Cisco RV120W, Administration Manual

Page 1: ...Cisco Small Business RV120W Wireless N VPN Firewall ADMINISTRATION GUIDE ...

Page 2: ...stems Inc and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R ...

Page 3: ...and Administration 3 Getting to Know the Cisco RV120W 4 Front Panel 4 Back Panel 5 Mounting the Cisco RV120W 6 Installation Guidelines 6 Wall Mounting 6 Connecting the Equipment 8 Setting Up the Cisco RV120W Using the Setup Wizard 12 Using the Getting Started Page 13 Initial Settings 14 Quick Access 14 Device Status 15 Other Resources 15 Navigating through the Pages 15 Saving Your Changes 17 Viewi...

Page 4: ...cal Network Settings 27 Configuring the Host Name 27 Configuring the IP Address 27 Configuring DHCP 28 Configuring the DNS Proxy 29 Configuring Virtual LAN VLAN Membership 30 Enabling VLANs 30 Creating a VLAN 30 Configuring Multiple VLAN Subnets 31 Configuring Static DHCP 32 Configuring Advanced DHCP Settings 33 Configuring Automatic Configuration Download 33 Adding a DHCP Client to Configuration ...

Page 5: ...Configuring Router Advertisement 49 Configuring Router Advertisement Prefixes 50 Chapter 3 Configuring the Wireless Network 51 A Note About Wireless Security 51 Wireless Security Tips 52 General Network Security Guidelines 53 Understanding the Cisco RV120W s Wireless Networks 54 Configuring Basic Wireless Settings 54 Configuring Radio Mode and Channel Settings 54 Configuring Wireless Security and ...

Page 6: ... Port Forwarding 76 Configuring a DMZ Host 80 Configuring Advanced Firewall Settings 80 Configuring One to One Network Address Translation NAT 80 Configuring MAC Address Filtering 81 Configuring IP MAC Address Binding 82 Creating Custom Services 83 Creating Firewall Schedules 84 Configuring Sessions 84 Configuring Internet Group Management Protocol IGMP 85 Configuring LAN Local Network Groups 86 E...

Page 7: ...07 Generating New Certificates 108 Importing a Certificate from a File 108 Exporting the Router s Current Certificate 109 Using the Cisco RV120W With a RADIUS Server 109 Configuring 802 1x Port Based Authentication 110 Chapter 6 Configuring Quality of Service QoS 112 Configuring WAN QoS Profiles 112 Configuring Profile Binding 114 Configuring CoS Settings 115 Mapping CoS Settings to DSCP Values 11...

Page 8: ...6 Configuring Logging 126 Configuring Logging Policies 127 Configuring Firewall Logs 127 Configuring Remote Logging 128 Configuring Email Logging 129 Configuring the Discovery Settings 130 Configuring Bonjour 130 Configuring UPnP 131 Configuring Time Settings 132 Backing Up and Restoring the System 132 Upgrading Firmware 134 Rebooting the Cisco RV120W 134 Restoring the Factory Defaults 135 Chapter...

Page 9: ...ort Statistics 148 Viewing Open Ports 149 Appendix A Using Cisco QuickVPN for Windows 7 2000 XP or Vista 150 Overview 150 Before You Begin 150 Installing the Cisco QuickVPN Software 151 Installing from the CD ROM 151 Downloading and Installing from the Internet 151 Using the Cisco QuickVPN Software 152 Appendix B Where to Go From Here 154 ...

Page 10: ...gating through the Pages page 15 Saving Your Changes page 17 Viewing the Help Files page 18 Connecting Devices to Your Wireless Network page 18 Product Overview Thank you for choosing the Cisco Small Business RV120W Wireless N VPN Firewall The Cisco RV120W is an advanced Internet sharing network solution for your small business needs It allows multiple computers in your office to share an Internet...

Page 11: ...obile or remote workers and branch offices The Cisco RV120W supports up to ten gateway to gateway IP Security IPsec tunnels to facilitate branch office connectivity through encrypted virtual links Users connecting through a VPN tunnel are attached to your company s network with secure access to files e mail and your intranet as if they were in the building You can also use the VPN capability to al...

Page 12: ...d Wi Fi Multimedia Power Save WMM PS for wireless Quality of Service QoS It supports 802 1p Differentiated Services Code Point DSCP and Type of Service ToS for wired QoS which can improve the quality of your network when using delay sensitive Voice over IP VoIP applications and bandwidth intensive video streaming applications Configuration and Administration With the Cisco RV120W s embedded web se...

Page 13: ...e is connected to your cable or DSL modem The LED flashes green when the device is sending or receiving data over the WAN port WIRELESS The Wireless LED lights up green when the wireless module is enabled The LED is off when the wireless module is disabled The LED flashes green when the device is transmitting or receiving data on the wireless module LAN These four LEDs correspond to the four LAN E...

Page 14: ...oblems with the Cisco RV120W and have tried all other troubleshooting measures press and hold in the RESET button for 10 seconds This will restore the factory defaults and clear all of the Cisco RV120W settings LAN Ports 1 4 These ports provide a LAN connection to network devices such as PCs print servers or additional switches WAN Port The WAN port is connected to your Internet device such as a c...

Page 15: ... horizontally on a flat surface so that it sits on its four rubber feet Wall Mounting STEP 1 Determine where you want to mount the device and install two screws not supplied that are 2 7 16 in apart approximately 61 mm Mounting screws should have a head that is approximately 5 5 mm in diameter and 2 mm deep with a shaft that is at least15 5 mm long and approximately 3 5 mm wide Your wall may requi...

Page 16: ...troduction Mounting the Cisco RV120W Cisco RV120W Administration Guide 7 1 STEP 3 Place the wall mount slots over the screws and slide the device down until the screws fit snugly into the wall mount slots ...

Page 17: ...Setup Wizard or the Device Manager The Setup Wizard is supported on Microsoft Windows 2000 Windows XP Windows Vista and Windows 7 The Device Manager is supported on the following web browsers Microsoft Internet Explorer 6 0 and later Mozilla Firefox 3 0 and later Apple Safari 3 0 or later Ethernet cable provided to connect the firewall to a PC for configuration Optional Uninterruptible Power Suppl...

Page 18: ...de 9 1 To connect your firewall to the Internet STEP 1 Power off all equipment including the cable or DSL modem the PC you will use to connect to the RV120W and the RV120W STEP 2 Use an Ethernet cable to connect the WAN port of the Cisco RV120W to your cable or DSL modem ...

Page 19: ...onnect one end of a different Ethernet cable to one of the LAN Ethernet ports on the back of the RV120W In this example the LAN 2 port is used Connect the other end of the cable to an Ethernet port on the PC STEP 4 Power on the cable or DSL modem and wait until the connection is active ...

Page 20: ...er adapter to the Cisco RV120W power port 12VDC CAUTION Use only the power adapter that is supplied with the device Using a different power adapter could damage the device STEP 6 Plug the other end of the adapter into an electrical outlet You may need to use a specific plug supplied for your country ...

Page 21: ...RV120W powered on and connected to a PC use the Setup Wizard to configure the Cisco RV120W To use the Setup Wizard STEP 1 Start the PC connected to the RV120W Your computer becomes a DHCP client of the RV120W and receives an IP address in the 192 168 1 xxx range STEP 2 Launch a web browser and enter 192 168 1 1 in the Address field This is the default IP address of the RV120W STEP 3 When the login...

Page 22: ... To protect your firewall from unauthorized access create a new password that is hard to figure out by others While you are entering the password the Setup Wizard provides you with instant feedback regarding the strength of the password After the Setup Wizard is done configuring the RV120W the Getting Started page appears See Using the Getting Started Page page13 for more information Using the Get...

Page 23: ...tings page 27 Configure Wireless Settings Click this link to open the Basic Settings page See Configuring Basic Wireless Settings page 54 Add VPN Clients See Configuring VPN Users page 105 Upgrade Device Firmware Click this link to open the Firmware Upgrade page See Upgrading Firmware page134 Backup Restore Settings Click this link to open the Backup and Restore page See Backing Up and Restoring t...

Page 24: ...ee Viewing the Dashboard page 136 System Summary Click this link to open the System Summary page See Viewing the System Summary page 139 Wireless Status Click this link to open the Wireless Statistics page See Viewing the Wireless Statistics page 142 VPN Status Click this link to open the IPsec Connection Status page See IPsec Connection Status page143 Support Click this link to open Cisco s suppo...

Page 25: ...duction Navigating through the Pages Cisco RV120W Administration Guide 16 1 Click a menu item on the left panel to expand it Click the menu names displayed underneath to perform an action or view a sub menu ...

Page 26: ...uction Saving Your Changes Cisco RV120W Administration Guide 17 1 Saving Your Changes When you finish making changes on a configuration page click Save to save the changes or click Cancel to undo your changes ...

Page 27: ...ight corner of the page Connecting Devices to Your Wireless Network To connect a device such as a PC or printer to your wireless network you must configure the wireless connection on the device using the security information you configured for the Cisco RV120W Network name or Service Set Identifier SSID The default SSID is ciscosb 1 If applicable the encryption type and security key ...

Page 28: ...nfiguring Routing page 34 Configuring Port Management page 40 Configuring Dynamic DNS DDNS page 40 Configuring IPv6 page 42 NOTE Cisco recommends you use the Setup Wizard to configure basic networking on the Cisco RV120W You can then make changes and provision advanced features using the Device Manager Configuring the WAN Internet Settings If you have an IPv4 network use these sections to configur...

Page 29: ...g Static IP page 21 Configuring PPPoE page 21 Configuring PPTP page 22 Configuring L2TP page 23 Configuring Automatic Configuration DHCP If your Internet Service Provider ISP uses the Dynamic Host Configuration Protocol DHCP to assign you an IP address you receive a dynamic IP address from your ISP To configure DHCP WAN settings STEP 1 Choose Networking WAN Internet IPv4 WAN Internet STEP 2 From t...

Page 30: ...et PPPoE connection to the Internet STEP 1 Choose Networking WAN Internet IPv4 WAN Internet STEP 2 From the Internet Connection Type drop down menu choose PPPoE STEP 3 From the PPPoE Profile Name drop down menu choose a PPPoE profile If no profile is listed click Configure Profile to create a new profile To see the details of available profiles choose Networking WAN Internet PPPoE Profiles See Con...

Page 31: ...ISP Password Enter your password assigned to you by the ISP MPPE Encryption If your ISP supports Microsoft Point to Point Encryption MPPE check to enable MPPE encryption Connection Type Choose the connection type Keep connected The Internet connection is always on Idle Time The Internet connection is on only when traffic is present If the connection is idle that is no traffic is occurring the conn...

Page 32: ...r password assigned to you by the ISP Secret Optional Enter your secret phrase This phrase is known to you and your ISP for use in authenticating your logon Connection Type Choose the connection type Keep connected The Internet connection is always on Idle Time The Internet connection is on only when traffic is present If the connection is idle that is no traffic is occurring the connection is clo...

Page 33: ...nfigure the MTU settings STEP 1 Choose Networking Choose Networking WAN Internet IPv4 WAN Internet STEP 2 Choose the MTU type Default Unless a change is required by your ISP we recommend that you choose Default in the MTU Type field The default MTU size is 1500 bytes Custom If your ISP requires a custom MTU setting choose Custom and enter the MTU size in the MTU Size field STEP 3 Click Save Config...

Page 34: ... want to use the MAC address of the PC on which you are connecting to the Device Manager STEP 3 Click Save Configuring PPPoE Profiles If you have a PPPoE connection to the Internet you can create profiles for multiple PPPoE accounts This can be useful if you connect to the Internet using different service provider accounts STEP 1 Choose Networking WAN Internet PPPoE Profiles STEP 2 Click Add to cr...

Page 35: ... RV120W uses the Password Authentication Protocol PAP to connect to the ISP CHAP The Cisco RV120W uses the Challenge Handshake Authentication Protocol CHAP when connecting with the ISP MS CHAP or MS CHAPv2 The Cisco RV120W uses Microsoft Challenge Handshake Authentication Protocol when connecting with the ISP Connection Type Choose the connection type Keep connected The Internet connection is alwa...

Page 36: ...host name of the Cisco RV120W STEP 1 Choose Networking LAN Local Network IPv4 LAN Local Network STEP 2 In the Host Name field enter the host name of the Cisco RV120W You can use only alpha numeric characters and the hyphen The default hostname for example router9BA120 consists of the word router followed by the last 3 bytes of firewall s LAN MAC address in Hex decimal form This format allows the F...

Page 37: ...RV120W s IP address to 10 0 0 1 assign your PC an IP address in the range of 10 0 0 2 to 10 0 0 254 STEP 5 Open a new browser window and enter the new IP address of the Cisco RV120W to reconnect Configuring DHCP By default the Cisco RV120W functions as a DHCP server to the hosts on the Wireless LAN WLAN or LAN network and assigns IP and DNS server addresses With DHCP enabled the firewall s IP addr...

Page 38: ... IP address pool Any new DHCP client joining the LAN is assigned an IP address in this range You can save part of the range for PCs with fixed addresses These addresses should be in the same IP address subnet as the Cisco RV120W s LAN IP address Primary DNS Server Secondary DNS Server DNS servers map Internet domain names for example www cisco com to IP addresses Enter the server IP addresses in t...

Page 39: ... the physical location of the equipment or users Enabling VLANs STEP 1 Choose Networking LAN Local Network VLAN Membership STEP 2 Check the Enable box STEP 3 Click Save Underneath the Enable VLAN field The VLAN Membership Table is shown This shows available VLANs including the VLAN ID description ports and whether inter VLAN routing is enabled or not for each configured VLAN Creating a VLAN You ca...

Page 40: ...necting to end devices like printers and workstations STEP 8 Click Save Configuring Multiple VLAN Subnets When you create a VLAN a subnet is created automatically for the VLAN You can then further configure the VLAN properties such as the IP address and DHCP behavior To edit a VLAN STEP 1 Choose Networking LAN Multiple VLAN Subnets The list of subnets appears STEP 2 Check the box next to the VLAN ...

Page 41: ...NS servers map Internet domain names for example www cisco com to IP addresses Enter the server IP addresses in these fields if you want to use different DNS servers than are specified in your WAN settings Lease time Enter the duration in hours for which IP addresses are leased to clients DHCP Relay Choose this if you are using a DHCP relay gateway The relay gateway transmits DHCP messages between...

Page 42: ...ved IP address when the device using the corresponding MAC address requests an IP address STEP 5 Click Save Configuring Advanced DHCP Settings Configuring Automatic Configuration Download You can configure the Cisco RV120W to download a configuration file from a TFTP server Upon rebooting the firewall downloads the file To configure automatic configuration download STEP 1 Choose Networking LAN Loc...

Page 43: ... of the endpoint is also displayed STEP 1 Choose Networking LAN DHCP Leased Clients LAN STEP 2 The list of endpoints is displayed you cannot edit this list Configuring Routing Choosing the Routing Mode The Cisco RV120W provides two different routing modes Network Address Translation NAT or gateway routing is a technique that allows several endpoints on a LAN to share an Internet connection The com...

Page 44: ...g to configure STEP 3 Click Save NOTE If you have already configured DMZ or firewall settings on your firewall in gateway NAT mode selecting router changes those settings back to the default Viewing Routing Information To view routing information your network STEP 1 Choose Networking Routing Routing Table STEP 2 Next to the type of network you have click Display Information about your network rout...

Page 45: ...oute cache misses F or hits C Interface Interface to which packets for this route will be sent Type Type of routing used RIP or static IPv6 Routing Table Destination Destination host network IP address for which this route is added Next Hop IP address of an adjacent or intermediate host or router through which traffic must flow before reaching its ultimate destination Flags For debugging purpose o...

Page 46: ...ynamic routes Be careful not to introduce routing loops in your network To create a static route STEP 1 Select Networking Routing Static Routes STEP 2 In the Static Route Table click Add STEP 3 In the Route Name field enter the name of the route STEP 4 If a route is to be immediately active check the Active check box When a route is added in an inactive state it will be listed in the routing table...

Page 47: ...a value between 2 and 15 to define the priority of the route If multiple routes to the same destination exist the route with the lowest metric is chosen STEP 11 Click Save Configuring Dynamic Routing RIP Routing Information Protocol RFC 2453 is an Interior Gateway Protocol IGP that is commonly used in internal networks It allows the Cisco RV120W to exchange its routing information automatically wi...

Page 48: ...ty feature because routes are exchanged only with trusted routers in the network RIP authentication is disabled by default You can enter two key parameters so that routes can be exchanged with multiple routers present in the network The second key also acts as a failsafe when authorization with first key fails To enable authentication for RIP 2B or RIP 2M check the Enable box You must also choose ...

Page 49: ...r half or full duplex based on the port support The default is full duplex for all ports This setting is available only when the Auto check box is unchecked STEP 6 Optional Select one of the following port speeds 10 Mbps or 100 Mbps The default setting is 100 Mbps for all ports This setting is available only when the Auto check box is unchecked You can change the port speed if a network is designe...

Page 50: ...box to enable the wildcards feature which allows all subdomains of your DynDNS Host Name to share the same public IP as the Host Name This option can be enabled here if not done on the DynDNS Web site e In the Update Period field enter the number of hours before the Cisco RV120W updates the host information on DynDNS com If you selected TZO com a Specify the complete Host Name and Domain Name for ...

Page 51: ...RV120W can be configured to be a DHCPv6 client of the ISP for this WAN or a static IPv6 address provided by the ISP can be assigned Configuring DHCPv6 When the ISP allows you to obtain the WAN IP settings via DHCP you need to provide details for the DHCPv6 client configuration STEP 1 Choose IPv6 IPv6 WAN Internet STEP 2 In the WAN Internet Address IPv6 field choose DHCPv6 STEP 3 Choose if the DHCP...

Page 52: ...the default IPv6 gateway address or the IP address of the server at the ISP that this firewall will connect to for accessing the internet STEP 6 Enter the primary and secondary DNS server IP addresses on the ISP s IPv6 network DNS servers map Internet domain names for example www cisco com to IP addresses STEP 7 Click Save Configuring IPv6 LAN Properties In IPv6 mode the LAN DHCP server is enabled...

Page 53: ...ely on an external DHCPv6 server to provide required configuration settings STEP 6 Optional Enter the domain name of the DHCPv6 server STEP 7 Enter the server preference This field is used to indicate the preference level of this DHCP server DHCP advertise messages with the highest server preference value to a LAN host are preferred over other DHCP server advertise messages The default is 255 STEP...

Page 54: ...IPv6 Routing To configure IPv6 routing see the following sections Configuring Dynamic Routing RIPng RFC 2080 is a routing protocol based on the distance vector D V algorithm RIPng uses UDP packets to exchange routing information through port 521 RIPng uses a hop count to measure the distance to a destination The hop count is referred to as metric or cost The hop count from a router to a directly c...

Page 55: ...troduce routing loops in your network To create a static route STEP 1 Select Networking IPv6 Routing STEP 2 In the list of static routes click Add STEP 3 Enter the route name STEP 4 If a route is to be immediately active check the Active box When a route is added in an inactive state it will be listed in the routing table but will not be used by the firewall The route can be enabled later This fea...

Page 56: ...Tunneling The Cisco RV120W provides several IPv6 tunneling methods 6to4 tunneling allows IPv6 packets to be transmitted over an IPv4 network 6to4 tunneling is typically used when a site or end user wants to connect to the IPv6 Internet using the existing IPv4 network NOTE You must use static routes when tunneling See Configuring Static Routing page 46 To configure 6to4 Tunneling STEP 1 Select Netw...

Page 57: ...ble click Add STEP 3 Enter the tunnel name STEP 4 Choose the local endpoint address or the endpoint address for the tunnel that starts with the Cisco RV120W The endpoint can be the LAN interface if the LAN is configured as an IPv4 network or another LAN IPv4 address STEP 5 If you chose Other IP in Step 4 enter the IPv4 address of the endpoint STEP 6 Enter the ISATAP subnet prefix This is the 64 bi...

Page 58: ...ly Select this option to restrict advertisements to well known IPv6 addresses only router advertisements RAs are sent to the interface belonging to the known address only STEP 4 If you chose Unsolicited Multicast in Step 3 enter the advertise interval The advertise interval is a random value between the Minimum Router Advertisement Interval and Maximum Router Advertisement Interval MinRtrAdvInterv...

Page 59: ... 6to4 is a system that allows IPv6 packets to be transmitted over an IPv4 network It is used when an end user wants to connect to the IPv6 Internet using their existing IPv4 connection Global Local ISATAP By using ISATAP you can integrate IPv6 traffic into a IPv4 network environment ISATAP uses a locally assigned IPv4 address to create a 64 bit interface identifier for IPv6 STEP 4 If you chose 6to...

Page 60: ...g a Wireless Distribution System WDS page 63 A Note About Wireless Security Wireless networks are convenient and easy to install so small businesses with high speed Internet access are adopting them at a rapid pace Because wireless networking operates by sending information over radio waves it can be more vulnerable to intruders than a traditional wired network Like signals from your cellular or c...

Page 61: ... see when browsing for wireless networks Change the default password For wireless products such as access points routers and gateways you will be asked for a password when you want to change their settings These devices have a default password set by the factory The default password is often admin Hackers know these defaults and may try to use them to access your wireless device and change your ne...

Page 62: ...standard and may be the only option available on some older devices that do not support WPA Keep wireless routers access points or gateways away from exterior walls and windows Turn wireless routers access points or gateways off when they are not being used at night during vacations Use strong passphrases that are at least eight characters in length Combine letters and numbers to avoid using stand...

Page 63: ...ings STEP 2 In the Radio field choose Enable to enable wireless functionality for the Cisco RV120W Choosing Disable turns off wireless functionality for the firewall STEP 3 In the Wireless Network Mode field choose the type of wireless network based on the devices you have that will connect to the network B G Mixed Select this mode if you have devices in the network that support 802 11b and 802 11...

Page 64: ...her settings for each wireless network To configure wireless settings STEP 1 Choose Wireless Basic Settings STEP 2 In the Wireless Basic Settings Table check the box on the left of the wireless network you want to configure STEP 3 Click Edit to configure these network properties a Enter the SSID name or the unique name for this wireless network Include up to 32 characters using any of the characte...

Page 65: ...y Mode to configure security STEP 4 Select the SSID to configure STEP 5 Click Enable under Wireless Isolation within SSID to separate this network from the other three wireless networks on the Cisco RV120W When this feature is enabled the network can communicate with the Cisco RV120W but not with any of the other three networks STEP 6 In the Security field select the type of security All devices o...

Page 66: ...2 Enterprise AES STEP 7 If you chose WEP a In the Authentication field choose Open System or Shared Key If you choose Open System a wireless client doesn t need to provide a shared key in order to access the wireless network Any client can associate to the router If you choose Shared Key a wireless client must provide the correct shared key password in order to access the wireless network b Select...

Page 67: ...e WPA Enterprise or WPA2 Enterprise Mixed no further configuration is required If you chose WPA2 Enterprise you can check the Pre Authentication box optional Pre authentication allows wireless clients to quickly switch between connected wireless networks sharing the same security configuration When a wireless client disconnects from a wireless network a notification is sent to the network which th...

Page 68: ...pes of traffic You can configure QoS settings to provide different priority to different applications users or data flows or to guarantee a certain level of performance to a data flow To configure WMM STEP 1 Choose Wireless Basic Settings STEP 2 In the Wireless Basic Settings Table check the box on the left of the wireless network you want to configure STEP 3 Click Edit WMM STEP 4 In the SSID fiel...

Page 69: ...If you want to change the output queue for packets marked with a particular DSCP select the new output queue from the drop down list STEP 7 Click Save Configuring Wireless Network SSID Scheduling You can configure each of the four available wireless networks on the Cisco RV120W to be active during certain times of the day To configure the schedule for a wireless network STEP 1 Choose Wireless Basi...

Page 70: ...g more of the available bandwidth reducing the apparent throughput of the network packets The default value is 2346 which effectively disables RTS STEP 5 The Fragmentation Threshold is the maximum length of the frame in bytes beyond which packets must be fragmented into two or more frames Collisions occur more often for long frames because while sending them they occupy the channel for a longer ti...

Page 71: ...ong and short frames of a size less than or equal to the RTS threshold STEP 9 Click Save Configuring Wi Fi Protected Setup You can configure Wi Fi Protected Setup WPS on the Cisco RV120W to allow WPS enabled devices to more easily connect to the wireless network STEP 1 Choose Wireless WPS STEP 2 In the VAP field select the wireless network on which you want to enable WPS The network must use WPA W...

Page 72: ...W Setup Using a WPS Button If the device you want to connect has a WPS button push the button on the device Then on the Cisco RV120W click Configure via PBC push button configuration Configuring a Wireless Distribution System WDS A Wireless Distribution System WDS is a system that enables the wireless interconnection of access points in a network It allows a wireless network to be expanded using m...

Page 73: ... Wireless Distribution System WDS Cisco RV120W Administration Guide 64 3 You can manually add WDS peers that can connect to the Cisco RV120W STEP 1 In the WDS Peer Table click Add STEP 2 Enter the MAC hardware address of the WDS peer and click Save ...

Page 74: ...onfiguring a DMZ Host page 80 Configuring Advanced Firewall Settings page 80 Firewall Configuration Examples page 87 Cisco RV120W Firewall Features You can secure your network by creating and applying access rules that the Cisco RV120W uses to selectively block and allow inbound and outbound Internet traffic You then specify how and to what devices the rules apply You can configure the following S...

Page 75: ...tively allowing only specific outside users to access specific local resources By default all access from the insecure WAN side is blocked from accessing the secure LAN except in response to requests from the LAN or DMZ To allow outside devices to access services on the secure LAN you must create a firewall rule for each service If you want to allow incoming traffic you must make the router s WAN ...

Page 76: ...rewall rules that you have configured For example you may have specific firewall rules restricting outbound instant messaging and video traffic but all other traffic would be permitted if you choose allow as the default outbound policy To configure the default outbound policy STEP 1 Choose Firewall Access Rules STEP 2 Under Default Outbound Policy choose Allow or Block Allow permits traffic from y...

Page 77: ...ee Creating Firewall Schedules page 84 STEP 5 Choose the service to allow or block for this rule Choose Any Traffic to allow the rule to apply to all applications and services or you can choose a single application to block AIM AOL Instant Messenger BGP Border Gateway Control BOOTP_CLIENT Bootstrap Protocol client BOOTP_SERVER Bootstrap Protocol server CU SEEME videoconferencing UDP or TCP DNS Dom...

Page 78: ...cure Shell File Transfer Protocol SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol TCP or UDP SNMP TRAPS TCP or UDP SQL NET Structured Query Language SSH TCP or UDP STRMWORKS TACACS Terminal Access Controller Access Control System TELNET command TFTP Trivial File Transfer Protocol RIP Routing Information Protocol IKE SHTTPD Simple HTTPD web server IPSEC UDP ENCAP UDP Enca...

Page 79: ...iple public IP addresses are supported If your ISP assigns you more than one public IP address one of these can be used as your primary IP address on the WAN port and the others can be assigned to servers on the LAN In this way the LAN can be accessed from the internet by its aliased public IP address Check the Enable box and enter the IP address you want to use c Under Rule Status choose Enabled ...

Page 80: ...k services from running normally ICMP packet flooding SYN traffic flooding and Echo storm thresholds can be configured to temporarily suspend traffic from the offending source To configure attack prevention STEP 1 Choose Firewall Attack Prevention STEP 2 Check the boxes to enable the following functions WAN Internet Security Checks Respond to Ping on WAN Internet To configure the Cisco RV120W to a...

Page 81: ...Packets ICSA requires the firewall to block fragmented packets from ANY to ANY Enabled by default Block Multicast Packets ICSA requires the firewall to block multicast packets Enabled by default STEP 3 Click Save Configuring Content Filtering The Cisco RV120W supports several content filtering options You can block certain web applications or components such as ActiveX or Java You can set up trust...

Page 82: ... blocks proxy servers Java Blocks java applets from being downloaded from pages that contain them Java applets are small programs embedded in web pages that enable dynamic functionality of the page A malicious applet can be used to compromise or infect computers Enabling this setting blocks Java applets from being downloaded ActiveX Similar to Java applets ActiveX controls are installed on a Windo...

Page 83: ...se Firewall Content Filtering The Trusted Domain Table displays a list of currently configured trusted domains STEP 2 Click Add and enter the name of the trusted domain STEP 3 Click Save Configuring URL Blocking You can block access to websites that contain specific keywords in the URL or page contents To configure URL blocking STEP 1 Choose Firewall URL Blocking The table displays currently block...

Page 84: ...OTE Port triggering is not appropriate for servers on the LAN since there is a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when external devices connect to them they receive data on a specific port or range of ports in order to function properly The router must send all incoming data for that application only on the req...

Page 85: ...stom service and associated ports to forward The Port Forwarding Rule Table lists all the available port forwarding rules for this device and allows you to configure port forwarding rules The table contains the following information Action Whether to block or allow traffic always or by schedule that meets these filter rules and when the rule is applicable Service Service for which this port forwar...

Page 86: ...ule Allows the selected type of traffic according to a schedule Choose the schedule from the drop down list See Creating Firewall Schedules page 84 STEP 4 Under Service select one of the common or custom services defined for this device AIM AOL Instant Messenger BGP Border Gateway Control BOOTP_CLIENT Bootstrap Protocol client BOOTP_SERVER Bootstrap Protocol server CU SEEME videoconferencing UDP o...

Page 87: ...T Remote telnet RTSP Real Time Streaming Protocol TCP or UDP SFTP Secure Shell File Transfer Protocol SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol TCP or UDP SNMP TRAPS TCP or UDP SQL NET Structured Query Language SSH TCP or UDP STRMWORKS TACACS Terminal Access Controller Access Control System TELNET command TFTP Trivial File Transfer Protocol RIP Routing Information ...

Page 88: ...rt field If you chose Address Range in Step 6 enter the starting IP address of the range in the Start field and the ending IP address of the range in the Finish field STEP 7 If you chose Always Allow Block by Schedule or Allow by Schedule in Step 3 a Enter the Destination IP address or the address where traffic meeting the rule should be sent b In the Forward from Port field choose Same as Incomin...

Page 89: ...should be given an IP address in the same subnet as the router s LAN IP address but it cannot be identical to the IP address given to the LAN interface of this gateway STEP 1 Choose Firewall DMZ Host STEP 2 Check the Enable box to enable DMZ on the network STEP 3 Enter the IP address for the endpoint that will receive the redirected packets This is the DMZ host STEP 4 Click Save You must then conf...

Page 90: ...e on the corresponding public IP address To add a one to one NAT rule STEP 1 Choose Firewall Advanced Settings One to One NAT STEP 2 Click Add STEP 3 Enter information in the following fields Private Range Begin The starting IP address in the private LAN IP address Public Range Begin The starting IP address in the public WAN IP address Range Length Range length maps one to one private address to p...

Page 91: ...ost2 If the host1 MAC address is added to the MAC filtering list and the block and allow the rest policy is chosen when this computer tries to connect to a website the router will not allow it to connect However host2 is able to connect because its MAC address is not in the list If the policy is allow and block the rest then host1 is able to connect to a website but host2 is blocked because its UR...

Page 92: ... the rule Common types of services are available for selection and you can create your own custom services This page allows creation of custom services against which firewall rules can be defined Once defined the new service will appear in the List of Available Custom Services table To create a custom service STEP 1 Choose Firewall Advanced Settings Custom Services STEP 2 Click Add STEP 3 Enter a ...

Page 93: ... you create access or port forwarding rules STEP 4 Under Time check All Day if you want the schedule to apply to the entire day Leave the box unchecked if you want it to only apply to certain hours of the day and enter the specific start and end times selecting a m or p m STEP 5 Under Repeat check Everyday to apply the schedule to all the days of the week Leave the box unchecked if you want it to ...

Page 94: ...Duration field enter the time in seconds after which inactive UDP sessions are removed from the session table This value ranges from 0 through 4 294 967 seconds The default is 120 seconds 2 minutes STEP 6 In the Other Session Timeout Duration seconds field enter the time in seconds after which inactive non TCP UDP sessions are removed from the session table This value ranges from 0 through 4 294 9...

Page 95: ...ss from which the multicast packets originate Mask Length Mask Length for the network address In this table you can perform the following actions Check Box Select all the allowed networks in the table Delete Deletes the selected allowed network or allowed networks Add Opens the Allowed Network Configuration page to add a new network Edit Opens the Allowed Network Configuration page to edit the sel...

Page 96: ...ession Initiation Protocol Application Level Gateway SIP ALG SIP ALG can rewrite information within SIP messages SIP headers and SDP body making signaling and audio traffic possible between a client behind Network Address Translation NAT and the SIP endpoint To enable SIP ALG STEP 1 Choose Firewall Advanced Settings SIP ALG STEP 2 Check the Enable box to enable SIP ALG support If disabled the rout...

Page 97: ...177 88 254 from a branch office Create an inbound rule as follows In the example CUSeeMe connections are allowed only from a specified range of external IP addresses Parameter Value Connection Type Inbound Action Always Allow Service HTTP Source IP Any Send to Local Server DNAT IP 192 168 5 2 web server IP address Rule Status Enabled Parameter Value Connection Type Inbound Action Always Allow Serv...

Page 98: ...sses to map to servers on your LAN One of these public IP addresses is used as the primary IP address of the router This address is used to provide Internet access to your LAN PCs through NAT The other addresses are available to map to your DMZ servers The following addressing scheme is used to illustrate this procedure WAN IP address 10 1 0 118 LAN IP address 192 168 1 1 subnet 255 255 255 0 Web ...

Page 99: ... the Network from the WAN i e all remote users STEP 1 Setup a schedule Choose Firewall Advanced Settings Schedules STEP 2 Click Add STEP 3 Enter the schedule name for example Weekend STEP 4 Under Time check All Day STEP 5 Under Repeat leave Everyday unchecked STEP 6 Check Saturday and Sunday STEP 7 Click Save Create an outbound access rule with the following parameters Parameter Value Connection T...

Page 100: ...on Examples Cisco RV120W Administration Guide 91 4 Create an inbound access rule with the following parameters Parameter Value Connection Type Inbound Action Block by Schedule Schedule Weekend Service All Traffic Source IP Any Rule Status Enabled ...

Page 101: ...munication channel tunnel between two gateway routers or a remote PC client and a gateway router The following types of tunnels can be created Gateway to gateway VPN Connects two or more routers to secure traffic between remote sites Remote Client client to gateway VPN tunnel A remote client such as a PC running VPN client software initiates a VPN tunnel The IP address of the remote PC client is n...

Page 102: ...C and a Pre shared Key PSK You can change these values later if you need to further configure any VPN parameters To configure a basic VPN STEP 1 Choose VPN IPsec Basic VPN Setup STEP 2 Choose to which peers the VPN tunnel will connect Gateway Connects the Cisco RV120W to a gateway using a secure tunnel VPN Client Connects the Cisco RV120W to remote clients The remote clients must run VPN client so...

Page 103: ...e Cisco RV120W will connect is located on that LAN NOTE The IP address range used on the remote LAN must be different from the IP address range used on the local LAN STEP 8 Click Save Viewing the Default VPN Settings To view the default VPN settings STEP 1 Choose VPN IPsec Basic VPN Setup STEP 2 Click View Default Settings Settings cannot be changed from this page but can be configured through the...

Page 104: ...on Type choose one of the following connection methods Initiator The router will initiate the connection to the remote end Responder The router will wait passively and respond to remote IKE requests Both The router will work in either Initiator or Responder mode STEP 4 Under Exchange Mode choose one of the following options Main This mode negotiates the tunnel with higher security but is slower Ag...

Page 105: ... identifier for this router Remote WAN Internet IP FQDN User FQDN DER ASN1 DN STEP 8 If you chose FQDN User FQDN or DER ASN1 DN as the identifier type enter the IP address or domain name in the Identifier field IKE SA Parameters The Security Association SA parameters define the strength and mode for negotiating the SA STEP 1 Choose the encryption algorithm or the algorithm used to negotiate the SA...

Page 106: ...lman DH Group algorithm which is used when exchanging keys The DH Group sets the strength of the algorithm in bits NOTE Ensure that the DH Group is configured identically on both sides of the IKE policy STEP 5 In the SA Lifetime field enter the interval in seconds after which the Security Association becomes invalid STEP 6 To enable dead peer detection check the Enable box Dead Peer Detection is u...

Page 107: ...H type None Disables XAUTH Edge Device Authentication is done by one of the following User Database User accounts created in the router are used to authenticate users See Configuring VPN Users page 105 RADIUS PAP Authentication is done using a RADIUS server and password authentication protocol PAP RADIUS CHAP Authentication is done using a RADIUS server and challenge handshake authentication proto...

Page 108: ...N tunnel or uncheck this box to disable NetBIOS broadcasts over the VPN tunnel For client policies the NetBIOS feature is available by default Local Traffic Selection and Remote Traffic Section STEP 1 For both of these sections configure the following settings Local Remote IP Select the type of identifier that you want to provide for the endpoint Any Specifies that the policy is for traffic from t...

Page 109: ...the Domain Name 1 field STEP 3 In the Domain Name Server 2 field specify a Domain Name server IP address which is used only to resolve the domain configured in the Domain Name 2 field STEP 4 In the Domain Name 1 field specify a domain name which will be queried only using the DNS server configured in the Domain Name Server 1 field STEP 5 In the Domain Name 2 field specify a domain name which will ...

Page 110: ...pends on the algorithm chosen DES 8 characters 3DES 24 characters AES 128 16 characters AES 192 24 characters AES 256 32 characters AES CCM 16 characters AES GCM 20 characters Key Out Enter the encryption key of the outbound policy The length of the key depends on the algorithm chosen as shown above Integrity Algorithm Select the algorithm used to verify the integrity of the data Key In Enter the ...

Page 111: ...icy Local Gateway WAN1 Remote Endpoint 10 0 0 1 Local IP Subnet 192 168 2 0 255 255 255 0 Remote IP Subnet 192 168 2 0 255 255 255 0 SPI Incoming 0x2222 Encryption Algorithm DES Key In 33334444 Key Out 11112222 SPI Outgoing 0x1111 Integrity Algorithm MD5 Key In 5566778888776655 Key Out 1122334444332211 Auto Policy Parameters If you chose auto as the policy type in Step 4 configure the following ST...

Page 112: ...grity of the data STEP 4 Under PFS Key Group check the Enable box to enable Perfect Forward Secrecy PFS to improve security While slower this protocol helps to prevent eavesdroppers by ensuring that a Diffie Hellman exchange is performed for every phase 2 negotiation STEP 5 Choose the IKE policy that will define the characteristics of phase 1 of the negotiation For information on creating these po...

Page 113: ...ntication Monitoring VPN Tunnel Status You can view and change the status of connect or drop the router s IPsec security associations by performing one of the following actions Choose VPN IPsec Advanced VPN Setup and click IPsec VPN Connection Status Choose Status IPsec Connection Status Here the active IPsec SAs security associations are listed along with the traffic details and tunnel state The ...

Page 114: ...sec VPN Users STEP 2 Under PPTP Server check the Enable box STEP 3 Enter the IP address of the PPTP server STEP 4 In the Starting IP Address field enter the starting IP address of the range of IPs to assign to connecting users STEP 5 In the Ending IP Address field enter the ending IP address of the range of IPs to assign to connecting users Field Description Policy Name IKE or VPN policy associate...

Page 115: ...Enter the password If you want the user to be able to change the password check the Enabled box STEP 6 Under Protocol choose the type of user QuickVPN The user is authenticated by the VPN server See Creating Cisco QuickVPN Client Users page 93 PPTP The user is authenticated by a PPTP server XAUTH The user is authenticated by an external authorization server such as a RADIUS server STEP 7 Click Sav...

Page 116: ...ntication You can obtain a digital certificate from a well known Certificate Authority CA such as VeriSign or generate and sign your own certificate using functionality available on this gateway The gateway comes with a self signed certificate and this can be replaced by one signed by a CA as per your networking requirements A CA certificate provides strong assurance of the server s identity and i...

Page 117: ...ter the subject of the certificate request The Subject field populates the CN Common Name entry of the generated certificate Subject names are usually defined in the following format CN OU O L ST C For example CN router1 OU my_company O mydept L SFO C US STEP 6 Choose the Hash Algorithm MD5 or SHA 1 The algorithm used to sign the certificate RSA is shown STEP 7 Enter the signature key length or th...

Page 118: ...tificate click the following Export for Admin Export the certificate for administrative backup purposes Export for Client Export the certificate to be downloaded on an endpoint that will connect to the Cisco RV120W as a VPN client Using the Cisco RV120W With a RADIUS Server A RADIUS server can be configured to maintain a database of user accounts and can be used for authenticating this device s us...

Page 119: ...re not allowed in this field STEP 5 In the Timeout field enter the timeout interval after which the Cisco RV120W re authenticates with the RADIUS server STEP 6 In the Retries field enter the number of retries for the Cisco RV120W to re authenticate with the RADIUS server STEP 7 Click Save Configuring 802 1x Port Based Authentication A port based network access control uses the physical access char...

Page 120: ...on Guide 111 5 STEP 4 Enter the username and password sent by the Cisco RV120W to the authenticator for authentication The username and password are the credentials sent to the authenticating server the device running 802 1X in an authenticator role for example a Cisco Catalyst switch STEP 5 Press Save ...

Page 121: ... to the insecure network WAN You can configure WAN QoS profiles to control the rate at which the RV120W transmits data For example limiting the outbound traffic helps you prevent the LAN users from consuming all of the bandwidth of the Internet link Configuring Global Settings To configure the WAN QoS global settings STEP 1 Choose QoS WAN QoS Profiles STEP 2 Under Global Settings a To enable WAN Q...

Page 122: ...dth Allocation Settings If the WAN QoS mode is set to Priority enter this information Each one of these values specifies the percentage of the total bandwidth 100 Mbps allocated to these priority levels If the WAN QoS mode is set to Rate Limit enter this information STEP 3 Click Save Adding WAN QoS Profiles To add a WAN QoS profile STEP 1 Choose QoS WAN QoS Profiles STEP 2 In the WAN QoS Profile T...

Page 123: ... more information STEP 3 From the Service drop down menu choose the service the profile applies to If the service you are looking for is not in the drop down menu you can configure a custom service in the Firewall page see Creating Custom Services page 83 STEP 4 From the Traffic Selector Match Type drop down menu choose the traffic selector to use to bind traffic to the profile Name Enter the name...

Page 124: ...e choose a priority value from the Traffic Forwarding Queue drop down menu These values mark traffic types with higher or lower traffic priority depending on the type of traffic STEP 4 Click Save Starting IP Address Enter the starting IP address of the range Ending IP Address Enter the ending IP address of the range MAC Address Enter the MAC address for any client device for example a PC or wirele...

Page 125: ...settings to DSCP values you must first enable the CoS to Queue option See Configuring CoS Settings page 115 for more information To map CoS settings to DSCP values STEP 1 Choose QoS CoS Settings CoS to DSCP STEP 2 In the CoS to DSCP field check Enable STEP 3 For each CoS priority level enter the corresponding DSCP value 0 63 The default value is 63 STEP 4 Click Save To restore the default CoS to D...

Page 126: ...s Configuring Password Rules page118 Using the Management Interface page118 Configuring Network Management page121 Configuring the WAN Traffic Meter page 123 Using Network Diagnostic Tools page 125 Capturing and Tracing Packets page 126 Configuring Logging page 126 Configuring the Discovery Settings page130 Configuring Time Settings page132 Backing Up and Restoring the System page 132 Upgrading Fi...

Page 127: ...aracter Classes Enter the minimum number of character classes for example uppercase letters lowercase letters numbers or special characters If you want the new password to be different than the old password check Enable If you want to expire passwords in the Password Aging field check Enable and enter the Password Aging Time or the number of days for the password to be active before it expires and...

Page 128: ...om any IP address Be sure to change the password if you select this option to prevent unauthorized persons from accessing your network IP Address Range If you want to restrict access to certain computers you can select a range of IP addresses Only computers having IP addresses in this range can access the Cisco RV120W management interface Choose one of the following IP Address Range Allow access t...

Page 129: ...onfigure the user accounts STEP 1 Choose Administration Management Interface User Accounts STEP 2 Click either Edit Admin Settings or Edit Guest Settings STEP 3 Enter the new username STEP 4 Enter the old password STEP 5 Enter the new password It is recommended that passwords contains no dictionary words from any language and are a mix of letters both uppercase and lowercase numbers and symbols Th...

Page 130: ... security Configuring SNMP To configure SNMP STEP 1 Choose Administration Network Management STEP 2 Under SNMP check Enable STEP 3 Click Save Editing SNMPv3 Users SNMPv3 parameters can be configured for the two default Cisco RV120W user accounts Admin and Guest To configure STEP 1 In the SNMPv3 User Table check the box for the user to edit and click Edit STEP 2 Under Security Level choose the amou...

Page 131: ...nt STEP 4 Choose the SNMP Version v1 v2c or v3 STEP 5 Enter the community string to which the agent belongs Most agents are configured to listen for traps in the Public community STEP 6 Click Save Configuring Access Control Rules The SNMP v1 v2c Access Control Table is a table of access rules that enables read only or read write access for select IP addresses in a defined SNMP agent s community To...

Page 132: ...ollowing information SysContact Enter the name of the contact person for this router Examples admin John Doe SysLocation Enter the physical location of the router Example Rack 2 4th Floor SysName The default system name is displayed To change click Edit and enter a name for easy identification of the router STEP 3 Click Save Configuring the WAN Traffic Meter The WAN traffic meter displays statisti...

Page 133: ...5 To increase the monthly limit for that month check Increase this Month s Limit by and enter the additional megabytes for that month STEP 6 Click Save To restart the traffic counter STEP 1 Choose Administration WAN Traffic Meter STEP 2 Under Traffic Counter select Restart Now or Specific Time and enter the time you want the traffic counter to restart STEP 3 Optional Check the box to send an email...

Page 134: ...n the network connected to this router To use PING STEP 1 Choose Diagnostics Network Tools STEP 2 Under Ping or Trace an IP Address enter an IP address or domain name and click Ping A popup window appears indicating the ICMP echo request status STEP 3 Optional Check the box if you want to allow PING traffic to pass through VPN tunnels Using Traceroute Traceroute displays all the routers present be...

Page 135: ...s not exist Capturing and Tracing Packets You can capture all packets that pass through a selected interface LAN or WAN To capture packets STEP 1 Choose Diagnostics Capture Packets STEP 2 Click Packet Trace a new window appears STEP 3 Select the interface whose packets you want to trace and click Start To stop the packet capture click Stop You can click Download to save a copy of the packet captur...

Page 136: ...outing logs check the box to choose one or both of the following for each type Accepted Packets Check this box to log packets that were successfully transferred through the segment This option is useful when the Default Outbound Policy is Block see Configuring the Default Outbound Policy page 67 For example if Accept Packets is checked for LAN to WAN and there is a firewall rule to allow ssh traff...

Page 137: ...ted to the router STEP 4 Under other events logs select the type of event to be logged The following events can be recorded Source MAC Filter Check this box to log packets matched due to source MAC filtering Uncheck this box to disable source MAC filtering logs Bandwidth Limit Check this box to log packets dropped due to Bandwidth Limiting STEP 5 Click Save Configuring Remote Logging To configure ...

Page 138: ... the logs and alerts are to be sent Authentication with SMTP server If the SMTP server requires authentication before accepting connections select either Login Plain or CRAM MD5 and enter the Username and Password to be used for authentication To disable authentication select None Respond to Identd from SMTP Server Check this box to configure the router to respond to an IDENT request from the SMTP...

Page 139: ...nP Bonjour is a service advertisement and discovery protocol Universal Plug and Play UPnP is a networking protocol that allows devices to discover each other and communicate on the network Configuring Bonjour To configure Bonjour STEP 1 Choose Administration Discovery Settings Discovery Bonjour STEP 2 Check the Enable box to enable Bonjour on the router Unchecking this will disable Bonjour STEP 3 ...

Page 140: ...to plug and play devices connected to it on VLAN 1 and plug and play devices joining the network can connect to the Cisco RV120W If you have other VLANs created on your network you can enable UPnP on those VLANs too See Configuring Virtual LAN VLAN Membership page 30 for more information The UPnP Portmap Table shows IP addresses and other settings of UPnP devices that have accessed the Cisco RV120...

Page 141: ... in minutes that the clock will be offset during daylight saving time STEP 4 Select whether to use a Network Time Protocol NTP server or set the time and date manually STEP 5 If you chose NTP choose to use either a default NTP server or a custom NTP server STEP 6 If you chose to use a default NTP server choose the server you want to use from the list If you chose to use a custom NTP server enter t...

Page 142: ... file on the PC To save a copy of your router s mirror configuration click Backup Mirror Configuration The browser downloads the configuration file and prompts you to save the file on the PC The mirror image is the last working configuration The startup configuration is the configuration that the device used to boot up The startup and mirror configurations can differ For example if you made change...

Page 143: ...to a newer firmware version from the Administration Firmware Upgrade page To upgrade STEP 1 Click Browse locate and select the downloaded firmware and click Upload STEP 2 Optional Check the box to reset all configuration and settings to the default values Do not check this box if you want to keep any settings you have changed on the router STEP 3 Click Start Firmware Upgrade After the new firmware...

Page 144: ...n the PC or do anything else to the router until the operation is complete This should take about a minute When the test light turns off wait a few more seconds before doing anything with the router STEP 4 To restore factory defaults to the router choose Administration Restore Factory Defaults Click Default CAUTION Do not perform this procedure unless you want to erase all configuration you have p...

Page 145: ...42 IPsec Connection Status page 143 Viewing VPN Client Connection Status page 144 Viewing Logs page 145 Viewing Available LAN Hosts page 146 Viewing Port Triggering Status page 147 Viewing Port Statistics page 148 Viewing Open Ports page 149 Viewing the Dashboard The Dashboard page provides you with a view of important router information To view the Dashboard STEP 1 Choose Status Dashboard STEP 2 ...

Page 146: ...n sheet click Close The Dashboard page displays the following Device Information Resource Utilization Syslog Summary Indicates whether logging is enabled for these event categories Emergency Alert Critical Error Warning Host Name The name of the device To change the name click Edit See Configuring IPv4 LAN Local Network Settings page 27 Firmware Version The current software version the device is r...

Page 147: ...tistics page 148 Wireless Networks Lists the status of the four wireless network SSIDs To view the router s wireless settings click details For more information see Viewing the Wireless Statistics page 142 MAC Address The MAC address of the router IPv4 Address The local IP address of the router To change the IP address see Configuring the IPv4 WAN Internet page 20 DHCP Server The status of the rou...

Page 148: ...setting click its corresponding Edit link The System Summary page displays this information System Information Site to Site Tunnels Displays the connected IPSec VPN tunnels PPTP Users The number of Point to Point Tunneling Protocol PPTP users QuickVPN Users The number of QuickVPN users Host Name The name of the device Firmware Version Current software version the device is running Firmware MD5 Che...

Page 149: ...nd subnet mask of the device shown only if IPv6 is enabled DHCP Server The status of the router s DHCP server enabled or disabled If it is enabled DHCP client machines connected to the LAN port receive their IP address dynamically DHCP Relay Whether the device is acting as a DHCP relay DHCPv6 Server Whether the device s DHCPv6 server is enabled or disabled If it is enabled DHCPv6 client systems co...

Page 150: ... time at which lease is obtained from the DHCP server Lease Duration The duration for which the lease remains active IP Address The WAN Address of the device Subnet Mask The subnet mask of the WAN port Gateway The gateway IP address of the WAN port Primary DNS Server The IP address of the primary DNS server Secondary DNS Server The IP address of the secondary DNS server NAT IPv4 Only Mode Connecti...

Page 151: ...erval field enter the number of seconds the router waits before updating the information on this page STEP 4 Click Start to restart automatic refresh at the specified poll interval Operating Frequency Displays the operational frequency band Wireless Network Mode Displays the Wi Fi mode of the radio for example N or N G Channel Displays the current channel in use by the radio SSID The name of the S...

Page 152: ...ts before updating the information on this page STEP 4 Click Start to restart automatic refresh at the specified poll interval SSID The name of the wireless network Packets The number of received sent wireless packets reported to the radio over all configured and active SSIDs Bytes The number of received sent bytes of information reported to the radio over all configured APs Errors The number of r...

Page 153: ...Poll Interval field enter the number of seconds the router waits before updating the information on this page STEP 4 Click Start to restart automatic refresh at the specified poll interval Policy Name The name of the IKE or VPN policy associated with this SA Endpoint Displays the IP address of the remote VPN gateway or client Kbytes The data transmitted in KB over this SA Packets The number of IP ...

Page 154: ...lick Send Logs Username The username of the VPN user associated with the QuickVPN or PPTP tunnel Remote IP Displays the IP address of the remote QuickVPN client This could be a NAT Public IP if the client is behind the NAT router Status Displays the current status of QuickVPN client OFFLINE means that QuickVPN tunnel is not initiated established by the VPN user ONLINE means that QuickVPN Tunnel in...

Page 155: ...e of the following options STEP 3 Click Refresh to display the latest LAN host information The Available LAN Local Network Hosts page displays the following fields All Displays a list of all devices connected to the router Wireless Displays a list of all devices connected through the wireless interface Wired Displays a list of all devices connected through the Ethernet ports on the router Name The...

Page 156: ...ynamically whenever traffic that matches the port triggering rules flows through them The Port Triggering Status page displays the following fields Click Refresh to refresh the current page and obtain the latest statistics LAN Local Network IP Address Displays the LAN IP address of the device which caused the ports to be opened Open Ports Displays the ports that have been opened so that traffic fr...

Page 157: ...alue you enter in the Poll Interval field For example if you enter a poll interval value of 5 the router refreshes the information on this page every 5 seconds This table displays the data transfer statistics for the Dedicated WAN LAN and WLAN ports including the duration for which they were enabled The Port Statistics page displays this information Port The name of the port Status The status of t...

Page 158: ...w used by the port Recv Q The number of bytes not copied by the program connected to this port Send Q The number of bytes not acknowledged by the program connected to this port Local Address The address and port number of the local end of this socket Foreign Address The address and port number of the remote end of this socket State The state of the port PID Program name The process ID PID and name...

Page 159: ...ftware This appendix includes the following sections Before You Begin page150 Installing the Cisco QuickVPN Software page 151 Using the Cisco QuickVPN Software page 152 Before You Begin The QuickVPN program only works with a router that is properly configured to accept a QuickVPN connection You must perform the following steps STEP 1 Enable remote management See Configuring Remote Management page ...

Page 160: ...reement The InstallShield Wizard copies the appropriate files to the computer STEP 3 Click Browse and choose where to copy the files to for example C Cisco Small Business QuickVPN Client STEP 4 Click Next STEP 5 Click Finish to complete the installation Downloading and Installing from the Internet STEP 1 Open a web browser and enter the following URL http tools cisco com support downloads STEP 2 E...

Page 161: ...hat the QuickVPN client will use to communicate with the remote VPN router or keep the default setting Auto To save this profile click Save If there are multiple sites to which you will need to create a tunnel you can create multiple profiles but note that only one tunnel can be active at a time To delete this profile click Delete For information click Help STEP 3 To begin your QuickVPN connection...

Page 162: ...ission to change your own password you will see the Connect Virtual Private Connection window Enter your password in the Old Password field Enter your new password in the New Password field Then enter the new password again in the Confirm New Password field Click OK to save your new password Click Cancel to cancel your change For information click Help NOTE You can change your password only if the...

Page 163: ...ww cisco com en US support tsd_cisco_small_business _support_center_contacts html Cisco Small Business Firmware Downloads www cisco com go software Select a link to download firmware for Cisco Small Business Products No login is required Cisco Small Business Open Source Requests www cisco com go smallbiz_opensource_request Product Documentation Cisco RV120W www cisco com go smallbizrouters Cisco S...