manualshive.com logo in svg

Linksys RVS4000, User Manual

Share
Download
Linksys RVS4000 User Manual Download Page 84

75

4-Port Gigabit Security Router with VPN

Appendix D: Configuring a Gateway-to-Gateway IPSec Tunnel
Configuring the Key Management Settings

Configuring the Key Management Settings

Configuring VPN Router 1

Following these instructions for VPN Router 1.

1. On the 

IPSec VPN

 screen, select 

3DES

 from the 

Encryption

 drop-down menu.

2. Select 

MD5

 from the 

Authentication

 drop-down menu.

3. Keep the default Key Exchange Method, 

Auto(IKE)

.

4. Select 

Pre-Shared Key

, and enter a string for this key., e.g. 13572468.

5. For the PFS setting, select 

Enabled

.

6. If you need more detailed settings, click the 

Advanced Settings

 button. Otherwise, click the 

Save Settings

 

button and proceed to the next section, “Configuring VPN Router 2.”

7. On the 

Auto (IKE) Advanced Settings 

screen, keep the default Operation Mode, 

Main

.

8. For Phase 1, select 3

DES

 from the 

Encryption

 drop-down menu.

9. Select 

MD5

 from the 

Authentication

 drop-down menu.

10. Select 

1024-bit

 from the 

Group

 drop-down menu.

11. Enter 

3600

 in the 

Key Life Time

 field.

12. For Phase 2, the Encryption, Authentication, and PFS settings were set on the 

VPN

 screen.

 

 

Select 

1024-bit

 from the 

Group

 drop-down menu.

13. Keep the default Key Life Time value, 

28800

.

14. Click the 

Save Settings

 button on the 

Auto (IKE) Advanced Settings

 screen.

15. Click the 

Save Settings

 button on the 

IPSec VPN

 screen.

 

Figure D-5: Auto (IKE) Advanced Settings Screen

Summary of Contents for RVS4000

Page 1: ......

Page 2: ...at are presented like this Also each figure diagram screenshot or other image is provided with a figure number and description like this Figure numbers and descriptions can also be found in the List of Figures section in the Table of Contents RVS4000 UG 60522NC RR This exclamation point means there is a caution or warning and is something that could damage your property or the Router word definiti...

Page 3: ...e Front Panel 9 The Back and Side Panels 10 Chapter 5 Connecting the Router 11 Overview 11 Connection Instructions 12 Chapter 6 Setting Up and Configuring the Router 13 Overview 13 How to Access the Web based Utility 15 Setup Tab 16 Firewall Tab 25 VPN Tab 28 QoS Tab 33 Administration Tab 34 IPS Tab 37 L2 Switch Tab 39 Status Tab 41 Appendix A Troubleshooting 43 Common Problems and Solutions 43 Fr...

Page 4: ...gin 72 Configuring the VPN Settings for the VPN Routers 72 Configuring the Key Management Settings 75 Configuring PC 1 and PC 2 76 Appendix E Finding the MAC Address and IP Address for Your Ethernet Adapter 77 Windows 98 or Me Instructions 77 Windows 2000 or XP Instructions 77 For the Router s Web based Utility 78 Appendix F Physical Setup of the Router 79 Setting up the Router 79 Appendix G Windo...

Page 5: ...Internet 12 Figure 5 4 Connect the Power 12 Figure 6 1 Router s IP Address 15 Figure 6 2 Password 15 Figure 6 3 Setup Tab 16 Figure 6 4 Obtain an IP Automatically 16 Figure 6 5 Static IP 16 Figure 6 6 PPPoE 17 Figure 6 7 PPTP 17 Figure 6 8 Heart Beat Signal 18 Figure 6 9 L2TP 19 Figure 6 10 LAN 21 Figure 6 11 DMZ Host 22 Figure 6 12 Mac Clone 22 Figure 6 13 Advanced Routing 23 Figure 6 14 Routing ...

Page 6: ...ation 35 Figure 6 29 Log 36 Figure 6 30 Diagnostics 36 Figure 6 31 Backup Restore 37 Figure 6 32 Factory Defaults 37 Figure 6 33 Firmware Upgrade 37 Figure 6 34 IPS Configure 37 Figure 6 35 P2P IM 38 Figure 6 36 Report 38 Figure 6 37 VLAN 39 Figure 6 38 RADIUS 40 Figure 6 39 Port Setting 40 Figure 6 40 Statistics 40 Figure 6 41 Cable Diagnostics 41 Figure 6 42 Status 41 Figure 6 43 Local Network 4...

Page 7: ...tem Statistics 42 Figure 6 61 Wizard 42 Figure 6 62 Dual WAN or DMZ 42 Figure 6 63 Host and Domain Name 42 Figure 6 64 WAN Connection Type 42 Figure 6 65 Obtain an IP Automatically 42 Figure 6 66 Static IP 42 Figure 6 67 PPPoE 42 Figure 6 68 WAN Connection Type WAN2 42 Figure 6 69 Obtain an IP WAN2 42 Figure 6 70 Static IP WAN2 42 Figure 6 71 PPPoE WAN2 42 Figure 6 72 Save Settings 42 Figure 6 73 ...

Page 8: ...ting 59 Figure B 9 Activating Policy 59 Figure B 10 Verifying Network 59 Figure B 11 QuickVPN Software Status 60 Figure B 12 QuickVPN Tray Icon Connection 60 Figure B 13 QuickVPN Tray Icon No Connection 60 Figure B 14 QuickVPN Software Change Password 60 Figure C 1 Local Security Screen 62 Figure C 2 Rules Tab 62 Figure C 3 IP Filter List Tab 62 Figure C 4 IP Filter LIst 63 Figure C 5 Filters Prop...

Page 9: ...igure C 24 Tunnel Setting Tab 69 Figure C 25 Connection Type 70 Figure C 26 Rules 70 Figure C 27 Local Computer 70 Figure C 28 VPN Tab 71 Figure D 1 Diagram of All VPN Tunnels 72 Figure D 2 Login Screen 73 Figure D 3 Security VPN Screen VPN Tunnel 73 Figure D 4 Security VPN Screen VPN Tunnel 74 Figure D 5 Auto IKE Advanced Settings Screen 75 Figure E 1 IP Configuration Screen 77 Figure E 2 MAC Add...

Page 10: ...ff site Users connecting through a VPN tunnel are attached to your company s network with secure access to files e mail and your intranet just as if they were in the building You can also use the VPN capability to allow users on your small office network to securely connect out to a corporate network The QoS features provide consistent voice and video quality throughout your business The 4 Port Gi...

Page 11: ... A Troubleshooting This appendix describes some problems and solutions as well as frequently asked questions regarding installation and use of the 4 Port Gigabit Security Router with VPN Appendix B Using the Linksys QuickVPN Software for Windows 2000 or XP This appendix instructs you on how to use the Linksys QuickVPN software if you are using a Windows 2000 or XP PC Appendix C Configuring IPSec b...

Page 12: ...ocol Appendix H Glossary This appendix gives a brief glossary of terms frequently used in networking Appendix I Specifications This appendix provides the technical specifications for the Router Appendix J Warranty Information This appendix supplies the warranty information for the Router Appendix K Regulatory Information This appendix supplies the regulatory information regarding the Router Append...

Page 13: ... address that you assign manually to a PC or other device on the network Since a static IP address remains valid until you disable it static IP addressing ensures that the device assigned it will always have that same IP address until you change it Static IP addresses are commonly used with network devices such as server PCs or print servers If you use the Router to share your cable or DSL Interne...

Page 14: ...ith a dynamic IP address to establish a connection to the Internet By default a DHCP server on the LAN side is enabled on the Router If you already have a DHCP server running on your network you MUST disable one of the two DHCP servers If you run more than one DHCP server on your network you will experience network errors such as conflicting IP addresses To disable DHCP on the Router see the Basic...

Page 15: ... the Internet the firewall will no longer protect that data At this point your data becomes open to hackers using a variety of methods to steal not only the data you are transmitting but also your network login and security data Some of the most common methods are as follows 1 MAC Address Spoofing Packets transmitted over a network either your local network or the Internet are preceded by a packet...

Page 16: ...rd encryption and authentication techniques IPSec short for IP Security the VPN creates a secure connection that in effect operates as if you were directly connected to your local network Virtual Private Networking can be used to create secure networks linking a central office with branch offices telecommuters and or professionals on the road travelers can connect to a VPN Router using any compute...

Page 17: ...puter to VPN Router VPN In her hotel room a traveling businesswoman dials up her ISP Her notebook computer has the Linksys VPN client software which is configured with her office s IP address She accesses the Linksys VPN client software and connects to the VPN Router at the central office As VPNs utilize the Internet distance is not a factor Using the VPN the businesswoman now has a secure connect...

Page 18: ...f the LED is off then IPS functions are disabled If the IPS LED is flashing green then an external attack has been detected If the IPS LED is flashing red an internal attack has been detected Internet Green The Internet LED lights up the appropriate LED depending upon the speed of the device attached to the Internet port If the Router is connected to a cable or DSL modem typically the 10 LED will ...

Page 19: ...This is similar to pressing the Reset button on your PC to reboot it If you are experiencing extreme problems with the Router and have tried all other troubleshooting measures press and hold in the Reset button for 10 seconds This will restore the factory defaults and clear all of the Router s settings such as port forwarding or a new password Ports 1 4 Ethernet The four Ethernet ports connect to ...

Page 20: ...efer to Windows Help for more information Set up and configure the Router with the setting s provided by your Internet Service Provider ISP according to Chapter 6 Setting Up and Configuring the Router The installation technician from your ISP should have left the setup information with you after installing your broadband connection If not you can call your ISP to request the information Once you h...

Page 21: ...er hub or switch Repeat this step to connect more PCs or other network devices to the Router 3 Connect your cable or DSL modem s Ethernet cable to the Router s Internet port 4 Power on the cable or DSL modem and the other network device if using one 5 Connect the included AC power cable to the Router s Power port on the side of the Router and then plug the power adapter into an electrical outlet T...

Page 22: ...ed Zone Host feature allows one local user to be exposed to the Internet to use a special purpose service such as Internet gaming or video conferencing MAC Address Clone Some ISPs require that you register a MAC address This feature clones your network adapter s MAC address onto the Router and prevents you from having to call your ISP to change the registered MAC address to the Router s MAC addres...

Page 23: ...h and L2TP Pass Through QoS Application based QoS This involves Internet traffic which may involve demanding real time applications such as videoconferencing Port based QoS This ensures better service to a specific LAN port Administration Management Alter the Router s password its access privileges SNMP settings and UPnP settings Reporting Allows configuration of Log settings Diagnostics Use this ...

Page 24: ...nnected to the LAN ports Status Gateway This screen provides status information about the Router Local Network This provides status information about the local network VPN Clients This screen provides status information about the Router s VPN clients How to Access the Web based Utility The router is configured using the built in Web based utility To access the Web based Utility of the Router Launc...

Page 25: ...supports six connection types Each Basic Setup screen and available features will differ depending on what kind of connection type you select Automatic Configuration DHCP By default the Router s Configuration Type is set to Automatic Configuration DHCP and it should be kept only if your ISP supports DHCP or you are connecting through a dynamic IP address Static IP If your connection uses a permane...

Page 26: ...Connect on Demand click the Connect on Demand option and enter the number of minutes you want to have elapsed before your Internet connection terminates in the Max Idle Time field Keep Alive Redial period If you select this option the Router will periodically check your Internet connection If you are disconnected then the Router will automatically re establish your connection To use this option cl...

Page 27: ... Cancel Changes button to undo your changes Heart Beat Signal Heart Beat Signal is a service used in Australia Check with your ISP for the necessary setup information User Name and Password Enter the User Name and Password provided by your ISP Heart Beat Server Enter the IP address of the Heart Beat server Connect on Demand Max Idle Time You can configure the Router to cut the Internet connection ...

Page 28: ...to access the Internet again If you wish to activate Connect on Demand click the Connect on Demand option and enter the number of minutes you want to have elapsed before your Internet connection terminates in the Max Idle Time field Keep Alive and Redial Period This option keeps your Internet access connected indefinitely even when it sits idle If you select this option the Router will periodicall...

Page 29: ...se instructions 1 Sign Up for DDNS Service DynDNS Sign up for DDNS service at www dyndns org and write down your User Name Password and Host Name information TZO Sign up for DDNS service at www tzo com and write down your E mail Address Password and Domain Name information 2 Select the DDNS service provider whose service you are using 3 Configure the following fields User Name DynDNS or E mail add...

Page 30: ...outer to act as a Relay for that DHCP Server select DHCP Relay then enter the DHCP Server IP Address If you disable DHCP assign a static IP address to the Router Starting IP Address Enter a value for the DHCP server to start with when issuing IP addresses This value must be 192 168 1 2 or greater but smaller than 192 168 1 254 because the default IP address for the Router is 192 168 1 1 and 192 16...

Page 31: ...be exposed to the Internet for use of a special purpose service such as Internet gaming and videoconferencing To use this feature select Enabled To disable the DMZ feature select Disabled DMZ Host IP Address To expose one PC enter the computer s IP address Click the Save Settings button to save the network settings or click the Cancel Changes button to undo your changes MAC Address Clone Some ISPs...

Page 32: ...col calculates the most efficient route for the network s data packets to travel between the source and the destination based upon the shortest paths RIP Send Packet Version Choose the TX protocol you want for transmitting data on the network None RIPv1 RIPv2 Broadcast or RIPv2 Multicast This should match the version supported by other Routers on your LAN RIP Recv Packet Version Choose the RX prot...

Page 33: ...s 255 255 255 0 4 Gateway If this Router is used to connect your network to the Internet then your gateway IP is the Router s IP Address If you have another router handling your network s Internet connection enter the IP Address of that router instead 5 Hop Count max 16 This value gives the number of nodes that a data packet passes through before reaching its destination A node is any device on th...

Page 34: ... to circumvent the Router s content filters and access Internet sites blocked by the Router Denying Proxy will block access to any WAN proxy servers Cookies A cookie is data stored on your PC and used by Internet sites when you interact with them so you may not want to deny cookies Java Applets Java is a programming language for websites If you deny Java you run the risk of not having access to In...

Page 35: ...licy The List of PCs screen will appear in a sub window You can select a PC by MAC Address or IP Address You can also enter a range of IP Addresses if you want this policy to affect a group of PCs After making your changes click the Save Settings button to apply your changes 5 Click the appropriate option Deny or Allow depending on whether you want to block or allow Internet access for the PCs you...

Page 36: ... on your LAN Normally this is the same as the External Port number If it is different the Router performs a Port Translation so that the port number used by Internet users is different to the port number used by the server or Internet application For example you could configure your Web Server to accept connections on both port 80 standard and port 8080 Then enable Port Forwarding and set the Exte...

Page 37: ...ication documentation for the port number s needed In the first field enter the starting port number of the Triggered Range In the second field enter the ending port number of the Triggered Range Forwarded Range For each application list the forwarded port number range These are the ports used by incoming traffic Check with the Internet application documentation for the port number s needed In the...

Page 38: ...e that the Remote Security Group must match the other router s Local Security Group IP Address Enter the IP address on the remote network Subnet Mask If the Subnet option is selected enter the mask to determine the IP addresses on the remote network Remote Security Gateway Remote Security Gateway Type Select the desired option IP address or Any If the remote gateway has a dynamic IP address select...

Page 39: ...matically The Key Life Time may range from 300 to 100 000 000 seconds The default Life Time is 3600 seconds Manual Encryption Algorithm The Encryption method determines the length of the key used to encrypt decrypt ESP packets Only 3DES is supported Notice that both sides must use the same Encryption method Encryption Key This field specifies a key used to encrypt and decrypt IP traffic Both chara...

Page 40: ...ach tunnel established Advanced Settings button If the Key Exchange Method is Auto IKE this button provides access to some additional settings relating to IKE Use this if this router is unable to establish a VPN tunnel to the remote VPN Gateway ensure the Advanced Settings match those on the remote VPN Gateway Advanced Settings Phase 1 Operation Mode Select the method to match the remote VPN endpo...

Page 41: ...his unit is in seconds it is common to use periods over an hour 3600 seconds for the SA Life Time VPN Client Accounts Use this page to administer your VPN Client users Enter the information at the top of the screen and the users you ve entered will appear in the list at the bottom showing their status This will work with the Linksys QuickVPN client only The Router supports up to five Linksys Quick...

Page 42: ...ct Disabled PPTP Passthrough Point to Point Tunneling Protocol PPTP allows the Point to Point Protocol PPP to be tunneled through an IP network PPTP Passthrough is enabled by default To disable PPTP Passthrough select Disabled L2TP Passthrough Layer 2 Tunneling Protocol is the method used to enable Point to Point sessions via the Internet on the Layer 2 level L2TP Passthrough is enabled by default...

Page 43: ...fic Administration Tab Management Local Gateway Access Gateway Userlist Select the desired Gateway User List Table 1 Application based QoS Application Name Port s Primary Use FTP TCP Port 20 FTP File Transfer Protocol is used for transferring files over the Internet HTTP TCP Port 80 HTTP HyperText Transfer Protocol is used for browsing the Internet Telnet TCP Port 23 Telnet is a client server prot...

Page 44: ...P Get commands Write Community Enter the SNMP community name for SNMP Set commands Trap To Enter the IP Address of the SNMP Manager to which traps will be sent If desired this may be left blank UPnP If you want to use UPnP keep the default setting Enable Otherwise select Disable IGMP Proxy IGMP Internet Group Membership Protocol Proxy can facilitate the communication between IGMP clients and IGMP ...

Page 45: ...ter the size of the packet you want to use Number of Pings Enter the number of times you wish to ping the target device Ping Interval Enter the time period Milliseconds between each ping Ping Timeout Enter the desired time period Milliseconds If a response is not received within the defined ping period the ping is considered to have failed Start Test Click this button to begin the test A new scree...

Page 46: ...on and follow the on screen instructions to upgrade your firmware IPS Tab Configure IPS Function Enable or Disable IPS Function Abnormally Detection HTTP Web attack signature is matched HTTP request decoder will decode UTF 8 1 2 and 3 byte code and normalize URI according to those evasion methods mentioned in whisker before pattern match FTP FTP Bounce Detection and Inserting telnet opcodes into F...

Page 47: ...g applications are MSN ICQ YAHOO MESSEGER SKYPE IRC ODIGO REDIFF GOOGLE TALK and QQ Report Twenty four hour diagram displaying network traffic and attacks Attacker Displays the IP Address of attackers and the frequency number of times of the attacks Attacked Category Displays the category type of attack and the frequency number of times of the attacks Information Signature Version The Signature Ve...

Page 48: ...ter is needed to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are broadcast and multicast domains Broadcast and multicast traffic is transmitted only in the VLAN in which the traffic is generated RADIUS Mode Choose the function to Enable or Disable RADIUS RADIUS IP Enter the Server IP address RADIUS UDP Port Identifies the UDP port The UDP port...

Page 49: ...ities to its partner Flow Control Displays the flow control status on the port Operates when port is in Full duplex mode MaxFrame Displays the Max frame size the port can receive and send Statistics Statistics Overview Tx Bytes Displays the number of Bytes transmitted from the selected port Tx Frames Displays the number of Frames transmitted from the selected port Rx Bytes Displays the number of B...

Page 50: ...layed here IP Address The Gateway Internet IP Address is displayed here Subnet Mask This Subnet Mask is associated with the IP address above Default Gateway This is your ISP s Gateway DNS Shown here are the DNS Domain Name System IP addresses currently used by this Gateway IPv6 DNS This displays the IPv6 DNS IP Primary and Second Address Local Network Current IP address System This shows the curre...

Page 51: ...ir assigned IP addresses expire ARP RARP Table Clicking this button will open a screen showing you which PCs are utilizing the Router as a ARP RARP server On the ARP RARP Table screen you will see a list of ARP RARPs PCs and other network devices with the following information IP Addresses and MAC Addresses VPN Clients Username Displays the username of the VPN Client Status Displays the connection...

Page 52: ...following network components are installed box select the TCP IP associated with your Ethernet adapter If you only have one Ethernet adapter installed you will only see one TCP IP line with no association to an Ethernet adapter Highlight it and click the Properties button C In the TCP IP properties window select the IP address tab and select Specify an IP address Enter a unique IP address that is ...

Page 53: ...Connection Properties window I Restart the computer if asked For Windows XP The following instructions assume you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like previous Windows versions please follow the instructions for Windows 2000 A Click Start and Control Panel B Click the Network and Internet Connections icon and t...

Page 54: ...perties window 5 Restart the computer if asked 6 Click the OK button in the Internet Protocol TCP IP Properties window and click the OK button in the Local Area Connection Properties window 7 Restart the computer if asked For Windows XP The following instructions assume you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like ...

Page 55: ... be a problem with the connection Try the ping command from a different computer to verify that your original computer is not the cause of the problem 3 I am not getting an IP address on the Internet with my Internet connection A Refer to Problem 2 I want to test my Internet connection to verify that you have connectivity B If you need to register the MAC address of your Ethernet adapter with your...

Page 56: ...H has limitations due to occasional incompatibility with the NAT standard Change the IP address for the Router to another subnet to avoid a conflict between the VPN IP address and your local IP address For example if your VPN server assigns an IP address 192 168 1 X X is a number from 1 to 254 and your local LAN IP address is 192 168 1 X X is the same number used in the VPN IP address the Router w...

Page 57: ...dress Enable D Click the Add to List button and configure as many entries as you like When you have completed the configuration click the Save Settings button 7 I need to set up online game hosting or use other Internet applications If you want to play online games or use Internet applications most will work without doing any port forwarding or DMZ hosting There may be cases when you want to host ...

Page 58: ...n you are not sure which port services to use Make sure you disable all the forwarding entries if you want to successfully use DMZ hosting since forwarding has priority over DMZ hosting In other words data that enters the Router will be checked first by the forwarding settings If the port number that the data enters from does not have port forwarding then the Router will send the data to whichever...

Page 59: ...ings to gain access Please follow these directions to verify that you do not have any proxy settings and that the browser you use is set to connect directly to the LAN For Microsoft Internet Explorer 5 0 or higher A Click Start Settings and Control Panel Double click Internet Options B Click the Connections tab C Click the LAN settings button and remove anything that is checked D Click the OK butt...

Page 60: ...irmware B Set a static IP address on the PC refer to Problem 1 I need to set a static IP address Use the following IP address settings for the computer you are using IP Address 192 168 1 50 Subnet Mask 255 255 255 0 Gateway 192 168 1 1 C Perform the upgrade using the TFTP utility If the firmware upgrade failed the Router will still work using its current firmware 14 My DSL service s PPPoE is alway...

Page 61: ...triggering looks at the outgoing port services used and will trigger the Router to open a specific port depending on which port an Internet application uses Follow these steps A To connect to the Router go to the web browser and enter http 192 168 1 1 or the IP address of the Router B Enter the password if asked The default password is admin C Click the Setup Forwarding tab D Enter any name you wa...

Page 62: ...the following steps until you see the Web based Utility s login screen Netscape Navigator will require similar steps A Click File Make sure Work Offline is NOT checked B Press CTRL F5 This is a hard refresh which will force Windows Explorer to load new webpages not cached ones C Click Tools Click Internet Options Click the Security tab Click the Default level button Make sure the security level is...

Page 63: ...ning you need to create a static IP for each of the LAN computers and forward ports 7777 7778 7779 7780 7781 and 27900 to the IP address of the server You can also use a port forwarding range of 7777 to 27900 If you want to use the UT Server Admin forward another port 8080 usually works well but is used for remote admin You may have to disable this and then in the UWeb WebServer section of the ser...

Page 64: ...t version of Router firmware will not enhance the quality or speed of your Internet connection and may disrupt your current connection stability Will the Router function in a Macintosh environment Yes but the Router s setup pages are accessible only through Internet Explorer 5 0 or Netscape Navigator 5 0 or higher for Macintosh I am not able to get the web configuration screen for the Router What ...

Page 65: ...his version of the Router must work in conjunction with a cable or DSL modem Which modems are compatible with the Router The Router is compatible with virtually any cable or DSL modem that supports Ethernet What is the maximum number of VPN sessions allowed by the Router The maximum number depends on many factors At least one IPSec session will work through the Router however simultaneous IPSec se...

Page 66: ...ickVPN software program only works with a 4 Port Gigabit Security Router with VPN that is properly configured to accept a QuickVPN connection Follow these instructions for configuring the VPN client settings for the Router 1 Click the VPN tab 2 Click the VPN Client Accounts tab 3 Enter the username in the Username field 4 Enter the password in the Password field and enter it again in the Re enter ...

Page 67: ...ement and the appropriate files are copied to the computer 3 Click Finished to complete the installation Proceed to the section Using the Linksys QuickVPN Software Downloading and Installing from the Internet 1 Go to www linksys com and select Products 2 Click Business Solutions 3 Click Router VPN Solutions 4 Click RVS4000 5 Click Linksys QuickVPN Utility in the More Information section 6 Save the...

Page 68: ...the Server Address field enter the IP address or domain name of the Linksys 4 Port Gigabit Security Router with VPN To save this profile click the Save button Multiple profiles can be set up if you want to establish a tunnel to multiple sites Note that only one tunnel can be active at a time To delete this profile click the Delete button For information click the Help button 3 To begin your QuickV...

Page 69: ... change your password click the Change Password button For information click the Help button 5 If you clicked the Change Password button and have permission to change your own password you will see the Connect Virtual Private Connection screen Enter your password in the Old Password field Enter your new password in the New Password field Then enter the new password again in the Confirm New Passwor...

Page 70: ...Microsoft KB Q257225 Basic IPSec Troubleshooting in Windows 2000 http support microsoft com support kb articles Q257 2 25 asp Environment The IP addresses and other specifics mentioned in this appendix are for illustration purposes only Windows 2000 or Windows XP IP Address 140 111 1 2 User ISP provides IP Address this is only an example Subnet Mask 255 255 255 0 RVS4000 WAN IP Address 140 111 1 1...

Page 71: ...ter Then click Next 4 Deselect the Activate the default response rule check box and then click the Next button 5 Click the Finish button making sure the Edit check box is checked Step 2 Build Filter Lists Filter List 1 win Router 1 In the new policy s properties screen verify that the Rules tab is selected Deselect the Use Add Wizard check box and click the Add button to create a new rule 2 Make s...

Page 72: ... Select the Addressing tab In the Source address field select My IP Address In the Destination address field select A specific IP Subnet and fill in the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 These are the Router s default settings If you have changed these settings enter your new values 5 If you want to enter a description for your filter click the Description tab and enter the desc...

Page 73: ...en will appear Select the Addressing tab In the Source address field select A specific IP Subnet and enter the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 Enter your new values if you have changed the default settings In the Destination address field select My IP Address 10 If you want to enter a description for your filter click the Description tab and enter the description there 11 Clic...

Page 74: ...ter list win Router 2 Click the Filter Action tab and click the filter action Require Security radio button Then click the Edit button 3 From the Security Methods tab verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK button Figure C 12 Security Met...

Page 75: ...the Edit button 5 Change the authentication method to Use this string to protect the key exchange preshared key and enter the preshared key string such as XYZ12345 Click the OK button 6 This new Preshared key will be displayed Click the Apply button to continue if it appears on your screen otherwise proceed to the next step Figure C 13 Authentication Methods Figure C 14 Preshared Key Figure C 15 N...

Page 76: ...adio button Then enter the Router s WAN IP Address 8 Select the Connection Type tab and click All network connections Then click the OK or Close button to finish this rule Tunnel 2 Router win 9 In the new policy s properties screen make sure that win Router is selected and deselect the Use Add Wizard check box Then click the Add button to create the second IP filter Figure C 16 Tunnel Setting Tab ...

Page 77: ...ecurity Then click the Edit button From the Security Methods tab verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK button 12 Click the Authentication Methods tab and verify that the authentication method Kerberos is selected Then click the Edit but...

Page 78: ...12345 This is a sample key string Yours should be a key that is unique but easy to remember Then click the OK button 14 This new Preshared key will be displayed Click the Apply button to continue if it appears on your screen otherwise proceed to the next step 15 Click the Tunnel Setting tab Click the radio button for The tunnel endpoint is specified by this IP Address and enter the Windows 2000 XP...

Page 79: ...ork connections Then click the OK or Close button to finish 17 From the Rules tab click the OK or Close button to return to the screen showing the security policies Step 4 Assign New IPSec Policy In the IP Security Policies on Local Machine window right click the policy named to_Router and click Assign A green arrow appears in the folder icon Figure C 25 Connection Type Figure C 26 Rules Figure C ...

Page 80: ...ss and Subnet Mask of the VPN device at the other end of the tunnel the remote VPN Router or device with which you wish to communicate in the Remote Security Router fields 7 Select from two types of authentication MD5 and SHA1 SHA1 is recommended because it is more secure As with encryption either of these may be selected provided that the VPN device at the other end of the tunnel is using the sam...

Page 81: ...tunnel Before You Begin The following is a list of equipment you need Two Windows desktop PCs each PC will be connected to a VPN Router Two VPN Routers that are both connected to the Internet Configuring the VPN Settings for the VPN Routers Configuring VPN Router 1 Follow these instructions for the first VPN Router designated VPN Router 1 The other VPN Router is designated VPN Router 2 NOTE Each c...

Page 82: ... Then click the OK button 4 Click the VPN tab 5 Click the IPSec VPN tab 6 For the VPN Tunnel setting select Enabled 7 Enter a name in the Tunnel Name field 8 For the Local Secure Group select Subnet Enter VPN Router 1 s local network settings in the IP Address and Mask fields 9 For the Remote Secure Group select Subnet Enter VPN Router 2 s local network settings in the IP Address and Mask fields N...

Page 83: ... is the default user name and password Then click the OK button 4 If the LAN IP address is still the default one change it to 172 168 1 1 and save the setting 5 Click the VPN tab 6 Click the IPSec VPN tab 7 For the VPN Tunnel setting select Enabled 8 Enter a name in the Tunnel Name field 9 For the Local Secure Group select Subnet Enter VPN Router 2 s local network settings in the IP Address and Ma...

Page 84: ...ck the Advanced Settings button Otherwise click the Save Settings button and proceed to the next section Configuring VPN Router 2 7 On the Auto IKE Advanced Settings screen keep the default Operation Mode Main 8 For Phase 1 select 3DES from the Encryption drop down menu 9 Select MD5 from the Authentication drop down menu 10 Select 1024 bit from the Group drop down menu 11 Enter 3600 in the Key Lif...

Page 85: ...er to Windows Help for more information 2 Verify that PC 1 and PC 2 can ping each other refer to Windows Help for more information If the computers can ping each other then you know the VPN tunnel is configured correctly You can select different algorithms for the encryption authentication and other key management settings for VPN Routers 1 and 2 Refer to the previous section Configuring the Key M...

Page 86: ...en press the Enter key or the OK button 2 When the IP Configuration screen appears select the Ethernet adapter you have connected to the Router via a CAT 5 Ethernet network cable See Figure C 1 3 Write down the Adapter Address as shown on your computer screen see Figure C 2 This is the MAC address for your Ethernet adapter and is shown as a series of numbers and letters The MAC address Adapter Add...

Page 87: ...hat you will use for MAC address cloning or MAC filtering The example in Figure C 3 shows the Ethernet adapter s IP address as 192 168 1 100 Your computer may show something different For the Router s Web based Utility For MAC address cloning enter the MAC Address in the MAC Address field or select Clone My PCs MAC See Figure C 4 Click Save Settings to save the MAC Cloning settings or click the Ca...

Page 88: ...re you want to mount the Router Ensure that the wall you use is smooth flat dry and sturdy and make sure the location is within reach of the power outlet 2 Drill two holes into the wall Make sure the holes are 64 5mm apart 3 Insert a screw into each hole and leave 3 mm of its head exposed 4 Maneuver the Router so the wall mount slots line up with the two screws 5 Place the wall mount slots over th...

Page 89: ...is a set of instructions or protocol all PCs follow to communicate over a wired or wireless network Your PCs will not be able to utilize networking without having TCP IP enabled Windows Help provides complete instructions on enabling TCP IP Shared Resources If you wish to share printers folders or files over your network Windows Help provides complete instructions on utilizing shared resources Net...

Page 90: ...device and cause it to start executing instructions Broadband An always on fast Internet connection Browser An application program that provides a way to look at and interact with all the information on the World Wide Web Byte A unit of data that is usually eight bits long Cable Modem A device that connects a computer to the cable television network which in turn connects to the Internet Daisy Cha...

Page 91: ...Ethernet IEEE standard network protocol that specifies how data is placed on and retrieved from a common transmission medium Firewall A set of related programs located at a network gateway server that protects the resources of a network from users from other networks Firmware The programming code that runs a networking device FTP File Transfer Protocol A protocol used to transfer files over a TCP ...

Page 92: ...g storage and or transmission between users Packet A unit of data sent over a network Passphrase Used much like a password a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for Linksys products Ping Packet INternet Groper An Internet utility used to determine whether a particular IP address is online POP3 Post Office Protocol 3 A standard mail s...

Page 93: ... network s name Static IP Address A fixed address assigned to a computer or device that is connected to a network Static Routing Forwarding data in a network via a fixed path Subnet Mask An address code that determines the size of the network Switch 1 A data switch that connects computing devices to host computers allowing a large number of devices to share a limited number of ports 2 A device for...

Page 94: ...e address of a file located on the Internet VPN Virtual Private Network A security measure to protect data as it leaves one network and goes to another over the Internet WAN Wide Area Network The Internet WEP Wired Equivalent Privacy A method of encrypting network data transmitted on a wireless network for greater security WLAN Wireless Local Area Network A group of computers and associated device...

Page 95: ...nks RED Internal attack Blinks Green external attack LAN 1 4 Internet Operating System Linux Performance NAT Throughput 800 Mb s Setup Config WebUI Built in Web UI for Easy browser based configuration HTTP HTTPS Management SNMP Version SNMP Version 1 2c Event Logging Event Logging Local Syslog E mail Alerts Web F W upgrade Firmware Upgradable Through Web Browser Diagnostics DIAG LED for Flash and ...

Page 96: ...ntrol Instant Messenger Control L3 L4 Protocol IP TCP UDP ICMP Normalization L7 Signature Matching Signature Update Manual download from the web Free download for 1 year Secure Management HTTPS Username Password 802 1x Port based Radius Authentication EAP MD5 EAP PEAP QoS Prioritization types Port based and Application based Priority Queues 4 queues Network VLAN Support Port based VLAN DHCP DHCP S...

Page 97: ...thentication IPSec NAT T VPN Passthrough of PPTP L2TP IPSec Routing Static and RIP v1 v2 Environmental Device Dimensions 6 69 x 1 61 x 6 69 inches W x H x D 170 x 41 x 170 mm Weight 0 84 lbs 0 38kg Power 12V 1A Certification FCC class B CE ICES 003 Operating Temp 0ºC to 40ºC 32ºF to 104ºF Storage Temp 20ºC to 70ºC 4ºF to 158ºF Operating Humidity 10 to 85 Non Condensing Storage Humidity 5 to 90 Non...

Page 98: ...TATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF NON INFRINGEMENT ARE DISCLAIMED Some jurisdictions do not allow limitations on how long an implied warranty lasts so the above limitation may not apply to You This warranty gives You specific legal rights and You may also have other rights which vary by jurisdiction This warranty does not apply if the Product a has been altered except by Lin...

Page 99: ...is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment or devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an experienced radio TV technician for assistance Safety Notices Caution To reduce the risk of fire use only No 26 AWG or larger ...

Page 100: ... les interférences reçues y compris celles qui risquent d entraîner un fonctionnement indésirable User Information for Consumer Products Covered by EU Directive 2002 96 EC on Waste Electric and Electronic Equipment WEEE This document contains important information for users with regards to the proper disposal and recycling of Linksys products Consumers are required to comply with this notice for a...

Page 101: ...92 Appendix K Regulatory Information 4 Port Gigabit Security Router with VPN ...

Page 102: ...93 Appendix K Regulatory Information 4 Port Gigabit Security Router with VPN ...

Page 103: ...94 Appendix K Regulatory Information 4 Port Gigabit Security Router with VPN ...

Page 104: ...95 Appendix K Regulatory Information 4 Port Gigabit Security Router with VPN For more information visit www linksys com ...

Page 105: ... networking with Linksys products Give our advice line a call at 800 546 5797 LINKSYS Or fax your request in to 949 823 3002 If you experience problems with any Linksys product you can call us at 800 326 7114 Don t wish to call You can e mail us at support linksys com If any Linksys product proves defective during its warranty period you can call the Linksys Return Merchandise Authorization depart...

Reviews:

No comments

Brands by name

Popular brands

Load more brands