Page 1 ADMINISTRATION GUIDE Cisco Small Business RVS4000 4-Port Gigabit Security Router with VPN...
Page 2 Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc.
Page 3: Table Of Contents
Contents About This Document How to Use This Guide Organization Finding Information in PDF Files Finding Text in a PDF Finding Text in Multiple PDF Files Chapter 1: Introduction Chapter 2: Networking and Security Basics An Introduction to LANs The Use of IP Addresses The Intrusion Prevention System (IPS) Chapter 3: Planning Your Virtual Private Network (VPN) Why do I need a VPN?
Page 4 Contents Configuring the Router Chapter 5: Setting Up and Configuring the Router Setup Setup > Summary Setup > WAN Setup > LAN Setup > DMZ Setup > MAC Address Clone Setup > Advanced Routing Setup > Time Setup > IP Mode Firewall Firewall >...
Page 5 Contents Router Access Administration > Log Administration > Diagnostics Administration > Backup & Restore Administration > Factory Default Administration > Reboot Administration > Firmware Upgrade IPS > Configuration IPS > P2P/IM IPS > Report IPS > Information L2 Switch L2 > Create VLAN L2 >...
Page 6 Contents Appendix A: Troubleshooting Frequently Asked Questions Appendix B: Using Cisco QuickVPN for Windows 2000, XP, or Vista Overview Before You Begin Installing the Cisco QuickVPN Software Installing from the CD-ROM Downloading and Installing from the Internet Using the Cisco QuickVPN Software Distributing Certificates to QuickVPN Users Appendix C: Configuring IPSec with a Windows 2000 or XP Computer Introduction...
Page 7 Contents ProtectLink How to Use the Service ProtectLink > Web Protection ProtectLink > Email Protection ProtectLink > License Appendix F: Specifications Specifications Performance Setup/Config Management Security Features Network Routing Layer 2 Environmental Appendix G: Where to Go From Here Product Resources Related Documentation Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 8: About This Document
Preface About This Document The focus of this guide is on the hardware and software features found on the Cisco Small Business RVS4000 4-Port Gigabit Security Router with VPN. Advanced configuration settings and security options are covered in this administration guide. How to Use This Guide This administration guide has been designed to make understanding the router easier.
Page 9: Finding Information In Pdf Files
Preface Chapter Title Description Chapter 4 Getting Started with the Describes the physical features of RVS4000 Router the RVS4000 router and provides information for installing the router. Chapter 5 Setting Up and Describes how to set up the product Configuring the Router software.
Page 10: Finding Text In A Pdf
Preface • Perform advanced searches. Finding Text in a PDF Follow this procedure to find text in a PDF file. Enter your search terms in the Find text box on the toolbar. STEP 1 By default, the Find tool is available at the right end of the Acrobat toolbar. If the NOTE Find tool does not appear, choose Edit >...
Page 11 Preface Search In the window, complete the following steps: STEP 3 a. Enter the text that you want to find. b. Choose All PDF Documents in. From the drop-down box, choose Browse for Location. Then choose the location on your computer or local network, and click OK. c.
Page 12 Preface When the Results appear, click + to open a folder, and then click any link to open STEP 4 the file where the search terms appear. For more information about the Find and Search functions, see the Adobe Acrobat online help.
Page 13: Chapter 1: Introduction
Introduction Thank you for choosing the Cisco RVS4000 4-Port Gigabit Security Router with VPN. The 4-Port Gigabit Security Router with VPN is an advanced Internet-sharing network solution for your small business needs. Like any router, it lets multiple computers in your office share an Internet connection. The 4-Port Gigabit Security Router with VPN also features a built-in 4-Port full- duplex 10/100/1000 Ethernet switch to connect four PCs directly, or you can connect more hubs and switches to create as big a network as you need.
Page 14: Chapter 2: Networking And Security Basics
Networking and Security Basics This chapter describes networking and security basics. It includes the following sections: • An Introduction to LANs, page 7 • The Use of IP Addresses, page 7 • The Intrusion Prevention System (IPS), page 9 An Introduction to LANs A router is a network device that connects two networks together.
Page 15 Networking and Security Basics The Use of IP Addresses A static IP address is a fixed IP address that you assign manually to a PC or other device on the network. Since a static IP address remains valid until you disable it, static IP addressing ensures that the device assigned it will always have that same IP address until you change it.
Page 16: The Intrusion Prevention System (Ips)
Networking and Security Basics The Intrusion Prevention System (IPS) Since the router is a device that connects two networks, it needs two IP NOTE addresses—one for the LAN, and one for the Internet. In this Administration Guide, you’ll see references to the “Internet IP address” and the “LAN IP address”.
Page 17 Networking and Security Basics The Intrusion Prevention System (IPS) IPS Scenarios Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 18: Chapter 3: Planning Your Virtual Private Network (Vpn)
Planning Your Virtual Private Network (VPN) This chapter provides information for planning your VPN and includes the following sections: • Why do I need a VPN?, page11 • What is a VPN?, page12 Why do I need a VPN? Computer networking provides a flexibility not available when using an archaic, paper-based system.
Page 19: Mac Address Spoofing
Planning Your Virtual Private Network (VPN) What is a VPN? 1) MAC Address Spoofing Packets transmitted over a network, either your local network or the Internet, are preceded by a packet header. These packet headers contain both the source and destination information for that packet to transmit efficiently.
Page 20: Vpn Router To Vpn Router
Planning Your Virtual Private Network (VPN) What is a VPN? This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or networks and allows data to be transmitted over the Internet as if it were still within those networks.
Page 21: Computer (Using The Cisco Quickvpn Client Software) To Vpn Router
Planning Your Virtual Private Network (VPN) What is a VPN? VPN Router to VPN Router Computer (using the Cisco QuickVPN Client software) to VPN Router The following is an example of a computer-to-VPN router VPN. In her hotel room, a traveling businesswoman connects to her ISP.
Page 22 Planning Your Virtual Private Network (VPN) What is a VPN? Computer to VPN Router For additional information and instructions about creating your own VPN, please visit www.cisco.com. You can also refer to Appendix B, “Using Cisco QuickVPN for Windows 2000, XP, or Vista”, Appendix C, “Configuring IPSec with a Windows 2000 or XP Computer”...
Page 23: Chapter 4: Getting Started With The Rvs4000 Router
Getting Started with the RVS4000 Router This chapter describes the physical features of the RVS4000 router and provides information for installing the router. The following sections are included: • Front Panel, page16 • Back Panel, page17 • Placement Options, page18 •...
Page 24: Back Panel
Getting Started with the RVS4000 Router Back Panel LED—The IPS LED lights up when the Intrusion Prevention System (IPS) function is enabled. If the LED is off, then IPS functions are disabled. The IPS LED flashes green when an external attack is detected. It flashes red when an internal attack is detected.
Page 25: Placement Options
Getting Started with the RVS4000 Router Placement Options ETHERNET Ports 1-4—Provide a LAN connection to network devices, such as PCs, print servers, or additional switches. POWER Port—Connects the router to power via the supplied AC power adapter. Placement Options You can place the router horizontally on the rubber feet, mount it in the stand, or mount it on the wall.
Page 26: Wall Option
Getting Started with the RVS4000 Router Placement Options To place the router vertically, follow these steps. Locate the left side panel of the router. STEP 1 With the two large prongs of one of the stands facing outward, insert the short STEP 2 prongs into the little slots in the router and push the stand upward until the stand snaps into place.
Page 27: Installing The Router
Getting Started with the RVS4000 Router Installing the Router Installing the Router To prepare the router for installation do the following: • Obtain the setup information for your specific type of Internet connection from your Internet Service Provider (ISP). • Power off all of your network hardware, including the router, PCs, and cable modem or DSL modem.
Page 28: Configuring The Router
Getting Started with the RVS4000 Router Configuring the Router Power on the cable or DSL modem. STEP 4 Connect the power adapter to the router’s Power port and plug the other end into STEP 5 an electrical outlet. The Power and Internet LEDs on the front panel will light up green as soon as the STEP 6 power adapter is connected.
Page 29 Getting Started with the RVS4000 Router Configuring the Router The default user name and password is admin. Click OK. STEP 4 For added security, you should later set a new password using the Administration > Management window of the web-based utility. The web-based utility will appear with the Setup menu and Summary selected.
Page 30 Getting Started with the RVS4000 Router Configuring the Router For more information about advanced settings and security options, refer to NOTE Chapter 5, “Setting Up and Configuring the Router.” Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 31: Chapter 5: Setting Up And Configuring The Router
Setting Up and Configuring the Router This chapter includes information for configuring the following router functions: • Setup, page 25 • Firewall, page 44 • ProtectLink, page 56 • VPN, page 57 • QoS, page 65 • Administration, page 70 •...
Page 32: Setup
Setting Up and Configuring the Router Setup The first time you open the web-based utility, enter admin (the default username) in the Username field and enter admin in the Password field. Click the OK button. You can change the password later from the Administration > Management window.
Page 33: Setup > Summary
Setting Up and Configuring the Router Setup Setup > Summary The Setup > Summary window displays a read-only summary of the router’s basic information. Clicking on a hyperlink (underlined text) takes you directly to the related page where you can update the information. Setup >...
Page 34 Setting Up and Configuring the Router Setup Port Statistics This section displays the following color-coded status information on the router’s Ethernet ports: • Green Indicates that the port has a connection. • Black Indicates that the port has no connection. Network Setting Status LAN IP Displays the IP address of the router’s LAN interface.
Page 35: Setup > Wan
Setting Up and Configuring the Router Setup Log Setting Status E-mail If this displays Email cannot be sent because you have not specified an outbound SMTP server address, then you have not set up the mail server. Click the E-mail hyperlink to display the Administration > Log window where you can configure the SMTP mail server.
Page 36 Setting Up and Configuring the Router Setup Static IP Internet IP Address This is the router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide you with the IP Address you need to specify here. Subnet Mask This is the router’s Subnet Mask, as seen by external users on the Internet (including your ISP).
Page 37 Setting Up and Configuring the Router Setup PPPoE User Name and Password Enter the User Name and Password provided by your ISP. Connect on Demand: Max Idle Time You can configure the router to cut the Internet connection after it has been inactive for a specified period of time (Max Idle Time), and then automatically re-establish the connection as soon as you attempt to access the Internet again.
Page 38 Setting Up and Configuring the Router Setup PPTP Point-to-Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only. PPTP IP Address This is the router’s IP address, when seen from the WAN, or the Internet.
Page 39 Setting Up and Configuring the Router Setup Keep Alive: Redial period If you select this option, the router will periodically check your Internet connection. If you are disconnected, then the router will automatically re-establish your connection. To use this option, click the radio button next to Keep Alive.
Page 40 Setting Up and Configuring the Router Setup Keep Alive: Redial period If you select this option, the router will periodically check your Internet connection. If you are disconnected, then the router will automatically re-establish your connection. To use this option, click the radio button next to Keep Alive.
Page 41 Setting Up and Configuring the Router Setup Connect on Demand: Max Idle Time You can configure the router to cut the Internet connection after it has been inactive for a specified period of time (Max Idle Time), and then automatically re-establish the connection as soon as you attempt to access the Internet again.
Page 42 Setting Up and Configuring the Router Setup Host Name Some ISPs, usually cable ISPs, require a host name as identification. You may have to check with your ISP to see if your broadband Internet service has been configured with a host name. In most cases, leaving this field blank will work. Domain Name Some ISPs, usually cable ISPs, require a domain name as identification.
Page 43: Setup > Lan
Setting Up and Configuring the Router Setup Connect The Connect button is displayed when DDNS is enabled. This button is used to contact the DDNS server to manually update your IP address information. The Status area on this window is also updated. Setup >...
Page 44 Setting Up and Configuring the Router Setup Setup > LAN Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 45 Setting Up and Configuring the Router Setup VLAN Select the VLAN for the DHCP server from the drop-down menu. This option appears only if you have created at least one VLAN from the L2 Switch NOTE > Create VLAN window. IPv4 The router’s Local IP Address and Subnet Mask are shown here.
Page 46 Setting Up and Configuring the Router Setup WINS The Windows Internet Naming Service (WINS) provides name resolution service (similar to DNS) in Windows networks. If you use a WINS server, enter that server’s IP Address here. Otherwise, leave this blank. Static IP Mapping Static IP Mapping is used to bind a specific IP address to a specific MAC address.
Page 47: Setup > Dmz
Setting Up and Configuring the Router Setup Setup > DMZ The DMZ window allows one local PC to be exposed to the Internet for use of a special-purpose service such as Internet gaming and videoconferencing. Whereas Port Range Forwarding can only forward a maximum of 10 ranges of ports, DMZ hosting forwards all the ports for one PC at the same time.
Page 48: Setup > Advanced Routing
Setting Up and Configuring the Router Setup Clone My PC’s MAC When MAC Address Clone is enabled, click this button to copy the MAC address of the network adapter in the computer that you are using to connect to the Web interface. Click Save Settings to save the MAC Cloning settings or click Cancel Changes to undo your changes.
Page 49 Setting Up and Configuring the Router Setup Dynamic Routing The router’s dynamic routing feature can be used to automatically adjust to physical changes in the network’s layout. The router can use the dynamic RIP protocol to calculate the most efficient route for the network’s data packets to travel between the source and the destination, based upon the shortest paths.
Page 50: Setup > Time
Setting Up and Configuring the Router Setup Hop Count This value gives the number of nodes that a data packet passes through before reaching its destination. A node is any device on the network, such as switches, PCs, etc. The maximum hop count value is 16. Show Routing Table Click this button to show the routing table established either through dynamic or static routing methods.
Page 51: Setup > Ip Mode
Setting Up and Configuring the Router Firewall User-defined NTP Server To specify a user-defined NTP server, select the Enable option, then enter the NTP Server’s IP address in the NTP Server IP field. NTP Server IP If the User-defined NTP Server option is set to Enable, enter the IP address of the NTP server.
Page 52: Firewall > Basic Settings
Setting Up and Configuring the Router Firewall Firewall > Basic Settings Firewall > Basic Settings Firewall When this feature is enabled, the router’s NAT firewall feature is enabled. DoS Protection When this feature is enabled, the router will block DoS (Denial of Service) attacks.
Page 53: Firewall > Ip Based Acl
Setting Up and Configuring the Router Firewall • Subnet Allows access from the Subnet that you enter in the field provided. Remote Upgrade This option allows you to upgrade the router remotely. To allow remote upgrade, select Enable. The Remote Management feature must be set to Enable as well.
Page 54 Setting Up and Configuring the Router Firewall Firewall > IP Based ACL Priority This is the rule’s priority. Enable This indicates whether the rule is enabled or disabled. Action This is the rule’s action, either Allow or Deny. Service This is the service(s) to which the rule applies. Source Interface This is the source interface, either WAN, LAN, or ANY.
Page 55 Setting Up and Configuring the Router Firewall Editing IP ACL Rules Editing IP ACL Rules Action Select the desired action, Allow or Deny, from the drop-down menu. Service Select the service types to which the rule will apply. You can either select one of the predefined services in the drop-down menu;...
Page 56 Setting Up and Configuring the Router Firewall Source IP To apply the rule to one source IP address, select Single from the drop- down menu, then enter the address in the field. To apply the rule to all source IP addresses, select ANY from the drop-down menu.
Page 57: Firewall > Internet Access Policy
Setting Up and Configuring the Router Firewall Firewall > Internet Access Policy Firewall > Internet Access Policy Access can be managed by a policy. Use the settings on this window to establish an access policy. Selecting a policy from the drop-down menu will display that policy’s settings.
Page 58 Setting Up and Configuring the Router Firewall • View all policies—click Summary to display the Internet Policy Summary popup which lists all of the Internet access policies and includes the following information: No., Policy Name, Days, Time, and a checkbox to delete (clear) the policy.
Page 59 Setting Up and Configuring the Router Firewall On the List of PCs popup, you can define PCs by MAC Address or IP Address. You can also enter a range of IP Addresses if you want this policy to affect a group of PCs.
Page 60: Firewall > Single Port Forwarding
Setting Up and Configuring the Router Firewall Firewall > Single Port Forwarding Firewall > Single Port Forwarding Application Enter the name of the application you wish to configure. External Port This is the port number used by the server or Internet application. Internet users must connect using this port number.
Page 61: Firewall > Port Range Forwarding
Setting Up and Configuring the Router Firewall Enabled Click the Enabled checkbox to enable port forwarding for the relevant application. Click Save Settings to save the settings you have entered. Click Cancel Changes to cancel any changes you have entered. Firewall >...
Page 62: Firewall > Port Range Triggering
Setting Up and Configuring the Router Firewall Firewall > Port Range Triggering Firewall > Port Range Triggering Application Name Enter the name of the application you wish to configure. Triggered Range For each application, list the triggered port number range. These are the ports used by outgoing traffic.
Page 63: Protectlink
Setting Up and Configuring the Router ProtectLink ProtectLink ProtectLink > ProtectLink Purchase ProtectLink > ProtectLink Purchase The optional Trend Micro ProtectLink Gateway service provides security for your network. For more information, see Appendix E, “Trend Micro ProtectLink Gateway Service.” Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 64: Vpn > Summary
Setting Up and Configuring the Router VPN > Summary VPN > Summary Tunnels Used Displays the number of tunnels used. Tunnel(s) Available Displays the number of available tunnels. Detail button Click Detail to display more tunnel information. Tunnel Status Displays the number of the tunnel. Name Displays the name of the tunnel, as defined by the Tunnel Name field on the VPN >...
Page 65: Vpn > Ipsec Vpn
Setting Up and Configuring the Router Config Click Edit to change the tunnel’s settings. Click Trash to delete all of the tunnel’s settings. Tunnel(s) Enabled Displays the total number of currently enabled tunnels. Tunnel(s) Defined Displays the number of tunnels currently defined. This number will be greater than the Tunnels Enabled field if any defined tunnels have been disabled.
Page 66 Setting Up and Configuring the Router VPN > IPSec VPN Select Tunnel Entry To create a new tunnel, select new. To configure an existing tunnel, select it from the drop-down menu. Delete Click this button to delete all settings for the selected tunnel. Summary Clicking this button shows the settings and status of all enabled tunnels.
Page 67 Setting Up and Configuring the Router IPSec VPN Tunnel Check the Enable option to enable this tunnel. Tunnel Name Enter a name for this tunnel, such as “Anaheim Office”. Local Group Setup Local Security Gateway Type This has two settings, IP Only and IP + Domain Name (FQDN) Authentication.
Page 68 Setting Up and Configuring the Router Remote Security Group Type Select the remote LAN user(s) behind the remote gateway who can use this VPN tunnel. This may be a single IP address or a Sub- network. Note that the Remote Security Group Type must match the other router’s Local Security Group Type.
Page 69 Setting Up and Configuring the Router • Authentication Authentication determines a method to authenticate the ESP packets. Either MD5 or SHA1 may be selected. Note that both sides (VPN endpoints) must use the same Authentication method. • A one-way hashing algorithm that produces a 128-bit digest. •...
Page 70: Vpn > Vpn Client Accounts
Setting Up and Configuring the Router Click Save Settings to save the settings you have entered. Click Cancel Changes to cancel any changes you have entered. VPN > VPN Client Accounts Use this window to administer your VPN Client users. Enter the information at the top of the window and the users you’ve entered will appear in the list at the bottom, showing their status.
Page 71 Setting Up and Configuring the Router VPN Client List Table Displays the user number. Active When checked, the designated user can connect, otherwise the VPN client account is disabled. Username Displays the username. Edit This button is used to modify the username or password, and to allow/deny the user permission to change their password.
Page 72: Vpn > Vpn Passthrough
Setting Up and Configuring the Router VPN > VPN Passthrough VPN > VPN Passthrough IPSec PassThrough Internet Protocol Security (IPSec) is a suite of protocols used to implement secure exchange of packets at the IP layer. IPSec Passthrough is enabled by default to allow IPSec tunnels to pass through the router. To disable IPSec Passthrough, select Disabled.
Page 73: Qos > Bandwidth Management
Setting Up and Configuring the Router QoS > Bandwidth Management QoS > Bandwidth Management - Rate Control Bandwidth This section lets you specify the maximum bandwidth provided by the ISP on the WAN interface, for both the upstream and downstream directions. Bandwidth Management Type Type The desired type of bandwidth management, either Rate Control or Priority...
Page 74 Setting Up and Configuring the Router Direction Select Upstream for outbound traffic or Downstream for inbound traffic. Mini. Rate Enter the minimum rate for the guaranteed bandwidth. Max. Rate Enter the maximum rate for the guaranteed bandwidth. Enable Check this box to enable this Rate Control Rule. Add to list After a rule is set up, click this button to add it to the list.
Page 75: Qos > Qos Setup
Setting Up and Configuring the Router Click Save Settings to save your settings. Click Cancel Changes to cancel any changes you have entered. QoS > QoS Setup The QoS Setup window allows users to configure QoS Trust Mode for each LAN port.
Page 76: Qos > Dscp Setup
Setting Up and Configuring the Router Queue Select the traffic forwarding queue, 1 to 4, to which the CoS priority is mapped. Queue 4 has the highest priority. Click Save Settings to save your settings. Click Cancel Changes to cancel any changes you have entered.
Page 77: Administration
Setting Up and Configuring the Router Administration Administration The Administration menu provides access to system administration settings and tools. It includes the following windows: Administration > Management Administration > Management Router Access Router Userlist Select the desired router user list. Router Username Enter the user name here.
Page 78 Setting Up and Configuring the Router Administration System Contact Enter contact information for the system. System Location Enter the location of the system. Read Community Enter the SNMP community name for SNMP “Get” commands. Write Community Enter the SNMP community name for SNMP “Set” commands. Trap Community Enter the SNMP community name for SNMP “Trap”...
Page 79: Administration > Log
Setting Up and Configuring the Router Administration Administration > Log Administration > Log Log Setting Log Level Select the log level(s) that the router should record. Log levels and their meanings are: Log Levels Level Severity Name Description LOG_DEBUG Debug-level message LOG_INFO Informational messages only LOG_NOTICE...
Page 80 Setting Up and Configuring the Router Administration Log Levels Level Severity Name Description LOG_WARNING Warning conditions LOG_ERR Error conditions LOG_CRIT Critical conditions LOG_ALERT Immediate action needed LOG_EMERG System unusable Outgoing Log Select Enable to cause all outgoing packets to be logged. You can then click View Outgoing Table to display information on the outgoing packets including Source IP, Destination IP, and Service/Port number.
Page 81: Administration > Diagnostics
Setting Up and Configuring the Router Administration Syslog Enable Syslog Select the checkbox if you want to use this feature. Syslog Server Enter the IP Address in this field when Enable Syslog is checked. Local Log Local Log Enable this if you want to see a log of all incoming and outgoing URLs or IP addresses.
Page 82: Administration > Backup & Restore
Setting Up and Configuring the Router Administration Number of Pings Enter the number of times you wish to ping the target device. Ping Interval Enter the time period (milliseconds) between each ping. Ping Timeout Enter the desired time period (milliseconds). If a response is not received within the defined ping period, the ping is considered to have failed.
Page 83: Administration > Factory Default
Setting Up and Configuring the Router Administration Restore Configuration To restore a previously saved config file back to the router, enter the file name in the field or click Browse to select the config file, then click Restore to upload the config file.
Page 84: Administration > Reboot
Setting Up and Configuring the Router Administration Administration > Reboot Administration > Reboot Reboot Click this button to reboot the router. This operation will not cause the router to lose any of its stored settings. Administration > Firmware Upgrade Administration > Firmware Upgrade To upgrade firmware, download the latest firmware for the product.
Page 85: Ips
Setting Up and Configuring the Router IPS > Configuration IPS > Configuration Figure 1 IPS > Configuration IPS Function Select Enable to enable or Disable to disable the IPS Function. Anomaly Detection HTTP Web attack signature is matched. HTTP request decoder will decode UTF- 8 (1, 2, and 3 byte) code and normalize URI (according to those evasion methods mentioned in whisker) before pattern match.
Page 86: Ips > P2P/Im
Setting Up and Configuring the Router Signature Update Before upgrading the firmware, download and extract the router firmware upgrade file from the Cisco website. For the firmware download link, see Appendix G, “Where to Go From Here.” Enter the firmware upgrade file name in the Signature Update field, or click Browse to find the file.
Page 87: Ips > Report
Setting Up and Configuring the Router IPS > Report Provides a graphical representation of the level of network traffic and attacks during the last twenty four hours. Attacker Displays the IP Address of attackers and the frequency (number of times) of the attacks.
Page 88 Setting Up and Configuring the Router IPS > Report Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 89: Ips > Information
Setting Up and Configuring the Router L2 Switch IPS > Information IPS > Information Signature Version Displays the version of the signature patterns in the router that protects against malicious threats. Last Time Upload This displays when the signature patterns in the router were last updated.
Page 90 Setting Up and Configuring the Router L2 Switch VLANs function at layer 2. Since VLANs isolate traffic within the VLAN, a Layer 3 router is needed to allow traffic flow between VLANs. Layer 3 routers identify segments and coordinate with VLANs. VLANs are broadcast and multicast domains.
Page 91: L2 > Vlan Port Setting
Setting Up and Configuring the Router L2 Switch L2 > VLAN Port Setting L2 Switch > VLAN Port Setting Port ID Displays the port number from 1 to 4. Mode Select the mode of the port, either Trunk, Untagged, or Tagged. The default is Untagged.
Page 92: L2 > Vlan Membership
Setting Up and Configuring the Router L2 Switch L2 > VLAN Membership L2 Switch > VLAN Membership VLAN ID Select the VLAN whose membership you want to configure. Description Enter a VLAN group name of up to 50 characters. Function/Port table The top half of the table indicates each port’s current mode (Untagged, Tagged, or Trunk).
Page 93: L2 > Radius
Setting Up and Configuring the Router L2 Switch L2 > RADIUS L2 Switch > RADIUS Mode Select Enabled or Disabled from the drop-down menu to enable or disable RADIUS. RADIUS IP Enter the Server IP address. RADIUS UDP Port Enter the UDP port. The UDP port is used to verify the RADIUS server authentication.
Page 94: L2 > Port Setting
Setting Up and Configuring the Router L2 Switch L2 > Port Setting L2 Switch > Port Setting Port Displays the physical port number. Link Displays the port duplex mode and speed. Full Duplex indicates that the interface supports transmission between the device and its link partner in both directions simultaneously.
Page 95: L2 > Statistics
Setting Up and Configuring the Router L2 Switch L2 > Statistics L2 Switch > Statistics Statistics Overview Tx Bytes Displays the number of Bytes transmitted from the selected port. Tx Frames Displays the number of Frames transmitted from the selected port. Rx Bytes Displays the number of Bytes received on the selected port.
Page 96: L2 > Port Mirroring
Setting Up and Configuring the Router L2 Switch L2 > Port Mirroring L2 Switch > Port Mirroring Mirror Source Use this to enable or disable source port mirroring for each port on the router. To enable source port mirroring on a port, check the box next to that port.
Page 97: L2 > Rstp
Setting Up and Configuring the Router L2 Switch L2 > RSTP L2 Switch > RSTP The RSTP (Rapid Spanning Tree Protocol) protocol prevents loops in the network and dynamically reconfigures which physical links in a switch should forward frames. System Priority Enter the system priority from 0 to 61440 in increments of 4096.
Page 98: Status
Setting Up and Configuring the Router Status Path Cost This is the RSTP path cost for the designated ports. Enter a number from 1 to 200000000, or auto (autogenerated path cost). The default is auto. Status Status > Gateway Status > Gateway Firmware Version Displays the Gateway’s current firmware.
Page 99 Setting Up and Configuring the Router Status DNS 1-2 Displays the DNS (Domain Name System) IP addresses currently used by this Gateway. IP Conntrack Click this button to display the IP Conntrack window. IP Conntrack The IP Conntrack (Connection Tracking) window displays information about TCP/ UDP connections, such as source and destination IP address and port number pairs (known as socket pairs), protocol types (TCP/UDP/ICMP), connection state and timeouts.
Page 100: Status > Local Network
Setting Up and Configuring the Router Status Status > Local Network Status > Local Network Current IP address System This shows the current system. MAC Address This is the router MAC Address, as seen on your local, Ethernet network. IP Address The Internet IP Address is displayed here.
Page 101 Setting Up and Configuring the Router Status ARP/RARP Table Clicking this button will open a window showing you which PCs are utilizing the router as an ARP/RARP server. On the ARP/RARP Table window, you will see a list of ARPs/RARPs (PCs and other network devices) with the following information: IP Addresses and MAC Addresses.
Page 102: Chapter 6: Using The Vpn Setup Wizard
Using the VPN Setup Wizard This chapter describes using the VPN Setup Wizard and includes these sections: • VPN Setup Wizard, page 95 • Before You Begin, page 95 • Running the VPN Router Software Wizard, page 96 VPN Setup Wizard Now you can configure a gateway-to-gateway VPN tunnel between two VPN routers in a fast and efficient way by using the VPN Setup Wizard.
Page 103: Running The Vpn Router Software Wizard
Using the VPN Setup Wizard Running the VPN Router Software Wizard Click Firewall > Basic Settings. STEP 1 Enable Remote Management and enter 8080 in the Port field. Please note that you STEP 2 cannot enter any other value if you want to use the VPN Wizard. Also, make sure that HTTPS has been selected.
Page 104 Using the VPN Setup Wizard Running the VPN Router Software Wizard Welcome Window An informational window discussing the VPN Wizard appears. When you are STEP 4 ready, click Next to proceed. Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 105 Using the VPN Setup Wizard Running the VPN Router Software Wizard Informational Window The Choose a way to build VPN window appears. STEP 5 • If your PC is local to one of the two routers, choose Build VPN connection from Local LAN port of one router, click Next, and continue with these instructions.
Page 106 Using the VPN Setup Wizard Running the VPN Router Software Wizard Build VPN Connection Remotely If you picked Build VPN connection from Local LAN port of one router, enter the STEP 6 required data in the Configure VPN Tunnel window and click Next to continue. Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 107 Using the VPN Setup Wizard Running the VPN Router Software Wizard Configure VPN Tunnel • Router 1 User Name: Enter the user name of the Router 1. • Router 1 Password: Enter the password of the Router 1. • Router 2 User Name: Enter the user name of the Router 2. •...
Page 108 Using the VPN Setup Wizard Running the VPN Router Software Wizard Check Router Configuration The Summary window appears. Use the Click box to view the VPNC Summary STEP 8 window. Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 109 Using the VPN Setup Wizard Running the VPN Router Software Wizard Summary Window The VPNC Summary window appears showing the settings that were made to STEP 9 industry standards. Click Close when you are ready to continue. VPNC Summary Window In the Summary window, if all your entries appear correct, click Go.
Page 110 Using the VPN Setup Wizard Running the VPN Router Software Wizard Configure the Router Click Testing to make sure the connection is successfully established. STEP 11 Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 111 Using the VPN Setup Wizard Running the VPN Router Software Wizard Test the Connection When testing is done, click Exit to end the Wizard. STEP 12 Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 112: Building Your Vpn Connection Remotely
Using the VPN Setup Wizard Running the VPN Router Software Wizard Exit the Wizard Congratulations! Setup is now complete. You may now log into the Web Administrator Interface and see the results. Test Results Building Your VPN Connection Remotely This procedure continues from Step 5 on page 98.
Page 113 Using the VPN Setup Wizard Running the VPN Router Software Wizard Choose Build VPN connection from Internet remotely. Click Next to continue. STEP 1 Build VPN Connection Remotely Enter the required data in the Configure VPN Tunnel window and then click Next to STEP 2 continue.
Page 114 Using the VPN Setup Wizard Running the VPN Router Software Wizard Configure VPN Tunnel Window • Router 1 User Name: Enter the user name of the Router 1. • Router 1 Password: Enter the password of the Router 1. • Router 2 User Name: Enter the user name of the Router 2.
Page 115 Using the VPN Setup Wizard Running the VPN Router Software Wizard The router configuration is checked. STEP 3 Check Router Configuration The Summary window appears. Use the Click box to view the VPNC Summary STEP 4 window. Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 116 Using the VPN Setup Wizard Running the VPN Router Software Wizard Summary Window The VPNC Summary window appears showing the settings that were made to STEP 5 industry standards. Click Close when you are ready to continue. VPNC Summary Window In the Summary window, if all your entries appear correct, click Go.
Page 117 Using the VPN Setup Wizard Running the VPN Router Software Wizard Configure the Router Click Testing to make sure the connection is successfully established. STEP 7 Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 118 Using the VPN Setup Wizard Running the VPN Router Software Wizard Test the Connection When testing is done, click Exit to end the Wizard. STEP 8 Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 119 Using the VPN Setup Wizard Running the VPN Router Software Wizard Congratulations! Setup is now complete. You may now log into the Web Administrator Interface and see the results. View Test Results Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 120: Appendix A: Troubleshooting
Troubleshooting This appendix provides solutions to problems that may occur during the installation and operation of the router. Read the descriptions below to help solve your problems. If you can’t find an answer here, check the Cisco website at www.cisco.com. I need to set a static IP address on a PC.
Page 121 Troubleshooting Select Use the following DNS server addresses, and enter the Preferred DNS STEP 7 server and Alternative DNS server (provided by your ISP). Contact your ISP or go on its website to find the information. Click OK in the Internet Protocol (TCP/IP) Properties window, and click OK in the STEP 8 Local Area Connection Properties window.
Page 122 Troubleshooting I want to test my Internet connection. Check your TCP/IP settings. STEP 1 Windows 2000 a. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections. b. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and click Properties.
Page 123 Troubleshooting • If you get a reply, the computer is communicating with the router. • If you do NOT get a reply, check the cable, and make sure Obtain an IP address automatically is selected in the TCP/IP settings for your Ethernet adapter.
Page 124 Troubleshooting Make sure the cable connecting from your cable or DSL modem is connected to STEP 5 the router’s Internet port. Verify that the Status page of the router’s web-based utility shows a valid IP address from your ISP. Turn off the computer, router, and cable/DSL modem. Wait 30 seconds, and then STEP 6 turn on the router, cable/DSL modem, and computer.
Page 125 Troubleshooting router’s IP address through the Setup menu of the web-based utility. If you assigned a static IP address to any computer or network device on the network, you need to change its IP address accordingly to 192. 1 68.2.Y (Y being any number from 1 to 254).
Page 126 Troubleshooting When you have completed the configuration, click Save Settings. STEP 5 I need to set up online game hosting or use other Internet applications. If you want to play online games or use Internet applications, most will work without doing any port forwarding or DMZ hosting. There may be cases when you want to host an online game or Internet application.
Page 127 Troubleshooting I can’t get an Internet game, server, or application to work. If you are having difficulties getting any Internet game, server, or application to function properly, consider exposing one PC to the Internet using DeMilitarized Zone (DMZ) hosting. This option is available when an application requires too many ports or when you are not sure which port services to use.
Page 128 Troubleshooting Click Save Settings. STEP 4 I am a PPPoE user and I need to remove the proxy settings or the dial- up pop-up window. If you have proxy settings, you need to disable these on your computer. Because the router is the gateway for the Internet connection, the computer does not need any proxy settings to gain access.
Page 129 Troubleshooting I need to upgrade the firmware. In order to upgrade the firmware with the latest features, you need to go to the Cisco website and download the latest firmware. For the firmware download link, Appendix G, “Where to Go From Here.” Follow these steps: Go to the Cisco website and download the latest firmware.
Page 130 Troubleshooting My DSL service’s PPPoE is always disconnecting. PPPoE is not actually a dedicated or always-on connection. The DSL ISP can disconnect the service after a period of inactivity, just like a normal phone dial-up connection to the Internet. There is a setup option to “keep alive” the connection. This may not always work, so you may need to re-establish connection periodically.
Page 131 Troubleshooting 1462 1400 1362 1300 I need to use port triggering. Port triggering looks at the outgoing port services used and will trigger the router to open a specific port, depending on which port an Internet application uses. Follow these steps: To connect to the router, go to the web browser, and enter http://192.168.1.1 or STEP 1 the IP address of the router.
Page 132 Troubleshooting • If the router is configured correctly, check your Internet connection (DSL/ cable modem, etc.) to see if it is working correctly. You can remove the router to verify a direct connection. • Manually configure the TCP/IP with a DNS address provided by your ISP. •...
Page 133: Frequently Asked Questions
Troubleshooting Frequently Asked Questions Frequently Asked Questions Q. What is the maximum number of IP addresses that the router will support? The router will support up to 253 IP addresses. Q. Is IPSec Passthrough supported by the router? Yes, enable or disable IPSec Passthrough on the VPN > VPN Pass Through window.
Page 134 Troubleshooting Frequently Asked Questions Q. I set up an Unreal Tournament Server, but others on the LAN cannot join. What do I need to do? If you have a dedicated Unreal Tournament server running, you need to create a static IP for each of the LAN computers and forward ports 7777, 7778, 7779, 7780, 7781, and 27900 to the IP address of the server.
Page 135 Troubleshooting Frequently Asked Questions latest firmware release that is readily available on the Cisco website at www.cisco.com. Q. How can I be notified of new router firmware upgrades? All Cisco firmware upgrades are posted on the Cisco website at www.cisco.com, where they can be downloaded for free.
Page 136 Troubleshooting Frequently Asked Questions Any platform that supports Ethernet and TCP/IP is compatible with the router. Q. How many ports can be simultaneously forwarded? Theoretically, the router can establish 2,048 sessions at the same time, but you can only forward 30 ranges of ports. Q.
Page 137: Appendix B: Using Cisco Quickvpn For Windows 2000, Xp, Or Vista
Using Cisco QuickVPN for Windows 2000, XP, or Vista Overview This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from www.cisco.com. QuickVPN works with computers running Windows 2000, XP, or Vista. (Computers using other operating systems will have to use third-party VPN software.) For Windows Vista, QuickVPN Client version 1.2.5 or later is required.
Page 138: Installing The Cisco Quickvpn Software
Using Cisco QuickVPN for Windows 2000, XP, or Vista Installing the Cisco QuickVPN Software Click the Active checkbox for VPN Client No. 1. STEP 5 Click Save Settings. STEP 6 VPN Client Accounts Window Installing the Cisco QuickVPN Software Installing from the CD-ROM Insert the RVS4000 CD-ROM into your CD-ROM drive.
Page 139 Using Cisco QuickVPN for Windows 2000, XP, or Vista Installing the Cisco QuickVPN Software License Agreement Copying Files Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 140: Downloading And Installing From The Internet
Using Cisco QuickVPN for Windows 2000, XP, or Vista Installing the Cisco QuickVPN Software Finished Installing Files Click Finished to complete the installation. Proceed to “Using the Cisco QuickVPN STEP 3 Software,” on page134. Downloading and Installing from the Internet Go to firmware download link in Appendix G, “Where to Go From Here.”...
Page 141: Using The Cisco Quickvpn Software
Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software Using the Cisco QuickVPN Software Double-click the Cisco QuickVPN software icon on your desktop or in the system STEP 1 tray. The QuickVPN Login window will appear. In the Profile Name field, enter a name STEP 2 for your profile.
Page 142 Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software To save this profile, click Save. (If there are multiple sites to which you will need to create a tunnel, you can create multiple profiles, but note that only one tunnel can be active at a time.) To delete this profile, click Delete.
Page 143: Distributing Certificates To Quickvpn Users
Using Cisco QuickVPN for Windows 2000, XP, or Vista Distributing Certificates to QuickVPN Users Connect Virtual Private Connection You can change your password only if you have been granted that privilege NOTE by your system administrator. Distributing Certificates to QuickVPN Users The following explains how to export a certificate from the RVS4000 for distribution to QuickVPN users, as well as how to install the certificate on the QuickVPN users’...
Page 144 Using Cisco QuickVPN for Windows 2000, XP, or Vista Distributing Certificates to QuickVPN Users Each QuickVPN user must then install the certificate as follows: STEP 3 a. Save the certificate into the directory where the QuickVPN Client is installed. For example: C:\Program Files\Cisco\QuickVPN Client\ b.
Page 145: Appendix C: Configuring Ipsec With A Windows 2000 Or Xp Computer
Configuring IPSec with a Windows 2000 or XP Computer This appendix describes configuring IPSec with a computer that is using Windows 2000 or Windows XP. It includes the following sections: • Introduction, page138 • Environment, page139 • How to Establish a Secure IPSec Tunnel, page139 Introduction This appendix explains how to establish a secure IPSec tunnel using preshared keys to join a private network inside the router and a Windows 2000 or XP...
Page 146: Environment
Configuring IPSec with a Windows 2000 or XP Computer Environment The text on your screen may differ from the text in your instructions NOTE regarding the OK or Close buttons; click the appropriate button on your screen. Environment The IP addresses and other specifics mentioned in this appendix are for illustration purposes only.
Page 147: Establishing A Secure Ipsec Tunnel
Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel • Step 4: Assign New IPSec Policy • Step 5: Create a Tunnel Through the Web-Based Utility Establishing a Secure IPSec Tunnel Create an IPSec policy. STEP 1 a.
Page 148 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Filter List 1: win -> router a. In the new policy’s properties window, verify that the Rules tab is selected. Deselect the Use Add Wizard check box, and click Add to create a new rule. Rules Tab b.
Page 149 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel IP Filter List Tab c. The IP Filter List window should appear. Enter an appropriate name, such as win-> Router, for the filter list, and de-select the Use Add Wizard check box. Then, click Add.
Page 150 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Filters Properties In the Source address field, select My IP Address. In the Destination address field, select A specific IP Subnet, and enter the IP Address 192.168.1.0 and Subnet mask 255.255.255.0.
Page 151 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel New Rules Properties h. The IP Filter List window should appear. Enter an appropriate name, such as Router->win for the filter list, and de-select the Use Add Wizard check box. Click Add.
Page 152 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel 192.168.1.0 and Subnet mask 255.255.255.0. (Enter your new values if you have changed the default settings.) In the Destination address field, select My IP Address. Filters Properties If you want to enter a description for your filter, click the Description tab and enter the description there.
Page 153 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel New Rule Properties Configure individual tunnel rules. STEP 3 Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 154 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Tunnel 1: win->Router a. On the IP Filter List tab, select filter list win->Router. IP Filter List Tab b. Click the Filter Action tab, and click the filter action Require Security radio button.
Page 155 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Filter Action Tab c. On the Security Methods tab, verify that the Negotiate security option is enabled, and deselect the Accept unsecured communication, but always respond using IPSec check box.
Page 156 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Security Methods Tab d. Select the Authentication Methods tab, and click Edit. Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 157 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Authentication Methods Tab e. Change the authentication method to Use this string to protect the key exchange (preshared key), and enter the preshared key string, such as XYZ12345.
Page 158 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel This new Preshared key will be displayed. Click the Apply button to continue, if it appears on your screen; otherwise, proceed to the next step. New Preshared Key g.
Page 159 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel h. Select the Connection Type tab, and click All network connections. Then, click the OK or Close button to finish this rule. Connection Type Tab Tunnel 2: Router->win In the new policy’s Properties window, make sure that win ->...
Page 160 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Properties Window Go to the IP Filter List tab, and click the filter list Router->win. IP Filter List Tab k. Click the Filter Action tab, and select the filter action Require Security. Then, click Edit.
Page 161 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel always respond using IPSec check box. Select Session key Perfect Forward Secrecy, and click OK. Filter Action Tab Click the Authentication Methods tab, and verify that the authentication method Kerberos is selected.
Page 162 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel m. Change the authentication method to Use this string to protect the key exchange (preshared key), and enter the preshared key string, such as XYZ12345.
Page 163 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel New Preshared Key o. Click the Tunnel Setting tab. Click the radio button The tunnel endpoint is specified by this IP Address, and enter the Windows 2000/XP computer’s IP Address.
Page 164 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel p. Click the Connection Type tab, and select All network connections. Then click OK or Close to finish. Connection Type Tab q. On the Rules tab, click the OK or Close button to return to the window showing the security policies.
Page 165 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Rules Tab Assign new IPSec policy. STEP 4 In the IP Security Policies on Local Machine window, right-click the policy named to_Router, and click Assign. A green arrow appears in the folder icon. Local Computer Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 166 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel Create a tunnel through the web-based utility. STEP 5 a. Open your web browser, and enter 192.168.1.1 in the Address field. Press Enter. b. When the User name and Password fields appear, enter the default user name and password, admin.
Page 167 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel VPN > IPSec VPN d. Select the tunnel you wish to create in the Select Tunnel Entry drop-down box. Then click Enable. Enter the name of the tunnel in the Tunnel Name field. This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel.
Page 168 Configuring IPSec with a Windows 2000 or XP Computer How to Establish a Secure IPSec Tunnel e. Enter the IP Address and Subnet Mask of the local VPN router in the Local Group Setup fields. To allow access to the entire IP subnet, enter 0 for the last set of IP Addresses (e.g.
Page 169: Appendix D: Gateway-To-Gateway Vpn Tunnel
Gateway-to-Gateway VPN Tunnel Overview This appendix explains how to configure an IPSec VPN tunnel between two VPN routers by example. Two computers are used to test the liveliness of the tunnel. The following sections are included: • Before You Begin, page162 •...
Page 170: Configuration When The Remote Gateway Uses A Static Ip Address
Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Static IP Address Configuration when the Remote Gateway Uses a Static IP Address This example assumes the Remote Gateway is using a static IP address. If the Remote Gateway uses a dynamic IP address, refer to“Configuration when the Remote Gateway Uses a Dynamic IP Address,”...
Page 171 Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Static IP Address The WAN IP address (A.A.A.A) of the RVS4000 will be automatically detected. For the Local Security Group Type, select Subnet. Enter the RVS4000’s local network settings in the IP Address and Subnet Mask fields. RVS4000 IPSec VPN Settings g.
Page 172 Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Static IP Address RVS4000 IPSec Setup Settings k. If you need more detailed settings, click Advanced Settings. Otherwise, click Save Settings and proceed to the next step to configure the RV082. Configuration of the RV082.
Page 173 Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Static IP Address RV082 VPN Settings h. For the Remote Security Gateway Type, select IP address. Enter the RVS4000’s WAN IP address in the IP Address field. For the Remote Security Group Type, select Subnet. Enter the RVS4000’s local network settings in the IP Address and Subnet Mask fields.
Page 174: Configuration When The Remote Gateway Uses A Dynamic Ip Address
Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Dynamic IP Address RV082 IPSec Setup Settings 1. If you need more detailed settings, click Advanced Settings. Otherwise, click Save Settings. Configuration of PC 1 and PC 2. STEP 3 Verify that PC 1 and PC 2 can ping each other (refer to Windows Help for more information).
Page 175 Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Dynamic IP Address Gateway-to-Gateway IPSec VPN Tunnel - Remote Gateway Using Dynamic IP Each computer must have a network adapter installed. NOTE Configuration of the RVS4000. STEP 1 Follow these instructions for the first VPN router, designated RVS4000. The other VPN router is designated the RV082.
Page 176 Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Dynamic IP Address RVS4000 IPSec VPN Settings g. For the Remote Security Gateway Type, select IP by DNS Resolved. Enter the RV082’s domain name in the field provided. h. For the Remote Security Group Type, select Subnet. Enter the RV082’s local network settings in the IP Address and Subnet Mask fields.
Page 177 Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Dynamic IP Address RVS4000 IPSec Setup Settings k. If you need more detailed settings, click Advanced Settings. Otherwise, click Save Settings and proceed to the next step, “Configuration of the RV082.” Configuration of the RV082.
Page 178 Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Dynamic IP Address RV082 VPN Settings h. For the Remote Security Gateway Type, select IP address. Enter the RVS4000’s WAN IP address in the IP Address field. For the Remote Security Group Type, select Subnet. Enter the RVS4000’s local network settings in the IP Address and Subnet Mask fields.
Page 179: Configuration When Both Gateways Use Dynamic Ip Addresses
Gateway-to-Gateway VPN Tunnel Configuration When Both Gateways Use Dynamic IP Addresses RV082 IPSec Setup Settings If you need more detailed settings, click Advanced Settings. Otherwise, click Save Settings. Configuration of PC 1 and PC 2. STEP 3 Verify that PC 1 and PC 2 can ping each other (refer to Windows Help for more information).
Page 180 Gateway-to-Gateway VPN Tunnel Configuration When Both Gateways Use Dynamic IP Addresses Gateway-to-Gateway IPSec VPN Tunnel - Both Gateways Using Dynamic IP Each computer must have a network adapter installed. NOTE Configuration of the RVS4000. STEP 1 Follow these instructions for the first VPN router, designated RVS4000. The other VPN router is designated the RV082.
Page 181 Gateway-to-Gateway VPN Tunnel Configuration When Both Gateways Use Dynamic IP Addresses RVS4000 IPSec VPN Settings g. For the Remote Security Gateway Type, select IP by DNS Resolved. Enter the RV082’s domain name in the field provided. h. For the Remote Security Group Type, select Subnet. Enter the RV082’s local network settings in the IP Address and Subnet Mask fields.
Page 182 Gateway-to-Gateway VPN Tunnel Configuration When Both Gateways Use Dynamic IP Addresses RVS4000 IPSec Setup Settings k. If you need more detailed settings, click Advanced Settings. Otherwise, click Save Settings and proceed to the next step, “Configuration of the RV082.” Configuration of the RV082. STEP 2 Follow similar instructions for the RV082.
Page 183 Gateway-to-Gateway VPN Tunnel Configuration When Both Gateways Use Dynamic IP Addresses RV082 VPN Settings h. For the Remote Security Gateway Type, select IP by DNS Resolved. Enter the RVS4000’s domain name in the field provided. For the Remote Security Group Type, select Subnet. Enter the RVS4000’s local network settings in the IP Address and Subnet Mask fields.
Page 184 Gateway-to-Gateway VPN Tunnel Configuration When Both Gateways Use Dynamic IP Addresses RV082 IPSec Setup Settings If you need more detailed settings, click Advanced Settings. Otherwise, click Save Settings. Configuration of PC 1 and PC 2. STEP 3 Verify that PC 1 and PC 2 can ping each other (refer to Windows Help for more information).
Page 185: Appendix E: Trend Micro Protectlink Gateway Service
Trend Micro ProtectLink Gateway Service Overview The optional Trend Micro ProtectLink Gateway service provides security for your network. It scans e-mail messages, filters website addresses (URLs), and blocks potentially malicious websites. ProtectLink is available for online purchase through online resellers such as CDW.com and PCConnection.com. This appendix explains how to use this service and includes the following sections: •...
Page 186: How To Purchase, Register, Or Activate The Service
Trend Micro ProtectLink Gateway Service How to Purchase, Register, or Activate the Service If the Remote Management feature on the Firewall > General window has NOTE been enabled, then users with administrative privileges can remotely access the web-based utility. Use http://<WAN IP address of the router>, or use https://<WAN IP address of the router>...
Page 187 Trend Micro ProtectLink Gateway Service How to Purchase, Register, or Activate the Service If the ProtectLink menu is not displayed, upgrade the router’s firmware. For NOTE the firmware download link, see Appendix G, “Where to Go From Here.” ProtectLink (Inactive) Follow the instructions for the appropriate option: •...
Page 188: How To Use The Service
Trend Micro ProtectLink Gateway Service How to Use the Service I have my Activation Code (AC) and want to activate ProtectLink Gateway. you have registered, click this link. A wizard begins. Follow the on-screen instructions. When the wizard is complete, the Web Protection, Email Protection, and License menus will appear.
Page 189: Protectlink > Web Protection
Trend Micro ProtectLink Gateway Service How to Use the Service You need to purchase a ProtectLink Gateway license to use the Web Protection and NOTE Email Protection features. If you do not have a license, you will be prompted to purchase a license when you click ProtectLink >...
Page 190 Trend Micro ProtectLink Gateway Service How to Use the Service ProtectLink > Web Protection Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide...
Page 191 Trend Micro ProtectLink Gateway Service How to Use the Service Web Protection Enable URL Filtering To filter website addresses (URLs), select this option. Enable Web Reputation To block potentially malicious websites, select this option. URL Filtering Reset Counter The router counts the number of attempted visits to a restricted URL.
Page 192 Trend Micro ProtectLink Gateway Service How to Use the Service Approved URLs You can designate up to 20 trusted URLs that will always be accessible. Enable Approved URL list To set up a list of always accessible URLs, select this option.
Page 193: Protectlink > Email Protection
Trend Micro ProtectLink Gateway Service How to Use the Service ProtectLink > Email Protection The Email Protection features are provided by an online service called IMHS, which stands for InterScan™ Messaging Hosted Security. It checks your e-mail messages so spam, viruses, and inappropriate content are filtered out. After you have configured the IMHS settings, your e-mail messages will be checked online before appropriate messages are forwarded to your network.
Page 194 Trend Micro ProtectLink Gateway Service How to Use the Service For example, if you provide the information needed for Email Protection one NOTE month after receiving the activation code for Web Protection, then you will receive only 11 months of Email Protection. On the License window, license information is displayed.
Page 195: Appendix F: Specifications
Specifications The Cisco RVS4000 4-Port Gigabit Security Router with VPN specifications are described in this appendix. Specifications Model RVS4000 Standards IEEE802.3, 802.3u, 802. 1 X, RFC791 (IP Protocol), RFC2460, IPv4 (RFC791), IPv6 (RFC2460), RIPv1 (RFC1058), RIPv2 (RFC1723) Ports Ethernet, Power Buttons Reset Cabling Type...
Page 196: Management
Specifications Management SNMP Version SNMP version 1, 2c Event Logging Local, Syslog, Email Alerts Firmware Upgrade Firmware upgradable through web browser Diagnostics Flash, RAM Security Features Access Control Access Control List (ACL) Capability: MAC-based, IP-based Firewall SPI stateful packet inspection firewall Content Filtering Static URL blocking or keyword blocking (included), Dynamic Filtering through Trend Micro™...
Page 197: Network
Specifications Network DHCP DHCP Server, DHCP Client, DHCP Relay Agent DNS Relay, Dynamic DNS (DynDNS, TZO) PAT, NAPT Software configurable on any LAN port configuration, DHCPv6, ICMPv6 IPv6 Dual Stack IPv4 and IPv6, 6to4, Stateless Address Auto- Static DHCP DHCP Server supports static IP address based on MAC address 5 QuickVPN Tunnels for remote client access;...
Page 198: Environmental
Specifications Port Mirroring One of the five WAN/LAN ports can be mirrored to a selected LAN port RSTP Supports Rapid Spanning Tree Protocol for loop detection and faster reconfiguration Environmental Dimensions 6.69 in. x 1.61 in. x 6.69 in. W x H x D (170 mm x 41 mm x 170 mm) Unit Weight 0.84 lb (0.38 kg)
Page 199: Appendix G: Where To Go From Here
Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco RVS4000 4-Port Gigabit Security Router with VPN. Product Resources Resource Location Technical www.cisco.com/en/US/products/ps9923/ Documentation tsd_products_support_series_home.html Firmware www.cisco.com/en/US/products/ps9923/index.html Downloads...
Page 200: Related Documentation
Where to Go From Here Related Documentation Related Documentation Cisco Small Business For hardware setup for the Cisco RVS4000 router, see the Model RVS4000 4-Port Gigabit Security Router with VPN Quick Start Guide For compliance and safety information, see the Regulatory Compliance and Safety Information for the Cisco Wired and Wireless Routers and Access Point Devices (EMC Class B Devices)

This manual is also suitable for:

Small business rvs4000

Cisco QuickVPN - PC Administration Manual

Chapter 1: Introduction

Chapter 2: Networking and Security Basics

Chapter 3: Planning Your Virtual Private Network (VPN)

Chapter 4: Getting Started with the RVS4000 Router

Chapter 5: Setting up and Configuring the Router

Chapter 6: Using the VPN Setup Wizard

Appendix A: Troubleshooting

Appendix B: Using Cisco Quickvpn for Windows 2000, XP, or Vista

Appendix C: Configuring Ipsec with a Windows 2000 or XP Computer

Appendix D: Gateway-To-Gateway VPN Tunnel

Appendix E: Trend Micro Protectlink Gateway Service

Appendix F: Specifications

Appendix G: Where to Go from here

Quick Links

Related Manuals for Cisco QuickVPN - PC

Summary of Contents for Cisco QuickVPN - PC

This manual is also suitable for:

Table of Contents