Cisco Systems RVL200 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Cisco Systems RVL200. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Cisco Systems RVL200 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Cisco Systems RVL200 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Cisco Systems RVL200, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Cisco Systems RVL200 debe contener:
- información acerca de las especificaciones técnicas del dispositivo Cisco Systems RVL200
- nombre de fabricante y año de fabricación del dispositivo Cisco Systems RVL200
- condiciones de uso, configuración y mantenimiento del dispositivo Cisco Systems RVL200
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Cisco Systems RVL200 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Cisco Systems RVL200 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Cisco Systems en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Cisco Systems RVL200, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Cisco Systems RVL200, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Cisco Systems RVL200. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    USER GUIDE BUSINESS SERIES 4-P or t SSL/IPSec VPN Router Model: RVL200[...]

  • Página 2

    ii About This Guide 4-Port SSL/IPSec VPN Router About T his Guide Icon Descriptions While reading through the User Guide you may see various icons that call attention to specific items. Below is a description of these icons: NO TE: This check mark indicates that there is a not e of in terest and is something that you should pay special attention to[...]

  • Página 3

    i T able of Contents 4-Port SSL/IPSec VPN Router Chapter 1: Introduction 1 Introduction to the Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction to Virtual Private Netw orks ( VPNs) . . . . . . . . . . . . . . . . . . . . . . . . . . 1 VPN Router to VPN Router . . . . . . . . . . . . . . . . . . .[...]

  • Página 4

    ii T able of Contents 4-Port SSL/IPSec VPN Router Setup > One -to- One NA T. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 One -to-One NA T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Setup > MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 5

    iii T able of Contents 4-Port SSL/IPSec VPN Router QoS > QoS Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 QoS Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 QoS > Queue Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 6

    iv T able of Contents 4-Port SSL/IPSec VPN Router Wizar d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Basic Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Access Rule Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 7

    v T able of Contents 4-Port SSL/IPSec VPN Router Appendix H: Deployment in an Existing Netw ork 80 Over view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 LAN-to-LAN Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 W AN-to -LAN Connection. . . [...]

  • Página 8

    vi T able of Contents 4-Port SSL/IPSec VPN Router Appendix M: Multiple VLANs and Subnets 96 Over view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 RVL200 Conguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Basic Instructions . . . . . . . [...]

  • Página 9

    1 Introduc tion 4-Port SSL/IPSec VPN Router Chapter 1 Chapter 1: Introduction Introduction to the Router Thank you f or choosing the Linksys 4-P ort SSL/IPSec VPN Router . The R outer is an advanced I nternet-sharing network solution for your small business needs. Like any router , it lets multiple computers in your office share an Internet connec [...]

  • Página 10

    2 Introduc tion 4-Port SSL/IPSec VPN Router Chapter 1 Internet Central Office Home VPN Router VPN Router VPN Router to VPN Router Computer (using SSL VPN client software) to VPN Router The follo wing is an example of a comput er-to-VPN Router VPN. I n her hotel room, a traveling businesswoman connects to her I nternet Ser vice Pro vider (ISP). Her [...]

  • Página 11

    3 Produc t Over view 4-Port SSL/IPSec VPN Router Chapter 2 Chapter 2: Pr oduc t Over view Front P anel Po wer (Green) The Po wer LED lights up green and stays on while the Router is pow ered on. Diag (Orange) The Diag LED lights up when the Router is not ready for use. During a warm reset, it flashes slowly . During a reset to fac tory defaults, it[...]

  • Página 12

    4 Installation 4-Port SSL/IPSec VPN Router Chapter 3 Chapter 3: Installation Physical Installation There ar e three wa ys to place the Router . The first wa y is to place it hor izontally on a surface, so it sits on its four rubber feet. The second way is to stand the R outer vertically on a sur face. The third way is to mount it on a w all. Horizo[...]

  • Página 13

    5 Installation 4-Port SSL/IPSec VPN Router Chapter 3 Cable Connec tion T o connect network devices to the R outer , follow these instructions: Before you begin, make sure that all of your hardware is pow ered off, including the R outer , computers, switches, and cable or DSL modem. Connect your cable or DSL modem’ s Ethernet cable to the Router ?[...]

  • Página 14

    Chapter 4 Advanced Configura tion 6 4-Port SSL/IPSec VPN Router Chapter 4: A dvanc ed C onfigur a tion Over view F or your convenience , use the Router ’ s web-based utility to set it up and configure it. T his chapter will explain all of the functions in this utility. These are the main tabs of the utility : System Summar y , Setup, DHCP , Syste[...]

  • Página 15

    Chapter 4 Advanced Configura tion 7 4-Port SSL/IPSec VPN Router Select Allow cookies . Select Enable JavaScript . Click Advanc ed . Select Enable ActiveX . Netscape Communicator > Options > Site C ontrols > W eb F eatur es Click OK . Under Options, click A dvanced . Click Security . Select Use SSL 2.0 and Use SSL 3.0 . Netscape Communicato[...]

  • Página 16

    Chapter 4 Advanced Configura tion 8 4-Port SSL/IPSec VPN Router Click to Install the W eb Cache Cleaner On the Security Warning scr een, click Y es . Click Y es to Install The W eb Cache Cleaner will be installed in C: WINDOWSDownloaded Progr am Files. P roceed to the rest of this chapter f or inf ormation about the web- based utility . When you[...]

  • Página 17

    Chapter 4 Advanced Configura tion 9 4-Port SSL/IPSec VPN Router Sy stem Up Time This is the length of time in da ys, hours , and minutes that the Router has been ac tive. The cur rent time and date are also displa yed. P ort S tatistics Click any por t on the Router ’ s rear panel image to see the status of the selected por t. If the port is disa[...]

  • Página 18

    Chapter 4 Advanced Configura tion 10 4-Port SSL/IPSec VPN Router If you have not set up the e-mail server on the Log tab, the message, “E-mail cannot be sent because you have not specified an outbound SMTP server address, ” will be displayed . If you hav e set up the mail ser ver but the log has not been generated due to the Log Queue Length an[...]

  • Página 19

    Chapter 4 Advanced Configura tion 11 4-Port SSL/IPSec VPN Router subscribers use this connection type.) Y our ISP assigns these values. Obtain an IP Automatically DNS Ser ver (Required) 1/2 If y ou selec t Use the F ollowing DNS Ser ver Addresses , enter your DNS ser ver IP addr ess(es) (enter at least one). Multiple DNS ser ver IP settings are com[...]

  • Página 20

    Chapter 4 Advanced Configura tion 12 4-Port SSL/IPSec VPN Router Keep Alive: Inter val If you select the Keep Alive option, the Router will send keep-alive packets as of ten as you specify . The default Inter val is 30 seconds. Keep Alive: Retr y T imes I f you selec t the Keep Alive option, the Router will send keep-alive packets as many times as [...]

  • Página 21

    Chapter 4 Advanced Configura tion 13 4-Port SSL/IPSec VPN Router Setup > Passwor d Passw ord The User Name is admin; it cannot be changed. Old Passwor d Enter the old password . The default is admin when you first pow er up the Router . New Password Enter a new password for the Router . Y our password must have 20 or fewer characters and cannot [...]

  • Página 22

    Chapter 4 Advanced Configura tion 14 4-Port SSL/IPSec VPN Router Click Save Settings to save your change, or click Cancel Changes to undo it. Setup T ab > F or warding The Forwarding screen allows you to set up port range forwarding and por t triggering applications. Port range forwarding can be used to set up public ser vices or other specializ[...]

  • Página 23

    Chapter 4 Advanced Configura tion 15 4-Port SSL/IPSec VPN Router Some I nternet applications or games use alternate por ts to communicate between the server and LAN host. When you want to use these applications, enter the triggering (outgoing) por t and alternate incoming port in the P or t T riggering table. Then the Router will for ward the incom[...]

  • Página 24

    Chapter 4 Advanced Configura tion 16 4-Port SSL/IPSec VPN Router UPnP F orwarding T able List Click Refresh to update the on-screen information. Click Close to exit this screen and r eturn to the UPnP scr een. On the UPnP screen, click Save Settings to save your changes, or click Canc el Changes to undo them. Setup > O ne-to - One NA T One -to-O[...]

  • Página 25

    Chapter 4 Advanced Configura tion 17 4-Port SSL/IPSec VPN Router Setup > MAC Clone MAC Clone User Defined W AN MA C Address T o manually clone a MA C address, selec t User Defined W AN MA C Address , and then enter the 12 digits of your adapter ’ s MAC address. MA C Address from this PC T o clone the MAC address of the computer you are current[...]

  • Página 26

    Chapter 4 Advanced Configura tion 18 4-Port SSL/IPSec VPN Router other rout ers on the network. It determines the r oute tha t the net work packets take based on the fewest number of hops between the source and the destination. W orking Mode S elect Gateway mode if the Router is hosting your network ’ s connection to the Internet. Select Router m[...]

  • Página 27

    Chapter 4 Advanced Configura tion 19 4-Port SSL/IPSec VPN Router DHCP > Setup Setup Enable DHCP Server T o use the Router as your network’ s DHCP server , selec t Enable DHCP S erver . If you already have a DHCP server on your net work, remove the check mark. Dynamic IP Client Lease T ime The Client Lease Time is the amount of time a net work [...]

  • Página 28

    Chapter 4 Advanced Configura tion 20 4-Port SSL/IPSec VPN Router NO TE: T o support NetBIOS f or DHCP and Vir tual P assage clients, the Router uses two methods. ( Vir tual Passage is an ActiveX -based VPN client that provides full net work connectivity for Window s users. I t allows remote access to the Router ’ s network through a secure c onne[...]

  • Página 29

    Chapter 4 Advanced Configura tion 21 4-Port SSL/IPSec VPN Router to configure the Device IP Address and Subnet Mask settings.) Subnet1-4 The subnet numbers are created according to the VLAN numbers. ( The multiple subnets can also be configured on the Setup > Network screen.) IP Address Enter an IP address. Subnet Mask Selec t the appropriate su[...]

  • Página 30

    Chapter 4 Advanced Configura tion 22 4-Port SSL/IPSec VPN Router System Management > Diagnostic > P ing Ping host or IP addr ess Enter the IP address of the device being pinged, and click Go . The test will take a few seconds to complete. When completed, the Router will display the results at the bottom of the screen. The results include this[...]

  • Página 31

    Chapter 4 Advanced Configura tion 23 4-Port SSL/IPSec VPN Router from the Restart screen, then the Router will send out y our log file before it is r eset. System Management > Restart Restart Restart Router Click Restar t Router to restart the Router . Syst em Management > Setting Backup This screen allows you to make a backup file of your pr[...]

  • Página 32

    Chapter 4 Advanced Configura tion 24 4-Port SSL/IPSec VPN Router System Management > IGMP Snooping Enable IGMP Snooping S elect this option to use IGMP Snooping. Timeout Enter the time inter val during which IGMP broadcast packets from the IGMP ser ver are sent to the IGMP clients behind a specific por t of the Router . I f the time interval has[...]

  • Página 33

    Chapter 4 Advanced Configura tion 25 4-Port SSL/IPSec VPN Router Port Receiv e P acket Count The number of packets receiv ed is displayed . Port Receiv e Packet Byte Count The number of packet bytes rec eived is display ed. Port T r ansmit Packet Count The number of packets transmitted is display ed. Port T ransmit P ack et Byte C ount The number o[...]

  • Página 34

    Chapter 4 Advanced Configura tion 26 4-Port SSL/IPSec VPN Router Port Management > VLAN Membership VLAN Membership VLAN ID Select the VLAN ID number tha t you c onfigured on the Create VLAN screen. Description Enter the VLAN group name. Y ou can use up to 50 characters. F or the default VLAN 1, all ports will be set t o Acc ess mode and all fram[...]

  • Página 35

    Chapter 4 Advanced Configura tion 27 4-Port SSL/IPSec VPN Router Rate C ontrol Service Selec t the Ser vice you want. If the Ser vice y ou need is not list ed in the menu, click Service Management to add the new ser vice. The Service Management screen appears. Service Management Service Name Enter a name. Protoc ol Select the protocol it uses. Port[...]

  • Página 36

    Chapter 4 Advanced Configura tion 28 4-Port SSL/IPSec VPN Router Service Management Service Name Enter a name. Protoc ol Select the protocol it uses. Port Range Enter its range. Click Add to List . Click Save S ettings to save your changes, or click C ancel Changes to undo them. Click Exit to return to the Bandwidth Management screen. If you want t[...]

  • Página 37

    Chapter 4 Advanced Configura tion 29 4-Port SSL/IPSec VPN Router None If the None option is selec ted, then the Router prioritizes each packet based on the required level of service for its four LAN por ts, using four priority queues with stric t or W eighted Round Robin ( WWR) queuing. Y ou can use these functions to assign independent priorities [...]

  • Página 38

    Chapter 4 Advanced Configura tion 30 4-Port SSL/IPSec VPN Router based QoS in Layer 3, the Router can use the prior ity bits in the Type of Service ( T oS) octet to pr ioritize traffic. If priority bits are used, the T oS oc tet may con tain three bits for IP P recedence or six bits f or DSCP service. QoS > DSCP Settings DSCP Settings DSCP to Qu[...]

  • Página 39

    Chapter 4 Advanced Configura tion 31 4-Port SSL/IPSec VPN Router NO TE: SSL VPN has higher priority than P ort F orwarding when HT TPS is enabled. HTTP T o allow HT TP connections for remote management, select Enable . O therwise, select Disable . Then enter the port number you want to use for remote management (port 80 or 8080 is usually used). Mu[...]

  • Página 40

    Chapter 4 Advanced Configura tion 32 4-Port SSL/IPSec VPN Router Time The time inter val to which the access rule applies is displayed . Day The days to which the access rule applies is displayed . Click Edit to edit an access rule, and click the T rash Can icon to delete an ac cess rule. If the Access Rules table has multiple pages, select a diffe[...]

  • Página 41

    Chapter 4 Advanced Configura tion 33 4-Port SSL/IPSec VPN Router Source S elect the Sourc e IP address(es) for the access rule. If it can be any IP address, select Any . If it is one IP address, select Single and enter the IP address . I f it is a range of IP addresses, select Range , and enter the star ting and ending IP addresses in the A ddr . R[...]

  • Página 42

    Chapter 4 Advanced Configura tion 34 4-Port SSL/IPSec VPN Router Group Name Enter a name for the new g roup . Show unknown IP/MAC addresses I f you do not k now a computer’ s IP or M AC address, click Sho w unknown IP/MA C addresses . The Unk nown MAC Address List appears. Unknown IP Address List IP Address Select this option to view all LAN IP a[...]

  • Página 43

    Chapter 4 Advanced Configura tion 35 4-Port SSL/IPSec VPN Router Summar y T unnel Used The number of VPN tunnels being used is displayed . T unnel A vailable The number of available VPN tunnels is displayed . T unnel Sta tus Add New T unnel Click Add New T unnel to add a Gateway-to-Gateway tunnel. The Mo de Cho ose screen appears. Mode Choose Click[...]

  • Página 44

    Chapter 4 Advanced Configura tion 36 4-Port SSL/IPSec VPN Router FQDN) A uthentication , Dynamic IP + Domain Name(FQDN) Authentication , or Dynamic IP + E- mail A ddr .(USER FQDN) Authentication . F ollow the instructions for the type you want to use . NO TE: T he Local Security G ateway T ype you select should match the Remote S ecurity Gateway Ty[...]

  • Página 45

    Chapter 4 Advanced Configura tion 37 4-Port SSL/IPSec VPN Router NO TE: The Remote S ecurity Gateway T ype you select should match the L ocal Security Gateway T ype selec ted on the VPN device at the other end of the tunnel. IP Only The default is IP Only . Only the computer with a specific IP address will be able to access the tunnel. Selec t IP a[...]

  • Página 46

    Chapter 4 Advanced Configura tion 38 4-Port SSL/IPSec VPN Router Subnet The default is Subnet . All computers on the remote subnet will be able to access the tunnel . IP address Enter the IP address. Subnet Mask Enter the subnet mask . The default is 255.255.255.0 . IP Range Specify a range of IP addresses within a subnet that will be able to acces[...]

  • Página 47

    Chapter 4 Advanced Configura tion 39 4-Port SSL/IPSec VPN Router Manual Incoming and Outgoing SPI (Security Par ameter Index) SPI is carried in the ESP (Encapsulating S ecurity P ayload Protocol) header and enables the r eceiver and sender to select the SA, under which a packet should be processed . Hexadecimal values is acceptable, and the valid r[...]

  • Página 48

    Chapter 4 Advanced Configura tion 40 4-Port SSL/IPSec VPN Router the Router will disconnect the tunnel so the connection can be re - established. Specify the inter val between HELL O/A CK messages (how often you want the messages to be sent). DPD is enabled by default, and the default interval is 10 seconds. Click Save Settings to save your changes[...]

  • Página 49

    Chapter 4 Advanced Configura tion 41 4-Port SSL/IPSec VPN Router Generate New Certificate Click this option to generate a new certificate. It will replace the Router ’ s existing certificate. Export C ertific ate f or Administr ation The c ertificate f or administration holds the privat e key and should be st ored in a safe place as a backup . Se[...]

  • Página 50

    Chapter 4 Advanced Configura tion 42 4-Port SSL/IPSec VPN Router NO TE: I f your users are unable to connect via Active Directory , verify the follo wing: The time settings between the Active Directory ser ver and the Router must be synchronized . Kerberos authentication, used by Active Director y to authenticate clients, permits a maximum of a 15-[...]

  • Página 51

    Chapter 4 Advanced Configura tion 43 4-Port SSL/IPSec VPN Router SSL VPN > Virtual Passage Virtual Passage Client Addr ess Range Define the range of IP addresses to assign to incoming Virtual Passage clients. The default is 192.168.1.200 to 192.168.1.210 . The Router can suppor t up to five concurrent active users. Range Star t Enter the star ti[...]

  • Página 52

    Chapter 4 Advanced Configura tion 44 4-Port SSL/IPSec VPN Router SNMP > V iews Configure this screen to allow or deny access to SNMP featur es. SNMP > Views View s Vie w T able V iew Name Selec t the appropriate view name. There are two default views: Default This displays the default SNMP views for read and read/write views , including the f[...]

  • Página 53

    Chapter 4 Advanced Configura tion 45 4-Port SSL/IPSec VPN Router Security Model Select the v ersion of SNMP the group uses: SNMPv1 , SNMPv2 , or SNMPv3 . Security Level This option is available if SNMPv3 is selected f or the Security M odel. Selec t No Authen tication if no authentication or privac y security levels are specified. Select Authentica[...]

  • Página 54

    Chapter 4 Advanced Configura tion 46 4-Port SSL/IPSec VPN Router Select how you want to define the access control of this community . Basic Ac cess Mo de This allows both v1 and v2c operation requests. Selec t Read Only if you want the user to have read-only access to the parameters of the MIB tree with respect to the view name. Select Read W rite [...]

  • Página 55

    Chapter 4 Advanced Configura tion 47 4-Port SSL/IPSec VPN Router SNMPv3 Select this option if you want to use SNMPv3. Then configure the f ollowing: User Name Enter the name of the user who receives SNMP notifications. Security Level Selec t No Authentication if no authentication or privacy security levels are specified. Select Authentication if SN[...]

  • Página 56

    Chapter 4 Advanced Configura tion 48 4-Port SSL/IPSec VPN Router e -mailed at the same time. The default is S everity0_ Emergency . Click E-mail Log Now to immediately send the log to the address in the Send E-mail to field. Log Setting Alert Log Syn F looding Selec t this option if y ou want Syn F looding events to trigger an alert. IP Spoofing Se[...]

  • Página 57

    Chapter 4 Advanced Configura tion 49 4-Port SSL/IPSec VPN Router Log > Syst em Statistics Click Refresh to update the sta tistics. Wizard Use this tab to access two Setup Wizards , the Basic Setup Wizar d and the Access Rule Setup Wizar d. Run the Basic Setup Wizar d to set up the Router for your Internet connection(s). Run the A ccess Rule Setu[...]

  • Página 58

    Chapter 4 Advanced Configura tion 50 4-Port SSL/IPSec VPN Router Depending on which connection type you have selected, the appropriate screen will appear . F ollow the instructions for the appropriate connection type: Obtain an IP automatically If you want t o use the ISP’ s DNS ser ver , select Use DNS Ser ver provided by ISP (default). I f you [...]

  • Página 59

    Chapter 4 Advanced Configura tion 51 4-Port SSL/IPSec VPN Router your Internet access disconnec ts. The default is 5 minutes. If y ou select the Keep aliv e option, the Router will keep the c onnection alive by sending out a few data packets periodically , so your ISP thinks that the connection is still active. This option keeps your connec tion ac[...]

  • Página 60

    Chapter 4 Advanced Configura tion 52 4-Port SSL/IPSec VPN Router Select the ser vice y ou want from the Service pull-down menu. Click Next to continue. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizar d. Select the Ser vice F or this ser vice, you can select whether or not you want the R ou[...]

  • Página 61

    Chapter 4 Advanced Configura tion 53 4-Port SSL/IPSec VPN Router Decide when you want this Access Rule to be enforc ed. Select Alwa ys if y ou want the A ccess Rule to be alw ays enforc ed. Click Next to continue. Click Pr evious if you want to return to the previous screen. Click Exit if you want to exit the Setup W izard . When It W orks Select S[...]

  • Página 62

    Chapter 4 Advanced Configura tion 54 4-Port SSL/IPSec VPN Router session. (I f you end the session, you will need to re - enter your User Name and P assw ord to log in and then manage the Router .) After y ou click the L ogout tab, a Warning screen appears. I t will ask you to confirm that you want to delete the History Item for the Router . ( The [...]

  • Página 63

    55 T roubleshooting 4-Port SSL/IPSec VPN Router Appendix A Appendix A: T roubleshooting The rmw are upgrade has failed. A firmwar e upgrade takes approximat ely ten minutes. An error may oc cur if you po wered off the Router , pr essed the Reset button, closed the System Management > Firmw are Upgrade screen, or disconnec ted the computer fro[...]

  • Página 64

    56 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Appendix B: V ir tual P assage SSL VPN Client Over view The Router’ s SSL VPN Portal includes an A ctiveX -based VPN client that pr ovides full network c onnectivity for Windows users. This client, called the Vir tual P assage Client, lets y ou remotely access the Router ?[...]

  • Página 65

    57 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Deselect (remove the checkmark from) Override automatic cookie handling . Internet Explorer > Internet Options > Privacy Click OK . Click OK again. Netscape Communic ator 8.0 or Higher Open Netscape Communicator . Click T ools . Click Options . Click Site Con trols . Cl[...]

  • Página 66

    58 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Login for the SSL VPN P ortal ( Window s OS) F ollow these instructions to log in: Enter the IP address of the Router , https://<W AN IP address of the Router> , in your web browser . Then press the Enter key . A login screen appears. Enter your user name in the User Na[...]

  • Página 67

    59 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B On the Security Warning scr een, click Y es . Click Y es to Install A second S ecurity Warning screen asks you if you want to install XT unnel , the V irtual Passage application. Click Install . Click Install The Hardware Installation screen asks you if you want to continue w[...]

  • Página 68

    60 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Windo ws V ista U sage If you use Windows Vista to establish an SSL VPN connection and do not disable the User Account Control (U AC) f eature , an error message will displa y , indicating that V irtual Passage was not installed. Vista Error Message T o install Virtual Passag[...]

  • Página 69

    61 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B A screen may appear indica ting that the certificate cannot be verified. Linksys has confirmed that the certificate is valid. Click Con tinue . Click to Continue On the W arning screen, click Run . Click Run Enter your passw ord f or OS X. T o install the Virtual Passage Clie[...]

  • Página 70

    62 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B Before Y ou Begin (Linux OS) Make sure you have administrative rights on your computer . Then install the freeware , Java Runtime Environmen t ( JRE), on your computer . T o download the freeware , visit Java-related websites. If you do not install JRE, a warning message will[...]

  • Página 71

    63 Vir tual Passage SSL VPN Client 4-Port SSL/IPSec VPN Router Appendix B On the W arning screen, click Run . Click Run After the software is installed , you will be notified that the SSL VPN tunnel has been established. SSL VPN T unnel Established T o end the SSL VPN connection, click Disconnect . Remov al of the Virtual Passage Client (Linux OS) [...]

  • Página 72

    64 Bandwidth Management 4-Port SSL/IPSec VPN Router Appendix C Appendix C: Bandwidth Management Over view This appendix explains how to ensure Quality of Ser vice (QoS) on Vonage V oice over Internet Protocol ( V oIP) phone ser vice. This example uses Vonage; howev er , similar instructions will apply to other V oIP services. Creation of Ne w Ser v[...]

  • Página 73

    65 Bandwidth Management 4-Port SSL/IPSec VPN Router Appendix C Creation of Ne w Bandwidth Management Rules Create four new rules: Vonage V oIP (Upstream), Vonage V oIP (Downstream), V onage 2 (Upstream), and Vonage 2 (Downstream). On the Bandwidth Management scr een, select V onage V oIP fr om the Ser vice drop-down menu. Enter the IP address or ra[...]

  • Página 74

    66 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Appendix D: A c tiv e Director y S er ver NO TE: W indows Ser ver 2000 and 2003 support the Active Directory ser ver featur e. T o configure an Active Dir ector y server: Click the Start button of your W indows computer . Click Settings . Click Con trol Panel . Double -click Ad[...]

  • Página 75

    67 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Click Next . W elcome to the Active Directory Installation W izard Click Next . Operating System C ompatibility 9. 10. Select Domain controller for a new domain , and then click Next . Domain Controller T ype Select Domain in a new forest , and then click Next . Create New Doma[...]

  • Página 76

    68 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Enter a domain name, and then click N ext . New Domain Name Enter a domain NetBIOS name, and then click N ext . NetBIOS Domain Name 13. 14. Select the folders that will store the Active Directory database and log. Then click Next . Database and Log F olders Enter a location for[...]

  • Página 77

    69 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D Select I will corr ect the problem later by configuring DNS manually (A dvanced) , and then click N ext . DNS Registration Diagnostics Select P ermissions compatible only with W indow s 2000 or Windo ws Ser ver 2003 opera ting systems . Then click Next . Permissions 17. 18. Ent[...]

  • Página 78

    70 Ac tiv e Direc tor y S er ver 4-Port SSL/IPSec VPN Router Appendix D T r oubleshooting If your users are unable to connect via Active Director y , check the following: The time settings between the Active Director y ser ver and the Router must be synchronized. Kerberos authentication, used by Active Directory to authenticate clients, permits a m[...]

  • Página 79

    71 User f or the Active Direc tor y Ser v er 4-Port SSL/IPSec VPN Router Appendix E Appendix E: U ser for the A ctive Director y S er ver NO TE: W indows Ser ver 2000 and 2003 support the Active Directory ser ver featur e. T o create a user f or Active Directory : Click the Start button of your W indows computer . Click Settings . Click Con trol Pa[...]

  • Página 80

    72 User f or the Active Direc tor y Ser v er 4-Port SSL/IPSec VPN Router Appendix E Click Finish t o create the new user . New Object > User > Summar y 9.[...]

  • Página 81

    73 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Appendix F : Internet A uthen tication Ser vice (IAS) Ser ver NO TE: W indows Ser ver 2000 and 2003 support the IAS server feature. T o install an IAS ser ver: Click the Start button of your W indows computer . Click Add or Remov e Pr ograms . Click Add/Remov [...]

  • Página 82

    74 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Click Next . W elcome to the New Remote Ac cess Policy Wizar d Select Set up a custom polic y , and enter a policy name. Then click Next . Policy Configuration Method 11. 12. T o add a policy, click A dd . Policy Conditions Select Client-IP-Addr ess , and then[...]

  • Página 83

    75 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Make sur e a policy has been added , and then click Next . Policy Conditions Select Grant remote acc ess p ermission , and then click Next . Permissions 16. 17. Click Edit Profile . Profile On the Authentication tab, deselect (remov e the check mark from) Micr[...]

  • Página 84

    76 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F On the Encr yption tab, selec t Basic encryption , Strong encr yption , Str ongest encryption , and No encryption . Click Apply . Encryption Click Finish . Completing the New Remote Acc ess Policy Wizar d Make sure the policy has been added. Click the Start bu[...]

  • Página 85

    77 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Click Next . W elcome to the New Connection Request Policy W izard Select A custom polic y , and enter a policy name . Then click Next . Policy Configuration Method 29. 30. T o add a policy, click A dd . Policy Conditions Select Client-IP-Addr ess , and then c[...]

  • Página 86

    78 Internet Authentic ation Ser vice (IAS) Ser ver 4-Port SSL/IPSec VPN Router Appendix F Make sur e a policy has been added , and then click Next . Policy Conditions Click Edit Profile . Request Processing Method 34. 35. On the Authentication tab , select Authentica te request on this server , and then click OK . Authentication Click Finish . Comp[...]

  • Página 87

    79 Lightw eight Direc tor y Access Protocol (LD AP ) Ser ver 4-Port SSL/IPSec VPN Router Appendix G Appendix G: Lightw eight Dir ec tor y A cc ess P r otoc ol (LD AP) Ser ver Access the Rout er ’ s web-based utility. Click the SSL VPN tab . Click the User Management tab . F rom the A uthentication T ype drop- down menu, select LDAP . SSL VPN >[...]

  • Página 88

    80 Deployment in an Existing N etwork 4-Port SSL/IPSec VPN Router Appendix H Appendix H: Deploymen t in an Existing Netw ork Over view If you have a current VPN router in your net work, you can add the 4-Port SSL/IPSec VPN Router (model number: RVL200), so that the SSL clients can access the existing network resources . The two configuration exampl[...]

  • Página 89

    81 Deployment in an Existing N etwork 4-Port SSL/IPSec VPN Router Appendix H W AN-to-L AN Connec tion LAN Corporate Network Branch Office RV082 LAN W AN W AN2 W AN1 RVL200 W AN IP: 192.168.1.2 LAN IP: 192.168.2.1 Remote users with 192.168.1.x Virtual Passage IP can access the headquarters’ corporate network using Virtual Passage via the W AN IP o[...]

  • Página 90

    82 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I Appendix I: Gatew a y-t o -G ate wa y VPN T unnel Over view This appendix explains how to configure an IPSec VPN tunnel bet ween two VPN Routers by example. Tw o computers are used t o test the liveliness of the tunnel . Before Y ou Begin The follo wing is a list of equ[...]

  • Página 91

    83 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I In the IPS ec Setup sec tion, select the appropriate encr yption, authentication, and other key management settings. In the Preshared Key field, enter a string f or this key , for example, 13572468. RVL200 IPSec Setup S ettings If you need mor e detailed settings , clic[...]

  • Página 92

    84 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I Configuration when the R emote Gate wa y Uses a Dynamic IP Address This example assumes the Remote Gateway is using a dynamic IP address. If the R emote G ateway uses a static IP address, ref er to “Configuration when the Remote Gateway Uses a Sta tic IP Address . ”[...]

  • Página 93

    85 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I The W AN IP address (B.B .B.B) of the R V082 will be automatically detected. F or the L ocal S ecurity Group T ype, select Subnet . Ent er the RV082’ s local net work settings in the IP Address and Subnet Mask fields. RV082 VPN Settings F or the Remote Security Gatewa[...]

  • Página 94

    86 Gate wa y-to- G ate w a y VPN T unnel 4-Port SSL/IPSec VPN Router Appendix I RVL200 IPSec VPN Settings F or the Remote S ecurity Gateway T ype, select IP by DNS Resolved . Enter the RV082’ s domain name in the field provided . F or the Remote Securit y Group T ype , select Subnet . Enter the RV082’ s local net work settings in the IP Address[...]

  • Página 95

    87 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J Appendix J: IPSec NA T T ra v ersal Over view Network A ddress T ranslation (NA T ) traversal is a technique developed so that data protected by IPSec can pass through a NA T . (See NA T 1 and NA T 2 in the diag ram.) Since IPSec provides integrity for the entire IP datagram, any chan[...]

  • Página 96

    88 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J The W AN IP address of R outer A will be automatically detected. F or the L ocal S ecurity Group T ype, select Subnet . Ent er Router A ’ s local net work settings in the IP Address and Subnet Mask fields. Router A ’ s IPSec VPN Settings F or the Remote Security Gateway Type , sel[...]

  • Página 97

    89 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J Configuration of the One-to- O ne NA T Rules The one -to- one NA T rules must be configured on NA T 2 - RV042 and NA T 1 - R VO42. One -to-O ne NA T Rule on NA T 2 - RV042 192.168.99.1 => 192.168.111.11 Refer to the documentation of the 10/100 4-Port VPN Router (model number: RV042[...]

  • Página 98

    90 IPSec NA T Tra v ersal 4-Port SSL/IPSec VPN Router Appendix J F or the Remote Securit y Group T ype , select Subnet . Enter Router A ’ s local network settings in the IP Addr ess and Subnet Mask fields. In the IPS ec Setup sec tion, select the appropriate encr yption, authentication, and other key management settings. In the Preshared Key fiel[...]

  • Página 99

    91 Configuration of Multiple Subnets 4-Port SSL/IPSec VPN Router Appendix K Appendix K: C onfigur ation of Multiple Subnets Over view The 4-P ort SSL/IPSec VPN Router (model number: RVL200) can suppor t multiple subnets. The configuration example shows an RVL200 deploying two routers . Any router can be deployed; however , this example uses the Lin[...]

  • Página 100

    92 Configuration of Multiple Subnets 4-Port SSL/IPSec VPN Router Appendix K Setup > Network In the LAN Setting sec tion, select Multiple Subnet . Click Add/Edit . A new scr een appears. Create a Subnet In the LAN IP Address field, enter 192.168.7.0 . In the Subnet Mask field, enter 255.255.255.0 . T o create the first subnet, click A dd to list [...]

  • Página 101

    93 Configuration of Multiple Subnets 4-Port SSL/IPSec VPN Router Appendix K Enter 192.168.1.2 in the Default Gateway field . Enter 1 in the Hop Count field . Select W AN1 from the Interface dr op- down menu. T o create the static r oute, click A dd to list . Click Save Settings . Click the Fir ewall tab . F or the F irewall setting , select Disable[...]

  • Página 102

    94 Multiple VLANs with Computers 4-Port SSL/IPSec VPN Router Appendix L Port 4: T runk ing Port RVL200 192.168.4.x Default VLAN1 VLAN2 VLAN3 VLAN4 192.168.3.x 192.168.2.x SRW2048 RVL200 with Multiple VLANs Using C omputers RVL200 Configuration Physically connect Ethernet por t 4 on the R VL200 to a trunking por t on the SR W2048. Access the web-bas[...]

  • Página 103

    95 Multiple VLANs with Computers 4-Port SSL/IPSec VPN Router Appendix L Select Enable VLAN . Enter 2 in the VLAN ID field. T o create VLAN2, click Add VLAN . Enter 3 in the VLAN ID field. T o create VLAN3, click Add VLAN . Enter 4 in the VLAN ID field. T o create VLAN4, click Add VLAN . Click the Port Setting tab. Port Management > Port Setting [...]

  • Página 104

    96 Multiple VLANs and S ubnets 4-Port SSL/IPSec VPN Router Appendix M Appendix M: Multiple VLANs and Subnets Over view The 4-P ort SSL/IPSec VPN Router (model number: RVL200) can suppor t multiple Virtual Local Area Networks ( VLANs) used with multiple subnets. The configuration example shows an R VL200 deploying two routers and one Layer 2 managed[...]

  • Página 105

    97 Multiple VLANs and S ubnets 4-Port SSL/IPSec VPN Router Appendix M Subnet Mask Selec t 255.255.255.0 . Range Start Enter 100 . Range End Enter 149 . F or VLAN3, complet e the following: IP A ddress Enter 192.168.3.1 . ( This is the default, which you can ov erwr ite.) Subnet Mask Selec t 255.255.255.0 . Range Start Enter 100 . Range End Enter 14[...]

  • Página 106

    98 Access of Multiple VLANs ov er a SSL VPN T unnel 4-Port SSL/IPSec VPN Router Appendix N Appendix N: A cc ess of Multiple VL ANs ov er a SSL VPN T unnel Over view The 4-P ort SSL/IPSec VPN Router (model number: RVL200) can allow a computer on the Internet to communicate with a local computer , even though they belong to different Virtual Local Ar[...]

  • Página 107

    99 Firm ware Upgrade 4-Port SSL/IPSec VPN Router Appendix O Appendix O: F irm ware Upgrade Over view This appendix explains how to upgrade the firmwar e of the Router . Before Y ou Begin If you are using Internet Explorer on Window s XP , disable the pop-up block ing function before you upg rade the Router ’ s firmware. ( This avoids a firmware u[...]

  • Página 108

    100 Firm ware Upgrade 4-Port SSL/IPSec VPN Router Appendix O When you or another user logs out, a W arning screen will appear . It will ask you to confirm that you want to delete the Histor y Item for the Router . Click Y es . Click Y es to Delete History Upgrade the Firm ware In the Router ’ s web-based utility , click the Sy stem Management tab[...]

  • Página 109

    101 Batt er y Replacement 4-Port SSL/IPSec VPN Router Appendix P Appendix P : Battery Replacement Over view The R outer has a lithium batter y , type CR2032, on its main circuit board. This battery has an operating life of approxima tely 1 to 2 years . When the battery loses its charge, the Router cannot update its time setting unless it is connect[...]

  • Página 110

    102 Specific ations 4-Port SSL/IPSec VPN Router Appendix Q Appendix Q: Specifications Specications Model RVL200 Standards IEEE 802.3, IEEE 802.3u, IEEE 802.1q, IEEE 802.1p, RFC791 (IP Protocol) Ports Ethernet, Power Button Reset Cabling Type UTP CAT 5 LEDs Power, Diag, Internet, Ethernet 1-4 Operating System Linux Performance NAT Throughput Wire[...]

  • Página 111

    103 4-Port SSL/IPSec VPN Router Appendix R Warranty Inf ormation Appendix R: W arranty Informa tion Limited W arranty Linksys warrants to Y ou that, for a period of one year (the " W arranty Period"), your Linksys Product will be substantially fr ee of defects in materials and w orkmanship under normal use. Y our exclusiv e remedy and Lin[...]

  • Página 112

    104 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Appendix S: Regulat or y Information FCC Sta tement This produc t has been tested and complies with the specifications for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful inter ference in a [...]

  • Página 113

    105 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S User Inf ormation f or Consumer Products Cov ered b y EU Directive 2002/96/EC on W aste Electric and Elec tronic Equipment ( WEEE) This document contains important information for users with regards to the proper disposal and recycling of Linksys products. Consumers are required t[...]

  • Página 114

    106 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Eesti (E stonian) - K eskkonnaalane informatsioon Euroopa Liidus asuva tele klientidele Euroopa Liidu direktiivi 2002/96/EÜ nõuete kohaselt on seadmeid, millel on tootel või pakendil käesolev sümbol , keelatud kõr valdada koos sorteerimata olmejäätmetega. See sümbol näit[...]

  • Página 115

    107 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Lietuvškai (Lithuanian) - Aplink osaugos informacija, skir ta Europos Sąjungos vartotojams Europos dir ektyva 2002/96/EC numato , kad įrangos, kuri ir kurios pakuotė yra pažymėta šiuo simboliu (įvesk ite simbolį), negalima šalinti kar tu su nerūšiuotomis komunalinėmis[...]

  • Página 116

    108 Regula tor y Informa tion 4-Port SSL/IPSec VPN Router Appendix S Português (P ortuguese) - Informação ambiental para clientes da União Eur opeia A Directiva Europeia 2002/96/CE exige que o equipamento que exibe este símbolo no produto e/ou na sua embalagem não seja eliminado junto com os resíduos municipais não separados. O símbolo ind[...]

  • Página 117

    109 Contac t Informa tion 4-Port SSL/IPSec VPN Router Appendix T Appendix T : C ontact Information Linksys C ontact Information W ebsite http://www .linksys.com FTP Site ftp.linksys .com Advice Line 800-546-5797 (LINKSYS) Support 800-326-7114 RMA (Return M erchandise Authorization) 949-823-3000 F ax 949-823-3002 NO TE: Details on warranty and RMA i[...]