Cisco Systems RV325K9NA manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems RV325K9NA, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems RV325K9NA one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems RV325K9NA. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Cisco Systems RV325K9NA should contain:
- informations concerning technical data of Cisco Systems RV325K9NA
- name of the manufacturer and a year of construction of the Cisco Systems RV325K9NA item
- rules of operation, control and maintenance of the Cisco Systems RV325K9NA item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems RV325K9NA alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems RV325K9NA, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems RV325K9NA.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems RV325K9NA item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Cis c o Small Busine s s RV320/RV325 Gigabit Dual W AN VPN Rout er ADMINISTR A TION GUIDE[...]

  • Page 2

    78-20928-02[...]

  • Page 3

    Cisco Small Busines s RV320/RV 325 Admin istration Guide 3 Con t e n ts Chapter 1: Getting Started 7 Using the Getting Started Window 7 Features of the User Interface 8 Chapter 2: System Summary 11 System Information 11 Configuration (Wizard) 12 Port Activity 12 IPv4 and IPv6 13 Security Status 14 VPN Setting St atus 14 SSL VPN Status 15 Log Settin[...]

  • Page 4

    Cisco Small Busine ss RV320/RV 325 Administration Guide 4 Con t en ts Advanced Routing 41 Configuring Dynamic Routing 41 Configuring Static Routing 42 Inbound Load Balance 43 USB Device Update 44 Chapter 4: DHCP 45 DHCP Setup 46 Viewing the DHCP Status 48 Option 82 49 IP and MAC Binding 50 DNS Local Database 51 Router Advertisement (IPv6) 52 Chapte[...]

  • Page 5

    Cisco Small Busines s RV320/RV 325 Admin istration Guide 5 Con t e n ts Port Status 70 Traffic Statistics 71 VLAN Membership 71 QoS:CoS/DSCP Setting 72 DSCP Marking 72 802.1X Configuration 73 Chapter 7: Firewall 75 General 75 Access Rules 76 Content Filter 78 Chapter 8: VPN 81 Summary 81 Gateway to Gateway 83 Add a New Tunnel 83 Local Group Setup 8[...]

  • Page 6

    Cisco Small Busine ss RV320/RV 325 Administration Guide 6 Con t en ts Chapter 10: Log 107 System Log 107 System Statistics 110 Processes 110 Chapter 11: SSL VPN 111 Status 112 Group Management 112 Resource Management 115 Advanced Se tting 116 Chapter 12: Wizard 117 Basic Setup 117 Access Rule Setup 117 Chapter 13: User Management 119[...]

  • Page 7

    1 Cisco Small Busines s RV320/ RV325 Administration Guide 7 Get ting St ar te d Thank you f or choosing a Cis co RV320. This chapt er include s inf ormation to help you get started using your device. Using the Get ting St ar te d Window The default settings are sufficient f or many small business es. Net work demands or your Int ernet S er vice Pr [...]

  • Page 8

    Getting Started Fea tures of the Us er In ter face 8 Cisco Small Busines s RV320/R V325 Administration Guide 1 STEP 7 T o configure other settings , use the links in the navigation tr e e. Troubleshooting Tips If you ha ve tr ouble c onnecting to the Int ernet or the web-b ased web interface: • V erify that your web br ows er is not set to W ork [...]

  • Page 9

    Get ting Star ted F eat ures o f the User In ter f ace Cisco Small Busines s RV320/ RV325 Administration Guide 9 1 Help T o view inf ormation about the se lected configuration page, click Help near the top right corner of the web int er face. If your web browser displa ys a warning mes sage about the pop-up window , allow the blocked cont ent . Log[...]

  • Page 10

    Getting Started Fea tures of the Us er In ter face 10 Cisco Small Busines s RV320/R V325 Administration Guide 1[...]

  • Page 11

    2 Cisco Small Busines s RV320/ RV325 Administration Guide 11 System Summ ar y The Syst em Summar y displa ys information about the current status of the device connections , status, s ettings , and logs . System Informa tion Syst em inf orm ation descriptions : • Ser ial Nu mber — Serial number of the devic e. • Firm ware version— V ersion [...]

  • Page 12

    System Summary Configur a tion (W izar d) 12 Cisco Small Busines s RV320/R V325 Administration Guide 2 C onfigura tion ( Wizard) T o acce ss the Internet connection setup wizard and be prompt ed through the pr ocess, cl ick Se tu p W iza rd to launch the Wizard . Por t A ctivit y Port Activit y identifies the por t inter f ace s and indicat e s the[...]

  • Page 13

    System S ummar y IPv4 and I Pv6 Cisco Small Busines s RV320/ RV325 Administration Guide 13 2 • VL AN— VLAN ID of this por t . There ar e t wo pr e defined VLANs : 25 and 100 . VLAN 25 can b e used f or guest VL AN acces s and VL AN 100 can be used f or V oice traffic. By default , VLAN 25 and VL AN 100 ar e not enable d. • Rec eive Pack et Co[...]

  • Page 14

    System Summary Sec ur ity S ta tus 14 Cisco Small Busines s RV320/R V325 Administration Guide 2 S e curit y Sta tus This se ction displa ys the status of the se curity f eatur es : • SPI (Stateful Pack et Insp ec tion) —Status of the firewall: On (green) or Of f (red). T racks the state of network c onnections, such as T CP streams and UDP comm[...]

  • Page 15

    System S ummar y SSL VPN S ta tus Cisco Small Busines s RV320/ RV325 Administration Guide 15 2 • PPTP T unnel(s) Use d— Point -t o-Point T unneling Prot o col (PPTP) tunnels in use. PPTP is a method f or implementing vir tual private networks . PPTP uses a control channel ov er TCP and a Ge neric Routing Encapsulation (GRE) tunnel to encapsulat[...]

  • Page 16

    System Summary Log Setting Status 16 Cisco Small Busines s RV320/R V325 Administration Guide 2[...]

  • Page 17

    3 Cisco Small Busines s RV320/ RV325 Administration Guide 17 Se t up Use the Setup > Net work page t o set up your LAN, W AN (Int ernet), DMZ, and s o fo r t h . Se t up N e t wo r k T o open the Network page, click Setup > Net work . Some IS Ps requir e that you as sign a hostname and domain name to identify your dev ice. De f aul t v al ues[...]

  • Page 18

    Setup Se tup Ne twor k 18 Cisco Small Busines s RV320/R V325 Administration Guide 3 Adding or Editing an IPv4 Network By default one IPv 4 LAN subnet work is configur ed, 192. 168. 1 . 1 . One subnetwork is usually sufficient for most small business es . The fir ewall denie s acces s if a LA N device so ur ce IP address i s on a subnetwork that is [...]

  • Page 19

    Setup Se tup Ne twor k Cisco Small Busines s RV320/ RV325 Administration Guide 19 3 T o configure WAN C o n n e c t i o n S e t t i n g s , select a W AN interface and click Edit . WA N C o n n e c t i o n S e t t i n g s appears . Select the W AN Conne ction Typ e from the menu and modify the r elat ed parameters as describe d in these s ections: [...]

  • Page 20

    Setup Se tup Ne twor k 20 Cisco Small Busines s RV320/R V325 Administration Guide 3 - Configure t o R A and DHCP v6 automatically—Provide Stat ele ss an d Stateful IPv6 address es f or L AN-side PCs . Static IP Choos e this option if y our ISP as signed a permanent IP address to your account . Ent er the set tings pr ovide d by your ISP : • Spe[...]

  • Page 21

    Setup Se tup Ne twor k Cisco Small Busines s RV320/ RV325 Administration Guide 21 3 PPPoE Choo se this option if y our ISP use s PPPo E (Po int-t o-Point Prot o col over Ethernet) t o establish Internet connections (typical f or DS L lines). Then enter the settings pr ovided by your IS P: • Us ernam e and Password —Username and pas swor d f or [...]

  • Page 22

    Setup Se tup Ne twor k 22 Cisco Small Busines s RV320/R V325 Administration Guide 3 T o configure the IPv6 parameters, che ck Enable . The DHCP v6 client proces s and requests f or prefix delegation through the select ed interface are enabled. Us e this option when your ISP is capable of sendin g LAN prefixes by using DHCP v6. If your IS P does not[...]

  • Page 23

    Setup Se tup Ne twor k Cisco Small Busines s RV320/ RV325 Administration Guide 23 3 • Conne ct ion Timers —Connection is dis connected after a period of inactivit y . - Co nnec t on De mand — When this f eature is enabled, the device automatically establishes your connection. If you enabled this f eature, ent er the Max Idle Time , the number[...]

  • Page 24

    Setup Se tup Ne twor k 24 Cisco Small Busines s RV320/R V325 Administration Guide 3 Stateless Address Autoconfiguration (IPv6) Choos e this option if your ISP uses IP v6 Router Solicitations and R outer Advert isements, ho sts on the network learn which network they ar e conne ct e d t o, and once they do, they can aut omatically c onfigur e a ho s[...]

  • Page 25

    Setup Se tup Ne twor k Cisco Small Busines s RV320/ RV325 Administration Guide 25 3 IPv6 in IPv4 Tunnel (IPv6) Choo se this option if y our ISP us es IP v6 in IP v 4 T unnel to establish Internet connections . Yo u m u s t e n t e r a n I P v 4 Static IP addres s. Then enter the sett ings pr ovided by your IS P : • Lo cal IP v 6 Ad dres s —L oc[...]

  • Page 26

    Setup Se tup Ne twor k 26 Cisco Small Busines s RV320/R V325 Administration Guide 3 6to4 Tunnel (IPv6) Choos e this option t o establish an auto-tunnel in an IPv4 network (or real IP v 4 Internet connection) acr os s tw o independ ent IP v6 net works. Enter the f ollowing parameters: Relay IPv4 A ddress —All ows a 6t o4 ho st t o communicate with[...]

  • Page 27

    Setup Se tup Ne twor k Cisco Small Busines s RV320/ RV325 Administration Guide 27 3 IPv6 Rapid Deployment (6rd) Tunnel (IPv6) Choo se this option if y our ISP us es 6rd T unnel (IP v6 Rapid D eployment) t o establish Internet connections . Ent er the set tings provided by y o ur ISP . • 6rd Configurat ion Mo de : - Manual —Manually set 6rd Pr e[...]

  • Page 28

    Setup Se tup Ne twor k 28 Cisco Small Busines s RV320/R V325 Administration Guide 3 USB 1 or USB2 Por t S et tings USB p or t configuration manages the c onnection bet ween this devic e and the USB dongle. It also manag es W AN por t fail over (r edundancy) . Some US B dongles configure their cr edentials auto matically . O thers, such as the V eri[...]

  • Page 29

    Setup Se tup Ne twor k Cisco Small Busines s RV320/ RV325 Administration Guide 29 3 Set ting Failover and Rec over y While both an Ethernet and mobile net work link might be a vailabl e, only one connection at a time can be us ed to establish a W AN link . Whenever one W A N connection fails , the device attempts to bring up another connection on a[...]

  • Page 30

    Setup Se tup Ne twor k 30 Cisco Small Busines s RV320/R V325 Administration Guide 3 - Ex tra Charge —Cost in doll ars if a g iv en peri od of ti me i s e xceeded. - Stop conne ction ...—Che ck t o enable dropping the connection when the time ex ce eds the given time. The window appears : • Previous Cumula tive Time —Amount of time the 3G/ 4[...]

  • Page 31

    Setup DMZ Enable Cisco Small Busines s RV320/ RV325 Administration Guide 31 3 DMZ Enable A DMZ is a subnetwork that is open to the public but behind the fir ewall. A DMZ all ows yo u to red irect pac kets c omi ng in to your W AN p or t to a sp ec ific IP a ddres s in your LAN. Y ou can configure fir ewall rules to allow acces s t o specific s er v[...]

  • Page 32

    Setup Passw ord 32 Cisco Small Busines s RV320/R V325 Administration Guide 3 ! CAUT IO N The pas sword cannot be recovered if it is lo st or f orgotten. If the password is lost or f orgot ten, the device must be r eset to the fact or y default set tings, removing all configuration change s. If you ar e acce ssing the device remotely and r es et the[...]

  • Page 33

    Setup Ti m e Cisco Small Busines s RV320/ RV325 Administration Guide 33 3 When Minimum Pass word Co mplexit y - Enable is checked, the Password Strength Meter indicates the password str ength, b ased on the c omple xit y rules . The scale range s fr om red (unacceptable) to yellow (acceptable) to gr e en ( strong). STEP 3 Click Sav e . Time T ime i[...]

  • Page 34

    Setup DMZ Host 34 Cisco Small Busines s RV320/R V325 Administration Guide 3 T o configure NTP and time settings , choos e Setup > Time . • Time Zone — T ime zone r elative to Gr e en wich Mean T ime (GMT ) . • Daylight Savings Time —Enable or dis able the adjustment f or da ylight savings time. Enter the start date in the From fields and[...]

  • Page 35

    Setup (Port) Forwarding Cisco Small Busines s RV320/ RV325 Administration Guide 35 3 Use this function to establish a web ser ver or FTP ser v er . Make sur e that you enter a valid IP addr es s. ( T o run an Internet ser ver , it might b e neces sar y to use a static IP addr es s.) For added securit y , outside users are able t o c ommunicat e wit[...]

  • Page 36

    Setup (Por t) F orwarding 36 Cisco Small Busines s RV320/R V325 Administration Guide 3 • Por t Range— Range of por t numbers reser ved f or this ser vic e. STEP 4 Click Sa v e . Configurin g Port Triggering Port triggering allows the devic e t o mo nit or outgoing data f or spe cific por t numbers . The IP addr e ss of the client that sent the [...]

  • Page 37

    Setup Port Address T ransla tion Cisco Small Busines s RV320/ RV325 Administration Guide 37 3 Por t A ddres s T ranslation Port Address T ranslation (P A T ) is an extension of Network Addres s T r anslation (NA T ) that p ermits multiple devices on a L AN t o be mappe d to a single public IP address to conser ve IP addres ses . P A T is similar to[...]

  • Page 38

    Setup Se tti ng Up On e- to- On e N A T 38 Cisco Small Busines s RV320/R V325 Administration Guide 3 Adding or Editing a S er vic e Name T o add or edit an entr y on the Ser vic e list: STEP 1 Click Se r v ice Ma na ge me n t . If the web br ows er displa ys a warning about the pop-up window , allow the blocked c ont ent . STEP 2 T o add a ser vice[...]

  • Page 39

    Setup MAC Address Cloning Cisco Small Busines s RV320/ RV325 Administration Guide 39 3 T o enable this f eatur e, check Enable . T o add an entr y to the list , click Add and ent er the following inf ormation: • Private Rang e B egin— Star ti ng IP addr es s of the internal IP addres s range that you want t o map to the public range. Do not inc[...]

  • Page 40

    Setup Assigning Dynamic DNS to a W AN Interface 40 Cisco Small Busines s RV320/R V325 Administration Guide 3 A s signing D ynamic DNS to a W AN In ter fac e Dynamic D omain Name Syst em (DDNS) s er v ice assigns a fixed domain name t o a dynamic W AN IP addr es s, so you can host your own web, F TP , or another t ype of T CP /IP s er ver on y our L[...]

  • Page 41

    Setup Advance d Routing Cisco Small Busines s RV320/ RV325 Administration Guide 41 3 Advanc e d Routing This f eature enables dynamic routing and adds static rout es to the ro uting table f o r IP v 4 and IP v6. T o view the r outing table, click View Routing T able . Cl ick Refres h to u p d ate t he data. Click Clo se to close the p op-up window [...]

  • Page 42

    Setup Advanc ed Routing 42 Cisco Small Busines s RV320/R V325 Administration Guide 3 ( VLSM) . RIP v 1 als o lacks suppor t f or rout er authentication, making it vulnerable to attacks . RIP v2 carrie s a subnet mask and suppor ts password authentication securit y . • T ransmit RIP versions— Select the RIP prot o col f or transmit ting network [...]

  • Page 43

    Setup Inboun d L oad Balan ce Cisco Small Busines s RV320/ RV325 Administration Guide 43 3 T o delete an entr y from the list, click the entr y that you want t o delete, and then click Del et e . T o view curr ent data, click View Routing T able . The Routing T able Entr y List appears . Y ou can click Refresh to u pd a te t he da ta , o r c li ck [...]

  • Page 44

    Setup USB Devic e Update 44 Cisco Small Busines s RV320/R V325 Administration Guide 3 STEP 6 Click SPF Set tings to add SPF t ext . S PF (Sender P olicy Framework) is an email validation syst em that prev ents email spam by detecting email spo ofing (a common vulnerabilit y) by verifying sender IP address es . (Configuring this field is not requir [...]

  • Page 45

    4 Cisco Small Busines s RV320/ RV325 Administration Guide 45 DHCP Dynamic Host C onfiguration Prot oc ol (DHCP) is a network prot ocol that is us ed to configure network device s t o communicate on an IP network . A DHCP client uses the DHCP prot oc ol to acquire configuration information, such as an IP addr es s, a default r oute, and one or mor e[...]

  • Page 46

    DHCP DHCP Setup 46 Cisco Small Busines s RV320/R V325 Administration Guide 4 DHCP S etup DHCP Setup configures DHCP f or IP v 4 or IP v6. It also allows some device s t o download their configuration from a TFTP se r ver . When a device star ts, if it does not hav e b oth the IP addr es s and TF TP ser ver IP addr es s pr e configured, it sends a r[...]

  • Page 47

    DHCP DHCP S etup Cisco Small Busines s RV320/ RV325 Administration Guide 47 4 • Client Lease Time —Amount of time in minute s that a network user is allowed to connect to the rout er with the current IP address . V alid values are 5 t o 43200 minut es . The default is 1440 minutes (equal to 24 hours ) . • Range Star t and Range End— Star ti[...]

  • Page 48

    DHCP V iewing the DHCP Status 48 Cisco Small Busines s RV320/R V325 Administration Guide 4 • DHCP Rela y —Pa s s e s D HC P re qu e st s a nd rep li e s fro m a no th er D HC P ser ver through the device. • Client Le ase Time —Amount of time that a net work user is allowe d t o connect to the rout er with the curr ent IP addres s. Enter the[...]

  • Page 49

    DHCP Option 82 Cisco Small Busines s RV320/ RV325 Administration Guide 49 4 • DHCP A vailable— Numb er of dynamic IP addr es ses available. • To t a l — T otal numb er of dynamic IP addr es ses managed by the DHCP ser ver . The Client T able shows the DHCP client inf ormation: • Client Host Name— Name assigned to a client host . • IP [...]

  • Page 50

    DHCP IP and MAC Binding 50 Cisco Small Busines s RV320/R V325 Administration Guide 4 IP and MA C Binding When the device is configured as a DHCP ser ver or f or DHCP rela y , you can bind static IP ad dr es ses to up to 100 net work device s, such as a we b ser ver or an F TP ser ver . Binding do es not as sign an IP addr es s to a device. Y ou sho[...]

  • Page 51

    DHCP DNS Local Databas e Cisco Small Busines s RV320/ RV325 Administration Guide 51 4 Edit or Delete Bound Entries To Edit the set tings, s elect an entr y in the list and click Edit . The inf ormation appears in the te x t fields . Mak e the changes , and click Sa ve . To Del ete an entr y fr om the list , sele ct the entr y t o delete, and click [...]

  • Page 52

    DHCP Rout er Adver tis ement (IPv6) 52 Cisco Small Busines s RV320/R V325 Administration Guide 4 T o change the T CP /IP c onnection set tings , f or example, on a PC running W i ndows, go to the L ocal Area Connection Proper t ies > In ternet Protoc ol > TCP /IP Proper ties window . Choo se Use the following DNS ser ver addr e ss , and ent e[...]

  • Page 53

    DHCP Rout er Adver tis ement (IPv6) Cisco Small Busines s RV320/ RV325 Administration Guide 53 4 ent er the Adver tis ement Inter val ; the int er val at which Router Advertisement mes sages are sent. Enter an y value bet ween 10 and 1800 seconds . The default is 30 seconds . - Unic ast only— Send Router Adv er tisement mes sages only to well- kn[...]

  • Page 54

    DHCP Rout er Adver tis ement (IPv6) 54 Cisco Small Busines s RV320/R V325 Administration Guide 4[...]

  • Page 55

    5 Cisco Small Busines s RV320/ RV325 Administration Guide 55 System Man agement Syst em Management configures advance d set tings, such as diagno stic t ools , and per f orms tasks such as firmwar e upgr ad es, backu ps , a nd d evi ce r eboots. Dual W AN C onne c tions Use this f eature t o configure the settings f or your Internet connections, if[...]

  • Page 56

    System Management Dual W AN Connections 56 Cisco Small Busines s RV320/R V325 Administration Guide 5 • Dow ns tr eam — Maximum downstr eam bandwidth pr ovided by your ISP . The default is 10000 kbs. Network Service Detection Optionally , check the b o x to allow the device to det e ct network conne ctivity by pinging spe cified devic es and ent[...]

  • Page 57

    Syste m Mana geme nt Band widt h Ma nagemen t Cisco Small Busines s RV320/ RV325 Administration Guide 57 5 T o enable the pr otocol binding, check the box to enable this rule, o r uncheck the box to disable it. To Edit the settings , sele ct an entr y in the list . The inf ormation app ears in the t ext fields. Make the changes , and click Sa ve . [...]

  • Page 58

    System Management Ban dwid th Mana geme nt 58 Cisco Small Busines s RV320/R V325 Administration Guide 5 Maximum Band width Provide d by ISP Ent er the ma ximum bandwidth settings as specified by your ISP : • Upstre am— Maximum upstream bandwidth provided by your ISP . • Dow ns tr eam — Maximum downstr eam bandwidth pr ovided by your ISP . B[...]

  • Page 59

    Syste m Mana geme nt SNMP Cisco Small Busines s RV320/ RV325 Administration Guide 59 5 • Priorit y— Cho ose the priorit y f or this s er vice : High or Low . Default priority level is Medium, which is implied and not shown in the web int er face. Check the box t o enable this ser vice. To Edit the set tings, s elect an entr y in the list and cl[...]

  • Page 60

    System Management SNMP 60 Cisco Small Busines s RV320/R V325 Administration Guide 5 • Tr a p C o m m un i t y N a m e — Password sent with each trap t o the S NMP manager . The string can be up to 64 alphanumeric charact ers . The def ault is public . • Enable SNMP v1 /v2c— Enables S NMP v 1 /v2c. - Get Communit y Name —Communit y string [...]

  • Page 61

    Syste m Mana geme nt Disc over y -Bonjour Cisco Small Busines s RV320/ RV325 Administration Guide 61 5 STEP 5 Click Sav e . T o add or edit a us er : STEP 1 Click Add or select a user and click Edit in the Us er T able. STEP 2 Enter the User Name . STEP 3 Select the Group fr om the drop-down menu. STEP 4 Select the Authentication Method and enter t[...]

  • Page 62

    System Management LLDP Proper ties 62 Cisco Small Busines s RV320/R V325 Administration Guide 5 LLDP Proper tie s Link Lay er Dis cover y Pr ot oc ol (LLDP) is a v endor -neutral prot o col in the Internet Pr otocol Suit e use d by network device s f o r advertisin g their identity , capabil ities, and neighbors on an IEEE 802 local area network , [...]

  • Page 63

    Syste m Mana geme nt Using D iagno s tic s Cisco Small Busines s RV320/ RV325 Administration Guide 63 5 Using Diagno stic s The Diagnostic pag e acces se s two built-in t ools , DNS Name L ookup and Ping. If you suspect a problem with connectivity , you can use the se tools t o inv estigate the cause. T o open this page, select System Management &g[...]

  • Page 64

    System Management Fir mw are Up gr ad e 64 Cisco Small Busines s RV320/R V325 Administration Guide 5 F irmware Upgrade This f eature downloads the firmwar e f or your device from a PC or a USB Flash drive and installs it . The window displays the F irmware V ersion currently running on the device. NOTE If you choose an earlier version of the firmwa[...]

  • Page 65

    Syste m Mana geme nt Re sta r t Cisco Small Busines s RV320/ RV325 Administration Guide 65 5 Alt ernatively , you can choos e a language in the f ollowing ways: • On the L o gin page, choose a language from the La ng u ag e drop-down list . • On all configuration p ages, cho ose a lang uage from the dr op- down list at the t op right-hand corne[...]

  • Page 66

    System Management Bac kup a nd R est or e 66 Cisco Small Busines s RV320/R V325 Administration Guide 5 B ackup and Re store Configuration files can be impor ted, e xp or t e d, and copied. The rout er has two managed configuration files , star tup and mirror . The device lo ads the star tup file from memory when it b oots up into th e running confi[...]

  • Page 67

    Syste m Mana geme nt Back up a nd R e s tor e Cisco Small Busines s RV320/ RV325 Administration Guide 67 5 STEP 3 Click Sav e and choos e a file location. Optionally , enter a filename and click Sa ve . TIP The default filenames are St artup .co n fig and Mi r ro r . c on fi g . The .conf ig e xtension is r equired. F or easier identification, it m[...]

  • Page 68

    System Management Bac kup a nd R est or e 68 Cisco Small Busines s RV320/R V325 Administration Guide 5[...]

  • Page 69

    6 Cisco Small Busines s RV320/ RV325 Administration Guide 69 Por t Management Use Port Management to configure port s ettings and view the status of the por t . Y ou can enable p ort mirr oring, disable a p or t , or set the priority , spee d, duple x mode, and auto-negotiation. Y ou also can enable por t-based VL ANs to control traffic be tween de[...]

  • Page 70

    Port Management Por t St atu s 70 Cisco Small Busines s RV320/R V325 Administration Guide 6 • Dis able— Check this box to disable a por t . By default, all por ts are enabled. • EEE —Check this box to enable Energy-Efficient Ethernet that r educe s the consumption of power during pe rio ds of low data activity . • Priorit y— F or each p[...]

  • Page 71

    Por t Management T raf f i c St at i st i c s Cisco Small Busines s RV320/ RV325 Administration Guide 71 6 Traf f i c St at i s t i c s T o open this page, select Por t Management > T raffic St a tistic s in the na vigation tree. F or the s elected por t , the Statistic s table displa ys the f ollowing : • Por t ID —Location of the por t . ?[...]

  • Page 72

    Port Management QoS:C oS/DSCP Setting 72 Cisco Small Busines s RV320/R V325 Administration Guide 6 Q oS:C oS/DS CP S et ting This option gr oups traffic by clas se s of ser vice (CoS) , ensuring bandwidth and higher priorit y f or the sp ecified s er vice s. All traf fic that is not added to the IP Gr oup use s Int elligent B alancer mode. T o open[...]

  • Page 73

    Por t Management 802. 1 X C onf igura tion Cisco Small Busines s RV320/ RV325 Administration Guide 73 6 802. 1 X C onfigura tion Po r t -based net work acces s contr ol uses the physical acces s charact eristic s of IEEE 802 L AN infrastructur es to provide a means of authenticating and authorizing devices at tached to a LAN p ort that has point-t [...]

  • Page 74

    Port Management 802. 1 X C onfigur ation 74 Cisco Small Busines s RV320/R V325 Administration Guide 6[...]

  • Page 75

    7 Cisco Small Busines s RV320/ RV325 Administration Guide 75 F irewall The primar y objective of a firewall is t o c ontro l the incoming and outgoing net work traffic by analy zing the data pack ets and det ermining whether it should b e allowed through or not , base d on a pr e det ermined rule set . A network firewall builds a bridge bet ween an[...]

  • Page 76

    Firewall Acc ess Rules 76 Cisco Small Busines s RV320/R V325 Administration Guide 7 • Remote Management —Allows r emote management of the device when enabled. The por t is 443 by default . It can be changed to an y user- defined por t . The string will be ht tps ://<wan-ip>:<remot e-management-por t> • Multicast Pas s Through —A[...]

  • Page 77

    Fi re wa l l Acc ess Rule s Cisco Small Busines s RV320/ RV325 Administration Guide 77 7 Adding an Access Rule to th e IPv4 Access Rule Table T o add (or edit) an IPv 4 acc es s rule: STEP 1 Click the IP v4 tab. STEP 2 Click Add (or select the row and click Edit ). STEP 3 Select the Action, Allow or De ny , f or this rule from the dr op -down menu.[...]

  • Page 78

    Firewall Conten t Filter 78 Cisco Small Busines s RV320/R V325 Administration Guide 7 STEP 6 Sel ect th e So ur ce I nt erf ace from the dr op- down me nu. STEP 7 Sel ect th e Source IP Prefix Length from the dr op- down menu. If you selected Single , ent er the source IP pr efix . If you selected Range , enter the starting IP prefix and the pr efi[...]

  • Page 79

    Fi re wa l l Conten t Filt er Cisco Small Busines s RV320/ RV325 Administration Guide 79 7 STEP 3 Enter a wor d in the Ke y w o rd colum n. STEP 4 Click Sav e . Accepting Allowed Domains T o specifically accept a domain: STEP 1 Select Acc ept Allowed Dom ains . STEP 2 Click Add (or Edit ) in the Allowe d Domains table. STEP 3 Enter the name in the [...]

  • Page 80

    Firewall Conten t Filter 80 Cisco Small Busines s RV320/R V325 Administration Guide 7[...]

  • Page 81

    8 Cisco Small Busines s RV320/ RV325 Administration Guide 81 VPN A VPN is a connection b etwe en two endpoints in dif f erent networks that allows private data t o be s ent securely over a shar ed or public net work , such as the Internet. This tunnel e stablishes a private network that can send data s ecurely by using industr y-standard encryption[...]

  • Page 82

    VPN Summar y 82 Cisco Small Busines s RV320/R V325 Administration Guide 8 • Dom ai n Na me 1 thr ough 4 —If this r out er has a static IP address and a regist er ed domain name, such as MyS er ver .M yDomain.com , enter the Dom ai n Na me to use f or authentication. A domain name can be us ed only f or one tunnel c onnection. The VPN T u nnel S[...]

  • Page 83

    VPN Gateway to Ga teway Cisco Small Busines s RV320/ RV325 Administration Guide 83 8 • Remote Client —IP addres s and subnet mask of the R e mot e Client . • De tails — IP add re s s o f t he Rem ote Gate way . • Tu n ne l T e s t— Status of the VPN tunnel. Ga teway to Ga tewa y In a s ite -to -s ite or g ate way -to -g ate way VP N, th[...]

  • Page 84

    VPN Gateway to Gateway 84 Cisco Small Busines s RV320/R V325 Administration Guide 8 • Enable— Check this b o x to enable the VPN tunnel, or uncheck it to disable the tunnel. By default , the tunnel is enabled. Lo cal Group S etup Ent er the settings f or the L o cal Gr oup Setup f or this rout er . (Mirror these set tings when configuring the V[...]

  • Page 85

    VPN Gateway to Ga teway Cisco Small Busines s RV320/ RV325 Administration Guide 85 8 - Dyna mi c I P + E-mail Addr .(USER FQDN) Authentic ation— This rout er has a dynamic IP addr es s and does not hav e a Dynamic DNS hostname. Enter an Email Addres s t o use f or authentication. If both rout ers hav e dynamic IP addres ses (as with PPPoE connect[...]

  • Page 86

    VPN Gateway to Gateway 86 Cisco Small Busines s RV320/R V325 Administration Guide 8 Remote Group Setup Ent er the set tings f or the Remot e Group Setup f or this r outer : • Remote Se curit y Gatewa y Typ e— Method f or identifying the router t o establish the VPN tunnel. The Remot e Se curity Gat eway is the other r outer . At least one of th[...]

  • Page 87

    VPN Gateway to Ga teway Cisco Small Busines s RV320/ RV325 Administration Guide 87 8 • Lo cal S ecuri t y Group Type — LAN resources that can use this tunnel. The L o cal Securit y Group is f or this rout er ’ s L AN resources ; the R emote Securit y Group is f or the other r outer ’ s L AN resources . - IP Addres s— Specify one device th[...]

  • Page 88

    VPN Gateway to Gateway 88 Cisco Small Busines s RV320/R V325 Administration Guide 8 • P erf ect Fo rwa rd Sec r ecy — Wh e n P e rf ec t F o rw ar d Se c r ec y ( P F S ) i s enabled, IKE Phase 2 ne gotiation generat es new key material f or IP traffic encr yption and authentication, so hackers using brut e for ce to br eak encr yption keys wil[...]

  • Page 89

    VPN Gateway to Ga teway Cisco Small Busines s RV320/ RV325 Administration Guide 89 8 Advanc e d Set tings for IKE with Pre shared K ey and IKE with C ertific ate F or mo st users , the basic settings should suf fice ; advanced users can click Adva nced to displa y the advance d set tings. If you change the Advanced s ettings on one r outer , also e[...]

  • Page 90

    VPN Gateway to Gateway 90 Cisco Small Busines s RV320/R V325 Administration Guide 8 • NA T T raversal— Network Addres s T ranslation (NA T ) enables us ers with privat e L AN addr es ses to acces s Internet r e sources by using a publicly routable IP addr e ss as the sou r c e addr es s. However , f or inbound traffic, the NA T gatewa y has no [...]

  • Page 91

    VPN Clie nt to Gateway Cisco Small Busines s RV320/ RV325 Administration Guide 91 8 • Split DNS— Sends some of the DNS requests to one DNS ser ver and other DNS r eque sts t o another DNS ser ver , b ased on spe cified domain name s. When the r outer r e ceives an addr es s r esolution request from client, it inspec ts the domain name. If it ma[...]

  • Page 92

    VPN Cli ent to Gateway 92 Cisco Small Busines s RV320/R V325 Administration Guide 8 • Easy VPN —Allows r emot e users to connect this devic e by using Cisco VPN Client (also known as Cis co E asy V PN Clie nt ) utility (available on the product CD) : - V ersion 5.0 .07 suppor ts Windows 7 (32-bit and 64-bit), Windows V ista (32-bit and 64-bit),[...]

  • Page 93

    VPN Clie nt to Gateway Cisco Small Busines s RV320/ RV325 Administration Guide 93 8 Configuring Easy VPN Enter the f ollowing inf ormation: • Name— Name to describe the tunnel. For a single user , you can enter the username or location. This descriptio n is f or your ref er ence and doe s not ha ve t o mat ch the name used at the other end of t[...]

  • Page 94

    VPN Cli ent to Gateway 94 Cisco Small Busines s RV320/R V325 Administration Guide 8 Local Group Setup Enter the f ollow ing inf ormat ion: • Loc al S ecurit y Gateway Type— Method f or id entifying the rout er to establish the VPN tunnel. The Remot e Se curity Gat eway is the other r outer . At least one of the r out ers must hav e either a sta[...]

  • Page 95

    VPN Clie nt to Gateway Cisco Small Busines s RV320/ RV325 Administration Guide 95 8 • Lo cal S ecuri t y Group Type — Spec ify th e LAN r esour ces th at can access this tunnel. - IP Addres s— Choose this option to allow only one LAN device to acce ss the VPN tunnel. Then enter the IP addr e ss of the c omput er . Only this device can use thi[...]

  • Page 96

    VPN Cli ent to Gateway 96 Cisco Small Busines s RV320/R V325 Administration Guide 8 • IP + Email Addre ss (USER FQDN) Authentication— Client has a static IP address and you want t o us e an y em ail addres s f or authentication. The current W AN IP addres s appears automatically . Enter an y Email Addre ss to use f or authentication. If you kno[...]

  • Page 97

    VPN Clie nt to Gateway Cisco Small Busines s RV320/ RV325 Administration Guide 97 8 IPSec Setup F or encr yption to be suc ces sful, the two ends of a VPN tunnel mu st agr e e on the methods of encr yption, de cr yption, and authentication. Enter e xactl y the same sett ings on both r outers. Enter the settings f or Phase 1 and Phase 2. Phase 1 est[...]

  • Page 98

    VPN Cli ent to Gateway 98 Cisco Small Busines s RV320/R V325 Administration Guide 8 • Preshared Key— Pre sh are d ke y to us e to a ut he nt ic ate th e rem ote IK E p e er . Y ou can en t er up to 30 k eybo ar d chara cters or hexadecimal values, such as My_@ 123 or 4d795f 40313233. B oth ends of the VPN tunnel must use the same Preshar e d K [...]

  • Page 99

    VPN Clie nt to Gateway Cisco Small Busines s RV320/ RV325 Administration Guide 99 8 • AH Hash Algorithm— Authentication Header (AH) pr otocol describ es the pack et f ormat and def ault standar ds f o r packet struc ture. When AH is the s e c u r i t y p ro t o c o l , p ro te c t i o n i s ex t e n d e d fo r w a rd i n t o t h e I P h e a d e[...]

  • Page 100

    VPN VPN Passthrough 100 Cisco Small Busines s RV320/R V325 Administration Guide 8 VPN Pas sthrough VPN P assthrough allows VPN clients t o pass through this r outer and connect t o a VPN endpoint and i s enabled by de fault. T o open this page, s elect VPN > VPN Pas sthrough in the na vigation tree. T o enable VPN P as sthr ough, check En able f[...]

  • Page 101

    9 Cisco Small Busines s RV320/RV 325 Administration Guide 101 C er tific a te Man agemen t A digital c ert ificat e cer tifie s the ownershi p of a public ke y by the named subject of the cer tificate. This allows othe rs (relying parties) t o r ely upon signatures or ass er tions made by the private k ey that corresponds to the public k ey that is[...]

  • Page 102

    Certificate Management My Cer tificat e 102 Cisco Small Busines s RV320/R V325 Administration Guide 9 Exporting or Displaying a Certificate or Private Key The client cer tificate enables the client t o conne ct t o the VPN. T o expor t or displa y a cer tificat e or private k ey : STEP 1 Click the relat e d icon Exp ort C er tificate f or Client or[...]

  • Page 103

    Cer tificate Management T rusted SSL Cer tifica te Cisco Small Busines s RV320/RV 325 Administration Guide 103 9 T ruste d S SL C er tific a te Secure Sockets La yer (SS L ) is the standard security technology for cr eating an encr ypted link bet ween a web ser ver and a browser . This link ensures that all data pass ed bet ween the web ser ver and[...]

  • Page 104

    Certificate Management Certifi ca te G ener at or 104 Cisco Small Busines s RV320/R V325 Administration Guide 9 T o ex por t or display a cer tificat e, click the Exp ort C er tifica te icon. A pop-up window displa ys where y ou can Open the cer tificate f or insp ection or Sa v e the cer tificate t o a P C. T o impor t a 3r d-par ty cer tificate, [...]

  • Page 105

    Cer tificate Management CSR Authoriza tion Cisco Small Busines s RV320/RV 325 Administration Guide 105 9 • K ey Encr yption Length —L ength of the ke y . • V alid Duration —Number of days the cer tificate is valid. STEP 2 Click Sav e . The My Cer tificat e window appears . C SR Authoriza tion CS R (Cer tificate Signing Request) is a di gita[...]

  • Page 106

    Certificate Management C S R A ut h or i zati on 106 Cisco Small Busines s RV320/R V325 Administration Guide 9[...]

  • Page 107

    10 Cisco Small Busines s RV320/RV 325 Administration Guide 107 Lo g L o gs document the status of the syst em, either by using traps or periodically . Sys te m Log Configure Short Me ss age Ser vice (S MS) logs and aler ts . T o open this page, select Log > System Log in the navigation tr e e. Configuring the System Log Send SMS T o configure th[...]

  • Page 108

    Log Sys tem Log 108 Cisco Small Busines s RV320/R V325 Administration Guide 10 Configure ema il Notification T o configure E-mail notification, check En able and complete the f ollowing : • Mail S er ver —Name or IP addr es s of the mail ser ver . • Authentication —Mail ser ver login authentication type. - None — Without any authenticatio[...]

  • Page 109

    Lo g Syst em Log Cisco Small Busines s RV320/RV 325 Administration Guide 109 10 Configure the Logs T o trigger log entries, select the events: • Syn Flo oding —T C P c o n n e c t i o n s r e q u e s t s a r e b e i n g r e c e i v e d f a s t e r t h a n t h e device can proces s them. • IP Spo ofing —IP packets with appar ently f orge d s[...]

  • Page 110

    Log Syst em Sta tistics 110 Cisco Small Busines s RV320/R V325 Administration Guide 10 Additional Information (Log Buttons) If the web browser displa ys a warning about the p op-up window , allow the blocked content . Click Re fresh to u p da te th e da t a. Click the f ollowing but tons t o view additional inf ormation: • View System Log— V ie[...]

  • Page 111

    11 Cisco Small Busines s RV320/RV 325 Administration Guide 111 S SL VPN A SS L VPN (Secure Sockets La yer virtual private network) allows users to establish a se cur e, remote-acces s VPN tunnel t o this devic e by using a web browser . Users do not nee d a soft ware o r hardwar e client preinstalled on their computers. S SL VPN provides secure, ea[...]

  • Page 112

    SSL VPN Sta tus 112 Cisco Small Busines s RV320/R V325 Administration Guide 11 Status Pr ovides the status of the SS L VPN tunnels . A user can be logge d out from this window . T o open this page, s elect SSL VP N > Status in the na vigation tree. The SS L Status T able displays: • User —Name o f the user . • Group —As sociated gr oup. [...]

  • Page 113

    SSL VPN Group M ana geme nt Cisco Small Busines s RV320/RV 325 Administration Guide 113 11 Delete a Group T o delet e a gr oup, click the name of the group that y ou want t o remov e in the SSL Status table and click De le te . If us ers belong to only one group, when an administrat or deletes the gr oup, the corresponding us ers are delet ed autom[...]

  • Page 114

    SSL VPN Gr oup Management 114 Cisco Small Busines s RV320/R V325 Administration Guide 11 • My De sktop —Enables RDP5 and VNC. Remote Desktop Pr otocol Client Enhancements ( RDP5 ) ActiveX bo okmarks now suppor t advanced Windows options f or resource mapping, with options to r e dir e ct drives, re di rec t p ri nte rs , re di re ct po r t s , [...]

  • Page 115

    SSL VPN Reso ur c e Management Cisco Small Busines s RV320/RV 325 Administration Guide 115 11 Re s our c e Management SS L VPN suppor ts c ommon Micr o soft terminal ser vic es including W ord, Excel, Po werPoint, Ac ces s, Outlo ok , Int ernet Explor er , FrontP age, and ERP . F or each t erminal ser vice to be made a vailable to users, c onfigur [...]

  • Page 116

    SSL VPN Advanc ed S etting 116 Cisco Small Busines s RV320/R V325 Administration Guide 11 Advanc e d S et ting Advance d SS L VPN set tings limit the ra nge of IP addres s that can acce ss ser vic es, change the ser vice p ort , or modif y the banners. T o open this page, s elect SSL VP N > Advan c ed Set ti ng in the navigation tree. T o modify[...]

  • Page 117

    12 Cisco Small Busines s RV320/RV 325 Administration Guide 117 Wizar d From the W izard page, you can launch the Basic Setup wizard that guides you through the pr o ces s of initial configuratio n of the device. The Acc es s Rule wizar d guides you through the pr oc es s of configuring the securit y policy f or the net work . T o open this page, se[...]

  • Page 118

    Wizard Acces s R ule Se tu p 118 Cisco Small Busines s RV320/R V325 Administration Guide 12[...]

  • Page 119

    13 Cisco Small Busines s RV320/RV 325 Administration Guide 119 Us er Man agement User management c ontr ols domain and user acc ess , primarily use d f or PPTP , Cisco VPN Client (als o known as EasyVPN), and S SL VPN. T o open this page, select User Man agement in the na vigation tree. T o add (or modify) a domain: STEP 1 Click Add (or s elect an [...]

  • Page 120

    User Manageme nt 120 Cisco Small Busines s RV320/R V325 Administration Guide 13 • LDAP —Lightweight Director y Acces s Prot o col. - Dom ai n —Domain name users s elect to log int o the SS L VPN por tal. - LDAP Ser ver Addre ss —IP v 4 addres s of the LD AP ser v er . - LDAP Bas e DN —Sear ch bas e f or LDAP queries. An example of a searc[...]

  • Page 121

    14 Cisco Small Busines s RV320/RV 325 Administration Guide 121 Wher e to Go F rom Her e Suppor t Cisco Small Busine ss Suppor t Communit y w w w .cisco.com/ go/ smallbizsuppor t Online T echnical Suppor t and Documentation (Login Required) w ww .cisco.com/ suppor t Phone Suppor t Contacts w w w .cisco.com/ en/US/ suppor t / tsd_cis co_small_ busine[...]

  • Page 122

    Where to Go From Here 122 Cisco Small Busines s RV320/R V325 Administration Guide 14 Cisco and the Cisco logo are trademarks or regist ered trademarks of Cisco and/or its affiliates in the U.S. an d other countries . To view a list of Cisco trademarks, go t o this URL: www. cisc o.com/ go/tr adema rks . Th ird-party trademarks mentioned are the pro[...]