background image

Chapter 4

Advanced Configuration

41

10/100 8-Port VPN Router

Remote Security Group Type > IP

IP address 

Enter the appropriate IP address.

Subnet
The default is 

Subnet

. All computers on the remote subnet 

will be able to access the tunnel. 

Remote Security Group Type > Subnet

IP address 

Enter the IP address.

Subnet  Mask 

Enter  the  subnet  mask.  The  default  is 

255.255.255.0

.

IP Range
Specify a range of IP addresses within a subnet that will be 

able to access the tunnel.

Remote Security Group Type > IP Range

IP range 

Enter the range of IP addresses.

IPSec Setup

In  order  for  any  encryption  to  occur,  the  two  ends  of  a 

VPN  tunnel  must  agree  on  the  methods  of  encryption, 

decryption,  and  authentication. This  is  done  by  sharing 

a key to the encryption code. For key management, the 

default mode is 

IKE with Preshared Key

Keying Mode 

Select 

IKE with Preshared Key

 or 

Manual

Both ends of a VPN tunnel must use the same mode of 

key management. After you have selected the mode, the 

settings available on this screen may change, depending 

on the selection you have made. Follow the instructions 

for the mode you want to use.

IKE with Preshared Key

IKE is an Internet Key Exchange protocol used to negotiate 

key  material  for  Security  Association  (SA).  IKE  uses  the 

Preshared Key to authenticate the remote IKE peer.

Phase 1 DH Group 

Phase 1 is used to create the SA. DH 

(Diffie-Hellman) is a key exchange protocol used during 

Phase  1  of  the  authentication  process  to  establish  pre-

shared  keys.  There  are  three  groups  of  different  prime 

key lengths. Group 1 is 768 bits, and Group 2 is 1,024 bits. 

Group 5 is 1,536 bits. If network speed is preferred, select 

Group 1

. If network security is preferred, select 

Group 5

Phase  1  Encryption 

Select  a  method  of  encryption: 

DES 

(56-bit), 

3DES

 (168-bit), 

AES-128

 (128-bit), 

AES-192

 

(192-bit),  or 

AES-256

  (256-bit). The  method  determines 

the  length  of  the  key  used  to  encrypt  or  decrypt  ESP 

packets.  AES-256  is  recommended  because  it  is  more 

secure.  Make  sure  both  ends  of  the VPN  tunnel  use  the 

same encryption method.

Phase  1  Authentication 

Select  a  method  of 

authentication, 

MD5

 or 

SHA

. The authentication method 

determines  how  the  ESP  packets  are  validated.  MD5  is 

a  one-way  hashing  algorithm  that  produces  a  128-bit 

digest. SHA is a one-way hashing algorithm that produces 

a 160-bit digest. SHA is recommended because it is more 

secure.  Make  sure  both  ends  of  the VPN  tunnel  use  the 

same authentication method.

Phase 1 SA Life Time 

Configure the length of time a VPN 

tunnel  is  active  in  Phase  1.  The  default  value  is 

28800 

seconds.

Perfect Forward Secrecy 

If the Perfect Forward Secrecy 

(PFS)  feature  is  enabled,  IKE  Phase  2  negotiation  will 

generate  new  key  material  for  IP  traffic  encryption  and 

authentication,  so  hackers  using  brute  force  to  break 

encryption  keys  will  not  be  able  to  obtain  future  IPSec 

keys.

Phase 2 DH Group 

If the Perfect Forward Secrecy feature 

is disabled, then no new keys will be generated, so you do 

not need to set the Phase 2 DH Group (the key for Phase 2 

will match the key in Phase 1). 
There  are  three  groups  of  different  prime  key  lengths. 

Group 1 is 768 bits, and Group 2 is 1,024 bits. Group 5 is 

1,536 bits. If network speed is preferred, select 

Group 1

If  network  security  is  preferred,  select 

Group  5

. You  do 

not  have  to  use  the  same  DH  Group  that  you  used  for  

Phase 1.

Phase  2  Encryption 

Phase  2  is  used  to  create  one  or 

more IPSec SAs, which are then used to key IPSec sessions. 

Select a method of encryption: 

NULL

DES 

(56-bit), 

3DES

 

(168-bit), 

AES-128

 (128-bit), 

AES-192

 (192-bit), or 

AES-256

 

(256-bit).  It  determines  the  length  of  the  key  used  to 

encrypt or decrypt ESP packets. AES-256 is recommended 

because  it  is  more  secure.  Both  ends  of  the VPN  tunnel 

must use the same Phase 2 Encryption setting.

Phase  2  Authentication 

Select  a  method  of 

authentication, 

NULL

MD5

,  or 

SHA

. The  authentication 

method  determines  how  the  ESP  packets  are  validated. 

MD5  is  a  one-way  hashing  algorithm  that  produces  a 

128-bit digest. SHA is a one-way hashing algorithm that 

produces a 160-bit digest. SHA is recommended because 

it is more secure. Both ends of the VPN tunnel must use 

the same Phase 2 Authentication setting.

Phase 2 SA Life Time 

Configure the length of time a VPN 

tunnel is active in Phase 2. The default is 

3600

 seconds.

Summary of Contents for QuickVPN - PC

Page 1: ...USER GUIDE BUSINESS SERIES 10 100 8 Port VPN Router Model RV082 ...

Page 2: ...ebsite addresses in this document are listed without http in front of the address because most current web browsers do not require it If you use an older web browser you may have to add http in front of the web address Resource Website Linksys www linksys com Linksys International www linksys com international Glossary www linksys com glossary Network Security www linksys com security Copyright an...

Page 3: ...tion 4 Horizontal Placement 4 Wall Mount Placement 4 Rack Mount Placement 5 Cable Connections 5 Chapter 4 Advanced Configuration 7 Overview 7 How to Access the Web Based Utility 7 System Summary 7 System Information 8 Configuration 8 Port Statistics 8 Network Setting Status 9 Firewall Setting Status 9 VPN Setting Status 9 Log Setting Status 9 Setup Network 10 Network 10 Setup Password 14 Password ...

Page 4: ...9 Diagnostic 29 System Management Factory Default 29 Factory Default 30 System Management Firmware Upgrade 30 Firmware Upgrade 30 Restart 30 System Management Setting Backup 30 Import Configuration File 31 Export Configuration File 31 Port Management Port Setup 31 Basic Per Port Config 31 Port Management Port Status 31 Port Status 32 Firewall General 32 General 32 Firewall Access Rules 33 Access R...

Page 5: ...2000 XP orVista 61 Introduction 61 Computer using VPN client software to VPN Router 61 Linksys QuickVPN Instructions 61 Router Configuration 61 Export a Client Certificate from the Router 61 Add VPN Client Users 62 Linksys QuickVPN Client Installation and Configuration 62 Install from the CD ROM 62 Download from the Internet 63 Install the Client Certificate 63 Use of the Linksys QuickVPN Software...

Page 6: ...Router B 71 Configuration of Scenario 2 72 Configuration of the One to One NAT Rules 72 Configuration of Router B 73 Configuration of Router A 73 Appendix E Bandwidth Management 75 Overview 75 Creation of New Services 75 Creation of New Bandwidth Management Rules 76 Appendix F Firmware Upgrade 77 Overview 77 How to Access the Web Based Utility 77 Upgrade the Firmware 77 Alternative Firmware Upgrad...

Page 7: ...edule 2 88 GNU GENERAL PUBLIC LICENSE 88 END OF SCHEDULE 2 91 Schedule 3 91 GNU LESSER GENERAL PUBLIC LICENSE 92 END OF SCHEDULE 3 96 Schedule 4 96 OpenSSL License 97 Original SSLeay License 97 END OF SCHEDULE 4 98 Appendix K Regulatory Information 99 FCC Statement 99 Safety Notices 99 Battery Recycling Statement 99 Industry Canada Statement 99 Avis d Industrie Canada 99 User Information for Consu...

Page 8: ...vate dedicated leased line for a private network It can be used to create secure networks linking a central office with branch offices telecommuters and or professionals on the road There are two basic ways to create a VPN connection VPN Router to VPN Router computer using VPN client software to VPN Router TheVPN Router creates a tunnel or channel between two endpoints so that data transmissions b...

Page 9: ...with her office s VPN settings She accesses the VPN client software and connects to the VPN Router at the central office As VPNs use the Internet distance is not a factor Using theVPN the businesswoman now has a secure connection to the central office s network as if she were physically connected Internet Central Office Off Site Notebook with VPN Client Software VPN Router Computer to VPN Router F...

Page 10: ...ernet network devices DMZ Internet WAN2 This port can be used in one of two ways a second Internet port or DMZ port When used as an additional Internet port it connects to a cable or DSL modem When used as a DMZ port it connects to a switch or public server Internet WAN1 This port connects to a cable or DSL modem Reset The Reset button can be used for a warm reset or a reset to factory defaults Wa...

Page 11: ... two slots is 94 mm 3 70 inches Two screws are needed to mount the Router Suggested Mounting Hardware 3 3 8 mm 5 6 mm 1 6 2 mm Note Mounting hardware illustrations are not true to scale NOTE Linksys is not responsible for damages incurred by insecure wall mounting hardware Follow these instructions Determine where you want to mount the Router Make 1 sure that the wall you use is smooth flat dry an...

Page 12: ...rent protection and supply wiring Appropriate consideration of equipment nameplate ratings should be used when addressing this concern Reliable Earthing Reliable earthing of rack mounted equipment should be maintained Particular attention should be given to supply connections other than direct connections to the branch circuit e g use of power strips To rack mount the Router in any standard 19 inc...

Page 13: ...ch as a modem or public server Connect to the Internet Port Power on the cable or DSL modem If you have a 4 network device connected to the DMZ Internet port power on the network device Connect the included power cord to the Router s 5 Power port and then plug the power cord into an electrical outlet Connect the Power The System LED on the front panel will light up as soon 6 as the power adapter i...

Page 14: ... Management feature on the Firewall General screen has been enabled then users with administrative privileges can remotely access the web based utility Use http WAN IP address of the Router or use https WAN IP address of the Router if you have enabled the HTTPS feature A login screen prompts you for your User name and 2 Password Enter admin in the User name field and enter admin in the Password fi...

Page 15: ...se a license to use this service click Go buy YouwillberedirectedtoalistofLinksysresellersonthe Linksys website Then follow the on screen instructions Register If you already have a license click Register You will be redirected to the Trend Micro ProtectLink Gateway website Then follow the on screen instructions NOTE To have your e mail checked you will need to provide the domain name and IP addre...

Page 16: ... It shows the DDNS settings of the Router s WAN port s and hyperlinks to the Setup DDNS screen DMZ Host It shows the DMZ private IP address and hyperlinks to the Setup DMZ Host screen The default is Disabled Firewall Setting Status SPI Stateful Packet Inspection It shows the status On Off of the SPI setting and hyperlinks to the Firewall General screen DoS Denial of Service It shows the status On ...

Page 17: ...ess of the Router is displayed Device IP Address and Subnet Mask The default values are 192 168 1 1 for the Router s local IP address and 255 255 255 0 for the subnet mask Multiple Subnet You can add more Class C networks to expand the network Select this option to enable the Multiple Subnet feature Then click Add Edit to create or modify subnet s A new screen appears Create or Modify a Subnet LAN...

Page 18: ...ance The DMZ setting allows one network PC to be exposed to the Internet to use special purpose services such as Internet gaming or videoconferencing WAN ConnectionType Configure the settings for the WAN or DMZ ports WAN1 2 These are the available connection types Obtain an IP automatically Static IP PPPoE PPTP Transparent Bridge and Heart Beat Signal Depending on which connection type you select ...

Page 19: ... connection will be disconnected after a specified period of inactivity Max Idle Time If you have been disconnected due to inactivity Connect on Demand enables the Router to automatically re establish your connection as soon as you attempt to access the Internet again Enter the number of minutes you want to have elapsed before your Internet access disconnects The default Max Idle Time is 5 minutes...

Page 20: ...ve indefinitely even when it sits idle The default Redial Period is 30 seconds MTU The Maximum Transmission Unit MTU setting specifies the largest packet size permitted for network transmission In most cases keep the default Auto To specify the MTU select Manual and then enter the maximum MTU size Click Save Settings to save your changes or click Cancel Changes to undo them Transparent Bridge To c...

Page 21: ...tings to save your changes or click Cancel Changes to undo them DMZ Range Range If Range is selected the DMZ port and the WAN port will be in the same subnet To specify a range select this option and configure the following IP Range for DMZ port Enter the starting and ending IP addresses Click Save Settings to save your changes or click Cancel Changes to undo them Setup Password The Router s defau...

Page 22: ... Seconds Enter the time Month Day Year Enter the date Click Save Settings to save your changes or click Cancel Changes to undo them Setup DMZ Host The DMZ Demilitarized Zone Host feature allows one local user to be exposed to the Internet for use of a special purpose service such as Internet gaming or videoconferencing Although Port Range Forwarding can only forward ten ranges of ports maximum DMZ...

Page 23: ...rt Range Enter its range ClickAddtoList ClickSaveSettingstosaveyourchanges or click Cancel Changes to undo them Click Exit to return to the Forwarding screen If you want to modify a service you have created select it and click Update this service Make changes Click Save Settings to save your changes or click Cancel Changes to undo them Click Exit to return to the Forwarding screen If you want to d...

Page 24: ... Service Select the Service you want Name or IP Address Enter the name or IP address of the server that you want the Internet users to access Enable Select Enable to enable this UPnP entry If the Service you need is not listed in the menu click Service Management to add the new service The Service Management screen appears Service Management Service Name Enter a name Protocol Select the protocol i...

Page 25: ...nal IP addresses NOTE The Router s WAN IP address should not be included in the range you specify Setup One to One NAT One to One NAT One to One NAT Select Enable to use the One to One NAT function Add Range Private Range Begin Enter the starting IP address of the internal IP address range This is the IP address of the first device that can be accessed from the Internet Public Range Begin Enter th...

Page 26: ...you have enabled the Dual WAN feature then you will have two ports WAN1 and WAN2 available for DDNS service DDNS Service The DDNS feature is disabled by default To enable this feature select DynDNS org 3322 org or Oray net PeanutHull DDNS DynDNS org Setup DDNS DynDNS org User name Enter your DynDNS org account information Password Enter your DynDNS org account information Host Name Enter your host...

Page 27: ...our host name were myhouse oray net then myhouse would go into the first field oray would go into the second field and net would go into the last field Click Save Settings and the status of the DDNS function will be updated Internet IP Address The Router s current Internet IP address is displayed Because it is dynamic this will change Status The status of the DDNS function is displayed If the stat...

Page 28: ... should be 0 Subnet Mask Enter the subnet mask used on the destination LAN IP domain For Class C IP domains the subnet mask is 255 255 255 0 Default Gateway Enter the IP address of the router of the network for which this static route is created For example if this network is connected to the local router s LAN port through another router use the WAN IP address of that router Hop Count Enter the a...

Page 29: ... 168 1 1 then the starting value must be 192 168 1 2 or greater DHCP Relay The DHCP Relay mechanism allows DHCP clients and the DHCP server to be located on different networks The DHCP clients will send DHCP discover broadcast packets to get IP addresses from the DHCP server and the Router will act as a DHCP Relay agent and send DHCP unicast packets to DHCP server To use the DHCP Relay function se...

Page 30: ... the Router uses two methods First when the DHCP clients receive dynamic IP addresses from the Router it automatically includes the information of the WINS server to supportNetBIOS Second ifausersetsupastatic IP address then the IP address subnet mask default gateway and DNS server settings must be configured on the Internet Protocol TCP IP screen of the Windows operating system Then the WINS IP a...

Page 31: ... will not be able to configure the Dual WAN settings Dual WAN Smart Link Backup Load Balance If you want to use one of the WAN ports as the primary port and the other WAN port as backup then select Smart Link Backup If you want the Router to automatically manage the Internet connection through both WAN ports then select Load Balance The Router will automatically compute the ratio of the bandwidths...

Page 32: ... the Router will try to reconnect if the connection fails Retry Timeout Enter the number of times the Router will try to make a connection to your ISP before it times out When Fail Should the connection not be reestablished set the Router to perform one of the following actions Remove the Connection or Generate the Error Condition in the System Log Network Service Detection can test this connectio...

Page 33: ...ck Save Settings to save your changes or click Cancel Changes to undo them System Management Bandwidth Management Quality of Service QoS features let you control how the Router manages network traffic With Bandwidth Management Layer 3 the Router can provide better service to selected types of network traffic There are two types of functionality available and only one type can workatonetime RateCon...

Page 34: ...ernal IP addresses keep the default 0 Direction Select Upstream for outbound traffic or select Downstream for inbound traffic Min Rate Enter the minimum rate for the guaranteed bandwidth Max Rate Enter the maximum rate for the maximum bandwidth Enable Select Enable to use this Rate Control rule Click Add to List and configure as many rules as you would like up to a maximum of 100 To delete a rule ...

Page 35: ...cted To change a rule click Edit To update the list click Refresh To return to the Bandwidth Management screen click Close OntheBandwidthManagementscreen clickSaveSettings to save your changes or click Cancel Changes to undo them System Management SNMP SNMP or Simple Network Management Protocol is a network protocol that provides network administrators with the ability to monitor the status of the...

Page 36: ...NS Name Lookup or Ping Then proceed to the appropriate instructions DNS Name Lookup Before using this tool make sure the IP address of the DNS server is entered on the Setup Network screen otherwise this tool will not work System Management Diagnostic DNS Name Lookup Look up the name Enter the host name and click Go Do not add the prefix http or else you will get an error message The Router will t...

Page 37: ...ebsite appears Followtheon screeninstructionstoaccesstheDownloads page for the 10 100 8 Port VPN Router model number RV082 Then download the firmware upgrade file Extractthefileonyourcomputer ThenfollowtheFirmware Upgrade instructions System Management Restart If you need to restart the Router Linksys recommends that you use the Restart tool on this screen When you restart from the Restart screen ...

Page 38: ...ach local port such as priority speed and duplex You can also enable or disable the auto negotiation feature for all ports Port Management Port Setup Basic Per Port Config The Basic Per Port Config table displays the following Port ID The port number or name is displayed Interface The port s interface type LAN or WAN1 2 is displayed Disable To disable a port select Disable Priority For port based ...

Page 39: ...o update the on screen information click Refresh Firewall General Enable or disable a variety of firewall security and web features Firewall General General Firewall The firewall is enabled by default If you disable it then the SPI DoS and Block WAN Request features Access Rules and Content Filters will also be disabled and the Remote Management feature will be enabled SPI Stateful Packet Inspecti...

Page 40: ...HTTP Proxy Servers Use of WAN proxy servers may compromise the Router s security If you block access to HTTP proxy servers then you block access to WAN proxy servers To block access select Access to HTTP Proxy Servers Don t block Java ActiveX Cookies Proxy to Trusted Domains To keep trusted sites unblocked select this option Add Enter the domain you want to block To add a domain to the list click ...

Page 41: ...nterface LAN or WAN1 2 is displayed Source The specific Source is displayed Destination The specific Destination is displayed Time The time interval to which the access rule applies is displayed Day The days to which the access rule applies is displayed Click Edit to edit an access rule or click the Trash Can icon to delete an access rule Click Add New Rule to add new access rules and the Add a Ne...

Page 42: ...t can be any IP address select Any If it is one IP address select Single and enter the IP address If it is a range of IP addresses select Range and enter the starting and ending IP addresses in the fields provided Scheduling Apply this rule Decide when you want the access rule to be enforced To specify days of the week select 24 Hr and then select the appropriate days To specify specific hours sel...

Page 43: ...ber of Connected Tunnels Phase 2 Encrypt Auth Group Local Group and Remote Client will be displayed Click Close to exit this screen and return to the Summary screen Tunnel Status Add New Tunnel Click Add New Tunnel to add a VPN tunnel The Mode Choose screen appears Mode Choose Gateway to Gateway To create a tunnel between two VPN devices such as two VPN Routers click Add Now The Gateway to Gateway...

Page 44: ...Connected Tunnels This shows the number of users logged into the group VPN Phase2 Enc Auth Grp This shows the Phase 2 Encryption type NULL DES 3DES AES 128 AES 192 AES 256 Authentication method NULL MD5 SHA1 and DH Group number 1 2 5 that you chose in the IPSec Setup section Local Group This shows the IP address and subnet mask of the Local Group Remote Client This shows the remote clients in the ...

Page 45: ...y the device with a specific IP address will be able to access the tunnel Local Security Gateway Type IP Only IP address TheWAN or Internet IP address of the Router automatically appears IP Domain Name FQDN Authentication The IP address and FQDN must match the Remote Security Gateway of the remote VPN device and they can only be used for one tunnel connection Local Security Gateway Type IP Domain ...

Page 46: ...P is 192 168 1 0 Subnet The default is Subnet All computers on the local subnet will be able to access the tunnel Local Security Group Type Subnet IP address Enter the IP address The default is 192 168 1 0 Subnet Mask Enter the subnet mask The default is 255 255 255 0 IP Range Specify a range of IP addresses within a subnet that will be able to access the tunnel Local Security Group Type IP Range ...

Page 47: ...f the remote VPN device but you do know its domain name Then enter the remote VPN device s domain name on the Internet The Router will retrieve the IP address of the remoteVPN device via its public DNS records E mail address Enter the e mail address as an ID Dynamic IP Domain Name FQDN Authentication The Local Security Gateway will be a dynamic IP address so you do not need to enter the IP address...

Page 48: ...ase 1 Authentication Select a method of authentication MD5 or SHA The authentication method determines how the ESP packets are validated MD5 is a one way hashing algorithm that produces a 128 bit digest SHA is a one way hashing algorithm that produces a 160 bit digest SHA is recommended because it is more secure Make sure both ends of the VPN tunnel use the same authentication method Phase 1 SA Li...

Page 49: ...y of hexadecimal values If DES is selected the Encryption Key is 16 bit which requires16hexadecimalvalues Ifyoudonotenterenough hexadecimal values then the rest of the Encryption Key will be automatically completed with zeroes so the Encryption Key will be 16 bit If 3DES is selected the Encryption Key is 48 bit which requires 40 hexadecimal values If you do not enter enough hexadecimal values then...

Page 50: ...will disconnect the tunnel so the connection can be re established Specify the interval between HELLO ACK messages how often you want the messages to be sent DPD is enabled by default and the default interval is 10 seconds Tunnel Backup The VPN Tunnel Backup mechanism is designed to provide a robustVPN connection This feature must be used with the DPD feature enabled on both of the VPN endpoint de...

Page 51: ...FQDN Authentication or Dynamic IP E mail Addr USER FQDN Authentication Follow the instructions for the type you want to use NOTE The Local Security Gateway Type you select should match the Remote Security GatewayType selected on theVPN device at the other end of the tunnel IP Only The default is IP Only Only the device with a specific IP address will be able to access the tunnel Local Security Gat...

Page 52: ...ubnet The default is Subnet All computers on the local subnet will be able to access the tunnel Local Security Group Type Subnet IP address Enter the IP address The default is 192 168 1 0 Subnet Mask Enter the subnet mask The default is 255 255 255 0 IP Range Specify a range of IP addresses within a subnet that will be able to access the tunnel Local Security Group Type IP Range IP range Enter the...

Page 53: ...ent Dynamic IP Domain Name FQDN Authentication DomainName Enterthedomainnameforauthentication Once used you cannot use it again to create a new tunnel connection Dynamic IP E mail Addr USER FQDN Authentication The Remote Security Gateway will be a dynamic IP address so you do not need to enter the IP address When the remote computer requests to create a tunnel with the Router the Router will work ...

Page 54: ...Preshared Key Keying Mode Select IKE with Preshared Key or Manual Both ends of a VPN tunnel must use the same mode of key management After you have selected the mode the settings available on this screen may change depending on the selection you have made Follow the instructions for the mode you want to use Manual mode is available for VPN tunnels only not group VPNs IKE with Preshared Key IKE is ...

Page 55: ...anagement is used in small static environments or for troubleshooting purposes Keying Mode Manual Tunnel Only Incoming and Outgoing SPI Security Parameter Index SPI is carried in the ESP Encapsulating Security Payload Protocol header and enables the receiver and sender to select the SA under which a packet should be processed Hexadecimal values is acceptable and the valid range is 100 ffffffff Eac...

Page 56: ...ith the use of AH as the security protocol protection is extended forward into the IP header to verify the integrity of the entire packet by use ofportionsoftheoriginalIPheaderinthehashingprocess Select this option to use this feature Then select MD5 or SHA1 MD5 produces a 128 bit digest to authenticate packetdata SHAproducesa160 bitdigesttoauthenticate packet data Both sides of the tunnel should ...

Page 57: ...tificate for the client must be placed in the install directory of the QuickVPN client software To save the certificate as a file click Export for Client Then follow the on screen instructions By default the certificate file is named RV082_ MMDD _ HHMM _ Client pem which you can rename MMDD stands for month and day HHMM stands for hours and minutes Follow the on screen instructions to save the fil...

Page 58: ... range of the Router Users Setting The Router uses this information to identify authorized PPTP VPN clients User Name Enter a name for the PPTP VPN client New Password Enter a password for the PPTP VPN client Confirm New Password Re enter the password Click Add to List and configure as many entries as you would like up to a maximum of five To delete an entry select it and click Delete selected use...

Page 59: ...og will be e mailed to you The default is 10 minutes so unless you change this setting the Router will e mail the log to you every 10 minutes The Router will e mail the log every time the Log Queue Length or Log Time Threshold is reached Click E mail Log Now to immediately send the log to the address in the Send E mail to field Log Setting Alert Log Syn Flooding Select this option if you want Syn ...

Page 60: ...d To update the on screen click Refresh To exit the Outgoing Log Table screen and return to the Log System Log screen click Close Incoming LogTable To view the incoming log information click this option Incoming Log Table Time The time of each log event is displayed You can sort each log by time sequence Event Type The type of log event is displayed Message The message associated with each log eve...

Page 61: ...ternet Service Provider ISP may require you 3 to use a host and domain name for your Internet connection If your ISP requires them complete the Host Name and Domain Name fields otherwise leave these blank Click Next to continue Click Previous if you want to return to the previous screen Click Exit if you want to exit the Setup Wizard Host and Domain Name Select the WAN or Internet Connection Type ...

Page 62: ...t one Click Next to continue and proceed to step 6 Click Previous if you want to return to the previous screen Click Exit if you want to exit the Setup Wizard Obtain an IP Automatically Static IP Complete the Static IP Subnet Mask and Default Gateway fields with the settings provided by your ISP Click Next to continue Click Previous if you want to return to the previous screen Click Exit if you wa...

Page 63: ...t is 5 minutes If you select the Keep alive option the Router will keep the connection alive by sending out a few data packets periodically so your ISP thinks that the connection is still active This option keeps your connection active indefinitely even when it sits idle The default Redial Period is 30 seconds The default Keepalive Interval is 30 seconds The default Keepalive Retry Times is 5 time...

Page 64: ...he Access Rule Setup Wizard This screen explains the Access Rules including the 2 Router s Default Rules Click Next to continue Click Exit if you want to exit the Setup Wizard Access Rules Policy From the drop down menu select 3 Allow or Deny depending on the intent of the Access Rule Click Next to continue Click Previous if you want to return to the previous screen Click Exit if you want to exit ...

Page 65: ...ess select Single and enter the IP address If it is a range of IP addresses select Range and enter the range of IP addresses Click Next to continue Click Previous if you want to return to the previous screen Click Exit if you want to exit the Setup Wizard Select the Destination Decide when you want this Access Rule to be enforced 7 Select Always if you want the Access Rule to be always enforced or...

Page 66: ...irewall Access Rules screen will appear Support Access a variety of resources on the Support page of the Linksys website www linksys com You must have an active Internet connection before you can visit the Linksys website Support Manual If you want the latest version of this User Guide click On Line Manual The Support page of the Linksys website appears Followtheon screeninstructionstoaccesstheDow...

Page 67: ...System LED should be green and not flashing If the System LED is flashing then power off all of your network devices including the modem Router and computers Then power on each device in the following order Cable or DSL modem 1 Router 2 Computer 3 Check the cable connections The computer should be connected to one of the ports numbered 1 4 on the Router and the modem must be connected to the Inter...

Page 68: ...l Office Off Site Notebook with VPN Client Software VPN Router Computer to VPN Router Linksys QuickVPN Instructions This appendix has two sections The first section explains how to do the following for each QuickVPN client using the Router s web based utility Export a client certificate 1 Configure a user name and password 2 Add the QuickVPN client to the list 3 The second section explains how to ...

Page 69: ...LAN IP address is the default 192 168 1 1 then a pop up window will appear when you first save these settings You will be asked if you want the Router to automatically change its LAN IP address to prevent conflicting IP addresses To allow the Router to change its LAN IP address click Yes If there is an IP address conflict the QuickVPN client will not be able to connect to the Router Linksys QuickV...

Page 70: ...nstalled on the computer License Agreement Copying Files Installation Complete Click 10 Finish to complete the installation Proceed to the section Install the Client Certificate Install the Client Certificate For each QuickVPN client save the client certificate to the directory where the QuickVPN program is installed Example C Program Files Linksys QuickVPN Client NOTE The certificate for the clie...

Page 71: ...us screen appears The screen displays the IP address of the remote end of the VPN tunnel the time and date theVPN tunnel began and the total length of time the VPN tunnel has been active QuickVPN Tray Icon Connection QuickVPN Status To terminate the VPN tunnel click Disconnect To change your password click Change Password For information click Help If you clicked Change Password and have permissio...

Page 72: ...ec VPN Tunnel Remote Gateway Using Static IP NOTE Each computer must have a network adapter installed Configuration of the RVL200 Follow these instructions for the first VPN Router designated RVL200 The other VPN Router is designated the RV082 Launch the web browser for a networked computer 1 designated PC 1 Access the web based utility of the RVL200 Refer to 2 the User Guide of the RVL200 for det...

Page 73: ...dress B B B B of the RV082 will be automatically detected For the Local Security GroupType select Subnet Enter the RV082 s local network settings in the IPAddressand Subnet Mask fields RV082 VPN Settings For the Remote Security Gateway Type select 9 IP Only Enter the RVL200 s WAN IP address in the IP Address field For the Remote Security Group Type select 10 Subnet Enter the RVL200 s local network...

Page 74: ... Only The WAN IP address A A A A of the RVL200 will be automatically detected For the Local Security GroupType select Subnet Enter the RVL200 s local network settings in the IP Address and Subnet Mask fields RVL200 IPSec VPN Settings For the Remote Security Gateway Type select 8 IP Only Then select IP by DNS Resolved Enter the RV082 s domain name in the field provided For the Remote Security Group...

Page 75: ... correctly Configuration when Both Gateways Use Dynamic IP Addresses ThisexampleassumesbothGatewaysareusingdynamicIP addresses If the Remote Gateway uses a static IP address refer to Configuration when the Remote Gateway Uses a Static IP Address If only the Remote Gateway uses a dynamic IP address refer to Configuration when the Remote Gateway Uses a Dynamic IP Address RVL200 Dynamic IP A A A A wi...

Page 76: ...to Gateway tab Enter a name in the 5 Tunnel Name field Select the appropriate Interface 6 WAN1 or WAN2 Select 7 Enable For the Local Security Gateway Type select 8 IP Only The WAN IP address B B B B of the RV082 will be automatically detected For the Local Security GroupType select Subnet Enter the RV082 s local network settings in the IPAddressand Subnet Mask fields RV082 VPN Settings For the Rem...

Page 77: ...PSec VPN Routers model number RVL200 one of which is connected to the Internet Two 10 100 8 Port VPN Routers model number RV082 one of which is connected to the Internet Configuration of Scenario 1 In this scenario Router A is the RVL200 Initiator while Router B is the RVL200 Responder 192 168 2 100 192 168 1 101 WAN 192 168 99 22 Router B RVL200 Responder LAN 192 168 2 0 24 WAN 192 168 99 11 NAT ...

Page 78: ...llow these instructions for Router B Launch the web browser for a networked computer 1 designated PC 2 Access the web based utility of Router B Refer to the 2 User Guide of the RVL200 for details Click the 3 IPSec VPN tab Click the 4 Gateway to Gateway tab Enter a name in the 5 Tunnel Name field For the VPN Tunnel setting select 6 Enable For the Local Security Gateway Type select 7 IP Only The WAN...

Page 79: ...168 11 101 Follow these instructions for the one to one NAT rule on NAT 1 RV082 Launch the web browser for a networked computer 1 Access the web based utility of NAT 1 RV082 Refer to 2 Chapter 4 Advanced Configuration for details Click the 3 Setup tab Configuration of Scenario 2 In this scenario Router B is the RVL200 Initiator while Router A is the RVL200 Responder Router B will have the Remote S...

Page 80: ...ields For the Remote Security Gateway Type select 8 IP Only Enter 192 168 99 1 in the IP Address field Router B s IPSec VPN Settings For the Remote Security Group Type select 9 Subnet Enter Router A s local network settings in the IP Address and Subnet Mask fields In the IPSec Setup section select the appropriate 10 encryption authentication andotherkeymanagement settings In the 11 Preshared Key f...

Page 81: ...twork settings in the IP Address and Subnet Mask fields In the IPSec Setup section select the appropriate 10 encryption authentication andotherkeymanagement settings In the 11 Preshared Key field enter a string for this key for example 13572468 If you need more detailed settings click 12 Advanced Settings Otherwise click Save Settings ...

Page 82: ...t System Management Bandwidth Management On the 5 Service Management screen enter a name such as Vonage VoIP in the Service Name field Add Vonage VoIP Service From the 6 Protocol drop down menu select the protocol the VoIP service uses For example some VoIP devices use UDP Enter its SIP port range in the 7 Port Range fields For example you can set the Port Range to 5060 to 5070 to make sure that a...

Page 83: ... the 12 Max Rate field enter the maximum rate for the maximum bandwidth For example you can set a maximum rate of 80 kbit sec Select 13 Enable to enable this rule After you have set up the rule click 14 Add to list Set up a rule for Vonage 2 Select 15 Vonage 2 from the Service drop down menu Enter the IP address or range you need to control To 16 include all internal IP addresses keep the default ...

Page 84: ...ent Firmware Upgrade The Support page of the Linksys website appears 4 Follow the on screen instructions to access the Downloads page for the 10 100 8 Port VPN Router model number RV082 Download the firmware upgrade file 5 Extract the file on your computer 6 In the Firmware Upgrade section of the 7 Firmware Upgrade screen click the Browse button to locate the extracted file After you have selected...

Page 85: ...tract exe 7 file to an appropriate location on your computer Double click the 8 exe file In the 9 Router IP field enter the IP address of the Router Firmware Upgrade Utility Login In the 10 Password field enter the password for access to the Router Click 11 Next and then follow the on screen instructions ...

Page 86: ...ddress of the Router if you have enabled the HTTPS feature A login screen prompts you for your User name and 2 Password Enter admin in the User name field and enter admin in the Password field You can change the Password on the Setup Password screen Then click OK Login Screen How to Purchase Register or Activate the Service You can purchase register or activate the service using the System Summary...

Page 87: ...o use this service click this link You will be redirected to a list of Linksys resellers on the Linksys website Then follow the on screen instructions I have purchased ProtectLink Gateway and want to register it If you already have a license click this link You will be redirected to the Trend Micro ProtectLink Gateway website Then follow the on screen instructions NOTE To have your e mail checked ...

Page 88: ...s For morning hours select Morning and then select the appropriate From and To times For afternoon hours select Afternoon and then select the appropriate From and To times Web Reputation Select the appropriate security level High This level blocks a higher number of potentially malicious websites but also increases the risk of false positives A false positive is a website that can be trusted but s...

Page 89: ...e domain name and IP address of your e mail server If you do not know this information contact your ISP https us imhs trendmicro com linksys To set up e mail protection click this link You will be redirected to theTrend Micro ProtectLink Gateway website Then follow the on screen instructions ProtectLink License The license for the Trend Micro ProtectLink Gateway service Email Protection and Web Pr...

Page 90: ...rt VPN Router Appendix G Renew To renew your license click Renew Then follow the on screen instructions Add Seats Each seat allows an e mail account to use Email Protection To add seats to your license click Add Seats Then follow the on screen instructions ...

Page 91: ...ncing DHCP DHCP Server DHCP Client DHCP Relay DNS DNS Proxy Dynamic DNS DynDNS 3322 PeanutHull NAT Many to One One to One DMZ DMZ Port DMZ Host Routing Static and RIP v1 v2 QoS Port based QoS Configurable per LAN Port Service based QoS Supports Rate Control or Priority Rate Control Upstream Downstream Bandwidth can be Configured per Service Priority Each Service can be Mapped to One of the 3 Prior...

Page 92: ...Materials Authorization RMA number You are responsible for properly packaging and shipping your product to Linksys at your cost and risk You must include the RMA number and a copy of your dated proof of Appendix I Warranty Information Linksys warrants this Linksys hardware product against defects in materials and workmanship under normal use for the Warranty Period which begins on the date of purc...

Page 93: ...ada are responsible for all shipping and handling charges custom duties VAT and other associated taxes and charges Repairs or replacements not covered under this limited warranty will be subject to charge at Linksys then current rates Technical Support This limited warranty is neither a service nor a support contract Information about Linksys current technical support offerings and policies includ...

Page 94: ...ksys Software License Agreement THIS LICENSE AGREEMENT IS BETWEEN YOU AND CISCO LINKSYS LLC OR ONE OF ITS AFFILIATES CISCO SYSTEMS LINKSYS ASIA PTE LTD OR CISCO LINKSYS K K LINKSYS LICENSING THE SOFTWARE INSTEAD OF CISCO LINKSYS LLC BY DOWNLOADING OR INSTALLING THE SOFTWARE OR USING THE PRODUCT CONTAINING THE SOFTWARE YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT IFYOU DO NOT AGREETO ALL OFTHES...

Page 95: ... CD Linksys will mail to You a CD with such code for 9 99 plus the cost of shipping upon request Term and Termination You may terminate this License at any time by destroying all copies of the Software and documentation Your rights under this License will terminate immediately without notice from Linksys if You fail to comply with any provision of this Agreement Limited Warranty The warranty terms...

Page 96: ...y by software patents We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it clear that any patent must be licensed for everyone s free use or not licensed at all The precise terms and conditions for copying distribution and modification follow TERMS AND CONDITIONS FOR COPYI...

Page 97: ...f Sections 1 and 2 above on a medium customarily used for software interchange or Accompany it with the information you received as c totheoffertodistributecorrespondingsourcecode This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer in accord with Subsection b above The source code for a work means...

Page 98: ...ised 9 and or new versions of the General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms ...

Page 99: ...ng it And you must show them these terms so they know their rights We protect your rights with a two step method 1 we copyright the library and 2 we offer you this license which gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the library is modified by someone el...

Page 100: ... by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in a tool for writing it Whether that is true depends on what the Library does and what the program that uses the Library does You may copy and distrib...

Page 101: ...the Library and therefore falls outside the scope of this License However linking a work that uses the Library with the Library creates an executable that is a derivative of the Library because it contains portions of the Library rather than a work that uses the library The executableisthereforecoveredbythisLicense Section 6 states terms for distribution of such executables When a work that uses t...

Page 102: ...rms of the Sections above Give prominent notice with the combined library of b the fact that part of it is a work based on the Library and explaining where to find the accompanying uncombined form of the same work You may not copy modify sublicense link with or 8 distribute the Library except as expressly provided under this License Any attempt otherwise to copy modify sublicense link with or dist...

Page 103: ...ptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NOWARRANTY BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE 15 THERE IS NO WARRANTY FOR THE LIBRARY TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHENOTHERWISESTATEDINWRITINGTHECOPYRIGHT HOLDERS AND OR OTHER...

Page 104: ...F SUCH DAMAGE This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Original SSLeay License Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved This package is an SSL implementation written by Eric Young eay cryptsoft com The implementation was written so as to conform with Nets...

Page 105: ...SE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANYWAY OUT OFTHE USE OFTHIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Thelicenseanddistributiontermsforanypubliclyavailable version or derivative of this code cannot be changed i e this code cannot simpl...

Page 106: ...aution To reduce the risk of fire use only No 26 AWG or larger telecommunication line cord Do not use this product near water for example in a wet basement or near a swimming pool Avoid using this product during an electrical storm There may be a remote risk of electric shock from lightning WARNING This product contains lead known to the State of California to cause cancer and birth defects or oth...

Page 107: ...nice 2002 96 ES zakazuje aby zařízení označené tímto symbolem na produktu anebo na obalu bylo likvidováno s netříděným komunálním odpadem Tento symbol udává že daný produkt musí být likvidován odděleně od běžného komunálního odpadu Odpovídáte za likvidaci tohoto produktu a dalších elektrických a elektronických zařízení prostřednictvím určených sběrných míst stanovených vládou nebo místními úřady S...

Page 108: ...ίο αγοράσατε το προϊόν Français French Informations environnementales pour les clients de l Union européenne La directive européenne 2002 96 CE exige que l équipement sur lequel est apposé ce symbole sur le produit et ou son emballage ne soit pas jeté avec les autres ordures ménagères Ce symbole indique que le produit doit être éliminé dans un circuit distinct de celui pour les déchets des ménages...

Page 109: ...endezéseinek felszámolásához további részletes információra van szüksége kérjük lépjen kapcsolatba a helyi hatóságokkal a hulladékfeldolgozási szolgálattal vagy azzal üzlettel ahol a terméket vásárolta Nederlands Dutch Milieu informatie voor klanten in de Europese Unie DeEuropeseRichtlijn2002 96 ECschrijftvoordatapparatuurdie is voorzien van dit symbool op het product of de verpakking nietmagworde...

Page 110: ...e zabrániť prípadným negatívnym dopadom na životné prostredie a zdravie ľudí Ak máte záujem o podrobnejšie informácie o likvidácii starého zariadenia obráťte sa prosím na miestne orgány organizácie zaoberajúce sa likvidáciou odpadov alebo obchod v ktorom ste si produkt zakúpili Slovenčina Slovene Okoljske informacije za stranke v Evropski uniji Evropska direktiva 2002 96 EC prepoveduje odlaganje o...

Page 111: ... Website http www linksys com Support Site http www linksys com support FTP Site ftp linksys com Advice Line 800 546 5797 LINKSYS Support 800 326 7114 RMA Return Merchandise Authorization http www linksys com warranty NOTE Details on warranty and RMA issues can be found in the Warranty section of this Guide 8063010D JL ...

Reviews: