Cisco RV016 - Small Business - 10/100 VPN Router Administration Manual Download Page 143 | Manualshive

Page: 143 / 199

background image

VPN

Setting Up a Remote Access Tunnel for VPN Clients (Client To Gateway)

Cisco Small Business RV0xx Series Routers Administration Guide

143

9

IPSec Setup

Enter the Internet Protocol Security settings for this tunnel.

IMPORTANT:

In order for any encryption to occur, the two ends of a VPN tunnel

must agree on the methods of encryption, decryption, and authentication.

•

Keying Mode:

Choose one of the following key management methods:

-

Manual:

Choose this option if you want to generate the key yourself and

you do not want to enable key negotiation. Manual key management is
used in small static environments or for troubleshooting purposes. Enter
the required settings. For information, see

Required fields for Manual

mode, page 143

.

-

IKE with Preshared Key:

Choose this option to use the Internet Key

Exchange protocol to set up a Security Association (SA) for your tunnel.
IKE uses a preshared key to authenticate the remote IKE peer. This
setting is recommended and is selected by default. Enter the required
settings. For more information, see

Required fields for IKE with

Preshared Key, page 144

and

Advanced settings for IKE with

Preshared Key, page 145

.

•

Required fields for Manual mode

Enter the settings for manual mode.

-

Incoming

/

Outgoing SPI:

The Security Parameter Index is carried in the

ESP (Encapsulating Security Payload Protocol) header and enables the
receiver and sender to select the security association, under which a
packet should be processed. You can enter hexadecimal values from
100~ffffffff. Each tunnel must have a unique Incoming SPI and Outgoing
SPI. No two tunnels share the same SPI. The Incoming SPI here must
match the Outgoing SPI value at the other end of the tunnel, and vice
versa.

-

Encryption:

Select a method of encryption: DES or 3DES. This setting

determines the length of the key used to encrypt or decrypt ESP
packets. DES is 56-bit encryption and 3DES is 168-bit encryption. 3DES
is recommended because it is more secure.

-

Authentication:

Select a method of authentication: MD5 or SHA1. The

authentication method determines how the ESP packets are validated.
MD5 is a one-way hashing algorithm that produces a 128-bit digest.
SHA1 is a one-way hashing algorithm that produces a 160-bit digest.
SHA1 is recommended because it is more secure. Make sure that both
ends of the VPN tunnel use the same authentication method.

«
...
141
142
143
144
145
...
»

Summary of Contents for RV016 - Small Business - 10/100 VPN Router

Page 1: ...Cisco Small Business RV0xx Series Routers RV042 Dual WAN VPN Router RV042G Gigabit Dual WAN VPN Router RV082 Dual WAN VPN Router RV016 Multi WAN VPN Router ADMINISTRATION GUIDE ...

Page 2: ... of Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R ...

Page 3: ...ted with the Configuration 16 Troubleshooting Tips 17 Features of the User Interface 18 Chapter 2 Viewing System Summary Information 20 Chapter 3 Setup 26 Setting Up the Network 27 Changing the Administrator Username and Password 40 Setting the System Time 42 Setting Up a DMZ Host 43 Setting Up Port Forwarding and Port Triggering 44 Setting Up Universal Plug and Play UPnP 48 Setting Up One to One ...

Page 4: ...ng the Factory Default Settings 89 Upgrading the Firmware 90 Restarting the Router 91 Backing Up and Restoring the Settings 92 Chapter 6 Port Management 95 Configuring the Port Settings 95 Viewing the Status Information for a Port 97 Chapter 7 Firewall 99 Configuring the General Firewall Settings 99 Configuring Firewall Access Rules 103 Using Content Filters to Control Internet Access 110 Chapter ...

Page 5: ... a Gateway to Gateway Site to Site VPN 130 Setting Up a Remote Access Tunnel for VPN Clients Client To Gateway 139 Managing VPN Users and Certificates 147 Setting Up VPN Passthrough 149 Setting Up PPTP Server 150 Chapter 10 Logging System Statistics 153 Setting Up the System Log and Alerts 153 Viewing the System Log 157 Chapter 11 Wizard 159 Appendix A Glossary 161 Appendix B Troubleshooting 165 A...

Page 6: ...Considerations 173 Configuring a VPN Tunnel on a Cisco RV0xx Series Router 175 Example Sites with Static WAN IP Addresses 176 Example Site with a Dynamic WAN IP Address 179 Appendix E IPSec NAT Traversal 183 Overview 183 Appendix F Bandwidth Management 186 Creation of New Services 186 Creation of New Bandwidth Management Rules 187 Appendix G Specifications 189 RV042 189 RV042G 191 Cisco RV082 194 ...

Page 7: ...rface page 18 RV0xx Series Router Features Cisco RV0xx Series dual WAN and multi WAN VPN routers offer highly secure high performance reliable connectivity All of these routers can support a second Internet connection to ensure continuous connectivity or to increase available bandwidth and balance traffic Three models are available A comparison is provided below NOTE RV042 RV042G and RV082 have on...

Page 8: ...l Business RV042 System DIAG DMZ Internet DMZMode 1 2 3 4 Internet 278822 278824 1 2 3 4 5 6 7 8 DMZ Internet Internet 1 2 3 4 5 6 7 8 DIAG System Internet DMZ Internet DMZ Mode Cisco Small Business RV082 10 100 16 Port VPN Router 278826 Cisco Small Business RV016 10 100 16 Port VPN 1 2 3 4 5 6 7 8 97 106 115 124 133 Internet 2 Internet 1 DMZ 1 2 3 4 5 6 7 8 9 10 11 12 13 7 6 5 4 3 2 1 DIAG System...

Page 9: ...ic to access a specified computer on your network without exposing your LAN DMZ RV016 Use this port to connect the router to a DMZ host such as a web server or FTP server A DMZ allows public Internet traffic to access a specified computer on your network without exposing your LAN 1 4 RV042 and RV042G or 1 8 RV082 and RV016 Use these numbered ports to connect computers and other local network devic...

Page 10: ... There is network activity over the port DMZ Mode RV082 RV042 RV042G Lit The DMZ Internet port is configured as a DMZ Unlit The DMZ Internet port is configured as a secondary Internet connection 1 4 1 8 Steady A device is connected to the numbered LAN port Flashing There is network activity over the numbered port RV042G Gigabit Ports For the Internet DMZ Internet and numbered ports the color indic...

Page 11: ...s connecting to the Internet use the tip of a pen to press and hold the Reset button for one second To restore factory default settings If you are experiencing extreme problems with the router and have tried all other troubleshooting measures press and hold the Reset button for 30 seconds to restore the factory default settings All previously entered settings will be abandoned Security Slot Use th...

Page 12: ...re of 104 F 40 C Air Flow Be sure that there is adequate air flow around the router Mechanical Loading Be sure that the router is level and stable to avoid any hazardous conditions Desktop Placement Place the router on a flat surface near an electrical outlet WARNING Do not place anything on top of the router excessive weight could damage it Parameter Default Value Username admin Password admin LA...

Page 13: ...rated below not true to scale WARNING Insecure mounting might damage the router or cause injury Cisco is not responsible for damages incurred by insecure wall mounting WARNING For safety ensure that the heat dissipation holes are facing sideways STEP 1 Drill two pilot holes into the surface RV042 and RV042G 58 mm apart RV082 and RV016 94 mm apart Suggested Hardware for RV042 and RV042G Suggested H...

Page 14: ...ded CAUTION Do not overload the power outlet or circuit when installing multiple devices in a rack STEP 1 Place the router on a hard flat surface STEP 2 Attach one of the supplied rack mount brackets to one side of the router with the supplied screws Secure the bracket tightly STEP 3 Follow the same steps to attach the other bracket to the opposite side STEP 4 Use suitable screws to securely attac...

Page 15: ... an Ethernet cable from the broadband network device to the Internet 1 port of the router RV016 Internet 1 Port STEP 3 To connect a secondary Internet service RV042 RV042G and RV082 Connect an Ethernet cable from the DMZ Internet port to a second broadband network device 199619 DMZ Internet 1 2 3 4 Internet 199620 1 2 3 4 5 6 7 8 DMZ Internet Internet 1 2 3 4 5 6 7 8 DIAG System Internet DMZ Inter...

Page 16: ...o a power outlet The System status light is green STEP 8 Power on the other network devices Getting Started with the Configuration STEP 1 Connect a computer to a numbered LAN port on the router Your PC will become a DHCP client of the router and will receive an IP address in the 192 168 1 x range STEP 2 Start a web browser To use the configuration utility you need a PC with Internet Explorer versi...

Page 17: ...ty Verify that your web browser is not set to Work Offline Check the Local Area Connection settings for your Ethernet adapter The PC needs to obtain an IP address through DHCP Alternatively it can have a static IP address in the 192 168 1 x range with the default gateway set to 192 168 1 1 the router s default IP address Verify that you entered the correct settings in the Wizard to set up your Int...

Page 18: ...o these topics Navigation page18 Pop Up Windows page19 Setup Wizards page19 Saving the Settings page19 Help page19 Logout page19 Navigation The major modules of the configuration utility are represented by buttons in the left navigation pane Click a button to view more options Click an option to open a configuration page The selected page appears in the main window of the configuration utility 1 N...

Page 19: ... two wizards Basic Setup Click Launch Now to configure the basic settings for your Internet connection and DMZ Follow the on screen instructions Access Rule Setup Click Launch Now to configure access rules for the WAN LAN and DMZ Follow the on screen instructions Saving the Settings Your settings on a configuration page are not saved until you click the Save button When you navigate to another pag...

Page 20: ...o can view this page by clicking System Summary in the navigation tree Use this page to view information about the current status of the router and the settings Refer to these topics System Information page 21 Cisco ProtectLink Web page 21 Configuration page 22 Port Statistics page 22 WAN Status page 24 Firewall Setting Status page 25 VPN Setting Status page 25 Log Setting Status page 25 ...

Page 21: ...or the optional Cisco ProtectLink Web service ProtectLink Web provides security for your network It filters website addresses URLs and blocks potentially malicious websites Also see Chapter 8 Getting Started with Cisco ProtectLink Web NOTE This service is not available on Cisco RV042G You can use the following buttons Go buy Click this button to purchase a license to use this service You will be r...

Page 22: ...cess to detailed information about current link activity Port ID The port label Interface The type of interface such as LAN WAN or DMZ Multiple WAN interfaces are indicated by a number such as WAN1 or WAN2 Status The status of the port Disabled red Enabled black or Connected green The status is a hyperlink that you can click to open the Port Information window Port Information Window If you click ...

Page 23: ...of port 10Base T 100 Base TX Interface The type of interface such as LAN DMZ or WAN Link Status The current status of the link Up or Down Port Activity The current activity on the port either Port Enabled Port Disabled or Port Connected Priority The priority setting High or Normal Speed Status The speed 10Mbps or 100Mbps Duplex Status The duplex mode Half or Full ...

Page 24: ... Cisco RV016 additional WAN interfaces may be configured Use the tabs to view the IPv4 and IPv6 information NOTE The IPv6 tab is available if Dual Stack IP is enabled on the Setup Network page WAN information IP Address The current public IP address for this interface Default Gateway The default gateway for this interface DNS The IP address of the DNS server for this interface Dynamic DNS IPv4 onl...

Page 25: ...enial of Service The status of this feature On green or Off red Block WAN Request The status of this feature On green or Off red Remote Management The status of this feature On green or Off red Access Rule The number of access rules that have been set VPN Setting Status This section displays the following information Tunnel s Used The number of VPN tunnels in use Tunnel s Available The number of V...

Page 26: ...ging the Administrator Username and Password page 40 Setting the System Time page 42 Setting Up a DMZ Host page 43 Setting Up Port Forwarding and Port Triggering page 44 Setting Up Universal Plug and Play UPnP page 48 Setting Up One to One NAT page 51 Cloning a MAC Address for the Router page 53 Assigning a Dynamic DNS Host Name to a WAN Interface page 55 Setting Up Advanced Routing page 57 IPv6 T...

Page 27: ...m Any unsaved changes are abandoned This page includes the following sections Host Name and Domain Name page 27 LAN Setting device IP address and subnets page 28 WAN Setting Internet connection page 31 DMZ Setting page 32 Host Name and Domain Name Some ISPs require that you assign a host name and domain name to identify your router on the ISP network Default values are provided but you can change ...

Page 28: ...6 addresses Changing the device IP address STEP 1 Enter the following information For IPv4 Click the IPv4 tab and then enter the Device IP Address and Subnet Mask The default IP address is 192 168 1 1 and the default subnet mask is 255 255 255 0 Note The MAC address of the router also appears in this section This value cannot be changed For IPv6 Click the IPv6 tab and then enter the IPv6 Address a...

Page 29: ...if you choose 192 168 15 1 as the device IP address devices will receive IP addresses in the range of 192 168 2 x By default a Windows PC receives an IP address dynamically If you previously disabled the router s DHCP server or set a static IP address on the PC you will need to configure a new static IP address in the new range STEP 4 To reconnect to the configuration utility enter the new device ...

Page 30: ... IP address of 192 168 2 1 and a subnet mask of 255 255 255 0 Four subnets If the router has a LAN IP Address of 192 168 1 1 and the Subnet Mask of 255 255 255 192 you could create three subnets with IP addresses of 192 168 2 65 192 168 2 129 and 192 168 2 193 with the same subnet mask of 255 255 255 192 To add another subnet Enter the information and then click Add to list To modify a subnet Clic...

Page 31: ...p section click Launch Now The WAN Setting table displays the existing settings for each interface such as DMZ WAN1 or WAN2 The listed interfaces depend on the router model and the settings that you enter for ports such as DMZ Internet all models and the Dual Function ports Cisco RV016 Perform the following actions as needed To configure the WAN with IPv6 addressing Click the IPv6 tab Then proceed...

Page 32: ...LAN servers or putting these servers on WAN ports where they are not protected and not accessible by users on the LAN Each of the servers on the DMZ will need a unique public Internet IP address Your ISP should be able to provide these addresses as well as information on setting up public Internet servers If you plan to use the DMZ setting contact your ISP for the static IP information If your ISP...

Page 33: ...on Guide 33 3 To edit DMZ settings Click the Edit icon to open the Edit DMZ Connection page For more information see Editing a DMZ Connection page 38 If you have not saved your settings a warning appears Click OK to save your settings or click Cancel to close the window without saving ...

Page 34: ...OTE Before navigating away from this page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned Interface The selected WAN port appears This ID cannot be changed WAN Connection Type Choose a connection type as described below Obtain an IP Automatically Choose this option if your ISP dynamically assigns an IP address For example most cable modem subscribers...

Page 35: ...L lines Then enter the settings provided by your ISP Username and Password Enter the username and password for your ISP account The maximum number of characters is 60 Connect on Demand This feature may be helpful if you are billed based on the time that you are connected to the Internet When this feature is enabled the connection will be disconnected after a specified period of inactivity Max Idle...

Page 36: ...on can be inactive when this limit is reached the connection is terminated The default Max Idle Time is 5 minutes Keep Alive This feature ensures that your router is always connected to the Internet When this feature is enabled the router keeps the connection alive by sending out a few data packets periodically This option keeps your connection active indefinitely even when it sits idle If you ena...

Page 37: ...d enable a request for prefix delegation through the selected interface This option is typically used if your ISP is capable of sending LAN prefixes via DHCPv6 option If your ISP does not support this option then you can manually configure a LAN prefix by entering the LAN IPv6 address below Note When DHCP PD is enabled the manual LAN IPv6 addressing below will be disabled and vice versa LAN IPv6 A...

Page 38: ...f the Network page NOTE Before navigating away from this page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned If you are using IPv4 addressing enter the following information Subnet Choose this option to place the DMZ on a different subnet than the WAN default setting Enter an IP address and subnet mask for the DMZ Range Choose this option to place t...

Page 39: ... 39 3 If you are using IPv6 addressing enter the following information Specify DMZ IPv6 Address Enter an IPv6 address for the DMZ Replace the default double colon with a valid IPv6 address for your DMZ Prefix Length Enter the prefix length The default value is 64 ...

Page 40: ... or forgotten you have to reset the router to its factory default settings Doing so will remove all of your configuration changes NOTE You must change the administrator password if you enable remote access on the Firewall General page Before navigating away from this page click Save to save your settings or click Cancel to undo them After you change the username or password you will be required to...

Page 41: ... Password Complexity is enabled the password must meet the requirements listed below Your entries are validated when you click the Save button Includes at least 8 characters Is not the same as the username Is not the same as the current password Contains characters from at least 3 of the following 4 categories uppercase letters lowercase letters numbers and special characters available on a standa...

Page 42: ...Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned Choose one of the following options to set the time and then enter the required information Set the local time using Network Time Protocol NTP automatically Choose this option to allow the router to receive the time settings automatically from an NTP server Then enter the following settings Time Zone Select y...

Page 43: ... as 15 17 00 for 3 17 00 p m Setting Up a DMZ Host Use the Setup DMZ Host page to allow one host in the LAN to be exposed to the Internet to use services such as Internet gaming and video conferencing Access to the DMZ Host from the Internet can be further restricted by using firewall access rules To open this page Click Setup DMZ Host in the navigation tree Enter the IP address of the network dev...

Page 44: ...is page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned Port Range Forwarding Port forwarding can be used to set up public services on your network When users from the Internet make certain requests to your network the router can forward those requests to computers that are equipped to handle the requests If for example you set the port number 80 HTT...

Page 45: ...list Click the entry that you want to modify The information appears in the text fields Make the changes and then click Update If you do not need to make changes you can click Add New to de select the entry and clear the text fields To delete an entry from the list Click the entry that you want to delete and then click Delete To select a block of entries click the first entry hold down the Shift k...

Page 46: ...anagement window add or update entries as needed Before closing this window click OK to save your settings or click Cancel to undo them Any unsaved changes are abandoned To add a service to the list Enter the following information and then click Add to List You can have up to 30 services in the list Service Name Enter a short description Protocol Choose the required protocol Refer to the documenta...

Page 47: ...ate between the server and LAN host When you want to use these applications enter the triggering outgoing port and alternate incoming port in the Port Triggering table Then the router will forward the incoming packets to the specified LAN host Add or edit entries as needed Remember that the settings are not saved until you click the Save button To add an entry to the list Enter the following infor...

Page 48: ...ick View near the bottom of the page Choose Port Range Forwarding or Port Triggering To update the display click Refresh To return to the Forwarding page click Close Setting Up Universal Plug and Play UPnP Use the Setup UPnP page to enable Universal Plug and Play UPnP This feature allows Windows to automatically configure the router to open and close ports for Internet applications such as gaming ...

Page 49: ...the entry that you want to modify The information appears in the text fields Make the changes and then click Update If you do not need to make changes you can click Add New to de select the entry and clear the text fields To delete an entry from the list Click the entry that you want to delete and then click Delete To select a block of entries click the first entry hold down the Shift key and then...

Page 50: ...ement window add or update entries as needed Before closing this window click OK to save your settings or click Cancel to undo them Any unsaved changes are abandoned To add a service to the list Enter the following information and then click Add to List You can have up to 30 services in the list Service Name Enter a short description Protocol Choose the required protocol Refer to the documentation...

Page 51: ...se the Setup One to One NAT page to enable One to One NAT Network Address Translation This process creates a relationship that maps a valid external IP address to an internal IP address that is hidden by NAT Traffic can then be routed from the Internet to the specified internal resource NOTE For best results reserve IP addresses for the internal resources that you want to reach through one to one ...

Page 52: ...Do not include the router s WAN IP address in this range Range Length Enter the number of IP addresses in the range The range length cannot exceed the number of valid IP addresses To map a single address enter 1 To add another new entry Enter the information and then click Add to list To modify an entry in the list Click the entry that you want to modify The information appears in the text fields ...

Page 53: ...eviously registered another MAC address with your ISP you can use the Setup MAC Address Clone page to clone that address to your Cisco RV0xx Series router By using this process you don t have to call your ISP to change the registered MAC address To open this page Click Setup MAC Address Clone in the navigation tree This page displays the current settings Click the Edit icon to display the Edit MAC...

Page 54: ...tings or click Cancel to undo them Any unsaved changes are abandoned To clone a MAC address enter the following settings User Defined WAN MAC Address To manually clone a MAC address click the radio button and then enter the 12 digits of the MAC address that you registered with your ISP MAC Address from this PC To clone the MAC address of the computer you are currently using to configure the router...

Page 55: ...es with your Dynamic DNS information Before configuring Dynamic DNS on the router you need to visit www dyndns org and register a domain name The service is provided by DynDNS org For users in China visit www 3322 org to register To open this page Click Setup Dynamic DNS in the navigation tree NOTE Before navigating away from this page click Save to save your settings or click Cancel to undo them ...

Page 56: ...ck Register to go to the DynDNS com website where you can sign up for free Dynamic DNS service Click the Sign up FREE link and then continue through all of the steps Password Enter the password for your DDNS account Host Name Use these three fields to enter the host name that you registered with your DDNS provider For example if your host name is myhouse dyndns org then enter myhouse in the first ...

Page 57: ...TE Before navigating away from this page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned Perform the following tasks To configure static or dynamic routing Click the IPv4 or IPv6 tab and then enter the settings See these topics Configuring Dynamic Routing page 58 Configuring Static Routing page 59 To view current data Click View near the bottom of th...

Page 58: ... router to exchange its routing information automatically with other routers and to dynamically adjust its routing tables as network changes occur RIP prevents routing loops by using a hop limit To enable this option select Enabled Otherwise keep the default setting Disabled If you enable this feature also configure the following settings Receive RIP versions Select the RIP protocol for receiving ...

Page 59: ...tandard Class C IP domain the network address is the first three fields of the Destination LAN IP while the last field should be 0 Subnet Mask IPv4 only Enter the subnet mask used on the destination LAN IP domain For Class C IP domains the subnet mask is 255 255 255 0 Prefix Length Pv6 only Enter the prefix length Default Gateway Enter the IP address of the router of the network for which this sta...

Page 60: ...d New to de select the entry and clear the text fields To delete an entry from the list Click the entry that you want to delete and then click Delete To select a block of entries click the first entry hold down the Shift key and then click the final entry in the block To select individual entries press the Ctrl key while clicking each entry To de select an entry press the Ctrl key while clicking t...

Page 61: ... to undo them Any unsaved changes are abandoned Next steps For a typical deployment such as setting up a 6to4 tunnel between your RV0xx Series router and a Cisco RV Series router at another site you also should complete the tasks listed below On the DHCP Router Advertisement page enable managed RA flags to support auto configuration of connected devices Verify that your IPv6 devices acquire 6to4 p...

Page 62: ...e of addresses on the local network and the destination is a single IP address or a range of addresses on the remote network Complete the required tasks on the router at the other end of the 6to4 tunnel NOTE For detailed application notes see the documentation links in Appendix H Where to Go From Here ...

Page 63: ...Protocol server or as a DHCP relay agent A DHCP server automatically assigns available IP addresses to computers on your network An address is leased to a client for a specified time and then it expires and can be assigned to a different device If a device needs to have an unchanging IP addresses you can add the device to the Static IP list Optionally you can use the Static IP list to block access...

Page 64: ...nnected devices Uncheck the box if you have another DHCP server on the network or you want to configure static IP addresses for your network devices If you enable this feature enter the settings in the Dynamic IP section of the page as described below Other sections of this page are optional DHCP Relay IPv4 only If you have another DHCP server enable DHCP Relay to allow this router to communicate ...

Page 65: ...0 149 Do not include the router s LAN IP address in this dynamic IP range For example if the router uses the default LAN IP address 192 168 1 1 then the starting value must be 192 168 1 2 or greater DNS used for DHCP Server only Optionally enter the IP address of a DNS Server You also can enter a secondary DNS server Specifying a DNS server can provide quicker access than using a DNS server that i...

Page 66: ...roperties button Choose Use the following IP address and enter the IP address subnet mask and default gateway the router IP address Optionally enter a preferred DNS server Choose devices from a list or enter the device IP addresses and MAC addresses manually Assigning static IP addresses by adding devices from a list page 66 Assigning static IP addresses by entering devices manually page 67 Using ...

Page 67: ...eed to make changes you can click Add New to de select the entry and clear the text fields To delete an entry from the list Click the entry that you want to delete and then click Delete To select a block of entries click the first entry hold down the Shift key and then click the final entry in the block To select individual entries press the Ctrl key while clicking each entry To de select an entry...

Page 68: ...evices that are not on the list or do not have the correct IP address STEP 1 Add devices to the Static IP list as described in About Static IP Addresses for IPv4 Only page 66 STEP 2 Enable or disable the following features Block MAC address on the list with wrong IP address Check this box to prevent a computer from accessing your network if its IP address has been changed For example if you previo...

Page 69: ...AN IP address of the router as the Preferred DNS Server For more information refer to the documentation for the client that you are configuring Add or update entries as needed Remember that the settings are not saved until you click the Save button To add a new entry Enter the following information Then click Add to list Host Name Enter the domain name such as example com or example org If you do ...

Page 70: ... The IP address of the DHCP server Dynamic IP Used The number of dynamic IP addresses used Static IP Used IPv4 only The number of static IP addresses used DHCP Available The number of dynamic IP addresses available Total The total number of dynamic IP addresses that can be assigned by the DHCP server Client Table For all network clients using the DHCP server the Client Table shows the current DHCP...

Page 71: ...ack IP on the Setup Network page If you did not do so a message appears when you try to open this page After reading the message you can click OK to configure the network settings or click Cancel simply to close the message To open this page Click DHCP Router Advertisement in the navigation tree NOTE Before navigating away from this page click Save to save your settings or click Cancel to undo the...

Page 72: ... through router advertisements and not DHCPv6 Router Preference Choose High Medium or Low This preference metric is useful in a network topology in which multi homed hosts have access to multiple routers This metric helps a host to choose an appropriate router If two routers are reachable the one with the higher preference will be chosen These values are ignored by hosts that do not implement rout...

Page 73: ...ing Built In Diagnostic Tools page 87 Restoring the Factory Default Settings page 89 Upgrading the Firmware page 90 Restarting the Router page 91 Backing Up and Restoring the Settings page 92 Setting Up Dual WAN and Multi WAN Connections Use the System Management Dual WAN page or Multi WAN on RV016 to configure the settings for your Internet connections if you are using more than one WAN interface...

Page 74: ...can choose one of the following modes to manage your WAN connections Smart Link Backup Choose this mode to ensure continuous connectivity If the primary WAN connection is unavailable the backup WAN connection is used Load Balance Choose this mode to use both Internet connections simultaneously to increase the available bandwidth The router balances the traffic between the two interfaces in a weigh...

Page 75: ...c between the interfaces in a weighted round robin fashion IP Group By Users Select this option to group traffic on each WAN interface by priority levels or classes of service CoS With this feature you can ensure bandwidth and higher priority for the specified services and users All traffic that is not added to the IP Group uses Intelligent Balancer mode To specify the services and users click the...

Page 76: ...he settings on the Edit Dual WAN settings page For more information see Editing the Dual WAN and Multi WAN Settings page 77 NOTE If there are unsaved changes on the Dual WAN page a warning appears You can click OK to close the message Then click Save to save your changes After saving your changes click the Edit icon Alternatively when the warning appears click Cancel to continue to the edit page w...

Page 77: ...eeds the specified number then the router uses another WAN interface for the next connection Upstream Enter the maximum upstream bandwidth provided by your ISP The default is 512 kbit sec Downstream Enter the maximum downstream bandwidth provided by your ISP The default is 512 kbit sec Network Service Detection Optionally check the box to allow the router to detect network connectivity by pinging ...

Page 78: ...date entries as needed Remember that your entries are not saved until you click the Save button To add a new entry to the list Enter the settings as described below and then click Add to list Service Choose a service or All Traffic to bind to this WAN interface If a service is not listed you can click Service Management to add it For more information see Adding a service page 79 Source IP and Dest...

Page 79: ...ice list or to change an entry that you created previously click Service Management If the web browser displays a warning about the pop up window allow the blocked content In the Service Management window add or update entries as needed Before closing this window click OK to save your settings or click Cancel to undo them Any unsaved changes are abandoned To add a service to the list Enter the fol...

Page 80: ...n the text fields Make the changes and then click Update If you do not need to make changes you can click Add New to de select the service and clear the text fields To delete a service from the list Click the entry that you want to delete To select a block of entries click the first entry hold down the Shift key and click the final entry in the block To select individual entries hold down the Ctrl...

Page 81: ...nagement Bandwidth Management in the navigation tree NOTE Before navigating away from this page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned Max Bandwidth Provided by ISP Enter the maximum bandwidth settings as specified by your Internet Service Provider Upstream Enter the maximum upstream bandwidth provided by your ISP The default is 512 kbit sec...

Page 82: ...only Enter the minimum rate Kbit sec for the guaranteed bandwidth Max Rate for Rate Control only Enter the maximum rate Kbit sec for the guaranteed bandwidth Priority for Priority management only Choose the priority for this service High or Low Enable Check the box to enable this feature or uncheck the box to disable this feature To add another service to the list Enter the information and then cl...

Page 83: ...indow add or update entries as needed Before closing this window click OK to save your settings or click Cancel to undo them Any unsaved changes are abandoned To add a service to the list Enter the following information and then click Add to List You can have up to 30 services in the list Service Name Enter a short description Protocol Choose the required protocol Refer to the documentation for th...

Page 84: ...SNMP for this router SNMP or Simple Network Management Protocol is a network protocol that allows network administrators to manage monitor and receive notifications of critical events as they occur on the network The router supports SNMP v1 v2c The router supports standard MIBs Management Information Bases such as MIBII as well as private MIBs The router acts as an SNMP agent that replies to SNMP ...

Page 85: ...o 64 alphanumeric characters The default is private Trap Community Name Create the password that will be sent with each trap to the SNMP manager You can enter a name including up to 64 alphanumeric characters The default is public Send SNMP Trap to For IPv4 Enter the IP address or domain name for the server where you are running your SNMP management software Send SNMP Trap to For IPv6 When Dual St...

Page 86: ...r This utility discovers Cisco devices in the network and display basic information such as serial numbers and IP addresses to aid in the configuration and deployment For more information and to download the utility please visit www cisco com go findit To open this page Click System Management Discovery Bonjour in the navigation tree Check the Enable box to enable Bonjour Uncheck the box to disabl...

Page 87: ... and want to learn the IP address Choose Ping to test the connectivity to a particular IP address on the Internet DNS Name Lookup Choose this option to test connectivity to the DNS server that you specified on the Setup Network page or to look up an IP address that you want to use in the Ping test In the Look up the name field enter a host name such as www cisco com Do not include a prefix such as...

Page 88: ...lems accessing services on the Internet first try pinging your DNS server or other server at your ISP If this test is successful try pinging devices outside the ISP This will show if the problem lies with the ISP s connection Enter the IP Address and then click Go If the test is successful the following information appears Status The status of the ping test Testing Test Succeeded or Test Failed Pa...

Page 89: ...o its factory default settings Only use this feature if you want to discard all the settings and preferences that you have configured To open this page Click System Management Factory Default in the navigation tree STEP 1 Click Return to Factory Default Setting if you want to restore the router to its factory default settings STEP 2 When the confirmation message appears click OK to continue If you...

Page 90: ...tton close the browser or disconnect the link during this process To open this page Click System Management Firmware Upgrade in the navigation tree Proceed as needed To upgrade from a firmware file on your computer Click the Browse button and select the extracted file Click Firmware Upgrade Right Now After several minutes the Rebooting message appears Wait about a minute for the browser to refresh...

Page 91: ...e file on your computer Then perform the firmware upgrade as described above Restarting the Router If you need to restart the router Cisco recommends that you use the Restart tool on this page When you restart from the System Management Restart page the router will send out your log file if logging is enabled before it is reset To open this page Click System Management Restart in the navigation tr...

Page 92: ... the future if the Startup configuration file fails for any reason then the Mirror configuration file is used NOTE The router automatically copies the startup configuration to the mirror configuration after 24 hours of running in stable condition no reboot and no configuration changes within a 24 hour period To open this page Click System Management Backup and Restore in the navigation tree You ca...

Page 93: ...he settings STEP 1 Click Backup Startup Configuration or Backup Mirror Configuration STEP 2 When the File Download window appears click Save and then choose a file location Optionally you can enter a descriptive filename Then click Save TIP The default filenames are Startup config and Mirror config It may be helpful to enter a filename that includes the current date and time for easier identificat...

Page 94: ...file click the button Copy Startup to Mirror Click this button to replace the mirror file with the startup file The copy operation is performed immediately with no option to cancel When the operation is finished the browser page refreshes Copy Mirror to Startup Click this button to replace the startup file with the mirror file The copy operation is performed immediately with no option to cancel Af...

Page 95: ...ufficient for most small businesses but you can use the Port Management Port Setup page to customize these settings if needed You can disable a port or customize its priority speed duplex mode and auto negotiation settings You also can enable port based VLANs to control traffic between devices on your network To open this page Click Port Management Port Setup in the navigation tree NOTE Before nav...

Page 96: ...ault setting is Normal Speed If you want to adjust this setting first uncheck the Enable box in the Auto Neg column to disable auto negotiation Then select the port speed 10M or 100M Duplex If you want to set the duplex mode first uncheck the Enable box in the Auto Neg column to disable auto negotiation Select the duplex mode Half or Full Auto Neg Check the Enable box to allow the router to auto n...

Page 97: ...anagement Port Status in the navigation tree From the Port ID list choose a port You can click Refresh to update the data Summary For the selected port the Summary table displays the following Type The port type Interface The interface type LAN or WAN Link Status The status of the connection Port Activity The status of the port Speed Status The speed of the port 10 Mbps or 100 Mbps Duplex Status T...

Page 98: ...port the Statistics table displays the following Port Receive Packet Count The number of packets received Port Receive Packet Byte Count The number of packet bytes received Port Transmit Packet Count The number of packets transmitted Port Transmit Packet Byte Count The number of packet bytes transmitted Port Packet Error Count The number of packet errors ...

Page 99: ...s Rules page 104 Configuring Firewall Access Rules page 103 Using Content Filters to Control Internet Access page110 Configuring the General Firewall Settings The default firewall settings should be sufficient for most small businesses However you can use the Firewall General page to disable the firewall or to specify the types of attacks that you want to block You also can restrict potentially ri...

Page 100: ... your password you can return to this page to resume this procedure SPI Stateful Packet Inspection When enabled this feature allows the router to review the information that passes through the firewall It inspects all packets based on the established connection prior to passing the packets for processing through a higher protocol layer This feature can be enabled only when the firewall is enabled ...

Page 101: ... from the Internet to pass through the firewall to the LAN Restrict Web Features Java Check the box if you want to block Java applets at the firewall Java is a common programming language for websites If you deny Java applets you run the risk of losing access to Internet sites created with this programming language As a compromise you can check this box to block Java on untrusted or unknown sites ...

Page 102: ...s below By default access to HTTP proxy servers is not blocked Don t block Java ActiveX Cookies Proxy to Trusted Domains If you blocked any of the web features you can check this box to allow these features for the domains that you enter on the trusted list This area of the page is available only if you checked one of the other boxes to disable a web feature If you leave the box unchecked then the...

Page 103: ...to activate or deactivate each access rule for specified days and times To open this page Click Firewall Access Rules in the navigation tree NOTE Before navigating away from this page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned Refer to these topics About Access Rules page103 Managing Access Rules page 104 Configuring Access Rules page 106 About ...

Page 104: ...and you can set the priority for each custom rule Click the IPv4 tab to set rules for traffic with IPv4 addressing or click the IPv6 tab to set rules for traffic with IPv6 addressing Note The IPv6 tab is available only if you enabled Dual Stack IP on the Network Setup page NOTE As an alternative to this procedure you can use the Access Rule Wizard For more information see Chapter 11 Wizard If you ...

Page 105: ...ted by this rule Source Interface The source interface that is affected by this rule Source The IP address for the source of the traffic or Any Destination The IP address for the destination of the traffic or Any Time A specific time interval when the access rule is active or Always Day Specific days when the access rule is active or Always Add or edit rules as needed To add a rule Click Add New R...

Page 106: ...Choose the action that the rule performs to Allow or Deny access Service Choose the service that is affected by this rule If you need to add a service click Service Management For more information see Adding a service page108 Log To include events for this rule in the log click Log packets match this rule Otherwise click Not log This setting is applicable when logging is enabled For more informati...

Page 107: ...r for the subnet ANY This rule applies to any IP address Schedule IPv4 Only Keep the default settings or specify a schedule when this rule is active Time Choose one of the following options Always Choose this option if the rule applies at all times and on all days of the week Optionally you can enter a time period in the From and To fields Interval Choose this option to specify the time period whe...

Page 108: ...date entries as needed Before closing this window click OK to save your settings or click Cancel to undo them Any unsaved changes are abandoned To add a service to the list Enter the following information and then click Add to List You can have up to 30 services in the list Service Name Enter a short description Protocol Choose the required protocol Refer to the documentation for the service that ...

Page 109: ...d then click Update If you do not need to make changes you can click Add New to de select the service and clear the text fields To delete a service from the list Click the entry that you want to delete To select a block of entries click the first entry hold down the Shift key and click the final entry in the block To select individual entries hold down the Ctrl key while clicking Click Delete ...

Page 110: ...to save your settings or click Cancel to undo them Any unsaved changes are abandoned You can block access to specified domains or to block a wider range of sites block access to URLs containing specified keywords You also can specify the days and hours when these filters are active This page includes these sections Forbidden Domains page 111 Website Blocking by Keywords page 111 Schedule page112 N...

Page 111: ... the entry that you want to modify Make the changes and then click Update If you do not need to make changes you can click Add New to de select the entry and clear the text field To delete an entry from the list Click the entry that you want to delete Then click Delete Website Blocking by Keywords Check the Enable Website Blocking By Keywords box to allow the router to block access to URLs that in...

Page 112: ...cify the time period when the rule is active If you choose this option you must enter a time period in the From and To fields Optionally you can specify the days of the week From and To If you chose Interval use these fields to specify the times and days when the rule is active Enter the start time in the From field and enter end time in the To field Use hh mm format such as 15 30 for 3 30 p m Ent...

Page 113: ...r to these topics Getting Started with Cisco ProtectLink Web page 113 Specifying the Global Settings for Approved URLs and Clients page115 Updating the ProtectLink License page120 NOTE For more information about this Cisco product visit the Cisco ProtectLink Web information page at www cisco com en US products ps9953 index html Getting Started with Cisco ProtectLink Web You can purchase register a...

Page 114: ...ation Key and provide the required information Close the web page when you complete this process The activation code will appear on the screen and will be sent to the email address that you provided Use the Activation Code AC to activate ProtectLink services Click this link if you registered the product and received an activation code When the activation page appears enter your activation code and...

Page 115: ...navigation tree NOTE This page is available only if you activated your Cisco ProtectLink Web service See Getting Started with Cisco ProtectLink Web page113 You can specify approved URLs that the users are always able to access You also can specify approved clients who are not subject to the restrictions that you configure in Web Protection To add an entry to the Approved URLs table or the Approved...

Page 116: ...on between entries such as www cisco com www google com www mycompany com All pages in the specified domains will be accessible Click Save to save your changes or click Cancel to undo them If you entered any invalid characters a message appears Click OK to close the message and edit your entries Spaces commas and symbols are not allowed To delete an entry Click the Delete icon Approved Clients Con...

Page 117: ...ated your Cisco ProtectLink Web service See Getting Started with Cisco ProtectLink Web page 113 Before navigating away from this page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned Web Protection Enable URL Filtering Check this box to block access to websites based on pre defined categories Uncheck the box to disable this service Enable Web Reputati...

Page 118: ...urs You can ignore the Leisure Hours check boxes To view sub categories under a category click the plus sign To block access for all sub categories within a category check the box for the category To disable filtering for a category uncheck the box To block access for individual sub categories check the individual boxes To disable filtering for a sub category uncheck each box Instances Blocked For...

Page 119: ... Times To use the same settings all day keep the default setting All day 24 hours To specify the hours when your business is open click Specify business hours Check the Morning box and select the From and To times Then check the Afternoon box and select the From and To times During the selected periods the Business Hours filters apply During all other periods the Leisure Hours filters apply Web Re...

Page 120: ...the requests can be processed This is the default setting Temporarily bypass URL verification for requested URLs Select this option to allow all overflow requests to go through without verification This setting is not recommended Updating the ProtectLink License Use the Cisco ProtectLink Web License page to view your license information or to renew your license To open this page Click ProtectLink ...

Page 121: ...on online click this link Your web browser opens the ProtectLink Product Detail page You can close that page when you finish reading the information Status The status of your license Activated or Expired Platform The platform type Gateway Service License expires on The date and time your license when the license expires one year after the service was activated Renew For information about renewing ...

Page 122: ...on to VPNs A VPN is a connection between two endpoints in different networks to allow private data to be sent securely over a shared or public network such as the Internet This tunnel establishes a private network that can send data securely between these two locations or networks A VPN tunnel uses industry standard encryption and authentication techniques to secure the data sent between the two n...

Page 123: ... to Gateway page to configure the VPN tunnel For instructions see Setting Up a Gateway to Gateway Site to Site VPN page130 For more details and examples see Appendix D Configuring a Gateway to Gateway VPN Tunnel Between RV0xx Series Routers Remote Access Client To Gateway In a remote access or client to gateway VPN a computer with VPN client software connects to a VPN router For this scenario you ...

Page 124: ...with her office s VPN settings She accesses the VPN client software and connects to the VPN router at the central office Using the VPN she now has a secure connection to the central office s network as if she were physically connected Configuration tasks 1 Use the VPN Client to Gateway page to configure the VPN tunnel with the settings required by the third party client such as TheGreenbow For ins...

Page 125: ... on the users computers To get the software go to www cisco com go software Enter the router s model number in the search box and then click Find In the list of links click Quick Virtual Private Network QVPN Utility After downloading the software on the computer double click Setup exe to start the installation 4 If you generated certificates copy the certificate to the directory where Cisco QuickV...

Page 126: ...mation about PPTP clients appears on the VPN PPTP Server page For more information see Setting Up PPTP Server page150 To open this page Click VPN Summary in the navigation tree Summary Tunnel s Used The number of VPN tunnels in use Tunnels Available The number of available VPN tunnels Detail Click Detail for more information Click Refresh to update the data or click Close to return to the VPN Summ...

Page 127: ...the IPSec section then only the Encryption type and Authentication method appear Local Group The IP address and subnet mask of the Local Group Remote Group The IP address and subnet mask of the Remote Group Remote Gateway The IP address of the Remote Gateway Tunnel Test Click Connect to verify the status of the VPN tunnel The test result will be updated in the Status column If the tunnel is connec...

Page 128: ...n type NULL DES 3DES AES 128 AES 192 AES 256 Authentication method NULL MD5 SHA1 and DH Group number 1 2 5 as configured in the IPSec Setup section Local Group The IP address and subnet mask of the Local Group Remote Client The remote clients in the group VPN Remote Clients Status The status of the remote clients Online or Offline Click Detail List to open the Group List window This window display...

Page 129: ...PN client established its VPN connection to the router End Time The time when the VPN client ended its VPN connection to the router Duration The period of time that the VPN connection has been active Disconnect Click this button to disconnect any VPN client Navigation controls If you have numerous rules you can adjust the display Use the Rows per page list at the top right corner of the table to c...

Page 130: ...le if the Site A LAN uses the 192 168 1 x subnet Site B could use 192 168 2 x You will enter corresponding settings reversing local and remote when configuring the two routers When you configure this router Router A enter its settings in the Local Group Setup section and enter the settings for the other router Router B in the Remote Group Setup section When you configure the other router Router B ...

Page 131: ...el Interface Select the WAN port to use for this tunnel Enable Check this box to enable the VPN tunnel or uncheck it to disable the tunnel By default the tunnel is enabled Local Group Setup and Remote Group Setup Enter the settings described below The Local settings are for this router and the Remote settings are for the router on the other end of the tunnel Mirror these settings when configuring ...

Page 132: ... not know the IP address of the remote VPN router select IP by DNS Resolved and then enter the real domain name of the router on the Internet Cisco RV082 will get the IP address of remote VPN device by DNS Resolved and the IP address of remote VPN device will be displayed in the VPN Status section of the VPN Summary page IP E mail Addr USER FQDN Authentication Choose this option if this router has...

Page 133: ... mask IP Range Choose this option to specify a range of devices that can use the VPN tunnel Then identify the range of IP addresses by entering the first address in the Begin IP field and the final address in the End IP field IPSec Setup Enter the Internet Protocol Security settings for this tunnel IMPORTANT In order for any encryption to occur the two ends of a VPN tunnel must agree on the method...

Page 134: ...setting determines the length of the key used to encrypt or decrypt ESP packets DES is 56 bit encryption and 3DES is 168 bit encryption 3DES is recommended because it is more secure Authentication Select a method of authentication MD5 or SHA1 The authentication method determines how the ESP packets are validated MD5 is a one way hashing algorithm that produces a 128 bit digest SHA1 is a one way ha...

Page 135: ...tication for this phase MD5 or SHA1 The authentication method determines how the ESP Encapsulating Security Payload Protocol header packets are validated MD5 is a one way hashing algorithm that produces a 128 bit digest SHA1 is a one way hashing algorithm that produces a 160 bit digest SHA1 is recommended because it is more secure Make sure that both ends of the VPN tunnel use the same authenticat...

Page 136: ...SA negotiation are possible Main Mode and Aggressive Mode If network security is preferred Main Mode is recommended If network speed is preferred Aggressive Mode is recommended You can adjust this setting if the Remote Security Gateway Type is IP Only or one of the IP types Check this box to enable Aggressive Mode or uncheck the box to disable Aggressive Mode and use Main Mode NOTE If the Remote S...

Page 137: ... enables users with private LAN addresses to access Internet resources by using a publicly routable IP address as the source address However for inbound traffic the NAT gateway has no automatic method of translating the public IP address to a particular destination on the private LAN This issue prevents successful IPsec exchanges If your VPN router is behind a NAT gateway check this box to enable ...

Page 138: ...another DNS server based on specified domain names When the router receives an address resolution request from client it inspects the domain name If it matches one of the domain names in the Split DNS settings then it passes the request to the specified DNS server Otherwise the request is passed to the DNS server that is specified in the WAN interface settings Check the box to enable this feature ...

Page 139: ...or information about third party clients see application notes by visiting www cisco com go smallbizrouters see the Technical Documentation section To open this page Click VPN Client to Gateway in the navigation tree Alternatively you can click the Add Tunnel button on the VPN Summary page in the Tunnel Status section Then choose Client to Gateway 199469 Outside 209 165 200 226 DNS Server WINS Ser...

Page 140: ... a group VPN you could identify the group s business role or location This description is for your reference and does not have to match the name used at the other end of the tunnel Interface Select the appropriate WAN port Enable Check this box to enable a group VPN Local Group Setup Enter the following information about this router Local Security Gateway Type Specify the method for identifying th...

Page 141: ...the range of IP addresses by entering the first address in the Begin IP field and the final address in the End IP field Domain Name If you chose to use domain name authentication enter the domain name Email If you chose to use email authentication enter the email address Remote Client Setup for Single User Tunnel Type Specify the method for identifying the client to establish the VPN tunnel The fo...

Page 142: ...ddress of remote VPN client by DNS Resolved and IP address of remote VPN device will be displayed in the VPN Status section of the Summary page Dynamic IP Domain Name FQDN Authentication Choose this option if this client has a dynamic IP address and a registered Dynamic DNS hostname available from providers such as DynDNS com Enter the Domain Name to use for authentication The domain name can be u...

Page 143: ...eshared Key page 144 and Advanced settings for IKE with Preshared Key page 145 Required fields for Manual mode Enter the settings for manual mode Incoming Outgoing SPI The Security Parameter Index is carried in the ESP Encapsulating Security Payload Protocol header and enables the receiver and sender to select the security association under which a packet should be processed You can enter hexadeci...

Page 144: ...Group 1 768 bits Group 2 1 024 bits and Group 5 1 536 bits For faster speed but lower security choose Group 1 For slower speed but higher security choose Group 5 Group 1 is selected by default Phase 1 Phase 2 Encryption Select a method of encryption for this phase DES 3DES AES 128 AES 192 or AES 256 The method determines the length of the key used to encrypt or decrypt ESP packets AES 256 is recom...

Page 145: ...ymbols such as Advanced settings for IKE with Preshared Key When the Keying Mode is set to IKE with Preshared Key mode advanced settings are available For most users the basic settings should suffice advanced users can click Advanced to view the advanced settings To hide these settings click Advanced Aggressive Mode available for Tunnel not Group VPN Two modes of IKE SA negotiation are possible Ma...

Page 146: ...s networking to identify resources such as computers printers and file servers These messages are required by some software applications and Windows features such as Network Neighborhood LAN broadcast traffic is typically not forwarded over a VPN tunnel However you can check this box to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast to the other end Dead Peer Detection DPD a...

Page 147: ...howing their status The Router supports up to 50 Cisco QuickVPN Clients NOTE QuickVPN Client 1 4 0 5 or later supports Windows 7 XP Vista Firewall must be enabled on Vista and Windows 7 QuickVPN users must have the administrator rights to the PC A user can connect without a certificate installed on the PC The user will see a security warning when connecting to the VPN tunnel but can proceed withou...

Page 148: ...Check the box to make the new user active To add another new user Enter the information and then click Add to list To modify a user in the list Click the entry that you want to modify The information appears in the text fields Make the changes and then click Update If you do not need to make changes you can click Add New to de select the entry and clear the text fields To delete a user from the li...

Page 149: ...curity warning when connecting to the VPN tunnel but can proceed without this extra security protection Import Certificate To restore a previously saved administrator certificate click Browse locate the file and click Open Then click Import When the confirmation message appears click OK to replace the existing certificate with the specified file Click Cancel to close the message without importing ...

Page 150: ...hrough Layer 2 Tunneling Protocol is the method used to enable Point to Point sessions via the Internet on the Layer 2 level L2TP Passthrough is enabled by default Setting Up PPTP Server Use the VPN PPTP Server page to enable up to five PPTP Point to Point Tunneling Protocol VPN tunnels for users who are running PPTP client software on Windows XP or 2000 PPTP clients are included by default in Mic...

Page 151: ...N tunnels Uncheck the box to disable this feature It is disabled by default After you check the box additional fields appear IP Address Range Enter the range of LAN address to assign to the PPTP VPN clients Enter the first address in the Range Start field and enter the final address in the Range End field The default range is 192 168 1 200 to 92 168 1 204 NOTE The LAN IP address range for PPTP VPN...

Page 152: ...he entry and clear the text fields To delete a user from the list Click the entry that you want to delete To select a block of entries click the first entry hold down the Shift key and click the final entry in the block To select individual entries hold down the Ctrl key while clicking Click Delete Connection List The following read only information appears You can click Refresh to update the data...

Page 153: ...ts page153 Viewing the System Log page 157 Setting Up the System Log and Alerts Use the Log System Log page to configure logs and alerts and to view the log tables To open this page Click Log System Log in the navigation tree NOTE Before navigating away from this page click Save to save your settings or click Cancel to undo them Any unsaved changes are abandoned This page has the following section...

Page 154: ...e the router to send email alerts when events are logged Enable E Mail Alert Check this box to enable the router to send email alerts to the specified email address Uncheck the box to disable this feature Mail Server Enter the IP address or name of your ISP s SMTP server NOTE Your ISP may require that you identify your router by entering a host name on the Setup Network page Send Email to Enter th...

Page 155: ...purpose of causing the target computer to crash Unauthorized Login Attempt Someone tried to log in to the router configuration utility without providing the correct username or password Output Blocking Event There was an event in ProtectLink web reputation or URL filtering General Log These events include actions that are performed to enforce configured policies as well as routine events such as a...

Page 156: ...ndow Log entries include the date and time of the event the event type and a message The message specifies the type of policy such as Access Rule the LAN IP address of the source SRC and the MAC address Outgoing Log Table Click this button to view the outgoing packet information The information appears in a new window In the Outgoing Log Table window you can click Refresh to update the data When y...

Page 157: ...h port the following statistics are listed Device Name The port ID such as eth0 eth1 eth2 and so on Status The port status Depending on the interface type the status may be Connected Disconnected Enabled or Disabled IP Address The IP address of the interface MAC Address The MAC of the connected device Subnet Mask The subnet mask Default Gateway The default gateway DNS The DNS server for DNS name r...

Page 158: ...ived through this interface Sent Bytes The number of bytes sent through this interface Total Bytes The total number of bytes sent and received through this interface Error Packets Received The number of error packets received through this interface Dropped Packets Received The number of received packets that were dropped due to issues such as error checksum ...

Page 159: ...asic Setup Wizard to change the number of WAN ports or set up the router for your Internet connection s Run the Access Rule Setup Wizard to set up the security policy for the router To open this page Click Wizard in the navigation tree Alternatively click Setup Wizard on the System Summary page This page includes the following sections Basic Setup page 160 Access Rule Setup page160 ...

Page 160: ...sic Setup Wizard Follow the on screen instructions to proceed Refer to the information from your ISP to enter the required settings for your connection Access Rule Setup Use the Access Rule Setup Wizard to create firewall access rules Click Launch Now to run the Access Rule Setup Wizard The wizard provides information about the router s default rules to help you get started Follow the on screen in...

Page 161: ...for associated clients it sends the next DTIM with a DTIM Interval value Its clients hear the beacons and awaken to receive the broadcast and multicast messages dynamic routing Dynamic routing enables the router to adjust automatically to physical changes in the network s layout Using the dynamic RIP protocol the router calculates the most efficient route for the network s data packets to travel b...

Page 162: ...t The largest packet that can be sent over the network Network Address Translation NAT Network Address Translation NAT is a technique that allows several endpoints on a LAN to share an Internet connection In this scenario the computers on the LAN use a private IP address range while the WAN port on the router is configured with a single public IP address The router translates the internal private ...

Page 163: ...eas where many client devices are associating with the wireless device or in areas where the clients are far apart and can detect only the access point but not other clients Although a low threshold value consumes more bandwidth and reduces the throughput of the packet frequent RTS packets can help the network to recover from interference or collisions Routing Information Protocol RIP This protoco...

Page 164: ...owing Some ISPs require static routes to build your routing table instead of using dynamic routing protocols You can use static routes to reach peer routers that do not support dynamic routing protocols If the router is connected to more than one network or there are multiple routers installed on your network it may be necessary to set up static routes to enable traffic between them You can use st...

Page 165: ... If the Diag status light continues to flash the firmware image is damaged Use the TFTP utility to upgrade the firmware You can download the TFTP utility at www cisco com Your computer cannot connect to the Internet Follow these instructions until your computer can connect to the Internet Make sure that the router is powered on The System status light should be green and not flashing If the System...

Page 166: ... use the router Connect the telephone line to the DSL modem insert the setup CD into your computer and then follow the on screen instructions The router does not have a coaxial port for the cable connection The router does not replace your modem You still need your cable modem in order to use the router Connect your cable connection to the cable modem insert the setup CD into your computer and the...

Page 167: ...ll QuickVPN Client 1 4 0 5 or later which supports Windows 7 The router supports up to 50 Cisco QuickVPN clients free of charge If the router you have only supports up to ten clients then upgrade its firmware You can create a VPN tunnel between a computer using VPN client software and a VPN router The following is an example of a computer to VPN router VPN In her hotel room a traveling businesswom...

Page 168: ...o the directory where the QuickVPN program is installed Example C Program Files Cisco Small Business QuickVPN Client NOTE QuickVPN can be used without a certificate installed on the PC The user will see a security warning but can use QuickVPN without this added security Using the Cisco QuickVPN Software NOTE Optionally an SSL certificate can be installed on the PC for extra security if this certif...

Page 169: ...ormation click Help STEP 4 To begin your QuickVPN connection click Connect The connection s progress is displayed in this order Connecting Provisioning Activating Policy and Verifying Network STEP 5 When your QuickVPN connection is established the QuickVPN tray icon turns green and the QuickVPN Status page appears The page displays the IP address of the remote end of the VPN tunnel the time and da...

Page 170: ...up your RV0xx Series router Note the shared settings that you need to configure on your other router Both devices must use a common key or certificate and must have the same security policies set up Refer to these topics Overview page 1 Topology Options page170 Other Design Considerations page173 Configuring a VPN Tunnel on a Cisco RV0xx Series Router page175 Topology Options Before you configure ...

Page 171: ...ple two branch offices spokes have site to site VPN tunnels to the main office hub The traffic typically is between a remote site and the main office Inter site traffic must pass through the hub first and then out to a spoke Figure1 Hub and Spoke This topology is a simple way to allow all branch employees to access the main network It works well if most traffic is from the remote sites to the main...

Page 172: ... two sites Figure 2 Mesh This topology requires much more configuration on each router However it works well in a complicated network with data traveling between multiple sites Because all devices have direct peer relationships with one another this design prevents the bottlenecks that can occur with a hub and spoke topology This design also ensures that if one site is down the other sites can con...

Page 173: ...tatic IP address is a publicly routable Internet address that does not change In this scenario establishing a VPN tunnel can be compared to building a bridge between two docks two sites with static IP addresses or even setting a gangplank between a dock and an unanchored boat one site with a static IP address and one with a dynamic IP address Figure 3 Gateway To Gateway Tunnel with Static IP Addre...

Page 174: ...P Address Free Dynamic DNS accounts are available through many providers Examples are listed below http dyn com dyndns http update ods org http www dhs org http www 3322 org http www no ip com LAN Setup The LAN setup pertains to the network that your router connects to inside your office It should not be necessary to make any changes in your LAN setup unless both sites have the same addressing The...

Page 175: ...amples and start the web based configuration utility STEP 2 Click VPN Gateway to Gateway in the navigation tree STEP 3 Enter the following information about the tunnel Tunnel Name Enter a name for your reference This name will be used on the VPN Summary page Interface Select the appropriate Interface WAN1 or WAN2 Note The Enable check box is unavailable until after you save the configuration STEP ...

Page 176: ...t you configure the other router with the same preshared key STEP 8 If you need more detailed settings click Advanced Otherwise click Save Note Advanced settings can be used to enable features such as dead peer detection NAT traversal split DNS and NetBIOS broadcast messages STEP 9 At the remote site Site B set up the router with the corresponding settings where Site B is the local gateway and Sit...

Page 177: ...Setup Remote Security Gateway Type IP Only IP Address 209 165 200 238 Remote Security Group Type Subnet IP Address 192 168 2 0 Subnet Mask 255 255 255 0 IPSec Setup Keying Mode IKE with Preshared Key Phase 1 Encryption DES Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy Enabled Phase 2 DH Group Group 1 768 bit Phase 2 Encryption DES Phase 2 Authentication MD5 Phase 2 ...

Page 178: ...dvanced Default settings Field Values Local Group Setup Local Security Gateway Type IP Only IP Address Automatically detected 209 165 200 238 Local Security Group Type Subnet IP Address 192 168 2 0 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only IP Address 203 165 200 226 Remote Security Group Type Subnet IP Address 192 168 1 0 Subnet Mask 255 255 255 0 IPSec Setu...

Page 179: ...ngs on the Site A Router Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy Enabled Phase 2 DH Group Group 1 768 bit Phase 2 Encryption DES Phase 2 Authentication MD5 Phase 2 SA Life Time 3600 Preshared Key 13572468 123456789 Minimum Preshared Key Complexity Enabled Advanced Default settings Field Value Local Group Setup Local Security Gateway Type IP Only IP Address Aut...

Page 180: ...ask 255 255 255 0 Remote Group Setup Remote Security Gateway Type Dynamic IP Domain Name FQDN Authentication Domain Name cisco com Remote Security Group Type Subnet IP Address 192 168 2 0 Subnet Mask 255 255 255 0 IPSec Setup Keying Mode IKE with Preshared Key Phase 1 Encryption DES Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy Enabled Phase 2 DH Group Group 1 768 b...

Page 181: ...13572468 123456789 Minimum Preshared Key Complexity Enabled Advanced Default settings Field Values Local Group Setup Local Security Gateway Type Dynamic IP Domain Name FQDN Authentication Domain Name cisco com Local Security Group Type Subnet IP Address 192 168 2 0 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only IP Address 203 165 200 226 Remote Security Group Typ...

Page 182: ...uide 182 D IPSec Setup Keying Mode IKE with Preshared Key Phase 1 Encryption DES Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy Enabled Phase 2 DH Group Group 1 768 bit Phase 2 Encryption DES Phase 2 Authentication MD5 Phase 2 SA Life Time 3600 Preshared Key 13572468 123456789 Minimum Preshared Key Complexity Enabled Advanced Default settings Field Values ...

Page 183: ...idate the data To resolve this issue NAT traversal appends a new IP and UDP header to the incoming datagram ensuring that no changes are made to the incoming datagram stream In the following scenario Router A initiates IKE negotiation while Router B is the responder RV016 RV042 RV016 RV042 199787 WAN 192 168 11 101 Router A Initiator LAN 192 168 1 0 24 WAN 192 168 111 101 NAT 1 LAN 192 168 11 1 WA...

Page 184: ...pe select IP Only The WAN IP address of Router A will be automatically detected For the Local Security Group Type select Subnet Enter Router A s local network settings in the IP Address and Subnet Mask fields STEP 7 For the Remote Security Gateway Type select IP Only Enter Router B s WAN IP address in the IP Address field STEP 8 For the Remote Security Group Type select Subnet Enter Router B s loc...

Page 185: ...l be automatically detected For the Local Security Group Type select Subnet Enter Router B s local network settings in the IP Address and Subnet Mask fields STEP 7 For the Remote Security Gateway Type select IP Only Enter the WAN IP address of the NAT 2 router in the IP Address field STEP 8 For the Remote Security Group Type select Subnet Enter Router A s local network settings in the IP Address a...

Page 186: ...d out the ports used for Vonage VoIP service STEP 2 Access the router s configuration utility STEP 3 Click the System Management tab STEP 4 On the Bandwidth Management page click Service Management STEP 5 On the Service Management page enter a name such as Vonage VoIP in the Service Name field STEP 6 From the Protocol drop down menu select the protocol the VoIP service uses For example some VoIP d...

Page 187: ... or range you need to control To include all internal IP addresses keep the default value c From the Direction drop down menu select Upstream for outbound traffic d In the Min Rate field enter the minimum rate for the guaranteed bandwidth For example you can set a minimum rate of 40 kbit sec e In the Max Rate field enter the maximum rate for the maximum bandwidth For example you can set a maximum ...

Page 188: ... example you can set a minimum rate of 40 kbit sec e In the Max Rate field enter the maximum rate for the maximum bandwidth For example you can set a maximum rate of 80 kbit sec f Select Enable to enable this rule g After you have set up the rule click Add to list STEP 4 Set up a downstream rule for Vonage 2 a Select Vonage 2 from the Service drop down menu b Enter the IP address or range you need...

Page 189: ...output rate of 12V DC 1 0A at minimum Specifications Model Cisco RV042 Standards IEEE 802 3 802 3u Ports 4 10 100 RJ 45 ports 1 10 100 RJ 45 Internet port 1 10 100 RJ 45 DMZ Internet port Button Reset Cabling Type Category 5 Ethernet Status Lights LEDs System Internet DMZ Internet DMZ Mode Diag 1 to 4 Operating System Linux Performance NAT Throughput 100 Mbps IPSec Throughput 59 Mbps Security Fire...

Page 190: ...y Dynamic DNS DynDNS 3322 NAT Many to One One to One DMZ DMZ port DMZ host Routing Static and RIP v1 v2 QoS Port based QoS Configurable per LAN port Service based QoS Supports rate control or priority Rate Control Upstream downstream bandwidth can be configured per service Priority Each service can be mapped to one of the 3 priority levels VPN IPSec 50 IPSec tunnels for branch office connectivity ...

Page 191: ... 32 to 104 F Storage Temp 0 to 70 C 32 to 158 F Operating Humidity 10 to 85 noncondensing Storage Humidity 5 to 90 noncondensing RV042G NOTE This product RV042G is intended to be supplied by a Listed or Class 2 Power Unit which has an output rate of 12V DC 1 0A at minimum Specifications Model Cisco RV042G Standards IEEE 802 3 802 3u Ports 4 10 100 1000 RJ 45 ports 1 10 100 1000 RJ 45 Internet port...

Page 192: ... Web service is not available on this model Network Dual WANs Can be configured for Smartlink backup or load balance Protocol Binding Protocols can be bound to particular WAN port under load balancing DHCP DHCP Server DHCP Client DNS DNS Proxy Dynamic DNS DynDNS 3322 NAT Many to One One to One DMZ DMZ port DMZ host Routing Static and RIP v1 v2 QoS Port based QoS Configurable per LAN port Service b...

Page 193: ...ion MD5 SHA1 IPSec NAT T Supported for gateway to gateway and client to gateway tunnels VPN Passthrough PPTP L2TP IPSec Management Web Based HTTPS SNMP Supports SNMP v1 and v2c Log Syslog Email Alert Environmental Dimensions 5 12 x 1 52 x 7 87 in W x H x D 130 x 38 5 x 200 mm Unit Weight 1 27 lb 0 576 kg Power 12V 1A Certifications FCC Class B CE Class B Operating Temp 0 to 40 C 32 to 104 F Storag...

Page 194: ...res SPI Firewall DES 3DES and AES encryption for IPSec VPN Tunnel Operating System Linux Performance NAT Throughput 200 Mbps IPSec Throughput 97 Mbps Security Firewall SPI Firewall DoS Prevention Block various Denial of Service attacks Access Rules Up to 50 entries Port Forwarding Up to 30 entries Port Triggering Up to 30 entries Blocking Java Cookies ActiveX HTTP Proxy URL Filtering Static list b...

Page 195: ...or priority Rate Control Upstream downstream bandwidth can be configured per service Priority Each service can be mapped to one of the 3 priority levels VPN IPSec 100 IPSec tunnels for branch office connectivity QuickVPN 50 QuickVPN users for remote client access PPTP Built in PPTP server supporting 5 PPTP clients Encryption DES 3DES AES 128 AES 192 AES 256 Authentication MD5 SHA1 IKE Support Inte...

Page 196: ...C 32 to 104 F Storage Temp 0 to 70 C 32 to 158 F Operating Humidity 10 to 85 noncondensing Storage Humidity 5 to 90 noncondensing Cisco RV016 Specifications Model Cisco RV016 10 100 16 port VPN router Standards IEEE 802 3 802 3u Ports 16 10 100 RJ 45 ports including 2 Internet ports 1 DMZ port 8 LAN ports and 5 Configurable Internet LAN ports Button Reset Cabling Type Category 5 Ethernet Status Li...

Page 197: ...ertain WAN ports can be dedicated to specified IP ranges and services WAN Type DHCP Static IP PPPoE PPTP Dynamic DNS Protocol Binding Protocols can be bound to particular WAN port DHCP DHCP Server DHCP Client DNS DNS Proxy Dynamic DNS DynDNS 3322 NAT Many to One One to One DMZ DMZ port DMZ host Routing Static and RIP v1 v2 QoS Port based QoS Configurable per LAN port Service based QoS Supports rat...

Page 198: ...y tunnels Dead Peer Detection Support for DPD VPN Passthrough PPTP L2TP IPSec Management Web Based HTTPS SNMP Supports SNMP v1 and v2c Log Syslog Email Alert VPN Tunnels Status Monitor Environmental Dimensions 11 00 x 1 75 x 9 50 in W x H x D 279 4 x 44 45 x 241 3 mm Unit Weight 3 25 lb 1 475 kg Power AC 100 240V 50 to 60 Hz Certifications FCC Class B CE Class A Operating Temp 0 to 40 C 32 to 104 ...

Page 199: ... Support Community www cisco com go smallbizsupport Cisco Small Business Support and Resources www cisco com go smallbizhelp Cisco Small Business Firmware Downloads www cisco com go software Product Documentation Cisco Small Business Routers Documentation www cisco com go smallbizrouters Cisco Small Business Cisco Partner Central for Small Business Partner Login Required www cisco com web partners...

Reviews:

No comments

Related manuals for RV016 - Small Business - 10/100 VPN Router

Brand: D-Link Pages: 13

Brand: Panasonic Pages: 18

Brand: A-Link Pages: 6

S5120V3-EI Series

Brand: H3C Pages: 54

Brand: H3C Pages: 116

Brand: Paradyne Pages: 45

Brand: Conceptronic Pages: 230

Brand: WaiLan Pages: 27

Brand: bintec elmeg Pages: 33

Protege PRT-PX16-PCB

Brand: ICT Pages: 34

ADSL 2/2+ VPN Firewall Router ADE-4300A/B

Brand: Planet Pages: 132

Brand: Macsense Pages: 13

Brand: BEC Pages: 159

Brand: Solwise Pages: 7

Brand: Hunter Pages: 2

Brand: EXAGATE Pages: 7

Brand: ZyXEL Communications Pages: 348

Brand: Neousys Technology Pages: 39

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands