Cisco Systems RVL200 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Cisco Systems RVL200. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Cisco Systems RVL200 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Cisco Systems RVL200 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Cisco Systems RVL200 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Cisco Systems RVL200
- nom du fabricant et année de fabrication Cisco Systems RVL200
- instructions d'utilisation, de réglage et d’entretien de l'équipement Cisco Systems RVL200
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Cisco Systems RVL200 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Cisco Systems RVL200 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Cisco Systems en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Cisco Systems RVL200, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Cisco Systems RVL200, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Cisco Systems RVL200. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    USER GUIDE BUSINESS SERIES 4-P or t SSL/IPSec VPN Router Model: RVL200[...]

  • Page 2

    ii About This Guide 4-Port SSL/IPSec VPN Router About T his Guide Icon Descriptions While reading through the User Guide you may see various icons that call attention to specific items. Below is a description of these icons: NO TE: This check mark indicates that there is a not e of in terest and is something that you should pay special attention to[...]

  • Page 3

    i T able of Contents 4-Port SSL/IPSec VPN Router Chapter 1: Introduction 1 Introduction to the Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction to Virtual Private Netw orks ( VPNs) . . . . . . . . . . . . . . . . . . . . . . . . . . 1 VPN Router to VPN Router . . . . . . . . . . . . . . . . . . .[...]

  • Page 4

    ii T able of Contents 4-Port SSL/IPSec VPN Router Setup > One -to- One NA T. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 One -to-One NA T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Setup > MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 5

    iii T able of Contents 4-Port SSL/IPSec VPN Router QoS > QoS Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 QoS Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 QoS > Queue Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 6

    iv T able of Contents 4-Port SSL/IPSec VPN Router Wizar d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Basic Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Access Rule Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 7

    v T able of Contents 4-Port SSL/IPSec VPN Router Appendix H: Deployment in an Existing Netw ork 80 Over view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 LAN-to-LAN Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 W AN-to -LAN Connection. . . [...]

  • Page 8

    vi T able of Contents 4-Port SSL/IPSec VPN Router Appendix M: Multiple VLANs and Subnets 96 Over view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 RVL200 Conguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Basic Instructions . . . . . . . [...]

  • Page 9

    1 Introduc tion 4-Port SSL/IPSec VPN Router Chapter 1 Chapter 1: Introduction Introduction to the Router Thank you f or choosing the Linksys 4-P ort SSL/IPSec VPN Router . The R outer is an advanced I nternet-sharing network solution for your small business needs. Like any router , it lets multiple computers in your office share an Internet connec [...]

  • Page 10

    2 Introduc tion 4-Port SSL/IPSec VPN Router Chapter 1 Internet Central Office Home VPN Router VPN Router VPN Router to VPN Router Computer (using SSL VPN client software) to VPN Router The follo wing is an example of a comput er-to-VPN Router VPN. I n her hotel room, a traveling businesswoman connects to her I nternet Ser vice Pro vider (ISP). Her [...]

  • Page 11

    3 Produc t Over view 4-Port SSL/IPSec VPN Router Chapter 2 Chapter 2: Pr oduc t Over view Front P anel Po wer (Green) The Po wer LED lights up green and stays on while the Router is pow ered on. Diag (Orange) The Diag LED lights up when the Router is not ready for use. During a warm reset, it flashes slowly . During a reset to fac tory defaults, it[...]

  • Page 12

    4 Installation 4-Port SSL/IPSec VPN Router Chapter 3 Chapter 3: Installation Physical Installation There ar e three wa ys to place the Router . The first wa y is to place it hor izontally on a surface, so it sits on its four rubber feet. The second way is to stand the R outer vertically on a sur face. The third way is to mount it on a w all. Horizo[...]

  • Page 13

    5 Installation 4-Port SSL/IPSec VPN Router Chapter 3 Cable Connec tion T o connect network devices to the R outer , follow these instructions: Before you begin, make sure that all of your hardware is pow ered off, including the R outer , computers, switches, and cable or DSL modem. Connect your cable or DSL modem’ s Ethernet cable to the Router ?[...]

  • Page 14

    Chapter 4 Advanced Configura tion 6 4-Port SSL/IPSec VPN Router Chapter 4: A dvanc ed C onfigur a tion Over view F or your convenience , use the Router ’ s web-based utility to set it up and configure it. T his chapter will explain all of the functions in this utility. These are the main tabs of the utility : System Summar y , Setup, DHCP , Syste[...]

  • Page 15

    Chapter 4 Advanced Configura tion 7 4-Port SSL/IPSec VPN Router Select Allow cookies . Select Enable JavaScript . Click Advanc ed . Select Enable ActiveX . Netscape Communicator > Options > Site C ontrols > W eb F eatur es Click OK . Under Options, click A dvanced . Click Security . Select Use SSL 2.0 and Use SSL 3.0 . Netscape Communicato[...]

  • Page 16

    Chapter 4 Advanced Configura tion 8 4-Port SSL/IPSec VPN Router Click to Install the W eb Cache Cleaner On the Security Warning scr een, click Y es . Click Y es to Install The W eb Cache Cleaner will be installed in C: WINDOWSDownloaded Progr am Files. P roceed to the rest of this chapter f or inf ormation about the web- based utility . When you[...]

  • Page 17

    Chapter 4 Advanced Configura tion 9 4-Port SSL/IPSec VPN Router Sy stem Up Time This is the length of time in da ys, hours , and minutes that the Router has been ac tive. The cur rent time and date are also displa yed. P ort S tatistics Click any por t on the Router ’ s rear panel image to see the status of the selected por t. If the port is disa[...]

  • Page 18

    Chapter 4 Advanced Configura tion 10 4-Port SSL/IPSec VPN Router If you have not set up the e-mail server on the Log tab, the message, “E-mail cannot be sent because you have not specified an outbound SMTP server address, ” will be displayed . If you hav e set up the mail ser ver but the log has not been generated due to the Log Queue Length an[...]

  • Page 19

    Chapter 4 Advanced Configura tion 11 4-Port SSL/IPSec VPN Router subscribers use this connection type.) Y our ISP assigns these values. Obtain an IP Automatically DNS Ser ver (Required) 1/2 If y ou selec t Use the F ollowing DNS Ser ver Addresses , enter your DNS ser ver IP addr ess(es) (enter at least one). Multiple DNS ser ver IP settings are com[...]

  • Page 20

    Chapter 4 Advanced Configura tion 12 4-Port SSL/IPSec VPN Router Keep Alive: Inter val If you select the Keep Alive option, the Router will send keep-alive packets as of ten as you specify . The default Inter val is 30 seconds. Keep Alive: Retr y T imes I f you selec t the Keep Alive option, the Router will send keep-alive packets as many times as [...]

  • Page 21

    Chapter 4 Advanced Configura tion 13 4-Port SSL/IPSec VPN Router Setup > Passwor d Passw ord The User Name is admin; it cannot be changed. Old Passwor d Enter the old password . The default is admin when you first pow er up the Router . New Password Enter a new password for the Router . Y our password must have 20 or fewer characters and cannot [...]

  • Page 22

    Chapter 4 Advanced Configura tion 14 4-Port SSL/IPSec VPN Router Click Save Settings to save your change, or click Cancel Changes to undo it. Setup T ab > F or warding The Forwarding screen allows you to set up port range forwarding and por t triggering applications. Port range forwarding can be used to set up public ser vices or other specializ[...]

  • Page 23

    Chapter 4 Advanced Configura tion 15 4-Port SSL/IPSec VPN Router Some I nternet applications or games use alternate por ts to communicate between the server and LAN host. When you want to use these applications, enter the triggering (outgoing) por t and alternate incoming port in the P or t T riggering table. Then the Router will for ward the incom[...]

  • Page 24

    Chapter 4 Advanced Configura tion 16 4-Port SSL/IPSec VPN Router UPnP F orwarding T able List Click Refresh to update the on-screen information. Click Close to exit this screen and r eturn to the UPnP scr een. On the UPnP screen, click Save Settings to save your changes, or click Canc el Changes to undo them. Setup > O ne-to - One NA T One -to-O[...]

  • Page 25

    Chapter 4 Advanced Configura tion 17 4-Port SSL/IPSec VPN Router Setup > MAC Clone MAC Clone User Defined W AN MA C Address T o manually clone a MA C address, selec t User Defined W AN MA C Address , and then enter the 12 digits of your adapter ’ s MAC address. MA C Address from this PC T o clone the MAC address of the computer you are current[...]

  • Page 26

    Chapter 4 Advanced Configura tion 18 4-Port SSL/IPSec VPN Router other rout ers on the network. It determines the r oute tha t the net work packets take based on the fewest number of hops between the source and the destination. W orking Mode S elect Gateway mode if the Router is hosting your network ’ s connection to the Internet. Select Router m[...]

  • Page 27

    Chapter 4 Advanced Configura tion 19 4-Port SSL/IPSec VPN Router DHCP > Setup Setup Enable DHCP Server T o use the Router as your network’ s DHCP server , selec t Enable DHCP S erver . If you already have a DHCP server on your net work, remove the check mark. Dynamic IP Client Lease T ime The Client Lease Time is the amount of time a net work [...]

  • Page 28

    Chapter 4 Advanced Configura tion 20 4-Port SSL/IPSec VPN Router NO TE: T o support NetBIOS f or DHCP and Vir tual P assage clients, the Router uses two methods. ( Vir tual Passage is an ActiveX -based VPN client that provides full net work connectivity for Window s users. I t allows remote access to the Router ’ s network through a secure c onne[...]

  • Page 29

    Chapter 4 Advanced Configura tion 21 4-Port SSL/IPSec VPN Router to configure the Device IP Address and Subnet Mask settings.) Subnet1-4 The subnet numbers are created according to the VLAN numbers. ( The multiple subnets can also be configured on the Setup > Network screen.) IP Address Enter an IP address. Subnet Mask Selec t the appropriate su[...]

  • Page 30

    Chapter 4 Advanced Configura tion 22 4-Port SSL/IPSec VPN Router System Management > Diagnostic > P ing Ping host or IP addr ess Enter the IP address of the device being pinged, and click Go . The test will take a few seconds to complete. When completed, the Router will display the results at the bottom of the screen. The results include this[...]

  • Page 31

    Chapter 4 Advanced Configura tion 23 4-Port SSL/IPSec VPN Router from the Restart screen, then the Router will send out y our log file before it is r eset. System Management > Restart Restart Restart Router Click Restar t Router to restart the Router . Syst em Management > Setting Backup This screen allows you to make a backup file of your pr[...]

  • Page 32

    Chapter 4 Advanced Configura tion 24 4-Port SSL/IPSec VPN Router System Management > IGMP Snooping Enable IGMP Snooping S elect this option to use IGMP Snooping. Timeout Enter the time inter val during which IGMP broadcast packets from the IGMP ser ver are sent to the IGMP clients behind a specific por t of the Router . I f the time interval has[...]

  • Page 33

    Chapter 4 Advanced Configura tion 25 4-Port SSL/IPSec VPN Router Port Receiv e P acket Count The number of packets receiv ed is displayed . Port Receiv e Packet Byte Count The number of packet bytes rec eived is display ed. Port T r ansmit Packet Count The number of packets transmitted is display ed. Port T ransmit P ack et Byte C ount The number o[...]

  • Page 34

    Chapter 4 Advanced Configura tion 26 4-Port SSL/IPSec VPN Router Port Management > VLAN Membership VLAN Membership VLAN ID Select the VLAN ID number tha t you c onfigured on the Create VLAN screen. Description Enter the VLAN group name. Y ou can use up to 50 characters. F or the default VLAN 1, all ports will be set t o Acc ess mode and all fram[...]

  • Page 35

    Chapter 4 Advanced Configura tion 27 4-Port SSL/IPSec VPN Router Rate C ontrol Service Selec t the Ser vice you want. If the Ser vice y ou need is not list ed in the menu, click Service Management to add the new ser vice. The Service Management screen appears. Service Management Service Name Enter a name. Protoc ol Select the protocol it uses. Port[...]

  • Page 36

    Chapter 4 Advanced Configura tion 28 4-Port SSL/IPSec VPN Router Service Management Service Name Enter a name. Protoc ol Select the protocol it uses. Port Range Enter its range. Click Add to List . Click Save S ettings to save your changes, or click C ancel Changes to undo them. Click Exit to return to the Bandwidth Management screen. If you want t[...]

  • Page 37

    Chapter 4 Advanced Configura tion 29 4-Port SSL/IPSec VPN Router None If the None option is selec ted, then the Router prioritizes each packet based on the required level of service for its four LAN por ts, using four priority queues with stric t or W eighted Round Robin ( WWR) queuing. Y ou can use these functions to assign independent priorities [...]

  • Page 38

    Chapter 4 Advanced Configura tion 30 4-Port SSL/IPSec VPN Router based QoS in Layer 3, the Router can use the prior ity bits in the Type of Service ( T oS) octet to pr ioritize traffic. If priority bits are used, the T oS oc tet may con tain three bits for IP P recedence or six bits f or DSCP service. QoS > DSCP Settings DSCP Settings DSCP to Qu[...]

  • Page 39

    Chapter 4 Advanced Configura tion 31 4-Port SSL/IPSec VPN Router NO TE: SSL VPN has higher priority than P ort F orwarding when HT TPS is enabled. HTTP T o allow HT TP connections for remote management, select Enable . O therwise, select Disable . Then enter the port number you want to use for remote management (port 80 or 8080 is usually used). Mu[...]

  • Page 40

    Chapter 4 Advanced Configura tion 32 4-Port SSL/IPSec VPN Router Time The time inter val to which the access rule applies is displayed . Day The days to which the access rule applies is displayed . Click Edit to edit an access rule, and click the T rash Can icon to delete an ac cess rule. If the Access Rules table has multiple pages, select a diffe[...]

  • Page 41

    Chapter 4 Advanced Configura tion 33 4-Port SSL/IPSec VPN Router Source S elect the Sourc e IP address(es) for the access rule. If it can be any IP address, select Any . If it is one IP address, select Single and enter the IP address . I f it is a range of IP addresses, select Range , and enter the star ting and ending IP addresses in the A ddr . R[...]

  • Page 42

    Chapter 4 Advanced Configura tion 34 4-Port SSL/IPSec VPN Router Group Name Enter a name for the new g roup . Show unknown IP/MAC addresses I f you do not k now a computer’ s IP or M AC address, click Sho w unknown IP/MA C addresses . The Unk nown MAC Address List appears. Unknown IP Address List IP Address Select this option to view all LAN IP a[...]

  • Page 43

    Chapter 4 Advanced Configura tion 35 4-Port SSL/IPSec VPN Router Summar y T unnel Used The number of VPN tunnels being used is displayed . T unnel A vailable The number of available VPN tunnels is displayed . T unnel Sta tus Add New T unnel Click Add New T unnel to add a Gateway-to-Gateway tunnel. The Mo de Cho ose screen appears. Mode Choose Click[...]

  • Page 44

    Chapter 4 Advanced Configura tion 36 4-Port SSL/IPSec VPN Router FQDN) A uthentication , Dynamic IP + Domain Name(FQDN) Authentication , or Dynamic IP + E- mail A ddr .(USER FQDN) Authentication . F ollow the instructions for the type you want to use . NO TE: T he Local Security G ateway T ype you select should match the Remote S ecurity Gateway Ty[...]

  • Page 45

    Chapter 4 Advanced Configura tion 37 4-Port SSL/IPSec VPN Router NO TE: The Remote S ecurity Gateway T ype you select should match the L ocal Security Gateway T ype selec ted on the VPN device at the other end of the tunnel. IP Only The default is IP Only . Only the computer with a specific IP address will be able to access the tunnel. Selec t IP a[...]

  • Page 46

    Chapter 4 Advanced Configura tion 38 4-Port SSL/IPSec VPN Router Subnet The default is Subnet . All computers on the remote subnet will be able to access the tunnel . IP address Enter the IP address. Subnet Mask Enter the subnet mask . The default is 255.255.255.0 . IP Range Specify a range of IP addresses within a subnet that will be able to acces[...]

  • Page 47

    Chapter 4 Advanced Configura tion 39 4-Port SSL/IPSec VPN Router Manual Incoming and Outgoing SPI (Security Par ameter Index) SPI is carried in the ESP (Encapsulating S ecurity P ayload Protocol) header and enables the r eceiver and sender to select the SA, under which a packet should be processed . Hexadecimal values is acceptable, and the valid r[...]

  • Page 48

    Chapter 4 Advanced Configura tion 40 4-Port SSL/IPSec VPN Router the Router will disconnect the tunnel so the connection can be re - established. Specify the inter val between HELL O/A CK messages (how often you want the messages to be sent). DPD is enabled by default, and the default interval is 10 seconds. Click Save Settings to save your changes[...]

  • Page 49

    Chapter 4 Advanced Configura tion 41 4-Port SSL/IPSec VPN Router Generate New Certificate Click this option to generate a new certificate. It will replace the Router ’ s existing certificate. Export C ertific ate f or Administr ation The c ertificate f or administration holds the privat e key and should be st ored in a safe place as a backup . Se[...]

  • Page 50

    Chapter 4 Advanced Configura tion 42 4-Port SSL/IPSec VPN Router NO TE: I f your users are unable to connect via Active Directory , verify the follo wing: The time settings between the Active Directory ser ver and the Router must be synchronized . Kerberos authentication, used by Active Director y to authenticate clients, permits a maximum of a 15-[...]

  • Page 51

    Chapter 4 Advanced Configura tion 43 4-Port SSL/IPSec VPN Router SSL VPN > Virtual Passage Virtual Passage Client Addr ess Range Define the range of IP addresses to assign to incoming Virtual Passage clients. The default is 192.168.1.200 to 192.168.1.210 . The Router can suppor t up to five concurrent active users. Range Star t Enter the star ti[...]

  • Page 52

    Chapter 4 Advanced Configura tion 44 4-Port SSL/IPSec VPN Router SNMP > V iews Configure this screen to allow or deny access to SNMP featur es. SNMP > Views View s Vie w T able V iew Name Selec t the appropriate view name. There are two default views: Default This displays the default SNMP views for read and read/write views , including the f[...]

  • Page 53

    Chapter 4 Advanced Configura tion 45 4-Port SSL/IPSec VPN Router Security Model Select the v ersion of SNMP the group uses: SNMPv1 , SNMPv2 , or SNMPv3 . Security Level This option is available if SNMPv3 is selected f or the Security M odel. Selec t No Authen tication if no authentication or privac y security levels are specified. Select Authentica[...]

  • Page 54

    Chapter 4 Advanced Configura tion 46 4-Port SSL/IPSec VPN Router Select how you want to define the access control of this community . Basic Ac cess Mo de This allows both v1 and v2c operation requests. Selec t Read Only if you want the user to have read-only access to the parameters of the MIB tree with respect to the view name. Select Read W rite [...]

  • Page 55

    Chapter 4 Advanced Configura tion 47 4-Port SSL/IPSec VPN Router SNMPv3 Select this option if you want to use SNMPv3. Then configure the f ollowing: User Name Enter the name of the user who receives SNMP notifications. Security Level Selec t No Authentication if no authentication or privacy security levels are specified. Select Authentication if SN[...]

  • Page 56

    Chapter 4 Advanced Configura tion 48 4-Port SSL/IPSec VPN Router e -mailed at the same time. The default is S everity0_ Emergency . Click E-mail Log Now to immediately send the log to the address in the Send E-mail to field. Log Setting Alert Log Syn F looding Selec t this option if y ou want Syn F looding events to trigger an alert. IP Spoofing Se[...]

  • Page 57

    Chapter 4 Advanced Configura tion 49 4-Port SSL/IPSec VPN Router Log > Syst em Statistics Click Refresh to update the sta tistics. Wizard Use this tab to access two Setup Wizards , the Basic Setup Wizar d and the Access Rule Setup Wizar d. Run the Basic Setup Wizar d to set up the Router for your Internet connection(s). Run the A ccess Rule Setu[...]

  • Page 58

    Chapter 4 Advanced Configura tion 50 4-Port SSL/IPSec VPN Router Depending on which connection type you have selected, the appropriate screen will appear . F ollow the instructions for the appropriate connection type: Obtain an IP automatically If you want t o use the ISP’ s DNS ser ver , select Use DNS Ser ver provided by ISP (default). I f you [...]

  • Page 59

    Chapter 4 Advanced Configura tion 51 4-Port SSL/IPSec VPN Router your Internet access disconnec ts. The default is 5 minutes. If y ou select the Keep aliv e option, the Router will keep the c onnection alive by sending out a few data packets periodically , so your ISP thinks that the connection is still active. This option keeps your connec tion ac[...]

  • Page 60

    Chapter 4 Advanced Configura tion 52 4-Port SSL/IPSec VPN Router Select the ser vice y ou want from the Service pull-down menu. Click Next to continue. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizar d. Select the Ser vice F or this ser vice, you can select whether or not you want the R ou[...]

  • Page 61

    Chapter 4 Advanced Configura tion 53 4-Port SSL/IPSec VPN Router Decide when you want this Access Rule to be enforc ed. Select Alwa ys if y ou want the A ccess Rule to be alw ays enforc ed. Click Next to continue. Click Pr evious if you want to return to the previous screen. Click Exit if you want to exit the Setup W izard . When It W orks Select S[...]

  • Page 62

    Chapter 4 Advanced Configura tion 54 4-Port SSL/IPSec VPN Router session. (I f you end the session, you will need to re - enter your User Name and P assw ord to log in and then manage the Router .) After y ou click the L ogout tab, a Warning screen appears. I t will ask you to confirm that you want to delete the History Item for the Router . ( The [...]

  • Page 63

    55 T roubleshooting 4-Port SSL/IPSec VPN Router Appendix A Appendix A: T roubleshooting The rmw are upgrade has failed. A firmwar e upgrade takes approximat ely ten minutes. An error may oc cur if you po wered off the Router , pr essed the Reset button, closed the System Management > Firmw are Upgrade screen, or disconnec ted the computer fro[...]

  • Page 64

    56 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Appendix B: V ir tual P assage SSL VPN Client Over view The Router’ s SSL VPN Portal includes an A ctiveX -based VPN client that pr ovides full network c onnectivity for Windows users. This client, called the Vir tual P assage Client, lets y ou remotely access the Router ?[...]

  • Page 65

    57 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Deselect (remove the checkmark from) Override automatic cookie handling . Internet Explorer > Internet Options > Privacy Click OK . Click OK again. Netscape Communic ator 8.0 or Higher Open Netscape Communicator . Click T ools . Click Options . Click Site Con trols . Cl[...]

  • Page 66

    58 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Login for the SSL VPN P ortal ( Window s OS) F ollow these instructions to log in: Enter the IP address of the Router , https://<W AN IP address of the Router> , in your web browser . Then press the Enter key . A login screen appears. Enter your user name in the User Na[...]

  • Page 67

    59 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B On the Security Warning scr een, click Y es . Click Y es to Install A second S ecurity Warning screen asks you if you want to install XT unnel , the V irtual Passage application. Click Install . Click Install The Hardware Installation screen asks you if you want to continue w[...]

  • Page 68

    60 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Windo ws V ista U sage If you use Windows Vista to establish an SSL VPN connection and do not disable the User Account Control (U AC) f eature , an error message will displa y , indicating that V irtual Passage was not installed. Vista Error Message T o install Virtual Passag[...]

  • Page 69

    61 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B A screen may appear indica ting that the certificate cannot be verified. Linksys has confirmed that the certificate is valid. Click Con tinue . Click to Continue On the W arning screen, click Run . Click Run Enter your passw ord f or OS X. T o install the Virtual Passage Clie[...]

  • Page 70

    62 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Before Y ou Begin (Linux OS) Make sure you have administrative rights on your computer . Then install the freeware , Java Runtime Environmen t ( JRE), on your computer . T o download the freeware , visit Java-related websites. If you do not install JRE, a warning message will[...]

  • Page 71

    63 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B On the W arning screen, click Run . Click Run After the software is installed , you will be notified that the SSL VPN tunnel has been established. SSL VPN T unnel Established T o end the SSL VPN connection, click Disconnect . Remov al of the Virtual Passage Client (Linux OS) [...]

  • Page 72

    64 Bandwidth Management 4-Port SSL/IPSec VPN Router Appendix C Appendix C: Bandwidth Management Over view This appendix explains how to ensure Quality of Ser vice (QoS) on Vonage V oice over Internet Protocol ( V oIP) phone ser vice. This example uses Vonage; howev er , similar instructions will apply to other V oIP services. Creation of Ne w Ser v[...]

  • Page 73

    65 Bandwidth Management 4-Port SSL/IPSec VPN Router Appendix C Creation of Ne w Bandwidth Management Rules Create four new rules: Vonage V oIP (Upstream), Vonage V oIP (Downstream), V onage 2 (Upstream), and Vonage 2 (Downstream). On the Bandwidth Management scr een, select V onage V oIP fr om the Ser vice drop-down menu. Enter the IP address or ra[...]

  • Page 74

    66 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Appendix D: A c tiv e Director y S er ver NO TE: W indows Ser ver 2000 and 2003 support the Active Directory ser ver featur e. T o configure an Active Dir ector y server: Click the Start button of your W indows computer . Click Settings . Click Con trol Panel . Double -click Ad[...]

  • Page 75

    67 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Click Next . W elcome to the Active Directory Installation W izard Click Next . Operating System C ompatibility 9. 10. Select Domain controller for a new domain , and then click Next . Domain Controller T ype Select Domain in a new forest , and then click Next . Create New Doma[...]

  • Page 76

    68 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Enter a domain name, and then click N ext . New Domain Name Enter a domain NetBIOS name, and then click N ext . NetBIOS Domain Name 13. 14. Select the folders that will store the Active Directory database and log. Then click Next . Database and Log F olders Enter a location for[...]

  • Page 77

    69 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Select I will corr ect the problem later by configuring DNS manually (A dvanced) , and then click N ext . DNS Registration Diagnostics Select P ermissions compatible only with W indow s 2000 or Windo ws Ser ver 2003 opera ting systems . Then click Next . Permissions 17. 18. Ent[...]

  • Page 78

    70 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D T r oubleshooting If your users are unable to connect via Active Director y , check the following: The time settings between the Active Director y ser ver and the Router must be synchronized. Kerberos authentication, used by Active Directory to authenticate clients, permits a m[...]

  • Page 79

    71 User f or the Active Direc tor y Ser v er 4-Port SSL/IPSec VPN Router Appendix E Appendix E: U ser for the A ctive Director y S er ver NO TE: W indows Ser ver 2000 and 2003 support the Active Directory ser ver featur e. T o create a user f or Active Directory : Click the Start button of your W indows computer . Click Settings . Click Con trol Pa[...]

  • Page 80

    72 User f or the Active Direc tor y Ser v er 4-Port SSL/IPSec VPN Router Appendix E Click Finish t o create the new user . New Object > User > Summar y 9.[...]

  • Page 81

    73 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Appendix F : Internet A uthen tication Ser vice (IAS) Ser ver NO TE: W indows Ser ver 2000 and 2003 support the IAS server feature. T o install an IAS ser ver: Click the Start button of your W indows computer . Click Add or Remov e Pr ograms . Click Add/Remov [...]

  • Page 82

    74 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Click Next . W elcome to the New Remote Ac cess Policy Wizar d Select Set up a custom polic y , and enter a policy name. Then click Next . Policy Configuration Method 11. 12. T o add a policy, click A dd . Policy Conditions Select Client-IP-Addr ess , and then[...]

  • Page 83

    75 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Make sur e a policy has been added , and then click Next . Policy Conditions Select Grant remote acc ess p ermission , and then click Next . Permissions 16. 17. Click Edit Profile . Profile On the Authentication tab, deselect (remov e the check mark from) Micr[...]

  • Page 84

    76 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F On the Encr yption tab, selec t Basic encryption , Strong encr yption , Str ongest encryption , and No encryption . Click Apply . Encryption Click Finish . Completing the New Remote Acc ess Policy Wizar d Make sure the policy has been added. Click the Start bu[...]

  • Page 85

    77 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Click Next . W elcome to the New Connection Request Policy W izard Select A custom polic y , and enter a policy name . Then click Next . Policy Configuration Method 29. 30. T o add a policy, click A dd . Policy Conditions Select Client-IP-Addr ess , and then c[...]

  • Page 86

    78 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Make sur e a policy has been added , and then click Next . Policy Conditions Click Edit Profile . Request Processing Method 34. 35. On the Authentication tab , select Authentica te request on this server , and then click OK . Authentication Click Finish . Comp[...]

  • Page 87

    79 Lightw eight Direc tor y Access Protocol (LD AP ) Ser ver 4-Port SSL/IPSec VPN Router Appendix G Appendix G: Lightw eight Dir ec tor y A cc ess P r otoc ol (LD AP) Ser ver Access the Rout er ’ s web-based utility. Click the SSL VPN tab . Click the User Management tab . F rom the A uthentication T ype drop- down menu, select LDAP . SSL VPN >[...]

  • Page 88

    80 Deployment in an Existing N etwork 4-Port SSL/IPSec VPN Router Appendix H Appendix H: Deploymen t in an Existing Netw ork Over view If you have a current VPN router in your net work, you can add the 4-Port SSL/IPSec VPN Router (model number: RVL200), so that the SSL clients can access the existing network resources . The two configuration exampl[...]

  • Page 89

    81 Deployment in an Existing N etwork 4-Port SSL/IPSec VPN Router Appendix H W AN-to-L AN Connec tion LAN Corporate Network Branch Office RV082 LAN W AN W AN2 W AN1 RVL200 W AN IP: 192.168.1.2 LAN IP: 192.168.2.1 Remote users with 192.168.1.x Virtual Passage IP can access the headquarters’ corporate network using Virtual Passage via the W AN IP o[...]

  • Page 90

    82 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I Appendix I: Gatew a y-t o -G ate wa y VPN T unnel Over view This appendix explains how to configure an IPSec VPN tunnel bet ween two VPN Routers by example. Tw o computers are used t o test the liveliness of the tunnel . Before Y ou Begin The follo wing is a list of equ[...]

  • Page 91

    83 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I In the IPS ec Setup sec tion, select the appropriate encr yption, authentication, and other key management settings. In the Preshared Key field, enter a string f or this key , for example, 13572468. RVL200 IPSec Setup S ettings If you need mor e detailed settings , clic[...]

  • Page 92

    84 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I Configuration when the R emote Gate wa y Uses a Dynamic IP Address This example assumes the Remote Gateway is using a dynamic IP address. If the R emote G ateway uses a static IP address, ref er to “Configuration when the Remote Gateway Uses a Sta tic IP Address . ”[...]

  • Page 93

    85 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I The W AN IP address (B.B .B.B) of the R V082 will be automatically detected. F or the L ocal S ecurity Group T ype, select Subnet . Ent er the RV082’ s local net work settings in the IP Address and Subnet Mask fields. RV082 VPN Settings F or the Remote Security Gatewa[...]

  • Page 94

    86 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I RVL200 IPSec VPN Settings F or the Remote S ecurity Gateway T ype, select IP by DNS Resolved . Enter the RV082’ s domain name in the field provided . F or the Remote Securit y Group T ype , select Subnet . Enter the RV082’ s local net work settings in the IP Address[...]

  • Page 95

    87 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J Appendix J: IPSec NA T T ra v ersal Over view Network A ddress T ranslation (NA T ) traversal is a technique developed so that data protected by IPSec can pass through a NA T . (See NA T 1 and NA T 2 in the diag ram.) Since IPSec provides integrity for the entire IP datagram, any chan[...]

  • Page 96

    88 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J The W AN IP address of R outer A will be automatically detected. F or the L ocal S ecurity Group T ype, select Subnet . Ent er Router A ’ s local net work settings in the IP Address and Subnet Mask fields. Router A ’ s IPSec VPN Settings F or the Remote Security Gateway Type , sel[...]

  • Page 97

    89 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J Configuration of the One-to- O ne NA T Rules The one -to- one NA T rules must be configured on NA T 2 - RV042 and NA T 1 - R VO42. One -to-O ne NA T Rule on NA T 2 - RV042 192.168.99.1 => 192.168.111.11 Refer to the documentation of the 10/100 4-Port VPN Router (model number: RV042[...]

  • Page 98

    90 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J F or the Remote Securit y Group T ype , select Subnet . Enter Router A ’ s local network settings in the IP Addr ess and Subnet Mask fields. In the IPS ec Setup sec tion, select the appropriate encr yption, authentication, and other key management settings. In the Preshared Key fiel[...]

  • Page 99

    91 Configuration of Multiple Subnets 4-Port SSL/IPSec VPN Router Appendix K Appendix K: C onfigur ation of Multiple Subnets Over view The 4-P ort SSL/IPSec VPN Router (model number: RVL200) can suppor t multiple subnets. The configuration example shows an RVL200 deploying two routers . Any router can be deployed; however , this example uses the Lin[...]

  • Page 100

    92 Configuration of Multiple Subnets 4-Port SSL/IPSec VPN Router Appendix K Setup > Network In the LAN Setting sec tion, select Multiple Subnet . Click Add/Edit . A new scr een appears. Create a Subnet In the LAN IP Address field, enter 192.168.7.0 . In the Subnet Mask field, enter 255.255.255.0 . T o create the first subnet, click A dd to list [...]

  • Page 101

    93 Configuration of Multiple Subnets 4-Port SSL/IPSec VPN Router Appendix K Enter 192.168.1.2 in the Default Gateway field . Enter 1 in the Hop Count field . Select W AN1 from the Interface dr op- down menu. T o create the static r oute, click A dd to list . Click Save Settings . Click the Fir ewall tab . F or the F irewall setting , select Disable[...]

  • Page 102

    94 Multiple VLANs with Computers 4-Port SSL/IPSec VPN Router Appendix L Port 4: T runk ing Port RVL200 192.168.4.x Default VLAN1 VLAN2 VLAN3 VLAN4 192.168.3.x 192.168.2.x SRW2048 RVL200 with Multiple VLANs Using C omputers RVL200 Configuration Physically connect Ethernet por t 4 on the R VL200 to a trunking por t on the SR W2048. Access the web-bas[...]

  • Page 103

    95 Multiple VLANs with Computers 4-Port SSL/IPSec VPN Router Appendix L Select Enable VLAN . Enter 2 in the VLAN ID field. T o create VLAN2, click Add VLAN . Enter 3 in the VLAN ID field. T o create VLAN3, click Add VLAN . Enter 4 in the VLAN ID field. T o create VLAN4, click Add VLAN . Click the Port Setting tab. Port Management > Port Setting [...]

  • Page 104

    96 Multiple VLANs and S ubnets 4-Port SSL/IPSec VPN Router Appendix M Appendix M: Multiple VLANs and Subnets Over view The 4-P ort SSL/IPSec VPN Router (model number: RVL200) can suppor t multiple Virtual Local Area Networks ( VLANs) used with multiple subnets. The configuration example shows an R VL200 deploying two routers and one Layer 2 managed[...]

  • Page 105

    97 Multiple VLANs and S ubnets 4-Port SSL/IPSec VPN Router Appendix M Subnet Mask Selec t 255.255.255.0 . Range Start Enter 100 . Range End Enter 149 . F or VLAN3, complet e the following: IP A ddress Enter 192.168.3.1 . ( This is the default, which you can ov erwr ite.) Subnet Mask Selec t 255.255.255.0 . Range Start Enter 100 . Range End Enter 14[...]

  • Page 106

    98 Access of Multiple VLANs ov er a SSL VPN T unnel 4-Port SSL/IPSec VPN Router Appendix N Appendix N: A cc ess of Multiple VL ANs ov er a SSL VPN T unnel Over view The 4-P ort SSL/IPSec VPN Router (model number: RVL200) can allow a computer on the Internet to communicate with a local computer , even though they belong to different Virtual Local Ar[...]

  • Page 107

    99 Firm ware Upgrade 4-Port SSL/IPSec VPN Router Appendix O Appendix O: F irm ware Upgrade Over view This appendix explains how to upgrade the firmwar e of the Router . Before Y ou Begin If you are using Internet Explorer on Window s XP , disable the pop-up block ing function before you upg rade the Router ’ s firmware. ( This avoids a firmware u[...]

  • Page 108

    100 Firm ware Upgrade 4-Port SSL/IPSec VPN Router Appendix O When you or another user logs out, a W arning screen will appear . It will ask you to confirm that you want to delete the Histor y Item for the Router . Click Y es . Click Y es to Delete History Upgrade the Firm ware In the Router ’ s web-based utility , click the Sy stem Management tab[...]

  • Page 109

    101 Batt er y Replacement 4-Port SSL/IPSec VPN Router Appendix P Appendix P : Battery Replacement Over view The R outer has a lithium batter y , type CR2032, on its main circuit board. This battery has an operating life of approxima tely 1 to 2 years . When the battery loses its charge, the Router cannot update its time setting unless it is connect[...]

  • Page 110

    102 Specific ations 4-Port SSL/IPSec VPN Router Appendix Q Appendix Q: Specifications Specications Model RVL200 Standards IEEE 802.3, IEEE 802.3u, IEEE 802.1q, IEEE 802.1p, RFC791 (IP Protocol) Ports Ethernet, Power Button Reset Cabling Type UTP CAT 5 LEDs Power, Diag, Internet, Ethernet 1-4 Operating System Linux Performance NAT Throughput Wire[...]

  • Page 111

    103 4-Port SSL/IPSec VPN Router Appendix R Warranty Inf ormation Appendix R: W arranty Informa tion Limited W arranty Linksys warrants to Y ou that, for a period of one year (the " W arranty Period"), your Linksys Product will be substantially fr ee of defects in materials and w orkmanship under normal use. Y our exclusiv e remedy and Lin[...]

  • Page 112

    104 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Appendix S: Regulat or y Information FCC Sta tement This produc t has been tested and complies with the specifications for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful inter ference in a [...]

  • Page 113

    105 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S User Inf ormation f or Consumer Products Cov ered b y EU Directive 2002/96/EC on W aste Electric and Elec tronic Equipment ( WEEE) This document contains important information for users with regards to the proper disposal and recycling of Linksys products. Consumers are required t[...]

  • Page 114

    106 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Eesti (E stonian) - K eskkonnaalane informatsioon Euroopa Liidus asuva tele klientidele Euroopa Liidu direktiivi 2002/96/EÜ nõuete kohaselt on seadmeid, millel on tootel või pakendil käesolev sümbol , keelatud kõr valdada koos sorteerimata olmejäätmetega. See sümbol näit[...]

  • Page 115

    107 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Lietuvškai (Lithuanian) - Aplink osaugos informacija, skir ta Europos Sąjungos vartotojams Europos dir ektyva 2002/96/EC numato , kad įrangos, kuri ir kurios pakuotė yra pažymėta šiuo simboliu (įvesk ite simbolį), negalima šalinti kar tu su nerūšiuotomis komunalinėmis[...]

  • Page 116

    108 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Português (P ortuguese) - Informação ambiental para clientes da União Eur opeia A Directiva Europeia 2002/96/CE exige que o equipamento que exibe este símbolo no produto e/ou na sua embalagem não seja eliminado junto com os resíduos municipais não separados. O símbolo ind[...]

  • Page 117

    109 Contac t Informa tion 4-Port SSL/IPSec VPN Router Appendix T Appendix T : C ontact Information Linksys C ontact Information W ebsite http://www .linksys.com FTP Site ftp.linksys .com Advice Line 800-546-5797 (LINKSYS) Support 800-326-7114 RMA (Return M erchandise Authorization) 949-823-3000 F ax 949-823-3002 NO TE: Details on warranty and RMA i[...]