background image

7

Chapter 2: Networking Basics
What is a VPN?

4-Port SSL/IPSec VPN Router

There are two basic ways to create a VPN connection:

VPN Router to VPN Router

Computer (using SSL or IPSec VPN client software) to VPN Router 

The VPN Router creates a “tunnel” or channel between two endpoints, so that data transmissions between them 
are secure. A computer with SSL or IPSec VPN client software can be one of the two endpoints. 

For an IPSec VPN tunnel, any computer with the built-in IPSec Security Manager (Microsoft 2000 and XP) allows 
the VPN Router to create a VPN tunnel using IPSec. Other versions of Microsoft operating systems require 
additional, third-party VPN client software applications that support IPSec to be installed. 

For an SSL VPN tunnel, a computer can download the Virtual Passage SSL VPN client software during first-time 
connection to the SSL VPN Portal. (See “Appendix C: Using the Virtual Passage SSL VPN Client.”)

VPN Router to VPN Router

An example of a VPN Router-to-VPN Router VPN would be as follows. At home, a telecommuter uses his VPN 
Router for his always-on Internet connection. His Router is configured with his office's VPN settings. When he 
connects to his office's router, the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs 
utilize the Internet, distance is not a factor. Using the VPN, the telecommuter now has a secure connection to the 
central office's network, as if he were physically connected.

Computer (using VPN client software) to VPN Router

The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling businesswoman 
dials up her ISP. Her notebook computer has VPN client software that is configured with her office's VPN settings. 
She accesses the VPN client software and connects to the VPN Router at the central office. As VPNs utilize the 
Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure connection to the central 
office's network, as if she were physically connected.

For additional information and instructions about creating your own VPN, please visit Linksys’s website at 
www.linksys.com.

Figure 2-2: Computer-to-VPN Router VPN

Figure 2-1: VPN Router-to-VPN Router VPN

Home

VPN Router

Central Office

VPN Router

Off-Site

VPN Router

Central Office

VPN Router

Laptop with VPN 

Client Software

Summary of Contents for RVL200

Page 1: ...Model No Model No USER GUIDE BUSINESS SERIES Model No Model No 4 Port SSL IPSec with Ports Model No RVL200 4 portuter VPN Router WIRED ...

Page 2: ...e presented like this Also each figure diagram screenshot or other image is provided with a figure number and description like this Figure numbers and descriptions can also be found in the List of Figures section in the Table of Contents RVL200 UG 60614NC JL This exclamation point means there is a caution or warning and is something that could damage your property or the Router word definition Thi...

Page 3: ...10 Overview 10 Connection Instructions 11 Chapter 5 Setting Up and Configuring the Router 12 Overview 12 Before You Begin 15 How to Access the Web based Utility 18 System Summary Tab 19 Setup Tab Network 22 Setup Tab Password 25 Setup Tab Time 26 Setup Tab DMZ Host 27 Setup Tab Forwarding 27 Setup Tab UPnP 29 Setup Tab MAC Clone 30 Setup Tab DDNS 31 Setup Tab Advanced Routing 32 DHCP Tab Setup 34 ...

Page 4: ... IPSec VPN Tab Summary 55 VPN Tab Gateway to Gateway 56 IPSec VPN Tab VPN Pass Through 60 SSL VPN Tab Summary 61 SSL VPN Tab User Management 62 SSL VPN Tab Virtual Passage 64 Log Tab System Log 65 Log Tab System Statistics 66 Wizard Tab 67 Support Tab 76 Logout Tab 76 Appendix A Troubleshooting 77 Common Problems and Solutions 77 Frequently Asked Questions 87 Appendix B Physical Setup of the Route...

Page 5: ...in an Existing Network 128 Overview 128 LAN to LAN Connection 128 WAN to LAN Connection 130 Appendix J Configuring a Gateway to Gateway IPSec Tunnel 131 Overview 131 Before You Begin 131 Configuring the VPN Settings when the Remote Gateway Uses a Static IP 131 Configuring PC 1 and PC 2 133 Configuring the VPN Settings when the Remote Gateway Uses a Dynamic IP 134 Configuring PC 1 and PC 2 136 Appe...

Page 6: ...ications 151 Performance 151 Setup Configuration 151 Management 151 Security 152 QoS 152 Network 152 VPN 153 Routing 153 Environmental 153 Appendix P Warranty Information 154 Appendix Q Regulatory Information 155 Appendix R Contact Information 161 ...

Page 7: ...xplorer Internet Options Privacy 16 Figure 5 4 Netscape Communicator Options Site Controls Master Settings 16 Figure 5 5 Netscape Communicator Options Site Controls Web Features 17 Figure 5 6 Netscape Communicator Options Advanced Security 17 Figure 5 7 Router s Local IP Address 18 Figure 5 8 Login Screen 18 Figure 5 9 Click Yes to Install 18 Figure 5 10 Click Yes to Delete History 18 Figure 5 11 ...

Page 8: ...pgrade 37 Figure 5 34 System Management Tab Restart 38 Figure 5 35 System Management Tab Setting Backup 38 Figure 5 36 Port Management Tab Port Setup 39 Figure 5 37 Port Management Tab Port Status 40 Figure 5 38 Port Management Tab Create VLAN 41 Figure 5 39 Port Management Tab Port Setting 42 Figure 5 40 Port Management Tab VLAN Membership 43 Figure 5 41 QoS Tab Bandwidth Management Rate Control ...

Page 9: ...uthentication Type Active Directory 62 Figure 5 63 Authentication Type LDAP 63 Figure 5 64 Add a New User for Local User Database 63 Figure 5 65 Add a New User 63 Figure 5 66 SSL VPN Tab Virtual Passage 64 Figure 5 67 SSL VPN Portal Page 64 Figure 5 68 Log Tab System Log 65 Figure 5 69 System Log 66 Figure 5 70 Log Tab System Statistics 66 Figure 5 71 Wizard Tab 67 Figure 5 72 Host and Domain Name...

Page 10: ...plorer Internet Options Security 93 Figure C 3 Internet Explorer Internet Options Privacy 94 Figure C 4 Netscape Communicator Options Site Controls Web Features 94 Figure C 5 Netscape Communicator Options Advanced Security 95 Figure C 6 SSL VPN Portal Login Screen 96 Figure C 7 Click the Unlock Icon 97 Figure C 8 Click to Install the Web Cache Cleaner 97 Figure C 9 Click Yes to Install 97 Figure C...

Page 11: ...etBIOS Domain Name 107 Figure E 11 Database and Log Folders 108 Figure E 12 Shared System Volume 108 Figure E 13 DNS Registration Diagnostics 109 Figure E 14 Permissions 109 Figure E 15 Directory Services Restore Mode Administrator Password 110 Figure E 16 Summary 110 Figure E 17 Active Directory Installation Wizard 111 Figure F 1 Active Directory Users and Computers 112 Figure F 2 User Name 112 F...

Page 12: ...guration Method 122 Figure G 19 Policy Conditions 123 Figure G 20 Select Attribute 123 Figure G 21 Client IP Address 124 Figure G 22 Policy Conditions 124 Figure G 23 Request Processing Method 125 Figure G 24 Authentication 125 Figure G 25 Completing the New Connection Request Processing Policy Wizard 126 Figure H 1 SSL VPN User Management 127 Figure H 2 LDAP 127 Figure I 1 RVL200 LAN to RV082 LAN...

Page 13: ...136 Figure J 10 RV082 IPSec Setup Settings 136 Figure K 1 Traffic in Scenario 1 137 Figure K 2 Router A s IPSec VPN Settings 138 Figure K 3 Router B s IPSec VPN Settings 138 Figure K 4 Traffic in Scenario 2 140 Figure K 5 Router B s IPSec VPN Settings 141 Figure K 6 Router A s IPSec VPN Settings 142 Figure L 1 IP Configuration Screen 143 Figure L 2 MAC Address Adapter Address 143 Figure L 3 MAC Ad...

Page 14: ...ement while the QoS features provide consistent voice and video quality throughout your business Use the browser based utility to configure settings and run convenient wizards that will help you set up the Router and its access rules This User Guide will give you all the information you need to connect set up and configure the Router What s in this Guide This User Guide covers the steps for settin...

Page 15: ... Directory Server This appendix explains how to create a user for Active Directory Appendix G Installing an Internet Authentication Service IAS Server This appendix provides instructions on how to install an IAS server Appendix H Configuring the Router s Settings for a Lightweight Directory Access Protocol LDAP Server This appendix describes how to configure the Router s LDAP server settings Appen...

Page 16: ...ossary of terms frequently used in networking Appendix O Specifications This appendix provides the technical specifications for the Router Appendix P Warranty Information This appendix supplies the warranty information for the Router Appendix Q Regulatory Information This appendix supplies the regulatory information regarding the Router Appendix R Contact Information This appendix provides contact...

Page 17: ...r other device on the network Since a static IP address remains valid until you disable it static IP addressing ensures that the device assigned it will always have that same IP address until you change it Static IP addresses are commonly used with network devices such as server PCs or print servers If you use the Router to share your cable or DSL Internet connection contact your ISP to find out i...

Page 18: ...ou do once information is sent outside of your local network when e mails are sent to their destination or when you have to connect to your company s network when you are out on the road How is your data protected That is when a VPN can help VPNs are called Virtual Private Networks because they secure data moving outside of your network as if it were still within that network When data is sent out...

Page 19: ... will often pass through many different servers around the world before reaching its final destination That s a long way to go for unsecured data and this is when a VPN serves its purpose What is a VPN A VPN or Virtual Private Network is a connection between two endpoints a VPN Router for instance in different networks that allows private data to be sent securely over a shared or public network su...

Page 20: ...r for his always on Internet connection His Router is configured with his office s VPN settings When he connects to his office s router the two routers create a VPN tunnel encrypting and decrypting data As VPNs utilize the Internet distance is not a factor Using the VPN the telecommuter now has a secure connection to the central office s network as if he were physically connected Computer using VP...

Page 21: ...es slowly and during a reset to factory defaults it flashes quickly The LED turns off when the Router is ready INTERNET Green The INTERNET LED lights up when the Router is connected to your cable or DSL modem It flashes when the Router is actively sending or receiving data through the Internet port ETHERNET 1 4 Green The ETHERNET LED serves two purposes The LED lights up when the Router is connect...

Page 22: ...h slowly during a warm reset Reset to Factory Defaults If you are experiencing extreme problems with the Router and have tried all other troubleshooting measures press and hold in the RESET button for ten seconds This will restore the factory defaults and clear all of the Router s custom settings The DIAG LED will flash quickly during a reset to factory defaults Ports INTERNET The INTERNET port co...

Page 23: ...PCs refer to Windows Help for more information Set up and configure the Router with the setting s provided by your Internet Service Provider ISP according to Chapter 5 Setting Up and Configuring the Router The installation technician from your ISP should have left the setup information with you after installing your broadband connection If not you can call your ISP to request the information Once ...

Page 24: ...ered ports on the back of the Router Connect the other end to an Ethernet port on a network device e g a PC print server hub or switch Repeat this step to connect more PCs or other network devices to the Router 5 Connect the included power adapter to the Router s Power port and then plug the power adapter into an electrical outlet The Power LED on the front panel will light up as soon as the power...

Page 25: ...d network settings on this screen Password You can change the Router s password on this screen It is strongly recommended that you change the Router s password from the default Time On this screen configure the Router s time settings You can manually set the time or configure the Network Time Protocol NTP setting DMZ Host The Demilitarized Zone DMZ Host feature allows one local user to be exposed ...

Page 26: ... can only be used to monitor and configure the Router from inside the local network Factory Default Use this screen to clear all of your configuration information and restore the Router to its factory default settings Only use this feature if you want to remove all of your custom configuration settings Firmware Upgrade You can use this screen to upgrade the Router s firmware to the latest version ...

Page 27: ... in the IP header of a frame Firewall Tab General Use this screen to enable or disable various firewall security and web features including Stateful Packet Inspection SPI DoS Denial of Service and Remote Management Access Rules Access Rules evaluate the network traffic s source IP address destination IP address and IP protocol type to decide whether the IP traffic is allowed to pass through the fi...

Page 28: ... the Logout tab to exit the Utility Before You Begin The Router s Web based Utility and SSL VPN Portal support Internet Explorer 6 0 or higher and Netscape Communicator 8 0 or higher running in a Windows environment To configure the SSL VPN software your web browser must have SSL JavaScript ActiveX and cookies enabled these settings are enabled by default If the settings are already enabled procee...

Page 29: ...lets 9 Click the OK button 10 Click the Privacy tab 11 Click the Advanced button 12 Remove the checkmark from the Override automatic cookie handling checkbox 13 Click the OK button Netscape Communicator 8 0 or Higher 1 Open Netscape Communicator 2 Click Tools 3 Click Options 4 Click Site Controls 5 Click the Trust Preferences tab 6 In the Master Settings section click I m Not Sure Figure 5 3 Inter...

Page 30: ...avaScript 9 Click the Advanced button 10 Click Enable ActiveX 11 Click the OK button 12 Under Options click Advanced 13 Click Security 14 Click the Use SSL 2 0 and Use SSL 3 0 checkboxes 15 Click the OK button Figure 5 5 Netscape Communicator Options Site Controls Web Features Figure 5 6 Netscape Communicator Options Advanced Security ...

Page 31: ...out or closes the web browser window The ActiveX web cache control will be ignored by web browsers that do not support ActiveX Click the link to install the Web Cache Cleaner 4 The Security Warning screen will appear Click the Yes button 5 The Web Cache Cleaner will be installed in C WINDOWS Downloaded Program Files Proceed to the rest of this chapter for information about the Web based Utility Wh...

Page 32: ...yed Port Statistics Click any port on the Router s rear panel image to see the status of the selected port If the port is disabled it will be red if enabled it will be black If the port is connected it will be green Information about the selected port will appear in a separate window The port s Summary table will show the settings of the selected port including Type Interface Link Status Port Acti...

Page 33: ...b The default is Disabled Firewall Setting Status SPI Stateful Packet Inspection It shows the status On Off of the SPI setting and hyperlinks to the General page of the Firewall tab DoS Denial of Service It shows the status On Off of the DoS setting and hyperlinks to the General page of the Firewall tab Block WAN Request It shows the status On Off of the Block WAN Request setting and hyperlinks to...

Page 34: ...erver address will be displayed If you have set up the mail server but the log has not been generated due to the Log Queue Length and Log Time Threshold settings the message E mail settings have been configured will be displayed If you have set up the e mail server and the log has been sent to the e mail server the message E mail settings have been configured and sent out normally will be displaye...

Page 35: ...Type WAN There are four connection types available Obtain an IP automatically Static IP PPPoE and PPTP Depending on which connection type you select you will see various settings Obtain an IP Automatically 1 If your ISP automatically assigns an IP address select Obtain an IP automatically Most cable modem subscribers use this connection type Your ISP will assign these values 2 If you select Use th...

Page 36: ... To enable PPPoE follow these instructions 1 Select PPPoE 2 Enter your User Name and Password The maximum number of characters is 60 3 If you select the Connect on Demand option the connection will be disconnected after a specified period of inactivity Max Idle Time If you have been disconnected due to inactivity Connect on Demand enables the Router to automatically re establish your connection as...

Page 37: ... Internet again Enter the number of minutes you want to have elapsed before your Internet access disconnects The default is 5 minutes If you select the Keep Alive option the Router will keep the connection alive by sending out a few data packets periodically so your Internet service thinks that the connection is still active This option keeps your connection active indefinitely even when it sits i...

Page 38: ...t power up the Router New Password Enter a new password for the Router Your password must have 20 or fewer characters and cannot contain any spaces Confirm New Password Re enter the new password to confirm it Click the Save Settings button to save your new password or click the Cancel Changes button to undo them Figure 5 19 Setup Tab Password NOTE The password cannot be recovered if it is lost or ...

Page 39: ... or Set the local time Manually Automatic Time Zone Select your time zone the default Time Zone is Pacific Time NTP Server Enter the URL or IP address of the NTP server in the NTP Server field The default is time nist gov Manual Time Zone Select your time zone the default Time Zone is Pacific Time Enter the time in the Hours Minutes and Seconds fields Then enter the date in the Month Day and Year ...

Page 40: ...et applications on your network while port triggering can be used to set up triggered ranges and forwarded ranges for Internet applications Forwarding Port Range Forwarding Port forwarding can be used to set up public services on your network When users from the Internet make certain requests on your network the Router can forward those requests to computers equipped to handle the requests If for ...

Page 41: ...ck the Enable checkbox to enable this port range forwarding entry 4 Click the Add to List button and configure as many entries as you would like up to a maximum of 30 To delete an entry select it and click the Delete selected application button Port Triggering Port triggering allows the Router to watch outgoing data for specific port numbers The IP address of the computer that sends the matching d...

Page 42: ...xit button to return to the UPnP screen If you want to modify a service you have created select it and click the Update this service button Then make changes and click the Save Setting button to save your changes Click the Exit button to return to the UPnP screen If you want to delete a service you have created select it and click the Delete selected service button Then click the Save Setting butt...

Page 43: ...o change the registered MAC address to the Router s MAC address For the WAN port you can assign or clone a MAC address MAC Clone User Defined WAN MAC Address To manually clone a MAC address select User Defined WAN MAC Address and then enter the 12 digits of your adapter s MAC address MAC Address from this PC To clone the MAC address of the PC you are currently using to configure the Router then se...

Page 44: ...n the User name and Password fields Host Name Enter your host name in the three Host Name fields For example if your host name were myhouse dyndns org then myhouse would go into the first field dyndns would go into the second field and org would go into the last field Click the Save Settings button and the status of the DDNS function will be updated Internet IP Address The Router s current Interne...

Page 45: ...e any computer connected to the Router will not be able to connect to the Internet unless you have another router function as the gateway RIP Routing Information Protocol To use dynamic routing for communication of network data click the Enabled radio button Otherwise keep the default Disabled Receive RIP versions To use dynamic routing for reception of network data select the protocol you want No...

Page 46: ...e Internet then the gateway IP is the Router s Internet IP address If you have another router handling your network s Internet connection enter the IP address of that router instead 4 In the Hop Count field enter the appropriate value maximum is 15 This indicates the number of nodes that a data packet passes through before reaching its destination A node is any device on the network such as a swit...

Page 47: ... Client Lease Time is the amount of time a network user will be allowed connection to the Router with their current dynamic IP address Enter the amount of time in minutes that the user will be leased this dynamic IP address The range is 5 43 200 minutes Dynamic IP Range Start End Enter a starting IP address and ending IP address to create a range of available IP addresses The default range is 100 ...

Page 48: ...umber of dynamic IP addresses that can be assigned by the DHCP server Client Table For all network clients using the DHCP server the Client Table shows the current DHCP Client information Client Host Name This is the name assigned to a client host IP Address It is the dynamic IP address assigned to a client MAC Address This indicates the MAC address of a client Leased Time It displays the amount o...

Page 49: ... the checkmark To configure SNMP complete all fields on this screen System Name Enter the name of the Router System Contact Enter the name of the network administrator for the Router as well as a contact number or e mail address System Location Enter the location of the Router For example you could include the name of the building floor number and room location such as Head Office Floor 5 Networki...

Page 50: ...ad the firmware refer to the Firmware Download section If you have already downloaded the firmware onto your computer then click the Browse button to look for the file Firmware Upgrade Right Now After you have selected the file click the Firmware Upgrade Right Now button Firmware Download Firmware Download from Linksys Web Site If you need to download the latest version of the Router s firmware cl...

Page 51: ...import the configuration file Import Configuration File To import a configuration file first specify where your backup preferences file is located Click the Browse button and a dialog box will appear and ask you to select the appropriate configuration file Import After you select the file click the Import button This process may take up to a minute Then you will need to restart the Router so the c...

Page 52: ...ant the Router s ports to auto negotiate connection speeds and duplex mode then you will not need to set up speed and duplex settings separately Port ID The port number or name is displayed Interface The port s interface type LAN or WAN is shown here Disable You can select specific ports to disable Click the checkbox to disable a specific port Speed You can manually configure each port s speed as ...

Page 53: ...elected port the Summary table will show these settings Type Interface Link Status Port Activity Speed Status Duplex Status and Auto negotiation Statistics For the selected port the Statistics table will show these statistics number of packets received number of packet bytes received number of packets transmitted number of packet bytes transmitted and number of packet errors Click the Refresh butt...

Page 54: ...ault is disabled Click Enable VLAN to use the VLAN feature When the VLAN feature has been enabled the default VLAN ID 1 will be displayed and applied You can create a single VLAN or create multiple VLANs by range VLAN ID Enter a VLAN ID number from 2 to 4094 The default VLAN ID 1 is assigned to untagged frames received on the interface Click the Add VLAN button to add the single VLAN ID VLAN ID Ra...

Page 55: ...he transmitted frames can be tagged or untagged and it will be defined on the VLAN Membership screen For an Access port the transmitted frames will be untagged A port configured as a Trunk port acts as a direct link between two switches The transmitted frames will be tagged to identify the source VLAN but the frames belonging to the default VLAN will be untagged PVID Enter the PVID assigned to unt...

Page 56: ... four ports select the appropriate mode Access If you select this mode the port can be UnTagged or Excluded Trunk If you select this mode the port can be Tagged UnTagged or Excluded General If you select this mode the port can be Tagged UnTagged or Excluded If you select Excluded for a specific port then the port will be excluded from the selected VLAN Port VLAN Summary Port ID The Router s LAN po...

Page 57: ... Priority functionality is for services Then proceed to the instructions for the type you selected Rate Control 1 Select the Service you want from the pull down menu 2 If the Service you need is not listed in the menu click the Service Management button to add the new service The Service Management screen will appear Enter a name in the Service Name field From the Protocol drop down menu select th...

Page 58: ...e Cancel Changes button to undo your changes Priority The Router offers three levels of priority High Middle and Low 1 Select the Service you want from the pull down menu 2 If the Service you need is not listed in the menu click the Service Management button to add the new service The Service Management screen will appear Enter a name in the Service Name field From the Protocol drop down menu sele...

Page 59: ... services will share 10 of the total bandwidth The default is Middle 5 Click the Enable checkbox to enable this rule 6 After you have set up the rule click the Add to list button 7 Repeat steps 1 6 for additional rules You can have up to 50 rules Click the Summary button to view a summary of the Priority rules To change a rule click its Edit button To update the list click the Refresh button To re...

Page 60: ...will not check CoS VLAN tag priority or DSCP ToS priority bits in the IP header CoS If the CoS option is selected then the Router will use CoS based QoS in Layer 2 This type of QoS lets you specify which data packets have higher priority when traffic is buffered due to congestion Data packets in high priority queues will be transmitted before those in the lower priority queues You can map eight pr...

Page 61: ...number to which the CoS priority is mapped You can designate up to four traffic priority queues configured on the Queue Settings screen Restore Defaults To reset the CoS queue settings to their factory defaults click the Restore Defaults button The defaults are 2 1 1 2 3 4 and 4 for the Priority values 0 to 7 Click the Save Settings button to save your changes or click the Cancel Changes button to...

Page 62: ...ty queue Strict Priority With Strict Priority the Router services the egress queues in sequential order so all traffic in the higher priority queues is transmitted before the lower priority queues are serviced To base traffic scheduling on queue priority select Strict Priority The WRR Weight will be 1 2 4 and 8 respectively for queues 1 to 4 WRR With WRR the Router shares bandwidth at the egress p...

Page 63: ...edence or six bits for DSCP service DSCP based DSCP This is the DSCP value in the incoming packet Queue Select the traffic forwarding queue number to which the DSCP priority is mapped You can designate up to four traffic priority queues configured on the Queue Settings screen Restore Defaults To reset this screen to the factory default queue settings click the Restore Defaults button The defaults ...

Page 64: ...e is disabled by default If you want to use SSL or manage this Router through a WAN connection first change the password on the Setup Password screen this prevents any user from accessing the Router or using SSL with the default password Then click Enable for the Remote Management feature and select the port number you want to use for remote management port 80 or 8080 is usually used Restrict WEB ...

Page 65: ...uter is always allowed DHCP service from the LAN is always allowed DNS service from the LAN is always allowed Ping service from the LAN to the Router is always allowed Access Rules Except for the Default Rules all configured Access Rules are listed in the Access Rules table and you can set the priority for each custom rule The Access Rules table lists the following information for each Access Rule...

Page 66: ...or this service you can decide whether or not you want the Router to keep a log tracking this type of activity To keep a log select Log packets match this access rule If you don t want a log select Not log 4 Select the appropriate Source Interface WAN LAN or Any from the Source pull down menu 5 Select the Source IP address es for this Access Rule If it can be any IP address select Any If it is one...

Page 67: ...sites using keywords on the Keywords list To add a keyword to the list enter the keyword in the Add field and then click the Add to list button To remove a keyword from the list select the keyword and click the Delete selected keywords button Scheduling If you want the Content Filter enforced 24 hours a day keep the default always or enter a range of hours and minutes to designate the enforcement ...

Page 68: ... Enc Auth Grp This shows the Phase 2 Encryption type DES 3DES Authentication method MD5 SHA1 and DH Group number 1 2 5 that you chose in the IPSec Setup section Local Group This shows the IP address and subnet mask of the Local Group Remote Group The IP address and subnet mask of the Remote Group are displayed here Remote Gateway It shows the IP address of the Remote Gateway Tunnel Test Click the ...

Page 69: ...urity Gateway Type you select should match the Remote Security Gateway Type selected on the VPN device at the other end of the tunnel Local Security Group Type Select the local LAN user s behind the Router that can use this VPN tunnel Select one of these three available types IP or Subnet The Local Security Group Type you select should match the Remote Security Group Type selected on the VPN devic...

Page 70: ...t IP by DNS Resolved and enter the remote VPN device s domain name on the Internet The Router will retrieve the IP address of the remote VPN device The Remote Security Gateway Type you select should match the Local Security Gateway Type selected on the VPN device at the other end of the tunnel Remote Security Group Type Select the Remote Security Group behind the Remote Gateway that can use this V...

Page 71: ...ses 168 bit encryption Make sure both ends of the VPN tunnel use the same encryption method Phase 1 Authentication Select a method of authentication MD5 or SHA The authentication method determines how the ESP packets are validated MD5 is a one way hashing algorithm that produces a 128 bit digest SHA is a one way hashing algorithm that produces a 160 bit digest SHA is recommended because it is more...

Page 72: ...rity Click the Save Settings button to save your changes or click the Cancel Changes button to undo the changes Advanced For most users the settings on the VPN page should suffice however the Router provides advanced IPSec settings for advanced users Click the Advanced button to view the Advanced settings Aggressive Mode There are two types of Phase 1 exchanges Main Mode and Aggressive Mode Aggres...

Page 73: ...yer IPSec Pass Through is enabled by default to allow IPSec tunnels to pass through the Router PPTP Pass Through Point to Point Tunneling Protocol PPTP allows the Point to Point Protocol PPP to be tunneled through an IP network PPTP Pass Through is enabled by default L2TP Pass Through Layer 2 Tunneling Protocol is the method used to enable Point to Point sessions via the Internet on the Layer 2 le...

Page 74: ...ssage and administrative users logged into the SSL VPN Portal User Name This is the name of the user IP Address This is the IP address of the user Login Time This is the time stamp indicating when the user logged in Status Displayed here is the user s status Login or Connected The status line will also display Login for administrative users who logged in through the Portal and did not create an SS...

Page 75: ...ired by the RADIUS server Proceed to the Edit User section NT Domain NT Server Address Enter the IP address or domain name of the server The Router does support Linux Samba Server Authentication NT Domain Name Enter the NT authentication domain This is the domain name configured on the Windows authentication server or Linux Samba authentication server for network authentication Proceed to the Edit...

Page 76: ...he name the user will use to log into the SSL VPN Portal 2 From the Group drop down menu select the name of the user s group A user can belong to only one group 3 For Local User Database authentication do the following Select User or Administrator from the User Type drop down menu User types can only access the SSL VPN Portal and Administrator types can access the Router s Web based Utility In the...

Page 77: ...l Passage clients The default is 192 168 1 200 to 192 168 1 210 The Router can support up to five concurrent active users Range Start Enter the starting IP address of the IP address range Range End Enter the ending IP address of the IP address range Click the Save Settings button to save your changes or click the Cancel Changes button to undo the changes SSL VPN Portal Access Portal Click the Acce...

Page 78: ...and then restart the Router for the changes to take effect E mail You may want logs or alert messages to be e mailed to you If so then configure the E mail settings Enable E Mail Alert If you check the box the Router s E Mail Alert feature will be enabled Mail Server If you want any log or alert information e mailed to you then enter the name or numerical IP address of your SMTP server Your ISP ca...

Page 79: ...ation about IPSec VPN tunnel activity while the SSL Log shows information about SSL VPN tunnel activity To clear a log click the Clear button To update a log click the Refresh button To exit this screen click the Close button Clear Log Now Click this button to clear your log without e mailing it Only use this button if you are willing to lose your log information Click the Save Settings button to ...

Page 80: ...ule Setup Wizard to set up the security policy for the Router Basic Setup 1 Click the Launch Now button to run the Basic Setup Wizard 2 Your Internet Service Provider ISP may require you to use a host and domain name for your Internet connection If your ISP requires them complete the Host Name and Domain Name fields otherwise leave these blank Click the Next button to continue Click the Exit butto...

Page 81: ...ted the appropriate screen will appear Follow the instructions for the appropriate connection type Obtain an IP automatically If you want to use the ISP s DNS server select Use DNS Server provided by ISP default If you want to designate a specific DNS server IP address select Use the Following DNS Server Addresses and enter the DNS server IP addresses you want to use you must enter at least one Cl...

Page 82: ...s button if you want to return to the previous screen Click the Exit button if you want to exit the Setup Wizard On the DNS Servers screen enter the DNS server IP addresses you want to use you must enter at least one Click the Next button to continue and proceed to step 5 Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Setup Wiza...

Page 83: ...our connection as soon as you attempt to access the Internet again Enter the number of minutes you want to have elapsed before your Internet access disconnects The default is 5 minutes If you select the Keep alive option the Router will keep the connection alive by sending out a few data packets periodically so your ISP thinks that the connection is still active This option keeps your connection a...

Page 84: ...rd Tab 4 Port SSL IPSec VPN Router 5 If you want to save your changes click the Save Settings button Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Setup Wizard Figure 5 79 Save Settings ...

Page 85: ...ult Rules Click the Next button to continue Click the Exit button if you want to exit the Access Rule Setup Wizard 3 From the drop down menu select Allow or Deny depending on the intent of the Access Rule Click the Next button to continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Access Rule Setup Wizard Figure 5 80 Access ...

Page 86: ...u want to exit the Access Rule Setup Wizard 5 For this service you can select whether or not you want the Router to keep a log tracking this type of activity To keep a log select Log packets match this access rule If you don t want a log select Not log Click the Next button to continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit ...

Page 87: ...continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Access Rule Setup Wizard 7 Select the Destination IP address es for this Access Rule If it can be any IP address select Any If it is one IP address select Single and enter the IP address in the Destination IP fields If it is a range of IP addresses select Range and enter th...

Page 88: ...format and select the appropriate days of the week Click the Next button to continue Click the Previous button if you want to return to the previous screen Click the Exit button if you want to exit the Access Rule Setup Wizard 9 If you want to save your changes click the Save Settings button Click the Previous button if you want to return to the previous screen Click the Exit button if you want to...

Page 89: ...nu Then click Downloads for this Product Click User Guide Linksys Web Site Click the Linksys Web Site button and the Support page of the Linksys website www linksys com will appear Logout Tab The Logout tab is located on the upper right hand corner of the screen Click this tab to end the management session If you end the session you will need to re enter your User Name and Password to log in and t...

Page 90: ...ing network components are installed box select the TCP IP associated with your Ethernet adapter If you only have one Ethernet adapter installed you will only see one TCP IP line with no association to an Ethernet adapter Highlight it and click the Properties button C In the TCP IP properties window select the IP address tab and select Specify an IP address Enter a unique IP address that is not us...

Page 91: ...tion Properties window I Restart the computer if asked For Windows XP The following instructions assume you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like previous Windows versions please follow the instructions for Windows 2000 A Click Start and Control Panel B Click the Network and Internet Connections icon and then th...

Page 92: ...s window 5 Restart the computer if asked 6 Click the OK button in the Internet Protocol TCP IP Properties window and click the OK button in the Local Area Connection Properties window 7 Restart the computer if asked For Windows XP The following instructions assume you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like previo...

Page 93: ...problem with the connection Try the ping command from a different computer to verify that your original computer is not the cause of the problem 3 I am not getting an IP address on the Internet with my Internet connection A Refer to Problem 2 I want to test my Internet connection to verify that you have connectivity B If you need to register the MAC address of your Ethernet adapter with your ISP p...

Page 94: ...limitations due to occasional incompatibility with the NAT standard Change the IP address for the Router to another subnet to avoid a conflict between the VPN IP address and your local IP address For example if your VPN server assigns an IP address 192 168 1 X X is a number from 1 to 254 and your local LAN IP address is 192 168 1 X X is the same number used in the VPN IP address the Router will ha...

Page 95: ...s many entries as you like When you have completed the configuration click the Save Settings button 7 I need to set up online game hosting or use other Internet applications If you want to play online games or use Internet applications most will work without doing any port forwarding or DMZ hosting There may be cases when you want to host an online game or Internet application This would require y...

Page 96: ...disable all the forwarding entries if you want to successfully use DMZ hosting since forwarding has priority over DMZ hosting In other words data that enters the Router will be checked first by the forwarding settings If the port number that the data enters from does not have port forwarding then the Router will send the data to whichever PC or network device you set for DMZ hosting Follow these s...

Page 97: ...the Router is the gateway for the Internet connection the computer does not need any proxy settings to gain access Please follow these directions to verify that you do not have any proxy settings and that the browser you use is set to connect directly to the LAN For Microsoft Internet Explorer 5 0 or higher A Click Start Settings and Control Panel Double click Internet Options B Click the Connecti...

Page 98: ...m to upgrade the firmware Go to the Linksys website at http www linksys com and download the TFTP program which will be listed with the firmware B Set a static IP address on the PC refer to Problem 1 I need to set a static IP address Use the following IP address settings for the computer you are using IP Address 192 168 1 50 Subnet Mask 255 255 255 0 Gateway 192 168 1 1 C Perform the upgrade using...

Page 99: ...ring looks at the outgoing port services used and will trigger the Router to open a specific port depending on which port an Internet application uses Follow these steps A To connect to the Router go to the web browser and enter http 192 168 1 1 or the IP address of the Router B Enter the password if asked The default password is admin C Click the Setup Forwarding tab D Enter any name you want to ...

Page 100: ...llowing steps until you see the Web based Utility s login screen Netscape Navigator will require similar steps A Click File Make sure Work Offline is NOT checked B Press CTRL F5 This is a hard refresh which will force Windows Explorer to load new webpages not cached ones C Click Tools Click Internet Options Click the Security tab Click the Default level button Make sure the security level is Mediu...

Page 101: ...ou need to create a static IP for each of the LAN computers and forward ports 7777 7778 7779 7780 7781 and 27900 to the IP address of the server You can also use a port forwarding range of 7777 to 27900 If you want to use the UT Server Admin forward another port 8080 usually works well but is used for remote admin You may have to disable this and then in the UWeb WebServer section of the server in...

Page 102: ...ion of Router firmware will not enhance the quality or speed of your Internet connection and may disrupt your current connection stability Will the Router function in a Macintosh environment Yes but the Router s setup pages are accessible only through Internet Explorer 5 0 or Netscape Navigator 5 0 or higher for Macintosh I am not able to get the web configuration screen for the Router What can I ...

Page 103: ...rsion of the Router must work in conjunction with a cable or DSL modem Which modems are compatible with the Router The Router is compatible with virtually any cable or DSL modem that supports Ethernet What is the maximum number of VPN sessions allowed by the Router The maximum number depends on many factors At least one IPSec session will work through the Router however simultaneous IPSec sessions...

Page 104: ...ce so it sits on its four rubber feet The second way is to stand the Router vertically on a surface this uses a stand The third way is to mount it on a wall Horizontal Placement Option Set the Router on a desktop or other flat secure surface Do not place excessive weight on top of the Router that could damage it Stand Option 1 Line up the edges of the Router with the two stands 2 Insert the Router...

Page 105: ... you want to mount the Router 2 Drill two holes into the wall Make sure the holes are 64 4 mm 2 535 inches apart 3 Insert a screw into each hole and leave 5 mm 0 2 inches of its head exposed 4 Maneuver the Router so the wall mount slots line up with the two screws 5 Place the wall mount slots over the screws and slide the Router down until the screws fit snugly into the wall mount slots Figure B 3...

Page 106: ...web browser must have SSL JavaScript ActiveX and cookies enabled these settings are enabled by default If the settings are already enabled proceed to the next section Making the SSL VPN Portal a Trusted Site If the settings are disabled you should enable them before configuring the Router Proceed to the instructions for your web browser Internet Explorer 6 0 or Higher 1 Open Internet Explorer 2 Cl...

Page 107: ...he OK button again Netscape Communicator 8 0 or Higher 1 Open Netscape Communicator 2 Click Tools 3 Click Options 4 Click Site Controls 5 Click the Trust Preferences tab 6 In the Master Settings section click I m Not Sure 7 Click Allow cookies 8 Click Enable JavaScript 9 Click the Advanced button 10 Click Enable ActiveX 11 Click the OK button Figure C 3 Internet Explorer Internet Options Privacy F...

Page 108: ...d to add the SSL VPN Portal to your browser s list of trusted sites The following instructions are provided for Internet Explorer For Netscape Communicator refer to its Help section for details 1 Open Internet Explorer 2 Go to the SSL VPN Portal as a trusted site 3 Press Alt D to select the SSL VPN Portal address and press Ctrl C to copy it to the Windows Clipboard 4 Click Tools 5 Click Internet O...

Page 109: ...uter https WAN IP address of the Router in your web browser 2 A screen will appear asking you for your User Name and Password Enter your user name in the User Name field and enter your password in the Password field 3 Click the Login button If your user type is Administrator then you can access the Web based Utility If your user type is User then you can use Virtual Passage only Figure C 6 SSL VPN...

Page 110: ... you will be asked to install the Web Cache Cleaner application This will prompt any user of the Router to delete all temporary Internet files cookies and browser history when the user logs out or closes the web browser window The ActiveX web cache control will be ignored by web browsers that do not support ActiveX Click the link to install the Web Cache Cleaner 3 The Security Warning screen will ...

Page 111: ...o install XTunnel the Virtual Passage application Click the Install button 5 The Hardware Installation screen will appear and ask you if you want to continue with the installation Click the Continue Anyway button 6 The Web Cache Cleaner and XTunnel will be installed in C WINDOWS Downloaded Program Files Figure C 10 Click Install Figure C 11 Click Continue Anyway Figure C 12 Installation Complete ...

Page 112: ...n or click the Close button to exit this screen Disconnect Virtual Passage Click Disconnect Virtual Passage to end the session Disconnect and Uninstall Virtual Passage Click Disconnect and Uninstall Virtual Passage to end the session remove the Virtual Passage application from your PC Logging out of the SSL VPN Portal When you log out you will see a Warning screen It will ask you to confirm that y...

Page 113: ...or Vonage VoIP service 2 Access the Router s Web based Utility Refer to Chapter 5 Setting Up and Configuring the Router for details 3 Click the QoS tab 4 On the Bandwidth Management screen click the Service Management button 5 The Service Management screen will appear Enter a name such as Vonage VoIP in the Service Name field 6 From the Protocol drop down menu select the protocol the VoIP service ...

Page 114: ...you need to control To include all internal IP addresses keep the default 0 3 From the Direction drop down menu select Upstream for outbound traffic 4 In the Min Rate field enter the minimum rate for the guaranteed bandwidth For example you can set a minimum rate of 40 kbit sec 5 In the Max Rate field enter the maximum rate for the maximum bandwidth For example you can set a maximum rate of 80 kbi...

Page 115: ...19 In the Max Rate field enter the maximum rate for the maximum bandwidth For example you can set a maximum rate of 80 kbit sec 20 Click the Enable checkbox to enable this rule 21 After you have set up the rule click the Add to list button 22 You will set up a second rule for Vonage 2 Downstream Select Vonage 2 from the Service drop down menu 23 Enter the IP address or range you need to control To...

Page 116: ...your Windows PC 2 Click Settings 3 Click Control Panel 4 Double click Administrative Tools 5 Click Configure Your Server Wizard 6 On the Welcome to the Configure Your Server Wizard screen click the Next button 7 On the Preliminary Steps screen click the Next button Figure E 1 Welcome to the Configure Your Server Wizard Figure E 2 Preliminary Steps NOTE Windows Server 2000 and 2003 support the Acti...

Page 117: ...erver 4 Port SSL IPSec VPN Router 8 On the Server Role screen select Domain Controller Active Directory and then click the Next button 9 On the Summary of Selections screen click the Next button Figure E 3 Server Role Figure E 4 Summary of Selections ...

Page 118: ...N Router 10 On the Welcome to the Active Directory Installation Wizard screen click the Next button 11 On the Operating System Compatibility screen click the Next button Figure E 5 Welcome to the Active Directory Installation Wizard Figure E 6 Operating System Compatibility ...

Page 119: ...outer 12 On the Domain Controller Type screen select Domain controller for a new domain and then click the Next button 13 On the Create New Domain screen select Domain in a new forest and then click the Next button Figure E 7 Domain Controller Type Figure E 8 Create New Domain ...

Page 120: ...t SSL IPSec VPN Router 14 On the New Domain Name screen enter a domain name and then click the Next button 15 On the NetBIOS Domain Name screen enter a domain NetBIOS name and then click the Next button Figure E 9 New Domain Name Figure E 10 NetBIOS Domain Name ...

Page 121: ... and Log Folders screen select the folders that will store the Active Directory database and log Then click the Next button 17 On the Shared System Volume screen enter a location for the SYSVOL folder and then click the Next button Figure E 11 Database and Log Folders Figure E 12 Shared System Volume ...

Page 122: ...een select I will correct the problem later by configuring DNS manually Advanced and then click the Next button 19 On the Permissions screen select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems Then click the Next button Figure E 13 DNS Registration Diagnostics Figure E 14 Permissions ...

Page 123: ...estore Mode Administrator Password screen enter your Administrator password for the Active Directory server Then enter it again in the Confirm password field Click the Next button 21 On the Summary screen click the Next button Figure E 15 Directory Services Restore Mode Administrator Password Figure E 16 Summary ...

Page 124: ...and the Router must be synchronized Kerberos authentication used by Active Directory to authenticate clients permits a maximum of a 15 minute time difference between the Windows server and the client the Router Make sure that your Windows server is configured for Active Directory authentication If you are using a Windows NT 4 0 server then your server only supports NT Domain authentication Typical...

Page 125: ...ick Settings 3 Click Control Panel 4 Double click Administrative Tools 5 Click Active Directory Users and Computers 6 To create a user right click Users 7 Enter the user information in the various name fields Enter a User login name and select the appropriate domain from the drop down menu Click the Next button Figure F 1 Active Directory Users and Computers Figure F 2 User Name NOTE Windows Serve...

Page 126: ...ctive Directory Server 4 Port SSL IPSec VPN Router 8 Enter the user password and enter it again in the Confirm password field Click the Next button 9 Click the Finish button to create the new user Figure F 4 Summary Figure F 3 User Password ...

Page 127: ...server 1 Click the Start button of your Windows PC 2 Click Add or Remove Programs 3 Click Add Remove Windows Components 4 In the Components section click Networking Services Click the Details button Select Internet Authentication Service Click the OK button Then click the Next button Figure G 1 Add or Remove Programs Figure G 2 Windows Components NOTE Windows Server 2000 and 2003 support the IAS s...

Page 128: ... Control Panel 8 Double click Administrative Tools 9 Click Internet Authentication Service 10 Right click Remote Access Policies and click New Remote Access Policy 11 On the Welcome to the New Remote Access Policy Wizard screen click the Next button Figure G 3 Internet Authentication Service Figure G 4 Welcome to the New Remote Access Policy Wizard ...

Page 129: ...ication Service IAS Server 4 Port SSL IPSec VPN Router 12 Select Set up a custom policy and enter a policy name Then click the Next button 13 To add a policy click the Add button Figure G 5 Policy Configuration Method Figure G 6 Policy Conditions ...

Page 130: ...Service IAS Server 4 Port SSL IPSec VPN Router 14 Select Client IP Address and then click the Add button 15 Enter a network number and then click the OK button Enter the Router s LAN network number Figure G 7 Select Attribute Figure G 8 Client IP Address ...

Page 131: ...Port SSL IPSec VPN Router 16 On the Policy Conditions screen make sure a policy has been added and then click the Next button 17 On the Permissions screen select Grant remote access permission and then click the Next button Figure G 9 Policy Conditions Figure G 10 Permissions ...

Page 132: ...On the Profile screen click the Edit Profile button 19 On the Authentication tab deselect remove the checkmark from Microsoft Encryption Authentication version 2 and Microsoft Encrypted Authentication Select Unencrypted authentication Click the Apply button Figure G 11 Profile Figure G 12 Authentication ...

Page 133: ...on tab select Basic encryption Strong encryption Strongest encryption and No encryption Click the Apply button 21 On the Completing the New Remote Access Policy Wizard screen click the Finish button 22 Make sure the policy has been added Figure G 13 Encryption Figure G 14 Completing the New Remote Access Policy Wizard ...

Page 134: ... Click the Start button 24 Click Settings 25 Click Control Panel 26 Double click Administrative Tools 27 Click Internet Authentication Service 28 Right click Remote Access Policies and click New Connection Request Policy Figure G 15 Internet Authentication Service Figure G 16 Connection Request Policies ...

Page 135: ...Sec VPN Router 29 On the Welcome to the New Connection Request Policy Wizard screen click the Next button 30 Select A custom policy and enter a policy name Then click the Next button Figure G 17 Welcome to the New Connection Request Policy Wizard Figure G 18 Policy Configuration Method ...

Page 136: ...n Internet Authentication Service IAS Server 4 Port SSL IPSec VPN Router 31 To add a policy click the Add button 32 Select Client IP Address and then click the Add button Figure G 19 Policy Conditions Figure G 20 Select Attribute ...

Page 137: ...ort SSL IPSec VPN Router 33 Enter a network number and then click the OK button Enter the Router s LAN network number 34 On the Policy Conditions screen make sure a policy has been added and then click the Next button Figure G 21 Client IP Address Figure G 22 Policy Conditions ...

Page 138: ...ver 4 Port SSL IPSec VPN Router 35 On the Request Processing Method screen click the Edit Profile button 36 On the Authentication tab select Authenticate request on this server and then click the OK button Figure G 23 Request Processing Method Figure G 24 Authentication ...

Page 139: ...Authentication Service IAS Server 4 Port SSL IPSec VPN Router 37 On the Completing the New Connection Request Processing Policy Wizard screen click the Finish button Figure G 25 Completing the New Connection Request Processing Policy Wizard ...

Page 140: ... Management tab 4 From the Authentication Type drop down menu select LDAP 5 In the Server Address field enter the IP address or domain name of the server 6 In the LDAP BaseDN field enter the Base Distinguished Name defined in the configuration file of your LDAP server 7 Click the Save Settings button Figure H 1 SSL VPN User Management Figure H 2 LDAP NOTE User names and passwords should be defined...

Page 141: ...etworks 192 168 1 x and 192 168 2 x LAN LAN The Routers are on the same network 192 168 1x LAN to LAN Connection Follow these instructions to connect the RVL200 LAN to the RV082 LAN 1 Physically connect a numbered port Ethernet 1 4 on the RVL200 to a LAN port on the RV082 2 Access the Web based Utility of the RVL200 Refer to Chapter 5 Setting Up and Configuring the Router for details 3 Click the D...

Page 142: ... 13 Click the Add to list button 14 Access the Web based Utility of the RV082 15 Click the Setup tab 16 Click the DMZ Host tab Configure the RVL200 as the DMZ Host for the RV082 Enter 192 168 1 2 the IP address of the RVL200 17 Click the Forwarding tab 18 Select HTTPS TCP 443 443 from the Service drop down menu 19 Enter the IP Address of the RVL200 192 168 1 2 20 Enable the entry 21 Click the Add ...

Page 143: ... the network range of the RV082 LAN side 3 After an SSL VPN client establishes its connection the client can access the existing PCs and servers 192 168 1 100 200 on the RV082 LAN side Figure I 2 RVL200 WAN to RV082 LAN RVL200 WAN IP 192 168 1 2 LAN IP 192 168 2 1 LAN LAN Corporate Network WAN1 WAN2 WAN1 WAN2 WAN Corporate Network LAN 192 168 1 100 192 168 1 200 Branch Office RV082 Headquarters RV...

Page 144: ...VPN Router Two VPN Routers 4 Port SSL IPSec VPN Router model number RVL200 and 10 100 8 Port VPN Router model number RV082 that are both connected to the Internet Configuring the VPN Settings when the Remote Gateway Uses a Static IP This example assumes the Remote Gateway is using a static IP address If the Remote Gateway uses a dynamic IP address refer to Configuring the VPN Settings when the Rem...

Page 145: ...the RVL200 will be automatically detected For the Local Security Group Type select Subnet Enter the RVL200 s local network settings in the IP Address and Subnet Mask fields 8 For the Remote Security Gateway Type select IP Address Enter the RV082 s WAN IP address in the IP Address field 9 For the Remote Security Group Type select Subnet Enter the RV082 s local network settings in the IP Address and...

Page 146: ...elds 8 For the Remote Security Gateway Type select IP Address Enter the RVL200 s WAN IP address in the IP Address field 9 For the Remote Security Group Type select Subnet Enter the RVL200 s local network settings in the IP Address and Subnet Mask fields 10 In the IPSec Setup section select the appropriate encryption authentication and other key management settings These should match the settings o...

Page 147: ... the RVL200 Follow these instructions for the first VPN Router designated RVL200 The other VPN Router is designated the RV082 1 Launch the web browser for a networked PC designated PC 1 2 Access the Web based Utility of the RVL200 Refer to Chapter 5 Setting Up and Configuring the Router for details 3 Click the IPSec VPN tab 4 Click the Gateway to Gateway tab 5 Enter a name in the Tunnel Name field...

Page 148: ...Type select IP by DNS Resolved Enter the RV082 s domain name in the field provided 9 For the Remote Security Group Type select Subnet Enter the RV082 s local network settings in the IP Address and Subnet Mask fields 10 In the IPSec Setup section select the appropriate encryption authentication and other key management settings 11 In the Preshared Key field enter a string for this key e g 13572468 ...

Page 149: ...lds 8 For the Remote Security Gateway Type select IP Address Enter the RVL200 s WAN IP address in the IP Address field 9 For the Remote Security Group Type select Subnet Enter the RVL200 s local network settings in the IP Address and Subnet Mask fields 10 In the IPSec Setup section select the appropriate encryption authentication and other key management settings These should match the settings of...

Page 150: ... Begin The following is a list of equipment you need Two 4 Port SSL IPSec VPN Routers model number RVL200 one of which is connected to the Internet Two 10 100 4 Port VPN Routers model number RV042 one of which is connected to the Internet Configuring Scenario 1 In this scenario Router A is the RVL200 Initiator while Router B is the RVL200 Responder Configuring Router A 1 Launch the web browser for...

Page 151: ...Subnet Mask fields 10 In the IPSec Setup section select the appropriate encryption authentication and other key management settings 11 In the Preshared Key field enter a string for this key e g 13572468 12 If you need more detailed settings click the Advanced Settings button Otherwise click the Save Settings button and proceed to the next section Configuring Router B Configuring Router B Follow th...

Page 152: ...Gateway Type select IP Address Enter Router A s WAN IP address in the IP Address field 9 For the Remote Security Group Type select Subnet Enter Router A s local network settings in the IP Address and Subnet Mask fields 10 In the IPSec Setup section select the appropriate encryption authentication and other key management settings 11 In the Preshared Key field enter a string for this key e g 135724...

Page 153: ...l number RV042 for more details about one to one NAT rules One to One NAT Rule on NAT 1 RV042 192 168 111 11 192 168 11 101 Configuring Router B Set the Remote Security Gateway to IP address 192 168 99 1 which is the one to one NAT IP address used by NAT 2 RV042 Follow these instructions for Router B 1 Launch the web browser for a networked PC designated PC 2 2 Access the Web based Utility of the ...

Page 154: ...he IP Address and Subnet Mask fields 10 In the IPSec Setup section select the appropriate encryption authentication and other key management settings 11 In the Preshared Key field enter a string for this key e g 13572468 12 If you need more detailed settings click the Advanced Settings button Otherwise click the Save Settings button and proceed to the next section Configuring Router A Configuring ...

Page 155: ... Address Enter Router B s WAN IP address in the IP Address field 9 For the Remote Security Group Type select Subnet Enter Router B s local network settings in the IP Address and Subnet Mask fields 10 In the IPSec Setup section select the appropriate encryption authentication and other key management settings 11 In the Preshared Key field enter a string for this key e g 13572468 12 If you need more...

Page 156: ...ess the Enter key or the OK button 2 When the IP Configuration screen appears select the Ethernet adapter you have connected to the Router via a CAT 5 Ethernet network cable See Figure L 1 3 Write down the Adapter Address as shown on your computer screen see Figure L 2 This is the MAC address for your Ethernet adapter and is shown as a series of numbers and letters The MAC address Adapter Address ...

Page 157: ... 3 it is the MAC address for your Ethernet adapter This appears as a series of numbers and letters The MAC address Physical Address is what you will use for MAC address cloning or MAC filtering The example in Figure L 3 shows the Ethernet adapter s IP address as 192 168 1 100 Your computer may show something different Figure L 3 MAC Address Physical Address NOTE The MAC address is also called the ...

Page 158: ...set of instructions or protocol all PCs follow to communicate over a wired or wireless network Your PCs will not be able to utilize networking without having TCP IP enabled Windows Help provides complete instructions on enabling TCP IP Shared Resources If you wish to share printers folders or files over your network Windows Help provides complete instructions on utilizing shared resources Network ...

Page 159: ... and cause it to start executing instructions Broadband An always on fast Internet connection Browser An application program that provides a way to look at and interact with all the information on the World Wide Web Byte A unit of data that is usually eight bits long Cable Modem A device that connects a computer to the cable television network which in turn connects to the Internet Daisy Chain A m...

Page 160: ...et IEEE standard network protocol that specifies how data is placed on and retrieved from a common transmission medium Firewall A set of related programs located at a network gateway server that protects the resources of a network from users from other networks Firmware The programming code that runs a networking device FTP File Transfer Protocol A protocol used to transfer files over a TCP IP net...

Page 161: ...rage and or transmission between users Packet A unit of data sent over a network Passphrase Used much like a password a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for Linksys products Ping Packet INternet Groper An Internet utility used to determine whether a particular IP address is online POP3 Post Office Protocol 3 A standard mail server...

Page 162: ...rk s name Static IP Address A fixed address assigned to a computer or device that is connected to a network Static Routing Forwarding data in a network via a fixed path Subnet Mask An address code that determines the size of the network Switch 1 A data switch that connects computing devices to host computers allowing a large number of devices to share a limited number of ports 2 A device for makin...

Page 163: ...ess of a file located on the Internet VPN Virtual Private Network A security measure to protect data as it leaves one network and goes to another over the Internet WAN Wide Area Network The Internet WEP Wired Equivalent Privacy A method of encrypting network data transmitted on a wireless network for greater security WLAN Wireless Local Area Network A group of computers and associated devices that...

Page 164: ...ing Type UTP CAT 5 LEDs Power Diag Internet Ethernet 1 4 Operating System Linux Performance NAT Throughput Wirespeed 100 Mb s SSL Throughput 16 99 Mb s Setup Configuration Web UI Built in Web UI for Easy Browser based Configuration HTTP HTTPS Management SNMP Version SNMP Version 1 2c Event Logging Event Logging Local Syslog E mail Web F W Upgrade Firmware Upgradeable through Web Browser Diags Flas...

Page 165: ... Ping of Death SYN Flood IP Spoofing Secure Management HTTPS Username Password QoS Layer 2 Prioritization based on DSCP CoS 802 1p or Physical Ports Bandwidth Management of WAN Upstream and Downstream based on Services TCP UDP Ports Network VLAN Support 4 LAN Ports can be Mapped to up to 16 VLANs 802 1q VLAN Tagging DHCP DHCP Server DHCP Client DNS Relay Proxy Dynamic DNS NAT PAT NAPT ALG Support ...

Page 166: ...ncryption MD5 SHA1 Authentication IPSec NAT T VPN Passthrough of PPTP L2TP IPSec Routing Static and RIP v1 v2 Environmental Dimensions 6 69 x 1 67 x 6 69 W x H x D 170 mm x 42 5 mm x 170 mm Unit Weight 13 76 oz 0 39 kg Power 5 V 2 A Certifications FCC Class B CE ICES 003 Operating Temp 0ºC to 40ºC 32ºF to 104ºF Storage Temp 20ºC to 70ºC 4ºF to 158ºF Operating Humidity 10 to 85 Non Condensing Stora...

Page 167: ...S AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF NON INFRINGEMENT ARE DISCLAIMED Some jurisdictions do not allow limitations on how long an implied warranty lasts so the above limitation may not apply to You This warranty gives You specific legal rights and You may also have other rights which vary by jurisdiction This warranty does not apply if the Product a has been altered except by Linksys b...

Page 168: ... encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment or devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an experienced radio TV technician for assistance Safety Notices Caution To reduce the risk of fire use only No 26 AWG or larger te...

Page 169: ...interférences reçues y compris celles qui risquent d entraîner un fonctionnement indésirable User Information for Consumer Products Covered by EU Directive 2002 96 EC on Waste Electric and Electronic Equipment WEEE This document contains important information for users with regards to the proper disposal and recycling of Linksys products Consumers are required to comply with this notice for all el...

Page 170: ...157 Appendix Q Regulatory Information 4 Port SSL IPSec VPN Router ...

Page 171: ...158 Appendix Q Regulatory Information 4 Port SSL IPSec VPN Router ...

Page 172: ...159 Appendix Q Regulatory Information 4 Port SSL IPSec VPN Router ...

Page 173: ...160 Appendix Q Regulatory Information 4 Port SSL IPSec VPN Router For more information visit www linksys com ...

Page 174: ...orking with Linksys products Give our advice line a call at 800 546 5797 LINKSYS Or fax your request in to 949 823 3002 If you experience problems with any Linksys product you can call us at 800 326 7114 Don t wish to call You can e mail us at support linksys com If any Linksys product proves defective during its warranty period you can call the Linksys Return Merchandise Authorization department ...

Reviews: