Cisco RV320 Administration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. Small Business RV320
  6. Administration manual

Cisco RV320 Administration Manual

Gigabit dual wan vpn router
Hide thumbs Also See for RV320:
Table of Contents

Advertisement

Quick Links

ADMINISTRATION
GUIDE
Cisco RV320/RV325 Gigabit Dual WAN VPN Router

Advertisement

Table of Contents
loading

Related Manuals for Cisco RV320

Summary of Contents for Cisco RV320

  • Page 1 ADMINISTRATION GUIDE Cisco RV320/RV325 Gigabit Dual WAN VPN Router...
  • Page 2 78-20928-01...

  • Page 3: Table Of Contents

    Setting Failover and Recovery DMZ Enable Password Time DMZ Host (Port) Forwarding Port Address Translation Adding or Editing a Service Name Setting Up One-to-One NAT MAC Address Cloning Assigning Dynamic DNS to a WAN Interface Advanced Routing Cisco RV320/RV325 Administration Guide...
  • Page 4 Chapter 5: System Management Dual WAN Connections Bandwidth Management SNMP Configuring SNMP Discovery-Bonjour LLDP Properties Using Diagnostics Factory Default Firmware Upgrade Language Selection or Language Setup Restart Backup and Restore Chapter 6: Port Management Configuring the Ports Port Status Cisco RV320/RV325 Administration Guide...
  • Page 5 Advanced Settings for IKE with Preshared Key and IKE with Certificate Client to Gateway Advanced Settings for IKE with Preshared Key and IKE with Certificate VPN Passthrough PPTP Server Chapter 9: Certificate Management My Certificate Trusted SSL Certificate Trusted IPsec Certificate Certificate Generator CSR Authorization Cisco RV320/RV325 Administration Guide...
  • Page 6 Contents Chapter 10: Log System Log System Statistics Processes Chapter 11: SSL VPN Status Group Management Resource Management Advanced Setting Chapter 12: Wizard Chapter 13: User Management Cisco RV320/RV325 Administration Guide...

  • Page 7: Chapter 1: Getting Started

    STEP 3 browser might issue a warning that the web site is untrusted. Continue to the web site. When the login page appears, enter the default user name cisco and the default STEP 4 password cisco (lowercase). Click Login. The System Summary page appears. Check the Port Activity to see STEP 5 if a WAN connection is enabled.

  • Page 8: Features Of The User Interface

    Help To view information about the selected configuration page, click Help near the top right corner of the web interface. If your web browser displays a warning message about the pop-up window, allow the blocked content. Cisco RV320/RV325 Administration Guide...
  • Page 9 Getting Started Features of the User Interface Logout To exit the web interface, click Logout near the top right corner of the web interface. The Login page appears. Cisco RV320/RV325 Administration Guide...
  • Page 10 Getting Started Features of the User Interface Cisco RV320/RV325 Administration Guide...

  • Page 11: Chapter 2: System Summary

    LAN—IPv4 management IP address. If Dual-Stack IP is enabled on the Setup Network page, the IPv6 address and prefix length also appear. • System Up time—Length of time in days, hours, and minutes that the device has been active. Cisco RV320/RV325 Administration Guide...

  • Page 12: Configuration (Wizard)

    Auto negotiation—Status of the auto negotiation parameter that when enabled (On), detects the duplex mode, and if the connection requires a crossover, automatically chooses the MDI or MDIX configuration that matches the other end of the link. Cisco RV320/RV325 Administration Guide...

  • Page 13: Ipv4 And Ipv6

    Click Connect to establish the connection. DMZ Information The following DMZ information is provided: • IP Address—Current public IP address for this interface. • DMZ Host—Private IP address of the DMZ host. The default is Disabled. Cisco RV320/RV325 Administration Guide...

  • Page 14: Security Status

    This section displays the status of the VPN tunnels: • VPN Tunnel(s) Used—VPN tunnels in use. • VPN Tunnel(s) Available—VPN tunnels available. • Easy VPN Tunnel(s) Used—Easy VPN tunnels in use. • Easy VPN Tunnel(s) Available—Easy VPN tunnels available. Cisco RV320/RV325 Administration Guide...

  • Page 15: Ssl Vpn Status

    SSL VPN Tunnel(s) Available—SSL VPN tunnels remaining for use. Log Setting Status This section displays the status of the logs: • Syslog Server—Status of syslog: On (green) or Off (red). • E-mail Log—Status of E-mail log: On (green) or Off (red). Cisco RV320/RV325 Administration Guide...
  • Page 16 System Summary Log Setting Status Cisco RV320/RV325 Administration Guide...

  • Page 17: Chapter 3: Setup

    Choose the type of addressing to use on the networks: • IPv4 Only—Only IPv4 addressing. • Dual-Stack IP—IPv4 and IPv6 addressing. After saving the parameters, you can configure both IPv4 and IPv6 addresses for the LAN, WAN, and DMZ networks. Cisco RV320/RV325 Administration Guide...

  • Page 18: Wan1 Or Wan2 Port Settings

    The settings for the interfaces can be modified. If you are running IPv6, select the IPv6 tab before selecting the WAN interface to NOTE configure. Otherwise, the IPv6 parameters are not displayed in the WAN Connections Settings window. Cisco RV320/RV325 Administration Guide...
  • Page 19 LAN Prefix Assignment: Without any action—Does not provide Stateless or Stateful IPv6 address for LAN-side PCs. Configure to RA automatically—Provides Stateless IPv6 address for LAN-side PCs. Configure to DHCPv6 automatically—Provides Stateful IPv6 address for LAN-side PCs. Cisco RV320/RV325 Administration Guide...
  • Page 20 LAN-side PCs. Configure to RA automatically—Provides Stateless IPv6 address for LAN-side PCs. Configure to DHCPv6 automatically—Provides Stateful IPv6 address for LAN-side PCs. Configure to RA and DHCPv6 automatically—Provides Stateless and Stateful IPv6 addresses for LAN-side PCs. Cisco RV320/RV325 Administration Guide...
  • Page 21 MTU—Maximum transmission unit (MTU) size. Select Auto to set the size automatically. Otherwise, to set the MTU size manually, select Manual and enter the MTU size. (The size in bytes of the largest protocol data unit that the layer can pass.) Cisco RV320/RV325 Administration Guide...
  • Page 22 • Subnet Mask (IPv4)—Subnetwork mask assigned to your account. • Default Gateway Address—IP address of the default gateway. • Username and Password—Username and password for your ISP account. The maximum number of characters is 60. Cisco RV320/RV325 Administration Guide...
  • Page 23 MTU—Maximum transmission unit (MTU) size. Select Auto to set the size automatically. Otherwise, to set the MTU size manually, select Manual and enter the MTU size. (The size in bytes of the largest protocol data unit that the layer can pass.) Cisco RV320/RV325 Administration Guide...
  • Page 24 LAN-side PCs. Configure to RA automatically—Provides Stateless IPv6 address for LAN-side PCs. Configure to DHCPv6 automatically—Provides Stateful IPv6 address for LAN-side PCs. Configure to RA and DHCPv6 automatically—Provides Stateless and Stateful IPv6 addresses for LAN-side PCs. Cisco RV320/RV325 Administration Guide...
  • Page 25 LAN-side PCs. Configure to RA automatically—Provides Stateless IPv6 address for LAN-side PCs. Configure to DHCPv6 automatically—Provides Stateful IPv6 address for LAN-side PCs. Configure to RA and DHCPv6 automatically—Provides Stateless and Stateful IPv6 addresses for LAN-side PCs. Cisco RV320/RV325 Administration Guide...
  • Page 26 LAN-side PCs. Configure to RA automatically—Provides Stateless IPv6 address for LAN-side PCs. Configure to DHCPv6 automatically—Provides Stateful IPv6 address for LAN-side PCs. Configure to RA and DHCPv6 automatically—Provides Stateless and Stateful IPv6 addresses for LAN-side PCs. Cisco RV320/RV325 Administration Guide...
  • Page 27 LAN-side PCs. Configure to RA automatically—Provides Stateless IPv6 address for LAN-side PCs. Configure to DHCPv6 automatically—Provides Stateful IPv6 address for LAN-side PCs. Configure to RA and DHCPv6 automatically—Provides Stateless and Stateful IPv6 addresses for LAN-side PCs. Cisco RV320/RV325 Administration Guide...

  • Page 28: Usb1 Or Usb2 Port Settings

    MTU—Maximum transmission unit (MTU) size. Select Auto to set the size automatically. Otherwise, to set the MTU size manually, select Manual and enter the MTU size. (The size in bytes of the largest protocol data unit that the layer can pass.) Cisco RV320/RV325 Administration Guide...

  • Page 29: Setting Failover And Recovery

    Extra Charge—Cost in dollars per kilobyte of data if a given volume is exceeded. Stop connection...—Check to enable dropping the connection when the volume exceeds the given volume. • If you choose Time (min), enter the following: Premium—Cost in dollars for a given period of time. Cisco RV320/RV325 Administration Guide...
  • Page 30 A self-test is considered successful if the device can get an IP address from the service provider. Failures are sent to the log. • Log self-test—Check to log all self-test activity. (All test results are sent to the log.) Click Save to save your settings. STEP 6 Cisco RV320/RV325 Administration Guide...

  • Page 31: Dmz Enable

    STEP 5 Password The username and password allow administrative access to the device. The default username is cisco. The default password is cisco. The username and password can be changed. We strongly recommend changing the default password to a strong password.
  • Page 32 To configure password complexity settings: In the Password Complexity Settings field, check Enable. STEP 1 Configure settings in the following fields: STEP 2 Enter the minimum password length (0-64 Minimum Password Length characters). By default, the minimum length is 8. Cisco RV320/RV325 Administration Guide...

  • Page 33: Time

    You can configure the time zone, whether or not to adjust for daylight savings time, and with which Network Time Protocol (NTP) server to synchronize the date and time. The router then gets its date and time information from the NTP server. Cisco RV320/RV325 Administration Guide...

  • Page 34: Dmz Host

    IP address. (To run an Internet server, it might be necessary to use a static IP address.) For added security, outside users are able to communicate with the server, but they are not allowed to connect to network devices. Cisco RV320/RV325 Administration Guide...
  • Page 35 You can have up to 30 services in the list: STEP 3 • Service Name—Short description. • Protocol—Required protocol. Refer to the documentation for the service that you are hosting. • Port Range—Range of port numbers reserved for this service. Cisco RV320/RV325 Administration Guide...
  • Page 36 Refer to the documentation for the application for additional information. Click Save. STEP 4 Deleting a Table Entry To delete an entry from a table, click the entry or entries that you want to delete and click Delete. Cisco RV320/RV325 Administration Guide...

  • Page 37: Port Address Translation

    Adding or Editing a Service Name section.) Enter the IP address or the name of the network device where the service resides. STEP 3 Click Save. STEP 4 Cisco RV320/RV325 Administration Guide...

  • Page 38: Adding Or Editing A Service Name

    WAN IP addresses of equal length (for example, three internal addresses and three external addresses). The first internal address is mapped to the first external address, the second IP internal IP address is mapped to the second external address, and so on. Cisco RV320/RV325 Administration Guide...

  • Page 39: Mac Address Cloning

    MAC address that you registered with your ISP. • MAC Address from this PC—Click to use the MAC address of your computer as the clone MAC address for the device. Click Save. STEP 3 Cisco RV320/RV325 Administration Guide...

  • Page 40: Assigning Dynamic Dns To A Wan Interface

    Internet IP Address—WAN IP address for the interface. • Status—Status of the DDNS. If the status information indicates an error, make sure that you have correctly entered the information for your account with your DDNS service. Click Save. STEP 3 Cisco RV320/RV325 Administration Guide...

  • Page 41: Advanced Routing

    Receive RIP versions—Select the RIP protocol for receiving network data: None, RIPv1, RIPv2, or Both RIP v1 and v2. RIPv1 is a class-based routing version. It does not include subnet information and therefore does not support variable length subnet masks Cisco RV320/RV325 Administration Guide...

  • Page 42: Configuring Static Routing

    Hop Count—Maximum number of nodes or hops (the maximum is 15 hops) that a packet passes through before being discarded. A node is any device on the network, such as a switch or router. • Interface—Interface to use for this route. Cisco RV320/RV325 Administration Guide...

  • Page 43: Inbound Load Balance

    Host (Record) Name field and select the WAN IP interface to where inbound traffic is distributed. Enter the Alias that assigns several names to one computer host that might STEP 5 provide several services and the Target, an existing A Record domain name. Cisco RV320/RV325 Administration Guide...

  • Page 44: Usb Device Update

    USB device firmware can be updated by using this network device. To upgrade a USB device attached to a USB port, browse the file to be uploaded from a PC to the USB device and click Upgrade. Cisco RV320/RV325 Administration Guide...

  • Page 45: Chapter 4: Dhcp

    DHCP is used for IPv4 and IPv6. While both versions serve the same purpose, the details of the protocol for IPv4 and IPv6 are sufficiently different that they should be considered separate protocols. Cisco RV320/RV325 Administration Guide...

  • Page 46: Dhcp Setup

    Option 66, 67, and 150 to the DHCP server to obtain this information. DHCP Option 150 is Cisco proprietary. The IEEE standard that similar to this requirement is Option 66. Like Option 150, Option 66 is used to specify the Name of the TFTP server.
  • Page 47 Enter the Prefix Length. STEP 2 Select the DHCP Mode: STEP 3 • Disable—Disables DHCP on this device. There are no additional parameters to complete. • DHCP Server—Communicates the client DHCP requests to the device DHCP server. Cisco RV320/RV325 Administration Guide...

  • Page 48: Viewing The Dhcp Status

    Dynamic IP Used—Number of dynamic IP addresses used. • Static IP Used (IPv4 only)—Number of static IP addresses used. • DHCP Available—Number of dynamic IP addresses available. • Total—Total number of dynamic IP addresses managed by the DHCP server. Cisco RV320/RV325 Administration Guide...

  • Page 49: Ip And Mac Binding

    IP address in the IP & MAC binding table is configured to use a static IP address. Typically the MAC address of a device physically appears on a label on the bottom panel or back panel of a device. Cisco RV320/RV325 Administration Guide...
  • Page 50 Shift key, and click the final entry in the block. To select individual entries, press the Ctrl key while clicking each entry. To de-select an entry, press the Ctrl key while clicking the entry. Cisco RV320/RV325 Administration Guide...

  • Page 51: Dns Local Database

    Properties window. Choose Use the following DNS server address, and enter the LAN IP address of the router as the Preferred DNS Server. For more information, refer to the documentation for the client that you are configuring. Cisco RV320/RV325 Administration Guide...

  • Page 52: Router Advertisement (Ipv6)

    Advertisement Interval; the interval at which Router Advertisement messages are sent. Enter any value between 10 and 1800 seconds. The default is 30 seconds. Unicast only—Send Router Advertisement messages only to well- known IPv6 addresses. Cisco RV320/RV325 Administration Guide...
  • Page 53 • Router Lifetime—Time in seconds that the Router Advertisement messages exist on the route. The default is 3600 seconds. To add a new subnet, click Add and enter an IPv6 Address, Prefix Length, and Lifetime. Cisco RV320/RV325 Administration Guide...
  • Page 54 DHCP Router Advertisement (IPv6) Cisco RV320/RV325 Administration Guide...

  • Page 55: Chapter 5: System Management

    WAN interface for the next connection. • Upstream—Maximum upstream bandwidth provided by your ISP. The default is 10000 kbs. The maximum is 1000000 kbs. • Downstream—Maximum downstream bandwidth provided by your ISP. The default is 10000 kbs. Cisco RV320/RV325 Administration Guide...
  • Page 56 To field. For a single IP address, enter the same address in both fields. To enable the protocol binding, check the box to enable this rule, or uncheck the box to disable it. Cisco RV320/RV325 Administration Guide...

  • Page 57: Bandwidth Management

    Maximum Bandwidth Provided by ISP Enter the maximum bandwidth settings as specified by your ISP: • Upstream—Maximum upstream bandwidth provided by your ISP. • Downstream—Maximum downstream bandwidth provided by your ISP. Cisco RV320/RV325 Administration Guide...
  • Page 58 Direction—Select Upstream for outbound traffic. Select Downstream for inbound traffic. • Priority—Choose the priority for this service: High or Low. Default priority level is Medium, which is implied and not shown in the web interface. Check the box to enable this service. Cisco RV320/RV325 Administration Guide...

  • Page 59: Snmp

    System Location—Network administrator contact information: an E-mail address, telephone number, or pager number. • Trap Community Name—Password sent with each trap to the SNMP manager. The string can be up to 64 alphanumeric characters. The default is public. Cisco RV320/RV325 Administration Guide...
  • Page 60 The default is No Authentication, No Privacy. Authentication and Privacy passwords require at least 8 characters. Select the MIBs that the members of the group can access. STEP 4 Click Save. STEP 5 Cisco RV320/RV325 Administration Guide...

  • Page 61: Discovery-Bonjour

    LAN. When this feature is enabled, the device periodically multicasts Bonjour service records to the LAN to advertise its existence. For discovery of Cisco Small Business products, Cisco provides a utility that works NOTE through a simple toolbar on the web browser called FindIt. This utility discovers Cisco devices in the network and display basic information, such as serial numbers and IP addresses.

  • Page 62: Lldp Properties

    To use DNS to learn an IP address, choose DNS Lookup, enter the Lookup Domain Name , such as www.cisco.com, and click Go. The IP address is displayed. Cisco RV320/RV325 Administration Guide...

  • Page 63: Factory Default

    Upgrading the firmware might take several minutes. Do not turn off the power, press the reset button, close the browser, or disconnect the link during this process. To upload firmware from a PC, select Firmware Upgrade from PC and browse the file. Cisco RV320/RV325 Administration Guide...

  • Page 64: Language Selection Or Language Setup

    Browse the Language File Name, to upload the new language file. STEP 4 Click Save. STEP 5 After the language pack is uploaded, choose a language from the drop-down list STEP 6 at the top right-hand corner on the Language Setup or other configuration pages. Cisco RV320/RV325 Administration Guide...

  • Page 65: Restart

    STEP 3 contains a different password than the current device management password, you are asked to enter this password before the configuration file is restored. Click System Management > Restart in the navigation tree. STEP 4 Cisco RV320/RV325 Administration Guide...
  • Page 66 To copy the startup file to the mirror file, click Copy Mirror to Startup. The copy operation is performed immediately, with no option to cancel. When the operation is finished, the page refreshes. Cisco RV320/RV325 Administration Guide...
  • Page 67 Backing Up the Firmware to a USB Flash Drive To back up the firmware to a Flash drive on the USB port, select the port from the drop-down menu and click Backup. The device saves the firmware image as image.bin. Cisco RV320/RV325 Administration Guide...
  • Page 68 System Management Backup and Restore Cisco RV320/RV325 Administration Guide...

  • Page 69: Chapter 6: Port Management

    NOTE To enable port mirroring for RV320, check Enable Mirror Port. Incoming and outgoing packets on WAN ports and LAN ports are copied to LAN1. To enable port mirroring for RV325, check Enable Mirror Port. Incoming and outgoing packets on LAN ports are copied to LAN1.

  • Page 70: Port Status

    Duplex Status—Duplex mode, Half or Full. • Auto negotiation—Status of the duplex mode. Traffic Statistics For the selected port, the Statistics table displays the following: • Port ID—Location of the port. • Link Status—Status of the connection. Cisco RV320/RV325 Administration Guide...

  • Page 71: Vlan Membership

    (allow or deny) the inter- VLAN traffic. • For RV320, LAN 1 through LAN 4—A port can be tagged, untagged, or excluded from the VLAN. • For RV325, LAN 1 through LAN 14—A port can be tagged, untagged, or excluded from the VLAN.

  • Page 72: Dscp Marking

    Force Unauthorized—Controlled port state is set to discard traffic; packets cannot go through. • Auto—Enables port-based authentication. The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client. Cisco RV320/RV325 Administration Guide...
  • Page 73 Port Management 802. 1 X Configuration Click Save. STEP 6 Cisco RV320/RV325 Administration Guide...
  • Page 74 Port Management 802. 1 X Configuration Cisco RV320/RV325 Administration Guide...

  • Page 75: Chapter 7: Firewall

    Block WAN Request—Drops TCP requests and ICMP packets. • Remote Management—Allows remote management of the device when enabled. The port is 443 by default. It can be changed to any user-defined port. The string will be https://<wan-ip>:<remote-management-port> Cisco RV320/RV325 Administration Guide...

  • Page 76: Access Rules

    Access rules limit access to the subnetwork by allowing or denying access by specific services or devices identified by their IP address. To add or edit a service, click Service Management. This feature is described in Adding or Editing a Service Name. Cisco RV320/RV325 Administration Guide...
  • Page 77 Click Add (or select the row and click Edit). STEP 2 Select the Action, Allow or Deny, for this rule from the drop-down menu. STEP 3 Select the Service from the drop-down menu. STEP 4 Select the Log from the drop-down menu. STEP 5 Cisco RV320/RV325 Administration Guide...

  • Page 78: Content Filter

    Blocking Website Keywords To block web site keywords: Select Block Forbidden Domains. STEP 1 Click Add (or Edit) the words in the Website Blocking by Keywords table. STEP 2 Enter a word in the Keyword column. STEP 3 Cisco RV320/RV325 Administration Guide...
  • Page 79 From and To fields. For example, 07:00 to 20:00. Content filter does not allow setting two time intervals. Check the Effective On days of the week. STEP 3 Click Save. STEP 4 Cisco RV320/RV325 Administration Guide...
  • Page 80 Firewall Content Filter Cisco RV320/RV325 Administration Guide...

  • Page 81: Chapter 8: Vpn

    WINS Server1 and WINS Server 2—Optional IP address of a WINS server. Windows Internet Naming Service resolves NetBIOS names to IP addresses. If you do not know the IP address of the WINS server, use the default, 0.0.0.0. Cisco RV320/RV325 Administration Guide...
  • Page 82 • Tunnels—Number of users logged into the group VPN. • Phase2 Enc/Auth/Grp—Phase 2 encryption type (NULL/DES/3DES/AES- 128/AES-192/AES-256), authentication method (NULL/MD5/SHA1), and DH group number (1/2/5). • Local Group—IP address and subnet mask of the Local Group. Cisco RV320/RV325 Administration Guide...

  • Page 83: Gateway To Gateway

    It does not have to match the name used at the other end of the tunnel. • Interface—WAN port to use for this tunnel. • Keying Mode—Identifies the tunnel security: Manual, IKE with Preshared Key, IKE with Certificate. Cisco RV320/RV325 Administration Guide...

  • Page 84: Local Group Setup

    Dynamic IP + Domain Name (FQDN) Authentication—This router has a dynamic IP address and a registered Dynamic DNS hostname (available from providers such as DynDNS.com). Enter a Domain Name to use for authentication. The domain name can be used only for one tunnel connection. Cisco RV320/RV325 Administration Guide...
  • Page 85 IP Address and Subnet Mask. Begin IP and End IP (IP Range)—A range of devices that can use the VPN tunnel. Enter the first IP address in Begin IP and the end IP address in End IP. Cisco RV320/RV325 Administration Guide...
  • Page 86 IP Address, and enter the IP address. If you do not know the IP address of the remote VPN router, select IP by DNS Resolved, and enter the real domain name of the router. Cisco routers can get the IP address of remote VPN device by DNS Resolved.
  • Page 87 Phase 1 / Phase 2 SA Life Time—Length of time a VPN tunnel is active in this phase. The default value for Phase 1 is 28800 seconds. The default value for Phase 2 is 3600 seconds. Cisco RV320/RV325 Administration Guide...
  • Page 88 The scale goes from red (weak) to yellow (acceptable) to green (strong). Enter a complex preshared key that includes more than eight characters, upper- and lowercase letters, numbers, and symbols such as -*^+=. Cisco RV320/RV325 Administration Guide...

  • Page 89: Advanced Settings For Ike With Preshared Key And Ike With Certificate

    Windows features such as Network Neighborhood. LAN broadcast traffic is typically not forwarded over a VPN tunnel. However, you can check this box to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast to the other end. Cisco RV320/RV325 Administration Guide...
  • Page 90 Local Interface—WAN interface to use to reestablish the connection. VPN Tunnel Backup Idle Time—When the router boots up and the primary tunnel is not connected within the specified period, the backup tunnel is used. The default idle time is 30 seconds. Cisco RV320/RV325 Administration Guide...

  • Page 91: Client To Gateway

    The router supports up to two VPN groups. The group number is automatically generated. • Easy VPN—Allows remote users to connect this device by using Cisco VPN Client (also known as Cisco Easy VPN Client) utility (available on https:// software.cisco.com/download/...
  • Page 92 Version 4.8 supports Intel based Linux To set it up Easy VPN, configure a group password on this page, and add a username and password for each Cisco VPN Client users in the User Management Table in the User Management section.
  • Page 93 Management. To use the IPsec Host, click the radio button and enter the User Name and Password. To use the Edge Device, click the radio button and select the database from the drop-down menu. To add or edit the database, click Add/Edit to display the User Management window. Cisco RV320/RV325 Administration Guide...
  • Page 94 IP address. If you do not know the IP address of the remote VPN router, select IP by DNS Resolved, and enter the real domain name of the router. Cisco routers can get the IP address of remote VPN device by DNS Resolved.
  • Page 95 Internet. The router will get the IP address of remote VPN client by DNS Resolved, and the IP address of remote VPN client will be displayed in the VPN Status section of the Summary page. Cisco RV320/RV325 Administration Guide...
  • Page 96 The domain name can only be used for one tunnel connection. • Email Address (USER FQDN) Authentication—Identifies the client by an E-mail address for authentication. Enter the address in the fields provided. • Microsoft XP/2000 VPN Client—Client software is the built-in Microsoft XP/2000 VPN Client. Cisco RV320/RV325 Administration Guide...
  • Page 97 IPsec keys. Check the box to enable this feature, or uncheck the box to disable this feature. This feature is recommended. • Minimum Preshared Key Complexity—Check Enable to enable the Preshared Key Strength Meter. Cisco RV320/RV325 Administration Guide...

  • Page 98: Advanced Settings For Ike With Preshared Key And Ike With Certificate

    If you enable this feature for this router, also enable it on the router at the other end of the tunnel. • Keep-Alive—Attempts to reestablish the VPN connection if it is dropped. Cisco RV320/RV325 Administration Guide...
  • Page 99 Add/Edit to display the User Management window. • Mode Configuration—Provides an IP address to the incoming tunnel requestor (after authentication) from the Virtual IP Range configured in the VPN > Summary window. Cisco RV320/RV325 Administration Guide...

  • Page 100: Vpn Passthrough

    The LAN IP address range for PPTP VPN clients should be outside of the normal DHCP range of the router. The Connection Table shows the tunnels in use. PPTP user accounts are added in User Management window (select Unassigned in the Group column). Cisco RV320/RV325 Administration Guide...

  • Page 101: Chapter 9: Certificate Management

    To display certificate information, click the Details icon. Exporting or Displaying a Certificate or Private Key The client certificate enables the client to connect to the VPN. To export or display a certificate or private key: Cisco RV320/RV325 Administration Guide...
  • Page 102 Select Import from PC or Import from USB Device. STEP 3 Browse in the CA Certificate. (3rd-party only.) STEP 4 Browse in the Certificate and Private Key (3rd-party or Self-signed). STEP 5 Click Save. STEP 6 Cisco RV320/RV325 Administration Guide...

  • Page 103: Trusted Ssl Certificate

    To display certificate information, click the Details icon. To export or display a certificate, click the Export Certificate icon. A pop-up window displays where you can Open the certificate for inspection or Save the certificate to a PC. Cisco RV320/RV325 Administration Guide...

  • Page 104: Certificate Generator

    Common Name—Common name of the organization. • Email Address—Contact email address (optional). • Key Encryption Length—Length of the key. • Valid Duration—Number of days the certificate is valid. Click Save. The My Certificate window appears. STEP 2 Cisco RV320/RV325 Administration Guide...

  • Page 105: Csr Authorization

    Click Browse to identify the Certificate Signing Request. STEP 1 To select the corresponding private key to authorize and sign the CSR, select the STEP 2 certificate to associate with the request from the My Certificate drop-down menu. Click Save. STEP 3 Cisco RV320/RV325 Administration Guide...
  • Page 106 Certificate Management CSR Authorization Cisco RV320/RV325 Administration Guide...

  • Page 107: System Log

    When a link is brought down. • Authentication fails. • The system is started. Click Save. STEP 6 Configuring the System Log Servers To enable a server, click Enable and enter the name of the Syslog Server. Cisco RV320/RV325 Administration Guide...
  • Page 108 • Email Alert for hacker attack—Alert email sent when access is attempted by a hacker attempting to use a denial-of-service (DOS) attack. To email the log immediately, click Email Log Now. Cisco RV320/RV325 Administration Guide...
  • Page 109 Configuration Changes—Instances when the device configuration has been modified. • IPsec and PPTP VPN—VPN tunnel negotiation, connection, and disconnection status. • SSL VPN—SSL VPN tunnel negotiation, connection, and disconnection status. • Network—WAN/DMZ interface is connected or disconnected. Cisco RV320/RV325 Administration Guide...

  • Page 110: System Statistics

    Clear Log Now—Click to clear the log without emailing it, only if you do not want to view the information in the future. System Statistics Detailed information about the ports and the devices attached to them are shown. Processes Detailed information about the running processes is shown. Cisco RV320/RV325 Administration Guide...

  • Page 111: Ssl Vpn

    Or, for users that require access to all resources in the internal network, this device supports Virtual Passage, which allows authorized users to obtain an IP address from this device through a SSL VPN tunnel and are then a part of the internal network. Cisco RV320/RV325 Administration Guide...
  • Page 112 Group—Name of the group. • Domain—Database from where the user is authorized. • User—Usernames and types. Click Details to display. • Resource—System resources the group is allowed to access. Click Details to display. • Status—Group status. Cisco RV320/RV325 Administration Guide...
  • Page 113 IP address; they can click to use the administrator preconfigured resources. Administrators can see all configured bookmarks that display on a user web portal. Cisco RV320/RV325 Administration Guide...
  • Page 114 The resources for each default user group are shown in the table. Resource name/ All Users Supervisor Mobile User Branch Group name Staff Internet Services Telnet Microsoft Terminal Services Word Excel Power Point Access Outlook Internet Explorer Cisco RV320/RV325 Administration Guide...

  • Page 115: Resource Management

    Application Description—Description of the application. • Application and Path—Path and executable file names. • Working Directory—Application directory. • Host Address—IP address of the computer hosting the service. • Application Icon—Icon to display. • Enable—Enables the resource. Cisco RV320/RV325 Administration Guide...
  • Page 116 Client Address Range Ends—Ending IP address of the allowed range. • Service Port—Port number for SSL VPN. • Business Name—String that is displayed as a banner for the business name. • Resource Name—String that is displayed as a banner for the resource name. Cisco RV320/RV325 Administration Guide...
  • Page 117 Use the Access Rule Setup Wizard to create firewall access rules. Click Launch Now to run the Access Rule Setup Wizard. The wizard provides information about the default rules for this device. Follow the on-screen instructions to proceed. Cisco RV320/RV325 Administration Guide...
  • Page 118 Wizard Cisco RV320/RV325 Administration Guide...

  • Page 119: User Management

    User Management User management controls domain and user access, primarily used for PPTP, Cisco VPN Client (also known as EasyVPN), and SSL VPN. To add (or modify) a domain: Click Add (or select an entry and click Edit). STEP 1...
  • Page 120 By default, the Group drop-down has 5 options; 4 default SSLVPN groups and Unassigned. The Unassigned group contains PPTP VPN users and EasyVPN users. The Administrator group has only one user, the default username of the Administrator group is cisco. • Domain—Name of the domain listed in the Domain Management table.

  • Page 121: Where To Go From Here

    ForPartners Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.
  • Page 122 Where to Go From Here Revised August 2014 Cisco RV320/RV325 Administration Guide...

This manual is also suitable for:

Rv325

Table of Contents