Cisco Systems RV325 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems RV325, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems RV325 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems RV325. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Cisco Systems RV325 should contain:
- informations concerning technical data of Cisco Systems RV325
- name of the manufacturer and a year of construction of the Cisco Systems RV325 item
- rules of operation, control and maintenance of the Cisco Systems RV325 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems RV325 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems RV325, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems RV325.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems RV325 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Cis c o R V320/R V325 Gigabit Dual W AN VPN Router ADMINISTR A TION GUIDE[...]

  • Page 2

    First Published in A ugust 2014 Last Update in Mar 2015[...]

  • Page 3

    Cisco RV320/RV325 Ad ministration Guid e 3 Con te n ts Chapter 1: Getting Started 7 Using the Getting Started Window 7 Features of the User Interface 8 Chapter 2: Wizard 11 Basic Setup 11 Access Rule Setup 11 Chapter 3: System Summary 13 System Information 13 Configuration (Wizard) 14 Port Activity 14 IPv4 and IPv6 15 Security Status 16 VPN Setting[...]

  • Page 4

    Cisco RV320/RV325 Ad ministration Guid e 4 Con te n ts Adding or Editing a Servic e Name 39 Setting Up One-to-One NAT 39 MAC Address Cloning 40 Assigning Dynamic DNS to a WAN Interface 41 Advanced Routing 42 Configuring Dynamic Routing 42 Configuring Static Routing 43 Inbound Load Balance 44 USB Device Update 45 Chapter 5: DHCP 47 DHCP Setup 48 Vie[...]

  • Page 5

    Cisco RV320/RV325 Ad ministration Guid e 5 Con te n ts Backup and Restore 68 Chapter 7: Port Management 71 Port Setup 71 Port Status 72 Traffic Statistics 73 VLAN Membership 73 Map DSCP to queue 74 Map CoS to DSCP 74 802.1X Configuration 75 Chapter 8: Firewall 77 General 77 Session Timeout 78 Access Rules 79 Chapter 9: VPN 81 Summary 81 Gateway to [...]

  • Page 6

    Cisco RV320/RV325 Ad ministration Guid e 6 Con te n ts Advanced Setting 105 Chapter 10: Certificate Management 107 My Certificate 107 Trusted SSL Certificate 109 Trusted IPsec Certificate 109 Certificate Generator 110 CSR Authorization 111 Chapter 11: Log 113 System Log 113 System Statistics 116 Processes 116 Chapter 12: User Management 117 Chapter[...]

  • Page 7

    1 Cisco RV320/RV325 Ad ministration Guid e 7 Get ting St ar te d Thank you f or choo sing a Cisco RV320. This chapter includes inf ormation t o help you get started using your device. Using the Get ting St ar te d Window The default settings are sufficient f or many small busines ses . Network demands or your Int ernet Ser vice Pr ovider (ISP) mi g[...]

  • Page 8

    Getting Started Fea ture s o f the User In terface 8 Cisco RV320/RV325 Administration Guide 1 STEP 7 T o configure other settings , use the links in the navigation tr ee. Troubleshooting Tips If you ha ve tr ouble connecting to the Int ernet or the web-b ased web int er face: • V erif y that your web browser is not set to W ork Of fline. • Chec[...]

  • Page 9

    Get ting Star ted F ea tur es of the User In terface Cisco RV320/RV325 Ad ministration Guid e 9 1 Help T o view inf ormation about the se lect ed configuration page, click Help near the t op right corner of the web int erface. If your web browser displays a warning mes sage about the pop-up window , allow the blocked content . Logout T o exit the w[...]

  • Page 10

    Getting Started Fea ture s o f the User In terface 10 Cisco RV320/RV325 Administration Guide 1[...]

  • Page 11

    2 Cisco RV320/RV325 Ad ministration Guid e 11 Wizar d From the W i zar d page, y ou can launch the Basic Setup wizard that guides you through the pr oces s of initial configuratio n of the devic e. The Acces s Rule wizar d guides you through the pr oces s of configuring the se curity policy f or the network . T o op en this page, select Wizar d in [...]

  • Page 12

    Wizard Acces s R u l e Se tu p 12 Cisco RV320/RV325 Administration Guide 2[...]

  • Page 13

    3 Cisco RV320/RV325 Ad ministration Guid e 13 System Summ ar y The Syst em Summar y displa ys inf ormation about the current status of the device connections , status, s ettings , and logs . System Informa tion Syst em inf ormation descriptions : • Ser ia l N um be r — Serial numb er of the device. • Firm ware version— V ersion numb er of t[...]

  • Page 14

    System Summary Configur a tion (W iz ar d) 14 Cisco RV320/RV325 Administration Guide 3 C onfigura tion ( Wizard) T o acce ss the Internet connection setup wizard and be prompt e d through the pr ocess, cl ic k Se t u p W i z a r d to launch the Wizard . Por t A ctivit y Port Activit y identifies the por t inter f aces and indicates the status of ea[...]

  • Page 15

    System S ummary IPv4 and I Pv6 Cisco RV320/RV325 Ad ministration Guid e 15 3 • VL AN— VL AN ID of this port . Ther e ar e two predefined VLANs : 25 and 100 . VLAN 25 can b e used f or gue st VLAN acce ss and VL AN 100 can be used f o r V oice traf fic. By def ault , VLAN 25 and VLAN 100 are not enabled. • Rec eive Pack et Count— Number of p[...]

  • Page 16

    System Summary Sec u r i ty S t a tu s 16 Cisco RV320/RV325 Administration Guide 3 S e curit y Status This se ction displa ys the status of the security featur e s: • SPI (Stateful Pack et Inspe ction) —Status of the fir ewall: On (green) or Of f (red). T racks the state of network connections , such as T CP streams and UDP communication, trave[...]

  • Page 17

    System S ummary SSL VP N St a tus Cisco RV320/RV325 Ad ministration Guid e 17 3 • PPTP T unnel(s) Use d— Point -t o-P oint T unneling Prot ocol (PPTP) tunnels in use. PPTP is a method f or implementing vir tual private networks . PPTP uses a control channel ov er T CP and a Ge neric Routing Encapsulation (GRE) tunnel to encapsulat e PPP pack et[...]

  • Page 18

    System Summary Log Setting Status 18 Cisco RV320/RV325 Administration Guide 3[...]

  • Page 19

    4 Cisco RV320/RV325 Ad ministration Guid e 19 Se t u p Use the Setup > Net work page t o set up your LAN, W AN (Internet), DMZ, and so fo r t h . Se t u p N etwo rk T o op en the Network page, click Setup > Network . Some IS Ps r equire that you assign a hostname and domain name to identify your dev ice . De f au lt va lu es a r e pr ovid ed,[...]

  • Page 20

    Setup Se t up N e twor k 20 Cisco RV320/RV325 Administration Guide 4 Adding or Editing an IPv4 Network By default one IPv 4 LAN subnet work is configur ed, 192.168.1 .1 . One subnetwork is usually sufficient for most small business es. The firewall denies acc es s if a LAN device so ur ce IP address is on a subnet work that is not spe cifically all[...]

  • Page 21

    Setup Se t up N e twor k Cisco RV320/RV325 Ad ministration Guid e 21 4 T o c onfigur e WA N C o n n e c t i o n S e t t i n g s , s elect a W AN interface and click Edit . WA N C o n n e c t i o n S e t t i n g s appears . Select the W AN C onnec tion Type from the menu and modify the relat e d parameters as describe d in these s ections: Obtain an[...]

  • Page 22

    Setup Se t up N e twor k 22 Cisco RV320/RV325 Administration Guide 4 - Configure t o R A and DHCP v6 automatically—Provide Stat eless an d Stateful IPv6 address es f or LAN-side P Cs. Static IP Choos e this option if y our ISP as signed a permanent IP address to your account . Ent er the set tings pr ovided by your ISP : • Spe cif y W AN IP Add[...]

  • Page 23

    Setup Se t up N e twor k Cisco RV320/RV325 Ad ministration Guid e 23 4 PPPoE Choo se this option if y our ISP use s PPP oE (P oint -to-P oint Pr ot ocol over Ethernet) t o establish Internet connections (typical f or DS L lines). Then ent er the sett ings pr ovided by your ISP : • Us ernam e and Password —Username and pas swor d f or your IS P [...]

  • Page 24

    Setup Se t up N e twor k 24 Cisco RV320/RV325 Administration Guide 4 T o configure the IPv6 parameters, che ck Enable . The DHCP v6 client proces s and requests f or pr efix delegation through the selected interface are enabled. Use this option when your ISP is capable of sendin g LAN prefixes by using DHCP v6. If your IS P does not suppor t this o[...]

  • Page 25

    Setup Se t up N e twor k Cisco RV320/RV325 Ad ministration Guid e 25 4 - Co nnec t on De mand — When this f eature is enabled, the device automatically establishes your connection. If you enabled this f eatu r e, ent er the Max Idle Time , the number of minutes that the connection can be inactive bef ore the connection is terminat ed. The default[...]

  • Page 26

    Setup Se t up N e twor k 26 Cisco RV320/RV325 Administration Guide 4 T o specif y a DNS ser ver , enter the IP addr ess of DNS S er ver 1 . Optionally , you can enter a second DNS ser ver . The first available DNS ser ver is use d. T o set the maximum transmis sion unit ( MTU ) size aut omatically , sele ct Auto . Other wis e, t o set the MTU size [...]

  • Page 27

    Setup Se t up N e twor k Cisco RV320/RV325 Ad ministration Guid e 27 4 • LA N I Pv6 Ad d r es s — Global IP v6 prefix that was assigned by your IS P f or your LAN device s, if applicable. (Check with your IS P f or more inf ormation.) • Prefix Length —IP v6 prefix length: The IPv6 net work ( subnet) is identified by the initial bits of the [...]

  • Page 28

    Setup Se t up N e twor k 28 Cisco RV320/RV325 Administration Guide 4 - Without any action —Doe s not pr ovide Stat eles s or Stat eful IP v6 address f or LAN-side PCs . - Configure to R A automatically —Provides Sta te l ess IPv6 address f or LAN -si de PC s. - Configure to DHCP v 6 automatically —Provides Sta t e fu l IPv6 address fo r L A N[...]

  • Page 29

    Setup Se t up N e twor k Cisco RV320/RV325 Ad ministration Guid e 29 4 - Configure to R A automatically —Provides Sta t e l ess IPv6 addres s f or LAN - s id e PCs. - Configure to DHCP v 6 automatically —Provides St a t e f u l IPv6 address fo r L A N - s i d e P C s . - Configure to R A and DHCP v 6 automatic ally —Provides Stat eless and St[...]

  • Page 30

    Setup Se t up N e twor k 30 Cisco RV320/RV325 Administration Guide 4 Se tting Failover and Rec over y While both an Ethernet and mobile net work link might be available, only one conne ction at a time can be used to establish a W AN link . Whenever one W AN conne ction fails, the device at t empts to bring up another connection on another interface[...]

  • Page 31

    Setup Se t up N e twor k Cisco RV320/RV325 Ad ministration Guid e 31 4 - Ex tra Charge —C ost in do ll ar s i f a gi v en pe riod of t im e i s e xceed ed. - Stop c onnec tion ...—Check to enable dr opping the connection when the time ex cee ds the given time. The window appears : • Previous Cumulative Time —Amount of time the 3G/ 4G conne [...]

  • Page 32

    Setup DMZ Enabl e 32 Cisco RV320/RV325 Administration Guide 4 DMZ Enable A DMZ is a subnet work that is open t o the public but behind the firewall. A DMZ allows you t o r edirect packets coming int o y our W AN p ort to a specific IP addres s in your LAN. Y ou can configure firewall rules t o allow acce ss to specific ser vices and por ts in the D[...]

  • Page 33

    Setup Passw or d Cisco RV320/RV325 Ad ministration Guid e 33 4 ! CAU TI O N Th e pa s s wo rd c ann o t b e re c ov ere d i f i t i s l o st or f orgot t en. If the password is lost or f orgotten, the device must be reset to the f actory default set tings, removing all configuration changes . If you are acce ss ing the device r emot ely and reset t[...]

  • Page 34

    Setup Ti m e 34 Cisco RV320/RV325 Administration Guide 4 When Minimum P assword Complexit y - Enable is check ed, the Pas sword Strength Meter indicat es the pas swor d str ength, base d on the complexity rule s. The scale range s fr om r ed (unacc eptable) to y ellow (acc eptable) to gr een (str ong). STEP 3 Click Sa ve . Time T ime is critical to[...]

  • Page 35

    Setup DMZ Ho st Cisco RV320/RV325 Ad ministration Guid e 35 4 • Day light Savings Time —Enable or disable the adjustment f or daylight savings time. Ent er the start date in the Fro m fields and ent er the st op dat e in the To fields. • Set Date and Time — Auto enables the NTP ser ver . If you chose Aut o, ent er the fully qualified NTP S [...]

  • Page 36

    Setup (Por t) F orwarding 36 Cisco RV320/RV325 Administration Guide 4 T o add or e dit a servic e t o the table: STEP 1 T o add a ser vice, click Add in the Port Range Forwarding table. T o edi t a service , se lec t t he r ow an d c li ck Edit . The fields ar e open f or modification. STEP 2 Configure the f ollowing: • Sel ect a Se rvi ce from t[...]

  • Page 37

    Setup (Port) Forwarding Cisco RV320/RV325 Ad ministration Guid e 37 4 STEP 4 Click Sav e . Configuring Port Triggering Po r t triggering allows the device to monit or outgoing data f or sp ecific por t numbers . The IP addr es s of the client that sent the matching data is r emembered by the device. When the requested data r eturns through the devi[...]

  • Page 38

    Setup Port Address T ransla tion 38 Cisco RV320/RV325 Administration Guide 4 Por t A ddr e s s T ransla tion Port Address T ranslation (P A T ) is an e xtension of Network Address T ranslation (NA T ) that permits multiple device s on a LAN to be mapped to a single public IP address to conser ve IP addr ess es . P A T is similar to por t f or wardi[...]

  • Page 39

    Setup Se tt i ng U p On e -t o-On e NA T Cisco RV320/RV325 Ad ministration Guid e 39 4 Adding or Editing a S er vic e Name T o add or edit an entr y on the Ser vice list : STEP 1 Click Servi ce M a na g em en t . If the web browser displays a warning about the pop-up window , allow the blocked content. STEP 2 T o add a s er vice, click Add in the S[...]

  • Page 40

    Setup MAC Address Cloning 40 Cisco RV320/RV325 Administration Guide 4 T o enable this f eatur e, check Enable . T o add an entr y to the list, click Add and enter the f ollowing information: • Private Range Be gin— Starting IP addres s of the int ernal IP addr es s range that you want t o map t o the public range. Do not include the r out er ma[...]

  • Page 41

    Setup Assigning Dynamic DNS to a W AN In ter f ace Cisco RV320/RV325 Ad ministration Guid e 41 4 A s signing D ynamic DNS to a W AN Inter face Dynamic Domain Name Syst em (DDNS) ser vice as signs a fix e d domain name t o a dynamic W AN IP address , so you can host your own web, FTP , or another t ype of T C P /IP ser ver on your LAN. Sele ct this [...]

  • Page 42

    Setup Advanc ed Routing 42 Cisco RV320/RV325 Administration Guide 4 Advanc e d Routing This f eatur e enables dynamic routing and adds static r out es to the r outing table f or IP v 4 and IP v6. T o view the r outing table, click View Routing T able . Click Refresh to u p da te t he data. Click Clo se to close the pop-up window . C onfiguring Dyn [...]

  • Page 43

    Setup Advance d Routing Cisco RV320/RV325 Ad ministration Guid e 43 4 ( VLSM). RIP v 1 als o lacks support f or rout er authentication, making it vulnerable to attacks . RIP v2 carries a subnet mask and suppor ts password authentication secu rity . • T ransmit RIP versions— Select the RIP prot oc ol f or transmit ting network data: None , RIP v[...]

  • Page 44

    Setup Inbound L oad Balance 44 Cisco RV320/RV325 Administration Guide 4 T o delet e an entr y from the list, click the entr y that you want to delet e, and then click Del e te . T o view current data, click View Routing T able . The Routing T able Entr y List appears . Y ou can click Refresh to u p da te th e da t a, o r c l ic k Clos e t o close t[...]

  • Page 45

    Setup USB Devic e Update Cisco RV320/RV325 Ad ministration Guid e 45 4 STEP 6 Click SPF S et tings t o add SPF te xt . S PF (Sender Policy Framework) is an email validation syst em that pr events email spam by det ecting email spoofing (a common vulnerabilit y) by verifying sender IP ad dr es ses . (Configuring this field is not r equired. Mor e in[...]

  • Page 46

    Setup USB Devic e Update 46 Cisco RV320/RV325 Administration Guide 4[...]

  • Page 47

    5 Cisco RV320/RV325 Ad ministration Guid e 47 DHCP Dynamic Host C onfiguration Pr otocol (DHCP) is a network protocol that is used to configure network device s t o communicate on an IP network . A DHCP client uses the DHCP prot ocol to acquire configuration inf ormation, such as an IP addr es s, a default r out e, and one or mor e DNS ser ver addr[...]

  • Page 48

    DHCP DHCP Setup 48 Cisco RV320/RV325 Administration Guide 5 DHCP S etup DHCP Setup configures DHCP f or IP v 4 or IPv6. It als o allows some devices to download their configuration from a TFTP se r ver . When a device starts , if it does not hav e both the IP address and TF TP ser ver IP address pre configured, it sends a request with Option 66, 67[...]

  • Page 49

    DHCP DHCP S etup Cisco RV320/RV325 Ad ministration Guid e 49 5 • Client Lease Time —Amount of time in minute s that a network user is allowed to connect to the rout er with the curr ent IP addr es s. V alid values are 5 t o 43200 minut es . The def ault is 1440 minut es (equal to 24 hours ). • Range Star t and Range End— Star ting and endin[...]

  • Page 50

    DHCP V iewing the DHCP Sta tus 50 Cisco RV320/RV325 Administration Guide 5 • DHCP Rela y —Pa s s es D HC P re qu es t s a nd rep lie s fro m a no th er DH CP ser ver through the device. • Client Le ase Time —Amount of time that a net work user is allowe d t o connect to the rout er with the curr ent IP addr es s. Enter the amount of time in[...]

  • Page 51

    DHCP Option 82 Cisco RV320/RV325 Ad ministration Guid e 51 5 • To t a l — T otal number of dynamic IP addres ses manage d by the DHCP ser ver . The Client T able shows the DHCP client inf ormation: • Client Host Name— Name assigned to a client host . • IP Addres s— Dynamic IP addr es s assigned t o a client . • MA C Addres s (IP v4 on[...]

  • Page 52

    DHCP IP and MAC Binding 52 Cisco RV320/RV325 Administration Guide 5 IP and MA C Binding When the device is configured as a DHCP ser ver or f or DHCP r ela y , you can bind static IP ad dr es ses to up to 100 netwo rk device s, such as a web ser ver or an F TP server . T ypically the MAC addr ess of a devic e physically appears on a label on the bot[...]

  • Page 53

    DHCP DNS Local Databas e Cisco RV320/RV325 Ad ministration Guid e 53 5 Edit or Delete Bound Entries To Edit the set tings , select an entr y in the list and click Edi t . The inf ormation appears in the te xt fields . Make the changes, and click Sa ve . To Dele t e an entr y fr om the list , sele ct the entr y t o delet e, and click De l e te . T o[...]

  • Page 54

    DHCP Rout er Adver tisement (IPv6) 54 Cisco RV320/RV325 Administration Guide 5 T o change the T CP /IP connection settings , f or e xample, on a P C running W indows, go to the L ocal Area Connection Proper tie s > I n ternet Protocol > TCP /IP Proper tie s window . Cho ose Us e the f ollowing DNS ser ver addres s , and enter the LAN IP addre[...]

  • Page 55

    DHCP Rout er Adver tisement (IPv6) Cisco RV320/RV325 Ad ministration Guid e 55 5 ent er the Adver tis ement In ter val ; the int er val at which Rout er Advertisement mes sages are sent. Enter an y value between 10 and 1800 seconds . The default is 30 seconds . - Unic ast only— Send Router Adv ert isement mes sages only to well- known IP v6 addr [...]

  • Page 56

    DHCP Rout er Adver tisement (IPv6) 56 Cisco RV320/RV325 Administration Guide 5[...]

  • Page 57

    6 Cisco RV320/RV325 Ad ministration Guid e 57 System Man agement Syst em Management configures advanced set tings, such as diagno stic t ools, and per f orms tasks such as firmware upgr ades , backup s, and device rebo ots. Dual W AN C onne ctions Use this f eatur e t o configur e the settings f or your Int ernet connections, if you are using mor e[...]

  • Page 58

    System Management Dual W AN Conne c tions 58 Cisco RV320/RV325 Administration Guide 6 • Dow ns t r ea m — Ma ximum downstr eam bandwidth pr ovided by your ISP . The default is 10000 kbs. Network Service Detection Optionally , check the b o x t o allow the device to det ect network conne ctivity by pinging spe cified devic es and enter the set t[...]

  • Page 59

    Syste m Mana gem en t Band wid th M ana gem en t Cisco RV320/RV325 Ad ministration Guid e 59 6 T o enable the prot ocol binding, check the box to enable this rule, or uncheck the box to di sable it . To Edit the set tings, s elect an entr y in the list . The inf ormation appears in the te xt fields. Make the changes , and click Sa ve . To Dele t e [...]

  • Page 60

    System Management Ban dw i dt h M a na ge me n t 60 Cisco RV320/RV325 Administration Guide 6 T o open b andwidth management , select Syste m M ana ge me nt > Ba n dw id th Management in the na vigation tree. Maximum Band width Provide d by ISP Ent er the ma ximum bandwidth set tings as specified by your ISP : • Upstre am— Maximum upstream ba[...]

  • Page 61

    Syste m Mana gem en t SNMP Cisco RV320/RV325 Ad ministration Guid e 61 6 • Direc tion— Sel ect Upstream for outbound traffic. S elect Do w n s t r ea m fo r inbound traffic. • Priorit y— Cho ose the priorit y f or this ser vice : High or Low . D efault priority level is Medium, which is implied and not shown in the web int erface. Check the[...]

  • Page 62

    System Management SNMP 62 Cisco RV320/RV325 Administration Guide 6 • Tr a p C o m m u ni t y N a m e — P assword sent with each trap t o the SNMP manager . The string can be up to 64 alphanumeric charact ers. The default is public . • Enable SNMP v1 /v2c— Enable s SNMP v 1 /v2c. - Get Communit y Name —Communit y string f or authenticating[...]

  • Page 63

    Syste m Mana gem en t Disc over y -Bonjour Cisco RV320/RV325 Ad ministration Guid e 63 6 STEP 5 Click Sav e . T o ad d or edit a user : STEP 1 Click Add or select a user and click Edit in the Us er T able. STEP 2 Enter the User Name . STEP 3 Select the Group fr om the drop-down menu. STEP 4 Select the Authentication Method and enter the Authen tica[...]

  • Page 64

    System Management LLDP Proper ties 64 Cisco RV320/RV325 Administration Guide 6 LLDP Proper tie s Link Lay er Discover y Pro tocol (LLDP) is a vendor -neutral prot ocol in the Internet Pr otocol Suit e used by net work devices fo r advertisin g their identity , capabilities , and neighbors on an IEEE 802 local area network , principally wired Ethern[...]

  • Page 65

    Syste m Mana gem en t Using D iagno s tic s Cisco RV320/RV325 Ad ministration Guid e 65 6 Using Diagno stic s The Diagnostic pag e acces se s two built-in t ools , DNS Name L ookup and Ping. If you suspect a problem with connectivity , you can use these tools to in vestigate the cause. T o op en this page, select S ystem M anagement > Diagnostic[...]

  • Page 66

    System Management Fir mw are Up gr ad e 66 Cisco RV320/RV325 Administration Guide 6 F irm ware Upgrade This f eatur e downloads the firmwar e f or your device from a PC or a US B Flash drive and installs it . The window displays the F irmwar e V ersion curr ently running on the device. NOTE If you choose an earlier version of the firmware, the devi[...]

  • Page 67

    Syste m Mana gem en t Re sta r t Cisco RV320/RV325 Ad ministration Guid e 67 6 Alt ernatively , you can choose a language in the f ollowing wa ys: • On the L ogin page, choos e a language fr om the La ngu ag e dr op-down list . • On all configuration p ages, cho ose a lang uage from the dr op-down list at the t op right- hand corner . F or firm[...]

  • Page 68

    System Management Bac ku p an d R est o r e 68 Cisco RV320/RV325 Administration Guide 6 B ackup and Re store Configuration files can be impor t ed, expor t ed, and copied . The r out er has two managed configuration files , star tup and mirror . The device loads the star tup file from memory when it b oots up into th e running configuration and cop[...]

  • Page 69

    Syste m Mana gem en t Back up a nd R e s t or e Cisco RV320/RV325 Ad ministration Guid e 69 6 STEP 3 Click Sav e and choose a file location. Optionally , enter a filename and click Sa ve . TIP The default filenames are St a r tu p .c o n f i g and Mi rr or . c on fi g . The .conf ig e xtension is r equired. F or easier identification, it might be h[...]

  • Page 70

    System Management Bac ku p an d R est o r e 70 Cisco RV320/RV325 Administration Guide 6[...]

  • Page 71

    7 Cisco RV320/RV325 Ad ministration Guid e 71 Por t Man agemen t Use Port Management to configure port s ettings and view the status of the por t . Y ou can enable por t mirroring, disable a por t , or set the priorit y , spe ed, duple x mode, and auto-negotiation. Y ou also can enable por t-based VL ANs t o contr ol traffic be tween devic es on yo[...]

  • Page 72

    Port Management Por t S tatu s 72 Cisco RV320/RV325 Administration Guide 7 Ent er the f ollowing sett ings: • Dis able— Check this box to disable a por t . By default, all por ts are enabled. • EEE —Check this box to enable Energy-Efficient Ethernet that r educe s the consumption of power during pe rio ds of low data activity . • Priorit [...]

  • Page 73

    Por t Management T r af f ic S t at is ti c s Cisco RV320/RV325 Ad ministration Guid e 73 7 Traf f i c St at i s t i c s T o op en this page, select Por t Management > T ra f fic Statistics in the navigation tree. F or the selected por t , the Statistic s table displays the f ollowing : • Por t ID —Location of the por t . • Link Status— [...]

  • Page 74

    Port Management Map DSCP to queue 74 Cisco RV320/RV325 Administration Guide 7 Map DS CP to queue This option gr oups traffic by clas ses of s er vice (CoS) , ensuring bandwidth and higher priorit y f or the sp ecifie d ser vic es. All traf fic that is not added to the IP Gr oup uses Int elligent Balancer mode. T o open this page, s elect Por t Mana[...]

  • Page 75

    Por t Management 802. 1 X C onfigur ation Cisco RV320/RV325 Ad ministration Guid e 75 7 802. 1 X C onfiguration Po r t -based network ac cess c ontr ol uses the physical access characteristics of IEEE 802 L AN infrastructur es to pr ovide a means of authenticating and authorizing devices at tached to a LAN p ort that has point-t o-point connection [...]

  • Page 76

    Port Management 802. 1 X Configur a tion 76 Cisco RV320/RV325 Administration Guide 7[...]

  • Page 77

    8 Cisco RV320/RV325 Ad ministration Guid e 77 F irewall The primar y objective of a firewall is t o control the incoming and outgoing network traffic by analy zing the data pack ets and det ermining whether it should be allowed through or not , base d on a pr edet ermined rule s et . A network firewall builds a bridge bet ween an internal network t[...]

  • Page 78

    Firewall Se ssion T ime out 78 Cisco RV320/RV325 Administration Guide 8 • Remote Management —Allows r emot e management of the device when enabled. The por t is 443 by default . It can be changed to an y user -defined por t . The string will be ht tps ://<wan-ip>:<r emote-management -por t> • Multicast Pas s Through —Allows mult[...]

  • Page 79

    Fi re wa l l Acc ess Rule s Cisco RV320/RV325 Ad ministration Guid e 79 8 UDP timeout —Input the timeout value of UDP s essions . The default f or UDP timeout is 30 seconds . Ac c e s s Rule s Acce ss rule s limit acces s to the subnetwork by allowing or denying acce ss by spec if i c se rvices o r de vi ces i de n ti fi ed b y th ei r I P a d dr[...]

  • Page 80

    Firewall Acc ess Rules 80 Cisco RV320/RV325 Administration Guide 8 STEP 11 Click Sa ve . Adding an Access Rule to the IPv6 Access Rule Table T o add (or edit) an IP v6 acce ss rule : STEP 1 Click the IP v6 tab. STEP 2 Click Add (or select the row and click Edit ). STEP 3 Select the Action, Allow or Deny , f or this rule fr om the drop-down menu. ST[...]

  • Page 81

    9 Cisco RV320/RV325 Ad ministration Guid e 81 VPN A VPN is a connection b etwe en two endpoints in dif f erent networks that allows private data t o be sent se cur ely over a shar ed or public net work , such as the Internet. This tunnel e stablishes a private network that can send data s ecurely by using industr y-standard encryption and authentic[...]

  • Page 82

    VPN Summar y 82 Cisco RV320/RV325 Administration Guide 9 • Dom a i n N a m e 1 thr ough 4 —If this r out er has a static IP addr ess and a regist er ed domain name, such as MyS er ver .MyDomain.com , ent er the Dom a i n N a m e t o use f or authentication. A domain name can b e used only f or one tunnel connection. The VPN T unnel Status displ[...]

  • Page 83

    VPN Gateway to Ga teway Cisco RV320/RV325 Ad ministration Guid e 83 9 • Remote Client —IP addr es s and subnet mask of the Remot e Client . • De tails — IP add re s s o f t he R em ote Gate way . • Tu n ne l T e s t — Status of the VPN tunnel. Ga tewa y to Gatewa y In a s ite -to -s ite or ga tew ay -to- ga tew ay V P N, the local rout [...]

  • Page 84

    VPN Gateway to Gateway 84 Cisco RV320/RV325 Administration Guide 9 • Enable— Check this b o x t o enable the VPN tunnel, or uncheck it to disable the tunnel. By default , the tunnel is enabled. Lo cal Group S etup Ent er the settings f or the L ocal Gr oup Setup f or this rout er . (Mirror these set tings when configuring the VPN tunnel on the [...]

  • Page 85

    VPN Gateway to Ga teway Cisco RV320/RV325 Ad ministration Guid e 85 9 If both rout ers ha ve dynamic IP addr ess es (as with PPPoE connections), do not choos e Dynamic IP + Email A ddr . for b o t h g a t e w a y s . Fo r t h e rem ote ga tew ay , c ho o s e IP A ddress and IP Ad d r ess b y D N S R eso lv ed . Keying Mode = IKE with Certifica te ?[...]

  • Page 86

    VPN Gateway to Gateway 86 Cisco RV320/RV325 Administration Guide 9 VPN r outer , choos e IP Addres s , and ent er the address . If you do not know the IP address of the remot e VPN r out er , sele ct IP by DNS Res olve d , and ent er the domain name of the r out er . Cisco rout ers can get the IP addr ess of remote VPN device by DNS Resolved. - IP [...]

  • Page 87

    VPN Gateway to Ga teway Cisco RV320/RV325 Ad ministration Guid e 87 9 IPSec Setup F or encr yption to be succes sful, the t wo ends of a VPN tunnel must agree on the methods of encr yption, de cr yption, and authentication. Enter e xactly the same sett ings on both r outers. Enter the settings f or Phase 1 and Phase 2. P hase 1 establishes the pres[...]

  • Page 88

    VPN Gateway to Gateway 88 Cisco RV320/RV325 Administration Guide 9 • Preshared Key— Pre sh are d ke y to us e to a ut he nt ic ate th e re mo te I K E p e er . Y ou can enter up to 30 k eyboard chara ct ers or hexadecimal values, such as My_@ 123 or 4d795f 40313233 (' ' " ar e not suppor t ed). B oth ends of the VPN tunnel must[...]

  • Page 89

    VPN Gateway to Ga teway Cisco RV320/RV325 Ad ministration Guid e 89 9 • AH Hash Algorithm— Au thentication Header (AH) pr otocol describ es the pack et f ormat and default standar ds f o r packet structur e. When AH is the s e c u r i t y p r o to c o l , p ro te c t i o n i s ex t e n d e d fo r w a r d i n to t h e I P h e a d e r t o ve r i [...]

  • Page 90

    VPN Cli ent to Gateway 90 Cisco RV320/RV325 Administration Guide 9 - Remote B ackup IP Address— Alternative IP addr ess f or the r emot e peer , or r eenter the W AN IP addr ess that was alre ady set f or the remot e gat eway . - Loc al Inter face— W AN interface to use to r eestablish the connection. - VPN T unnel Backup Idle Time— When the [...]

  • Page 91

    VPN Clie nt to Gateway Cisco RV320/RV325 Ad ministration Guid e 91 9 • Group VPN— Cr eat es a tunnel f or a group of users, eliminating the nee d t o configure individual users. All of the remote users can use the same Preshar ed Ke y to connect to the device, up to the maximum number of suppor ted tunnels. The rout er suppor ts up to two VPN g[...]

  • Page 92

    VPN Cli ent to Gateway 92 Cisco RV320/RV325 Administration Guide 9 - IKE with Cer tificate— Use a cer tificat e to authenticat e a r emot e IKE peer . • Enable— Check to enable this VPN. Configurin g Easy VPN Enter the f o llowing inf ormation: • Name— Name t o describ e the tunnel. F or a single us er , you can enter the username or loca[...]

  • Page 93

    VPN Clie nt to Gateway Cisco RV320/RV325 Ad ministration Guid e 93 9 • Ex tended Authentic a tion —Uses an IPs ec host username and pas sword t o authenticat e the VPN clients or it us es the user databas e f ound in User Management . T o use the IPse c Host , click the radio but ton and ente r the Us er Name and Pas sword . T o use the Edge D [...]

  • Page 94

    VPN Cli ent to Gateway 94 Cisco RV320/RV325 Administration Guide 9 hostname. Enter an Email Addres s t o use f or authentication. If both rout ers ha ve dynamic I P addr es ses (as with PPPoE connections), do not choos e Dynamic IP + Email Address f or both gat ewa ys. For the rem ote ga tew ay , c ho o s e IP Addre ss and IP Addres s by DNS Res ol[...]

  • Page 95

    VPN Clie nt to Gateway Cisco RV320/RV325 Ad ministration Guid e 95 9 If you know the IP addr es s of the r emot e VPN client , choos e IP Address , and then ent er the addr es s. If you do not know the IP addr ess of the remot e VPN client , select IP by DNS Re solve d , and then ent er the r eal domain name of the client on the Int ernet . Th e r [...]

  • Page 96

    VPN Cli ent to Gateway 96 Cisco RV320/RV325 Administration Guide 9 IPSec Setup F or encr yption t o be succe ssful, the t wo ends of a VPN tunnel must agr ee on the methods of encr yption, de cr yption, and authentication. Ente r exactly the same set tings on both rout ers . Ent er the set tings f or Phase 1 and Phase 2. Phase 1 establishe s the pr[...]

  • Page 97

    VPN Clie nt to Gateway Cisco RV320/RV325 Ad ministration Guid e 97 9 • Pres hared Key— Preshared k ey t o use t o authenticate the r emot e IKE peer . Y ou can enter up t o 30 k eyboard charact ers or he xadecimal values , such as My_@ 123 or 4d795f 40313233. B oth ends of the VPN tunnel must use the same Preshared K ey . We r e commend that yo[...]

  • Page 98

    VPN Cli ent to Gateway 98 Cisco RV320/RV325 Administration Guide 9 • AH Hash Algorithm— Authentication Header (AH) pr ot ocol describ es the pack et f o rmat and def ault standar ds f o r packet structur e. When AH is the securit y prot ocol, prot ection is e xtended f or ward int o the IP header t o verify the int egrit y of the entir e pack e[...]

  • Page 99

    VPN VPN Passthrough Cisco RV320/RV325 Ad ministration Guid e 99 9 VPN Pas sthrough VPN Passthrough allows VPN clients t o pass through this r outer and connect to a VPN endpoint and is enable d by def ault . T o op en this page, select VPN > VPN Pas sthrough in the na vigation tr ee. T o enable VPN Passthrough, check Enable f or the allowed pr o[...]

  • Page 100

    VPN SSL VP N 100 Cisco RV320/RV325 Administration Guide 9 S SL VPN A SS L VPN (Se cur e Sockets La yer virtual private network) allows users to establish a se cur e, r emote-acces s VPN tunnel t o this device by using a web browser . Users do not ne ed a soft ware or har dwar e client pr einstalled on their computers. S SL VPN provides secure, easy[...]

  • Page 101

    VPN SSL VP N Cisco RV320/RV325 Ad ministration Guid e 101 9 STEP 4 Click on Vi rtu a l P assa g e page. Choose C onnec t using Vir tual Pass age . A warning mes sage window pop s out . Click on Install button (install Xtunnel_W OW 64.cab ) t o establish a tunnel. STEP 5 Af t er the Virtual Pas s age window finishes loading, the tunnel is c onnected[...]

  • Page 102

    VPN SSL VP N 102 Cisco RV320/RV325 Administration Guide 9 • Res ource —Sy st em r esou r ces the g r o up is al lo wed t o access. Cli ck De ta il s to d is p lay . • Status —Group status. Delete a Group T o delet e a gr oup, click the name of the group that y ou want t o r emove in the SS L Status table and click De l e te . If users belon[...]

  • Page 103

    VPN SSL VP N Cisco RV320/RV325 Ad ministration Guid e 103 9 • My De sktop —Enables RDP5 and VNC. Remo te Deskt op Pr ot ocol Client Enhancements ( RDP5 ) ActiveX bookmarks now suppor t advanced W indows options f or r esource mapping, with options to r edirect drives, r edirect printers, redirect por ts, and redirect smar tCar ds. V ir tual Net[...]

  • Page 104

    VPN SSL VP N 104 Cisco RV320/RV325 Administration Guide 9 Re source Man agement SS L VPN suppor ts common Microsoft terminal ser vices including W ord, Ex cel, PowerP oint , Acces s, Outlo ok , Int ernet Explorer , Fr ontP age, and ERP . F or each terminal ser vice to be made available t o users, co nfigur e a r esource and spe cify the IP addr es [...]

  • Page 105

    VPN SSL VP N Cisco RV320/RV325 Ad ministration Guid e 105 9 Advan ce d Setting Advance d SS L VPN set tings limit the range of IP addr es s that can acces s ser vices , change the ser vice p ort , or modify the ba nners. T o op en this page, select SSL V P N > Adv anced Setting in the na vigation tree. T o mo dify advance d settings , enter the [...]

  • Page 106

    VPN SSL VP N 106 Cisco RV320/RV325 Administration Guide 9[...]

  • Page 107

    10 Cisco RV320/RV325 Ad ministration Guid e 107 C er tific a te Management A digital c ertifi cat e cer tifie s the ownershi p of a public ke y by the named subject of the cer tificate. This allows othe rs (r elying par ties) to r ely up on signatures or ass er tions made by the private k ey that corresponds to the public k e y that is cer tified. [...]

  • Page 108

    Certificate Management My Cer tificat e 108 Cisco RV320/RV325 Administration Guide 10 Exporting or Displaying a Certificate or Private Key The client cer tificate enables the client t o conne ct t o the VPN. T o expor t or display a cer tificat e or privat e key : STEP 1 Click the relat ed icon Exp or t Cer tificate f or Client or Expo rt C er tifi[...]

  • Page 109

    Cer tificate Management T rust ed S SL Cer tificat e Cisco RV320/RV325 Ad ministration Guid e 109 10 T ruste d S SL C er tific ate Secure Sockets La yer (SS L ) is the standard securit y technology f or cr eating an encr ypted link bet ween a web ser ver and a browser . This link ensures that all data pass ed bet ween the web ser ver and br owser r[...]

  • Page 110

    Certificate Management Certifi ca te Ge ne r a tor 110 Cisco RV320/RV325 Administration Guide 10 T o ex por t or display a certificate, click the Expor t Cer tificate icon. A pop-up window displa ys where y ou can Open the c er tificate f or insp ection or Sa v e the cer tificate t o a PC . T o impor t a 3r d-par ty cer tificate, click Ad d and imp[...]

  • Page 111

    Cer tificate Management CSR Authoriza tion Cisco RV320/RV325 Ad ministration Guid e 111 10 • K ey Encr yption Length —L ength of the k ey . • V alid Duration —Number of da ys the cer tificat e is valid. STEP 2 Click Sav e . The My Cer tifica te window appears. C SR Authoriza tion CS R (Cer tificate Signing Request) is a di gital identit y c[...]

  • Page 112

    Certificate Management C S R A ut h or i zati on 112 Cisco RV320/RV325 Administration Guide 10[...]

  • Page 113

    11 Cisco RV320/RV325 Ad ministration Guid e 113 Lo g L ogs document the status of the syst em, either by using traps or periodically . Sys te m L og Configure Short Me ss age Ser vice (S MS) logs and aler ts . T o op en this page, select Log > System Log in the navigation tr ee. Configuring the System Log Send SMS T o c onfigure the link f or th[...]

  • Page 114

    Log Sys te m L og 114 Cisco RV320/RV325 Administration Guide 11 Configure ema il Notification T o configure E-mail notification, check En able and complete the f ollowing : • Mail S er ver —Name or IP address of the mail s er ver . • Authentication —Mail ser ver login authentication typ e. - None — W ithout an y authentication. - Login Pl[...]

  • Page 115

    Lo g Syst em L og Cisco RV320/RV325 Ad ministration Guid e 115 11 Configure the Logs T o trigger log entrie s, sele ct the events: • Syn Flo oding — T CP connections requests are being receive d f aster than the device can proces s them. • IP Spo ofing —IP packets with appar ently f orge d source IP addresse s sent with the purpos e of conc[...]

  • Page 116

    Log Syst em Sta tis tics 116 Cisco RV320/RV325 Administration Guide 11 Additional Information (Log Buttons) If the web browser displa ys a warning about the p op-up window , allow the blocked content . Click Re fresh to u pd a te th e da t a. Click the f ollowing buttons t o view additional inf ormation: • View System Log— View the Sys te m L o[...]

  • Page 117

    12 Cisco RV320/RV325 Ad ministration Guid e 117 Us er Man agement User management c ontr ols domain and user acc ess , primarily use d f or PPTP , Cisco VPN Client (als o known as EasyVPN), and S SL VPN. T o op en this page, select User Management in the navigation tr ee. T o add (or mo dify) a domain: STEP 1 Click Add (or s elect an entr y and cli[...]

  • Page 118

    User Manageme nt 118 Cisco RV320/RV325 Administration Guide 12 - Dom a i n —Domain name users sele ct t o log into the SS L VPN por tal. - LDAP Ser ver Addre ss —IP v 4 addr ess of the LDAP ser ver . - LDAP Bas e DN —Sear ch b ase f or LD AP queries. An example of a search base st rin g is CN=Use rs,DC=you rdomain,DC= com . STEP 3 Click OK . [...]

  • Page 119

    13 Cisco RV320/RV325 Ad ministration Guid e 119 W eb F iltering W eb filt ering can pr ovide y ou with the pr ot ection against acc ess t o the inappropriat e websites bas ed on the below working mecha nism. This f eat ur e is only a vailable on the RV320- WB and RV325- WB models. STEP 1 If the incoming URL is in the Exclusio n List and its W eb Re[...]

  • Page 120

    Web Filtering Cisc o Small Business W eb Fil tering Ser vic e Supplemen tal E nd User Lic ense Agreement 120 Cisco RV320/RV325 Administration Guide 13 • Click Ad d and input the value of the fields. - Name: The name of the sche dule. - Desc r ip t i o n : Desc ribe th e sc hed ul e. - Check the dat es of implementing the schedule. - Star t: The s[...]

  • Page 121

    Web Fi lt er i ng Cisc o Small Business W eb F ilt ering Ser vic e Supplemen tal End User Lic ense Agreement Cisco RV320/RV325 Ad ministration Guid e 121 13 1 .1 Thes e T erms des cribe the terms and co nditions of your use of the Ser vice. 1 .2 Service C han ges. Ci sco r eser ves the r igh t , at its so le d isc r e tio n a nd fr om ti me t o tim[...]

  • Page 122

    Web Filtering Cisc o Small Business W eb Fil tering Ser vic e Supplemen tal E nd User Lic ense Agreement 122 Cisco RV320/RV325 Administration Guide 13 4.2 License. Subject to the t erms and conditions of these T erms , Cisco grants to End User a limited, non-e x clusive, non-tr ansf erable license to use the Ser vic e on the Cisc o device. 5. DA T [...]

  • Page 123

    Web Fi lt er i ng Cisc o Small Business W eb F ilt ering Ser vic e Supplemen tal End User Lic ense Agreement Cisco RV320/RV325 Ad ministration Guid e 123 13 T O THE GRE A TES T EX TENT ALL OWED BY APPLICABLE LA W . END USER’S S OLE AND E X CL USIVE REMED Y FOR BREACH OF W ARR ANT Y SHALL BE , A T CIS CO’S OPTION, RE-PERFORMANCE OF THE S E RVICE[...]

  • Page 124

    Web Filtering Cisc o Small Business W eb Fil tering Ser vic e Supplemen tal E nd User Lic ense Agreement 124 Cisco RV320/RV325 Administration Guide 13 7 .3 For c e Majeure. Cisco shall not be liable for an y dela y or failure in per f ormanc e whatsoever resulting from acts beyond its r easonable control. Such acts shall include, but not be limited[...]

  • Page 125

    14 Cisco RV320/RV325 Ad ministration Guid e 125 Wher e to Go F rom Here Cisco and the Cisco logo are trademarks or registered t rademarks of Cisco and/or i ts affiliates in the U.S. and other countries . To view a lis t of Cisco tradema rks, go to th is URL: www .c i sc o . co m/ go / t r a d e m a r k s . Third-party trade marks mentione d are the[...]