Cisco Linksys RVL200 User Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. Linksys RVL200
  6. User manual

Cisco Linksys RVL200 User Manual

4-port ssl/ipsec vpn router business series
Hide thumbs Also See for Linksys RVL200:
Table of Contents

Advertisement

Quick Links

Download this manual
USER GUIDE
BUSINESS SERIES
4-Port SSL/IPSec
VPN Router
RVL200
Model:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Linksys RVL200

Summary of Contents for Cisco Linksys RVL200

  • Page 1 USER GUIDE BUSINESS SERIES 4-Port SSL/IPSec VPN Router RVL200 Model:...

  • Page 2: Icon Descriptions

    Website addresses in this document are listed without http:// in front of the address because most current web browsers do not require it. If you use an older web browser, you may have to add http:// in front of the web address.

  • Page 3: Table Of Contents

    Wall-Mounting Placement ........4...
  • Page 4 Import Configuration File ........23...
  • Page 5 IPSec VPN > Gateway to Gateway ........35...
  • Page 6 Login for the SSL VPN Portal (Mac OS X) .......60...
  • Page 7 Configuration of the RV082 ........83...
  • Page 8 Basic Instructions......... . .96 Inter-VLAN Routing Option ........97 Appendix N: Access of Multiple VLANs over a SSL VPN Tunnel Overview .

  • Page 9: Chapter 1: Introduction

    A computer with SSL or IPSec VPN client software big a network as you need. If you have multiple routers in can be one of the two endpoints. your Local Area Network (LAN), you can use the Router’s multiple subnet feature to support those routers.

  • Page 10: Computer (Using Ssl Vpn Client Software) To Vpn Router

    VPN client software that is configured with her office’s VPN settings. She accesses the VPN client software and connects to the VPN Router at the central office. As VPNs utilize the Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure connection to the central office’s network, as if she...

  • Page 11: Chapter 2: Product Overview

    (Green) The Power LED lights up green the Reset button for four seconds using the and stays on while the Router is powered on. tip of a pen. This is similar to pressing the power button on your computer to reboot Dag (Orange) The Diag LED lights up when it.

  • Page 12: Chapter 3: Installation

    Physical Installation Suggested Mountng Hardware There are three ways to place the Router. The first way is to place it horizontally on a surface, so it sits on its four rubber feet. The second way is to stand the Router vertically on a surface.

  • Page 13: Cable Connection

    Power port, and then plug the power adapter into an electrical outlet. Connect the Power The Power LED on the front panel will light up as soon as the power adapter is connected properly. Power on your computers and other network devices.

  • Page 14: Chapter 4: Advanced Configuration

    Scripting of Java applets. For your convenience, use the Router’s web-based utility to set it up and configure it. This chapter will explain all of the functions in this utility. These are the main tabs of the utility: System Summary,...

  • Page 15: How To Access The Web-Based Utility

    Click Securty. Select Use SSL .0 and Use SSL .0. Login Screen After you have logged in, you will be asked to install the Web Cache Cleaner application. This will prompt any user of the Router to delete all temporary Internet files, cookies, and browser history when the user logs out or closes the web browser window.

  • Page 16: System Summary

    Router’s board. right-hand side of this screen and all other screens of the utility is a link to the Site Map, which has links to all of the utility’s tabs. Click Ste Map to view the Site Map. Then, click the desired tab.

  • Page 17: Port Statistics

    This is the length of time in days, hours, and minutes that the Router has been active. The current IP address. If the WAN port is set to PPPoE or PPTP, two time and date are also displayed. buttons, Connect and Disconnect, will be available.

  • Page 18: Setup Tab > Network

    The default values are 192.168.1.1 for the Router’s local IP address and If you have set up the mail server but the log has not been 255.255.255.0 for the subnet mask. generated due to the Log Queue Length and Log Time Threshold settings, the message, “E-mail settings have...
  • Page 19 To manually set a value, select Manual and enter the value desired in the field provided. You should leave this value in the 1200 to 1500 range, and most DSL users should use the value 1492. The default is Auto,...

  • Page 20: Setup > Password

    Max Idle Time is  minutes. enter the value desired in the field provided. You should leave this value in the 1200 to 1500 range, and most DSL Keep Alve If you select the Keep Alive option, the Router users should use the value 1492.

  • Page 21: Password

    Access Rules and Content Filter, The DMZ (Demilitarized Zone) Host feature allows one and perform other activities for other internal purposes. local user to be exposed to the Internet for use of a special-purpose service such as Internet gaming or Time videoconferencing.

  • Page 22: Setup Tab > Forwarding

    Chapter 4 Advanced Configuration Click Save Settngs to save your change, or click Cancel If the Service you need is not listed in the menu, click Changes to undo it. Servce Management to add the new service. The Service Management screen appears.

  • Page 23: Setup > Upnp

    Servce Select the Service you want. incoming packets to the LAN host. If the Service you need is not listed in the menu, click Applcaton Name Enter the name of the application. Servce Management to add the new service. The Service Management screen appears.

  • Page 24: Setup > One-To-One Nat

    Setup > One-to-One NAT Prvate Range Begn Enter the starting IP address of the internal IP address range. This is the IP address of the first One-to-One NAT (Network Address Translation) creates device that a relationship that maps valid external IP addresses to internal IP addresses hidden by NAT.

  • Page 25: Mac Clone

    Setup > DDNS Dynamic Domain Name System (DDNS) service allows you to assign a fixed domain name to a dynamic WAN IP address, so you can host your own web, FTP or other type of TCP/IP server in your LAN. The DDNS feature is disabled by default.

  • Page 26: Dhcp > Setup

    To use dynamic passes through before reaching its destination. A node is routing for communication of network data, select any device on the network, such as a switch, PC, or router. Enabled. Otherwise, keep the default, Dsabled. Interface Select the appropriate interface. The Interface...

  • Page 27: Setup

    This value must be 192.168.1. 2 or greater, because the WINS is assigned if the computer (DHCP client) requests default IP address for the Router is 192.168.1.1. one. If you do not know the IP address of the WINS server, keep the default, 0.0.0.0. Static IP You can assign a static IP address to a specific device based on its MAC address.

  • Page 28: Dhcp > Status

    WINS server to support NetBIOS. Second, Leased Tme It displays the amount of time a network if a user sets up a static IP address, then the IP user will be allowed connection to the Router with their address, subnet mask, default gateway, and current dynamic IP address.

  • Page 29: Dhcp > Inter-Vlan Routing

    DHCP > Inter-VLAN Routing Look up the name Enter the host name, and click Go. (Do not add the prefix http:// or else you will get an error Inter-VLAN Routing message.) The Router will then query the DNS server and display the result at the bottom of the screen.

  • Page 30: System Management > Factory Default

    Png host or IP address Enter the IP address of the device System Management > Firmware Upgrade being pinged, and click Go. The test will take a few seconds Firmware Upgrade to complete. When completed, the Router will display the results at the bottom of the screen.

  • Page 31: Restart

    System Management > Port Mirroring Port Mirroring monitors and copies network traffic by transferring copies of incoming and outgoing packets from source ports to a target port. This feature is used as a monitoring, diagnostic, and debugging tool. System Management > Restart...

  • Page 32: Port Management > Port Setup

    Auto Neg. Select Enable if you want the Router’s ports to auto-negotiate connection speeds and duplex mode; then you will not need to set up speed and duplex settings separately. Click Save Settngs to save your changes, or click Cancel Changes to undo them.

  • Page 33: Port Management > Create Vlan

    VLAN Membership screen. For an Access port, the transmitted frames will be untagged. A port configured as a Trunk port acts as a direct link between two switches. The transmitted frames will be tagged to identify the source Port Management >...

  • Page 34: Vlan Membership

    Enter the VLAN group name. You can use up to 50 characters. For the default VLAN 1, all ports will be set to Access mode and all frames will be UnTagged. For the Router’s four ports, select the appropriate mode:...
  • Page 35 Advanced Configuration Click Add to Lst, and configure as many rules as you Rate Control would like, up to a maximum of 100. To delete a rule, select Servce Select the Service you want. it and click Delete selected applcaton.

  • Page 36: Qos > Qos Setup

    Trust Mode Default CoS Click Add to Lst, and configure as many rules as you would like, up to a maximum of 50. To delete a rule, select Configure the Trust Mode and Default CoS priority values it and click Delete selected applcaton.

  • Page 37: Qos > Queue Settings

    WRR uses a predefined relative weight for each queue, which determines the percentage of service time When a port is set to None mode, then the Router will not the Router services each queue before moving on to the check CoS VLAN tag priority or DSCP/ToS priority bits in next queue.

  • Page 38: Dscp Settings

    Chapter 4 Advanced Configuration based QoS in Layer 3, the Router can use the priority bits in the Type of Service (ToS) octet to prioritize traffic. If priority bits are used, the ToS octet may contain three bits for IP Precedence or six bits for DSCP service.

  • Page 39: Firewall > Access Rules

    SSL VPN has higher priority than Port different schedule. Forwarding when HTTPS is enabled. With the use of custom rules, it is possible to disable all firewall protection or block all access to the Internet, so HTTP To allow HTTP connections for remote management, use extreme caution when creating or deleting access select Enable.

  • Page 40: Add A New Access Rule

    Update ths servce. Make changes. Click Save Settngs to save your changes, or click Cancel Changes to undo them. Click Ext to return to the Add a New Access Rule screen. If you want to delete a service you have created, select it Add a New Access Rule and click Delete selected servce.

  • Page 41: Firewall > Content Filter

    Source Select the Source IP address(es) for the access rule. If it can be any IP address, select Any. If it is one IP address, select Sngle and enter the IP address. If it is a range of IP addresses, select Range, and enter the starting and ending IP addresses in the Addr.

  • Page 42: Ipsec Vpn > Summary

    MAC Address If you selected MAC Address, enter the MAC address in the fields provided. To add an entry, click Add to lst. To remove an entry from the list, select the entry, and click the Delete selected entry. Click Save Settngs to save your changes, or click Cancel Changes to undo them.

  • Page 43: Summary

    Proceed to the “IPSec VPN > Gateway to Gateway” section for instructions. Click Return to return to the Summary screen. After you have added the VPN tunnel, you will see it listed in the table. It shows the number of the VPN tunnel.
  • Page 44 Select the local LAN user(s) behind the Router that can mal Addr.(USER FQDN) Authentcaton. Follow the use this VPN tunnel. Select the type you want to use: IP, instructions for the type you want to use. Subnet, or IP Range. Follow the instructions for the type you want to use.
  • Page 45 Select this option if you know the static IP Type selected on the VPN device at the other address of the remote VPN device at the other end of the end of the tunnel. tunnel, and then enter the IP address.

  • Page 46: Ipsec Setup

    IP range Enter the range of IP addresses. not need to set the Phase 2 DH Group (the key for Phase 2 will match the key in Phase 1). IPSec Setup There are three groups of different prime key lengths.
  • Page 47 100~ffffffff. Each tunnel must have a unique Incoming SPI and Outgoing SPI. No two tunnels share the same SPI. The Incoming SPI here must match the Outgoing SPI value at the other end of the tunnel, and vice versa. Advanced Encrypton Select a method of encryption, DES or DES.

  • Page 48: Ipsec Vpn > Vpn Pass Through

    Internet Protocol Security (IPSec) is user logged in. a suite of protocols used to implement secure exchange of packets at the IP layer. IPSec Pass Through is enabled by Status Displayed here is the user’s status, “Login” or default to allow IPSec tunnels to pass through the Router.

  • Page 49: Ssl Vpn > User Management

    RADIUS - PAP, RADIUS - CHAP, RADIUS - MSCHAP, or in a safe place as a backup. Select this option to store your RADIUS - MSCHAPV2 administration certificate as a file. The default filename is RVL00_MMDD_HHMM.pem, which you can rename.

  • Page 50: Ssl Vpn > Virtual Passage

    Administrator type is 0 minutes. Server Address Enter the IP address or domain name of the server. Click Save Settngs to save your changes, or click Ext to LDAP BaseDN* Enter the search base for LDAP queries. return to the User Management screen.

  • Page 51: Virtual Passage

    Local Engne ID If you want to manually generate the local engine ID, enter the values in text form and then click Range End Enter the ending IP address of the IP address Save Settngs. The Router will automatically generate an range.

  • Page 52: Snmp > Views

    OID will be excluded. Click Add to Lst, and configure as many entries as you View Table would like, up to a maximum of 20. To delete an entry, select it and click Delete. Vew Name Select the appropriate view name. There are...

  • Page 53: Snmp > Group Membership

    SNMP view; the group can change Click Add to Lst, and configure as many entries as you the assigned SNMP view. Then select the appropriate would like, up to a maximum of 30. To delete an entry, select it and click Delete. SNMP view.

  • Page 54: Snmp > Notification Recipient

    The default is . SNMPv1,2 Select this option if you want to use a v1 or v2 trap. If you selected Inform as the Notification type, this option will not be available (v1 does not use inform requests).

  • Page 55: Log > System Log

    Send E-mal to Enter the e-mail address that will receive your log files. If you do not want copies of the log information e-mailed to you, then leave this field blank. Enable E-Mal Authentcaton Select this option to enable the Router’s E-Mail Authentication feature.

  • Page 56: Log > System Statistics

    The message associated with each log event is displayed. Log Setting To update a log, click Refresh. To clear a log, click Clear. To Alert Log exit the System Log screen and return to the Log > System Log screen, click Close.

  • Page 57: Wizard

    WAN port. Select the appropriate connection type: Obtan an IP automatcally, Statc IP, or PPPoE. Click Next to continue. Click Prevous if you want to return to the previous screen. Click Ext if you want to exit the Setup Wizard. Wizard Basic Setup Click Launch Now to run the Basic Setup Wizard.
  • Page 58 Prevous if you want to return to the previous screen. Click Ext if you want to exit the Setup Wizard. If you want to use the ISP’s DNS server, select Use DNS Server provided by ISP (default). If you want to...

  • Page 59: Access Rule Setup

    Ext if you want to exit the Setup Wizard. If you select the Keep alive option, the Router will keep the connection alive by sending out a few data packets periodically, so your ISP thinks that the connection is still active.
  • Page 60 Select the Destination IP address(es) for this Access exit the Setup Wizard. Rule. If it can be any IP address, select Any. If it is one IP address, select Sngle and enter the IP address in the Destination IP fields. If it is a range of IP addresses, select Range, and enter the IP addresses in the Destination IP fields.

  • Page 61: Support

    Then enter the hours and minutes in 24-hour format, and select the appropriate days of the week. Click Next to continue. Click Prevous if you want to return to the previous screen. Click Ext if you want to exit the Setup Wizard. Support If you want to save your changes, click Save Settngs.
  • Page 62 Router.) After you click the Logout tab, a Warning screen appears. It will ask you to confirm that you want to delete the History Item for the Router. (The Web Cache Cleaner will prompt you to delete all temporary Internet files, cookies, and browser history during logout.) Click Yes.

  • Page 63: Appendix A: Troubleshooting

    Appendx A Troubleshooting Appendx A: The Router does not have a coaxial port for the cable connection. Troubleshootng The Router does not replace your modem. You still need your cable modem in order to use the Router. Connect your cable connection to the cable modem, insert the setup The firmware upgrade has failed.

  • Page 64: Appendix B: Virtual Passage Ssl Vpn Client

    (these settings are enabled by default). If the settings are already enabled, proceed to the next section, “Make the SSL VPN Portal a Trusted Site”. If the settings are disabled, you should enable them before configuring the Router. Proceed to the instructions for your web browser.

  • Page 65: Netscape Communicator 8.0 Or Higher

    Click Trusted stes. Click the Stes button. The Trusted sites screen appears. In the Add this Web site to the zone field, press Ctrl + V to paste in the SSL VPN Portal web address. Click Add. Netscape Communicator > Options > Site Controls > Web Features Click OK.

  • Page 66: Login For The Ssl Vpn Portal (Windows Os)

    Virtual Passage only. Installation of the Virtual Passage Client (Windows OS) The first time you create an SSL VPN tunnel, you have to install the Virtual Passage Client on your computer. Before you begin, make sure you have administrative Click to Install the Web Cache Cleaner rights on your computer.

  • Page 67: Logout Of The Ssl Vpn Portal (Windows Os)

    The Web Cache Cleaner and XTunnel are installed in C:\\WINDOWS\Downloaded Program Files. When you log out, you will see a Warning screen. It will ask you to confirm that you want to delete the History Item for the Router. (The Web Cache Cleaner will prompt you to delete all temporary Internet files, cookies, and browser history during logout.) Click Yes.

  • Page 68: Windows Vista Usage

    Virtual Passage only. Installation of the Virtual Passage Client (Mac OS X) The first time you create an SSL VPN tunnel, you have to install the Virtual Passage Client on your computer. Deselect Use User Account Control (UAC) Before you begin, make sure you have administrative rights on your computer.

  • Page 69: Removal Of The Virtual Passage Client (Mac Os X)

    Enter your password for OS X. To uninstall the Virtual Passage Client, click OK. Enter Your Password After the software is installed, you will be notified that the SSL VPN tunnel has been established. Enter Your Password After the software is removed, you will be notified.

  • Page 70: Before You Begin (Linux Os)

    If your user type is User, then you can use Virtual Passage only. Installation of the Virtual Passage Client Click Yes (Linux OS) The first time you create an SSL VPN tunnel, you have to install the Virtual Passage Client on your computer. 4-Port SSL/IPSec VPN Router...

  • Page 71: Removal Of The Virtual Passage Client (Linux Os)

    After the software is removed, you will be notified. Click OK. Click OK Click Run After the software is installed, you will be notified that the SSL VPN tunnel has been established. SSL VPN Tunnel Established To end the SSL VPN connection, click Dsconnect.

  • Page 72: Appendix C: Bandwidth Management

    Find out the ports used for Vonage VoIP service. devices use UDP. Access the Router’s web-based utility. (Refer to Enter its SIP port range in the Port Range fields. For “Chapter 4: Advanced Configuration” for details.) example, you can set the Port Range to 5060 to 5070 Click the QoS tab.

  • Page 73: Creation Of New Bandwidth Management Rules

    Bandwidth Management Creation of New Bandwidth Management After you have set up the rule, click Add to lst. Set up a rule for Vonage 2. Select Vonage  from the Rules Service drop-down menu. Create four new rules: Vonage VoIP (Upstream), Vonage Enter the IP address or range you need to control.

  • Page 74: Appendix D: Active Directory Server

    Actve Drectory Server NOTE: Windows Server 2000 and 2003 support the Active Directory server feature. To configure an Active Directory server: Click the Start button of your Windows computer. Click Settngs. Click Control Panel. Double-click Admnstratve Tools. Click Next. Server Role Click Next.
  • Page 75 Select Doman controller for a new doman, and then click Next. Welcome to the Active Directory Installation Wizard Domain Controller Type Click Next. Select Doman n a new forest, and then click Next. Operating System Compatibility Create New Domain 4-Port SSL/IPSec VPN Router...
  • Page 76 Then click Next. New Domain Name Database and Log Folders Enter a domain NetBIOS name, and then click Next. Enter a location for the SYSVOL folder, and then click Next. NetBIOS Domain Name Shared System Volume 4-Port SSL/IPSec VPN Router...
  • Page 77 Appendx D Active Directory Server Select I wll correct the problem later by confgurng Enter your Administrator password for the Active DNS manually (Advanced), and then click Next. Directory server. Then enter it again in the Confirm password field. Click Next.

  • Page 78: Troubleshooting

    Appendx D Active Directory Server Troubleshooting If your users are unable to connect via Active Directory, check the following: The time settings between the Active Directory • server and the Router must be synchronized. Kerberos authentication, used by Active Directory...

  • Page 79: Appendix E: User For The Active Directory Server

    Double-click Admnstratve Tools. Click Actve Drectory Users and Computers. To create a user, right-click Users. New Object > User > Name Enter the user password, and enter it again in the Confirm password field. Then click Next. Active Directory Users and Computers New Object >...
  • Page 80 Appendx E User for the Active Directory Server Click Fnsh to create the new user. New Object > User > Summary 4-Port SSL/IPSec VPN Router...

  • Page 81: Appendix F: Internet Authentication Service (Ias) Server

    NOTE: Windows Server 2000 and 2003 support the IAS server feature. To install an IAS server: Click the Start button of your Windows computer. Click Add or Remove Programs. Click Add/Remove Wndows Components. Windows Components Click the Start button of your Windows computer.
  • Page 82 To add a policy, click Add. Policy Conditions Welcome to the New Remote Access Policy Wizard Select Clent-IP-Address, and then click Add. Select Set up a custom polcy, and enter a policy name. Then click Next. Select Attribute Policy Configuration Method Enter an IP address, and then click OK.
  • Page 83 Appendx F Internet Authentication Service (IAS) Server Click Edt Profle. Make sure a policy has been added, and then click Next. Profile Policy Conditions On the Authentication tab, deselect (remove Select Grant remote access permsson, and then Mcrosoft Encrypton checkmark from) click Next.
  • Page 84 Appendx F Internet Authentication Service (IAS) Server On the Encryption tab, select Basc encrypton, Click Internet Authentcaton Servce. Strong encrypton, Strongest encrypton, and No encrypton. Click Apply. Internet Authentication Service Right-click Remote Access Polces, and click New Connecton Request Polcy.
  • Page 85 Click Next. To add a policy, click Add. Welcome to the New Connection Request Policy Wizard Policy Conditions Select A custom polcy, and enter a policy name. Then Select Clent-IP-Address, and then click Add. click Next. Policy Configuration Method Select Attribute Enter an IP address, and then click OK.
  • Page 86 Appendx F Internet Authentication Service (IAS) Server On the Authentication tab, select Authentcate Make sure a policy has been added, and then click Next. request on ths server, and then click OK. Policy Conditions Click Edt Profle. Authentication Click Fnsh.

  • Page 87: Appendix G: Lightweight Directory Access Protocol (Ldap) Server

    From the Authentication Type drop-down menu, select LDAP. SSL VPN > User Management In the Server Address field, enter the IP address or domain name of the server. In the LDAP BaseDN* field, enter the Base Distinguished Name defined in the configuration file of your LDAP server.

  • Page 88: Appendix H: Deployment In An Existing Network

    In the Statc Routng section, enter 0.0.0.0 in the Overview Destination IP field. If you have a current VPN router in your network, you can Enter 0.0.0.0 in the Subnet Mask field. add the 4-Port SSL/IPSec VPN Router (model number: Enter 9.8.. in the Default Gateway field.

  • Page 89: Wan-To-Lan Connection

    Physically connect the Internet port on the RVL200 to a LAN port on the RV082. Configure the Virtual Passage IP so it is in the network range of the RV082 LAN side. After an SSL VPN client establishes its connection, the client can access the existing computers and servers (192.168.1.100-200) on the RV082 LAN side.

  • Page 90: Appendix I: Gateway-To-Gateway Vpn Tunnel

    This appendix explains how to configure an IPSec VPN tunnel between two VPN Routers by example. Two Click the IPSec VPN tab. computers are used to test the liveliness of the tunnel. Click the Gateway to Gateway tab. Before You Begin Enter a name in the Tunnel Name field.

  • Page 91: Configuration Of The Rv082

    User Guide of the RV082 for details.) Configuration of PC 1 and PC 2 Click the IPSec VPN tab. Verify that PC 1 and PC 2 can ping each other (refer to Click the Gateway to Gateway tab. Windows Help for more information). If the computers can ping each other, then you know the VPN tunnel is Enter a name in the Tunnel Name field.

  • Page 92: Configuration When The Remote Gateway Uses A Dynamic Ip Address

    Gateway-to-Gateway IPSec VPN Tunnel - Remote Gateway Using encryption, authentication, and other key management Dynamic IP settings. In the Preshared Key field, enter a string for this key, for NOTE: Each computer must have a network example, 13572468. adapter installed.

  • Page 93: Configuration Of Pc 1 And Pc 2

    RVL200’s local network settings in the IP Address and Subnet Mask fields. Verify that PC 1 and PC 2 can ping each other (refer to Windows Help for more information). If the computers can ping each other, then you know the VPN tunnel is configured correctly.

  • Page 94: Configuration Of The Rv082

    User Guide of the RV082 for details.) Configuration of PC 1 and PC 2 Click the IPSec VPN tab. Verify that PC 1 and PC 2 can ping each other (refer to Click the Gateway to Gateway tab. Windows Help for more information). If the computers can ping each other, then you know the VPN tunnel is Enter a name in the Tunnel Name field.

  • Page 95: Appendix J: Ipsec Nat Traversal

    Overview Network Address Translation (NAT) traversal is a technique developed so that data protected by IPSec can pass through a NAT. (See NAT 1 and NAT 2 in the diagram.) WAN: 192.168.99.22 WAN: 192.168.99.11 Since IPSec provides integrity for the entire IP datagram,...

  • Page 96: Configuration Of Router B

    Subnet Mask fields. Router B’s IPSec VPN Settings For the Remote Security Gateway Type, select IP Only. Enter the WAN IP address of NAT 2 - RV042 in the IP Address field. For the Remote Security Group Type, select Subnet.

  • Page 97: Configuration Of Scenario 2

    Remote Security Gateway IP address set to a public One-to-One NAT Rule on NAT 2 - RV042 IP address that is associated with the WAN IP address of Router A, which is behind the NAT. Hence the public IP 192.168.99.1 =>...

  • Page 98: Configuration Of Router A

    In the Preshared Key field, enter a string for this key, for In the Preshared Key field, enter a string for this key, for example, 13572468. example, 13572468.

  • Page 99: Appendix K: Configuration Of Multiple Subnets

    Confguraton of Multple To create this configuration, you create two subnets and two static routes on the RVL200. Then on each RV042, you Subnets set it to Router mode, disable the firewall, and set up a static route. RVL200 Configuration Overview...

  • Page 100: Rv042 #1 Configuration

    Enter 9.8.. in the Default Gateway field. Enter  in the Hop Count field. Select LAN from the Interface drop-down menu. To create the first static route, click Add to lst. In the Statc Routng section, enter 9.8.0.0 in the Destination IP field.

  • Page 101: Rv042 #2 Configuration

    RV042 #2 Configuration Launch the web browser for a computer connected one of the Ethernet ports of the RV042 #2. Access the web-based utility of the RV042 #2. (Refer to the User Guide of the RV042 for details.) Click the Setup tab.

  • Page 102: Appendix L: Multiple Vlans With Computers

    Port Management > Create VLAN screen. On the RVL200, configure VLANs 2, 3, and 4. Set Ethernet port 4 to Trunk mode, and assign VLANs 2, 3, and 4 to Ethernet port 4. On the SRW2048, configure VLANs 2, 3, and 4, and then assign ports to the VLANs.

  • Page 103: Srw2048 Configuration

    To create VLAN4, click Add VLAN. Click the Port Settng tab. SRW2048 Configuration To configure VLANs 2, 3, and 4, refer to the documentation for the SRW2048. Port Management > Port Setting For Port ID 4, select Trunk as the Mode.

  • Page 104: Appendix M: Multiple Vlans And Subnets

    Virtual Local Area Networks (VLANs) used with multiple subnets. The configuration example shows an RVL200 deploying two routers and one Layer 2 managed switch, which deploys three VLANs. Any router can be deployed; however, this example uses the Linksys 10/100 4-Port VPN Router (model number: RV042).

  • Page 105: Inter-Vlan Routing Option

    Enter 49. – Click Save Settngs. Inter-VLAN Routing Option To allow packets to travel from one VLAN to another, follow these instructions (optional): Access the web-based utility of the RVL200. (Refer to “Chapter 4: Advanced Configuration” for details.) Click the DHCP tab.

  • Page 106: Appendix N: Access Of Multiple Vlans Over A Ssl Vpn Tunnel

    -net <destination ip> <gateway ip> Establish an SSL VPN connection between the computer <subnet mask> on the Internet, designated PC 1, and the RVL200. (Refer to “Appendix B: Virtual Passage SSL VPN Client” for details.) Example #1: In the configuration example, the RVL200 assigns sudo route add -net 192.168.3.0 192.168.1.201...

  • Page 107: Appendix O: Firmware Upgrade

    This appendix explains how to upgrade the firmware of the Router. Before You Begin If you are using Internet Explorer on Windows XP, disable the pop-up blocking function before you upgrade the Router’s firmware. (This avoids a firmware upgrade failure.)

  • Page 108: Upgrade The Firmware

    Appendx O Firmware Upgrade When you or another user logs out, a Warning screen will appear. It will ask you to confirm that you want to delete the History Item for the Router. Click Yes. Click Yes to Delete History Upgrade the Firmware In the Router’s web-based utility, click the System...

  • Page 109: Appendix P: Battery Replacement

    Appendx P: Battery Replacement Overview The Router has a lithium battery, type CR2032, on its main circuit board. This battery has an operating life of approximately 1 to 2 years. When the battery loses its charge, the Router cannot update its time setting unless it is connected to an NTP server.

  • Page 110: Appendix Q: Specifications

    Static and RIP v1, v2 Diags: Flash, etc. Diags: Flash, RAM Envronmental Port Mirroring One of the 5 WAN/LAN Ports can be Dimensions 6.69" x 1.67" x 6.69" Mirrored to a Selected LAN Port W x H x D (170 x 42.5 x 170 mm)

  • Page 111: Appendix R: Warranty Information

    CONDITIONS, REPRESENTATIONS AND WARRANTIES, and the web pages referred to herein may be updated by INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED Linksys from time to time; the version in effect at the date WARRANTY OF NON-INFRINGEMENT, ARE DISCLAIMED. of purchase shall apply.

  • Page 112: Technical Support

    RMA number and dated proof of original purchase will be rejected. Do not include any other items with the product you are returning to Linksys. Defective product covered by this limited warranty will be repaired or replaced and returned to you without charge.

  • Page 113: Appendix S: Regulatory Information

    This device must accept any interference, including specifications for a Class B digital device, pursuant to Part interference that may cause undesired operation of 15 of the FCC Rules. These limits are designed to provide the device. reasonable protection against harmful interference in a residential installation.

  • Page 114: User Information For Consumer Products Covered By Eu Directive 2002/96/Ec On Waste Electric And Electronic Equipment (Weee)

    Symbolet betyder, at dette produkt skal bortskaffes adskilt fra det almindelige husholdningsaffald. Det er dit ansvar at bortskaffe dette og andet elektrisk og Englsh - Envronmental Informaton for Customers n elektronisk udstyr via bestemte indsamlingssteder udpeget the European Unon af staten eller de lokale myndigheder.
  • Page 115 (tiem, ko rada vietēji iedzīvotāji un uzņēmumi). Šī zīme nozīmē πρέπει να απορρίπτεται ξεχωριστά από τα συνήθη οικιακά to, ka šī ierīce ir jāizmet atkritumos tā, lai tā nenonāktu kopā ar απορρίμματα. Είστε υπεύθυνος για την απόρριψη του παρόντος parastiem mājsaimniecības atkritumiem. Jūsu pienākums ir šo και...
  • Page 116 Šis simbolis rodo, kad gaminį reikia šalinti atskirai afval. Dit symbool geeft aan dat het product apart moet worden nuo bendro buitinių atliekų srauto. Jūs privalote užtikrinti, kad ingezameld. U bent zelf verantwoordelijk voor de vernietiging ši ir kita elektros ar elektroninė...
  • Page 117 – na izdelku in/ali na embalaži – med não seja eliminado junto com os resíduos municipais não običajne, nerazvrščene odpadke. Ta simbol opozarja, da je treba separados.

  • Page 118: Appendix T: Contact Information

    Support Site http://www.linksys.com/support FTP Site ftp.linksys.com Advice Line 800-546-5797 (LINKSYS) Support 800-326-7114 RMA (Return Merchandise http://www.linksys.com/warranty Authorization) NOTE: Details on warranty and RMA issues can be found in the Warranty section of this Guide. 7112610C-JL 4-Port SSL/IPSec VPN Router...

Table of Contents