Cisco RV042 User Guide - Page 51

Chapter 4

Advanced Configuration

44

10/100 4-Port VPN Router

NOTE:

The Local Security Group Type you select

should match the Remote Security Group Type

selected on the remote computer at the other

end of the tunnel.

After you have selected the Local Security Group Type, the

settings available on this screen may change, depending

on which selection you have made.

IP

Only the computer with a specific IP address will be able

to access the tunnel.

Local Security Group Type > IP

IP address

Enter the appropriate IP address. The default

IP is

192.168.1.0

.

Subnet

The default is

Subnet

. All computers on the local subnet

will be able to access the tunnel.

Local Security Group Type > Subnet

IP

address

Enter

the

IP

address.

The

default

is

192.168.1.0

.

Subnet Mask

Enter the subnet mask. The default is

255.255.255.0

.

IP Range

Specify a range of IP addresses within a subnet that will be

able to access the tunnel.

Local Security Group Type > IP Range

IP range

Enter the range of IP addresses. The default is

192.168.1.0~254

.

Remote Client Setup

Remote Client

Select the type you want to use:

Domain Name(FQDN)

,

E-mail Addr.(USER FQDN)

, or

Microsoft XP/2000 VPN

Client

. Follow the instructions for the type you want to

use.

Domain Name(FQDN)

The default is

Domain Name(FQDN)

.

Remote Client > Domain Name(FQDN)

Domain Name

Enter the Fully Qualified Domain Name

(FQDN), which is the host name and domain name for

a specific computer on the Internet. When the remote

computer requests to create a tunnel with the Router, the

Router will work as a responder.

E-mail Address(UserFQDN)

Remote Client > E-mail Address(UserFQDN)

E-mail address

Enter the e-mail address of the user

FQDN.

Microsoft XP/2000 VPN Client

Dynamic IP users, such as PPPoE or DHCP users, who use

the Microsoft VPN client software, can use this option.

(The Microsoft VPN client software does not support

Aggressive mode and FQDN or User FQDN ID options.)

Remote Client > Microsoft XP/2000 VPN Client

IPSec Setup

In order for any encryption to occur, the two ends of a

VPN tunnel must agree on the methods of encryption,

decryption, and authentication. This is done by sharing

a key to the encryption code. For key management, the

default mode is

IKE with Preshared Key

.

Keying Mode

Select


or

Manual

.

Both ends of a VPN tunnel must use the same mode of

key management. After you have selected the mode, the

settings available on this screen may change, depending

on the selection you have made. Follow the instructions

for the mode you want to use. (Manual mode is available

for VPN tunnels only, not group VPNs.)


IKE is an Internet Key Exchange protocol used to negotiate

key material for Security Association (SA). IKE uses the

Preshared Key to authenticate the remote IKE peer.

Phase 1 DH Group

Phase 1 is used to create the SA. DH

(Diffie-Hellman) is a key exchange protocol used during

Phase 1 of the authentication process to establish pre-

Section	Page
Chapter 1: Introduction	8
Introduction to the Router	8
Introduction to VPNs	8
VPN Examples	8
VPN Router to VPN Router	8
Computer (using VPN client software) to VPN Router	9
Chapter 2: Product Overview	10
Front Panel	10
Back Panel	10
Right Side Panel	10
Left Side Panel	10
Chapter 3: Installation	11
Physical Installation	11
Horizontal Placement	11
Wall-Mounting Placement	11
Cable Connections	11
Chapter 4: Advanced Configuration	13
Overview	13
How to Access the Web-Based Utility	13
System Summary	13
System Information	14
Configuration	14
Port Statistics	14
Network Setting Status	15
Firewall Setting Status	15
VPN Setting Status	15
Log Setting Status	15
Setup Tab > Network	16
Network	16
Setup > Password	19
Password	20
Setup > Time	20
Time	20
Setup > DMZ Host	20
DMZ Host	20
Setup Tab > Forwarding	21
Forwarding	21
Setup > UPnP	22
UPnP	22
Setup > One-to-One NAT	23
One-to-One NAT	23
Setup > MAC Clone	23
MAC Clone	24
Setup > DDNS	24
DDNS	24
Setup > Advanced Routing	25
Advanced Routing	25
DHCP > Setup	26
Setup	27
DHCP > Status	28
Status	28
System Management Tab > Dual-WAN	28
Dual-WAN	28
System Management > Bandwidth Management	30
Bandwidth Management	31
System Management > SNMP	32
System Management > Diagnostic	33
Diagnostic	33
System Management > Factory Default	34
Factory Default	34
System Management > Firmware Upgrade	34
Firmware Upgrade	34
Restart	35
System Management > Setting Backup	35
Import Configuration File	35
Export Configuration File	35
Port Management > Port Setup	35
Basic Per Port Config.	35
Port Management > Port Status	36
Port Status	36
Firewall > General	36
General	36
Firewall > Access Rules	37
Access Rules	38
Add a New Access Rule	38
Firewall > Content Filter	39
Content Filter	40
ProtectLink	40
VPN > Summary	40
Summary	40
VPN > Gateway to Gateway	42
Add a New Tunnel	42
IPSec Setup	45
VPN > Client to Gateway	47
Add a New Tunnel	48
IPSec Setup	51
VPN > VPN Client Access	53
VPN Client Access	54
VPN > VPN Pass Through	54
VPN Pass Through	55
VPN > PPTP Server	55
PPTP Server	55
Connection List	55
Log > System Log	55
System Log	56
Log > System Statistics	57
Wizard	58
Basic Setup	58
Access Rule Setup	61
Support	63
Manual	63
Linksys Web Site	63
Logout	63
Appendix A: Troubleshooting	64
Appendix B: Linksys QuickVPN for Windows 2000, XP, or Vista	65
Introduction	65
Computer (using VPN client software) to VPN Router	65
Linksys QuickVPN Instructions	65
Router Configuration	65
Export a Client Certificate from the Router	65
Add VPN Client Users	66
Linksys QuickVPN Client Installation and Configuration	66
Install from the CD-ROM	66
Download from the Internet	67
Install the Client Certificate	67
Use of the Linksys QuickVPN Software	67
Linksys QuickVPN Connection	67
Version Number of Linksys QuickVPN	68
Appendix C: Gateway-to-Gateway VPN Tunnel	69
Overview	69
Before You Begin	69
Configuration when the Remote Gateway Uses a Static IP Address	69
Configuration of the RVL200	69
Configuration of the RV042	70
Configuration of PC 1 and PC 2	70
Configuration when the Remote Gateway Uses a Dynamic IP Address	71
Configuration of the RVL200	71
Configuration of the RV042	71
Configuration of PC 1 and PC 2	72
Configuration when Both Gateways Use Dynamic IP Addresses	72
Configuration of the RVL200	72
Configuration of the RV042	73
Configuration of PC 1 and PC 2	73
Appendix D: IPSec NAT Traversal	74
Overview	74
Before You Begin	74
Configuration of Scenario 1	74
Configuration of Router A	74
Configuration of Router B	75
Configuration of Scenario 2	76
Configuration of the One-to-One NAT Rules	76
Configuration of Router B	77
Configuration of Router A	77
Appendix E: Bandwidth Management	79
Overview	79
Creation of New Services	79
Creation of New Bandwidth Management Rules	80
Appendix F: Firmware Upgrade	81
Overview	81
How to Access the Web-Based Utility	81
Upgrade the Firmware	81
Alternative Firmware Upgrade Option	81
Appendix G: Trend Micro ProtectLink Gateway Service	83
Overview	83
How to Access the Web-Based Utility	83
How to Purchase, Register, or Activate the Service	83
System Summary	83
ProtectLink	84
How to Use the Service	84
ProtectLink > Web Protection	85
ProtectLink > Email Protection	86
ProtectLink > License	86
Appendix H: Specifications	88
Appendix I: Warranty Information	89
Exclusions and Limitations	89
Obtaining Warranty Service	89
Technical Support	90
Appendix J: Software License Agreement	91
Software in Linksys Products:	91
Software Licenses:	91
Schedule 1	91
Linksys Software License Agreement	91
END OF SCHEDULE 1	92
Schedule 2	92
GNU GENERAL PUBLIC LICENSE	92
END OF SCHEDULE 2	95
Schedule 3	95
OpenSSL License	96
Original SSLeay License	96
END OF SCHEDULE 3	97
Appendix K: Regulatory Information	98
FCC Statement	98
Safety Notices	98
Industry Canada Statement	98
Avis d’Industrie Canada	98
User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste Electric and Electronic Equipment (WEEE)	99

Cisco RV042 User Guide - Page 51

IPSec Setup, Remote Client

Page 51 highlights