1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Firewall
  5. RV120W
  6. Administration manual

Cisco RV 120W Administration Manual

Wireless-n vpn firewall
Hide thumbs Also See for RV 120W:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual
ADMINISTRATION
GUIDE
Cisco Small Business
RV 120W Wireless-N VPN Firewall

Advertisement

Table of Contents
loading

Related Manuals for Cisco RV 120W

Summary of Contents for Cisco RV 120W

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business RV 120W Wireless-N VPN Firewall...
  • Page 2 Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access...

  • Page 3: Table Of Contents

    Entering Login and Internet Connection Information Configuring Security Manually Connecting Your System Verifying the Hardware Installation Connecting to Your Wireless Network Getting Started in the Cisco RV 120W Device Manager Logging In Using the Getting Started Page Navigating through the Pages Saving Your Changes...
  • Page 4 Configuring Internet Address Information Configuring Domain Name System (DNS) Server Information Configuring Maximum Transmit Unit (MTU) Configuring the Cisco RV 120W Media Access Control (MAC) Address Configuring the WAN for an IPv6 Network Configuring a Static IP Address Configuring DHCPv6...
  • Page 5 Chapter 3: Configuring the Wireless Network A Note About Wireless Security Wireless Security Tips General Network Security Guidelines Understanding the Cisco RV 120W’s Wireless Networks Configuring Wireless Profiles Configuring the Group Key Refresh Interval Configuring RADIUS Authentication Parameters Configuring Access Points Enabling or Disabling APs Editing an AP’s Properties...
  • Page 6 Contents Chapter 4: Configuring the Firewall Cisco RV 120W Firewall Features Configuring Basic Firewall Settings Protecting from Attacks Configuring Universal Plug and Play (UPnP) Viewing UPnP Information Enabling Session Initiation Protocol Application-Level Gateway (SIP ALG) 78 Configuring the Default Outbound Policy...
  • Page 7 Uploading CA Certificates Uploading Self Certificates Generating a Self Certificate Request Downloading the Router’s Current Certificate Using the Cisco RV 120W With a RADIUS Server Configuring 802.1x Port-Based Authentication Chapter 6: Configuring Quality of Service (QoS) Configuring Bandwidth Profiles Configuring Traffic Flows Configuring Traffic Metering Configuring 802.1p...
  • Page 8 Backing Up and Restoring the System Upgrading Firmware Rebooting the Cisco RV 120W Restoring the Factory Defaults Appendix A: Using Cisco QuickVPN for Windows 2000, XP, or Vista Overview Before You Begin Installing the Cisco QuickVPN Software Installing from the CD-ROM...

  • Page 9: Chapter 1: Introduction

    Getting Started in the Cisco RV 120W Device Manager, page 18 Product Overview Thank you for choosing the Cisco Small Business RV 120W Wireless-N VPN Firewall. The Cisco RV 120W is an advanced Internet-sharing network solution for your small business needs. It allows multiple computers in your office to share an Internet connection through both wired and wireless connections.

  • Page 10: Cisco Rv 120W Administration Guide

    Explorer, Firefox, and Safari web browsers. The Cisco RV 120W also provides a setup wizard and VPN wizard. The setup wizard allows you to easily configure the Cisco RV 120W’s basic settings. You can use the VPN wizard to easily configure VPN tunnels.

  • Page 11: Getting To Know The Cisco Rv 120W

    LAN—These four LEDs correspond to the four LAN (Ethernet) ports of the Cisco RV 120W. If the LED is continuously lit green, the Cisco RV 120W is connected to a device through the corresponding port (1, 2, 3, or 4). The LED for a port flashes green when the Cisco RV 120W is actively sending or receiving data over that port.

  • Page 12: Back Panel

    WAN Port—The WAN port is connected to your Internet device, such as a cable or DSL modem. ON/OFF Power Switch—Press this button to turn the Cisco RV 120W on and off. When the button is pushed in, power is on.

  • Page 13: Mounting The Cisco Rv 120W

    Introduction Mounting the Cisco RV 120W Mounting the Cisco RV 120W You can place your Cisco RV 120W on a desktop or mount it on a wall. Installation Guidelines • Ambient Temperature—To prevent the device from overheating, do not operate it in an area that exceeds an ambient temperature of 104°F (40°C).
  • Page 14 Introduction Mounting the Cisco RV 120W Place the wall-mount slots over the screws and slide the device down until the STEP 3 screws fit snugly into the wall-mount slots. Cisco RV 120W Administration Guide...

  • Page 15: Connecting The Equipment

    Ethernet cables for LAN interfaces, if you want to connect additional devices. Cisco recommends that you use the Setup Wizard to connect and configure your Cisco RV 120W. If you do not want to use the setup wizard, skip to the “Manually Connecting Your System” section on page...

  • Page 16: Using The Setup Wizard

    Make sure that all of the network hardware is powered off, including the STEP 1 Cisco RV 120W and cable or DSL modem. Insert the CD that shipped with the Cisco RV 120W into the PC you are using to STEP 2 configure the Cisco RV 120W. The Setup Wizard automatically begins.

  • Page 17: Connecting Your Hardware

    You should have an Ethernet cable connecting your PC to the cable or DSL STEP 1 modem. Unplug one end of the cable from your PC and plug it into the port marked “WAN” on the device. Click Next. Cisco RV 120W Administration Guide...
  • Page 18 (In this example, the LAN 2 port is used.) Connect the other end to an Ethernet port on the PC that is running the Setup Wizard. Click Next. Power on the cable or DSL modem and wait until the connection is active. STEP 3 Cisco RV 120W Administration Guide...
  • Page 19 Introduction Connecting the Equipment Connect the power adapter to the Cisco RV 120W power port. Click Next. STEP 4 Use only the power adapter that is supplied with the device. Using a different CAUTION power adapter could damage the device.
  • Page 20 Introduction Connecting the Equipment On the Cisco RV 120W, push in the ON/OFF POWER SWITCH button. The Setup STEP 6 Wizard searches for the Cisco RV 120W. The POWER LED on the front panel lights up green when the power adapter is connected properly and the device is turned on.

  • Page 21: Entering Login And Internet Connection Information

    Introduction Connecting the Equipment Entering Login and Internet Connection Information Enter the username and password for your Cisco RV 120W. The default username STEP 1 and password are both admin. Click Next. Choose your Internet connection type: STEP 2 •...

  • Page 22: Configuring Security

    Click Next. To configure your home network, click Next. STEP 6 Configuring Security Enter a new Cisco RV 120W administration password and click Next. For security STEP 1 reasons, you should not use the default password. Follow these password guidelines: •...
  • Page 23 Enter a security key (must be at least 8 and no more than 63 characters) or use the randomly-generated one provided by the Cisco RV 120W. Keys should contain a mix of letters (both upper- and lowercase), numbers, and symbols.

  • Page 24: Manually Connecting Your System

    The Cisco RV 120W configures your connection and displays a status message if STEP 5 the configuration is successful. Click Next. The Cisco RV 120W displays a message if it has been configured and is STEP 6 successfully connected to the Internet. Click Finish.

  • Page 25: Verifying The Hardware Installation

    Introduction Verifying the Hardware Installation See the “Getting Started in the Cisco RV 120W Device Manager” section on page 18 for more information. Verifying the Hardware Installation To verify the hardware installation, complete the following tasks: • Check the LED states, as described in...

  • Page 26: Getting Started In The Cisco Rv 120W Device Manager

    Logging In To use the Device Manager: On a PC connected to a LAN port on the back panel of the Cisco RV 120W, start STEP 1 your web browser. (If you have performed the initial configuration using the Setup Wizard, you can connect using the Cisco RV 120W’s wireless connection.)

  • Page 27: Using The Getting Started Page

    Introduction Getting Started in the Cisco RV 120W Device Manager In the Username and Password fields, enter the default user name (which is admin) STEP 3 and password (which is also admin), in lowercase letters. Then click Log In. Using the Getting Started Page The Getting Started page displays some of the most common configuration tasks.

  • Page 28: Navigating Through The Pages

    Introduction Getting Started in the Cisco RV 120W Device Manager Navigating through the Pages Use the navigation tree in the left pane to open the configuration pages. Click a menu item on the left panel to expand it. Click the menu names displayed underneath to perform an action or view a sub-menu.

  • Page 29: Saving Your Changes

    Introduction Getting Started in the Cisco RV 120W Device Manager Saving Your Changes When you finish making changes on a configuration page, click Save to save the changes, or click Cancel to undo your changes. Cisco RV 120W Administration Guide...

  • Page 30: Viewing The Help Files

    To view more information about a configuration page, click the Help link near the top right corner of the page. Viewing Device Statistics The Cisco RV 120W provides real-time statistics for the device. To access statistics, in the Device Manager, choose Status. Viewing the System Summary To view the system summary, choose Status >...
  • Page 31 The Dedicated WAN Info displays information about the WAN port. • MAC Address—MAC Address of the WAN port. • Connection Time—Displays the time duration for which the connection is Cisco RV 120W Administration Guide...
  • Page 32 Country—Displays the country for which the radio is configured. • Operating Frequency—Displays the operational frequency band. • Wireless Network Mode—Displays the Wi-Fi™ mode of the radio (for example, N or N/G,). • Channel—Displays the current channel in use by the radio. Cisco RV 120W Administration Guide...

  • Page 33: Viewing The Wireless Status

    APs. • Errors—The number of transmitted/received (tx/rx) packet errors reported to the radio, over all configured APs. • Dropped—The number of transmitted/received (tx/rx) packets dropped by the radio, over all configured APs. Cisco RV 120W Administration Guide...

  • Page 34: Viewing The Ipsec Connection Status

    Tx KB—The data transmitted (in KB) over this SA. • Tx Packets—The number of IP packets transmitted over this SA. • State—The current status of the SA for IKE policies. The status can be Not Connected or IPsec SA Established. Cisco RV 120W Administration Guide...

  • Page 35: Viewing The Quickvpn Connection Status

    DHCP server messages, reboots, firewall messages and other information. • Facility—From the drop-down list, select the type of logs to display: All, Kernel, System, IPSec VPN, Local0-Wireless. Kernel logs are those that are a part of the kernel code (for example, firewall). Cisco RV 120W Administration Guide...

  • Page 36: Viewing Available Lan Hosts

    Click Refresh to refresh the current page and obtain the latest statistics. Viewing Port Statistics This table displays the data transfer statistics for the Dedicated WAN, LAN, and WLAN ports, including the duration for which they were enabled. The following data is displayed: Cisco RV 120W Administration Guide...
  • Page 37 Poll Interval—Enter a value in seconds for the poll interval. This causes the page to re-read the statistics from the router and refresh the page automatically. To modify the poll interval, click the Stop button and then Start to restart automatic refresh. Cisco RV 120W Administration Guide...

  • Page 38: Chapter 2: Configuring Networking

    Internet connection you have. See the sections below for detailed instructions. Configuring the Internet Connection Type If your Internet connection does not require a login, you do not need to configure the NOTE ISP Connection Type fields. Cisco RV 120W Administration Guide...
  • Page 39 Enter the IP address assigned to you by your ISP in the My IP Address field. e. Enter the IP address of your ISP’s server in the Server IP Address field. Go to “Configuring Maximum Transmit Unit (MTU)” on page Cisco RV 120W Administration Guide...

  • Page 40: Configuring Internet Address Information

    Source Field, choose Use Static IP Address and enter the following: • IP address assigned to you by your ISP. • IPv4 subnet mask assigned to you by your ISP. • ISP gateway's IP address. Click Save. STEP 2 Cisco RV 120W Administration Guide...

  • Page 41: Configuring Domain Name System (Dns) Server Information

    Configuring the Cisco RV 120W Media Access Control (MAC) Address The router has a unique 48-bit local Ethernet hardware address. In most cases, the default MAC address is used to identify your Cisco RV 120W to your ISP. However, you can change this setting if required by your ISP.

  • Page 42: Configuring The Wan For An Ipv6 Network

    Choose Networking > IPv6 > Routing Mode and select IPv4 / IPv6 mode. Click Save. The Cisco RV 120W can be configured to be a DHCPv6 client of the ISP for this WAN or a static IPv6 address provided by the ISP can be assigned.

  • Page 43: Configuring Dhcpv6

    Configuring the Wide Area Network (WAN) Enter the primary and secondary DNS server IP addresses on the ISP's IPv6 STEP 5 network. DNS servers map Internet domain names (for example, www.cisco.com) to IP addresses. Choose the method by which the router obtains an IP address: STEP 6 Click Save.

  • Page 44: Configuring The Local Area Network (Lan)

    Configuring Networking Configuring the Local Area Network (LAN) • PAP—The Cisco RV 120W uses Password Authentication Protocol when connecting with the ISP. • CHAP—The Cisco RV 120W uses Challenge Handshake Authentication Protocol when connecting with the ISP. • MS-CHAP or MS-CHAPv2—The Cisco RV 120W uses Microsoft Challenge Handshake Authentication Protocol when connecting with the ISP.

  • Page 45: Changing The Default Cisco Rv 120W Ip Address

    Choose Networking > LAN > LAN Configuration. STEP 1 In the IP address field, enter the new IP address for your Cisco RV 120W. The STEP 2 default IP address is 192. 1 68. 1 . 1 . You might want to change the default IP address if that address is assigned to another piece of equipment in your network.

  • Page 46: Configuring The Lan Dns Proxy

    Choose Networking > LAN > LAN Configuration. STEP 1 In the LAN Proxy section, to enable the Cisco RV 120W to act as a proxy for all STEP 2 DNS requests and communicate with the ISP's DNS servers, check Enable DNS Proxy.

  • Page 47: Configuring Virtual Lans (Vlans)

    The VLAN ID can range from 2 to 4094. VLAN ID 1 is reserved for the default VLAN, which is used for untagged frames received on the interface, and VLAN ID 4092 is reserved and cannot be used. Cisco RV 120W Administration Guide...

  • Page 48: Configuring Port Vlans

    STEP 6 Configuring Port VLANs You can associate VLANS on the Cisco RV 120W to the LAN ports on the device. By default, all 4 ports belong to VLAN1. You can edit these ports to associate them with other VLANS.

  • Page 49: Associating The Wireless Port To Vlans

    STEP 7 Associating the Wireless Port to VLANs You can associate wireless VLANS on the Cisco RV 120W to the wireless port on the device. To associate the wireless port to a VLAN: Choose Networking > LAN > Port VLAN.

  • Page 50: Configuring Multiple Vlan Subnets

    Enter the Subnet Mask for the new IP address. c. Click Save. If you are connected to the Cisco RV 120W by the LAN port that is a member of this VLAN, you might have to release and renew the IP address on the PC connected to the LAN port, or manually assign an IP address to your PC that is in the same subnet as the VLAN.

  • Page 51: Configuring Ipv6 Lan Properties

    Under LAN TCP/IP Setup, in the IPv6 address field, enter the IP address of the STEP 2 Cisco RV 120W. The default IPv6 address for the gateway is fec0::1. You can change this 128 bit IPv6 address based on your network requirements.

  • Page 52: Configuring Ipv6 Address Pools

    Choose the DHCP mode. If stateless is selected, an external IPv6 DHCP server is STEP 5 not required as the IPv6 LAN hosts are auto-configured by the Cisco RV 120W. In this case, the router advertisement daemon (RADVD) must be configured on this device and ICMPv6 router discovery messages are used by the host for auto- configuration.

  • Page 53: Configuring Lan Groups

    Adding a Static IP Address for a Device on the LAN You can configure an IP Address and MAC Address for a known computer or device on the LAN network from the LAN Interface menu. Cisco RV 120W Administration Guide...

  • Page 54: Viewing Dhcp Leased Clients

    STEP 2 Configuring a DMZ Host The Cisco RV 120W supports DMZ options. A DMZ is a sub-network that is open to the public but behind the firewall. DMZ allows you to redirect packets going to your WAN port IP address to a particular IP address in your LAN. It is recommended that hosts that must be exposed to the WAN (such as web or e-mail servers) be placed in the DMZ network.

  • Page 55: Configuring Internet Group Management Protocol (Igmp)

    To configure IGMP: Choose Networking > LAN > IGMP Configuration. STEP 1 Check the Enable box to allow IGMP communication between the router and other STEP 2 nodes in the network. Click Save. STEP 3 Cisco RV 120W Administration Guide...

  • Page 56: Configuring Routing

    IP addresses from computers on the Internet. If your ISP has assigned you a single IP address, you want to use NAT so that the computers that connect through the Cisco RV 120W are assigned IP addresses from a private subnet (for example, 192. 1 68. 1 0.0).

  • Page 57: Configuring Static Routing

    Static routes can be used together with dynamic routes. Be careful not to introduce routing loops in your network. To create a static route: Select Networking > Routing > Static Routing. STEP 1 In the list of static routes, click Add. STEP 2 Cisco RV 120W Administration Guide...

  • Page 58: Configuring Dynamic Routing

    It allows the router to exchange its routing information automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to changes in the network. Cisco RV 120W Administration Guide...
  • Page 59 Configuring Networking Configuring Routing RIP is disabled by default on the Cisco RV 120W. NOTE To configure dynamic routing: Choose Networking > Routing > Dynamic Routing. STEP 1 To configure how the router sends and receives RIP packets, choose the RIP...

  • Page 60: Configuring Port Management

    Click Save. STEP 5 Configuring Port Management The Cisco RV 120W has four LAN ports. You can enable or disable ports, configure if the port is half- or full-duplex, and set the port speed. To configure LAN ports: Choose Networking > Port Management.

  • Page 61: Configuring Dynamic Dns (Ddns)

    Enter the user key for the TZO account. d. Check the Update Every 30 Days box to configure the router to update the host information on TZO.com and keep the subscription active after the 30-day trial. Cisco RV 120W Administration Guide...

  • Page 62: Configuring Ipv6

    Set the Routing Mode to IPv4/IPv6 mode. See Configuring the Routing Mode, page Configuring the Routing Mode To configure IPv6 properties on the Cisco RV 120W, set the routing mode to IPv6: Choose Networking > IPv6 > Routing Mode. STEP 1 Select IPv4/IPv6 and click Save.

  • Page 63: Configuring Rip Next Generation (Ripng)

    The hop count from a router to a directly- connected network is 0. The hop count between two directly-connected routers is 1. When the hop count is greater than or equal to 16, the destination network or Cisco RV 120W Administration Guide...

  • Page 64: Configuring Ipv6 To Ipv4 Tunneling

    Intra-site automatic tunnel addressing protocol is a method to transmit IPv6 packets between dual-stack nodes over an IPv4 network. The Cisco RV 120W is one endpoint (a node) for the tunnel. You must also set a local endpoint, as well as the ISATAP Subnet Prefix that defines the logical ISATAP subnet to configure a tunnel.

  • Page 65: Viewing Ipv6 Tunnel Information

    Choose the local endpoint address, or the endpoint address for the tunnel that STEP 4 starts with the Cisco RV 120W. The endpoint can be the LAN interface (if the LAN is configured as an IPv4 network), or a specific LAN IPv4 address.
  • Page 66 Internet using their existing IPv4 connection • Global/ISATAP—By using ISATAP, you can integrate IPv6 traffic into a IPv4 network environment. ISATAP uses a locally assigned IPv4 address to create a 64-bit interface identifier for IPv6. Cisco RV 120W Administration Guide...
  • Page 67 Enter the prefix lifetime, or the length of time over which the requesting router is STEP 5 allowed to use the prefix. Click Save. STEP 6 Cisco RV 120W Administration Guide...

  • Page 68: Chapter 3: Configuring The Wireless Network

    This chapter describes how to configure your wireless network and includes the following sections: • A Note About Wireless Security, page 60 • Understanding the Cisco RV 120W’s Wireless Networks, page 63 • Configuring Access Points, page 66 • Configuring the Wireless Radio Properties, page 70 •...
  • Page 69 • Enable MAC address filtering Cisco routers and gateways give you the ability to enable Media Access Control (MAC) address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device. With MAC address filtering enabled, wireless network access is provided solely for wireless devices with specific MAC addresses.

  • Page 70: General Network Security Guidelines

    Combine letters and numbers to avoid using standard words that can be found in the dictionary. General Network Security Guidelines Wireless network security is useless if the underlying network is not secure. Cisco recommends that you take the following precautions: •...

  • Page 71: Configuring Wireless Profiles

    Configuring Wireless Profiles A profile is a set of generic wireless settings that can be shared across multiple APs. You can create multiple profiles on the Cisco RV 120W, but only one profile is assigned to each AP at a time.
  • Page 72 (password) in order to access the wireless network. b. Select the encryption type (64- or 128-bit). The larger size keys provide stronger encryption, making the key more difficult to crack (for example, 64-bit Cisco RV 120W Administration Guide...

  • Page 73: Configuring The Group Key Refresh Interval

    RADIUS authentication. A client reconnecting within this interval (after successful RADIUS authentication) can skip the RADIUS authentication. This feature prevents a long RADIUS authentication process every time a client connects. To configure: Cisco RV 120W Administration Guide...

  • Page 74: Configuring Radius Authentication Parameters

    Enabling the AP creates a wireless network, where computers and other devices can join and communicate with the devices connected to the AP or other devices on the Local Area Network (LAN). Cisco RV 120W Administration Guide...

  • Page 75: Editing An Ap's Properties

    (Optional) Check the AP Isolation box to separate this AP into its own network. STEP 6 When this feature is enabled, the AP can communicate with the Cisco RV 120W, but not with any other AP on the network. Click Save.

  • Page 76: Using Mac Filtering

    Repeat this step for all the endpoints you want to allow or deny. Click Save again. STEP 7 Viewing AP Status You can view statistics about each AP, including connected clients (endpoints), data transmitted and received, errors, and other information. Cisco RV 120W Administration Guide...
  • Page 77 AP and client. The Poll Seconds displays the interval at which statistics are shown if the page is STEP 4 on “automatic refresh.” The default is 10 seconds, which can be changed from 1 to Cisco RV 120W Administration Guide...

  • Page 78: Configuring The Wireless Radio Properties

    The channel field specifies the frequency that the radio uses to transmit wireless STEP 5 frames. Select a channel from the list of channels or choose auto to let the Cisco RV 120W determine the best channel to use based on the environment noise levels for the available channels.

  • Page 79: Configuring Advanced Wireless Radio Settings

    Protection option enables the CTS-to-Self protection mechanism, which is used to minimize collisions among stations in a mixed 802. 1 1b and 802. 1 1g environment. This function boosts the Cisco RV 120W’s ability to catch all wireless transmissions but severely decreases performance.

  • Page 80: Configuring Wi-Fi Protected Setup

    RTS threshold. Click Save. STEP 10 Configuring Wi-Fi Protected Setup You can configure Wi-Fi Protected Setup (WPS) on the Cisco RV 120W to allow WPS-enabled devices to more easily connect to the wireless network. Choose Wireless > WPS. STEP 1 Select the AP on which you want to enable WPS.

  • Page 81: Configuring A Wireless Distribution System (Wds)

    STEP 3 Click Save. STEP 4 You can manually add WDS peers that can connect to the Cisco RV 120W: In the WDS Peers Table, click Add. STEP 1 Enter the MAC (hardware) address of the WDS peer and click Save.

  • Page 82: Chapter 4: Configuring The Firewall

    Configuring One-to-One Network Address Translation (NAT), page 99 Cisco RV 120W Firewall Features You can secure your network by creating and applying rules that the Cisco RV 120W uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to what devices the rules apply. To do so, you must define the following: •...
  • Page 83 WAN ports are configured; for the Cisco RV 120W, you may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic, a DDNS (Dynamic DNS) name can be used.

  • Page 84: Configuring Basic Firewall Settings

    Protecting from Attacks Attacks are malicious security breeches or unintentional network issues that render the Cisco RV 120W unusable. Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans. TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources.

  • Page 85: Configuring Universal Plug And Play (Upnp)

    To enable UPnP: Choose Firewall > Basic Settings > UPnP. STEP 1 Check the Enable box. If disabled, the Cisco RV 120W does not allow automatic STEP 2 device configuration. Select the interface on which you want to allow UPnP.

  • Page 86: Viewing Upnp Information

    STEP 1 Check the Enable box to enable SIP ALG support. If disabled, the router will not STEP 2 allow incoming calls to the UAC (User Agent Client) behind the Cisco RV 120W. Click Save. STEP 3 Cisco RV 120W Administration Guide...

  • Page 87: Configuring The Default Outbound Policy

    Always Allow—Always allow traffic from the secure to the non-secure network. • Always Block—Always block traffic from the secure to the non-secure network. Ensure that IPv6 support is enabled on the Cisco RV 120W to configure an IPv6 NOTE firewall. See Configuring IPv6, page Click Save.

  • Page 88: Creating A Firewall Rule

    • Secure Hypertext Transfer Protocol (HTTPS) • Internet Control Message Protocol (ICMP) type 3 through 11 or 13 • ICQ (chat) • Internet Message Access Protocol (IMAP) 2 or 3 • Internet Relay Chat (IRC) Cisco RV 120W Administration Guide...
  • Page 89 • Telnet (command) • Trivial File Transfer Protocol (TFTP) • Routing Information Protocol (RIP) • • Simple HTTPD web server • UDP Encapsulation of IPsec packets (IPSEC-UDP-ENCAP) • IDENT protocol • VDOLive (web video delivery) Cisco RV 120W Administration Guide...
  • Page 90 RFC 1349. The gateway marks the Type Of Service (TOS) field as defined below: • Normal-Service—No special priority is given to the traffic. The IP packets for services with this priority are marked with a TOS value of 0. Cisco RV 120W Administration Guide...
  • Page 91 Internet Destination Address—Select the public IP address that is used for this firewall rule: Dedicated WAN, Optional WAN, or Other. If you choose Other, enter the WAN IP address that will map to the internal server in the Other IP Address field. Cisco RV 120W Administration Guide...

  • Page 92: Managing Firewall Rules

    To delete a rule, check the box next to the rule and click Delete. To reorder rules, check the box next to a rule and click Up or Down. The Cisco RV 120W applies rules in the order listed. As a general rule, you should move the strictest rules (those with the most specific services or addresses) to the top of the list.

  • Page 93: Creating Firewall Schedules

    STEP 5 Blocking and Filtering Content and Applications The Cisco RV 120W supports several content filtering options. You can block certain web applications or components (such as ActiveX or Java). You can set up trusted domains from which to always allow content. You can block access to Internet sites by specifying keywords to block.

  • Page 94: Blocking Web Applications And Components

    ActiveX—Similar to Java applets, ActiveX controls are installed on a Windows computer while running Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers. Enabling this setting blocks ActiveX applets from being downloaded. Cisco RV 120W Administration Guide...

  • Page 95: Adding Trusted Domains

    Choose Firewall > Access Control > Trusted Domains. STEP 1 Enter the trusted domain. STEP 2 Click Save. STEP 3 Adding Blocked Keywords Before adding blocked keywords, you must enable content filtering. See Blocking NOTE Web Applications and Components, page Cisco RV 120W Administration Guide...

  • Page 96: Configuring Mac Address Filtering

    00:01:02:03:04:05 (host1), and 00:01:02:03:04:11 (host2). If the host1 MAC address is added to the MAC filtering list and the “block and permit the rest” policy is chosen, when this computer tries to connect to a website, the router will not allow Cisco RV 120W Administration Guide...

  • Page 97: Configuring Ip/Mac Address Binding

    IP/MAC Binding allows you to bind IP addresses to MAC address. Some machines are configured with static addresses. To prevent users from changing static IP addresses, IP/MAC Binding should be enabled. If the Cisco RV 120W sees packets with matching IP address but inconsistent MAC addresses, it drops those packets.

  • Page 98: Firewall Rule Examples

    Create an inbound rule as follows. In the example, CUSeeMe connections are allowed only from a specified range of external IP addresses. Parameter Value From Zone Insecure (WAN1/WAN2) To Zone Secure (LAN) Service CU-SEEME:UDP Cisco RV 120W Administration Guide...
  • Page 99 Web server PC in the DMZ, IP address: 192. 1 68. 1 .2 • Access to Web server: (simulated) public IP address 10. 1 .0.52 Parameter Value From Zone Insecure (WAN1/WAN2) To Zone Public (DMZ) Service HTTP Action Allow always Cisco RV 120W Administration Guide...

  • Page 100: Configuring Port Triggering

    DMZ on one of the defined outgoing ports, and then opens an incoming port for that specified type of traffic. Port triggering is a form of dynamic port forwarding while an application is transmitting data over the opened outgoing or incoming ports. Cisco RV 120W Administration Guide...
  • Page 101 If the incoming connection uses only one port, then specify the same port number in the Start Port and End Port fields. Click Save. STEP 8 Cisco RV 120W Administration Guide...

  • Page 102: Configuring Port Forwarding

    Click Add. STEP 2 Under Service, select one of the common or custom services defined for this STEP 3 device: • AIM (AOL Instant Messenger) • BGP (Border Gateway Control) • BOOT_P (Bootstrap Protocol) client Cisco RV 120W Administration Guide...
  • Page 103 Secure Shell File Transfer Protocol (SFTP) • Simple Mail Transfer Protocol (SMTP) • Simple Network Management Protocol (SNMP) TCP or UDP • SNMP Traps (TCP or UDP) • Structured Query Language (SQL)*Net (Oracle) • SSH (TCP or UDP) Cisco RV 120W Administration Guide...
  • Page 104 • Address Range—This is used to apply this rule to a group of computers/ devices within an IP address range. Requires a from IP address and to IP address. Cisco RV 120W Administration Guide...

  • Page 105: Restricting Sessions

    Restricting Sessions You can limit the maximum number of unidentified sessions and half-open sessions on the Cisco RV 120W. You can also introduce timeouts for TCP and UDP sessions to ensure Internet traffic is not deviating from expectations in your private network.

  • Page 106: Configuring Remote Management

    Device Manager. The Device Manager is accessed from a computer on the LAN by using the Cisco RV 120W’s LAN IP address and HTTP. You can enable remote management to allow you to access the Cisco RV 120W from a remote WAN network. To access the Cisco RV 120W remotely, you use HTTP over SSL (https).

  • Page 107: Configuring One-To-One Network Address Translation (Nat)

    • Only this PC—Choose to restrict access to only the PC you are currently using to manage the Cisco RV 120W. In the IP Address field, enter the IP Address of the PC to be given remote management permissions. Enter the port number used for the remote connection.
  • Page 108 Enter the LAN Server IP address. This address should be in the private IP range STEP 3 configured in the One-to-One NAT rules. Choose the service for which the rule applies. STEP 4 Click Save. STEP 5 Cisco RV 120W Administration Guide...

  • Page 109: Chapter 5: Configuring Virtual Private Networks (Vpns) And Security

    Configuring IPsec Users, page 114 • Configuring VPN Passthrough, page 115 • Using Certificates for Authentication, page 115 • Using the Cisco RV 120W With a RADIUS Server, page 118 • Configuring 802.1x Port-Based Authentication, page 119 Cisco RV 120W Administration Guide...

  • Page 110: Configuring Vpns

    VPN tunnel. The IP address of the remote NAT router is not known in advance. The gateway WAN port acts as a responder. Creating Cisco QuickVPN Client Users To use the Cisco QuickVPN, you must do the following: Enable remote management. See Configuring Remote Management, page STEP 1 Create QuickVPN users.
  • Page 111 LAN. Click Save. STEP 8 The Wizard creates a corresponding IKE policy with the following default values STEP 9 (these can be accessed from a link on the Wizard page): Cisco RV 120W Administration Guide...

  • Page 112: Viewing The Default Values

    3DES Authentication Algorithm SHA-1 Life Time 8 hours PFS Key Group DH-Group 2(1024 bit) NETBIOS Enabled Viewing the Default Values You can also view the default values by choosing VPN > IPsec > Default Settings. Cisco RV 120W Administration Guide...

  • Page 113: Configuring Ip Security Policies

    Under Exchange Mode, choose one of the following options: STEP 3 • Main mode—This mode negotiates the tunnel with higher security, but is slower. • Aggressive mode—This mode establishes a faster connection, but with lowered security. Cisco RV 120W Administration Guide...
  • Page 114 IKE SA Parameters The Security Association (SA) parameters define the strength and the mode for negotiating the SA. Choose the encryption algorithm, or the algorithm used to negotiate the SA: STEP 1 • • 3DES • AES-128 Cisco RV 120W Administration Guide...
  • Page 115 Ensure that the DH Group is configured identically on both sides of the IKE NOTE policy. In the SA Lifetime field, enter the interval, in seconds, after which the Security STEP 5 Association becomes invalid. Cisco RV 120W Administration Guide...

  • Page 116: Configuring Vpn Policies

    If you selected IPsec Host, enter the username and password for the host. STEP 2 Configuring VPN Policies To configure a VPN policy: Choose VPN > IPsec > IPsec Policies. STEP 1 In the VPN Policies Table, click Add. STEP 2 Cisco RV 120W Administration Guide...
  • Page 117 VPN in Start IP Address field. Range—Allows computers within an IP address range to connect to the VPN. Enter the Start IP Address and End IP Address in the provided fields. Cisco RV 120W Administration Guide...
  • Page 118 Integrity Algorithm—Select the algorithm used to verify the integrity of the data. • Key-In—Enter the integrity key (for ESP with Integrity-mode) for the inbound policy. The length of the key depends on the algorithm chosen: MD5—16 characters Cisco RV 120W Administration Guide...
  • Page 119 Policy Type: Manual Policy Local Gateway: WAN1 Remote Endpoint: 10.0.0.1 Local IP: Subnet 192.168.2.0 255.255.255.0 Remote IP: Subnet 192.168.2.0 255.255.255.0 SPI-Incoming: 0x2222 Encryption Algorithm: DES Key-In: 33334444 Key-Out: 11112222 SPI-Outgoing: 0x1111 Integrity Algorithm: MD5 Key-In: 5566778888776655 Key-Out: 1122334444332211 Cisco RV 120W Administration Guide...
  • Page 120 While slower, this protocol helps to prevent eavesdroppers by ensuring that a Diffie-Hellman exchange is performed for every phase-2 negotiation. Choose the IKE policy that will define the characteristics of phase 1 of the STEP 5 negotiation. Cisco RV 120W Administration Guide...

  • Page 121: Configuring Vpn Clients

    If a VPN policy state is “not connected”, it can be enabled from the List of VPN Policies in the VPN > IPsec > IPsec Policies page. Cisco RV 120W Administration Guide...

  • Page 122: Configuring Ipsec Users

    QuickVPN user to change their password. Uncheck if you would like to maintain the password for them. Enter the alphanumeric password for this user STEP 5 Enter the password again to confirm. STEP 6 Click Save. STEP 7 Cisco RV 120W Administration Guide...

  • Page 123: Configuring Vpn Passthrough

    VPN passthrough allows VPN traffic that originates from VPN clients to pass through the router. For example, if you are not using a VPN that is configured on the Cisco RV 120W, but are using a laptop to access a VPN at another site, configuring VPN passthrough allows that connection.
  • Page 124 CA are uploaded to activate the self-certificate validating the identity of this gateway. The self certificate is then used in IPsec and SSL connections with peers to validate the gateway's authenticity. To configure certificates, choose Security > Authentication (Certificates). Cisco RV 120W Administration Guide...

  • Page 125: Uploading Ca Certificates

    Enter the signature key length, or the length of the signature (512 or 1024). STEP 5 (Optional) Enter the IP address of the router. STEP 6 (Optional) Enter the domain name of the router. STEP 7 Cisco RV 120W Administration Guide...

  • Page 126: Downloading The Router's Current Certificate

    Authentication Port: The RADIUS authentication server's port number used to send RADIUS traffic. • Timeout: The timeout interval (in seconds) after which the Cisco RV 120W re-authenticates with the RADIUS server. • Retries: The number of retries for the Cisco RV 120W to re-authenticate with the RADIUS server.

  • Page 127: Configuring 802.1X Port-Based Authentication

    It also prevents access to that port in cases where the authentication fails. It provides an authentication mechanism to devices trying to connect to a LAN. The Cisco RV 120W acts as a supplicant in the 802. 1 x authentication system.

  • Page 128: Chapter 6: Configuring Quality Of Service (Qos)

    Configuring Quality of Service (QoS) The Cisco RV 120W provides configuration for QoS features, such as bandwidth profiles, traffic selectors, and traffic meters. It contains the following sections: • Configuring Bandwidth Profiles, page 120 • Configuring Traffic Flows, page 121 •...

  • Page 129: Configuring Traffic Flows

    • MAC Address—Enter the MAC address. • Port Name—Select the port on the router to which traffic rules will be applied. • VLAN—Select the VLAN on the router to which traffic rules will be applied. Cisco RV 120W Administration Guide...

  • Page 130: Configuring Traffic Metering

    Enter the volume limit in the Monthly Limit field that is applicable for this month. STEP 4 This limit will apply to the type of direction (Download Only or Both) selected above. Cisco RV 120W Administration Guide...
  • Page 131 Send e-mail alert—Check this option to send an e-mail when traffic limit is reached. • Block All Traffic—If selected, then when the traffic limit is reached, all traffic to and from the WAN will be blocked. Cisco RV 120W Administration Guide...

  • Page 132: Configuring 802.1P

    DSCP field in IP packets, according the eight different classes of services in 802. 1 p. To configure 802. 1 p: Choose QoS > 802. 1 p > 802. 1 p Configuration. STEP 1 Check the Enable box to enable 802. 1 p QoS. STEP 2 Cisco RV 120W Administration Guide...

  • Page 133: Configuring 802.1P To Queue Mapping

    Choose QoS > 802. 1 p > 802. 1 p COS to DSCP Remarking. STEP 1 For each 802. 1 p priority value, enter a priority value (range is from 0 to 63). STEP 2 Click Save. STEP 3 Cisco RV 120W Administration Guide...

  • Page 134: Chapter 7: Administering Your Cisco Rv 120W

    Administering Your Cisco RV 120W This chapter describes the administration features of the Cisco RV 120W, including creating users, configuring network management, diagnostics and logging, date and time, and other settings. It contains the following sections: • Setting Password Complexity, page 126 •...

  • Page 135: Configuring User Accounts

    New passwords cannot be the same as the current password. Configuring User Accounts The Cisco RV 120W supports two user accounts for administering and viewing settings: an administrative user (default user name: “admin”) and a “guest” user (default user name: “guest”). The guest account has read-only access. You can set and change the username and password for both the administrator and guest accounts.

  • Page 136: Setting The Timeout Value

    To configure SNMP, choose Administration > Network Management. Editing SNMPv3 Users SNMPv3 parameters can be configured for the two default Cisco RV 120W user accounts (Admin and Guest). To configure: In the SNMPv3 Users List Table, check the box for the user to edit and click Edit.

  • Page 137: Adding Snmp Traps

    Administering Your Cisco RV 120W Configuring Simple Network Management (SNMP) • NoAuthNoPriv—Doesn't require any Authentication and Privacy. • AuthNoPriv—Submit only Authentication algorithm and password. • AuthPriv—Submit Authentication/privacy algorithm and password. If you chose AuthNoPriv or AuthPriv, choose the type of authentication algorithm STEP 3 (MD5 or SHA) and enter the authentication password.

  • Page 138: Configuring Additional Snmp Information

    4th Floor. • SysName—Enter a name for easy identification of the router. Click Save. STEP 2 Using Diagnostic Tools The Cisco RV 120W provides several diagnostic tools. To access these tools, choose Administration > Network Tools. Cisco RV 120W Administration Guide...

  • Page 139: Using Ping

    1MB, it will be deleted automatically and a new capture file will be created. Configuring Logging The Cisco RV 120W provides remote and local logging. To configure logging, choose Administration > Logging and select the type of logging to configure. Cisco RV 120W Administration Guide...

  • Page 140: Configuring Local Logging

    Administering Your Cisco RV 120W Configuring Logging Configuring Local Logging The router can be configured to log and e-mail notifications for denial of service attacks, general attack information, login attempts, dropped packets, etc. to a specified e-mail address or a Syslog server.

  • Page 141: Configuring Remote Logging

    Administering Your Cisco RV 120W Configuring Logging Other Event Logs Select the type of event to be logged. The following events can be recorded: • Source MAC Filter—Check this box to log packets matched due to source MAC filtering. Uncheck this box to disable source MAC filtering logs.

  • Page 142: Configuring The Logging Type And Notification

    Administering Your Cisco RV 120W Configuring Logging • Respond to Identd from SMTP Server—Check this radio box to configure the router to respond to an IDENT request from the SMTP server. • To confirm that the e-mail logs function is configured correctly, press Test.

  • Page 143: Configuring E-Mailing Of Log Events

    Send to Syslog. Click Save. STEP 4 Configuring Discovery (Bonjour) Bonjour is a service advertisement and discovery protocol. For the Cisco RV 120W, Bonjour only advertises the default services configured on the device when Bonjour is enabled. To configure Bonjour: Choose Administration >...

  • Page 144: Configuring Vlan Associations

    Administering Your Cisco RV 120W Configuring Date and Time Settings Configuring VLAN Associations You can select the available VLAN to enable Bonjour service types. Available VLANs are populated for the Bonjour Association VLAN list after the VLANs are configured for the device. (See...

  • Page 145: Backing Up And Restoring The System

    Administering Your Cisco RV 120W Backing Up and Restoring the System If you chose a default NTP server, choose the server from the list. If you chose a STEP 5 custom NTP server, enter the server addresses or fully-qualified domain name.

  • Page 146: Upgrading Firmware

    Administering Your Cisco RV 120W Upgrading Firmware Upgrading Firmware During a firmware upgrade, do not try to go online, turn off the device, shut down CAUTION the PC, or interrupt the process in any way until the operation is complete. This process takes about a minute, including the reboot process.

  • Page 147: Appendix A: Using Cisco Quickvpn For Windows 2000, Xp, Or Vista

    Using Cisco QuickVPN for Windows 2000, XP, or Vista Overview This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from www.cisco.com. QuickVPN works with computers running Windows 2000, XP, or Vista. (Computers using other operating systems will have to use third-party VPN software.) For Windows Vista, QuickVPN Client...

  • Page 148: Installing The Cisco Quickvpn Software

    Installing the Cisco QuickVPN Software Installing the Cisco QuickVPN Software Installing from the CD-ROM Insert the Cisco RV 120W CD-ROM into your CD-ROM drive. After the Setup STEP 1 Wizard begins, click the Install QuickVPN link. The License Agreement window appears. Click Yes to accept the agreement and STEP 2 the appropriate files are copied to the computer.
  • Page 149 Using Cisco QuickVPN for Windows 2000, XP, or Vista Installing the Cisco QuickVPN Software Copying Files Finished Installing Files Click Finished to complete the installation. Proceed to “Using the Cisco STEP 3 QuickVPN Software,” on page 142. Cisco RV 120W Administration Guide...

  • Page 150: Downloading And Installing From The Internet

    Configuring IPsec Users, page 114. In the Server Address field, enter the IP address or domain name of the Cisco RV 120W. In the Port For QuickVPN field, enter the port number that the QuickVPN client will use to communicate with the remote VPN router, or keep the default setting, Auto.
  • Page 151 Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software QuickVPN Login To save this profile, click Save. (If there are multiple sites to which you will need to create a tunnel, you can create multiple profiles, but note that only one tunnel can be active at a time.) To delete this profile, click Delete.
  • Page 152 Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software QuickVPN Status To terminate the VPN tunnel, click Disconnect. To change your password, click Change Password. For information, click Help. If you clicked Change Password and have permission to change your own STEP 5 password, you will see the Connect Virtual Private Connection window.
  • Page 153 Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software You can change your password only if the Allow User to Change Password NOTE box has been checked for that username. See Configuring IPsec Users, page 114.

  • Page 154: Appendix B: Where To Go From Here

    Where to Go From Here Cisco provides a wide range of resources to help you obtain the full benefits of the Cisco RV 120W. Product Resources Support Cisco Small Business www.cisco.com/go/smallbizsupport Support Community Online Technical Support www.cisco.com/support and Documentation (Login Required) Phone Support Contacts www.cisco.com/en/US/support/...

Table of Contents