Linksys RVS4000 User Manual

Linksys RVS4000 User Manual

4-port gigabit security router with vpn business series
Hide thumbs Also See for RVS4000:
Table of Contents

Advertisement

USER GUIDE
BUSINESS SERIES
4-Port Gigabit Security
Router with VPN
RVS4000
Model:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RVS4000 and is the answer not in the manual?

Questions and answers

Summary of Contents for Linksys RVS4000

  • Page 1 USER GUIDE BUSINESS SERIES 4-Port Gigabit Security Router with VPN RVS4000 Model:...
  • Page 2: Copyright And Trademarks

    GNU General Public License or other open-source software licenses. Upon request, open-source software Icon Descriptions source code is available at cost from Linksys for at least three years from the product purchase date. While reading through the User Guide you may see various icons that call attention to a specific item.
  • Page 3: Table Of Contents

    VPN Router to VPN Router ........5 Computer (using the Linksys VPN client software) to VPN Router ... . 5 Chapter 4: Product Overview Front Panel.
  • Page 4 Downloading and Installing from the Internet ......41 Using the Linksys QuickVPN Software ....... .42 Version Number of the QuickVPN Client .
  • Page 5 Configuration when the Remote Gateway Uses a Static IP Address ....50 Configuration of the RVS4000........50 Configuration of the RV082 .
  • Page 6: Chapter 1: Introduction

    Chapter : Introduction Thank you for choosing the 4-Port Gigabit Security Router with VPN. The Linksys 4-Port Gigabit Security Router with VPN is an advanced Internet-sharing network solution for your small business needs. Like any router, it lets multiple computers in your office share an Internet connection.
  • Page 7: Chapter 2: Networking And Security Basics

    These IP addresses are called dynamic because they are only temporarily assigned to the PC or The RVS4000 has hardware-based acceleration for real- other device. After a certain time period, they expire and time pattern matching for detecting malicious attacks. It may change.
  • Page 8 Virus definition file on your PC’s Anti-Virus software. IPS uses this file to match against packets coming into the Router and performs actions accordingly. The RVS4000 is shipped with a signature file containing 1000+ rules, which cover the following categories: DDoS, Buffer Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus,...
  • Page 9: Chapter 3: Planning Your Virtual Private Network (Vpn)

    A computer with the Linksys VPN client software such as the Internet. Tools for just this kind of activity, can be one of the two endpoints (refer to “Appendix B: such as protocol analyzers and network diagnostic tools, Using Linksys QuickVPN for Windows 2000, XP, or Vista”).
  • Page 10: Vpn Router To Vpn Router

    The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling businesswoman dials up her ISP. Her notebook computer has the Linksys VPN client software, which is configured with her office’s IP address. She accesses the Linksys VPN client software and connects to the VPN Router at the central office.
  • Page 11: Chapter 4: Product Overview

    Chapter 4 Product Overview Chapter 4: Back Panel Product Overview The Router’s ports and Reset button are located on the back panel of the Router. Front Panel The Router’s LEDs are located on the front panel of the Router. Back Panel RESET The Reset button can be used in one of two ways:...
  • Page 12: Chapter 5: Setting Up And Configuring The Router

    Chapter  Setting Up and Configuring the Router Chapter : Setup Setting Up and The Setup tab is used to access all of the Router’s basic setup functions. The device can be used in most network Configuring the Router settings without changing any of the default values. Some users may need to enter additional information in order to connect to the Internet through an ISP (Internet Service The router is configured using the built-in Web-based...
  • Page 13: Setup > Wan

    Chapter  Setting Up and Configuring the Router Network Setting Status Automatic Configuration - DHCP By default, the Router’s Configuration Type is set to LAN IP Displays the IP address of the Router’s LAN Automatic Configuration - DHCP, and it should be kept interface.
  • Page 14 Chapter  Setting Up and Configuring the Router When you have finished making changes to the screen, click Save Settings to save the changes, or click Cancel Changes to undo your changes. PPPoE Some DSL-based ISPs use PPPoE (Point-to-Point Protocol over Ethernet) to establish Internet connections.
  • Page 15 Chapter  Setting Up and Configuring the Router Heart Beat Signal Heart Beat Signal is a service used in Australia. Check with your ISP for the necessary setup information. L2TP IP Address This is the Router’s IP address, when seen from the WAN, or the Internet.
  • Page 16: Setup > Lan

    Chapter  Setting Up and Configuring the Router Optional Settings (Required by some ISPs) Password • Host Name (DynDNS) or Domain name (TZO) • Some of these settings may be required by your ISP. Verify with your ISP before making any changes. Custom DNS (DynDNS) •...
  • Page 17: Setup > Dmz

    Chapter  Setting Up and Configuring the Router Server Settings (DHCP) IPv6 The Router can be used as your network’s DHCP (Dynamic IPv Address If your network has implemented IPv6, Host Configuration Protocol) server, which automatically enter the proper IPv6 address in this field. assigns an IP address to each PC on your network.
  • Page 18: Setup > Mac Address Clone

    Chapter  Setting Up and Configuring the Router Click Save Settings to save your changes, or click Cancel Operating Mode Changes to undo your changes. Operation Mode Select the Operating mode in which Setup > MAC Address Clone this Router will function.: Gateway This is the normal mode of operation.
  • Page 19: Setup > Time

    Chapter  Setting Up and Configuring the Router Destination IP Address Set the local time using Network Time Protocol (NTP) Enter the network address of the Automatically remote LAN segment. For a standard Class C IP domain, the If you wish to use a Network Time Protocol network address is the first three fields of the Destination server to set the time and date, select this option, then LAN IP, while the last field should be zero.
  • Page 20: Firewall

    Chapter  Setting Up and Configuring the Router Firewall Single IP Address Allows access from the single IP • address that you enter in the field provided. From the Firewall Tab, you can configure the Router to IP Range Allows access from a range of IP addresses •...
  • Page 21 Chapter  Setting Up and Configuring the Router Editing IP ACL Rules Firewall > IP Based ACL Priority This is the rule’s priority. Edit IP ACL Rule Enable This indicates whether the rule is enabled or Action Select the desired action, Allow or Deny, from disabled.
  • Page 22: Firewall > Internet Access Policy

    Chapter  Setting Up and Configuring the Router Time To make the rule apply for an entire day, select 4 Hours. To make the rule apply only during a specific period of the day, enter the starting time in the From field and the ending time in the To field.
  • Page 23: Firewall > Single Port Forwarding

    Chapter  Setting Up and Configuring the Router policy to be enforced. Select the individual days during For example, you could configure your Web Server to which the policy will be in effect, or select Everyday. accept connections on both port 80 (standard) and port Enter a range of hours and minutes during which the 8080.
  • Page 24: Firewall > Port Range Triggering

    Chapter  Setting Up and Configuring the Router Enabled Click the Enabled checkbox to enable port range forwarding for the relevant application. VPN > Summary Click Save Settings to save the settings you have entered. Click Cancel Changes to cancel any changes you have entered.
  • Page 25: Vpn > Ipsec Vpn

    Displays the total connection time of the latest Only and IP + Domain Name (FQDN) Authentication. VPN session. IP Only If this is selected, the RVS4000’s WAN IP • Disconnect Check the Disconnect checkbox at the end of address automatically appears in the IP Address field.
  • Page 26 ESP packets. traffic to pass through the VPN tunnel. By default, the Only 3DES is supported. Note that both sides must use RVS4000 blocks these broadcasts. the same Encryption method. Click Save Settings to save the settings you have entered.
  • Page 27: Vpn > Vpn Client Accounts

    QuickVPN clients. entered will appear in the list at the bottom, showing their status. This will work with the Linksys QuickVPN client Generate Click this button to generate a new certificate only.
  • Page 28: Qos

    Chapter  Setting Up and Configuring the Router LTP PassThrough Direction Select Upstream for outbound traffic or Layer 2 Tunneling Protocol is the Downstream for inbound traffic. method used to enable Point-to-Point sessions via the Internet on the Layer 2 level. L2TP Passthrough is enabled Mini.
  • Page 29: Qos > Dscp Setup

    Chapter  Setting Up and Configuring the Router Administration The Administration tab provides access to system administration settings and tools. It includes the following screens: Administration > Management QoS > QoS Setup Port ID The number of the LAN port. Trust Mode Select either Port, CoS, or DSCP.
  • Page 30: Administration > Log

    Chapter  Setting Up and Configuring the Router Outgoing Log Select Enable to cause all outgoing UPnP packets to be logged. You can then click View Outgoing Universal Plug and Play (UPnP) can used to set up public Table to display information on the outgoing packets services on your network.
  • Page 31: Administration > Diagnostics

    Chapter  Setting Up and Configuring the Router Administration > Diagnostics Administration > Backup & Restore Administration > Backup & Restore To download a copy of the current configuration and store the file on your PC, click Backup to start the download. Restore Configuration To restore a previously saved config file back to the Router, enter the file name in the field or click Browse to select the...
  • Page 32: Administration > Firmware Upgrade

    IPS > P2P/IM Administration > Firmware Upgrade To upgrade firmware, download the latest firmware for the product from www.linksys.com, extract it to your computer, and perform the steps below: File Type in the name of the extracted firmware upgrade file or click Browse to locate the file.
  • Page 33: Ips > Information

    IPS > Report and multicast traffic is transmitted only in the VLAN in which the traffic is generated. IPS > Information The RVS4000 supports up to 4 VLANs, including the default VLAN. L2 Switch > Create VLAN IPS > Information...
  • Page 34: L2 > Vlan Port Setting

    Chapter  Setting Up and Configuring the Router L2 > VLAN Port Setting Function/Port table The top half of the table indicates each port’s current mode (Untagged, Tagged, or Trunk). The lower half of the table is used to assign port membership for the selected VLAN.
  • Page 35: L2 > Port Setting

    Chapter  Setting Up and Configuring the Router L2 > Port Setting Rx Frames Displays the number of Frames received on the selected port. Tx Errors Displays the number of error packets transmitted from the selected port. Rx Errors Displays the number of error packets received from the selected port.
  • Page 36: Status

    Chapter  Setting Up and Configuring the Router Forward Delay DNS - Enter a number from 4 to 30. The default Displays the DNS (Domain Name System) IP is . addresses currently used by this Gateway. Force Version IP Conntrack This is the default protocol version to use.
  • Page 37 Chapter  Setting Up and Configuring the Router DHCP Server The status of the Router’s DHCP server function is displayed here. Start IP Address This shows the beginning of the range of IP addresses used by the DHCP Server. End IP Address This shows the end of the range of IP addresses used by the DHCP Server.
  • Page 38: Appendix A: Troubleshooting

    Properties. Read the descriptions below to help solve your problems. In the Components checked are used by this connection If you can’t find an answer here, check the Linksys website box, select Internet Protocol (TCP/IP), and click at www.linksys.com.
  • Page 39 Properties. original computer is not the cause of the problem. In the Components checked are used by this At the command prompt, type ping www.linksys.com connection box, select Internet Protocol (TCP/IP), and press Enter. and click Properties. Make sure that Obtain an IP If you get a reply, the computer is connected to •...
  • Page 40 Internet applications” below for details. to the website of the online game or application you want to use. Follow these steps to set up online game hosting Check the Linksys website at www.linksys.com for more or use a certain Internet application: information.
  • Page 41 Appendix A Troubleshooting Select the Service from the Application column. I forgot my password, or the password prompt always appears when saving settings to the Router. Enter the IP Address of the server that you want the Internet users to access. For example, if the web Reset the Router to factory defaults by pressing the Reset server’s Ethernet adapter IP address is 192.168.1.100, button for ten seconds and then releasing it.
  • Page 42 In order to upgrade the firmware with the latest features, establish connection. you need to go to the Linksys website and download the latest firmware at www.linksys.com. Follow these steps: I can’t access my email, web, or VPN, or I am getting Go to the Linksys website at www.linksys.com...
  • Page 43: Frequently Asked Questions

    DSL or cable modems, when only one TCP/IP address is provided by the ISP. The user may have many private I have QuickVPN tunnel connected to my RVS4000, but addresses behind this single address provided by the ISP. I cannot see the computers in the remote network from Windows Explorer.
  • Page 44 What do I need to do? Yes, but Linksys does not, at this time, provide technical Force your Ethernet adapter to 10Mbps or half duplex support for setup, configuration or troubleshooting of any mode, and turn off the “Auto-negotiate”...
  • Page 45 Appendix A Troubleshooting What is DMZ Hosting? Demilitarized Zone (DMZ) allows one IP address (computer) to be exposed to the Internet. Some applications require multiple TCP/IP ports to be open. It is recommended that you set your computer with a static IP if you want to use DMZ Hosting.
  • Page 46: Appendix B: Using Linksys Quickvpn For Windows 2000, Xp, Or Vista

    Overview of your CD-ROM drive). The License Agreement screen appears. Click Yes to This appendix explains how to install and use the Linksys accept the agreement and the appropriate files are QuickVPN software that can be downloaded from www. copied to the computer.
  • Page 47: Using The Linksys Quickvpn Software

    Appendix B Using Linksys QuickVPN for Windows 2000, XP, or Vista Save the zip file to your PC, and extract the .exe file. Double-click the .exe file, and follow the on-screen QuickVPN Tray Icon— instructions. Proceed to the next section, “Using the Connection Linksys QuickVPN Software”.
  • Page 48: Distributing Certificates To Quickvpn Users

    QuickVPN Client Version Number Distributing Certificates to QuickVPN Users The following explains how to export a certificate from the RVS4000 for distribution to QuickVPN users, as well as how to install the certificate on the QuickVPN users’ PCs. Generate the Certificate as follows: Log on to the Web-based Utility.
  • Page 49: Appendix C: Configuring Ipsec With A Windows 2000 Or Xp Computer

    Windows 000 or Windows XP IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example. Subnet Mask: 255.255.255.0 RVS4000 Rules Tab WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example.
  • Page 50 Appendix C Configuring IPSec with a Windows 2000 or XP Computer Make sure the IP Filter List tab is selected. Click Add. mask ...0. (These are the Router’s default settings. If you have changed these settings, enter your new values.) If you want to enter a description for your filter, click the Description tab and enter the description there.
  • Page 51: Step 3: Configure Individual Tunnel Rules

    Appendix C Configuring IPSec with a Windows 2000 or XP Computer Click the Filter Action tab, and click the filter action Require Security radio button. Then, click Edit. Filters Properties Filter Action Tab If you want to enter a description for your filter, click On the Security Methods tab, verify that the Negotiate the Description tab and enter the description there.
  • Page 52 Appendix C Configuring IPSec with a Windows 2000 or XP Computer Connection Type Tab Tunnel 2: Router->win Preshared Key This new Preshared key will be displayed. Click the In the new policy’s Properties screen, make sure Apply button to continue, if it appears on your screen; that win ->...
  • Page 53 Appendix C Configuring IPSec with a Windows 2000 or XP Computer Filter Action Tab New Preshared Key Click the Authentication Methods tab, and verify Click the Tunnel Setting tab. Click the radio button The that the authentication method Kerberos is selected. tunnel endpoint is specified by this IP Address, and Then, click Edit.
  • Page 54: Step 4: Assign New Ipsec Policy

    Appendix C Configuring IPSec with a Windows 2000 or XP Computer Step 4: Assign New IPSec Policy the name of the tunnel in the Tunnel Name field. This is to allow you to identify multiple tunnels and does In the IP Security Policies on Local Machine window, right- not have to match the name used at the other end of click the policy named to_Router, and click Assign.
  • Page 55: Appendix D: Gateway-To-Gateway Vpn Tunnel

    For the IPSec VPN Tunnel setting, select Enable. Two Windows desktop computers (each computer will • The WAN IP address (A.A.A.A) of the RVS4000 will be be connected to a VPN Router) automatically detected. Two VPN Routers (4-Port Gigabit Security Router with •...
  • Page 56: Configuration Of The Rv082

    Appendix D Gateway-to-Gateway VPN Tunnel For the Remote Security Gateway Type, select IP In the IPSec Setup section, select the appropriate address. Enter the RVS4000’s WAN IP address in the IP encryption, authentication, and other key management settings. Address field.
  • Page 57: Configuration When The Remote Gateway Uses A Dynamic Ip Address

    Enter a name in the Tunnel Name field. For the IPSec VPN Tunnel setting, select Enable. Configuration of the RV082 The WAN IP address (A.A.A.A) of the RVS4000 will be Follow similar instructions for the RV082. automatically detected. Launch the web browser for a networked computer, For the Local Security Group Type, select Subnet.
  • Page 58: Configuration Of Pc 1 And Pc 2

    RV082 VPN Settings For the Remote Security Gateway Type, select IP Gateway-to-Gateway IPSec VPN Tunnel - Both Gateways Using address. Enter the RVS4000’s WAN IP address in the IP Dynamic IP Address field. For the Remote Security Group Type, select Subnet.
  • Page 59: Configuration Of The Rv082

    In the Preshared Key field, enter a string for this key, for For the Remote Security Group Type, select Subnet. example, 13572468. Enter the RVS4000’s local network settings in the IP Address and Subnet Mask fields. In the IPSec Setup section, select the appropriate encryption, authentication, and other key management settings.
  • Page 60: Appendix E: Specifications

    Appendix E Specifications Appendix E: Specifications Specifications Secure Management HTTPS, Username/Password Model RVS4000 802.1X Port-based RADIUS Authentication Standards IEEE802.3, 802.3u, 802.1x, (EAP-MD5, EAP-PEAP) RFC791 (IP Protocol), RFC2460 Ports Ethernet, Power Service-based Service-based Bandwidth Buttons Reset Management supports Rate Cabling Type...
  • Page 61 Appendix E Specifications Environmental Dimensions 6.69" x 1.61" x 6.69” W x H x D (170 x 41 x 170 mm) Unit Weight 0.84 lb (0.38 kg) Power 12V 1A Certification FCC Class B, CE, ICES-003 Operating Temp. 32 to 104ºF (0 to 40ºC) Storage Temp.
  • Page 62: Appendix F: Warranty Information

    OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE THE PRODUCT (INCLUDING ANY SOFTWARE), EVEN Linksys warrants to You that, for a period of one year IF LINKSYS HAS BEEN ADVISED OF THE POSSIBILITY OF (the "Warranty Period"), your Linksys Product will be SUCH DAMAGES.
  • Page 63: Appendix G: Regulatory Information

    Appendix G Warranty and Regulatory Information Appendix G: Industry Canada Statement Regulatory Information This Class B digital apparatus complies with Canadian ICES-003. Operation is subject to the following two conditions: FCC Statement This device may not cause interference and This product has been tested and complies with the This device must accept any interference, including specifications for a Class B digital device, pursuant to Part interference that may cause undesired operation of...
  • Page 64: User Information For Consumer Products Covered By Eu Directive 2002/96/Ec On Waste Electric And Electronic Equipment (Weee)

    úřady. Správná likvidace a recyklace pomáhá předcházet Linksys products. Consumers are required to comply with potenciálním negativním dopadům na životní prostředí a lidské this notice for all electronic products bearing the following zdraví.
  • Page 65 Appendix G Warranty and Regulatory Information Eesti (Estonian) - Keskkonnaalane informatsioon Français (French) - Informations environnementales Euroopa Liidus asuvatele klientidele pour les clients de l’Union européenne Euroopa Liidu direktiivi 2002/96/EÜ nõuete kohaselt on La directive européenne 2002/96/CE exige que l’équipement seadmeid, millel on tootel või pakendil käesolev sümbol sur lequel est apposé...
  • Page 66 Appendix G Warranty and Regulatory Information Lietuvškai (Lithuanian) - Aplinkosaugos informacija, Nederlands (Dutch) - Milieu-informatie voor klanten skirta Europos Sąjungos vartotojams in de Europese Unie Europos direktyva 2002/96/EC numato, kad įrangos, kuri ir De Europese Richtlijn 2002/96/EC schrijft voor dat apparatuur die kurios pakuotė...
  • Page 67 ľudí. Ak máte záujem o podrobnejšie WEB: For additional information, please visit informácie o likvidácii starého zariadenia, obráťte sa, prosím, na www.linksys.com miestne orgány, organizácie zaoberajúce sa likvidáciou odpadov alebo obchod, v ktorom ste si produkt zakúpili. 4-Port Gigabit Security Router with VPN...
  • Page 68: Appendix H: Contact Information

    Appendix H Contact Information Appendix H: Contact Information Linksys Contact Information Website http://www.linksys.com FTP Site ftp.linksys.com Advice Line 800-546-5797 (LINKSYS) Support 800-326-7114 RMA (Return Merchandise 949-823-3000 Authorization) 949-823-3002 NOTE: Details on warranty and RMA issues can be found in the Warranty section of this Guide.

Table of Contents