Page 1 USER GUIDE 4-Port SSL/IPSec VPN Router BUSINESS SERIES with Ports 4-portuter Model No. RVL200 WIRED Model No. Model No. Model No. Model No.
Page 2 4-Port SSL/IPSec VPN Router Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. Copyright © 2006 Cisco Systems, Inc. All rights reserved.
Page 3: Table Of Contents
4-Port SSL/IPSec VPN Router Table of Contents Chapter 1: Introduction Welcome What’s in this Guide? Chapter 2: Networking Basics An Introduction to LANs The Use of IP Addresses Why do I need a VPN? What is a VPN? Chapter 3: Getting to Know the Router The Front Panel The Back Panel Chapter 4: Connecting the Router...
Page 4 4-Port SSL/IPSec VPN Router System Management Tab - Restart System Management Tab - Setting Backup Port Management Tab - Port Setup Port Management Tab - Port Status Port Management Tab - Create VLAN Port Management Tab - Port Setting Port Management Tab - VLAN Membership QoS Tab - Bandwidth Management QoS Tab - QoS Setup QoS Tab - Queue Settings...
Page 5 4-Port SSL/IPSec VPN Router Appendix D: Configuring Bandwidth Management Overview Creating New Services Creating New Bandwidth Management Rules Appendix E: Configuring an Active Directory Server Troubleshooting Appendix F: Adding a User for the Active Directory Server Appendix G: Installing an Internet Authentication Service (IAS) Server Appendix H: Configuring the Router’s Settings for a Lightweight Directory Access Protocol (LDAP) Server Appendix I: Deploying the 4-Port SSL/IPSec VPN Router in an...
Page 6 4-Port SSL/IPSec VPN Router Appendix O: Specifications Performance Setup/Configuration Management Security Network Routing Environmental Appendix P: Warranty Information Appendix Q: Regulatory Information Appendix R: Contact Information...
Page 7 4-Port SSL/IPSec VPN Router List of Figures Figure 2-1: VPN Router-to-VPN Router VPN Figure 2-2: Computer-to-VPN Router VPN Figure 3-1: Front Panel Figure 3-2: Back Panel Figure 4-1: Example of a Typical Network Figure 4-2: Connect the Internet Figure 4-3: Connect a PC Figure 4-4: Connect the Power Figure 5-1: Internet Explorer - Internet Options - Advanced Figure 5-2: Internet Explorer - Internet Options - Security...
Page 8 4-Port SSL/IPSec VPN Router Figure 5-20: Setup Tab - Time (Automatic) Figure 5-21: Setup Tab - Time (Manual) Figure 5-22: Setup Tab - DMZ Host Figure 5-23: Setup Tab - Forwarding Figure 5-24: Service Management Figure 5-25: Setup Tab - UPnP Figure 5-26: Setup Tab - MAC Clone Figure 5-27: Setup Tab - DDNS Figure 5-28: Setup Tab - Advanced Routing...
Page 9 4-Port SSL/IPSec VPN Router Figure 5-51: Service Management Figure 5-52: Firewall Tab - Content Filter Figure 5-53: IPSec VPN Tab - Summary Figure 5-54: Choose Mode Figure 5-55: IPSec VPN Tab - Gateway to Gateway Figure 5-56: IPSec Setup - IKE with Preshared Key Figure 5-57: IPSec VPN Tab - VPN Pass Through Figure 5-58: SSL VPN Tab - Summary Figure 5-59: SSL VPN Tab - User Management - Local User Database...
Page 10 Figure C-11: Click Continue Anyway Figure C-12: Installation Complete Figure C-13: SSL VPN Tunnel Established Figure C-14: Tray Icon Figure C-15: Virtual Passage Menu Figure C-16: Virtual Passage Connection Status Figure D-1: Linksys VPN License Agreement Figure D-2: Vonage VoIP Service...
Page 11 4-Port SSL/IPSec VPN Router Figure D-3: Vonage 2 Service Figure D-4: Vonage VoIP Rule Figure D-5: Vonage 2 Rule Figure E-1: Welcome to the Configure Your Server Wizard Figure E-2: Preliminary Steps Figure E-3: Server Role Figure E-4: Summary of Selections Figure E-5: Welcome to the Active Directory Installation Wizard Figure E-6: Operating System Compatibility Figure E-7: Domain Controller Type...
Page 12 Figure G-25: Completing the New Connection Request Processing Policy Wizard Figure H-1: SSL VPN - User Management Figure H-2: LDAP Figure I-1: RVL200 LAN to RV082 LAN Figure I-2: RVL200 WAN to RV082 LAN Figure J-1: Gateway-to-Gateway IPSec VPN Tunnel - Remote Gateway Using Static IP...
Page 13 4-Port SSL/IPSec VPN Router Figure J-6: Gateway-to-Gateway IPSec VPN Tunnel - Remote Gateway Using Dynamic IP Figure J-7: RVL200 IPSec VPN Settings Figure J-8: RVL200 IPSec Setup Settings Figure J-9: RV082 VPN Settings Figure J-10: RV082 IPSec Setup Settings Figure K-1: Traffic in Scenario 1 Figure K-2: Router A’s IPSec VPN Settings...
Page 14: Chapter 1: Introduction
Chapter 1: Introduction Welcome Thank you for choosing the Linksys 4-Port SSL/IPSec VPN Router. The Router is an advanced Internet-sharing network solution for your small business needs. Like any router, it lets multiple computers in your office share an Internet connection. It features a built-in, 4-port, full-duplex, 10/100 Ethernet switch to connect four PCs directly, Ethernet: a network protocol that specifies or you can connect more switches to create as big a network as you need.
Page 15: Configuring Scenario
4-Port SSL/IPSec VPN Router • Appendix A: Troubleshooting This appendix describes some problems and solutions, as well as frequently asked questions, regarding installation and use of the Router. • Appendix B: Physical Setup of the Router This appendix describes the physical setup of the Router. •...
Page 16 • Appendix Q: Regulatory Information This appendix supplies the regulatory information regarding the Router. • Appendix R: Contact Information This appendix provides contact information for a variety of Linksys resources, including Technical Support. Chapter 1: Introduction What’s in this Guide?
Page 17: Chapter 2: Networking Basics
4-Port SSL/IPSec VPN Router Chapter 2: Networking Basics An Introduction to LANs A Router is a network device that connects two networks together. The Router connects your local area network (LAN), or the group of PCs in your home or office, to the Internet. The LAN: the computers and networking products that Router processes and regulates the data that travels between these two networks.
Page 18: Why Do I Need A Vpn
4-Port SSL/IPSec VPN Router A DHCP server can either be a designated PC on the network or another network device, such as the Router. By default, the Router’s Internet Connection Type is Obtain an IP automatically (DHCP). NOTE: Since the Router is a device that connects two The PC or network device obtaining an IP address is called the DHCP client.
Page 19: What Is A Vpn
4-Port SSL/IPSec VPN Router A hacker can use this information to spoof (or fake) a MAC address allowed on the network. With this spoofed MAC address, the hacker can also intercept information meant for another user. 2) Data Sniffing Data “sniffing” is a method used by hackers to obtain network data as it travels through unsecured networks, such as the Internet.
Page 20: Figure 2-1: Vpn Router-To-Vpn Router Vpn
Internet, distance is not a factor. Using the VPN, the businesswoman now has a secure connection to the central office's network, as if she were physically connected. Central Office For additional information and instructions about creating your own VPN, please visit Linksys’s website at VPN Router www.linksys.com.
Page 21: Chapter 3: Getting To Know The Router
4-Port SSL/IPSec VPN Router Chapter 3: Getting to Know the Router The Front Panel The Router’s LEDs are located on the front panel of the Router. Figure 3-1: Front Panel LEDs POWER Green. The POWER LED lights up when the Router is powered on. DIAG Orange.
Page 22: The Back Panel
4-Port SSL/IPSec VPN Router The Back Panel The Router’s ports and Reset button are located on the back panel of the Router. Figure 3-2: Back Panel RESET Button The RESET button can be used in one of two ways: Warm Reset If the Router is having problems connecting to the Internet, press and hold in the RESET button for four seconds with a paper clip or a pencil tip.
Page 23: Chapter 4: Connecting The Router
4-Port SSL/IPSec VPN Router Chapter 4: Connecting the Router Overview To set up your network, you will do the following: • Connect the Router to one of your PCs according to the instructions in this chapter. • By default, Windows 98, 2000, Millennium, and XP computers are set to obtain an IP address automatically, so unless you have changed the default setting, then you will not need to configure your PCs.
Page 24: Connection Instructions
4-Port SSL/IPSec VPN Router Connection Instructions 1. Before you begin, make sure that all of your hardware is powered off, including the Router, PCs, switches, and cable or DSL modem. 2. Connect your cable or DSL modem’s Ethernet cable to the Router’s Internet port. 3.
Page 25: Chapter 5: Setting Up And Configuring The Router
4-Port SSL/IPSec VPN Router Chapter 5: Setting Up and Configuring the Router Overview For your convenience, use the Router’s Web-based Utility to set it up and configure it. This chapter will explain all of the functions in this Utility. There are 13 main tabs in the Utility: System Summary, Setup, DHCP, System Management, Port Management, QoS, Firewall, IPSec VPN, SSL VPN, Log, Wizard, Support, and Logout.
Page 26 4-Port SSL/IPSec VPN Router • DDNS. Dynamic Domain Name Service (DDNS) service allows you to assign a fixed domain name to a dynamic WAN IP address. This allows you to host your own web, FTP, or other type of TCP/IP server in your LAN. •...
Page 27 4-Port SSL/IPSec VPN Router • VLAN Membership. Use this screen to define the members of a VLAN. QoS Tab • Bandwidth Management. Configure the Router so that the higher priority types of network traffic receive better service. • QoS Setup. Enable Quality of Service (QoS) and configure Trust Mode and Class of Service (CoS) settings. •...
Page 28: Before You Begin
• Wizard. Use this tab to access two Setup Wizards, the Basic Setup Wizard and Access Rule Setup Wizard. Support Tab • Support. Use this screen to conveniently access this User Guide and the Linksys website. Logout Tab • Logout. Click the Logout tab to exit the Utility.
Page 29: Figure 5-3: Internet Explorer - Internet Options - Privacy
4-Port SSL/IPSec VPN Router 5. Click the Use SSL 2.0 and Use SSL 3.0 checkboxes. 6. Click the OK button. 7. Click the Security tab. 8. Click the Enable radio button for Active scripting, Allow paste operations via script, and Scripting of Java applets.
Page 30: Figure 5-5: Netscape Communicator - Options - Site Controls - Web Features
4-Port SSL/IPSec VPN Router 7. Click Allow cookies. 8. Click Enable JavaScript. 9. Click the Advanced button. 10. Click Enable ActiveX. 11. Click the OK button. 12. Under Options, click Advanced. 13. Click Security. 14. Click the Use SSL 2.0 and Use SSL 3.0 checkboxes. 15.
Page 31: How To Access The Web-Based Utility
4-Port SSL/IPSec VPN Router How to Access the Web-based Utility 1. For local access of the Router’s Web-based Utility, launch your web browser, and enter the Router’s default IP Figure 5-7: Router’s Local IP Address address, 192.168.1.1, in the Address field. Press the Enter key. NOTE: If the Remote Management feature on the Firewall - General screen has been enabled, then users with administrative privileges can remotely access the Web-based Utility.
Page 32: System Summary Tab
4-Port SSL/IPSec VPN Router System Summary Tab The first screen that appears is the System Summary tab, which displays the Router’s current status and settings. This information is read-only. Underlined text is hyperlinked to related setup pages, so if you click a hyperlink, the related setup screen will appear.
Page 33: Figure 5-13: Port 1 Information
4-Port SSL/IPSec VPN Router address, and click the Renew button to update the DHCP Lease Time or get a new IP address. If the WAN port is set to PPPoE or PPTP, two buttons, Connect and Disconnect, will be available. Mode.
Page 34 4-Port SSL/IPSec VPN Router Tunnel(s) Available. It shows the number of VPN tunnels available. Log Setting Status It hyperlinks to the System Log page of the Log tab. If you have not set up the e-mail server on the Log tab, the message, “E-mail cannot be sent because you have not specified an outbound SMTP server address,”...
Page 35: Setup Tab - Network
4-Port SSL/IPSec VPN Router Setup Tab - Network The Setup screen shows all of the Router’s basic setup functions. The Router can be used in most network setups without changing any of the default values; however, you may need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL or cable) carrier.
Page 36: Figure 5-16: Static Ip
4-Port SSL/IPSec VPN Router Static IP 1. If you are required to use a permanent IP address, select Static IP. 2. Enter your settings in the Specify WAN IP Address, Subnet Mask, Default Gateway Address, and DNS Server fields (at least one DNS Server IP address is required). Check your service installation receipt for this information;...
Page 37: Figure 5-18: Pptp
4-Port SSL/IPSec VPN Router PPTP (Point-to-Point Tunneling Protocol) Point to Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe and Israel only. 1. Enter your settings in the Specify WAN IP Address, Subnet Mask, and Default Gateway Address fields. This information is provided by your ISP.
Page 38: Setup Tab - Password
4-Port SSL/IPSec VPN Router Setup Tab - Password The Router's default User Name and Password is admin, and it is strongly recommended that you change the Router's password from the default to a unique password. NOTE: The password cannot be recovered if it is lost or forgotten. If the password is lost or forgotten, you have to reset the Router to its factory default settings;...
Page 39: Setup Tab - Time
4-Port SSL/IPSec VPN Router Setup Tab - Time The Router uses the time settings to time stamp log events, automatically apply the Access Rules and Content Filter, and perform other activities for other internal purposes. Time To set the local time, select Set the local time using the Network Time Protocol (NTP) automatically or Set the local time Manually.
Page 40: Setup Tab - Dmz Host
4-Port SSL/IPSec VPN Router Setup Tab - DMZ Host The DMZ (Demilitarized Zone) Host feature allows one local user to be exposed to the Internet for use of a special-purpose service such as Internet gaming or video conferencing. Although Port Range Forwarding can only forward 10 ranges of ports maximum, DMZ hosting forwards all the ports to one PC at the same time.
Page 41: Figure 5-24: Service Management
4-Port SSL/IPSec VPN Router 1. Select the Service you want from the pull-down menu. 2. If the Service you need is not listed in the menu, click the Service Management button to add the new service. The Service Management screen will appear. Enter a name in the Service Name field. From the Protocol drop-down menu, select the protocol it uses.
Page 42: Setup Tab - Upnp
4-Port SSL/IPSec VPN Router Setup Tab - UPnP Universal Plug and Play (UPnP) can be used to set up public services on your network. When the UPnP function is enabled, Windows XP can modify these entries via UPnP. UPnP 1. Select Yes to enable the UPnP function. 2.
Page 43: Setup Tab - Mac Clone
4-Port SSL/IPSec VPN Router Setup Tab - MAC Clone Some ISPs require that you register a MAC address, which is a 12-digit code assigned to a unique piece of hardware for identification. The MAC Clone feature “clones” your network adapter's MAC address onto the Router, so you don’t have to call your ISP to change the registered MAC address to the Router's MAC address.
Page 44: Setup Tab - Ddns
4-Port SSL/IPSec VPN Router Setup Tab - DDNS Dynamic Domain Name System (DDNS) service allows you to assign a fixed domain name to a dynamic WAN IP address, so you can host your own web, FTP or other type of TCP/IP server in your LAN. The DDNS feature is disabled by default.
Page 45: Setup Tab - Advanced Routing
4-Port SSL/IPSec VPN Router Setup Tab - Advanced Routing The Advanced Routing screen allows you to configure the dynamic and static routing settings. Advanced Routing Dynamic Routing The Router's dynamic routing feature can be used, so the Router will automatically adjust to physical changes in the network's layout.
Page 46 4-Port SSL/IPSec VPN Router If you want to use static routing, the Router's DHCP settings must be disabled. Then add routing entries to the Static Routing table. These entries tell the Router where to send all incoming packets. All of your network routers should direct the default route entry to the 4-Port SSL/IPSec VPN Router.
Page 47: Dhcp Tab - Setup
4-Port SSL/IPSec VPN Router DHCP Tab - Setup The Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your network. A DHCP server automatically assigns available IP addresses to computers on your network. If you choose to enable the DHCP server option, all of the PCs on your LAN must be set to obtain an IP address automatically from a DHCP server.
Page 48: Dhcp Tab - Status
4-Port SSL/IPSec VPN Router DHCP Tab - Status A Status page is available so you can view the status information for the DHCP server and its clients. Status For the DHCP server, the following information is shown: DHCP Server. This is the IP address of the DHCP server. Dynamic IP Used.
Page 49: System Management Tab - Snmp
4-Port SSL/IPSec VPN Router System Management Tab - SNMP Simple Network Management Protocol (SNMP) is a network protocol that provides network administrators with the ability to monitor the status of the Router and receive notification of any critical events as they occur on the network.
Page 50: System Management Tab - Factory Default
Firmware Download Firmware Upgrade Firmware Download from Linksys Web Site. If you need to download the latest version of the Router’s firmware, click the Firmware Download from Linksys Web Site button. You will see the Support page of the Linksys website.
Page 51: System Management Tab - Restart
This file will be called RVL200.exp by default, but you may rename it if you wish. This process may take up to a minute.
Page 52: Port Management Tab - Port Setup
4-Port SSL/IPSec VPN Router Port Management Tab - Port Setup On this screen you can configure the connection settings for each local port, such as priority, speed, and duplex. You can also enable or disable the auto-negotiation feature for all ports. Basic Per Port Config.
Page 53: Port Management Tab - Port Status
4-Port SSL/IPSec VPN Router Port Management Tab - Port Status To see the status information and settings for a specific port, select its ID number or name from the Port ID drop-down menu. Port Status Summary For the selected port, the Summary table will show these settings: Type, Interface, Link Status, Port Activity, Speed Status, Duplex Status, and Auto negotiation.
Page 54: Port Management Tab - Create Vlan
4-Port SSL/IPSec VPN Router Port Management Tab - Create VLAN Use this screen to create a Virtual Local Area Network (VLAN), a group of ports that can be located anywhere in the network, but they communicate as though they belong to the same physical segment. VLANs can be easily organized to reflect departmental groups (such as sales or engineering), usage groups (such as e-mail), or multicast groups (such as users of multimedia applications, including videoconferencing).
Page 55: Port Management Tab - Port Setting
4-Port SSL/IPSec VPN Router Port Management Tab - Port Setting On this screen, select the mode and configure the Port VLAN Identifier (PVID) for each LAN port of the Router. Port Setting Port ID. The Router’s LAN ports are numbered 1 to 4. Mode.
Page 56: Port Management Tab - Vlan Membership
4-Port SSL/IPSec VPN Router Port Management Tab - VLAN Membership Use this screen to define the members of a VLAN. VLAN Membership VLAN ID. Select the VLAN ID number that you configured on the Create VLAN screen. Description. Enter the VLAN group name in this field. You can use up to 50 characters. For the default VLAN 1, all ports will be set to Access mode and all frames will be UnTagged.
Page 57: Qos Tab - Bandwidth Management
4-Port SSL/IPSec VPN Router QoS Tab - Bandwidth Management Quality of Service (QoS) features let you control how the Router manages network traffic. With Bandwidth Management (Layer 3), the Router can provide better service to selected types of network traffic. There are two types of functionality available, and only one type can work at one time.
Page 58: Figure 5-43: Bandwidth Management - Summary
4-Port SSL/IPSec VPN Router 3. On the Bandwidth Management screen, enter the IP address or range you need to control. To include all internal IP addresses, keep the default, 0. 4. From the Direction drop-down menu, select Upstream for outbound traffic, or select Downstream for inbound traffic.
Page 59 4-Port SSL/IPSec VPN Router 3. From the Direction drop-down menu, select Upstream for outbound traffic, or select Downstream for inbound traffic. 4. From the Priority drop-down menu, select High, Middle, or Low. High priority services will share 60% of the total system bandwidth, while Low priority services will share 10% of the total bandwidth.
Page 60: Qos Tab - Qos Setup
4-Port SSL/IPSec VPN Router QoS Tab - QoS Setup The QoS Setup screen lets you enable QoS and configure Trust Mode and Class of Service (CoS) settings. QoS Setup QoS Mode QoS Mode. Select the appropriate mode, Disable or Basic. The default is Disable, which indicates no priority. If the Basic mode is selected, the Router will apply the settings configured on the QoS Setup, Queue Settings, and DSCP Settings screens.
Page 61 4-Port SSL/IPSec VPN Router CoS Settings Priority. This is the CoS value, 0 to 7 (7 is the highest priority). Queue. Select the traffic forwarding queue number to which the CoS priority is mapped. You can designate up to four traffic priority queues configured on the Queue Settings screen. Restore Defaults.
Page 62: Qos Tab - Queue Settings
4-Port SSL/IPSec VPN Router QoS Tab - Queue Settings You can set the Router to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or you can set the Router to use Weighted Round Robin (WWR) queuing, which specifies a relative weight of each queue.
Page 63: Qos Tab - Dscp Settings
4-Port SSL/IPSec VPN Router QoS Tab - DSCP Settings Traffic priorities can be specified in the IP header of a frame. With Differentiated Services Code Point (DSCP)-based QoS in Layer 3, the Router can use the priority bits in the Type of Service (ToS) octet to prioritize traffic.
Page 64: Firewall Tab - General
4-Port SSL/IPSec VPN Router Firewall Tab - General On the General screen, you can enable or disable a variety of firewall, security, and web features. General Firewall. The firewall is enabled by default. If you disable it, then the SPI, DoS, and Block WAN Request features, Access Rules, and Content Filters will also be disabled, and the Remote Management feature will be enabled.
Page 65: Firewall Tab - Access Rules
4-Port SSL/IPSec VPN Router Firewall Tab - Access Rules Access Rules evaluate network traffic to decide whether or not it is allowed to pass through the Router’s firewall. Access Rules look specifically at a data transmission’s source IP address, destination IP address, and IP protocol type, and you can apply each Access Rule according to a different schedule.
Page 66: Figure 5-50: Add A New Access Rule
4-Port SSL/IPSec VPN Router Add a New Rule Services 1. For the Action setting, select Allow or Deny, depending on the purpose of the Access Rule. 2. Select the service you want. If the Service you need is not listed in the menu, click the Service Management button to add the new service.
Page 67: Firewall Tab - Content Filter
4-Port SSL/IPSec VPN Router Firewall Tab - Content Filter Use this screen to block specific domains during the designated days and times. Content Filter Forbidden Domains When the Block Forbidden Domains checkbox is selected, the Router will forbid access to websites on the Forbidden Domains list.
Page 68: Ipsec Vpn Tab - Summary
4-Port SSL/IPSec VPN Router IPSec VPN Tab - Summary This screen displays general information about the Router’s IPSec VPN tunnel settings. The Router supports a single Gateway-to-Gateway tunnel. Summary This indicates whether there is a VPN tunnel being used or available. Tunnel Status Add New Tunnel.
Page 69: Vpn Tab - Gateway To Gateway
4-Port SSL/IPSec VPN Router VPN Tab - Gateway to Gateway Use this screen to create a new tunnel between two VPN devices. Add a New Tunnel Tunnel No. The tunnel number is 1. Tunnel Name. Enter a name for this VPN tunnel, such as Los Angeles Office, Chicago Branch, or New York Division.
Page 70 4-Port SSL/IPSec VPN Router Remote Group Setup Before you configure the Remote Group Setup, make sure your VPN tunnel will have two different IP subnets. For example, if the local 4-Port SSL/IPSec VPN Router has an IP scheme of 192.168.1.x (x being a number from 1 to 254), then the remote VPN router should have a different IP scheme, such as 192.168.2.y (y being a number from 1 to 254).
Page 71: Figure 5-56: Ipsec Setup - Ike With Preshared Key
4-Port SSL/IPSec VPN Router IPSec Setup In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption, decryption, and authentication. This is done by sharing a key to the encryption code. For key management, the default mode is IKE with Preshared Key.
Page 72 4-Port SSL/IPSec VPN Router Phase 2 Encryption. Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions. Select a method of encryption, DES or 3DES. The encryption method determines the length of the key used to encrypt or decrypt ESP packets.
Page 73: Ipsec Vpn Tab - Vpn Pass Through
4-Port SSL/IPSec VPN Router IPSec VPN Tab - VPN Pass Through The VPN Pass Through screen allows you to enable or disable passthrough for a variety of VPN methods. VPN Pass Through IPSec Pass Through. Internet Protocol Security (IPSec) is a suite of protocols used to implement secure exchange of packets at the IP layer.
Page 74: Ssl Vpn Tab - Summary
4-Port SSL/IPSec VPN Router SSL VPN Tab - Summary This screen displays general information about the SSL VPN tunnels. Summary This shows the number of VPN Tunnel(s) Used and Tunnel(s) Available. The Router supports up to five tunnels. Active Users This screen displays the Active Users using Virtual Passage and administrative users logged into the SSL VPN Portal.
Page 75: Ssl Vpn Tab - User Management
4-Port SSL/IPSec VPN Router SSL VPN Tab - User Management On this screen you will be able to define users for your SSL VPN tunnels. User Management Edit Group Authentication Type. Select the type you want to use: Local User Database, RADIUS, NT Domain, Active Directory, or LDAP.
Page 76: Figure 5-63: Authentication Type - Ldap
4-Port SSL/IPSec VPN Router LDAP Server Address. Enter the IP address or domain name of the server. LDAP BaseDN*. Enter the search base for LDAP queries. This is an example of a search base string: Figure 5-63: Authentication Type - CN=Users,DC=yourdomain,DC=com.
Page 77: Ssl Vpn Tab - Virtual Passage
4-Port SSL/IPSec VPN Router SSL VPN Tab - Virtual Passage On this screen you will be able to define the IP address range for incoming Virtual Passage clients and establish an SSL VPN tunnel by Virtual Passage. Virtual Passage is a software application that enables remote users to securely connect to a remote network, as if they were on the local network.
Page 78: Log Tab - System Log
4-Port SSL/IPSec VPN Router Log Tab - System Log On this screen you will be able to configure the Router’s log settings, so you can specify how you want its activity logs handled. System Log Syslog Syslog is a standard protocol used to capture information about network activity. The Router supports this protocol and can send its activity logs to an external server.
Page 79: Log Tab - System Statistics
4-Port SSL/IPSec VPN Router E-mail Log Now. Click the E-mail Log Now button to immediately send the log to the address in the Send E-mail to field. View System Log. Click this button to display a log of all activities and to access a drop-down menu of the various logs available.
Page 80: Wizard Tab
4-Port SSL/IPSec VPN Router Wizard Tab Use this tab to access two Setup Wizards, the Basic Setup Wizard and the Access Rule Setup Wizard. Run the Basic Setup Wizard to set up the Router for your Internet connection(s). Run the Access Rule Setup Wizard to set up the security policy for the Router.
Page 81: Figure 5-73: Wan Connection Type
4-Port SSL/IPSec VPN Router 3. Select the WAN (or Internet) Connection Type for the WAN port. Select the appropriate connection type: Obtain an IP automatically, Static IP, or PPPoE. Click the Next button to continue. Click the Previous button if you want to return to the previous screen. Click the Exit button if you want to exit the Setup Wizard. Figure 5-73: WAN Connection Type 4.
Page 82: Figure 5-75: Static Ip
4-Port SSL/IPSec VPN Router Static IP Complete the Static IP, Subnet Mask, and Default Gateway fields with the settings provided by your ISP. Then click the Next button to continue. Click the Previous button if you want to return to the previous screen. Click the Exit button if you want to exit the Setup Wizard.
Page 83: Figure 5-77: Pppoe
4-Port SSL/IPSec VPN Router PPPoE Complete the User Name and Password fields with the information provided by your ISP. Then click the Next button to continue. Figure 5-77: PPPoE You have a choice of two options, Connect on demand or Keep alive. If you select the Connect on demand option, the connection will be disconnected after a specified period of inactivity (Max Idle Time).
Page 84: Figure 5-79: Save Settings
4-Port SSL/IPSec VPN Router 5. If you want to save your changes, click the Save Settings button. Click the Previous button if you want to return to the previous screen. Click the Exit button if you want to exit the Setup Wizard. Figure 5-79: Save Settings Chapter 5: Setting Up and Configuring the Router Wizard Tab...
Page 85: Figure 5-80: Access Rules Policy
4-Port SSL/IPSec VPN Router Access Rule Setup 1. Click the Launch Now button to run the Access Rule Setup Wizard. 2. This screen explains the Access Rules, including the Router’s Default Rules. Click the Next button to continue. Click the Exit button if you want to exit the Access Rule Setup Wizard. Figure 5-80: Access Rules Policy 3.
Page 86: Figure 5-82: Select The Service
4-Port SSL/IPSec VPN Router 4. Select the service you want from the Service pull-down menu. Click the Next button to continue. Click the Previous button if you want to return to the previous screen. Click the Exit button if you want to exit the Access Rule Setup Wizard.
Page 87: Figure 5-84: Select The Source
4-Port SSL/IPSec VPN Router 6. Select the appropriate Source Interface (LAN, WAN, or Any) from the Interface pull-down menu. Select the Source IP address(es) for this Access Rule. If it can be any IP address, select Any. If it is one IP address, select Single and enter the IP address in the Source IP fields.
Page 88: Figure 5-86: When It Works
4-Port SSL/IPSec VPN Router 8. Decide when you want this Access Rule to be enforced. Select Always if you want the Access Rule to be always enforced. Then click the Next button to continue. Click the Previous button if you want to return to the previous screen.
Page 89: Support Tab
4-Port SSL/IPSec VPN Router Support Tab From this tab, you will be able to access the Support page of the Linksys website, which offers a variety of resources. You must have an active Internet connection before you can visit the Linksys website.
Page 90: Appendix A: Troubleshooting
Appendix A: Troubleshooting This appendix provides solutions to problems that may occur during the installation and operation of the Router. Read the descriptions below to help solve your problems. If you can't find an answer here, check the Linksys website at www.linksys.com.
Page 91 4-Port SSL/IPSec VPN Router For Windows 2000: A. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections. B. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and select the Properties option. C.
Page 92 4-Port SSL/IPSec VPN Router 2. I want to test my Internet connection. A. Check your TCP/IP settings. For Windows 98 and Millennium: Refer to Windows Help for details. Make sure Obtain IP address automatically is selected in the settings. For Windows 2000: 1.
Page 93 E. In the command prompt, type ping www.linksys.com and press the Enter key. • If you get a reply, the computer is connected to the Internet. If you cannot open a webpage, try the ping command from a different computer to verify that your original computer is not the cause of the problem.
Page 94 Refer to “Problem #7, I need to set up online game hosting or use other Internet applications” for details. Check the Linksys website at www.linksys.com for more information. 6. I need to set up a server behind my Router.
Page 95 4-Port SSL/IPSec VPN Router documentation provided with the server you installed. Follow these steps to set up port forwarding through the Router’s Web-based Utility. We will be setting up web, ftp, and mail servers. A. Access the Router’s Web-based Utility by going to http://192.168.1.1 or the IP address of the Router. Go to the Setup =>...
Page 96 4-Port SSL/IPSec VPN Router example, if you have a web server, you would enter the range 80 to 80. Click the Add to List button. Then click the Save Setting button. Click the Exit button. C. Enter the IP Address of the server that you want the Internet users to access. For example, if the web server’s Ethernet adapter IP address is 192.168.1.100, you would enter 100 in the field provided.
Page 97 4-Port SSL/IPSec VPN Router 9. I forgot my password, or the password prompt always appears when saving settings to the Router. Reset the Router to factory defaults by pressing the Reset button for ten seconds and then releasing it. If you are still getting prompted for a password when saving settings, then perform the following steps: A.
Page 98 4-Port SSL/IPSec VPN Router 12. I need to upgrade the firmware. In order to upgrade the firmware with the latest features, you need to go to the Linksys website and download the latest firmware at www.linksys.com. Follow these steps: A. Go to the Linksys website at http://www.linksys.com and download the latest firmware, or use the Web-based Utility to be automatically redirected to the download webpage.
Page 99 4-Port SSL/IPSec VPN Router 15. I can't access my email, web, or VPN, or I am getting corrupted data from the Internet. The Maximum Transmission Unit (MTU) setting may need to be adjusted. By default, the MTU is set at 1500. For most DSL users, it is strongly recommended to use MTU 1492.
Page 100: Frequently Asked Questions
4-Port SSL/IPSec VPN Router • If the PCs are configured correctly, but still not working, check the Router. Ensure that it is connected and powered on. Connect to it and check its settings. (If you cannot connect to it, check the LAN and power connections.) •...
Page 101 ISP. Does the Router support any operating system other than Windows 98, Millennium, 2000, or XP? Yes, but Linksys does not, at this time, provide technical support for setup, configuration or troubleshooting of any non-Windows operating systems.
Page 102 Reset the Router by holding down the Reset button for ten seconds. Reset your cable or DSL modem by powering the unit off and then on. Obtain and flash the latest firmware release that is readily available on the Linksys website, www.linksys.com.
Page 103 How do I get mIRC to work with the Router? Under the Setup => Forwarding tab, set port forwarding to 113 for the PC on which you are using mIRC. If your questions are not addressed here, refer to the Linksys website, www.linksys.com. Appendix A: Troubleshooting...
Page 104: Appendix B: Physical Setup Of The Router
4-Port SSL/IPSec VPN Router Appendix B: Physical Setup of the Router This section describes the physical setup of the Router. Placement Options There are three ways to place the Router. The first way is to place it horizontally on a surface, so it sits on its four rubber feet.
Page 105: Figure B-2: Suggested Mounting Hardware
4-Port SSL/IPSec VPN Router Wall-Mount Option The Router is shown with two slots on the bottom. The horizontal distance between the two holes is 64.4 mm (2.535 inches). The Router has two wall-mount slots on its bottom panel. 1. Determine where you want to mount the Router. 2.
Page 106: Appendix C: Using The Virtual Passage Ssl Vpn Client
4-Port SSL/IPSec VPN Router Appendix C: Using the Virtual Passage SSL VPN Client Overview The Router’s SSL VPN Portal includes an ActiveX-based VPN client that provides full network connectivity for Windows users. This client, called the Virtual Passage Client, lets you remotely access the Router’s network through a secure connection.
Page 107: Figure C-3: Internet Explorer - Internet Options - Privacy
4-Port SSL/IPSec VPN Router 10. Click the Privacy tab. 11. Click the Advanced button. 12. Remove the checkmark from the Override automatic cookie handling checkbox. 13. Click the OK button. 14. Click the OK button again. Netscape Communicator 8.0 or Higher Figure C-3: Internet Explorer - 1.
Page 108: Making The Ssl Vpn Portal A Trusted Site
Dual-Band Wireless Access Point 12. Under Options, click Advanced. 13. Click Security. 14. Click the Use SSL 2.0 and Use SSL 3.0 checkboxes. 15. Click the OK button. Making the SSL VPN Portal a Trusted Site Most web browsers support multiple security zones with different permission levels. Trusted sites have a lower security setting that will allow the Java and ActiveX content to work properly.
Page 109: Logging Into The Ssl Vpn Portal
Dual-Band Wireless Access Point Logging into the SSL VPN Portal Follow these instructions to log in: 1. Enter the IP address of the Router, https://<WAN IP address of the Router>, in your web browser. 2. A screen will appear asking you for your User Name and Password. Enter your user name in the User Name field, and enter your password in the Password field.
Page 110: Installing The Virtual Passage Client
Dual-Band Wireless Access Point Installing the Virtual Passage Client The first time you create an SSL VPN tunnel, you have to install the Virtual Passage Client on your PC. Follow these instructions: 1. Click the Unlock icon. Figure C-7: Click the Unlock Icon 2.
Page 111: Figure C-10: Click Install
Dual-Band Wireless Access Point 4. A second Security Warning screen will appear and ask you if you want to install XTunnel, the Virtual Passage application. Click the Install button. Figure C-10: Click Install 5. The Hardware Installation screen will appear and ask you if you want to continue with the installation. Click the Continue Anyway button.
Page 112: Logging Out Of The Ssl Vpn Portal
4-Port SSL/IPSec VPN Router 7. After the software has been installed, you will be notified that an SSL VPN tunnel has been established. An icon will be created in the system tray of your PC. 8. When you right-click the icon, you have three options: Virtual Passage Status.
Page 113: Appendix D: Configuring Bandwidth Management
5. The Service Management screen will appear. Enter a name, such as Vonage VoIP, in the Service Name field. Figure D-1: Linksys VPN License Agreement 6. From the Protocol drop-down menu, select the protocol the VoIP service uses. For example, some VoIP devices use UDP.
Page 114: Creating New Bandwidth Management Rules
4-Port SSL/IPSec VPN Router 9. You will add a second service. Enter a name, such as Vonage 2, in the Service Name field. 10. From the Protocol drop-down menu, select UDP. 11. Enter the RTP port range in the Port Range fields. These are required for both incoming and outgoing traffic. For example, you can set the Port Range to 10000 to 25000 to make sure that all active ports are covered.
Page 115: Figure D-5: Vonage 2 Rule
4-Port SSL/IPSec VPN Router 12. In the Max. Rate field, enter the maximum rate for the maximum bandwidth. For example, you can set a maximum rate of 80 kbit/sec. 13. Click the Enable checkbox to enable this rule. 14. After you have set up the rule, click the Add to list button. 15.
Page 116: Appendix E: Configuring An Active Directory Server
4-Port SSL/IPSec VPN Router Appendix E: Configuring an Active Directory Server NOTE: Windows Server 2000 and 2003 support the Active Directory server feature. Follow these instructions to configure an Active Directory server. 1. Click the Start button of your Windows PC. 2.
Page 117: Figure E-3: Server Role
4-Port SSL/IPSec VPN Router 8. On the Server Role screen, select Domain Controller (Active Directory), and then click the Next button. Figure E-3: Server Role 9. On the Summary of Selections screen, click the Next button. Figure E-4: Summary of Selections Appendix E: Configuring an Active Directory Server...
Page 118: Figure E-5: Welcome To The Active Directory Installation Wizard
4-Port SSL/IPSec VPN Router 10. On the Welcome to the Active Directory Installation Wizard screen, click the Next button. Figure E-5: Welcome to the Active Directory Installation Wizard 11. On the Operating System Compatibility screen, click the Next button. Figure E-6: Operating System Compatibility Appendix E: Configuring an Active Directory Server...
Page 119: Figure E-7: Domain Controller Type
4-Port SSL/IPSec VPN Router 12. On the Domain Controller Type screen, select Domain controller for a new domain, and then click the Next button. Figure E-7: Domain Controller Type 13. On the Create New Domain screen, select Domain in a new forest, and then click the Next button. Figure E-8: Create New Domain Appendix E: Configuring an Active Directory Server...
Page 120: Figure E-9: New Domain Name
4-Port SSL/IPSec VPN Router 14. On the New Domain Name screen, enter a domain name, and then click the Next button. Figure E-9: New Domain Name 15. On the NetBIOS Domain Name screen, enter a domain NetBIOS name, and then click the Next button. Figure E-10: NetBIOS Domain Name Appendix E: Configuring an Active Directory Server...
Page 121: Figure E-11: Database And Log Folders
4-Port SSL/IPSec VPN Router 16. On the Database and Log Folders screen, select the folders that will store the Active Directory database and log. Then click the Next button. Figure E-11: Database and Log Folders 17. On the Shared System Volume screen, enter a location for the SYSVOL folder, and then click the Next button. Figure E-12: Shared System Volume Appendix E: Configuring an Active Directory Server...
Page 122: Figure E-13: Dns Registration Diagnostics
4-Port SSL/IPSec VPN Router 18. On the DNS Registration Diagnostics screen, select I will correct the problem later by configuring DNS manually (Advanced), and then click the Next button. Figure E-13: DNS Registration Diagnostics 19. On the Permissions screen, select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems.
Page 123: Figure E-15: Directory Services Restore Mode Administrator Password
4-Port SSL/IPSec VPN Router 20. On the Directory Services Restore Mode Administrator Password screen, enter your Administrator password for the Active Directory server. Then enter it again in the Confirm password field. Click the Next button. Figure E-15: Directory Services Restore Mode Administrator Password 21.
Page 124: Troubleshooting
4-Port SSL/IPSec VPN Router 22. The wizard will configure Active Directory automatically, and it will notify you when the configuration is complete. Troubleshooting If your users are unable to connect via Active Directory, check the following: • The time settings between the Active Directory server and the Router must be synchronized. Kerberos authentication, used by Active Directory to authenticate clients, permits a maximum of a 15-minute time difference between the Windows server and the client (the Router).
Page 125: Appendix F: Adding A User For The Active Directory Server
4-Port SSL/IPSec VPN Router Appendix F: Adding a User for the Active Directory Server NOTE: Windows Server 2000 and 2003 support the Active Directory server feature. Follow these instructions to create a user for Active Directory. 1. Click the Start button of your Windows PC. 2.
Page 126: Figure F-3: User Password
4-Port SSL/IPSec VPN Router 8. Enter the user password, and enter it again in the Confirm password field. Click the Next button. Figure F-3: User Password 9. Click the Finish button to create the new user. Figure F-4: Summary Appendix F: Adding a User for the Active Directory Server...
Page 127: Appendix G: Installing An Internet Authentication Service (Ias) Server
4-Port SSL/IPSec VPN Router Appendix G: Installing an Internet Authentication Service (IAS) Server NOTE: Windows Server 2000 and 2003 support the IAS server feature. Follow these instructions to install an IAS server. 1. Click the Start button of your Windows PC. 2.
Page 128: Figure G-3: Internet Authentication Service
4-Port SSL/IPSec VPN Router 5. Click the Start button. 6. Click Settings. 7. Click Control Panel. 8. Double-click Administrative Tools. 9. Click Internet Authentication Service. 10. Right-click Remote Access Policies, and click New Remote Access Policy. Figure G-3: Internet Authentication Service 11.
Page 129: Figure G-5: Policy Configuration Method
4-Port SSL/IPSec VPN Router 12. Select Set up a custom policy, and enter a policy name. Then click the Next button. Figure G-5: Policy Configuration Method 13. To add a policy, click the Add button. Figure G-6: Policy Conditions Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 130: Figure G-7: Select Attribute
4-Port SSL/IPSec VPN Router 14. Select Client-IP-Address, and then click the Add button. Figure G-7: Select Attribute 15. Enter a network number, and then click the OK button. Enter the Router’s LAN network number. Figure G-8: Client-IP-Address Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 131: Figure G-9: Policy Conditions
4-Port SSL/IPSec VPN Router 16. On the Policy Conditions screen, make sure a policy has been added, and then click the Next button. Figure G-9: Policy Conditions 17. On the Permissions screen, select Grant remote access permission, and then click the Next button. Figure G-10: Permissions Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 132: Figure G-11: Profile
4-Port SSL/IPSec VPN Router 18. On the Profile screen, click the Edit Profile button. Figure G-11: Profile 19. On the Authentication tab, deselect (remove the checkmark from) Microsoft Encryption Authentication version 2 and Microsoft Encrypted Authentication. Select Unencrypted authentication. Click the Apply button. Figure G-12: Authentication Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 133: Figure G-13: Encryption
4-Port SSL/IPSec VPN Router 20. On the Encryption tab, select Basic encryption, Strong encryption, Strongest encryption, and No encryption. Click the Apply button. Figure G-13: Encryption 21. On the Completing the New Remote Access Policy Wizard screen, click the Finish button. 22.
Page 134: Figure G-15: Internet Authentication Service
4-Port SSL/IPSec VPN Router 23. Click the Start button. 24. Click Settings. 25. Click Control Panel. 26. Double-click Administrative Tools. 27. Click Internet Authentication Service. Figure G-15: Internet Authentication Service 28. Right-click Remote Access Policies, and click New Connection Request Policy. Figure G-16: Connection Request Policies Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 135: Figure G-17: Welcome To The New Connection Request Policy Wizard
4-Port SSL/IPSec VPN Router 29. On the Welcome to the New Connection Request Policy Wizard screen, click the Next button. Figure G-17: Welcome to the New Connection Request Policy Wizard 30. Select A custom policy, and enter a policy name. Then click the Next button. Figure G-18: Policy Configuration Method Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 136: Figure G-19: Policy Conditions
4-Port SSL/IPSec VPN Router 31. To add a policy, click the Add button. Figure G-19: Policy Conditions 32. Select Client-IP-Address, and then click the Add button. Figure G-20: Select Attribute Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 137: Figure G-21: Client-Ip-Address
4-Port SSL/IPSec VPN Router 33. Enter a network number, and then click the OK button. Enter the Router’s LAN network number. Figure G-21: Client-IP-Address 34. On the Policy Conditions screen, make sure a policy has been added, and then click the Next button. Figure G-22: Policy Conditions Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 138: Figure G-23: Request Processing Method
4-Port SSL/IPSec VPN Router 35. On the Request Processing Method screen, click the Edit Profile button. Figure G-23: Request Processing Method 36. On the Authentication tab, select Authenticate request on this server, and then click the OK button. Figure G-24: Authentication Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 139: Figure G-25: Completing The New Connection Request Processing Policy Wizard
4-Port SSL/IPSec VPN Router 37. On the Completing the New Connection Request Processing Policy Wizard screen, click the Finish button. Figure G-25: Completing the New Connection Request Processing Policy Wizard Appendix G: Installing an Internet Authentication Service (IAS) Server...
Page 140: Appendix H: Configuring The Router's Settings For A Lightweight Directory Access Protocol (Ldap) Server
4-Port SSL/IPSec VPN Router Appendix H: Configuring the Router’s Settings for a Lightweight Directory Access Protocol (LDAP) Server 1. Access the Router’s Web-based Utility. 2. Click the SSL VPN tab. 3. Click the User Management tab. 4. From the Authentication Type drop-down menu, select LDAP. Figure H-1: SSL VPN - User Management 5.
Page 141: Appendix I: Deploying The 4-Port Ssl/Ipsec Vpn Router In An Existing Network
If you have a current VPN router in your network, you can add the 4-Port SSL/IPSec VPN Router (model number: RVL200), so that the SSL clients can access the existing network resources. The two configuration examples are for LAN<=>WAN and LAN<=>LAN, between a 4-Port SSL/IPSec VPN Router and an existing VPN Router, such as the 10/100 16-, 8-, or 4-Port VPN Router (model numbers: RV016, RV082, or RV042).
Page 142 14. Access the Web-based Utility of the RV082. 15. Click the Setup tab. 16. Click the DMZ Host tab. Configure the RVL200 as the DMZ Host for the RV082. Enter 192.168.1.2, the IP address of the RVL200. 17. Click the Forwarding tab.
Page 143: Wan-To-Lan Connection
Figure I-2: RVL200 WAN to RV082 LAN 1. Physically connect the Internet port on the RVL200 to a LAN port on the RV082. 2. Configure the Virtual Passage IP so it is in the network range of the RV082 LAN side.
Page 144: Appendix J: Configuring A Gateway-To-Gateway Ipsec Tunnel
• Two Windows desktop PCs (each PC will be connected to a VPN Router) • Two VPN Routers (4-Port SSL/IPSec VPN Router, model number: RVL200, and 10/100 8-Port VPN Router, model number: RV082) that are both connected to the Internet Configuring the VPN Settings when the Remote Gateway Uses a Static IP This example assumes the Remote Gateway is using a static IP address.
Page 145: Figure J-2: Rvl200 Ipsec Vpn Settings
Follow these instructions for the first VPN Router, designated RVL200. The other VPN Router is designated the RV082. 1. Launch the web browser for a networked PC, designated PC 1. 2. Access the Web-based Utility of the RVL200. (Refer to “Chapter 5: Setting Up and Configuring the Router” for details.) 3. Click the IPSec VPN tab.
Page 146: Configuring Pc 1 And Pc 2
Figure J-4: RV082 VPN Settings and Subnet Mask fields. 8. For the Remote Security Gateway Type, select IP Address. Enter the RVL200’s WAN IP address in the IP Address field. 9. For the Remote Security Group Type, select Subnet. Enter the RVL200’s local network settings in the IP Address and Subnet Mask fields.
Page 147: Configuring The Vpn Settings When The Remote Gateway Uses A Dynamic Ip
Follow these instructions for the first VPN Router, designated RVL200. The other VPN Router is designated the RV082. 1. Launch the web browser for a networked PC, designated PC 1. 2. Access the Web-based Utility of the RVL200. (Refer to “Chapter 5: Setting Up and Configuring the Router” for details.) 3. Click the IPSec VPN tab.
Page 148: Figure J-7: Rvl200 Ipsec Vpn Settings
6. For the VPN Tunnel setting, select Enable. 7. The WAN IP address (A.A.A.A) of the RVL200 will be automatically detected. For the Local Security Group Type, select Subnet. Enter the RVL200’s local network settings in the IP Address and Subnet Mask fields.
Page 149: Configuring Pc 1 And Pc 2
Figure J-9: RV082 VPN Settings and Subnet Mask fields. 8. For the Remote Security Gateway Type, select IP Address. Enter the RVL200’s WAN IP address in the IP Address field. 9. For the Remote Security Group Type, select Subnet. Enter the RVL200’s local network settings in the IP Address and Subnet Mask fields.
Page 150: Appendix K: Configuring Nat Traversal
192.168.2.100 Configuring Scenario 1 Router A - RVL200 Initiator LAN: 192.168.1.0/24 In this scenario, Router A is the RVL200 Initiator, while Router B is the RVL200 Responder. Both the IPSec initiator and responder must Configuring Router A support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947.
Page 151: Figure K-2: Router A's Ipsec Vpn Settings
4-Port SSL/IPSec VPN Router 4. Click the Gateway to Gateway tab. 5. Enter a name in the Tunnel Name field. 6. For the VPN Tunnel setting, select Enable. 7. The WAN IP address of Router A will be automatically detected. For the Local Security Group Type, select Subnet.
Page 152 4-Port SSL/IPSec VPN Router 7. The WAN IP address of the Router B will be automatically detected. For the Local Security Group Type, select Subnet. Enter Router B’s local network settings in the IP Address and Subnet Mask fields. 8. For the Remote Security Gateway Type, select IP Address. Enter Router A’s WAN IP address in the IP Address field.
Page 153: Configuring Scenario 2
Configuring Scenario 2 In this scenario, Router B is the RVL200 Initiator, while Router A is the RVL200 Responder. Router B will have the Remote Security Gateway IP address set to a public IP address that is associated with the WAN IP address of Router A, which is behind the NAT.
Page 154: Figure K-5: Router B's Ipsec Vpn Settings
4-Port SSL/IPSec VPN Router 4. Click the Gateway to Gateway tab. 5. Enter a name in the Tunnel Name field. 6. For the VPN Tunnel setting, select Enable. 7. The WAN IP address of the Router B will be automatically detected. For the Local Security Group Type, select Subnet.
Page 155: Figure K-6: Router A's Ipsec Vpn Settings
4-Port SSL/IPSec VPN Router 7. The WAN IP address of Router A will be automatically detected. For the Local Security Group Type, select Subnet. Enter Router A’s local network settings in the IP Address and Subnet Mask fields. 8. For the Remote Security Gateway Type, select IP Address. Enter Router B’s WAN IP address in the IP Address field.
Page 156: Appendix L: Finding The Mac Address And Ip Address For Your Ethernet Adapter
4-Port SSL/IPSec VPN Router Appendix L: Finding the MAC Address and IP Address for Your Ethernet Adapter This section describes how to find the MAC address for your computer’s Ethernet adapter so you can use the MAC address cloning feature of the Router. You can also find the IP address of your computer’s Ethernet adapter. This IP address is used for the Router’s filtering, forwarding, and/or DMZ features.
Page 157: Figure L-3: Mac Address/Physical Address
4-Port SSL/IPSec VPN Router 3. Write down the Physical Address as shown on your computer screen (Figure L-3); it is the MAC address for your Ethernet adapter. This appears as a series of numbers and letters. The MAC address/Physical Address is what you will use for MAC address cloning or MAC filtering. NOTE: The MAC address is also called the Physical Address.
Page 158: Appendix M: Windows Help
4-Port SSL/IPSec VPN Router Appendix M: Windows Help Almost all Linksys networking products require Microsoft Windows. Windows is the most used operating system in the world and comes with many features that help make networking easier. These features can be accessed through Windows Help and are described in this appendix.
Page 159: Appendix N: Glossary
This glossary contains some basic networking terms you may come across when using this product. For more advanced terms, see the complete Linksys glossary at http://www.linksys.com/glossary. Access Point - A device that allows wireless-equipped computers and other devices to communicate with a wired network.
Page 160 4-Port SSL/IPSec VPN Router DMZ (Demilitarized Zone) - Removes the Router's firewall protection from one PC, allowing it to be “seen” from the Internet. DNS (Domain Name Server) - The IP address of your ISP's server, which translates the names of websites into IP addresses.
Page 161 Passphrase - Used much like a password, a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for Linksys products. Ping (Packet INternet Groper) - An Internet utility used to determine whether a particular IP address is online.
Page 162 4-Port SSL/IPSec VPN Router RJ-45 (Registered Jack-45) - An Ethernet connector that holds up to eight wires. Roaming - The ability to take a wireless device from one access point's range to another without losing the connection. Router - A networking device that connects multiple networks together. Server - Any computer whose function in a network is to provide user access to files, printing, communications, and other services.
Page 163 4-Port SSL/IPSec VPN Router TKIP (Temporal Key Integrity Protocol) - a wireless encryption protocol that provides dynamic encryption keys for each packet transmitted. Topology - The physical layout of a network. TX Rate - Transmission Rate. Upgrade - To replace existing software or firmware with a newer version. Upload - To transmit a file over a network.
Page 164: Appendix O: Specifications
4-Port SSL/IPSec VPN Router Appendix O: Specifications Model RVL200 Standards IEEE802.3, IEEE802.3u, IEEE802.1q, IEEE802.1p, RFC791 (IP Protocol) Ports Ethernet, Power Button Reset Cabling Type UTP CAT 5 LEDs Power, Diag, Internet, Ethernet 1-4 Operating System Linux Performance NAT Throughput Wirespeed - 100 Mb/s SSL Throughput 16.99 Mb/s...
Page 165: Security
4-Port SSL/IPSec VPN Router Security Encryption DES, 3DES Access Control Access Rules based on IP and TCP/UDP Ports Firewall SPI Stateful Packet Inspection Firewall Content Filtering URL Blocking, Keyword Blocking Denial of Service (DoS) Prevention (Ping of Death, SYN Flood, IP Spoofing Secure Management HTTPS, Username/Password...
Page 166: Vpn
4-Port SSL/IPSec VPN Router 5 SSL Tunnels for Remote Client Access (Requires ActiveX-enabled Brosers, e.g., IE and Netscape) 1 IPSec Gateway-to-Gateway Tunnel for Branch Office Connectivity DES/3DES Encryption MD5/SHA1 Authentication IPSec NAT-T VPN Passthrough of PPTP, L2TP, IPSec Routing Static and RIP v1, v2 Environmental Dimensions 6.69"...
Page 167: Appendix P: Warranty Information
Your exclusive remedy and Linksys' entire liability under this warranty will be for Linksys at its option to repair or replace the Product or refund Your purchase price less any rebates.
Page 168: Appendix Q: Regulatory Information
4-Port SSL/IPSec VPN Router Appendix Q: Regulatory Information FCC Statement This product has been tested and complies with the specifications for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 169 Equipment (WEEE) This document contains important information for users with regards to the proper disposal and recycling of Linksys products. Consumers are required to comply with this notice for all electronic products bearing the following symbol: Appendix Q: Regulatory Information...
Page 170 4-Port SSL/IPSec VPN Router Appendix Q: Regulatory Information...
Page 171 4-Port SSL/IPSec VPN Router Appendix Q: Regulatory Information...
Page 172 4-Port SSL/IPSec VPN Router Appendix Q: Regulatory Information...
Page 173 4-Port SSL/IPSec VPN Router For more information, visit www.linksys.com. Appendix Q: Regulatory Information...
Page 174: Appendix R: Contact Information
Can't find information about a product you want to buy on the web? Do you want to know more about networking with Linksys products? Give our advice line a call at: 800-546-5797 (LINKSYS) Or fax your request in to:...

Linksys RVL200 User Manual

Chapter 1: Introduction

Chapter 2: Networking Basics

Chapter 3: Getting to Know the Router

Chapter 4: Connecting the Router

Chapter 5: Setting up and Configuring the Router

Appendix A: Troubleshooting

Appendix B: Physical Setup of the Router

Appendix C: Using the Virtual Passage SSL VPN Client

Appendix D: Configuring Bandwidth Management

Appendix E: Configuring an Active Directory Server

Appendix F: Adding a User for the Active Directory Server

Appendix G: Installing an Internet Authentication Service (IAS) Server

Appendix H: Configuring the Router's Settings for a Lightweight Directory Access Protocol (LDAP) Server

Appendix I: Deploying the 4-Port Ssl/Ipsec VPN Router in an Existing Network

Appendix J: Configuring a Gateway-To-Gateway Ipsec Tunnel

Appendix K: Configuring NAT Traversal

Appendix L: Finding the MAC Address and IP Address for Your Ethernet Adapter

Appendix M: Windows Help

Appendix N: Glossary

Appendix O: Specifications

Appendix P: Warranty Information

Appendix Q: Regulatory Information

Appendix R: Contact Information

Quick Links

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Linksys RVL200

Summary of Contents for Linksys RVL200