Linksys RV016 User Manual Download

Page: 1 / 127

A Division of Cisco Systems, Inc.

Model No.

WIRED

16-Port VPN Router

RV016

User Guide

10/100

Summary of Contents for RV016

Page 1: ...A Division of Cisco Systems Inc Model No WIRED 16 Port VPN Router RV016 User Guide 10 100 ...

Page 2: ...erms that are presented like this Also each figure diagram screenshot or other image is provided with a figure number and description like this Figure numbers and descriptions can also be found in the List of Figures section in the Table of Contents This exclamation point means there is a Caution or Warning and is something that could damage your property or the Router word definition This checkma...

Page 3: ...he Router 11 Overview 11 Connection Instructions 12 Chapter 5 Configuring the PCs 13 Overview 13 Configuring Windows 98 and Millennium PCs 13 Configuring Windows 2000 PCs 14 Configuring Windows XP PCs 14 Chapter 6 Setting up and Configuring the Router 16 Overview 16 How to Access the Web based Utility 19 System Summary Tab 19 Setup Tab Network 22 Setup Tab Password 25 Setup Tab Time 25 Setup Tab D...

Page 4: ...6 Firewall Tab Access Rules 47 Firewall Tab Content Filter 49 VPN Tab Summary 50 VPN Tab Gateway to Gateway 52 VPN Tab Client to Gateway 59 VPN Tab VPN Pass Through 68 Log Tab System Log 69 Log Tab System Statistics 71 Wizard Tab 72 Support Tab 81 Logout Tab 81 Appendix A Troubleshooting 82 Common Problems and Solutions 82 Frequently Asked Questions 93 Appendix B Upgrading Firmware 97 Appendix C F...

Page 5: ...ery Replacement 104 Replacing a Lithium Battery 104 Appendix F Windows Help 105 Appendix G Glossary 106 Appendix H Specifications 113 Appendix I Warranty Information 114 Appendix J Regulatory Information 115 Appendix K Contact Information 116 ...

Page 6: ...lly for Windows 98 and Me 13 Figure 5 3 Internet Protocol TCP IP for Windows 2000 14 Figure 5 4 Obtain an IP address automatically for Windows 2000 14 Figure 5 5 Internet Protocol TCP IP for Windows XP 15 Figure 5 6 Obtain an IP address automatically for Windows XP 15 Figure 6 1 Router s IP Address 19 Figure 6 2 Login Screen 19 Figure 6 3 System Summary 19 Figure 6 4 Site Map 20 Figure 6 5 Port In...

Page 7: ...etup 34 Figure 6 27 DHCP Status 36 Figure 6 28 Multi WAN Load Balance 37 Figure 6 29 Save New Mode 37 Figure 6 30 Intelligent Balancer Edit Load Balance 37 Figure 6 31 IP Group By Users 38 Figure 6 32 IP Group By Users Edit Load Balance 38 Figure 6 33 SNMP 40 Figure 6 34 DNS Name Lookup 41 Figure 6 35 Ping 41 Figure 6 36 Factory Default 42 Figure 6 37 Confirm Return to Factory Default Settings 42 ...

Page 8: ...way Type Dynamic IP Domain Name FQDN Authentication 53 Figure 6 56 Local Security Gateway Type Dynamic IP E mail Addr USER FQDN Authentication 53 Figure 6 57 Local Security Group Type IP 53 Figure 6 58 Local Security Group Type Subnet 53 Figure 6 59 Local Security Group Type IP Range 54 Figure 6 60 Remote Security Gateway Type IP Only 54 Figure 6 61 Remote Security Gateway Type IP Domain Name FQDN...

Page 9: ...Security Gateway Type Dynamic IP E mail Addr USER FQDN Authentication 61 Figure 6 77 Local Security Group Type IP 61 Figure 6 78 Local Security Group Type Subnet 61 Figure 6 79 Local Security Group Type IP Range 61 Figure 6 80 Remote Client for VPN Tunnel IP Only 62 Figure 6 81 Remote Client for VPN Tunnel IP Domain Name FQDN Authentication 62 Figure 6 82 Remote Client for VPN Tunnel IP E mail Add...

Page 10: ...Setup Wizard Change Number of WAN Ports 72 Figure 6 100 Change Number of WAN Ports 72 Figure 6 101 Save Settings 73 Figure 6 102 Basic Setup Wizard Edit Network Settings 73 Figure 6 103 Host and Domain Name 73 Figure 6 104 WAN Connection Type 74 Figure 6 105 Obtain an IP Automatically 74 Figure 6 106 Static IP 75 Figure 6 107 Static IP DNS Servers 75 Figure 6 108 PPPoE 76 Figure 6 109 PPPoE Connec...

Page 11: ...gure C 1 IP Configuration Screen 98 Figure C 2 MAC Address Adapter Address 98 Figure C 3 MAC Address Physical Address 99 Figure C 4 MAC Clone 99 Figure C 5 Edit MAC Clone 99 Figure D 1 Mounting Brackets 100 Figure D 2 Attaching the Brackets to the Router and Rack Mounting the Router 101 Figure D 3 Wall Mounting the Router 102 Figure D 4 Wall Mounting Hardware 103 ...

Page 12: ...ers to securely connect into your office network from off site Users connecting through a VPN tunnel are attached to your company s network with secure access to files e mail and your intranet just as if they were in the building You can also use the VPN capability to allow users on your small office network to securely connect out to a corporate network The 10 100 16 Port VPN Router can serve as ...

Page 13: ...b based Utility to set up the Router and configure its settings Appendix A Troubleshooting This appendix describes some problems and solutions as well as frequently asked questions regarding installation and use of the 10 100 16 Port VPN Router Appendix B Upgrading Firmware This appendix instructs you on how to upgrade the firmware on your Router if you should need to do so Appendix C Finding the ...

Page 14: ... appendix provides the technical specifications for the Router Appendix I Warranty Information This appendix supplies the warranty information for the Router Appendix J Regulatory Information This appendix supplies the regulatory information regarding the Router Appendix K Contact Information This appendix provides contact information for a variety of Linksys resources including Technical Support ...

Page 15: ...d until you disable it static IP addressing ensures that the device assigned it will always have that same IP address until you change it Static IP addresses are commonly used with network devices such as server PCs or print servers If you use the Router to share your cable or DSL Internet connection contact your ISP to find out if they have assigned a static IP address to your account If so you w...

Page 16: ...n e mails are sent to their destination or when you have to connect to your company s network when you are out on the road How is your data protected That is when a VPN can help VPNs are called Virtual Private Networks because they secure data moving outside of your network as if it were still within that network When data is sent out across the Internet from your computer it is always open to att...

Page 17: ...ferent servers around the world before reaching its final destination That s a long way to go for unsecured data and this is when a VPN serves its purpose What is a VPN A VPN or Virtual Private Network is a connection between two endpoints a VPN Router for instance in different networks that allows private data to be sent securely over a shared or public network such as the Internet This establish...

Page 18: ...s When he connects to his office s 10 100 16 Port VPN Router the two routers create a VPN tunnel encrypting and decrypting data As VPNs utilize the Internet distance is not a factor Using the VPN the telecommuter now has a secure connection to the central office s network as if his computer were physically connected Computer to VPN Router The following is an example of a computer to VPN Router VPN...

Page 19: ...LED is continuously lit the Router is connected to a device through the corresponding port 1 2 3 4 5 6 7 8 9 10 11 12 13 If the LED is flashing the Router is actively sending or receiving data over that port LAN Act LEDs 9 13 and Internet Act LEDs 3 7 represent the dual function ports which can be used as LAN or Internet ports These are LAN ports 9 13 white print or Internet ports 3 7 dark print o...

Page 20: ...can be used only as Internet ports When used as an additional Internet port it connects to a cable or DSL modem Internet ports 3 7 can also be used as LAN ports DMZ The DMZ Ethernet port connects to a hub switch or public server Button Reset Button The Reset button can be used in one of two ways If the Router is having problems connecting to the Internet press the Reset button with a paper clip or...

Page 21: ... Back Panel 10 100 16 Port VPN Router The Back Panel The Router s Power port is located on the back panel of the Router Power The Power port is where you connect the power adapter Proceed to Chapter 4 Connecting the Router Figure 3 2 Back Panel ...

Page 22: ...ged the default setting then you will not need to configure your PCs Set up and configure the Router with the setting s provided by your Internet Service Provider ISP according to Chapter 6 Set up and Configure the Router The installation technician from your ISP should have left the setup information with you after installing your broadband connection If not you can call your ISP to request the i...

Page 23: ...peat this step to connect additional Internet devices to the Router s other Internet ports 4 If you want to use the DMZ port connect an Ethernet cable to it and connect the other end to the appropriate network device such as a public server 5 Power on the cable or DSL modem and the other network device s 6 Connect the included power cord to the Router s Power port on the back of the Router as show...

Page 24: ...eed to Chapter 6 Setting up and Configuring the Router Configuring Windows 98 and Millennium PCs 1 Click the Start button Click Settings and then Control Panel From there double click the Network icon 2 On the Configuration tab select the TCP IP line for the applicable Ethernet adapter as shown in Figure 5 1 Do not choose a TCP IP entry whose name mentions Dial Up Adapter PPPoE VPN or AOL If the w...

Page 25: ...roperties button 3 Select Internet Protocol TCP IP and click the Properties button See Figure 5 3 4 Select Obtain an IP address automatically see Figure 5 4 Once the new windows appears click the OK button Click the OK button again to complete the PC configuration 5 Restart your computer Go to Chapter 6 Setting up and Configuring the Router Configuring Windows XP PCs The following instructions ass...

Page 26: ... IP address automatically see Figure 5 6 Once the new window appears click the OK button Click the OK button again or the Close button if any settings were changed to complete the PC configuration 5 Restart your computer Go to Chapter 6 Setting up and Configuring the Router Figure 5 5 Internet Protocol TCP IP for Windows XP Figure 5 6 Obtain an IP address automatically for Windows XP ...

Page 27: ...ommended that you change the Router s password from the default Time On this screen configure the Router s time settings You can set the time select a time zone enable or disable the Daylight Savings feature and configure the NTP Network Time Protocol settings DMZ Host The DMZ Demilitarized Zone Host feature allows one local user to be exposed to the Internet for use of a special purpose service s...

Page 28: ...l is a network protocol that provides network administrators with the ability to monitor the status of the Router and receive notification of any critical events as they occur on the network SNMP can only be used to monitor and configure the Router from inside the local network Diagnostic The Router has two built in tools that will help with troubleshooting network problems Factory Default Use thi...

Page 29: ... schedule VPN Tab Summary This screen displays the Summary Tunnel Status and GroupVPN Status settings and information Gateway to Gateway Use this screen to create a new tunnel between two VPN devices Client to Gateway From this screen create a new tunnel between a local VPN device and a mobile user or set up a Group VPN VPN Pass Through This tab allows you to disable IPSec PPTP and or L2TP Pass Th...

Page 30: ...u click a hyperlink the related setup screen will appear On the right hand side of this screen and all other screens of the Utility is a link to the Site Map which has links to all of the Utility s tabs Click the Site Map button to view the Site Map which is shown in Figure 6 4 Then click the desired tab System Information Serial Number The serial number of the Router Firmware version The current ...

Page 31: ...These hyperlink to the WAN setting on the Network page of the Setup tab If a WAN port is set to Obtain an IP automatically two buttons Release and Renew will be available Click the Release button to release the IP address of a specific WAN port and click the Renew button to update the DHCP Lease Time or get a new IP address If a WAN port is set to PPPoE or PPTP two buttons Connect and Disconnect w...

Page 32: ...yed Log Setting Status It hyperlinks to the System Log page of the Log tab If you have not set up the e mail server on the Log tab the message E mail cannot be sent because you have not specified an outbound SMTP server address will be displayed If you have set up the mail server but the log has not been generated due to the Log Queue Length and Log Time Threshold settings the message E mail setti...

Page 33: ...can also change the number of WAN ports using the Port Setup page of the Port Management tab If you change the number on this screen then the number on the Port Setup screen will change accordingly Make sure the network configuration matches the number of WAN port settings on this screen If you change the number of WAN ports click the Save Settings button to save your change A confirmation message...

Page 34: ...erver IP address is required Check your service installation receipt for this information otherwise request these settings from your ISP PPPoE Point to Point Protocol over Ethernet Some DSL based ISPs use PPPoE Point to Point Protocol over Ethernet to establish Internet connections for end users If you use a DSL line check with your ISP to see if they use PPPoE If they do you will have to enable i...

Page 35: ...keeps your PPPoE enabled connection active indefinitely even when it sits idle The default Redial Period is 30 seconds DMZ Setting The Router comes with a special DMZ port which is used for setting up public servers The DMZ port sits between the local network ports and the Internet port Servers on the DMZ are publicly accessible Use of the DMZ port is optional it may be left unconnected Using the ...

Page 36: ... it Click the Save Settings button to save your new password or click the Cancel Changes button to undo the change Setup Tab Time The Router uses the time settings to time stamp log events automatically update the Content Filter List and perform other activities for other internal purposes To set the local time select Set the local time using the Network Time Protocol NTP automatically or Set the ...

Page 37: ... requests to computers equipped to handle the requests If for example you set the port number 80 HTTP to be forwarded to IP address 192 168 1 2 then all HTTP requests from outside users will be forwarded to 192 168 1 2 You may use this function to establish a web server or FTP server via an IP gateway Make sure that you enter a valid IP address You may need to establish a static IP address in orde...

Page 38: ...t it and click the Delete selected application button Port Triggering Port triggering allows the Router to watch outgoing data for specific port numbers The IP address of the computer that sends the matching data is remembered by the Router so that when the requested data returns through the Router the data is pulled back to the proper computer by way of IP address and port mapping rules Some Inte...

Page 39: ...Click the Exit button to return to the UPnP screen If you want to delete a service you have created select it and click the Delete selected service button Then click the Save Setting button to save your changes Click the Exit button to return to the UPnP screen If you want to add another service click the Add New button Enter a name in the Service Name field From the Protocol drop down menu select...

Page 40: ...esponding external IP addresses One to One NAT does not change how the firewall functions work Access to LAN devices from the Internet will not be allowed unless the appropriate network access rules are established the appropriate forwarding entries are enabled or the appropriate authenticated user sessions are established Before configuring the One to One NAT settings set up the appropriate Acces...

Page 41: ...n Their MAC addresses are shown in the MAC Address column Click the Edit in the Config column to edit the MAC Clone setting of the selected WAN port A new screen will appear In the Interface field the WAN port number is displayed To manually clone a MAC address select User Defined WAN MAC Address and then enter the 12 digits of your adapter s MAC address If you want to clone the MAC address of the...

Page 42: ...t number is displayed Select DynDNS org from the DDNS Service drop down menu Enter your DynDNS org account information in the User name and Password fields Enter your host name in the three Host Name fields For example if your host name were myhouse dyndns org then myhouse would go into the first field dyndns would go into the second field and org would go into the last field Then click the Save S...

Page 43: ...communication of network data click the Enabled radio button Otherwise keep the default Disabled Receive RIP versions To use dynamic routing for reception of network data select the protocol you want None RIPv1 RIPv2 or Both RIP v1 and v2 Transmit RIP versions To use dynamic routing for transmission of network data select the protocol you want None RIPv1 RIPv2 Broadcast or RIPv2 Multicast Static R...

Page 44: ...rk s Internet connection enter the IP address of that router instead 4 In the Hop Count field enter the appropriate value maximum is 15 This indicates the number of nodes that a data packet passes through before reaching its destination A node is any device on the network such as a switch PC or router 5 From the Interface drop down menu select the appropriate interface The Interface tells you whet...

Page 45: ...er on your network leave the box unchecked Dynamic IP Client Lease Time The Client Lease Time is the amount of time a network user will be allowed connection to the Router with their current dynamic IP address Enter the amount of time in minutes that the user will be leased this dynamic IP address The range is 5 43 200 minutes Range Start End Enter a starting IP address and ending IP address to cr...

Page 46: ... You do not need to complete either of these DNS Server fields it is an optional feature WINS Windows Internet Naming Service WINS is a service that resolves NetBIOS names to IP addresses WINS is assigned if the computer DHCP client requests one If you do not know the IP address of the WINS server keep the default 0 0 0 0 Click the Save Settings button to save your changes or click the Cancel Chan...

Page 47: ...available Total It shows the total number of dynamic IP addresses that can be assigned by the DHCP server Client Table For all network clients using the DHCP server the Client Table shows the current DHCP Client information Client Host Name This is the name assigned to a client host IP Address It is the dynamic IP address assigned to a client MAC Address This indicates the MAC address of a client ...

Page 48: ...2M or 2 5M or above from the Upstream drop down menu From the Downstream drop down menu select 512K 1024K 1 5M 2M or 2 5M or above You can enable the Router to check the network service layer using DNS lookup This tool can detect the network connection status of the ISP if you have set up the DNS server in the Network section of the Setup page If you did not set up the DNS server the checkbox will...

Page 49: ...From the Downstream drop down menu select 512K 1024K 1 5M 2M or 2 5M or above You can enable the Router to check the network service layer using DNS lookup This tool can detect the network connection status of the ISP if you have set up the DNS server in the Network section of the Setup page If you did not set up the DNS server the checkbox will be grayed out and then you cannot use the DNS lookup...

Page 50: ...itial link fails When unchecked the IP users traffic will not be redirected The default is a checkmark 4 Click the Add to list button and configure as many IP range entries as you would like up to a maximum of 30 To delete an entry select it and click the Delete selected range button Click the Save Settings button to save your changes or click the Cancel Changes button to undo your changes To retu...

Page 51: ...m Contact Enter the name of the network administrator for the Router as well as a contact number or e mail address System Location Enter the location of the Router For example you could include the name of the building floor number and room location such as Head Office Floor 5 Networking 3 Get Community Name Create a name for the group or community of administrators who can view the Router s SNMP ...

Page 52: ...he ISP This will show if the problem lies with the ISP s connection Select which tool you want to use DNS Name Lookup or Ping DNS Name Lookup Before using this tool make sure the IP address of the DNS server is entered on the Network page of the Setup tab otherwise this tool will not work Enter the host name in the Look up the name field and click the Go button Do not add the prefix http or else y...

Page 53: ...rade Firmware Upgrade You can use this feature to upgrade the Router s firmware to the latest version To download the firmware refer to the Firmware Download section If you have already downloaded the firmware onto your computer then click the Browse button to look for the file Then click the Firmware Upgrade Right Now button Firmware Download If you need to download the latest version of the Rout...

Page 54: ...em Management Tab Setting Backup This screen allows you to make a backup file of your preferences file for the Router To save the backup file you need to export the configuration file To use the preferences file you need to import the configuration file Import Configuration File To import a configuration file first specify where your preferences file is located Click the Browse button and a dialog...

Page 55: ...ill display the WAN port numbers in the Port ID column and their respective settings in the Interface Disable Priority Speed and Duplex columns Click Enable in the Auto Negotiation column if you want the Router s ports to auto negotiate connection speeds and duplex mode then you will not need to set up speed and duplex settings separately Basic Per Port Config Table Port ID The port number or name...

Page 56: ...elected port the Summary table will show these settings Type Interface Link Status Port Activity Priority Speed Status Duplex Status and Auto negotiation For the selected port the Statistics table will show these statistics number of packets received number of packet bytes received number of packets transmitted number of packet bytes transmitted and number of packet errors Click the Refresh button...

Page 57: ...ects internal networks from Internet attacks such as SYN Flooding Smurf LAND Ping of Death IP Spoofing and reassembly attacks Block WAN Request This feature is enabled by default and is designed to prevent attacks through the Internet When it is enabled the Router will drop both unaccepted TCP request and ICMP packets from the WAN side Hackers will not find the Router by pinging the WAN IP address...

Page 58: ...at will be always active and cannot be overridden by any custom rules HTTP service from the LAN to the Router is always allowed DHCP service from the LAN is always allowed DNS service from the LAN is always allowed Ping service from the LAN to the Router is always allowed Except for the Default Rules all configured Access Rules are listed in the Access Rules table and you can set the priority for ...

Page 59: ... delete a service you have created select it and click the Delete selected service button Then click the Save Setting button to save your changes Click the Exit button to return to the Add a New Access Rule screen If you want to add another service click the Add New button Enter a name in the Service Name field From the Protocol drop down menu select the protocol it uses Enter its range in the Por...

Page 60: ... block specific domains during the designated days and times When the Block Forbidden Domains checkbox is selected the Router will forbid access to websites on the Forbidden Domains list To add a domain to the list enter the address of the domain in the Add field and then click the Add to list button To remove a domain from the list select the domain and click the Delete selected domain button Whe...

Page 61: ...o Gateway section for further instructions Client to Gateway The Client to Gateway tunnel is a tunnel created between the VPN Router and the client host who is using VPN client software that supports IPSec Click the Add Now button to see the Client to Gateway screen Proceed to the Client to Gateway section for further instructions After you have added the VPN tunnels you will see them listed in th...

Page 62: ...ay or Gateway to Client section for more information Click the Trash Can icon to delete all of your tunnel settings for each individual tunnel Tunnel s Enabled and Tunnel s Defined These read only fields show the number of VPN tunnels that are enabled and number of VPN tunnels that are defined The number of tunnels enabled may be fewer than the number of tunnels defined because you can disable any...

Page 63: ...ate Interface WAN1 WAN2 from the pull down menu If you designate more than two WAN ports on the Network or Port Management page then additional WAN ports will be available Enable Check this box to enable a VPN tunnel When creating a VPN tunnel this checkbox will be disabled Local Group Setup Local Security Gateway Type Select one of these five available types IP Only IP Domain Name FQDN Authentica...

Page 64: ... the same Domain Name to create another new tunnel connection Dynamic IP E mail Addr USER FQDN Authentication If the Local Security Gateway has a dynamic IP and you want to use the e mail address for authentication then select this type When the Remote Security Gateway asks to create a tunnel with the Router the Router will work as a responder For authentication enter the appropriate e mail addres...

Page 65: ...urity Gateway Type selected on the VPN device at the other end of the tunnel After you have selected the Remote Security Gateway Type the settings available on this screen may change depending on which selection you have made IP Only If you select IP Only then only the computer with a specific IP address will be able to access the tunnel In the IP address field enter the IP address of the remote V...

Page 66: ...t one of these three available types IP Subnet or IP Range The Remote Security Group Type you select should match the Local Security Group Type selected on the VPN device at the other end of the tunnel After you have selected the Remote Security Group Type the settings available on this screen may change depending on which selection you have made IP If you select IP then only the computer with a s...

Page 67: ...a 128 bit digest SHA is a one way hashing algorithm that produces a 160 bit digest SHA is recommended because it is more secure Make sure both ends of the VPN tunnel use the same authentication method Phase 1 SA Life Time Configure the length of time a VPN tunnel is active in Phase 1 The default value is 28800 seconds Perfect Forward Secrecy If the Perfect Forward Secrecy PFS feature is enabled IK...

Page 68: ...ust use the same Preshared Key It is strongly recommended that you change the Preshared Key periodically to maximize VPN security Click the Save Settings button to save your changes or click the Cancel Changes button to undo the changes Manual Basically manual key management is used in small static environments or for troubleshooting purposes If you select Manual you generate the key yourself so n...

Page 69: ...y completed with zeroes so the Encryption Key will be 48 bit Make sure both ends of the VPN tunnel use the same Encryption Key Authentication Key This field specifies a key used to authenticate IP traffic Enter a key of hexadecimal values in the Authentication Key field If you selected MD5 as the authentication method then the Authentication Key must be 32 bit which requires 32 hexadecimal values ...

Page 70: ...y the integrity of the entire packet during the hashing process so protection is extended forward into the IP header Select an algorithm MD5 or SHA1 MD5 produces a 128 bit digest to authenticate packet data and SHA1 produces a 160 bit digest to authenticate packet data Both ends of the VPN tunnel should use the same AH Hash Algorithm NetBIOS Broadcast Click the checkbox if you want NetBIOS traffic...

Page 71: ...pplicable to Group VPNs Select one of these five available types IP Only IP Domain Name FQDN Authentication IP E mail Addr USER FQDN Authentication Dynamic IP Domain Name FQDN Authentication or Dynamic IP E mail Addr USER FQDN Authentication If you want to use a Fully Qualified Domain Name FQDN for authentication but you do not have one visit www dyndns org to set up a Dynamic Domain Name System D...

Page 72: ... select this type When the Remote Client asks to create a tunnel with the Router the Router will work as a responder For authentication enter the appropriate e mail address in the E mail address fields Local Security Group Type Select the local LAN user s behind the Router that can use this VPN tunnel Select one of these three available types IP Subnet or IP Range The Local Security Group Type you...

Page 73: ...ress of the Remote Client which can be a computer with VPN client software that supports IPSec Enter the FQDN in the Domain Name field and enter the IP address in the IP address field The FQDN is the host name and domain name for a specific computer on the Internet An example of a FQDN is vpn remotevpnserver com The FQDN and IP address must match the FQDN and IP address of the Local Security Gatew...

Page 74: ...ld The FQDN is the host name and domain name for a specific computer on the Internet An example of a FQDN is vpn remotevpnserver com The FQDN must match the FQDN setting on the Remote Client When the Remote Client asks to create a tunnel with the Router the Router will work as a responder E mail Address USER FQDN If you select this type enter the e mail address of the Remote Client at the other en...

Page 75: ...that produces a 160 bit digest SHA is recommended because it is more secure Make sure both ends of the VPN tunnel use the same authentication method Phase 1 SA Life Time Configure the length of time a VPN tunnel is active in Phase 1 The default value is 28800 seconds Perfect Forward Secrecy If the Perfect Forward Secrecy PFS feature is enabled IKE Phase 2 negotiation will generate new key material...

Page 76: ...change the Preshared Key periodically to maximize VPN security Click the Save Settings button to save your changes or click the Cancel Changes button to undo the changes Manual not applicable to Group VPNs Basically manual key management is used in small static environments or for troubleshooting purposes If you select Manual you generate the key yourself so no key negotiation is needed Incoming S...

Page 77: ...be 48 bit Make sure both ends of the VPN tunnel use the same Encryption Key Authentication Key This field specifies a key used to authenticate IP traffic Enter a key of hexadecimal values in the Authentication Key field If you selected MD5 as the authentication method then the Authentication Key must be 32 bit which requires 32 hexadecimal values If you do not enter enough hexadecimal values then ...

Page 78: ... protocol Keep Alive This feature helps maintain the connections of IPSec tunnels Whenever a connection is dropped and the drop is detected then the connection will be re established immediately Select Keep Alive to enable this feature AH Hash Algorithm The AH Authentication Header protocol describes the packet format and default standards for packet structure If AH is used as a security protocol ...

Page 79: ... Pass Through is enabled by default to allow IPSec tunnels to pass through the Router PPTP Pass Through Point to Point Tunneling Protocol PPTP allows the Point to Point Protocol PPP to be tunneled through an IP network PPTP Pass Through is enabled by default L2TP Pass Through Layer 2 Tunneling Protocol is the method used to enable Point to Point sessions via the Internet on the Layer 2 level L2TP ...

Page 80: ...ail You may want logs or alert messages to be e mailed to you If so then configure the E mail settings Enable E Mail Alert If you check the box The Router s E Mail Alert feature will be enabled Mail Server If you want any log or alert information e mailed to you then enter the name or numerical IP address of your SMTP server Your ISP can provide you with this information Send E mail to This is the...

Page 81: ...garding the Router s firewall while the VPN Log shows information about VPN tunnel activity To clear a log click the Clear button To update a log click the Refresh button To exit this screen click the Close button Outgoing Log Table Click the Outgoing Log Table button to view a temporary log of all the URLs and IP addresses of Internet sites that users on your network have accessed Each event is d...

Page 82: ...ess Subnet Mask Default Gateway number of Received Packets number of Sent Packets number of Total Packets number of Received Bytes number of Sent Bytes number of Total Bytes number of Error Packets Received and number of Dropped Packets Received When there are more than two WAN ports click Next page to see additional system statistics on the next page Then click Previous page to see the system sta...

Page 83: ... the Router s network settings go to the Modify the Router s Network Settings section Change Number of WAN Ports 1 Click the Launch Now button to run the Basic Setup Wizard 2 The screen shown in Figure 6 99 will appear If you want to change the number of WAN ports select Set the total number of WAN ports Click the Next button to continue Click the Exit button if you want to exit the Setup Wizard 3...

Page 84: ...ure 6 102 will appear If you want to edit the Router s network settings select Edit Network Settings Click the Next button to continue Click the Exit button if you want to exit the Setup Wizard 3 Your Internet Service Provider ISP may require you to use a host and domain name for your Internet connection If your ISP requires them complete the Host Name and Domain Name fields otherwise leave these ...

Page 85: ...cted the appropriate screen will appear Follow the instructions for the appropriate connection type Obtain an IP automatically If you chose Obtain an IP automatically the screen shown in Figure 6 105 will appear If you want to use the ISP s DNS server select Use DNS Server provided by ISP default If you want to designate a specific DNS server IP address select Use the Following DNS Server Addresse...

Page 86: ...h the settings provided by your ISP Click the Next button and then the screen shown in Figure 6 107 will appear Enter the DNS server IP addresses you want to use you must enter at least one Click the Next button to continue and proceed to step 6 Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Setup Wizard Figure 6 107 Static IP D...

Page 87: ...r the number of minutes you want the Router to wait before your Internet access disconnects If you select the Keep Alive option the Router will keep the connection alive by sending out a few data packets periodically so your ISP thinks that the connection is still active This option keeps your PPPoE enabled connection active indefinitely even when it sits idle In the Redial period field enter the ...

Page 88: ...t Mask field If you are not using the DMZ port enter 0 in each of the DMZ IP fields Click the Next button to continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Setup Wizard 8 The screen shown in Figure 6 111 will appear If you want to save your changes click the Save Settings button Click the Previous button if you want to ...

Page 89: ...Default Rules Click the Next button to continue Click the Exit button if you want to exit the Access Rule Setup Wizard 3 The screen shown in Figure 6 113 will appear From the drop down menu select Allow or Deny depending on the intent of the Access Rule Click the Next button to continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit...

Page 90: ...ng this access rule Click the Next button to continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Access Rule Setup Wizard 6 The screen shown in Figure 6 116 will appear Select the appropriate Source Interface LAN DMZ Any WAN1 WAN2 from the Ethernet pull down menu Select the Source IP address es for this Access Rule If it can...

Page 91: ...ould be in effect Decide what times and which days of the week the Access Rule should be enforced Then enter the hours and minutes in 24 hour format and select the appropriate days of the week Click the Next button to continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Access Rule Setup Wizard 9 The screen shown in Figure 6 ...

Page 92: ... Support menu and then select the RV016 10 100 16 Port VPN Router from the drop down menu Select your operating system and then click Downloads for this Product Click User Guide Linksys Web Site Click the Linksys Web Site button and the Support page of the Linksys Website www linksys com will appear Logout Tab The Logout tab is located on the upper right hand corner of the screen Click this tab to...

Page 93: ...correct Click the System Management tab of the Router s Web based Utility Select the Ping radio button Enter the IP address of the Remote Secure Gateway or Client in the Ping host or IP address field Then click the Go button 2 My VPN tunnel connects properly but it frequently drops the connection What should I do Through the Router s Web based Utility access the settings for your VPN tunnel In the...

Page 94: ...8 1 2 to 192 168 1 99 and 192 168 1 151 to 192 168 1 254 Make sure that each IP address is unique for each PC or network device D Click the Gateway tab and in the New Gateway prompt enter 192 168 1 1 which is the default IP address of the Router Click the Add button to accept the entry E Click the DNS tab and make sure the DNS Enabled option is selected Enter the Host and Domain names e g John for...

Page 95: ...ted with the Ethernet adapter you are using and select the Properties option D In the This connection uses the following items box highlight Internet Protocol TCP IP Click the Properties button E Enter a unique IP address that is not used by any other computer on the network connected to the Router You can only use an IP address in the ranges 192 168 1 2 to 192 168 1 99 and 192 168 1 151 to 192 16...

Page 96: ...fault interface If you are using the Classic interface where the icons and menus look like previous Windows versions please follow the instructions for Windows 2000 1 Click Start and Control Panel 2 Click the Network and Internet Connections icon and then the Network Connections icon 3 Right click the Local Area Connection that is associated with the Ethernet adapter you are using and select the P...

Page 97: ...thernet Adapter If you need to clone the MAC address of your Ethernet adapter onto the Router see the MAC Address Clone section of Chapter 6 Setting up and Configuring the Router for details C Make sure you are using the right Internet settings Contact your ISP to see if your Internet connection type is DHCP Static IP Address or PPPoE commonly used by DSL consumers Please refer to the Setup sectio...

Page 98: ...ve the problem Change the Router s IP address through the Setup tab of the Web based Utility If you assigned a static IP address to any computer or network device on the network you need to change its IP address accordingly to 192 168 2 Y Y being any number from 2 to 254 Note that each IP address must be unique within the network Your VPN may require port 500 UDP packets to be passed to the comput...

Page 99: ...er This also applies to the Internet applications you are using The best way to get the information on what port services to use is to go to the website of the online game or application you want to use Follow these steps to set up online game hosting or use a certain Internet application A Access the Router s Web based Utility by going to http 192 168 1 1 or the IP address of the Router Go to the...

Page 100: ...hichever PC or network device you set for DMZ hosting Follow these steps to set DMZ hosting A Access the Router s Web based Utility by going to http 192 168 1 1 or the IP address of the Router Go to the Setup Forwarding tab B Disable or remove the entries you have entered for forwarding To delete an entry select it and then click the Delete selected application button Keep this information in case...

Page 101: ... and remove anything that is checked D Click the OK button to go back to the previous screen E Click the option Never dial a connection This will remove any dial up pop ups for PPPoE users For Netscape 4 7 or higher A Start Netscape Navigator and click Edit Preferences Advanced and Proxies B Make sure you have Direct connection to the Internet selected on this screen C Close all the windows to fin...

Page 102: ...t Restart Select Backup Firmware Version Click the Restart Router button to restart the Router 17 My DSL service s PPPoE is always disconnecting PPPoE is not actually a dedicated or always on connection The DSL ISP can disconnect the service after a period of inactivity just like a normal phone dial up connection to the Internet There is a setup option to keep alive the connection This may not alw...

Page 103: ...ing looks at the outgoing port services used and will trigger the Router to open a specific port depending on which port an Internet application uses Follow these steps A To connect to the Router go to the web browser and enter http 192 168 1 1 or the IP address of the Router B Enter the user name and password if asked The default user name and password are admin C Click the Setup Forwarding tab D...

Page 104: ...he Router installed on the network In a typical environment the Router is installed between the cable DSL modem and the LAN Plug the Router into the cable DSL modem s Ethernet port Does the Router support IPX or AppleTalk No TCP IP is the only protocol standard for the Internet and has become the global standard for communications IPX a NetWare communications protocol used only to route messages f...

Page 105: ...et Half Life Team Fortress to work with the Router The default client port for Half Life is 27005 The computers on your LAN need to have clientport 2700x added to the HL shortcut command line the x would be 6 7 8 and on up This lets multiple computers connect to the same server One problem Version 1 0 1 6 won t let multiple computers with the same CD key connect at the same time even if on the sam...

Page 106: ...cumentation and make sure that your browser is set to connect directly and that any dial up is disabled Make sure that your browser is set to connect directly and that any dial up is disabled For Internet Explorer click Tools Internet Options and then the Connection tab Make sure that Internet Explorer is set to Never dial a connection For Netscape Navigator click Edit Preferences Advanced and Pro...

Page 107: ...at is the maximum number of VPN passthrough sessions allowed by the Router The maximum number depends on many factors At least one IPSec session will work through the Router however simultaneous IPSec sessions may be possible depending on the specifics of your VPNs How can I check whether I have static or DHCP IP addresses Ask your ISP to find out How do I get mIRC to work with the Router Under th...

Page 108: ...he System Management Tab and then the Firmware Upgrade page 2 Click the Firmware Download from Linksys Web Site button 3 Select the Router from the pull down menu and choose the firmware from the options 4 Extract the file on your computer 5 On the Firmware Upgrade screen shown in Figure B 1 enter the location of the extracted firmware upgrade file or click the Browse button to find this file 6 Cl...

Page 109: ...s the Enter key or the OK button 2 When the IP Configuration screen appears select the Ethernet adapter you have connected to the Router via a CAT 5 Ethernet network cable See Figure C 1 3 Write down the Adapter Address as shown on your computer screen see Figure C 2 This is the MAC address for your Ethernet adapter and is shown as a series of numbers and letters The MAC address Adapter Address is...

Page 110: ...r Port Management screen Their MAC addresses are shown in the MAC Address column Click the Edit in the Config column to edit the MAC Clone setting of the selected WAN port A new screen will appear In the Interface field the WAN port number is displayed To manually clone a MAC address select User Defined WAN MAC Address and then enter the 12 digits of your adapter s MAC address If you want to clone...

Page 111: ...outer You can set the Router on a desktop install it in a rack with attached brackets or mount it on the wall Placement of the Router Set the Router on a desktop or other flat secure surface Do not place excessive weight on top of the Router that could damage the Router Rack Mounting the Router The Router comes with two brackets and eight screws for mounting on a 19 inch rack The attached brackets...

Page 112: ... Router s sides Attach the mounting brackets using the included screws four on each side of the Router When the brackets are attached to the Router you can rack mount it Attach the Router to the rack using two screws on each side of the Router as shown below in Figure D 2 Figure D 2 Attaching the Brackets to the Router and Rack Mounting the Router ...

Page 113: ...distance between the two holes is 3 701 inches 94 mm Install two screws or nails into the wall 3 701 inches 94 mm apart After the screws or nails are secured on the wall line up the Router s holes with the screws or nails and mount the Router on the wall The wall mount holes are shown below in Figure D 3 The suggested mounting hardware is shown in Figure D 4 Figure D 3 Wall Mounting the Router ...

Page 114: ...103 Appendix D Physical Setup of the Router Setting up the Router 10 100 16 Port VPN Router Figure D 4 Wall Mounting Hardware ...

Page 115: ...pdate the correct time except when connected to the NTP Server Do not attempt to replace this battery yourself You must call Linksys Technical Support to replace the battery Danger of explosion exists if the lithium battery is incorrectly replaced The battery can only be replaced with the same or equivalent type of CR2032 lithium battery WARNING The lithium battery can explode if replaced incorrec...

Page 116: ...et of instructions or protocol all PCs follow to communicate over a wired or wireless network Your PCs will not be able to utilize networking without having TCP IP enabled Windows Help provides complete instructions on enabling TCP IP Shared Resources If you wish to share printers folders or files over your network Windows Help provides complete instructions on utilizing shared resources Network N...

Page 117: ...ionality to your PC Ad hoc A group of wireless devices communicating directly with each other peer to peer without the use of an access point AES Advanced Encryption Standard A method that uses up to 256 bit key encryption to secure data Backbone The part of a network that connects most of the systems and networks together and handles the most data Bandwidth The transmission capacity of a given de...

Page 118: ...domain name Default Gateway A device that forwards Internet traffic from your local area network DHCP Dynamic Host Configuration Protocol A protocol that lets one device on a local network known as a DHCP server assign temporary IP addresses to the other network devices typically computers DMZ Demilitarized Zone Removes the Router s firewall protection from one PC allowing it to be seen from the I...

Page 119: ...ls you the name associated with an e mail address Firewall Security measures that protect the resources of a local network from intruders Firmware 1 In network devices the programming that runs the device 2 Programming loaded into read only memory ROM or programmable read only memory PROM that cannot be altered by end users Fragmentation Breaking a packet into smaller units when transmitting over ...

Page 120: ...ider A company that provides access to the Internet LAN Local Area Network The computers and networking products that make up the network in your home or office LEAP Lightweight Extensible Authentication Protocol A mutual authentication method that uses a username and password system MAC Media Access Control Address The unique address that a manufacturer assigns to each networking device Mbps Mega...

Page 121: ... cable to deliver both data and power PPPoE Point to Point Protocol over Ethernet A type of broadband connection that provides authentication username and password in addition to data transport PPTP Point to Point Tunneling Protocol A VPN protocol that allows the Point to Point Protocol PPP to be tunneled through an IP network This protocol is also used as a type of broadband connection in Europe ...

Page 122: ... code that determines the size of the network Switch 1 Device that is the central point of connection for computers and other devices in a network so data can be shared at full transmission speeds 2 A device for making breaking or changing the connections in an electrical circuit TCP IP Transmission Control Protocol Internet Protocol A network protocol for transmitting data that requires acknowled...

Page 123: ...t leaves one network and goes to another over the Internet WAN Wide Area Network The Internet WEP Wired Equivalent Privacy A method of encrypting data transmitted on a wireless network for greater security WINIPCFG A Windows 98 and Millennium utility that displays the IP address for a particular networking device WLAN Wireless Local Area Network A group of computers and associated devices that com...

Page 124: ...ory 5 Ethernet LEDs System Internet 1 7 DMZ Diag LAN 1 13 UPnP able cert Yes Security Features SPI Firewall DES and 3DES Encryption for IPSec VPN Tunnel Dimensions 11 x 1 75 x 9 50 W x H x D 279 4 mm x 44 45 mm x 241 3 mm Unit Weight 52 03 oz 1 475 kg Power 3 3 V 5 Amps Certifications FCC Class B CE Class B Operating Temp 0ºC to 40ºC 32ºF to 104ºF Storage Temp 0ºC to 70ºC 32ºF to 158ºF Operating H...

Page 125: ...ND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF NON INFRINGEMENT ARE DISCLAIMED Some jurisdictions do not allow limitations on how long an implied warranty lasts so the above limitation may not apply to You This warranty gives You specific legal rights and You may also have other rights which vary by jurisdiction This warranty does not apply if the Product a has been altered except by Linksys b ha...

Page 126: ...does cause harmful interference to radio or television reception which is found by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment or devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an e...

Page 127: ...rking with Linksys products Give our advice line a call at 800 546 5797 LINKSYS Or fax your request in to 949 823 3002 If you experience problems with any Linksys product you can call us at 800 326 7114 Don t wish to call You can e mail us at support linksys com If any Linksys product proves defective during its warranty period you can call the Linksys Return Merchandise Authorization department f...

Search results

Summary of Contents for RV016

Reviews:

Related manuals for RV016

Brands by name

Popular brands

Linksys RV016, User Manual

Search results

Summary of Contents for RV016

Reviews:

Related manuals for RV016

Brands by name

Popular brands