannot see your personal computers This is how your LAN remains private The router protects your network by inspecting the first packet coming in through the Internet port before delivery to the final destination on one of the Ethernet ports The router inspects Internet port services like the web server FTP server or other Internet applications and if allowed it will forward the packet to th...

Page 17: ...P based network including personal computers print servers and routers requires an IP address to identify its location or address on the network This applies to both the Internet and LAN connections There are two ways of assigning IP addresses to your network devices A static IP address is a fixed IP address that you assign manually to a personal computer or other device on the network Since a sta...

Page 18: ...every time a new user is added to your network For DSL users many ISPs may require you to log on with a user name and password to gain access to the Internet This is a dedicated high speed connection type called Point to Point Protocol over Ethernet PPPoE PPPoE is similar to a dial up connection but PPPoE does not dial a phone number when establishing a connection It also will provide the router w...

Page 19: ...stems including Windows Linux and Solaris from network worm attacks However this system does not prevent viruses contained in e mail attachments The P2P peer to peer and IM instant messaging control allows you to prevent network users from using those protocols to communicate with people over the Internet This helps the administrators to set up company policies on how to use their Internet bandwid...

Page 20: ...Networking and Security Basics The Intrusion Prevention System IPS Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 20 2 ...

Page 21: ...nt outside of your local network when e mails are sent to their destination or when you have to connect to your company s network when you are out on the road How is your data protected That is when a VPN can help VPNs are called Virtual Private Networks because they secure data moving outside of your network as if it were still within that network When data is sent out across the Internet from yo...

Page 22: ... Data sniffing is a method used by hackers to obtain network data as it travels through unsecured networks such as the Internet Tools for just this kind of activity such as protocol analyzers and network diagnostic tools are often built into operating systems and allow the data to be viewed in clear text Man in the Middle Attacks Once the hacker has either sniffed or spoofed enough information he ...

Page 23: ...urity VPN creates a secure connection that in effect operates as if you were directly connected to your local network VPN can be used to create secure networks linking a central office with branch offices telecommuters and or professionals on the road travelers can connect to a VPN router using any computer with the Cisco QuickVPN Client software There are two basic ways to create a VPN connection...

Page 24: ...uter for his always on Internet connection His router is configured with his office s VPN settings When he connects to his office s router the two routers create a VPN tunnel encrypting and decrypting data As VPNs utilize the Internet distance is not a factor Using the VPN the telecommuter now has a secure connection to the central office s network as if he were physically connected For more infor...

Page 25: ...h is configured with her office s IP address She accesses the Cisco QuickVPN Client software and connects to the VPN router at the central office As VPNs utilize the Internet distance is not a factor Using the VPN she now has a secure connection to the central office s network as if she were physically connected For additional information and instructions about creating your own VPN please visit w...

Page 26: ...r This chapter describes the physical features of the WRVS4400N router and provides information for installing the router The following sections are included Front Panel on page 27 Back Panel on page 28 WRVS4400N Antennas on page 28 Placement Options on page 29 Installing the Router on page 32 Configuring the Router on page 34 ...

Page 27: ...detected It flashes red when an internal attack is detected Wireless LED The WIRELESS LED lights up when the wireless module is enabled The LED is off when the wireless module is disabled The WIRELESS LED flashes green when the data is transmitting or receiving on the wireless module Ethernet Port LEDs 1 4 For each LAN port there are three LEDs If a port LED is continuously lit green the router is...

Page 28: ...f the router is having problems connecting to the Internet press the Reset button for just a second with a paper clip or a pencil tip This is similar to pressing the reset button on your personal computer to reboot it If you are experiencing extreme problems with the router and have tried all other troubleshooting measures press and hold in the Reset button for 10 seconds This restores the factory...

Page 29: ...urity Router with VPN Administration Guide 29 4 Placement Options You can place the router horizontally on the rubber feet mount it in the stand or mount it on the wall Desktop Option For desktop placement place the Cisco WRVS4400N router horizontally on a surface so it sits on its four rubber feet ...

Page 30: ...upplied stands follow the steps below To place the router vertically follow these steps STEP 1 Locate the left side panel of the router STEP 2 With the two large prongs of one of the stands facing outward insert the short prongs into the little slots in the router and push the stand upward until the stand snaps into place 274945 POWER DIAG IPS WIRELESS ETHERNET WRVS4400N 10 100 1000 1 2 3 4 INTERN...

Page 31: ... Determine where you want to mount the router and install two screws not supplied that are 2 9 16 in apart approximately 64 5 mm STEP 2 With the back panel pointing up if installing vertically line up the router so that the wall mount crisscross slots on the bottom of the access point line up with the two screws STEP 3 Place the wall mount slots over the screws and slide the router down until the ...

Page 32: ...type of Internet connection from your Internet Service Provider ISP Power off all of your network hardware including the router PCs and cable modem or DSL modem Perform the steps in this section to install the hardware STEP 1 Connect one end of an Ethernet network cable to one of the LAN ports labeled 1 4 on the back of the router Connect the other end to an Ethernet port on a PC STEP 2 Repeat ste...

Page 33: ...r DSL modem to the Internet port on the router s back panel STEP 4 Power on the cable or DSL modem STEP 5 Connect the power adapter to the Power port on the router and plug the other end into an electrical outlet STEP 6 The Power and Internet LEDs on the front panel will light up green as soon as the power adapter is connected properly STEP 7 Power on the PCs The router hardware installation is no...

Page 34: ...will appear with the Setup menu and Summary selected Click WAN under the Setup menu STEP 6 If requested by your ISP usually cable ISPs complete the Host Name and Domain Name fields and the MTU and MTU Size fields Otherwise leave the defaults STEP 7 In the WAN window choose an Internet Connection Type from the drop down menu Depending on which internet connection type you select additional setup ma...

Page 35: ... finished entering your Internet connection settings click Save STEP 9 Restart or power on your PC to obtain the new router setting STEP 10 Test the setup by opening your web browser from any computer and entering http www cisco com smb Congratulations The installation of the router is complete NOTE For more information about advanced settings and security options refer to the Cisco WRVS4400N Wire...

Page 36: ...irefox from a computer connected to the same network the router is connected to This chapter includes the following sections Accessing the Web Based Utility on page 37 Navigating the Utility on page 38 Setting Up Your Wireless N Router on page 44 Configuring Wireless Settings on page 76 Configuring Firewall Settings on page 96 Configuring the ProtectLink Gateway service on page 112 Configuring the...

Page 37: ...y configuring the wireless interface of your personal computer to obtain its IP address automatically from a DHCP server NOTE Wirelessly connecting your personal computer to the router for initial configuration is not recommended because you might lose the connection while making wireless configuration changes To access the router s web based utility follow these steps STEP 1 Launch a web browser ...

Page 38: ...ting the Utility Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 38 5 Navigating the Utility The web based utility consists of the following main windows Setup Wireless Firewall ProtectLink VPN QoS Administration IPS L2 Switch Status ...

Page 39: ...Z Demilitarized Zone Host feature to allow a local user to access special purpose Internet services such as Internet gaming and video conferencing MAC Address Clone Enables the cloning of your network adapter s MAC address onto the router This obviates the need to call your ISP to have the registered MAC address changed to the router s MAC address should your ISP require that you register your MAC...

Page 40: ...ity of Service QoS settings WDS Configures Wireless Distribution System WDS settings Firewall This window allows you to configure basic firewall settings IP access list and Network Address Port Translation NAT settings for your network s security through the following windows Basic Settings Configures basic firewall settings IP Based ACL Defines an IP based access list to block specific hosts netw...

Page 41: ...nnel status summary IPSec VPN Allows the VPN router to create one or multiple tunnels or secure channels each connecting between two endpoints so that the transmitted data or information between these endpoints is secure VPN Client Accounts Designates VPN clients and their passwords VPN Pass Through Allows you to disable IPSec Passthrough PPTP Passthrough and L2TP Passthrough QoS This window allow...

Page 42: ...or Internet Backup Restore Allows you to back up and restores the Gateway s configuration file Factory Defaults Allows you to restore the router s factory defaults Reboot Allows you to reboot the router Firmware Upgrade Allows you to upgrade the router s firmware IPS This window allows you to carry out advanced configuration of the built in Intrusion Prevention System IPS inside the router through...

Page 43: ...In User Service RADIUS settings Port Setting Configures port speeds and duplex operation Statistics Displays statistics for both received and transmitted packets Port Mirroring Configures port mirroring RSTP Configures RSTP Rapid Spanning Tree Protocol settings Status This window allows you to monitor the current status of the router through the following windows Gateway Provides basic information...

Page 44: ...onfiguring Local Area Network LAN Settings on page 60 Using The DMZ Demilitarized Zone Host Feature To Access Special Purpose Internet Services on page 63 Cloning Your Network Adapter s MAC Address onto Your Router on page 65 Configuring the Router s Advanced Settings on page 66 Changing the Router s Time Settings on page 70 Selecting IPv4 Mode or Dual Stack IPv4 And IPv6 Mode on page 72 The Setup...

Page 45: ...vanced Routing Click Setup Advanced Routing If you are connecting the router to the Internet use the default setting Otherwise select Router in the Operation Mode field to disable NAT Network Address Translation Management Click Administration Management and change the access password for the router s web based utility The default username and password are admin You can also customize the wireless...

Page 46: ...iew the Setup Summary window follow these steps STEP 1 Click Setup Summary STEP 2 Click Refresh to display the latest router settings The Summary window displays the following information System Information Firmware version Displays the router s current software version CPU Displays the router s CPU type System up time Displays the length of time that has elapsed since the router was last reset DR...

Page 47: ...k DHCP Renew to renew the address Mode Displays the operating mode Gateway or Router DNS 1 2 Displays the IP addresses of the Domain Name System DNS servers that the router is using DDNS Indicates whether the Dynamic Domain Name System DDNS feature is enabled DMZ Indicates whether the DMZ Hosting feature is enabled Firewall Setting Status DoS Denial of Service Indicates whether the DoS Denial of S...

Page 48: ...WAN settings for the router follow these steps STEP 1 Find out the Internet connection type and the settings used by your ISP If the router is used as an Intranet router you can in most cases use the default settings STEP 2 If you wish to use the dynamic DNS feature sign up for a DDNS service STEP 3 In the router s web based configuration utility click Setup WAN STEP 4 From the Internet Connection...

Page 49: ...f you have broadband cable Internet service and your ISP requires you to use a domain name as network identification In most cases you can leave this field blank MTU MTU is the Maximum Transmission Unit It specifies the largest packet size permitted for Internet transmission Select Manual if you want to manually enter the largest packet size to be transmitted To have the router select the best MTU...

Page 50: ...less N Gigabit Security Router with VPN Administration Guide 50 5 Automatic Configuration DHCP Server To have the router automatically get its IP address from your ISP s DHCP server leave the connection type at its default setting of Automatic Configuration DHCP Server Most cable modem ISPs use the default option ...

Page 51: ...P Address Enter the IP address provided by your ISP This is the router s IP address on the WAN port that can be reached from the Internet Subnet Mask Enter the subnet mask provided by your ISP This is the router s subnet mask on the WAN port Default Gateway Enter the default gateway provided by your ISP This is the router s default gateway to reach the Internet Primary DNS Required and Secondary D...

Page 52: ...t connection has been terminated due to inactivity Connect on Demand enables the router to automatically re establish your connection as soon as you attempt to access the Internet again If you wish to activate Connect on Demand click the Connect on Demand option and enter the number of minutes you want to have elapsed before your Internet connection terminates in the Max Idle Time field Use this o...

Page 53: ...ernet Connection Type drop down menu if you wish to use the Point to Point Tunneling Protocol PPTP service and enter the following IP Address Enter the IP address provided by your ISP This is the router s IP address when seen from the WAN or the Internet Subnet Mask Enter the subnet mask provided by your ISP along with your IP address This is the router s Subnet Mask Default Gateway Enter the defa...

Page 54: ...Connect on Demand option and enter the number of minutes you want to have elapsed before your Internet connection terminates in the Max Idle Time field Use this option to minimize your DSL connection time if it is charged based on time This option is disabled by default Keep Alive Redial period If you select this option the router periodically checks your Internet connection If you are disconnecte...

Page 55: ...f the Heart Beat server Connect on Demand Max Idle Time Configure the router to cut the Internet connection after it has been inactive for a specified period of time Max Idle Time If your Internet connection has been terminated due to inactivity Connect on Demand enables the router to automatically re establish your connection as soon as you attempt to access the Internet again If you wish to acti...

Page 56: ...od is 30 seconds Use this option to minimize your Internet connection response time as it is always connected L2TP In European countries that provides this service select L2TP from the Internet Connection Type drop down menu to use the Layer 2 Tunneling Protocol L2TP service that tunnels Point to Point Protocol PPP across the Internet Check with your ISP for the necessary setup information and ent...

Page 57: ...sh to activate Connect on Demand click the Connect on Demand option and enter the number of minutes you want elapsed before your Internet connection terminates in the Max Idle Time field Use this option to minimize your DSL connection time if it is charged based on time This option is disabled by default Keep Alive Redial period If you select this option the router periodically checks your Interne...

Page 58: ...ebsite FTP server or other server behind the router By default DDNS service is disabled To enable and configure the DDNS settings for your router follow these steps STEP 1 To use DDNS service sign up for one at DynDNS org or TZO com STEP 2 To configure your router to use DynDNS org a From the DDNS Service drop down menu select DynDNS org b Configure the DynDNS org settings User Name Password and H...

Page 59: ...ain Name Enter the E mail address password and domain name of the account you set up with TZO Status The status of the TZO service connection Connect To manually update your IP address information on the DDNS server when DDNS is enabled use this button The Status area on this window also updates STEP 4 Click Save After entering the necessary information the router advises the DDNS service of your ...

Page 60: ...he LAN settings for the router follow these steps STEP 1 Click Setup LAN Setup STEP 2 Configure the LAN settings IPv4 This section displays the settings for the router s local IPv4 address and subnet mask In most cases you can use the default values Local IP Address Enter the IPv4 address on the LAN side The default value is 192 168 1 1 Subnet Mask Select the subnet mask from the drop down menu Th...

Page 61: ... DHCP server to start with when issuing IP addresses This value automatically follows your local IP address settings Normally you would assign the first IP address for the router for example 192 168 1 1 so that you can assign an IP address to other devices starting from the 2nd IP address for example 192 168 1 2 The last address in the subnet is for subnet broadcast for example 192 168 1 255 so th...

Page 62: ...ddress of a remote Windows personal computer from its computer name IPv6 This section displays the settings for the router s IPv6 Address Prefix Length and Router Advertisement options IPv6 Address If you would select the dual stack option under IP Versions Setup window enter the IPv6 address on the LAN side of the router in the field Prefix Length Enter the IPv6 prefix length The default is 64 wh...

Page 63: ...ress Primary DNS Enter the Primary IPv6 DNS server address Secondary DNS Enter the Secondary IPv6 DNS server address STEP 3 Click Save Using The DMZ Demilitarized Zone Host Feature to Access Special Purpose Internet Services The Setup DMZ window displays the settings for configuring DMZ Hosting to allow one local personal computer to be exposed to the Internet for use of a special purpose service ...

Page 64: ... steps STEP 1 Click Setup DMZ STEP 2 Fill in the DMZ Hosting settings DMZ Hosting To allow one local personal computer to be exposed to the Internet for use of a special purpose service such as Internet gaming and video conferencing select Enable To disable the DMZ feature select Disable DMZ Host IP Address Enter complete the IP address of the computer to be exposed to the Internet for DMZ hosting...

Page 65: ...ge the registered MAC address to that of the router The router s MAC address is a 6 byte hexadecimal number assigned to a unique piece of hardware for electronic identification To clone your network adapter s MAC address onto your router follow these steps STEP 1 Click Setup MAC Address Clone STEP 2 Complete the MAC Address Clone settings Mac Address Clone Select Enable or Disable The default is E...

Page 66: ...STEP 3 Click Save Configuring the Router s Advanced Settings The Setup Advanced Routing window allows you to configure the router s Operating Mode and settings for Dynamic Routing Static Routing and Inter VLAN routing To configure your router s advanced settings follow these steps STEP 1 Click Setup Advanced Routing STEP 2 Fill in the settings for advanced routing configuration ...

Page 67: ...ntranet Router mode the NAT mechanism is disabled STEP 3 Configure Dynamic Routing if appropriate The router s dynamic routing feature can be used to automatically establish a routing table through a database exchange with peer routers running the same routing protocol The router supports RIP Routing Information Protocol versions 1 2 To configure Dynamic Routing follow these steps a Enable RIP Rou...

Page 68: ...router where to forward packets to specific IP destinations To create a static route entry provide the following information Select Set Number Select the set number routing table entry number that you wish to view or configure If necessary click Delete This Entry to clear the entry Destination IP Address Enter the network address of the remote LAN segment For a standard Class C IP domain the netwo...

Page 69: ...n Guide 69 5 STEP 5 View the Routing Table if necessary to verify routing To view the routing table established either through dynamic or static routing methods click the Show Routing Table button STEP 6 Enable Inter VLAN Routing if needed Select Enable to allow packets to be routed between VLANs that are in different subnets The default is Enable STEP 7 Click Save ...

Page 70: ...r router s time manually or automatically through the Time Server The default is Automatically To define your router s time follow these steps STEP 1 Click Setup Time STEP 2 Specify how to set the local time a Manually Set the local time Manually If you wish to enter the time and date manually select the Date from the drop down fields and enter the hour minutes and seconds in the Time field using ...

Page 71: ... set the time and date select this option then complete the following fields Time Zone Select the time zone for your location and your setting synchronizes over the Internet with public NTP Network Time Protocol Servers Auto Daylight Saving If your location observes daylight savings time select the Enable option User Defined NTP Server To use your own NTP server select the Enabled option The defau...

Page 72: ... Stack IPv4 And IPv6 Mode The Setup IP Mode window allows you to choose IP Mode settings for the router To configure IP Mode settings for the router follow these steps STEP 1 Click Setup IP Mode STEP 2 Configure the IP Mode settings IPv4 Only Select this option to use IPv4 on the Internet and local network Dual Stack IP Select this option to use IPv4 on the Internet and IPv4 and IPv6 on the local ...

Page 73: ...sed on traffic there is no limit as to how many tunnels you can have 6 to 4 Gateway Access Control By default this route allows 6to4 connections to or from any other 6to4 gateway By enabling this Access Control you can have a better control which IPv6 clouds this router is connecting to A list of IP addresses can be entered in the Access List Those should be the IPv4 addresses of the remote 6to4 g...

Page 74: ...er Setting Up Your Wireless N Router Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 74 5 Block following sites Prevent a limited set of 6to4 gateways from establishing tunnels with the router Up to 20 sites can be configured ...

Page 75: ...ess N Router Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 75 5 Static 6to4 DNS entry Allow users to configure static DNS entry to map hostname to IPv6 address This provides a convenient way for users to access remote IPv6 hosts STEP 3 Click Save ...

Page 76: ...ngs of the router Configuring Basic Settings on page 76 Configuring Wireless Security on page 80 Configuring Advanced Wireless Settings on page 89 Configuring Connection Control on page 88 Configuring Advanced Wireless Settings on page 89 Configuring Basic Settings The Wireless Basic Settings window allows you to change the basic wireless network settings To change the basic wireless settings of t...

Page 77: ...devices can be connected at Wireless G data rates with a maximum speed of 54Mbps Wireless B clients cannot be connected in this mode N Only Only Wireless N client devices can be connected at Wireless N data rates with a maximum speed of 300Mbps B G Mixed Both Wireless B and Wireless G client devices can be connected at their respective data rates Wireless N devices can be connected at Wireless G d...

Page 78: ...our client devices The default is channel 6 You can also select Auto so that your router selects the channel with the lowest amount of wireless interference while the system is booting up Auto channel selection starts when you click Save and it takes several seconds to scan through all the channels to find the best channel For the Wireless N 40MHz channel option see Configuring Advanced Wireless S...

Page 79: ...ault SSID name is ciscosb SSID Broadcast Allows the SSID to be broadcast on your network You may want to enable this function while configuring your network but make sure that you disable it when you are finished With this enabled someone could easily obtain the SSID information with site survey software or Windows XP and gain unauthorized access to your network Click Enabled to broadcast the SSID...

Page 80: ...nable this feature to prevent Wireless personal computers from seeing each other Disable this feature to allow wireless personal computers to see each other and to exchange files between themselves This feature is very useful when setting up a wireless hotspot location The default is Disable STEP 3 Select the wireless security mode you want to use WEP WPA Personal WPA2 Personal WPA2 Personal Mixed...

Page 81: ...er Configuring Wireless Settings Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 81 5 The following section describes the detailed options for each Security Mode Disable To disable wireless security completely select Disable ...

Page 82: ...ed Key The default is Open System Encryption Select a level of WEP encryption 64 bits 10 hex digits or 128 bits 26 hex digits Passphrase If you want to generate WEP keys using a Passphrase then enter the Passphrase in the field provided and click the Generate key Key 1 4 If you want to manually enter WEP keys then complete the fields provided Each WEP key can consist of the letters A through F and...

Page 83: ...hm you want to use TKIP or AES The default is TKIP Shared Key Enter a WPA Shared Key of 8 63 characters Key Renewal Enter a key renewal timeout period which instructs the router how often it should change the encryption keys The default is 3600 seconds WPA2 Personal Encryption WPA2 always uses AES for data encryption Shared Key Enter a WPA Shared Key of 8 63 characters Key Renewal Enter a Key Rene...

Page 84: ...l to WPA2 Personal You can have client devices that use either WPA Personal or WPA2 Personal The router automatically chooses the encryption algorithm used by each client device Encryption Mixed Mode automatically chooses TKIP or AES for data encryption Shared Key Enter a WPA Shared Key of 8 63 characters Key Renewal Enter a Key Renewal Timeout period which instructs the router how often it should...

Page 85: ...nnected to the router Encryption WPA offers you two encryption methods TKIP and AES for data encryption Select the type of algorithm you want to use TKIP or AES The default is TKIP RADIUS Server Enter the RADIUS server s IP address RADIUS Port Enter the port number used by the RADIUS server The default is 1812 Shared Key Enter the Shared Secret key used by the router and RADIUS server Key Renewal ...

Page 86: ...on This should only be used when a RADIUS server is connected to the router Encryption WPA2 always uses AES for data encryption RADIUS Server Enter the RADIUS server s IP address RADIUS Port Enter the port number used by the RADIUS server The default is 1812 Shared Key Enter the Shared Secret key used by the router and RADIUS server Key Renewal Enter a Key Renewal Timeout period which instructs th...

Page 87: ...PA2 Enterprise The wireless router chooses the encryption algorithm used by each client device Encryption Mixed Mode automatically chooses TKIP or AES for data encryption RADIUS Server Enter the RADIUS server s IP address RADIUS Port Enter the port number used by the RADIUS server The default is 1812 Shared Key Enter the Shared Secret key used by the router and RADIUS server Key Renewal Enter a Ke...

Page 88: ...specific devices from connecting to the router or you can allow only specific client devices to connect to the router The client devices are specified by their MAC addresses The default is to allow only specific client devices To configure connection control for the router follow these steps STEP 1 Click Wireless Connection Control STEP 2 Configure the Connection Control List to either permit or b...

Page 89: ...s Client List Instead of manually entering the MAC addresses of each client the router provides a convenient way to select a specific client device from the client association table Click this button and a window appears to let you select a MAC address from the table The selected MAC address are entered into the Connection Control List MAC 01 20 The MAC addresses of the wireless client devices you...

Page 90: ...ss N data rates are classified into 16 MCS numbers 0 15 MCS stands for Modulation and Coding Scheme For the same MCS number the data rate changes according to the Channel Bandwidth and Guard Interval settings Channel Bandwidth Select the channel bandwidth manually for Wireless N connections When it is set to 20MHz only the 20MHz channel is used When it is set to 40MHz Wireless N connections use 40...

Page 91: ...e network synchronized A beacon includes the wireless networks service area the router address the Broadcast destination addresses a time stamp Delivery Traffic Indicator Maps and the Traffic Indicator Message TIM The default is 100 ms DTIM Interval Indicates how often the router sends out a Delivery Traffic Indication Message DTIM Lower settings result in more efficient networking while preventin...

Page 92: ...slows down to allow greater throughput or less delay for high priority traffic The 802 1Q VLAN feature allows traffic from different sources to be segmented Combined with the multiple SSID feature this provides a powerful tool to control access to your LAN To configure the VLAN and QoS settings for the router follow these steps STEP 1 Click Wireless VLAN QoS STEP 2 Configure the VLAN and QoS setti...

Page 93: ...ed WMM Wi Fi Multimedia is a QoS feature defined by WiFi Alliance before IEEE 802 11e was finalized Now it is part of IEEE 802 11e When it is enabled it provides four priority queues for different types of traffic It automatically maps the incoming packets to the appropriate queues based on QoS settings in IP or layer 2 header WMM provides the capability to prioritize traffic in your environment T...

Page 94: ...g Router WDS Settings The Wireless WDS window displays the WDS Wireless Distribution System settings for the device To configure the WDS settings for the router follow these steps STEP 1 Click Wireless WDS STEP 2 Configure the WDS settings WDS MAC Address Displays the read only MAC address for the WDS Allow wireless signal to be repeated by a repeater Select Auto or Manual as required ...

Page 95: ...WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 95 5 Remote Access Point s MAC Address Either enter the MAC address directly or if the other access point is on line you can click the Site Survey button and select from a list of available access points STEP 3 Click Save ...

Page 96: ...ring Internet Access Policy on page 102 Configuring Single Port Forwarding on page 107 Configuring Port Range Forwarding on page 108 Configuring Port Range Triggering on page 110 Configure software security features like SPI Stateful Packet Inspection Firewall IP based Access List restricting LAN users on Internet WAN port access and NAPT Network Address Port Translation to limited services to spe...

Page 97: ...rm deep packet inspection on all the traffic going through the router and drop the packets that do not follow the pre defined protocol behavior The default is Enable DoS Protection When enabled the router prevents DoS Denial of Service attacks coming in from the Internet DoS attacks consume most of the router s resources and as a result they can prevent legitimate traffic from passing through the ...

Page 98: ...e LAN side You have to balance your needs on those applications and security The default is unselected Java Java is a programming language for websites If you deny Java you run the risk of not having access to Internet sites created using this programming language Cookies A cookie is data stored on your personal computer and used by Internet sites when you interact with them so you may not want to...

Page 99: ...ad according to their priority If there is a match for a packet the action is taken and the following lower priority rules are not checked against this packet NOTE The higher the number of rules that need to be checked against packets the lower the throughput Use ACL rules with caution There are two default rules in the table that cannot be deleted The first rule allows all traffic coming in from ...

Page 100: ... define new services by clicking Service Management When you define your own service it is listed on the top of the drop down menu You can also select ALL to allow or block all types of IP traffic The user defined service GUI page can be either accessed from the New Rule window by clicking Service Management or you can access it directly from the 2nd layer page under Firewall Source Interface Sele...

Page 101: ...ter the page to define a new ACL rule Disable All Rule Click this button to disable all the user defined rules Delete All Rule Click this button to delete all the user defined rules Editing IP ACL Rules The Firewall Edit IP ACL Rule window displays the settings for the IP Based ACL rule being added or edited To add an IP ACL Rule follow these steps STEP 1 Click Firewall Edit IP ACL Rule STEP 2 Fil...

Page 102: ...es start IP and end IP a Network IP Prefix and Network Mask or ANY IP addresses Service Management Button Click this button and the Service Tab to add new service type to the Service drop down menu Scheduling Time Enter the time period in which this rule is applied used together with Date It can be set to Any Time Date Enter the days in a week on which this rule is applied used together with Time ...

Page 103: ...for the router follow these steps STEP 1 Click Firewall Internet Access Policy STEP 2 Configure the router s Internet access policy settings by creating modifying verifying and deleting policies as appropriate Creating a Policy on page 104 Deleting a Policy on page 106 Viewing all Policies on page 106 Viewing or Changing the List of Personal Computers Covered by the Current Policy on page 106 STEP...

Page 104: ... affected by the policy The List of PCs window appears You can select a personal computer by MAC address or IP address You can also enter a range of IP addresses if you want this policy to affect a group of personal computers After making your changes click Save to apply your changes STEP 5 Click the appropriate option Deny or Allow depending on whether you want to block or allow Internet access f...

Page 105: ...e the Website Blocking by URL Address or Website Blocking by Keyword feature Website Blocking by URL Address Enter the URL or domain name of the web sites you wish to block Website Blocking by Keyword Enter the keywords you wish to block in the fields provided If any of these keywords appears in the URL of a web site access to the site is blocked NOTE Only the URL is checked not the content of eac...

Page 106: ...ted with the following information No Policy Name Days Time and a check box to delete clear the policy To delete a policy from the Summary window check the check box in the Delete column and click the Delete button Viewing or Changing the List of Personal Computers Covered by the Current Policy To view or change the list of personal computers covered by the current policy click the Edit List of PC...

Page 107: ...ing the WAN port address and the matched external port number When users send these types of request to your WAN port IP address via the Internet the NAT router forwards those requests to the appropriate servers on your LAN To configure single port forwarding for the router follow these steps STEP 1 Click Firewall Single Port Forwarding STEP 2 Configure single port forwarding settings for the rout...

Page 108: ...ocol used for this application TCP or UDP IP Address For each application enter the IP address of the personal computer running the specific server application Enabled Select Enabled to enable port forwarding for the relevant server application STEP 3 Click Save Configuring Port Range Forwarding The Firewall Port Range Forwarding window displays the settings associated with public services accesse...

Page 109: ...he port number range external ports used by the server or Internet application For more information check the software documentation of the Internet application End The end of the port range Enter the end of the range of port numbers external ports used by the server or Internet application For more information check the software documentation of the Internet application Protocol Select the protoc...

Page 110: ...rt Translation feature Port Range Triggering is used for special applications that can request a port to be opened on demand For this feature the router watches outgoing packets for specific port numbers This triggers the router to allow the incoming packets within the specified forwarding range and forward those packets to the triggering personal computer One of the example applications is QuickT...

Page 111: ...r the port number s needed In the first field enter the starting port number of the Triggered Range In the second field enter the ending port number of the Triggered Range Forwarded Range For each application list the forwarded port number range These are the ports used by incoming traffic Check with the Internet application documentation for the port number s needed In the first field enter the s...

Page 112: ...nistration Guide 112 5 Configuring the ProtectLink Gateway service The Trend Micro ProtectLink Gateway service provides security for your network It checks email messages filters website addresses URLs and blocks potentially malicious websites For detailed information on how to configure the ProtectLink Service go to Appendix E Trend Micro ProtectLink Gateway Service ...

Page 113: ...113 Configuring IPSec VPN on page 116 Setting Up Local Groups on page 118 Setting Up and Configuring Remote Groups on page 119 Setting Up IPSec on page 121 Configuring VPN Client Accounts on page 123 Configuring VPN Passthrough on page 125 Displaying A VPN Status Summary of the IPSec Tunnel and Clients The VPN Summary window displays a summary of the IPSec tunnel status and VPN Clients status To d...

Page 114: ... tunnel Name Displays the name of the tunnel as defined by the Tunnel Name field on the VPN IPSec VPN window Status Displays the tunnel s status Connected Hostname Resolution Failed Resolving Hostname or Waiting for Connection Phase Enc Auth Displays the Phase 2 Encryption type 3DES Authentication type MD5 or SHA1 and Group 768 bit 1024 bit or 1536 bit that you chose in the VPN IPSec VPN window Lo...

Page 115: ...gs Tunnels s Enabled Displays the number of enabled tunnels Tunnel s Defined Displays the number of defined tunnels VPN Clients Status No The range of user number is from 1 to 5 Username Displays the username of the VPN Client Status Displays the connection status of the VPN Client Start Time Displays the start time of the most recent VPN session for the specified VPN Client End Time Displays the ...

Page 116: ...re connection between two remote locations Configure these settings so that the gateway creates VPN tunnels To configure the VPN Gateway to create VPN tunnels follow these steps STEP 1 Click VPN IPSec VPN STEP 2 Configure the gateway to create the VPN tunnels Select Tunnel Entry Select a tunnel to configure Delete Deletes all settings for the selected tunnel Summary Shows the settings and status o...

Page 117: ...ngs click Advanced Aggressive Mode There are two types of Phase 1 exchanges Main mode and Aggressive mode Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange If network security is preferred select Main mode NetBIOS broadcast Check the box to enable NetBIOS traffic to pass through the VPN tunnel By default WRVS4400N blocks these broadcasts STEP 5 C...

Page 118: ...RVS4400N appears in this field automatically IP Domain Name FQDN Authentication If you select this type enter the FQDN Fully Qualified Domain Name and the IP address appears automatically The FQDN is the host name and domain name for a specific computer on the Internet for example vpn myvpnserver com The IP and FQDN must be same with the Remote Security Gateway type of the remote VPN device and th...

Page 119: ...PN IPSec VPN window displays settings for configuring the remote groups of VPN tunnel connections To set up and configure a remote group follow these steps STEP 1 Click VPN IPSec VPN STEP 2 Configure Remote Group Setup settings Remote Security Gateway Type There are two types They are IP Only IP Domain Name FQDN Authentication The type of Remote Security Gateway should match with the Local Securit...

Page 120: ...p down menu If you don t know the static IP address of remote VPN device but the domain name of remote VPN device is known you can select IP by DNS Resolved and enter the real domain name on the Internet The WRVS4400N router gets the IP address of remote VPN device by DNS Resolved and IP address of remote VPN device appears on the VPN Status of Summary page Then enter the Domain Name as an ID it c...

Page 121: ...ypt decrypt ESP packets 3DES is supported Notice that both sides of the VPN tunnel must use the same Encryption method Authentication Authentication determines a method to authenticate the ESP packets Either MD5 or SHA1 may be selected Both sides of the VPN tunnel must use the same Authentication method MD5 A one way hashing algorithm that produces a 128 bit digest SHA1 A one way hashing algorithm...

Page 122: ...nerates a new key material for IP traffic encryption and authentication Note that both sides must have this selected Preshared Key This field specifies a key used to authenticate IP traffic Both character and hexadecimal value are acceptable in this field Note that both sides must use the same Authentication Key Inbound SPI Outbound SPI The SPI Security Parameter Index is carried in the ESP header...

Page 123: ...e bottom showing their status This works with the Cisco QuickVPN client only The router supports up to five Cisco QuickVPN Clients by default Additional QuickVPN Client licenses can be purchased separately See www cisco com for more information To configure VPN Client Accounts follow these steps STEP 1 Click VPN VPN Client Accounts STEP 2 Configure the VPN Client Accounts setting Username Enter th...

Page 124: ...icate for administrator A dialog asks you to specify where you want to store your certificate The default file name is WRVS4400N_Admin pem but you can use another name The certificate for administrator contains the private key and needs to be stored in a safe place as a backup If the router s configuration is reset to the factory default this certificate can be imported and restored on the router ...

Page 125: ...through settings for the router follow these steps STEP 1 Click VPN VPN Passthrough STEP 2 Configure VPN Passthrough settings IPsec Passthrough Internet Protocol Security IPsec is a suite of protocols used to implement secure exchange of packets at the IP layer IPsec Passthrough is enabled by default to allow IPsec tunnels to pass through the router To disable IPsec Passthrough select Disabled PPT...

Page 126: ...n to terminate at different servers or locations L2TP Passthrough is enabled by default To disable L2TP Passthrough select Disabled STEP 3 Click Save Configuring the QoS Settings This section describes how to configure the QoS settings of the router Managing Bandwidth on page 127 Configuring QoS on page 129 Configuring DSCP on page 130 QoS allows you to perform bandwidth management by either rate ...

Page 127: ... Priority Depending on your selection the lower portion of the window displays either the Rate Control section or the Priority section Rate Control Service Select the service from the drop down menu If this menu does not contain the service you need click Service Management to add the service IP Enter the IP address or IP range you need to control The default is 0 which includes all internal IP ad...

Page 128: ...ervice Management to add the service Direction Select Upstream for outbound traffic or Downstream for inbound traffic from the drop down menu Priority Select service priority High Medium Normal or Low The default is Medium Enable Check this box to enable this priority rule Add to list After a rule is set up click this button to add it to the list The list can contain a maximum of 15 entries Delete...

Page 129: ...for the router follow these steps STEP 1 Click QoS QoS Setup STEP 2 Configure the QoS Setup settings Port ID The number of the LAN port Trust Mode Select either Port CoS or DSCP The default is Port Default CoS Port Priority If Trust Mode is set to Port select the port priority from 1 to 4 from the drop down menu If Trust Mode is set to CoS select the default CoS priority from 0 to 7 from the drop ...

Page 130: ...s the settings for configuring DSCP as the trust mode for QoS for each LAN port To configure DSCP setup settings follow these steps STEP 1 Click QoS DSCP Setup STEP 2 Configure the DSCP setup settings for the router DSCP The Differentiated Services Code Point value in the incoming packet Queue Select the traffic forwarding queue 1 to 4 to which the DSCP priority is mapped Restore Defaults Click th...

Page 131: ...ck Save Configuring the Administration Settings This administration window allows you to configure the administration settings of the router Configuring Management Settings on page 132 Diagnosing Router Problems on page 137 Backing Up and Restoring Configurations on page 139 Restoring Factory Default Settings on page 140 Rebooting the Router on page 141 Upgrading the Router Firmware on page 142 ...

Page 132: ...l SNMP for the router To configure management settings for the router follow these steps STEP 1 Click Administration Management STEP 2 Configure the management settings for the router Router Access This section configures the administrator user accounts to manage the wireless router through the web based utility Only the first user is created by default Other accounts are not created by default so...

Page 133: ...nable if you wish to use SNMP To use SNMP you need SNMP software on your personal computer System Name Enter a suitable name This name is used to identify this device and is displayed by your SNMP software System Contact Enter contact information for the system System Location Enter the location of the system Read Community Enter the SNMP community name for SNMP Get commands Write Community Enter ...

Page 134: ...uide 134 5 Configuring System Logs The Administration Log window displays the options for configuring the management of the router s system logs The wireless router provides four categories of event logging Firewall VPN System and ACL You can configure the router to send the event log to you through e mail upload the log to syslog server or view the log locally on the router ...

Page 135: ...rce IP Destination IP and Service Port number Incoming Log Select Enable to cause all incoming packets to be logged You can then click View Incoming Table to display information on incoming packets including Source IP Destination IP and Service Port number Email Alerts Email Alerts If enabled an e mail is sent when the number of DoS events exceeds the defined threshold or the total events number e...

Page 136: ...ter mails the log every 10 minutes SMTP Mail Server Enter the address domain name or IP address of the Simple Mail Transport Protocol server you use for outgoing e mails Email Address for Alert Logs Enter the e mail address the log is to be sent to Return Email Address The e mail shows this address as the sender s address Enable SMTP Authentication If your SMTP server requires authentication click...

Page 137: ...ng the wireless router using ping tests traceroute tests and cable diagnostics To diagnose router problems follow these steps STEP 1 Click Administration Diagnostics STEP 2 Configure the parameters and carry out tests as necessary Ping Test Parameters Ping Target IP Enter the IP address or URL that you want to ping Ping Size Enter the size of the packet you want to use Number of Pings Enter the nu...

Page 138: ...ry of the test results appears at the bottom of this window Ping Result Displays the ping status results TraceRoute Test Parameters TraceRoute Target Enter the IP address or host name to perform the traceroute testing Start Test Click this button to begin the test A new window appears and display the test results Cable Diagnostics Port Select a port number from the drop down menu Apply Click this ...

Page 139: ...se steps STEP 1 Click Administration Backup Restore STEP 2 To back up router configuration click Backup Clicking Backup downloads a copy of the current configuration and stores the file on your personal computer STEP 3 To restore the configuration your router or to configure a new router a Click Browse to select a previously saved configuration file from the Windows file system or manually enter t...

Page 140: ...y Defaults window provides a means of restoring the configuration of the router to its factory defaults To restore factory default settings for the router follow these steps STEP 1 Click Administration Factory Defaults STEP 2 Click Restore Factory Defaults to reset all configuration settings to their default values If you click this button all custom router settings are replaced by the default set...

Page 141: ... Security Router with VPN Administration Guide 141 5 Rebooting the Router The Administration Reboot window provides means to reboot the router To reboot the router follow these steps STEP 1 Click Administration Reboot STEP 2 Click Reboot to reboot the router This operation does not cause the router to lose any of its stored settings ...

Page 142: ...are Upgrade window allows you to upgrade router firmware from a downloaded file To upgrade firmware download the latest firmware upgrade file for the product from www cisco com extract the file to your computer and perform these steps STEP 1 Click Browse to locate the file firmware upgrade Alternatively enter the path to the file in the File field STEP 2 Click Start to Upgrade and follow the on sc...

Page 143: ...on page 145 Viewing Reports on page 147 Viewing Protection Information on page 148 The router supports advanced IPS an integral part of the self defending strategy IPS allows you to stay current on the latest threats so that malicious or damaging traffic is accurately identified classified and stopped in real time You can use IPS together with the firewall IP based ACL and IPsec VPN to achieve max...

Page 144: ...ks use weaknesses on FTP protocol to generate illegal FTP commands to the FTP server The default is Disable TELNET Telnet attacks use weakness on TELNET protocol to execute illegal commands on the TELNET server The default is Disable RPC Remote Procedure Call allows attackers to issue illegal commands to be executed on RPC server The default is Disable STEP 4 To protect your local network from the...

Page 145: ...P2P or IM software across the Internet To configure the P2P IM policy settings follow these steps STEP 1 Click IPS P2P IM STEP 2 Configure the IPS P2P IM settings for the router Peer to Peer When users download files from the Internet by Peer to Peer P2P software the WAN port bandwidth are occupied Click Block to enable the blocking of the following P2P software applications The default is Non Blo...

Page 146: ...ministration Guide 146 5 DIRECTCONNECT PIGO WINMX Instant Messenger Users might use IM software to chat with friends or transfer files which can hog the bandwidth Click Block to enable the blocking to the following IM software applications The default is Non Block MSN ICQ YAHOO_MESSENGER SKYPE IRC ODIGO REDIFF GOOGLE TALK IM_QQ STEP 3 Click Save ...

Page 147: ...ts through diagram and tables To view IPS reports follow these steps STEP 1 Click IPS Report The IPS Report window displays the following Report Diagram A twenty four hour diagram displaying network traffic and attacks Attacker Displays the IP address of attackers and the frequency number of times of the attacks in a table Attacked Category Displays the category type of attack and the frequency nu...

Page 148: ...es and when the router was last updated To view protection information follow these steps STEP 1 Click Administration Information STEP 2 View the administration information Signature Version Displays the version of the signature patterns file loaded in the router that protects against malicious threats Last Time Upload Displays the time when the signature patterns file in the router was last updat...

Page 149: ... router Configuring Virtual LANs VLANs on page 150 Configuring VLAN Membership and Port Assignment on page 152 Configuring RADIUS Mode on page 154 Configuring Port Settings on page 155 Viewing Statistics Overview on page 157 Mirroring Ports on page 158 Configuring RSTP on page 159 The Layer 2 Switch window provides configurations to the layer 2 switching features on the four Ethernet LAN ports of ...

Page 150: ...network traffic to flow more efficiently within subgroups VLANs managed through software reduce the amount of time in which network changes are implemented VLANs are software based and not defined by physical attributes They have no minimum number of ports and can be created per unit per device per stack or any other logical connection combination VLANs function at layer 2 Since VLANs isolate traf...

Page 151: ...he VLAN ID number This can be any number from 2 to 3290 or from 3293 to 4094 VLAN ID 1 is reserved for the default VLAN which is used for untagged frames received on the interface VLAN IDs 3291 3292 are reserved and cannot be used To create a VLAN enter the ID number and click Add VLAN VLAN ID Range To create multiple VLANs with a range of ID numbers enter the starting and ending ID numbers then c...

Page 152: ...steps STEP 1 Click L2 Switch VLAN Port Assignment STEP 2 Configure port settings for the router The Port Settings section displays port specific settings regarding the use of VLAN and has nothing to do with individual VLANs This section lets you specify the mode for each port The Acceptable Ingress Frame Type and PVID options are for the General port mode only Port Mode Select one of these modes A...

Page 153: ... If not enabled all frames are accepted PVID The VLAN ID of the default untagged VLAN STEP 3 Configure VLAN settings for the router VLAN Select a VLAN ID to be configured VLAN Description Display only VLAN description to help you identify this VLAN Tagged Egress frames from this port are tagged for this VLAN Untagged Egress frames from this port are untagged for this VLAN Excluded The port does no...

Page 154: ... ports This mode requires the installation of a RADIUS server on your local network To configure the RADIUS mode for the server follow these steps STEP 1 Click L2 Switch RADIUS STEP 2 Configure the RADIUS mode Mode Select Enabled or Disabled from the drop down menu RADIUS IP Enter the RADIUS server s IP address RADIUS UDP Port Enter the UDP port used to verify the RADIUS server authentication RADI...

Page 155: ...wn menu Auto Controlled port state is set by the RADIUS mode Force Authorized Controlled port state is set to Force Authorized forward traffic All connections can be made This is the default value Force Unauthorized Controlled port state is set to Force Unauthorized discard traffic All connections are blocked STEP 3 Click Save Configuring Port Settings The L2 Switch Port Settings window displays t...

Page 156: ... link partner in both directions simultaneously Half indicates that the interface supports transmission between the device and the client in only one direction at a time Down indicates that the link is down Mode Specifies the port duplex mode Full or Half and speed 10 100 1000 Mbps Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate duple...

Page 157: ...h Statistics Overview STEP 2 View the L2 switch statistics An explanation of the statistics provided is given below Tx Bytes Displays the number of bytes transmitted from the selected port Tx Frames Displays the number of frames transmitted from the selected port Rx Bytes Displays the number of bytes received on the selected port Rx Frames Displays the number of frames received on the selected por...

Page 158: ...he router To configure L2 switch port mirroring follow these steps STEP 1 Click L2 Switch Port Mirroring STEP 2 Configure the L2 switch port mirroring settings for the router Mirror Source Enable or disable source port mirroring for each port on the router To enable source port mirroring on a port check the box next to that port To disable source port mirroring on a port leave the box unchecked Th...

Page 159: ...t should forward frames To configure RSTP for the router follow these steps STEP 1 Click L2 Switch RSTP STEP 2 Configure the L2 switch RSTP settings System Priority Enter the system priority from 0 to 61440 in increments of 4096 Valid values are 0 4096 8192 12288 16384 20480 24576 28672 32768 40960 45056 49152 53248 57344 and 61440 The lower the system priority the more likely the router is to bec...

Page 160: ...abled Edge Check this box to specify that the associated port is an edge port end station Uncheck the box to specify that the associated port is a link bridge to another STP device The default is checked edge port Path Cost The RSTP path cost for the designated ports Enter a number from 1 to 200000000 or auto autogenerated path cost The default is auto Viewing Status The Status window allows you t...

Page 161: ...ic information on the router for example firmware version time and WAN port MAC IP address and connection status To view the WAN Gateway status of the router follow these steps STEP 1 Click Status WAN STEP 2 View the WAN Gateway status of the router Information Firmware Version Displays the current firmware version MAC Address Displays the WAN port MAC address as seen by your ISP Current Time Disp...

Page 162: ...m IP addresses currently used by the router DHCP Release button Click this button to release IP address on WAN port if using DHCP DHCP Renew button Click this button to renew IP address on the WAN port if using DHCP Conntrack State IP Conntrack Click this button to display the IP Conntrack window The IP Conntrack Connection Tracking window displays information about TCP UDP connections such as sou...

Page 163: ...work status follow these steps STEP 1 Click Status Local Network STEP 2 View the local network status Current IP address System Displays the IP versions configured on the LAN side MAC Address Displays the LAN port MAC address All four LAN ports share the same MAC address IP Address Displays the LAN port IPv4 address All four LAN ports share the same MAC address Subnet Mask Displays the LAN port IP...

Page 164: ... window which shows you which personal computers have been assigned an IP address from the router s DHCP server You see a list of DHCP clients personal computers and other network devices with the following information Client Host Name IP address MAC address and the length of time in second before its assigned IP address expires ARP RARP Table button Click to open the ARP RARP Table window which s...

Page 165: ...ew the wireless LAN status for the router follow these steps STEP 1 Click Status Wireless LAN STEP 2 View the wireless LAN status Wireless IP Address The IP address assigned to the wireless interface of this router MAC Address Displays the MAC address on the Wireless LAN interface Network Mode Displays the Wireless network operating mode for example B G N Mixed Wireless SSID Displays the Wireless ...

Page 166: ... Status System Performance window displays system performance of the router such as data packet statistics on the LAN switch and Wireless LAN of the router To view the system performance of the router follow these steps STEP 1 Click Status System Performance STEP 2 View the system performance status Packets Received Shows the number of packets received Packets Sent Shows the number of packets sent...

Page 167: ...Gigabit Security Router with VPN Administration Guide 167 5 Error Packets Received Shows the number of error packets received Drop Received Packets Shows the number of packets being dropped after they were received The All LAN ports column shows the aggregate traffic statistics from all four LAN ports ...

Page 168: ...ng the VPN Setup Wizard The VPN Setup Wizard works with users running Microsoft Windows 2000 XP and Vista This document describes how to run the VPN Setup Wizard Before You Begin The VPN Setup Wizard works with the following routers Cisco RVS4000 4 Port Gigabit Security Router with VPN Cisco WRVS4400N v1 1 Wireless N 4 Port Gigabit Security Router with VPN Cisco WRVS4400N v2 Wireless N 4 Port Giga...

Page 169: ...e are not zero STEP 5 Ensure that the LAN IP addresses of routers with VPN are in different subnets in order for the VPN connection to work NOTE The VPN Setup Wizard assumes that no firewall NAT device sits in front of the VPN router Running the VPN Router Software Wizard STEP 1 Access the VPN Setup Wizard in one of two ways If you have an RVS4000 WRVS4400N v1 1 or WRVS4400N v2 Installation CD ROM...

Page 170: ...he VPN Router Software Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 170 6 Welcome Window STEP 4 An informational window discussing the VPN Wizard appears When you are ready click Next to proceed ...

Page 171: ...oose a way to build VPN window appears If your PC is local to one of the two routers choose Build VPN connection from Local LAN port of one router click Next and continue with these instructions If your PC is remote to the routers choose Build VPN connection from Internet remotely and see the Building Your VPN Connection Remotely on page178 for instructions on this type of installation ...

Page 172: ... WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 172 6 Build VPN Connection Remotely STEP 6 If you picked Build VPN connection from Local LAN port of one router enter the required data in the Configure VPN Tunnel window and click Next to continue ...

Page 173: ...d Enter the password of the Router 2 Tunnel Name Enter a name for this tunnel Pre shared Key IKE uses the Pre shared Key field to authenticate the remote IKE peer Both character and hexadecimal values are acceptable in this field e g My_ 123 or 0x4d795f40313233 Note that both sides must use the same Pre shared Key Router 2 WAN IP address Enter the WAN IP address of Router 2 Router 2 IP by DNS Reso...

Page 174: ...ing the VPN Router Software Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 174 6 Check Router Configuration STEP 8 The Summary window appears Use the Click box to view the VPNC Summary window ...

Page 175: ...ministration Guide 175 6 Summary Window STEP 9 The VPNC Summary window appears showing the settings that were made to industry standards Click Close when you are ready to continue VPNC Summary Window STEP 10 In the Summary window if all your entries appear correct click Go Otherwise click Back to go back and make any corrections ...

Page 176: ...d Running the VPN Router Software Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 176 6 Configure the Router STEP 11 Click Testing to make sure the connection is successfully established ...

Page 177: ...Setup Wizard Running the VPN Router Software Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 177 6 Test the Connection STEP 12 When testing is done click Exit to end the Wizard ...

Page 178: ... VPN Administration Guide 178 6 Exit the Wizard Congratulations Setup is now complete You may now log into the Web Administrator Interface and see the results Test Results Building Your VPN Connection Remotely This procedure continues from Step 5 on page 171 Use this procedure to build your VPN connection from a remote PC ...

Page 179: ...N Wireless N Gigabit Security Router with VPN Administration Guide 179 6 STEP 1 Choose Build VPN connection from Internet remotely Click Next to continue Build VPN Connection Remotely STEP 2 Enter the required data in the Configure VPN Tunnel window and then click Next to continue ...

Page 180: ... Pre shared Key IKE uses the Pre shared Key field to authenticate the remote IKE peer Both character and hexadecimal values are acceptable in this field e g My_ 123 or 0x4d795f40313233 Note that both sides must use the same Pre shared Key Router 1 WAN IP address Enter the WAN IP address of the Router 1 Router 1 IP by DNS Resolved Enter the DDNS Domain Name of Router 1 if it does not have a static ...

Page 181: ...ftware Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 181 6 STEP 3 The router configuration is checked Check Router Configuration STEP 4 The Summary window appears Use the Click box to view the VPNC Summary window ...

Page 182: ...ministration Guide 182 6 Summary Window STEP 5 The VPNC Summary window appears showing the settings that were made to industry standards Click Close when you are ready to continue VPNC Summary Window STEP 6 In the Summary window if all your entries appear correct click Go Otherwise click Back to go back and make any corrections ...

Page 183: ...rd Running the VPN Router Software Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 183 6 Configure the Router STEP 7 Click Testing to make sure the connection is successfully established ...

Page 184: ...Setup Wizard Running the VPN Router Software Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 184 6 Test the Connection STEP 8 When testing is done click Exit to end the Wizard ...

Page 185: ...PN Router Software Wizard Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 185 6 Congratulations Setup is now complete You may now log into the Web Administrator Interface and see the results View Test Results ...

Page 186: ...tself in a network If the IP address is not unique to a network Windows will generate an IP conflict error message You can assign a static IP address to a PC by performing the following steps Windows 2000 STEP 1 Click Start Settings and Control Panel Double click Network and Dial Up Connections STEP 2 Right click the Local Area Connection that is associated with the Ethernet adapter you are using ...

Page 187: ...iated with your Ethernet adapter and click Properties STEP 4 In the This connection uses the following items box select Internet Protocol TCP IP Click Properties STEP 5 Select Use the following IP address and enter a unique IP address that is not used by any other computer on the network connected to the router You can only use an IP address in the ranges 192 168 1 2 to 192 168 1 99 and 192 168 1 ...

Page 188: ...ies window e Restart the computer if asked Windows XP The following instructions are for the default interface of Windows XP If you are using the Classic interface the icons and menus look like previous Windows versions please follow the instructions for Windows 2000 a Click Start and Control Panel b Click the Network and Internet Connections icon and then the Network Connections icon c Right clic...

Page 189: ...mputer is connected to the Internet If you cannot open a web page try the ping command from a different computer to verify that your original computer is not the cause of the problem If you do NOT get a reply there may be a problem with the connection Try the ping command from a different computer to verify that your original computer is not the cause of the problem I am not getting an IP address ...

Page 190: ...l up pop up window on page 194 I can t get my Virtual Private Network VPN to work through the router Access the router s web interface by going to http 192 168 1 1 or the IP address of the router and go to VPN VPN Pass Through Make sure you have IPSec passthrough and or PPTP passthrough enabled VPNs that use IPSec with the ESP Encapsulation Security Payload known as protocol 50 authentication will...

Page 191: ...ming are used for the mail server You can get more information by viewing the documentation provided with the server you installed Follow these steps to set up port forwarding through the router s web based utility We will be setting up web ftp and mail servers STEP 1 Access the router s web based utility by going to http 192 168 1 1 or the IP address of the router Go to Firewall Single Port Forwa...

Page 192: ...ngle Port Forwarding STEP 2 Disable the entries you have entered for forwarding STEP 3 Go to Setup DMZ STEP 4 Enter the Ethernet adapter s IP address of the computer you want exposed to the Internet This will bypass the NAT security for that computer STEP 5 Select Enable to enable DMZ Hosting STEP 6 When you have completed the configuration click Save Settings I need to set up online game hosting ...

Page 193: ... factory defaults by pressing the Reset button for ten seconds and then releasing it If you are still getting prompted for a password when saving settings then perform the following steps STEP 1 Access the router s web interface by going to http 192 168 1 1 or the IP address of the router Enter the default password admin and click Administration Management STEP 2 Enter the old password in the Old ...

Page 194: ...l Panel Double click Internet Options STEP 2 Click the Connections tab STEP 3 Click LAN settings and remove anything that is checked STEP 4 Click OK to go back to the previous window STEP 5 Click the option Never dial a connection This will remove any dial up pop ups for PPPoE users For Netscape 4 7 or higher STEP 1 Start Netscape Navigator and click Edit Preferences Advanced and Proxies STEP 2 Ma...

Page 195: ... found in Chapter 5 Setting Up and Configuring the Router The firmware upgrade failed The upgrade could have failed for a number of reasons Use the WRVS4400N Firmware Upgrade Utility to upgrade the firmware Follow these steps to upgrade the firmware STEP 1 Go to the Cisco website at www cisco com and download WRVS4400N Firmware Upgrade Utility v1 3 which will be listed with the firmware Save the z...

Page 196: ...on at 20 seconds STEP 4 Click Save Settings If the connection is lost again follow steps 1 and 2 to re establish connection I can t access my e mail web or VPN or I am getting corrupted data from the Internet The Maximum Transmission Unit MTU setting may need to be adjusted By default the MTU is set at 1500 For most DSL users it is strongly recommended to use MTU 1492 If you are having difficultie...

Page 197: ...e password if asked the default password is admin STEP 3 Click Firewall Port Range Triggering STEP 4 Enter any name you want to use for the Application Name STEP 5 Enter the Start and End Ports of the Triggered Range Check with your Internet application provider for more information on which outgoing port services it is using STEP 6 Enter the Start and End Ports of the Forwarded Range Check with y...

Page 198: ...ed by your ISP Make sure that your browser is set to connect directly and that any dial up is disabled For Internet Explorer click Tools Internet Options and then the Connection tab Make sure that Internet Explorer is set to Never dial a connection For Netscape Navigator click Edit Preferences Advanced and Proxy Make sure that Netscape Navigator is set to Direct connection to the Internet I m tryi...

Page 199: ...s but those protocols cannot connect from the Internet to the LAN Q What is Network Address Translation and what is it used for Network Address Translation NAT translates multiple IP addresses on the private LAN to one public address that is sent out to the Internet This adds a level of security since the address of a PC connected to the private LAN is never transmitted on the Internet Furthermore...

Page 200: ...n with one public IP Q How do I get Half Life Team Fortress to work with the router The default client port for Half Life is 27005 The computers on your LAN need to have clientport 2700x added to the HL shortcut command line the x would be 6 7 8 and on up This lets multiple computers connect to the same server One problem Version 1 0 1 6 won t let multiple computers with the same CD key connect at...

Page 201: ...acintosh environment Yes but the router s setup pages are accessible only through Internet Explorer 5 0 or Netscape Navigator 5 0 or higher for Macintosh Q I am not able to get the web configuration window for the router What can I do You may have to remove the proxy settings on your Internet browser e g Netscape Navigator or Internet Explorer Or remove the dial up settings on your browser Check w...

Page 202: ...e router can establish 2 048 sessions at the same time but you can only forward 30 ranges of ports Q Does the router replace a modem Is there a cable or DSL modem in the router No this version of the router must work in conjunction with a cable or DSL modem Q Which modems are compatible with the router The router is compatible with virtually any cable or DSL modem that supports Ethernet Q How can ...

Page 203: ...om www cisco com QuickVPN works with computers running Windows 2000 XP or Vista Computers using other operating systems will have to use third party VPN software For Windows Vista QuickVPN Client version 1 2 5 or later is required This appendix includes the following sections Before You Begin page 204 Installing the Cisco QuickVPN Software page 205 Using the Cisco QuickVPN Software page 207 Distri...

Page 204: ...ty Router with VPN that is properly configured to accept a QuickVPN connection Follow these instructions to configure the router s VPN client settings STEP 1 Click VPN VPN Client Accounts STEP 2 Enter the username in the Username field STEP 3 Enter the password in the Password field and enter it again in the Re enter to confirm field STEP 4 Click Add Save STEP 5 Click the Active check box for VPN ...

Page 205: ... the Cisco QuickVPN Software Installing from the CD ROM STEP 1 Insert the WRVS4400N CD ROM into your CD ROM drive Go to the Start menu and then click Run In the field provided enter D VPN_Client exe if D is the letter of your CD ROM drive STEP 2 The License Agreement window appears Click Yes to accept the agreement and the appropriate files are copied to the computer License Agreement ...

Page 206: ...the Cisco QuickVPN Software Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 206 B Copying Files Finished Installing Files STEP 3 Click Finished to complete the installation Proceed to Using the Cisco QuickVPN Software on page 207 ...

Page 207: ...from the menu STEP 4 Select QuickVPN Utility STEP 5 Save the zip file to your PC and extract the exe file STEP 6 Double click the exe file and follow the on screen instructions Proceed to the next section Using the Cisco QuickVPN Software on page 207 Using the Cisco QuickVPN Software STEP 1 Double click the Cisco QuickVPN software icon on your desktop or in the system tray The QuickVPN Login windo...

Page 208: ...ile click Save If there are multiple sites to which you will need to create a tunnel you can create multiple profiles but note that only one tunnel can be active at a time To delete this profile click Delete For information click Help STEP 3 To begin your QuickVPN connection click Connect The connection s progress is displayed Connecting Provisioning Activating Policy and Verifying Network STEP 4 ...

Page 209: ...sword For information click Help STEP 5 If you clicked Change Password and have permission to change your own password you will see the Connect Virtual Private Connection window Enter your password in the Old Password field Enter your new password in the New Password field Then enter the new password again in the Confirm New Password field Click OK to save your new password Click Cancel to cancel ...

Page 210: ...rtificate as follows a Log on to the Web based Utility b Select VPN VPN Client Accounts c Click Generate to generate a new certificate d Click Export for Client and save the certificate as a PEM file STEP 2 Distribute the certificate to all QuickVPN users STEP 3 Each QuickVPN user must then install the certificate as follows a Save the certificate into the directory where the QuickVPN Client is in...

Page 211: ...ows 2000 or Windows XP It includes the following sections Introduction on page 211 Environment on page 212 Introduction This appendix explains how to configure an IPSec VPN tunnel between two VPN routers by example In this example two personal computers test the liveliness of the tunnel You can think of VPN Router1 the Internet and VPN Router2 as a big virtual router that connects PC1 on LAN1 and ...

Page 212: ...tructions for the first VPN Router designated VPN Router 1 The other VPN Router is designated VPN Router 2 STEP 1 Launch the web browser for a networked PC designated PC 1 STEP 2 Enter the VPN Router s local IP address in the Address field default is 192 168 1 1 Then press Enter A password request window appears Non Windows XP users see a similar window STEP 3 Complete the User Name and Password f...

Page 213: ...he VPN Router s local IP address in the Address field default is 192 168 1 1 Then press Enter STEP 3 A password request window will appear Non Windows XP users will see a similar window Complete the User Name and Password fields admin is the default user name and password Then click the OK button STEP 4 If the LAN IP address is still the default one change it to 172 168 1 1 and save the setting ST...

Page 214: ...ple 13572468 STEP 5 For the PFS setting select Enabled STEP 6 If you need more detailed settings click the Advanced Settings button Otherwise click the Save Settings button and proceed to the next section Configuring the Key Management Settings for VPN Router 2 on page 215 STEP 7 On the Advanced VPN Tunnel Setup window keep the default Operation Mode Main STEP 8 For Phase 1 select 3DES from the En...

Page 215: ...s you did for configuring VPN Router 1 Configuring PC 1 and PC 2 STEP 1 Set PC 1 and PC 2 to be DHCP clients refer to Windows Help for more information STEP 2 Verify that PC 1 and PC 2 can ping each other refer to Windows Help for more information If the computers can ping each other then you know the VPN tunnel is configured correctly You can select different algorithms for the encryption authent...

Page 216: ...ress in Windows 98 Me 2000 or XP Windows 98 or Me Instructions STEP 1 Click Start Run In the Open field enter winipcfg Then press the Enter key or the OK button STEP 2 The IP Configuration window appears Select the Ethernet adapter you have connected to the Router via a CAT 5 Ethernet network cable STEP 3 Write down the Adapter Address as shown on your computer screen This is the MAC address for y...

Page 217: ... Then press the Enter key STEP 3 Write down the Physical Address as shown on your computer screen It is the MAC address for your Ethernet adapter This appears as a series of numbers and letters The MAC address Physical Address is what you will use for MAC address cloning or MAC filtering For the Router s Web based Utility For MAC address cloning enter the MAC Address in the MAC Address field or se...

Page 218: ...s available for online purchase through online resellers such as CDW com and PCConnection com This appendix explains how to use this service and includes the following sections How to Access the Web Based Utility page 218 How to Purchase Register or Activate the Service page 219 How to Use the Service page 222 How to Access the Web Based Utility STEP 1 For local access of the router s web based ut...

Page 219: ...er or use https WAN IP address of the router if you have enabled the HTTPS feature STEP 2 A login window prompts you for your User name and Password Enter admin in the User name field and enter admin in the Password field You can change the Password on the Setup Password window Then click OK Login Window How to Purchase Register or Activate the Service You can purchase register or activate the ser...

Page 220: ... for the appropriate option I want to learn more about Trend Micro ProtectLink I want to register online I want to activate Trend Micro ProtectLink I want to learn more about Trend Micro ProtectLink Gateway To learn more about this service click this link You will be redirected to a list of resellers for the ProtectLink Gateway service on Cisco com I have purchased ProtectLink Gateway and want to ...

Page 221: ...tLink Gateway If you have registered click this link A wizard begins Follow the on screen instructions When the wizard is complete the Web Protection Email Protection and License menus will appear NOTE If you replace the router with a new router that supports this service click I have my Activation Code AC and want to activate ProtectLink Gateway Then use your current activation code to transfer y...

Page 222: ...NOTE You need to purchase a ProtectLink Gateway license to use the Web Protection and Email Protection features If you do not have a license you will be prompted to purchase a license when you click ProtectLink Web Protection or ProtectLink Email Protection ProtectLink Web Protection The Web Protection features are provided by the router Configure the website filtering settings on the ProtectLink ...

Page 223: ...Trend Micro ProtectLink Gateway Service How to Use the Service Cisco WRVS4400N Wireless N Gigabit Security Router with VPN Administration Guide 223 E ProtectLink Web Protection ...

Page 224: ... during non business hours select this option Instances Blocked The number of attempted visits is displayed Business Hour Setting Business Days Select the appropriate days The default days are Mon through Fri Business Times To specify entire days keep the default All day 24 hours To specify hours select Specify business hours For morning hours select Morning and then select the appropriate From an...

Page 225: ...ients select this option IP addresses range Enter the appropriate IP addresses or ranges Separate multiple URLs with semicolons For a range of IP addresses use a hyphen Example 10 1 1 0 10 1 1 10 Add To add the IP addresses or ranges click Add Approved Clients list The IP addresses or range of trusted clients are displayed To delete an IP address or range click its trash can icon URL Overflow Cont...

Page 226: ...ection NOTE To have your e mail checked you will need to provide the domain name and IP address of your e mail server If you do not know this information contact your ISP https us imhs trendmicro com cisco To set up e mail protection click this link You will be redirected to the Trend Micro ProtectLink Gateway website Then follow the on screen instructions ProtectLink License The license for the T...

Page 227: ...on online ProtectLink License License Update Information To refresh the license information displayed on screen click Update Information License Information View detailed license online To view license information online click this link Status The status of your license Activated or Expired is displayed Platform The platform type Gateway Service is automatically displayed License expires on The da...

Page 228: ...rds Draft IEEE802 11n IEEE802 11g IEEE802 11b IEEE802 3 IEEE802 3u 802 1X Security Authentication IEEE802 1Q VLAN 802 11i Security WPA2 802 11e Wireless QoS IPv4 RFC791 IPv6 RFC2460 RIPv1 RFC1058 RIPv2 RFC1723 Ports Ethernet Power Buttons Reset Cabling Type UTP Cat 5e or better LEDs Power Diag IPS blinks red in the case of an internal attack blinks green in the case of an external attack Wireless ...

Page 229: ...ts Up to 64 Clients Wireless Securities WEP WPA Personal WPA Enterprise WPA2 Personal WPA2 Enterprise Antenna 3 Omnidirectional Gain in dBi is 1 8 NAT Throughput Up to 800 Mb s when IPS is disabled Web UI Built in web user interface UI for easy browser based configuration HTTP HTTPS SNMP Version SNMP Version 1 2c Event Logging Event logging Local Syslog E mail alerts Web F W upgrade Firmware upgra...

Page 230: ...I firewall Content Filtering Static URL blocking or keyword blocking included Dynamic Filtering through Trend Micro ProtectLink Gateway Security Service optional IPS Intrusion Prevention System IP Sweep Detection Application Anomaly Detection HTTP FTP Telnet RCP P2P Control Instant Messenger Control L3 L4 Protocol IP TCP UDP ICMP Normalization L7 Signature Matching Signature Update Manual download...

Page 231: ...reless Client Isolation WDS Allow Wireless Signals to be Repeated by up to 2 Compatible Repeaters DHCP DHCP Server DHCP Client DHCP Relay Agent DNS DNS Relay Dynamic DNS DynDNS TZO DMZ Software configurable on any IP address Routing Static and RIP v1 v2 Device Dimensions W x D x H 6 69 x 6 69 x 1 57 in 170 x 170 x 40 mm Weight 1 01 lb 0 46kg Power 12V 1A Certification FCC Class B ICES 003 CE WiFi ...

Page 232: ...o com en US products ps9923 tsd_products_support_series_home html Firmware Downloads www cisco com en US products ps9923 index html Customer Support www cisco com en US support tsd_cisco_small_business_support_center_contacts html Warranty and End User License Agreement www cisco com go warranty Open Source License Notices www cisco com go osln Regulatory Compliance and Safety Information www cisc...

Page 233: ...For hardware setup for the Cisco WRVS4400N router see the Cisco Small Business Model WRVS4400N Wireless N Gigabit Security Router with VPN Quick Start Guide For compliance and safety information see the Regulatory Compliance and Safety Information for the Cisco Wired and Wireless Routers and Access Point Devices EMC Class B Devices ...

Reviews:

No comments

Related manuals for QuickVPN - PC

Cambium Networks PMP 450 Configuration And User'S Manual preview
PMP 450
Brand: Cambium Networks Pages: 196
Cambium Networks ePMP 1000 User Manual preview
ePMP 1000
Brand: Cambium Networks Pages: 478
Cambium PMP 450 AP User Manual preview
PMP 450 AP
Brand: Cambium Pages: 301
Cambium Networks PMP 450 AP Planning And Installation Manual preview
PMP 450 AP
Brand: Cambium Networks Pages: 287
LevelOne WAB-5120 Quick Installation Manual preview
WAB-5120
Brand: LevelOne Pages: 14
TCL LinkHub User Manual preview
LinkHub
Brand: TCL Pages: 23
TP-Link Auranet EAP110 Quick Installation Manual preview
Auranet EAP110
Brand: TP-Link Pages: 2
NC-link NC-AC44APP User Manual preview
NC-AC44APP
Brand: NC-link Pages: 26
Sprint Magic Box TREBL Design Requirements Document preview
Magic Box TREBL
Brand: Sprint Pages: 33
ISOtunes FREE 2.0 Manual preview
FREE 2.0
Brand: ISOtunes Pages: 142
LevelOne WAP-0010 User Manual preview
WAP-0010
Brand: LevelOne Pages: 42
Belkin F5L049 User Manual preview
F5L049
Brand: Belkin Pages: 30
Kraun 150Mbps ADSL2/2+ User Manual preview
150Mbps ADSL2/2+
Brand: Kraun Pages: 67
Kogan KAWRTBB300A User Manual preview
KAWRTBB300A
Brand: Kogan Pages: 16
MikroTik hAP ac2 Manual preview
hAP ac2
Brand: MikroTik Pages: 3
MIKRODEV DM50 Hardware Manual preview
DM50
Brand: MIKRODEV Pages: 15
4IPNET OWL500 Quick Installation Manual preview
OWL500
Brand: 4IPNET Pages: 22
4IPNET EAP701 User Manual preview
EAP701
Brand: 4IPNET Pages: 80

Brands by name

Popular brands

Load more brands