Download  Print this page

Cisco Small Business RV220W Administration Manual

Wireless-n network security firewall
Hide thumbs

Advertisement

ADMINISTRATION
GUIDE
Cisco Small Business
RV220W Wireless-N Network Security Firewall

Advertisement

Table of Contents
loading

  Related Manuals for Cisco Small Business RV220W

  Summary of Contents for Cisco Small Business RV220W

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business RV220W Wireless-N Network Security Firewall...
  • Page 2 Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
  • Page 3: Table Of Contents

    Contents Chapter 1: Introduction Product Overview Getting to Know the Cisco RV220W Front Panel Back Panel Mounting the Cisco RV220W Placement Tips Wall Mounting Attaching the Antennas Connecting the Equipment Configuring the RV220W Logging In Using the Getting Started Page...
  • Page 4 Contents Configuring WAN Settings Creating PPPoE Profiles Configuring the LAN Changing the Host Name of Your RV220W Changing the Default Cisco RV220W IP Address Configuring DHCP Configuring the LAN DNS Proxy Configuring VLANs Enabling VLANs Creating a VLAN Configuring Port VLANs...
  • Page 5 Configuring Router Advertisement Chapter 3: Configuring the Wireless Network About Wireless Security Wireless Security Tips General Network Security Guidelines Understanding the Cisco RV220W’s Wireless Networks Configuring Wireless Profiles Configuring the Group Key Refresh Interval Configuring RADIUS Authentication Parameters Configuring Wi-Fi Multimedia...
  • Page 6 Configuring Approved Clients Configuring Approved URLs Configuring Overflow Control Configuring Web Reputation Configuring URL Filtering Viewing Cisco ProtectLink License Information Chapter 5: Configuring Virtual Private Networks and Security Configuring VPNs Creating Cisco QuickVPN Client Users Using the VPN Wizard Viewing the Default Values...
  • Page 7 Uploading CA Certificates Uploading Self Certificates Generating a Self Certificate Request Downloading the Router’s Current Certificate Using the Cisco RV220W With a RADIUS Server Configuring 802.1x Port-Based Authentication Chapter 6: Configuring Quality of Service Configuring Bandwidth Profiles Configuring Traffic Selectors or Flows Configuring Traffic Metering Configuring 802.1p...
  • Page 8 Backing Up and Restoring the System Importing a CSV File Upgrading Firmware Rebooting the Cisco RV220W Restoring the Factory Defaults Chapter 8: Viewing the RV220W Status Viewing the System Summary Viewing the Wireless Statistics Viewing the IPsec Connection Status Viewing the QuickVPN Connection Status...
  • Page 9 Viewing the Port Triggering Status Viewing Interface Statistics Viewing Port Statistics Viewing Active Users Viewing the SSL VPN Connection Information Status Appendix A: Using Cisco QuickVPN Overview Before You Begin Installing the Cisco QuickVPN Software Installing from the CD-ROM Downloading and Installing from the Internet...
  • Page 10: Chapter 1: Introduction

    Connecting to Your Wireless Network, page 25 Product Overview Thank you for choosing the Cisco Small Business RV220W Wireless-N Network Security Firewall. The Cisco RV220W is an advanced Internet-sharing network solution for your small business needs. It allows multiple computers in your office to share an Internet connection through both wired and wireless connections.
  • Page 11: Getting To Know The Cisco Rv220W

    Ethernet interface that is active on the RV220W. For example, if the light appears next to 100 in the LAN1 column, the RV220W’s LAN1 port is using a 100BASE-T connection. If the light appears next to 1000 in the LAN1 column, the RV220W’s LAN1 port is using a 1000BASE-T (Gigabit Ethernet) connection.
  • Page 12: Back Panel

    RESET Button—The RESET button has two functions: • If the RV220W has problems connecting to the Internet, press the RESET button for at least 3 seconds but no more than 10 seconds with a paper clip or a pencil tip. This is similar to pressing the reset button on your PC to reboot it.
  • Page 13: Mounting The Cisco Rv220W

    Introduction Mounting the Cisco RV220W Mounting the Cisco RV220W You can place your Cisco RV220W on a desktop or mount it on a wall. Placement Tips • Ambient Temperature—To prevent the RV220W from overheating, do not operate it in an area that exceeds an ambient temperature of 104°F (40°C).
  • Page 14 Determine where you want to mount the firewall. Verify that the surface is smooth, STEP 1 flat, dry, and sturdy. Take into account the dimensions of the RV220W and allow for 3 inches (76.2 mm) of clearance around it. For horizontal mounting, drill two pilot holes into the surface 5-7/8 inches (150 mm) STEP 2 apart.
  • Page 15 Introduction Mounting the Cisco RV220W With the back panel pointing up (if installing horizontally), line up the unit so that the STEP 5 wall-mount slots on the bottom of the unit line up with the two screws. If installing vertically, hold the left side of the unit pointing up and line up the unit so that the wall-mount slots on the bottom of the unit line up with the two screws.
  • Page 16: Attaching The Antennas

    To attach an external antenna: Hold the antenna perpendicular to the round screw hole on the back of the unit. STEP 1 Screw the antenna clockwise until it is firmly secured to the RV220W. STEP 2 Repeat these steps to secure the second antenna.
  • Page 17 Introduction Connecting the Equipment Connect one end of an Ethernet cable to the WAN port of the RV220W and the STEP 1 other end to the Ethernet port of your cable or DSL modem. Connect one end of a different Ethernet cable to one of the LAN (Ethernet) ports on STEP 2 the back of the unit.
  • Page 18: Configuring The Rv220W

    STEP 5 specific plug (supplied) for your country. On the RV220W, push the power button to the on position to turn on the RV220W. STEP 6 The POWER light on the front panel is green when the power adapter is connected properly and the unit is turned on.
  • Page 19: Logging In

    Your PC becomes a DHCP client of the RV220W and receives an IP address in the 192. 1 68. 1 .xxx range. The default gateway (LAN IP address) of the RV220W is 192. 1 68. 1 . 1 . NOTE Use this IP address to connect to the RV220W.
  • Page 20: Using The Getting Started Page

    To get support for your device, click the Support link at the bottom of the page. To visit the online support forums, click Forums. To prevent the Getting Started page from showing when the Device Manager is started, check the Don’t show this on start-up box. Cisco RV220W Administration Guide...
  • Page 21: Navigating Through The Pages

    Use the navigation tree in the left pane to open the configuration pages. Click a menu item on the left panel to expand it. Click the menu names displayed underneath to perform an action or view a sub-menu. Cisco RV220W Administration Guide...
  • Page 22: Saving Your Changes

    When you finish making changes on a configuration page, click Save to save the changes, or click Cancel to undo your changes. Cancel removes changes you have made to the page, but does not return you to the NOTE previous menu. Cisco RV220W Administration Guide...
  • Page 23: Viewing The Help Files

    Introduction Configuring the RV220W Viewing the Help Files To view more information about a configuration page, click the Help link near the top right corner of the page. Cisco RV220W Administration Guide...
  • Page 24: Configuration Next Steps

    Configuring the WAN, page • (Optional) If you already have a DHCP server on your network, and you do not want the Cisco RV220W to act as a DHCP server, see Configuring the LAN, page •...
  • Page 25: Connecting To Your Wireless Network

    Choose the type of encryption and enter the security key that you chose when STEP 3 setting up the RV220W. If you did not enable security (not recommended), leave these fields blank. Verify your wireless connection and save your settings.
  • Page 26: Chapter 2: Configuring Networking

    Configuring the WAN for an IPv4 Network These instructions are for configuring your RV220W in an IPv4 network. For instructions on configuring your RV220W for an IPv6 network, see the “Configuring the WAN for an IPv6 Network” section on page WAN configuration depends on the type of connection you have to the Internet: •...
  • Page 27: Configuring A Dhcp Connection

    IP address of the primary and secondary DNS servers. (Optional) Set the MTU Size. See “Configuring Maximum Transmit Unit” on STEP 4 page (Optional) Configure the RV220W MAC Address. See “Configuring the Cisco STEP 5 RV220W MAC Address” on page Click Save. STEP 6...
  • Page 28: Configuring A Static Ip Connection

    Enter the IP address of the primary and secondary DNS servers. STEP 3 (Optional) Set the MTU Size. See “Configuring Maximum Transmit Unit” on STEP 4 page (Optional) Configure the RV220W MAC Address. See “Configuring the Cisco STEP 5 RV220W MAC Address” on page Click Save. STEP 6...
  • Page 29 STEP 5 • Auto-negotiate—The server sends a configuration request specifying the security algorithm set on it. The RV220W then sends back authentication credentials with the security type sent earlier by the server. • PAP—The RV220W uses Password Authentication Protocol (PAP) when connecting with the ISP.
  • Page 30: Configuring A Point-To-Point Tunneling Protocol Connection

    Configuring Networking Configuring the WAN (Optional) Configure the RV220W MAC Address. See “Configuring the Cisco STEP 6 RV220W MAC Address” on page Click Save. STEP 7 Configuring a Point-to-Point Tunneling Protocol Connection Your provider may use Point-to-Point Tunneling Protocol (PPTP) connection (used in Europe) for your Internet service.
  • Page 31: Configuring A Layer 2 Tunneling Protocol Connection

    In the Server IP Address field, enter the IP address of the L2TP server. STEP 8 (Optional) Set the MTU Size. See “Configuring Maximum Transmit Unit” on STEP 9 page (Optional) Configure the RV220W MAC Address. See “Configuring the Cisco STEP 10 RV220W MAC Address” on page Click Save. STEP 11...
  • Page 32: Configuring Maximum Transmit Unit

    STEP 2 Configuring the Cisco RV220W MAC Address The RV220W has a unique 48-bit local Ethernet hardware address. In most cases, the RV220W’s default MAC address is used to identify your Cisco RV220W to your ISP. However, you can change this setting if required by your ISP.
  • Page 33: Configuring The Wan For An Ipv6 Network

    In the left panel, choose Networking > WAN and select IPv6 WAN Configuration. The next steps depend on the type of WAN connection you choose. DHCPv6 Choose if your RV220W receives its dynamic IP address from the ISP using DHCP. In the WAN Connection Type field, choose DHCPv6. STEP 1...
  • Page 34 Configuring Networking Configuring the WAN Static IPv6 Choose if your RV220W is assigned a static IP address from the ISP. Enter the IPv6 IP address assigned to your RV220W. STEP 1 Enter the IPv6 prefix length defined by the ISP. The IPv6 network (subnet) is...
  • Page 35: Creating Pppoe Profiles

    STEP 4 • Auto-negotiate—The server sends a configuration request specifying the security algorithm set on it. The RV220W then sends back authentication credentials with the security type sent earlier by the server. • PAP—The Cisco RV220W uses Password Authentication Protocol when connecting with the ISP.
  • Page 36: Configuring The Lan

    DHCP configuration when acknowledging a DHCP request from a DHCP client. You can also enable a DNS proxy. When enabled, the RV220W then acts as a proxy for all DNS requests and communicates with the ISP's DNS servers. When disabled, all DHCP clients receive the DNS IP addresses of the ISP.
  • Page 37: Changing The Default Cisco Rv220W Ip Address

    Choose Networking > LAN > LAN Configuration. STEP 1 In the IP address field, enter the new IP address for your Cisco RV220W. The STEP 2 default IP address is 192. 1 68. 1 . 1 . You might want to change the default IP address if that address is assigned to another piece of equipment in your network.
  • Page 38: Configuring Dhcp

    Configuring the LAN Configuring DHCP By default, the Cisco RV220W functions as a DHCP server to the hosts on the Wireless LAN (WLAN) or LAN network and assigns IP and DNS server addresses. With DHCP enabled, the RV220W's IP address serves as the gateway address to your LAN.
  • Page 39: Configuring The Lan Dns Proxy

    Choose Networking > LAN > LAN Configuration. STEP 1 Check Enable in the LAN Proxy section to enable the Cisco RV220W to act as a STEP 2 proxy for all DNS requests and communicate with the ISP's DNS servers. When...
  • Page 40: Creating A Vlan

    VLAN, which is used for untagged frames received on the interface, and VLAN ID 4092 is reserved and cannot be used. To enable inter-VLAN routing, or routing between this and other VLANS, check the STEP 5 Enable box. Click Save. STEP 6 Cisco RV220W Administration Guide...
  • Page 41: Configuring Port Vlans

    Configuring the LAN Configuring Port VLANs You can associate VLANS on the Cisco RV220W to the LAN ports on the device. By default, all 4 ports belong to VLAN1. You can edit these ports to associate them with other VLANS.
  • Page 42: Associating The Wireless Port To Vlans

    Configuring the LAN Associating the Wireless Port to VLANs You can associate wireless VLANS on the Cisco RV220W to the wireless port on the device. To associate the wireless port to a VLAN: Choose Networking > LAN > Port VLAN.
  • Page 43: Configuring Multiple Vlan Subnets

    Enter the Subnet Mask for the new IP address. c. Click Save. If you are connected to the Cisco RV220W by the LAN port that is a member of this VLAN, the system reboots and connects you to the RV220W using its new IP address.
  • Page 44: Configuring Ipv6 Lan Properties

    Under LAN TCP/IP Setup, in the IPv6 address field, enter the IP address of the STEP 2 Cisco RV220W. The default IPv6 address for the gateway is fec0::1. You can change this 128-bit IPv6 address based on your network requirements.
  • Page 45 In the DHCPv6 field, choose to disable or enable the DHCPv6 server. If you chose STEP 4 disable, proceed to Step 5. If you chose enable, the Cisco RV220W assigns an IP address within the specified range plus additional specified information to any LAN endpoint that requests DHCP-served addresses. Perform the following steps: a.
  • Page 46: Configuring Ipv6 Address Pools

    Configuring IPv6 Address Pools This feature allows you to define the IPv6 delegation prefix for a range of IP addresses to be served by the Cisco RV220W’s DHCPv6 server. Using a delegation prefix, you can automate the process of informing other networking equipment on the LAN of DHCP information specific for the assigned prefix.
  • Page 47: Viewing Dhcp Leased Clients

    DMZ host. The DMZ host should be given an IP address in the same subnet as the RV220W's LAN IP address but it cannot be identical to the IP address given to the LAN interface of this gateway.
  • Page 48: Configuring Internet Group Management Protocol

    To configure IGMP: Choose Networking > LAN > IGMP Configuration. STEP 1 Check the Enable box to allow IGMP communication between the RV220W and STEP 2 other nodes in the network. In the Upstream Interface field, click WAN or LAN.
  • Page 49: Configuring Allowed Networks

    The Allowed Networks Table lists all allowed networks configured for the STEP 2 RV220W. Click Add to add a new network, or Edit to edit an existing network. Enter the network address from which the multicast packets originate. STEP 3 Enter the mask length for the network address.
  • Page 50: Configuring Routing

    Internet connection. The computers on the LAN use a “private” IP address range while the WAN port on the RV220W is configured with a single “public” IP address. The Cisco RV220W translates the internal private addresses into a public address, hiding internal IP addresses from computers on the Internet.
  • Page 51: Viewing Routing Information

    Iface—Interface to which packets for this route will be sent. IPv6 Routing Information • Destination—Destination host/network IP address for which this route is added. • Next Hop—IP address of the gateway/router through which the destination host/network can be reached. Cisco RV220W Administration Guide...
  • Page 52: Configuring Static Routing

    It will be listed in the routing table, but will not be used by the RV220W. The route can be enabled later. This feature is useful if the network that the route connects to is not available when you add the route.
  • Page 53: Configuring Dynamic Routing

    Configuring Dynamic Routing Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is commonly used in internal networks. It allows the RV220W to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network.
  • Page 54 Not Valid Before—Enter the start date and time when the authentication key is valid for authentication. • Not Valid After—Enter the end date and time when the authentication key is valid for authentication. Click Save. STEP 5 Cisco RV220W Administration Guide...
  • Page 55: Configuring Port Management

    Configuring Port Management Configuring Port Management The Cisco RV220W has four LAN ports and a dedicated WAN port. You can enable or disable ports, configure if the port is half- or full-duplex, and set the port speed. To configure LAN ports: Choose Networking >...
  • Page 56: Configuring Dynamic Dns

    DDNS, set up an account with a DDNS provider such as DynDNS.com or TZO.com. The RV220W notifies DDNS servers of changes in the WAN IP address, so that any public services on your network can be accessed by using the domain name.
  • Page 57: Configuring Ipv6

    Configuring Networking Configuring IPv6 Configuring IPv6 The IPv6 configuration information for your RV220W is performed in several windows in the Device Manager of the Cisco RV220W. Make sure you do the following: • Configure IPv6 WAN properties—See Configuring the WAN for an IPv6 Network, page •...
  • Page 58 RV220W. The route can be enabled later. This feature is useful if the network that the route connects to is not available when you add the route. When the network becomes available, the route can be enabled.
  • Page 59: Configuring Ipv6-To-Ipv4 Tunneling

    Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is a method to transmit IPv6 packets between dual-stack nodes over an IPv4 network. The Cisco RV220W is one endpoint (a node) for the tunnel. You must also set a local endpoint, as well as the ISATAP Subnet Prefix that defines the logical ISATAP subnet to configure a tunnel.
  • Page 60: Configuring Router Advertisement

    Choose the local endpoint address, or the endpoint address for the tunnel that STEP 4 starts with the Cisco RV220W. The endpoint can be the LAN interface (if the LAN is configured as an IPv4 network), or a choose Other IP to specify a LAN IPv4 address.
  • Page 61 The IPv6 prefix specifies the IPv6 network address. The prefix length variable is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address. Cisco RV220W Administration Guide...
  • Page 62 Configuring Networking Configuring IPv6 Enter the prefix lifetime, or the length of time over which the requesting router is STEP 5 allowed to use the prefix. Click Save. STEP 6 Cisco RV220W Administration Guide...
  • Page 63: Chapter 3: Configuring The Wireless Network

    This chapter describes how to configure your wireless network and includes the following sections: • About Wireless Security, page 63 • Understanding the Cisco RV220W’s Wireless Networks, page 66 • Configuring Wireless Profiles, page 66 • Configuring Access Points, page 70 •...
  • Page 64: Wireless Security Tips

    Configuring Wireless Profiles, page • Enable MAC address filtering Cisco routers and gateways give you the ability to enable Media Access Control (MAC) address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device. With MAC address filtering enabled, wireless network access is provided solely for wireless devices with specific MAC addresses.
  • Page 65: General Network Security Guidelines

    Combine letters and numbers to avoid using standard words that can be found in the dictionary. General Network Security Guidelines Wireless network security is useless if the underlying network is not secure. Cisco recommends that you take the following precautions: •...
  • Page 66: Understanding The Cisco Rv220W's Wireless Networks

    Configuring Wireless Profiles A profile is a set of generic wireless settings that can be shared across multiple APs. You can create multiple profiles on the Cisco RV220W, but only one profile is assigned to each AP at a time.
  • Page 67 In the Security field, select the type of security. All devices on your network must STEP 6 use the same security mode and settings to work correctly. Cisco recommends using the highest level of security that is supported by the devices in your network.
  • Page 68 The clients also need to be configured with the same password. WPA Enterprise, WPA2 Enterprise, or WPA2 Enterprise Mixed You must first configure RADIUS settings. See Using the Cisco RV220W With a RADIUS Server, page 130. The word Enterprise indicates the use of an authentication server such as Radius NOTE for authenticating wireless clients.
  • Page 69: Configuring The Group Key Refresh Interval

    Specify the number of seconds that the master keys are stored in the AP. STEP 3 In the 802. 1 X re-authentication interval field, enter the timeout interval (in seconds) STEP 4 after which the AP should re-authenticate with the RADIUS server. Click Save. STEP 5 Cisco RV220W Administration Guide...
  • Page 70: Configuring Wi-Fi Multimedia

    Enabling the AP creates a wireless network, where computers and other devices can join and communicate with the devices connected to the AP or other devices on the Local Area Network (LAN). Cisco RV220W Administration Guide...
  • Page 71: Editing An Ap's Properties

    You can edit properties for an AP to make it only available at certain times of the day, restrict the number of endpoints that can use the AP, or separate the AP from the other wireless networks in the Cisco RV220W. To edit the properties of an access point: Choose Wireless >...
  • Page 72: Using Mac Filtering

    Enter the MAC Address of the client to allow or deny and click Save. STEP 6 The address is added to the table. Repeat this step for all the clients you want to allow or deny. Click Save again. STEP 7 Cisco RV220W Administration Guide...
  • Page 73: Viewing Ap Status

    Security—Security method employed by the client to connect to this Encryption—Encryption method employed by the client to connect to this AP. Authentication—Authentication mechanism employed by this connection. Time Connected—Time (in minutes) since the connection was established between the AP and client. Cisco RV220W Administration Guide...
  • Page 74: Configuring The Wireless Radio Properties

    Configuring the Wireless Radio Properties You can configure radio card properties, including the wireless standard (for example, 802. 1 1n or 802. 1 1g) on the Cisco RV220W. Configuring Basic Wireless Radio Settings Choose Wireless > Radio Settings > Radio Settings.
  • Page 75: Configuring Advanced Wireless Radio Settings

    The channel field specifies the frequency that the radio uses to transmit wireless STEP 6 frames. Select a channel from the list of channels or choose auto to let the Cisco RV220W determine the best channel to use based on the environment noise levels for the available channels.
  • Page 76 Protection option enables the CTS-to-Self protection mechanism, which is used to minimize collisions among stations in a mixed 802. 1 1b and 802. 1 1g environment. This function boosts the Cisco RV220W’s ability to catch all wireless transmissions but severely decreases performance.
  • Page 77: Configuring A Wireless Distribution System

    STEP 3 Click Save. STEP 4 You can manually add WDS peers that can connect to the Cisco RV220W: In the WDS Peers Table, click Add. STEP 1 Enter the MAC (hardware) address of the WDS peer and click Save.
  • Page 78: Chapter 4: Configuring The Firewall

    Using Cisco ProtectLink Web, page 99 Cisco RV220W Firewall Features You can secure your network by creating and applying rules that the Cisco RV220W uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to what devices the rules apply. To do so, you must define the following: •...
  • Page 79 WAN ports are configured; for the Cisco RV220W, you may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic, a DDNS (Dynamic DNS) name can be used.
  • Page 80: Configuring Basic Firewall Settings

    Protecting from Attacks Attacks are malicious security breaches or unintentional network issues that render the Cisco RV220W unusable. Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans. TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources.
  • Page 81: Configuring Universal Plug And Play

    To enable UPnP: Choose Firewall > Basic Settings > UPnP. STEP 1 Check the Enable box. If disabled, the Cisco RV220W does not allow automatic STEP 2 device configuration. In the LAN field, select the LAN or VLAN on which you want to allow UPnP.
  • Page 82: Viewing Upnp Information

    External Port—Indicates which, if any, external ports are opened by the UPnP device. • IP Address—The IP address of the UPnP device that is accessing the Cisco RV220W. Click Refresh to refresh the portmap table and search for any new UPnP devices.
  • Page 83: Enabling Session Initiation Protocol Application-Level Gateway

    STEP 1 Check the Enable box to enable SIP ALG support. If disabled, the router will not STEP 2 allow incoming calls to the UAC (User Agent Client) behind the Cisco RV220W. Click Save. STEP 3 Configuring the Default Outbound Policy...
  • Page 84: Configuring Firewall Rules

    Configuring Firewall Rules Configuring Firewall Rules All configured firewall rules on the Cisco RV220W are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active), and gives a summary of the “from/to” zone as well as the services and users the rule affects.
  • Page 85 Structured Query Language (SQL)*Net (Oracle) • SSH (TCP or UDP) • STRMWORKS • Terminal Access Controller Access-Control System (TACACS) • Telnet (command) • Trivial File Transfer Protocol (TFTP) • Routing Information Protocol (RIP) • • Simple HTTPD web server Cisco RV220W Administration Guide...
  • Page 86 Configuring the Firewall Configuring Firewall Rules • UDP Encapsulation of IPsec packets (IPSEC-UDP-ENCAP) • IDENT protocol • VDOLive (web video delivery) Cisco RV220W Administration Guide...
  • Page 87 (and other information) is recorded in the log. Enabling logging may generate a significant volume of log messages and is recommended for debugging purposes only. Select Never to disable logging. Cisco RV220W Administration Guide...
  • Page 88 For example, if a machine on the Local Network side is running a telnet server on port 2000, then enable Port Forwarding and enter 2000 in the Translate Port Number field. If the server is listening on the default port 23, then the box can be left unchecked. Cisco RV220W Administration Guide...
  • Page 89: Managing Firewall Rules

    To delete a rule, check the box next to the rule and click Delete. To reorder rules, check the box next to a rule and click Up or Down. The Cisco RV220W applies rules in the order listed. You should usually move the strictest rules (those with the most specific services or addresses) to the top of the list.
  • Page 90: Creating Firewall Schedules

    Creating Firewall Schedules You can create firewall schedules to apply firewall rules on specific days or at specific times of the day. The RV220W firewall support only one schedule per computer (host device). Do NOTE not attempt to create multiple schedules.
  • Page 91: Blocking And Filtering Content And Applications

    Blocking and Filtering Content and Applications Blocking and Filtering Content and Applications The Cisco RV220W supports several content filtering options. You can block certain web applications or components (such as ActiveX or Java). You can set up trusted domains from which to always allow content. You can block access to Internet sites by specifying keywords to block.
  • Page 92: Adding Trusted Domains

    (Optional) To block all URLs except the ones you identify as trusted, or allowed, STEP 4 check Block All URLs by Default. The RV220W then blocks traffic coming from any sites other than the ones in the Approved URLs Table, so use this setting with caution.
  • Page 93: Adding Blocked Urls

    MAC addresses and to allow traffic from all other addresses. • Permit and Block the Rest—Choose this option to permit the traffic from the specified MAC addresses and to block traffic from all other machines on the LAN side of the router. Cisco RV220W Administration Guide...
  • Page 94: Configuring Ip/Mac Address Binding

    IP/MAC Address Binding allows you to bind IP addresses to MAC address. Some machines are configured with static addresses. To prevent users from changing static IP addresses, IP/MAC Binding should be enabled. If the RV220W sees packets with matching IP address but inconsistent MAC addresses, it drops those packets.
  • Page 95: Configuring Port Triggering

    If the outgoing connection uses only one port, then specify the same port number in the Start Port and End Port fields. Cisco RV220W Administration Guide...
  • Page 96: Restricting Sessions

    Restricting Sessions You can limit the maximum number of unidentified sessions and half-open sessions on the Cisco RV220W. You can also introduce timeouts for TCP and UDP sessions to ensure Internet traffic is not deviating from expectations in your private network.
  • Page 97: Configuring Remote Management

    Device Manager. The Device Manager is accessed from a computer on the LAN by using the Cisco RV220W’s LAN IP address and HTTP. You can enable remote management to allow you to access the Cisco RV220W from a remote WAN network.
  • Page 98: Configuring One-To-One Network Address Translation

    Enter the LAN Server IP address. This address should be in the private IP range STEP 3 configured in the One-to-One NAT rules. Choose the service for which the rule applies. STEP 4 Click Save. STEP 5 Cisco RV220W Administration Guide...
  • Page 99: Using Cisco Protectlink Web

    Click Save. STEP 4 Using Cisco ProtectLink Web Cisco ProtectLink Web is a hosted service that runs on the RV220W. It integrates powerful anti-spam, anti-phishing, URL Content Filtering and Web Reputation to block standalone, blended-threat, and customer-specific attacks. These features prevent unwanted content from passing through the router, and protect you from going to websites that are infected with spyware.
  • Page 100: Configuring Approved Clients

    Configuring Approved Clients To configure approved clients, or computers that have unrestricted Internet access: Choose Cisco ProtectLink Web > Global Settings > Approved Clients. STEP 1 Next to Approved Clients List, check the Enable check box to always approve all STEP 2 URL requests from computers listed in the Approved Clients Table.
  • Page 101: Configuring Approved Urls

    Approved URLs Table. Click Save. In the Approved URLs Table, click Add. STEP 3 In the URL field, enter the URL of the approved sire (for example, www.cisco.com) STEP 4 or part of the URL (for example, cisco). In the Match Type field, choose one of the following options: STEP 5 •...
  • Page 102: Configuring Web Reputation

    Using Cisco ProtectLink Web Configuring Web Reputation In Web Reputation, requested URLs are checked against the set security level and the Cisco ProtectLink database in real time. Only URLs that meet the designated criteria are accessible. To configure Web Reputation: Choose Cisco ProtectLink Web >...
  • Page 103: Viewing Cisco Protectlink License Information

    After you have installed Cisco ProtectLink, you can view your license information and see instructions for renewing your license. To view license information: Choose Cisco ProtectLink Web > License > Summary to view a summary of your STEP 1 license.
  • Page 104: Chapter 5: Configuring Virtual Private Networks And Security

    Configuring IPsec Users, page 118 • Configuring VPN Passthrough, page 119 • Using Certificates for Authentication, page 127 • Using the Cisco RV220W With a RADIUS Server, page 130 • Configuring 802.1x Port-Based Authentication, page 131 Cisco RV220W Administration Guide...
  • Page 105: Configuring Vpns

    VPN tunnel. The IP address of the remote NAT router is not known in advance. The gateway WAN port acts as a responder. Creating Cisco QuickVPN Client Users To use the Cisco QuickVPN, you must do the following: Enable remote management. See Configuring Remote Management, page STEP 1 Create QuickVPN users.
  • Page 106: Using The Vpn Wizard

    Enter the Pre-Shared key. The PSK is between 8 and 49 characters and must be STEP 4 entered exactly the same in this field on the RV220W and the remote VPN client or gateway. Double quotes (“) are not allowed.
  • Page 107: Viewing The Default Values

    Wizard creates the matching IKE and VPN policies, you can modify the required fields using the Edit button. Advanced users can create an IKE policy from the Add button, but must be sure to use compatible encryption, authentication, and key- group parameters for the VPN policy. Cisco RV220W Administration Guide...
  • Page 108: Configuring Ike Policies

    If either the Local or Remote identifier type (see Step 4) is not an IP NOTE address, then negotiation is only possible in Aggressive Mode. If FQDN, User FQDN or DER ASN1 DN is selected, the router disables Main mode and sets the default to Aggressive mode. Cisco RV220W Administration Guide...
  • Page 109 • FQDN • User FQDN • DER ASN1 DN If you chose FQDN, User FQDN, or DER ASN1 DN as the identifier type, enter the IP STEP 7 address or domain name in the Identifier field. Cisco RV220W Administration Guide...
  • Page 110 Choose the Diffie-Hellman (DH) Group algorithm, which is used when exchanging STEP 4 keys. The DH Group sets the strength of the algorithm in bits. Ensure that the DH Group is configured identically on both sides of the NOTE IKE policy. Cisco RV220W Administration Guide...
  • Page 111 Client of the remote gateway. • User Database—User accounts created in the router are used to authenticate users. See Configuring IPsec Users, page 118. If you selected IPsec Host, enter the username and password for the host. STEP 2 Cisco RV220W Administration Guide...
  • Page 112: Configuring Vpn Policies

    In the NetBIOS field, check Enable to allow NetBIOS broadcasts to travel over the STEP 4 VPN tunnel, or uncheck this box to disable NetBIOS broadcasts over the VPN tunnel. For client policies, the NetBIOS feature is available by default. Cisco RV220W Administration Guide...
  • Page 113 Single, enter the single IP address in this field and leave the End IP Address field blank. In the End Address field, enter the last IP address in the range. STEP 3 If you chose Subnet as the type, enter the Subnet Mask of the network. STEP 4 Cisco RV220W Administration Guide...
  • Page 114 SHA-1— 20 characters SHA2-256—32 characters SHA2-384— 48 characters SHA2-512—64 characters • Key-Out—Enter the integrity key (for ESP with Integrity-mode) for the outbound policy. The length of the key depends on the algorithm chosen, as shown above. Cisco RV220W Administration Guide...
  • Page 115 Policy Type: Manual Policy Local Gateway: WAN1 Remote Endpoint: 10.0.0.1 Local IP: Subnet 192.168.2.0 255.255.255.0 Remote IP: Subnet 192.168.2.0 255.255.255.0 SPI-Incoming: 0x2222 Encryption Algorithm: DES Key-In: 33334444 Key-Out: 11112222 SPI-Outgoing: 0x1111 Integrity Algorithm: MD5 Key-In: 5566778888776655 Key-Out: 1122334444332211 Cisco RV220W Administration Guide...
  • Page 116 While slower, this protocol helps to prevent eavesdroppers by ensuring that a Diffie-Hellman exchange is performed for every phase-2 negotiation. Choose the IKE policy that will define the characteristics of phase 1 of the STEP 5 negotiation. Cisco RV220W Administration Guide...
  • Page 117: Configuring Vpn Clients

    IKE or VPN policy associated with this SA. State Status of the SA for IKE policies: Not Connected or IPsec SA Established. Tx (KB) Kilobytes of data transmitted over this SA. Tx (Packets) Number of IP packets transmitted over this SA. Cisco RV220W Administration Guide...
  • Page 118: Configuring Ipsec Users

    Change Password box to allow the QuickVPN user to change their password. Uncheck if you would like to maintain the password for them. Enter the alphanumeric password for this user STEP 5 Enter the password again to confirm. STEP 6 Click Save. STEP 7 Cisco RV220W Administration Guide...
  • Page 119: Configuring Vpn Passthrough

    VPN passthrough allows VPN traffic that originates from VPN clients to pass through the router. For example, if you are not using a VPN that is configured on the RV220W, but are using a laptop to access a VPN at another site, configuring VPN passthrough allows that connection.
  • Page 120: Configuring The Ssl Vpn Server

    (Optional) In the Portal Site Title field, enter the portal web browser window title STEP 4 that appears when the client accesses this portal. (Optional) In the Banner Title field, enter the banner title that is displayed to SSL STEP 5 VPN clients prior to login. Cisco RV220W Administration Guide...
  • Page 121: Configuring Ssl Vpn Policies

    If you chose Group, select the group to which to apply the policy in the Available STEP 4 Groups list. If you chose User, select the group to which to apply the policy in the Available Users list. Cisco RV220W Administration Guide...
  • Page 122 To apply the policy only to the SSL VPN Port Forwarding tunnels you have configured for your router, choose Port Forwarding. To apply the policy to all SSL VPN and SSL VPN Port Forwarding tunnels, choose All. Cisco RV220W Administration Guide...
  • Page 123: Identifying Network Resources

    In the Resource Name field, enter a unique identifier name for the resource. STEP 3 In the Service field, choose the type of resource: VPN Tunnel, Port Forwarding, or STEP 4 All. Click Save. STEP 5 Cisco RV220W Administration Guide...
  • Page 124: Configuring Port Forwarding

    The application was previously configured and is listed in the Configured Applications for Port Fowarding Table. Enter the fully-qualified domain name, or the domain name of the internal server. STEP 3 Click Save. STEP 4 Cisco RV220W Administration Guide...
  • Page 125: Configuring The Ssl Vpn Client

    Configuring the SSL VPN Client An SSL VPN tunnel client provides a point-to-point connection between the browser-side machine and the RV220W. When an SSL VPN connection is launched from the user portal, a virtual network adapter with an IP address and...
  • Page 126: Configuring Client Routes

    When the end user connects via SSL VPN, the user can only access the email server and nothing else. Without this the Port Forwarding option, the end user has full access to everything on the LAN side of the VPN server. Cisco RV220W Administration Guide...
  • Page 127: Configuring Security

    RADIUS server support, and 802. 1 x port-based authentication. Using Certificates for Authentication The RV220W uses digital certificates for IPsec VPN authentication and SSL validation (for HTTPS and SSL VPN authentication). You can obtain a digital certificate from a well-known Certificate Authority (CA) such as VeriSign, or generate and sign your own certificate using functionality available on this gateway.
  • Page 128: Uploading Ca Certificates

    Browse to select the certificate file and press Upload. STEP 2 Uploading Self Certificates To upload self certificates: In the Active Self Certificates Table, click Upload. STEP 1 Browse to select the certificate file and press Upload. STEP 2 Cisco RV220W Administration Guide...
  • Page 129: Generating A Self Certificate Request

    To download the router’s current certificate: Locate the Download Settings section. STEP 1 next to Download Router Certificate, click Download. STEP 2 The current certificate is downloaded to the PC from which you are accessing the Device Manager. Cisco RV220W Administration Guide...
  • Page 130: Using The Cisco Rv220W With A Radius Server

    Enter the Authentication Port, or the port number on which the RADIUS server STEP 3 sends traffic. In the Secret field, enter the shared key that allows the RV220W to authenticate STEP 4 with the RADIUS server. This key must match the key configured on the RADIUS server.
  • Page 131: Configuring 802.1X Port-Based Authentication

    It also prevents access to that port in cases where the authentication fails. It provides an authentication mechanism to devices trying to connect to a LAN. The RV220W acts as a supplicant in the 802. 1 x authentication system.
  • Page 132: Chapter 6: Configuring Quality Of Service

    Configuring Quality of Service The RV220W provides configuration for Quality of Service (QoS) features, such as bandwidth profiles, traffic selectors, and traffic meters. It contains the following sections: • Configuring Bandwidth Profiles, page 133 • Configuring Traffic Selectors or Flows, page 134 •...
  • Page 133: Configuring Bandwidth Profiles

    Rate (to limit bandwidth by the transmission rate. If you chose Priority, enter the priority for this profile (low, medium, or high). If you STEP 4 chose Rate, enter the minimum and maximum bandwidth rates in kilobytes per second. Click Save. STEP 5 Cisco RV220W Administration Guide...
  • Page 134: Configuring Traffic Selectors Or Flows

    VLAN—Select the VLAN on the router to which traffic rules will be applied. • DSCP—Enter the DSCP value. • BSSIDs—Choose the Basic Service Set Identifier, or the MAC address of the Wireless Access Point (WAP). Click Save. STEP 6 Cisco RV220W Administration Guide...
  • Page 135: Configuring Traffic Metering

    The This Month's Limit field displays the data transfer limit applicable NOTE for this month, which is the sum of the value in the Monthly Limit field and the Increase this Month's Limit field. Cisco RV220W Administration Guide...
  • Page 136 % of Standard Limit—The amount of traffic, in percent that passed through this interface against the Monthly Limit. • % of this Month’s Limit—The amount of traffic, in percent, that passed through this interface against this Month’s Limit (if the month’s limit has been increased). Cisco RV220W Administration Guide...
  • Page 137: Configuring 802.1P

    Choose QoS > 802. 1 p > 802. 1 p to Queue Mapping. STEP 1 For each priority, select the queue mapping corresponding to the service from the STEP 2 following queue values: Lowest, Low, Medium or High. Click Save to submit your changes. STEP 3 Cisco RV220W Administration Guide...
  • Page 138: Configuring 802.1P Cos To Dscp Remarking

    Choose QoS > 802. 1 p > 802. 1 p COS to DSCP Remarking. STEP 1 For each 802. 1 p priority value, enter a priority value (range is from 0 to 63). STEP 2 Click Save. STEP 3 Cisco RV220W Administration Guide...
  • Page 139: Chapter 7: Administering Your Cisco Rv220W

    Administering Your Cisco RV220W This chapter describes the administration features of the RV220W, including creating users, configuring network management, diagnostics and logging, date and time, and other settings. It contains the following sections: • Setting Password Complexity, page 140 •...
  • Page 140: Setting Password Complexity

    Enable. Configuring User Accounts The RV220W provides user accounts for administering and viewing settings. Users can belong to groups, or logical groupings of SSL VPN users that share the authentication domain, LAN and service access rules, and idle timeout settings.
  • Page 141: Configuring Domains

    Administering Your Cisco RV220W Configuring User Accounts Configuring Domains You configure domains that will contain groups of SSL VPN users. To configure a domain: Choose Administration > Users > Domains. The default domain (SSLVPN) is STEP 1 displayed in the Domains Table and noted with an asterisk (*). You cannot modify this domain.
  • Page 142: Configuring Groups

    Administering Your Cisco RV220W Configuring User Accounts If you chose Active Directory authentication in Step 4, enter the Active Directory STEP 10 domain name. Users that are registered in the Active Directory database can access the SSL VPN portal using their Active Directory username and password.
  • Page 143: Configuring Users

    Administering Your Cisco RV220W Configuring User Accounts Configuring Users Change the administrator name and password as soon as possible. CAUTION To add more user accounts, or edit user accounts: Choose Administration > Users > Users. STEP 1 Click Add to add a new user account, or check the box next to the existing account STEP 2 you want to change and press Edit.
  • Page 144: Configuring Simple Network Management

    To configure SNMP, choose Administration > Network Management. Editing SNMPv3 Users SNMPv3 parameters can be configured for the two default RV220W user accounts (Admin and Guest). To configure: Choose Administration > Network Management > SNMP. STEP 1 In the SNMPv3 Users List Table, check the box for the user to edit and click Edit.
  • Page 145: Adding Snmp Traps

    Administering Your Cisco RV220W Configuring Simple Network Management Adding SNMP Traps The Traps List Table lists IP addresses of SNMP agents to which the router will send trap messages (notifications) and allows several operations on the SNMP agents. To add a new trap: In the Traps List Table, click Add.
  • Page 146: Configuring Access Control Rules

    Administering Your Cisco RV220W Configuring Simple Network Management Configuring Access Control Rules The SNMP Access Control List is a table of access rules that enables read-only or read-write access for select IP addresses in a defined SNMP agent's community. To configure access control rules: In the Access Control List Table, click Add.
  • Page 147: Using Diagnostic Tools

    Using Traceroute This utility will display all the routers present between the destination IP address and the RV220W. Up to 30 “hops” (intermediate routers) between this router and the destination will be displayed. Enter an IP address and click Traceroute.
  • Page 148: Configuring Logging

    Administering Your Cisco RV220W Configuring Logging Configuring Logging The RV220W provides remote and local logging. To configure logging, choose Administration > Logging and select the type of logging to configure. Configuring Local Logging The router can be configured to log and e-mail notifications for denial of service attacks, general attack information, login attempts, dropped packets, and so on, to a specified e-mail address or a Syslog server.
  • Page 149: Configuring Remote Logging

    Administering Your Cisco RV220W Configuring Logging System Logs Select the type of system events to be logged. The following system events can be recorded: • All Unicast Traffic—Check this box to log all unicast packets directed to the router. •...
  • Page 150 Administering Your Cisco RV220W Configuring Logging • Send To E-mail Address(2)—Enter the e-mail address where the logs and alerts are to be sent. • Send To E-mail Address(3)—Enter the e-mail address where the logs and alerts are to be sent.
  • Page 151: Configuring The Logging Type And Notification

    Administering Your Cisco RV220W Configuring Logging Configuring the Logging Type and Notification There are a variety of events that can be captured and logged for review. These logs can be sent to a server or e-mailed as configured. To configure, choose Administration >...
  • Page 152: Configuring Bonjour Discovery

    Administering Your Cisco RV220W Configuring Bonjour Discovery Configuring Bonjour Discovery Bonjour is a service advertisement and discovery protocol. For the RV220W, Bonjour only advertises the default services configured on the device when Bonjour is enabled. To enable Bonjour: Choose Administration > Discovery Settings > Discovery - Bonjour.
  • Page 153: Configuring Date And Time Settings

    Administering Your Cisco RV220W Configuring Date and Time Settings Configuring Date and Time Settings You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol (NTP) server to synchronize the date and time.
  • Page 154: Importing A Csv File

    After the restore, the router restarts automatically with the restored settings. Importing a CSV File You can simplify user, group, and domain creation by creating a CSV file and importing it into the RV220W. The Format of the .csv file is as follows: "<SSLVPNDomain Code>", "<DomainName>", "<PortalLayoutName>", "<AuthenticationType>", "<AuthenticationServer>", "<AuthenticationRadiusSecret>", "<NTDomainWorkGroup>", "<LDAPBaseDN>",...
  • Page 155 Administering Your Cisco RV220W Importing a CSV File "<SSLVPNGroup Code>", "<GroupName>", "<DomainName>", "<GroupTimeOut>" Possible Values: • SSLVPNGroup Code - 4 • GroupName - String • DomainName - String • GroupTimeOut - integer "<SNMPv3USER Code>","<userName>", "<accessType>", "<securityLevel>","<authAlgo>","<authPassword>","<privAlgo>","<privPassword> " Possible Values: •...
  • Page 156 IPSECUSER Code: 1 • Username - String • Password - String • UserType - boolean (0 - Standard Ipsec / 1 - Cisco Quick VPN) • AllowChangePassword - boolean "<SSLVPNUSER Code>", "<UserName>", "<FirstName>", "<LastName>", "<GroupName>", "<UserType>", "<UserTimeOut>", "<DenyLogin>", "<DenyLoginFromWan>", "<LoginFromIP>", "<LoginFromBrowser>", "<Password>"...
  • Page 157: Upgrading Firmware

    Administering Your Cisco RV220W Upgrading Firmware To import a .csv file: Choose Administration > CSV File Import. STEP 1 Click Browse. STEP 2 On your computer, locate and select the .csv file. Click Import. STEP 3 Upgrading Firmware During a firmware upgrade, do not try to go online, turn off the device, shut down CAUTION the PC, or interrupt the process in any way until the operation is complete.
  • Page 158: Rebooting The Cisco Rv220W

    Administering Your Cisco RV220W Rebooting the Cisco RV220W Rebooting the Cisco RV220W To reboot the router, choose Administration > Reboot Router. Click Reboot. Restoring the Factory Defaults During a restore operation, do not try to go online, turn off the router, shut down the CAUTION PC, or do anything else to the router until the operation is complete.
  • Page 159: Chapter 8: Viewing The Rv220W Status

    Viewing the RV220W Status This chapter describes how to view real-time statistics for the RV220W and contains the following sections: • Viewing the System Summary, page 160 • Viewing the Wireless Statistics, page 163 • Viewing the IPsec Connection Status, page 165 •...
  • Page 160: Viewing The System Summary

    • PID VID—Product ID and vendor ID of the device. • Serial Number—RV220W serial number. ProtectLink License Info Contains licensing information for Cisco ProtectLink Web. LAN Information • MAC Address—Hardware address. • IPv4 Address—Address and subnet mask of the device.
  • Page 161 Viewing the RV220W Status Viewing the System Summary WAN Information (IPv4) The WAN Information provides the current status of the WAN interfaces. It provides details about WAN interface and also provides actions that can be taken on that particular WAN interface. The actions that can be taken differ with the connection type.
  • Page 162 Viewing the RV220W Status Viewing the System Summary WAN Information (IPv6) Provides IPv6 WAN information. • Connection Time—Displays the time duration for which the connection is • Connection Type—Indicates if the WAN IPv4 address is obtained dynamically through a DHCP server, assigned statically by the user, or obtained through a PPPoE/PPTP/L2TP ISP connection.
  • Page 163: Viewing The Wireless Statistics

    Viewing the RV220W Status Viewing the Wireless Statistics Available Access Points Table The table displays the list of Access Points currently enabled in the device. The table also displays information related to the Access Point, such as Security and Encryption methods used by the Access Point.
  • Page 164 Viewing the RV220W Status Viewing the Wireless Statistics Radio Statistics A given radio can have multiple Virtual APs (VAPs) configured and active concurrently. This table indicates cumulative statistics for the available radio(s). • Packets—The number of transmitted/received (Tx/Rx) wireless packets reported to the radio, over all configured APs.
  • Page 165: Viewing The Ipsec Connection Status

    Viewing the RV220W Status Viewing the IPsec Connection Status Viewing the IPsec Connection Status To view the status of IPsec connections, choose Status > IPsec Connection. Click Refresh to obtain the latest information. The IPsec Connection Status window displays the status of IPSec connections.
  • Page 166: Viewing The Quickvpn Connection Status

    Viewing the RV220W Status Viewing the QuickVPN Connection Status Viewing the QuickVPN Connection Status To view the status of QuickVPN connections, choose Status > QuickVPN Connection. Click Refresh to obtain the latest information. The QuickVPN Connection Status window displays the status of QuickVPN connections and allows you to DROP any existing active (ONLINE) connections.
  • Page 167: Viewing Logs

    Viewing the RV220W Status Viewing Logs Viewing Logs To view all logs, choose Status > View All Logs. Click Refresh to obtain the latest information. This window displays the system event log, which can be configured to log login attempts, DHCP server messages, reboots, firewall messages and other information.
  • Page 168: Viewing The Port Triggering Status

    Viewing the RV220W Status Viewing the Port Triggering Status Viewing the Port Triggering Status To view the status of port triggering, choose Status > Port Triggering Status. Click Refresh to obtain the latest information. The Port Triggering Status window provides information on the ports that have been opened per the port triggering configuration rules.
  • Page 169: Viewing Port Statistics

    • Uptime—The duration for which the interface has been active. The uptime will be reset to zero when the RV220W or the interface is restarted. Poll Interval—Enter a value in seconds for the poll interval. This causes the page to re-read the statistics from the RV220W and refresh the page automatically.
  • Page 170: Viewing Active Users

    The following are the tunnel-specific fields: • Local PPP Interface—The name of the PPP interface on the RV220W associated with the SSL VPN tunnel. This information may be useful if telnet/console access is available to the user for cross-verification.
  • Page 171 Poll Interval field, enter a value in seconds for the poll interval. This causes the page to re-read the statistics from the RV220W and refresh the page automatically. To modify the poll interval, click the Stop button and then click Start to restart automatic refresh.
  • Page 172: Appendix A: Using Cisco Quickvpn

    Using Cisco QuickVPN Overview This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from Cisco.com. QuickVPN works with computers running Windows 7, Windows XP, Windows Vista, or Windows 2000. (Computers using other operating systems will have to use third-party VPN software.) This appendix includes the following sections: •...
  • Page 173: Installing The Cisco Quickvpn Software

    The License Agreement window appears. Click Yes to accept the agreement. STEP 2 License Agreement Choose the destination to which you want to copy the files (for example, C:\Cisco STEP 3 Small Business\QuickVPN Client). Click Browse and choose a new location if you don’t want to use the default location.
  • Page 174 Using Cisco QuickVPN Installing the Cisco QuickVPN Software Copying Files Finished Installing Files Click Finish to complete the installation. Proceed to “Using the Cisco QuickVPN STEP 5 Software,” on page 175. Cisco RV220W Administration Guide...
  • Page 175: Downloading And Installing From The Internet

    Configuring IPsec Users, page 118. In the Server Address field, enter the IP address or domain name of the RV220W. In the Port For QuickVPN field, enter the port number that the QuickVPN client will use to communicate with the remote VPN router, or keep the default setting, Auto.
  • Page 176 Using Cisco QuickVPN Using the Cisco QuickVPN Software QuickVPN Login To save this profile, click Save. (If there are multiple sites to which you will need to create a tunnel, you can create multiple profiles, but note that only one tunnel can be active at a time.) To delete this profile, click Delete.
  • Page 177 Using Cisco QuickVPN Using the Cisco QuickVPN Software QuickVPN Status To terminate the VPN tunnel, click Disconnect. To change your password, click Change Password. For information, click Help. If you clicked Change Password and have permission to change your own STEP 5 password, you will see the Connect Virtual Private Connection window.
  • Page 178: Appendix B: Where To Go From Here

    Where to Go From Here Cisco provides a wide range of resources to help you obtain the full benefits of the Cisco Small Business RV220W Wireless-N Network Security Firewall. Product Resources Support Cisco Small Business www.cisco.com/go/smallbizsupport Support Community Online Technical www.cisco.com/support...