Cisco Small Business RV220W, Administration Manual

Page 1: ...Cisco Small Business RV220W Wireless N Network Security Firewall ADMINISTRATION GUIDE ...

Page 2: ...f Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R ...

Page 3: ... PPPoE Profiles for Point to Point Protocol over Ethernet Connections 20 Managing PPPoE Profiles 20 Adding and Editing PPPoE Profile Settings 21 LAN Configuration for IPv4 22 IPv4 LAN Local Network 22 VLAN Membership 24 Multiple VLAN Subnets 26 Viewing the Multiple VLAN Subnets Table 26 Entering the Multiple VLAN Subnets Properties 26 Static DHCP 28 Advanced DHCP Configuration 29 DHCP Leased Clien...

Page 4: ...ting Advertisement Prefixes 49 Chapter 3 Configuring the Wireless Network 50 About Wireless Security 50 Wireless Security Tips 51 General Network Security Guidelines 52 Basic Settings 53 Security Settings for Wireless Networks 56 MAC Filtering for Wireless Network Access Control 58 Connected Clients 59 Wi Fi Multimedia and Quality of Service Settings 60 SSID Schedule for Network Availability 61 Ad...

Page 5: ...NAT Rules 83 Adding or Editing a One to One NAT Rule 84 MAC Address Filtering 85 IP MAC Address Binding 86 Custom Services 87 Managing Custom Services 87 Adding or Editing a Custom Service 88 Schedules for Firewall Rules and Port Forwarding Rules 89 Managing Schedules 89 Adding or Editing a Schedule 90 Session Settings 91 Internet Group Management Protocol IGMP 92 Enabling IGMP and Managing the Al...

Page 6: ...ced VPN Parameters 111 Managing IKE and VPN Policies 112 Configuring IKE Policies 113 Configuring VPN Policies 117 Configuring VPN Users 122 Configuring VPN Passthrough 124 SSL VPN Server 124 Access Options for SSL VPN 125 Security Tips for SSL VPN 125 Elements of SSL VPN 126 Portal Layouts 126 Managing Portal Layouts 127 Adding or Editing a Portal Layout 127 SSL VPN Policies 129 About SSL VPN Pol...

Page 7: ... Authentication 141 Importing a Trusted Certificate from a File 143 Importing an Active Self Certificate from a File 143 Generating a Certificate Request 144 Viewing a Certificate Request 145 Using the Cisco RV220W With a RADIUS Server 146 Managing RADIUS Server Configurations 146 Adding or Editing a RADIUS Server Configuration 147 Configuring 802 1x Port Based Authentication 148 Chapter 8 Configu...

Page 8: ...y IP Address 167 Network Management SNMP 169 SNMP Users and Trap Settings 169 Managing User Security Settings and Trap Settings 169 Configuring the User Security Settings for SNMP 170 Configuring SNMP Traps 171 SNMP System Information 171 WAN Traffic Meter 172 Diagnostics 174 Network Tools 174 Capture Packets 176 Logging 176 Logging Policies 176 Managing Logging Policies 177 Configuring a Logging ...

Page 9: ...ry 196 Viewing the Wireless Statistics 199 Viewing the IPsec Connection Status 200 Viewing the VPN Client Connection Status 201 Viewing Logs 202 Viewing Available LAN Hosts 202 Viewing the Port Triggering Status 203 Viewing Interface Statistics 203 Viewing Port Statistics 204 Viewing Open Ports 206 Viewing Active Users 206 Viewing the SSL VPN Connection Information Status 207 Appendix A Installing...

Page 10: ...n 216 Connecting to Your Wireless Network 217 Appendix B Using Cisco QuickVPN 218 Overview 218 Before You Begin 218 Installing the Cisco QuickVPN Software 219 Installing from the CD ROM 219 Downloading and Installing from the Internet 221 Using the Cisco QuickVPN Software 221 Appendix C Glossary 224 Appendix D Where to Go From Here 228 ...

Page 11: ...It allows multiple computers in your office to share an Internet connection through both wired and wireless connections The RV220W Network Security Firewall delivers high performance high security wired and wireless connectivity to the Internet other offices and employees working remotely to speed file transfers and help improve the productivity of employees in a small office Hybrid VPN capabiliti...

Page 12: ... of the Cisco RV220W If DHCP is enabled the default setting your PC becomes a DHCP client of the RV220W and receives an IP address in the 192 168 1 xxx range Note You may need to configure your PC to obtain its IP address from a DHCP server STEP 2 Start a web browser on your PC STEP 3 In the Address bar enter the LAN IP address of the RV220W default 192 168 1 1 Note If Bonjour is enabled the defau...

Page 13: ...ard asks you for information about your Internet connection If you do not have the required information contact your Internet Service Provider ISP to obtain it During the setup process the Setup Wizard asks you to enter a new password To protect your router from unauthorized access create a new password that is hard to guess While you are entering the password the Setup Wizard provides you with in...

Page 14: ...nfiguring your settings you should use these links to verify the configuration The Other Resources section includes these links Support Click the link to visit the Cisco RV Series Routers page on Cisco com This page provides links to technical documentation product literature and other resources Forums Click this link to visit the Cisco Small Business Support Community on Cisco com To prevent the ...

Page 15: ... which is required if you want to enable a VPN See User Management page 158 If your connection is not working or your Internet service requires a login account and password see WAN Settings for IPv4 page16 If you already have a DHCP server on your network and you do not want the Cisco RV220W to act as a DHCP server see LAN Configuration for IPv4 page 22 Configure your wireless network especially w...

Page 16: ... page 16 LAN Configuration for IPv4 page 22 Routing page 31 Port Management page 37 Dynamic DNS page 38 IPv6 page 39 WAN Settings for IPv4 Use the Networking WAN menu to set up your Internet connection for your IPv4 network Configuring the IPv4 WAN Settings page 17 PPPoE Profiles for Point to Point Protocol over Ethernet Connections page 20 NOTE For instructions on configuring your RV220W for an I...

Page 17: ... Enter the IP address mask default gateway and DNS server information The fields are described in the table below this step PPPoE Choose this option if your service provider gave you a Point to Point Protocol over Ethernet PPPoE connection to the Internet used mainly with asymmetric DSL In the PPPoE section choose a PPPoE Profile Name If you have not yet created PPPoE profiles click the Configure ...

Page 18: ...for your Internet account Secret If required by your service provider enter the secret phrase used to log in to the server MPPE Encryption If your service provider s PPTP server supports Microsoft Point to Point Encryption MPPE check the Enable box Connection Type Choose the connection type Keep Connected The Internet connection is always on Idle Time The Internet connection is on only when traffi...

Page 19: ...unique 48 bit local Ethernet hardware address In most cases the RV220W s default MAC address is used to identify your Cisco RV220W to your ISP However you can change this setting if required by your ISP Use Default Address recommended Use this computer s MAC Choose this option to assign the MAC address of the computer that you are using to configure the RV220W Use This MAC Choose this option if yo...

Page 20: ...tworking WAN Internet PPPoE Profiles page to view add edit or delete PPPoE profiles To open this page In the navigation tree choose Networking WAN Internet PPPoE Profiles Perform these tasks To add a profile click Add Then enter the settings on the Add Edit PPPoE Profile Configuration page See Adding and Editing PPPoE Profile Settings page 21 To edit a profile check the box and then click Edit The...

Page 21: ...ds back authentication credentials with the security type sent earlier by the server PAP The RV220W uses Password Authentication Protocol PAP when connecting with the ISP CHAP The RV220W uses Challenge Handshake Authentication Protocol CHAP when connecting with the ISP MS CHAP The RV220W uses Microsoft Challenge Handshake Authentication Protocol when connecting with the ISP MS CHAPv2 The RV220W us...

Page 22: ...gs are satisfactory You can make changes to suit your requirements For example you may want to make the following types of changes DHCP server options If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs disable DHCP DNS server or WINS server Instead of using a DNS server you can use a Windows Internet Naming Servic...

Page 23: ... launch the configuration utility You may need to release and renew the IP address of your PC if using DHCP or configure a static IP address in the same subnet as the RV220W STEP 3 In the DHCP section choose the DHCP Mode and enter the required settings Note If you need to reserve IP addresses for devices on your network click the Configure Static DHCP button For more information see Static DHCP p...

Page 24: ... disable DHCP on the Cisco RV220W If you want another device on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs disable DHCP STEP 4 In the LAN Local Network Proxy section check Enable to enable the Cisco RV220W to act as a proxy for all DNS requests and to communicate with the ISP s DNS servers STEP 5 Click Save to save your settings or...

Page 25: ...eck the box to disable this feature Device Management Check the box to enable this feature or uncheck the box to disable it This setting determines whether or not clients can access the Cisco RV220W Configuration Utility on this VLAN To prevent access to this utility from this VLAN disable this feature Port 1 4 For each of the ports choose one of the following options Tagged Used when connecting t...

Page 26: ... 26 Entering the Multiple VLAN Subnets Properties To open this page Choose Edit on the Networking LAN Local Network Multiple VLAN Subnets page STEP 1 In the LAN Local Network Configuration section keep the default IP Address and Subnet Mask or change them as needed for your network Note If you change the LAN IP address of VLAN 1 you will need to use the new IP address to launch the configuration u...

Page 27: ...duration in hours for which IP addresses are leased to clients DHCP Relay Choose this option to enable the relay gateway to transmit DHCP messages between multiple subnets Then enter the address of the relay gateway in the Relay Gateway field None Use this to disable DHCP on the VLAN subnet If you want another device on your network to be the DHCP server for devices on the VLAN subnet or if you ar...

Page 28: ...specified on the Networking LAN Local Network IPv4 LAN Local Network page The DHCP server will serve the reserved IP address only to the device with the corresponding MAC address MAC Address Enter the MAC address of the device without punctuation The punctuation is added automatically using the following format XX XX XX XX XX XX where X is a number from 0 to 9 inclusive or an alphabetical letter b...

Page 29: ...ess Choose this option to identify the server by its IP address Enter the IP address in the TFTP Server IP field STEP 2 Click Save to enable the downloads or click Cancel to reload the page with the current settings Note The mapping table is available only if you enabled Automatic Configuration Download and saved the settings STEP 3 In the DHCP Client Device vs Configuration File Mapping Table per...

Page 30: ...rking LAN Local Network DHCP Leased Client page to view the endpoints that are receiving IP addresses from the Cisco RV220W s DHCP server To open this page In the navigation tree choose Networking LAN Local Network DHCP Leased Client The endpoints are listed by IP address and MAC address You cannot edit this list Jumbo Frames Use the Jumbo Frames page to allow devices to send frames within the LAN...

Page 31: ...e of the following options Gateway NAT If your ISP has assigned you a single IP address select this option to use Network Address Translation NAT to allow devices in your private network to share your public IP address Router This routing mode classical routing is used if your ISP has assigned you multiple IP addresses so that you have an IP address for each endpoint on your network You must confi...

Page 32: ...ateway The gateway used for this route Genmask The netmask for the destination network Flags For debugging purpose only possible flags include U Route is up H Target is a host G Use gateway R Reinstate route for dynamic routing D Dynamically installed by daemon or redirect M Modified from routing daemon or redirect A Installed by addrconf C Cache entry Reject route Metric The distance to the targe...

Page 33: ...tic Routes page 34 Managing Static Routes Use the Networking Routing Static Routes page to view add edit and delete static routes To open this page In the navigation tree choose Networking Routing Static Routes Perform these tasks To add a new route click Add Then enter the settings on the Add Edit Static Route Configuration page For more information see Configuring Static Routes page 34 To edit a...

Page 34: ...l RIP broadcast or multicast Uncheck this box if the route can be shared with other routers when RIP is enabled Destination IP Address Enter the IP address of the destination host or network to which the route leads For a standard Class C IP domain the network address is the first three fields of the Destination LAN IP the last field should be zero IP subnet mask Enter the IPv4 Subnet Mask for the...

Page 35: ...namic Routing STEP 1 In the RIP Configuration section enter these settings RIP Direction Choose one of the following options None The RV220W neither broadcasts its route table nor does it accept any RIP packets from other routers and RV220Ws This option disables RIP In Only The RV220W accepts RIP information from other routers and RV220Ws but does not broadcast its routing table Out Only The RV220...

Page 36: ...routers and RV220Ws present in the network The second key also acts as a failsafe when authorization with first key fails STEP 3 If you enabled RIP v2 authentication enter the following first and second key parameters as described below This section of the page is available only if you enabled RIP v2 Authentication MD5 Key ID Input the unique MD 5 key ID used to create the Authentication Data for ...

Page 37: ...d Auto Negotiation is enabled by default This setting is available only when the Enable box is checked Duplex If you disabled Auto Negotiation choose either half or full duplex based on the port support The default is full duplex for all ports This setting is available only when the Auto Negotiation box is unchecked Speed If you disabled Auto Negotiation choose one of the following port speeds 10 ...

Page 38: ...one disables this service STEP 2 Enter the settings for the selected service If you selected DynDNS com enter these settings Specify the complete Host Name and Domain Name for the DDNS service Enter the DynDNS account Username Enter the DynDNS account Password Re enter it in the Confirm Password box Check the Use Wildcards box to enable the wildcards feature which allows all subdomains of your Dyn...

Page 39: ...e 40 Configuring IPv6 LAN Properties page 41 Configuring IPv6 Static Routing page 43 Configuring IPv6 to IPv4 Tunneling page 45 Configuring Router Advertisement page 46 RADVD Advertisement Prefixes page 48 IP Mode To open this page In the navigation tree click Networking IPv6 IP Mode Choose one of the following options IPv4 only Choose this option if your network supports only IPv4 devices and doe...

Page 40: ...your service provider gave you a Static IP connection to the Internet your Internet Service Provider ISP has assigned you an IP address that does not change Enter the IP address mask default gateway and DNS server information The fields are described in the table below this step STEP 2 If you chose Static IPv6 as the connection type enter the Static IP Address settings IPv6 Address Enter the IPv6 ...

Page 41: ...dresses from configured address pools with the IPv6 Prefix Length assigned to the LAN To open this page In the navigation tree choose Networking IPv6 IPv6 LAN Local Network STEP 1 In the LAN TCP IP Setup section enter these settings IPv6 Address Enter the IP address of the Cisco RV220W The default IPv6 address for the gateway is fec0 1 You can change this 128 bit IPv6 address based on your network...

Page 42: ...is 255 DNS Servers Choose the DNS proxy behavior Use DNS Proxy If you choose this option the RV220W acts as a proxy for all DNS requests and communicate with the ISP s DNS servers as configured in the WAN settings page Use DNS from ISP If you choose this option the ISP defines the DNS servers primary secondary for the LAN DHCP client Use Below If you choose this option you specify the primary seco...

Page 43: ...peer routers and RV220Ws that do not support dynamic routing protocols Static routes can be used together with dynamic routes Be careful not to introduce routing loops in your network Managing IPv6 Static Routes Configuring an IPv6 Static Route Managing IPv6 Static Routes Use the Networking IPv6 Routing page to view add edit or delete static routes To open this page In the navigation tree choose N...

Page 44: ...ects to is not available when you add the route When the network becomes available the route can be enabled IPv6 Destination Enter the IPv6 address of the destination host or network for this route IPv6 Prefix Length Enter the number of prefix bits in the IPv6 address that define the destination subnet Interface Choose the physical network interface through which this route is accessible WAN Inter...

Page 45: ...ancel to reload the page with the current settings STEP 2 In the IPv6 Tunnel Status Table click Refresh to see the most recent data for the IPv6 tunnel if enabled For each tunnel the table shows the Tunnel Name the IPv6 Addresses and the ISATAP Subnet Prefix STEP 3 In the ISATAP Tunnel Table view add edit or delete entries as described below To add an entry click Add Intra Site Automatic Tunnel Ad...

Page 46: ...If the endpoint is not on the local network choose Other IP and then specify the IPv4 address of the endpoint ISATAP Subnet Prefix Enter the 64 bit subnet prefix that is assigned to the logical ISATAP subnet for this intranet This setting can be obtained from your ISP or Internet registry or derived from RFC 4193 STEP 2 Click Save to save your settings or click Cancel to reload the page with the c...

Page 47: ...anaged When enabled this flag instructs hosts to use an administered stateful configuration protocol DHCPv6 to obtain stateful addresses Other When enabled this flag instructs hosts to use an administered stateful configuration protocol DHCPv6 to obtain other non address information such as DNS server addresses Router Preference Choose Low Medium or High This preference metric is useful in a netwo...

Page 48: ...e Networking IPv6 Advertisement Prefixes page to view add edit or delete RADVD advertisement prefixes To open this page In the navigation tree choose Networking IPv6 Advertisement Prefixes Perform these tasks To add an entry click Add Then enter the settings on the Add Edit Advertisement Configuration page See Adding and Editing Advertisement Prefixes page 49 To edit an entry check the box and the...

Page 49: ...obal Local ISATAP Choose this option to advertise a global local or ISATAP prefix IPv6 global addresses are globally routable similar to IPv4 public addresses Your ISP will typically provide you a block of globally routable IPv6 addresses that you could configure for stateless autoconfiguration Local IPv6 addresses are similar to your IPv4 LAN addresses which are not globally routable If you choos...

Page 50: ...curity Wireless networks are convenient and easy to install As a result businesses with high speed Internet access are adopting them at a rapid pace Because wireless networking operates by sending information over radio waves it can be more vulnerable to intruders than a traditional wired network Like signals from your cellular or cordless phones signals from your wireless network can also be inte...

Page 51: ...password set by the factory Hackers know these published defaults and may try to use them to access your wireless device and change your network settings To thwart any unauthorized changes customize the device s password so it will be hard to guess See User Management page 158 Enable MAC address filtering Cisco routers and gateways give you the ability to enable Media Access Control MAC address fi...

Page 52: ... windows Turn wireless routers access points or gateways off when they are not being used for example at night or during vacations Use strong passphrases that are at least eight characters in length Combine letters and numbers to avoid using standard words that can be found in the dictionary See Password Rules for Password Complexity page156 General Network Security Guidelines Wireless network sec...

Page 53: ...ireless network This page provides access to related pages where you can configure security MAC filtering and Wi Fi Multimedia quality of service values To open this page In the navigation tree choose Wireless Basic Settings STEP 1 At the top of the page enter these settings Radio Click Enable to enable the radio or click Disable to disable it By default the radio is enabled Disabling it prevents ...

Page 54: ...he environment noise levels for the available channels The Current Channel field displays the currently selected channel and frequency The default setting is Auto Default Transmit Power Enter a value in dBm that is the default transmitted power level The default setting is 30 STEP 2 After modifying the radio settings click Save to save your settings or click Cancel to reload the page with the curr...

Page 55: ... network to prevent it from being overloaded for example To edit the security mode for a wireless network select a network and then click Edit Security Mode Enter the settings on the Wireless Basic Settings Security Settings page See Security Settings for Wireless Networks page 56 To restrict access to a wireless network based on MAC addresses select a network and then click Edit MAC Filtering Ent...

Page 56: ... on this wireless network from accessing devices on other wireless networks To allow access click Disable Security Choose a security mode Disabled Any device can connect to the network Not recommended Wired Equivalent Privacy WEP Weak security with a basic encryption method that is not as secure as WPA WEP may be required if your network devices do not support WPA however it is not recommended Wi ...

Page 57: ...ssword As you type the password a message indicates the strength For a stronger password enter at least eight characters including a variety of character types numbers upper and lowercase letters and symbols Unmask Password Check the box if you want to see the key as typed Otherwise the password is masked Key Renewal Enter the number of seconds after which the Cisco RV120W will generate a new key ...

Page 58: ...ork select it from the Select SSID list and then repeat this procedure MAC Filtering for Wireless Network Access Control Use the MAC Filtering page to permit or deny access to the wireless network based on the MAC hardware address of the requesting device For example you can enter the MAC addresses of a set of PCs and only allow those PCs to access the network MAC filtering is configured separatel...

Page 59: ...ontrol List where you can paste the copied address into a MAC address field STEP 5 Click Save to save your settings or click Cancel to reload the page with the current settings Click Back to return to the Wireless Basic Settings page If you need to configure the settings for another network select it from the Select SSID list and then repeat this procedure Connected Clients Use the Connected Clien...

Page 60: ... queue for the traffic The Differentiated Services Code Point DSCP field identifies the data packet and the output queue identifies the priority in which the packet is transmitted Voice 4 or Video 3 High priority queue minimum delay Typically used to send time sensitive data such as video and other streaming media Best Effort 2 Medium priority queue medium throughput and delay Most traditional IP ...

Page 61: ...ule check the enable box In this case if a network is enabled it is available only between the specified Start Time and Stop Time To disable a schedule uncheck the box In this case if a network is enabled it is always available Start Time Use the lists to specify the time when the network becomes available each day Stop Time Use the lists to specify the time when the network becomes unavailable ea...

Page 62: ...shold setting consumes more bandwidth but can help the network to recover from interference or collisions The default value is 2346 which effectively disables RTS Fragmentation Threshold Enter the frame length in bytes that requires packets to be split into two or more frames It may be helpful to reduce the Fragmentation Threshold in areas experiencing interference However only minor changes are r...

Page 63: ...ork mode channel and security encryption none WEP WPA or WPA2 with the exact same WPA password preshared key on the first SSID other SSIDs cannot be used for communicating with WDS peers RV220W supports up to 3 WDS peers To open this page In the navigation tree choose Wireless WDS STEP 1 Check the Enable box to enable WDS in the Cisco RV220W Otherwise uncheck the box WDS is disabled by default STE...

Page 64: ...Settings page 82 Firewall Configuration Examples page 94 Cisco RV220W Firewall Features You can secure your network by creating and applying access rules that the Cisco RV220W uses to selectively block and allow inbound and outbound Internet traffic You then specify how and to what devices the rules apply You can configure the following Services or traffic types examples web browsing VoIP other st...

Page 65: ...ssed by the WAN or public network Inbound Internet to LAN rules restrict access to traffic entering your network selectively allowing only specific outside users to access specific local resources By default all access from the insecure WAN side is blocked from accessing the secure LAN except in response to requests from the LAN or DMZ To allow outside devices to access services on the secure LAN ...

Page 66: ...fic to the Internet NOTE The default inbound policy for traffic from the Internet to your secure local network LAN is always blocked and cannot be changed You can create Access Rules to allow specified types of inbound traffic To open this page In the navigation tree choose Firewall Access Rules STEP 1 In the Default Outbound Policy section choose whether to allow or block traffic from your LAN to...

Page 67: ...Access Rule Priorities page 71 Adding and Editing Access Rules Use the Add Edit Access Rule Configuration page to configure an Access Rule for a specified type of inbound or outbound traffic NOTE If you want to configure an access rule that is automatically activated or deactivated for specified days and times click Firewall Advanced Settings Schedules to configure a schedule Then return to this p...

Page 68: ...and services To add a service that is not in the list click the Configure Services button After configuring a service you can use your browser s Back button to return to this page By default the list includes the following services AIM AOL Instant Messenger BGP Border Gateway Control BOOTP_CLIENT Bootstrap Protocol client BOOTP_SERVER Bootstrap Protocol server CU SEEME videoconferencing UDP or TCP...

Page 69: ...ocol SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol TCP or UDP SNMP TRAPS TCP or UDP SQL NET Structured Query Language SSH TCP or UDP STRMWORKS TACACS Terminal Access Controller Access Control System TELNET command TFTP Trivial File Transfer Protocol RIP Routing Information Protocol IKE SHTTPD Simple HTTPD web server IPSEC UDP ENCAP UDP Encapsulation of IPsec packets ID...

Page 70: ...nation IP field The router supports multi NAT which allows multiple public IP addresses for a single WAN interface If your ISP assigns you more than one public IP address one of these can be used as your primary IP address on the WAN port and the others can be assigned to servers on the LAN In this way the LAN can be accessed from the Internet by multiple public IP addresses STEP 3 For outbound ru...

Page 71: ...affic from the LAN Local Network to the WAN Internet Inbound Rules affecting traffic from the WAN Internet to the LAN Local Network STEP 2 Check the box for one or more rules that you want to move STEP 3 Perform the following tasks Move the selection to the top of the list Click the up arrow button If you selected one rule it will become the first rule in the Priority column If you selected multip...

Page 72: ...cessing power and bandwidth and prevent regular network services from running normally ICMP packet flooding SYN traffic flooding and Echo storm thresholds can be configured to temporarily suspend traffic from the offending source To open this page In the navigation tree choose Firewall Attack Prevention STEP 1 In the WAN Internet Security Checks section check or uncheck the Enable box to enable or...

Page 73: ...nted packets from ANY to ANY Enabled by default Block Multicast Packets ICSA requires the firewall to block multicast packets Enabled by default STEP 4 Click Save to save your settings or click Cancel to reload the page with the current settings Content Filtering Use the Firewall Content Filtering page to enable and configure content filtering For example you can block potentially risky web compon...

Page 74: ...feature blocks proxy servers Java Blocks java applets from being downloaded from pages that contain them Java applets are small programs embedded in web pages that enable dynamic functionality of the page A malicious applet can be used to compromise or infect computers Enabling this setting blocks Java applets from being downloaded ActiveX Similar to Java applets ActiveX controls are installed on ...

Page 75: ...r keyword as described above To delete an entry check the box and then click Delete To select all entries check the box in the heading row STEP 5 Click Save to save your settings or click Cancel to reload the page with the current settings URL Blocking Use the Firewall URL Blocking page to block access to websites that contain specified keywords in the URL To open this page In the navigation tree ...

Page 76: ...because a rule does not have to reference a specific LAN IP or IP range Ports are also not left open when not in use thereby providing a level of security that port forwarding does not offer NOTE Port triggering is not appropriate for servers on the LAN since there is a dependency on the LAN device making an outgoing connection before incoming ports are opened Some applications require that when e...

Page 77: ...message appears click OK to continue with the deletion or otherwise click Cancel Adding and Editing Port Triggering Rules Use the Add Edit Port Triggering Rule page to enter the settings for a port triggering rule To open this page From the Firewall Port Triggering page click Add or select a rule and then click Edit STEP 1 At the top of the page enter these settings Name Enter an easily identifiab...

Page 78: ...dding or Editing a Port Forwarding Rule page 79 Managing Port Forwarding Rules Use the Firewall Port Forwarding page to view add edit or delete port forwarding rules To open this page In the navigation tree choose Firewall Port Forwarding The Port Forwarding Rule Table lists all the available port forwarding rules for this device and allows you to configure port forwarding rules The table contains...

Page 79: ...continue with the deletion or otherwise click Cancel Adding or Editing a Port Forwarding Rule Use the Add Edit Port Forwarding Configuration page to configure port forwarding rules To open this page From the Firewall Port Forwarding page click Add or select a rule and then click Edit STEP 1 Choose the Action and Schedule if applicable Always Block Always block the selected type of traffic Always A...

Page 80: ...ng Information Protocol DNS Domain Name System UDP or TCP RLOGIN Remote login FINGER RTELNET Remote telnet FTP File Transfer Protocol RTSP Real Time Streaming Protocol TCP or UDP HTTP Hyptertext Transfer Protocol SFTP Secure Shell File Transfer Protocol HTTPS Secure Hypertext Transfer Protocol SHTTPD Simple HTTPD web server ICMP Internet Control Message Protocol type 3 through 11 or 13 SIP TCP or ...

Page 81: ...etwork device that receives the traffic that meets this rule Forward from Port Choose Same as Incoming Port if the traffic should be forwarded from the same port number on which it was received Otherwise choose Specify Port and then enter the port number in the Port Number field Forward to Port Choose Same as Incoming Port if the traffic should be forwarded to the same port on the receiving server...

Page 82: ... given an IP address in the same subnet as the router s LAN IP address but it cannot be identical to the IP address given to the LAN interface of this gateway To open this page In the navigation tree choose Firewall DMZ Host STEP 1 Check the Enable box to enable DMZ on the network Uncheck the box to disable this feature STEP 2 Enter the IP address for the endpoint that will receive the redirected ...

Page 83: ...able lists the available One To One NAT rules that have been configured It displays the following fields Private Range Begin The starting IP address in the private LAN IP address Public Range Begin The starting IP address in the public WAN IP address Range Length Range length maps one to one private address to public address up to the given range Service Shows configured services Services for one ...

Page 84: ...ule Use the Add Edit One to One NAT Configuration page to map a private IP address or range to a public IP address or range To open this page From the Firewall Advanced Settings One to One NAT page click Add or select a rule and then click Edit STEP 1 Enter this information Private Range Begin The starting IP address in the private LAN IP address Public Range Begin The starting IP address in the p...

Page 85: ...e After changing this setting click Save to save your settings or click Cancel to reload the page with the current settings Enabling this feature makes other fields available Policy for MAC Addresses Listed Below If you enabled MAC filtering choose one of the following options Block and Allow the Rest Choose this option to block the traffic from the specified MAC addresses and to allow traffic fro...

Page 86: ...want to discourage a user from changing the IP address If a specified device sends packets using an unexpected IP address the Cisco RV220W drops the packets To open this page In the navigation tree choose Firewall Advanced Settings IP MAC Binding The IP MAC Binding Table lists the names MAC addresses and IP addresses for the currently defined IP MAC binding rules STEP 1 Perform these tasks To add ...

Page 87: ...For a list of pre configured services see the Service description in the procedure Adding and Editing Access Rules page 67 To open this page In the navigation tree choose Firewall Advanced Settings Custom Services The Custom Services Table lists the details for the custom services that have been defined Perform these tasks To add a service click Add Then enter the settings on the Add Edit Custom S...

Page 88: ...MP ICMPv6 or other If you chose ICMP or ICMPv6 as the service type specify the ICMP type by entering its numeric value from 0 through 40 for ICMP and from 0 through 255 for ICMPv6 If you chose TCP or UDP enter the first TCP or UDP port of the range that the service uses In the Finish Port field enter the last TCP or UDP port of the range that the service uses If you chose Other enter the number of...

Page 89: ...dules To open this page In the navigation tree choose Firewall Advanced Settings Schedules To add a schedule click Add Then enter the settings on the Add Edit Schedules Configuration page See Adding or Editing a Schedule page 90 To edit a schedule check the box and then click Edit Then enter the settings on the Add Edit Schedules Configuration page See Adding or Editing a Schedule page 90 To delet...

Page 90: ...y box If this schedule applies during specified hours of the day uncheck the All Day box Then enter the Start Time and End Time by choosing the Hours Minutes and time period AM or PM The schedule will become active at the specified start time and will become inactive at the specified end time on the selected day s Repeat Choose one of the following options If this schedule applies to all the days ...

Page 91: ... open state for 10 seconds The maximum value ranges from 0 through 3 000 The default is 128 sessions TCP Session Timeout Duration Enter the time in seconds after which inactive TCP sessions are removed from the session table Most TCP sessions terminate normally when the RST or FIN flags are detected This value ranges from 0 through 4 294 967 seconds The default is 1 800 seconds 30 minutes UDP Sess...

Page 92: ...Use the Firewall Advanced Settings IGMP Configuration page to enable or disable the IGMP Proxy and to view add edit or delete the allowed networks To open this page In the navigation tree choose Firewall Advanced Settings IGMP Configuration The Allowed Networks Table lists all the allowed networks configured for the device and allows several operations on the allowed networks Network Address Enter...

Page 93: ...ks Use the Add Edit Networks page to specify the allowed networks for IGMP communications To open this page From the Firewall Advanced Settings IGMP Configuration page click Add or select a network and then click Edit STEP 1 Enter these settings Network Address Enter the IP address of the network Mask Length Enter the number of masked bits as in CIDR slash notation Valid values are from 0 to 32 ST...

Page 94: ...ant to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day Create an inbound rule as follows Example 2 Allow videoconferencing from range of outside IP addresses In this example you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses 132 177 88 2 132 177 88 254 from a branch office Crea...

Page 95: ...o map to servers on your LAN One of these public IP addresses is used as the primary IP address of the router This address is used to provide Internet access to your LAN PCs through NAT The other addresses are available to map to your DMZ servers The following addressing scheme is used to illustrate this procedure WAN IP address 10 1 0 118 LAN IP address 192 168 1 1 subnet 255 255 255 0 Web server...

Page 96: ...ll Advanced Settings Schedules page to add a schedule that is active all day on Saturday and Sunday For more information see Schedules for Firewall Rules and Port Forwarding Rules page 89 Then create the outbound and inbound access rules as shown below Create an outbound access rule with the following parameters Parameter Value Connection Type Inbound Action Always Allow Service HTTP Source IP Sin...

Page 97: ...inbound access rule with the following parameters Start starting IP address Finish ending IP address Destination IP Any Rule Status Enabled Parameter Value Parameter Value Connection Type Inbound Action Block by Schedule Schedule Weekend Service All Traffic Source IP Any Rule Status Enabled ...

Page 98: ...rotectLink Web You can purchase register and activate the service by using the links on the Cisco ProtectLink Web page To open this page In the navigation tree click Cisco ProtectLink Web Choose the appropriate option Learn more about and request Free Trial for Cisco ProtectLink Click this link to open the Cisco ProtectLink Security Solutions page on Cisco com You can read product information and ...

Page 99: ... Activation Code link to transfer your license for the ProtectLink service to the new router Global Settings for Approved URLs and Clients After you activate your service you can use the Cisco ProtectLink Web Global Settings page to configure the approved clients and approved URLs that are free from the restrictions that you establish for website access Approved Clients page 99 Approved URLs page ...

Page 100: ...n the heading row and then click Delete STEP 3 Click Save to save your settings or click Cancel to reload the page with the current settings Approved URLs Use the Cisco ProtectLink Web Global Settings Approved URLs page to specify approved URLs that the users are always able to access Web Protection will not restrict access to these domains To open this page In the navigation tree choose Cisco Pro...

Page 101: ...gs or click Cancel to reload the page with the current settings Web Protection Web Protection includes these features Overflow Control page 101 Web Reputation page102 URL Filtering page103 Overflow Control Use the Cisco ProtectLink Web Web Protection Overflow Control page to control how excess URL requests are handled To open this page In the navigation tree choose Cisco ProtectLink Web Web Protec...

Page 102: ...isco ProtectLink Web Web Protection Web Reputation NOTE This page is available only if you activated your Cisco ProtectLink Web service See Getting Started with Cisco ProtectLink Web page 98 STEP 1 In the Web Reputation section check the Enable box to enable this feature Uncheck the box to disable it STEP 2 In the Security Level section choose one of these options High This option blocks a higher ...

Page 103: ... if the link goes to a different domain HTTP Ports Enter the HTTP ports to which content filtering applies The default port is 80 If your networking using an external HTTP proxy server which listens on other ports they can be added here Multiple ports can be specified in a comma separated list STEP 2 In the Filtered Categories table select the categories and sub categories for websites that you wa...

Page 104: ...siness Hours Check the Morning box and select the From and To times Then check the Afternoon box and select the From and To times During the selected periods the Business Hours filters apply During all other periods the Leisure Hours filters apply STEP 4 Click Save to save your settings or click Cancel to reload the page with the current settings Updating the ProtectLink License You can view your ...

Page 105: ...on Status The status of your license Activated or Expired Platform The platform type Gateway Service License expires on The date and time your license when the license expires one year after the service was activated Renewal Use the Cisco ProtectLink Web License Renewal page to view information about renewing your license Follow the instructions to purchase and register your registration key and t...

Page 106: ...s chapter explains how to configure virtual private networks for secure access to your network resources The following sections are covered Configuring VPNs page107 Basic VPN Setup page109 Configuring Advanced VPN Parameters page111 SSL VPN Server page 124 SSL VPN Tunnel Client Configuration page136 ...

Page 107: ...he network at a branch office to the network at your main office for example 1 Use the Basic VPN Setup page to create a VPN Choose Gateway as the peer type and enter a connection name pre shared key remote gateway local gateway should be pre populated remote LAN and local LAN You will need to configure the corresponding settings on the router at the other site See Basic VPN Setup page 109 2 If nee...

Page 108: ...ess SSL VPN SSL VPN is a flexible and secure way to extend network resources to virtually any remote user who has access to the Internet and a Web browser A benefit is that you do not have to install and maintain VPN client software on the remote computers Users connect to a portal that enables access to network resources You can set up different portal layouts to be used by different types of use...

Page 109: ... access using PPTP In this scenario a remote user with a Microsoft computer connects to a PPTP server at your site to access network resources Use this option to simplify VPN setup You do not have to configure VPN policies Remote users can connect by using the PPTP client from a Microsoft computer There is no need to install a VPN client However be aware that security vulnerabilities have been fou...

Page 110: ...te router You can use either an IP address or a Fully Qualified Domain Name You must configure the same type for the remote gateway and the local gateway Remote WANs IP Address FQDN Enter one of the following options For a gateway to gateway connection If known enter the remote router s IP address or its domain name for example MyServer MyDomain com If you do not have that information keep the def...

Page 111: ...dress is one that gives the network number of the IP range For example a network address of 192 168 1 10 with a Subnet Mask of 255 255 255 0 would have a network number or subnet IP address of 192 168 1 0 Local LAN Local Network Subnet Mask Enter the Subnet Mask for the local LAN Note The IP address range used on the remote LAN must be different from the IP address range used on the local LAN STEP...

Page 112: ... See Configuring IKE Policies page113 To edit a policy check the box and then click Edit Then enter the settings on the Add Edit IKE Policy Configuration page See Configuring IKE Policies page113 To delete a policy check the box and then click Delete To select all policies check the box in the heading row and then click Delete When the confirmation message appears click OK to continue with the del...

Page 113: ...group parameters for the VPN policy To open this page From the VPN IPsec Advanced VPN Setup page in the IKE Policy table click Add or select an existing policy and click Edit STEP 1 At the top of the page enter these settings Policy Name Enter a unique name for the policy for identification and management purposes Direction Type Choose one of the following connection methods Initiator The router w...

Page 114: ...or domain name in the Identifier field STEP 3 In the Remote section enter the Identifier Type to specify the Internet Security Association and Key Management Protocol ISAKMP identifier for the remote router Remote WAN Internet IP FQDN User FQDN DER ASN1 DN If you chose FQDN User FQDN or DER ASN1 DN as the identifier type Enter the IP address or domain name in the Identifier field STEP 4 In the IKE...

Page 115: ...certificate must be configured in order for RSA Signature to work Diffie Hellman DH Group Specify the DH Group algorithm which is used when exchanging keys The DH Group sets the strength of the algorithm in bits Ensure that the DH Group is configured identically on both sides of the IKE policy SA Lifetime Enter the interval in seconds after which the Security Association becomes invalid Dead Peer ...

Page 116: ...mpleting this procedure enter the users on the VPN IPsec VPN Users page See Configuring VPN Users page122 RADIUS PAP or RADIUS CHAP Authentication is done by using a RADIUS server and either password authentication protocol PAP or challenge handshake authentication protocol CHAP After completing this procedure set up the RADIUS server on the Security RADIUS Server page See Using the Cisco RV220W W...

Page 117: ...icy All settings including the keys for the VPN tunnel are manually input for each end point No third party server or organization is involved Remote Endpoint Select the type of identifier that you want to provide for the gateway at the remote endpoint IP Address or FQDN Fully Qualified Domain Name Then enter the identifier in the space provided NETBIOS Check the Enable box to allow NetBIOS broadc...

Page 118: ...ombination to avoid would be Local Traffic Selector 192 168 1 0 24 Remote Traffic Selector 192 168 0 0 16 STEP 3 In the Split DNS section check the Enable box to allow the Cisco RV220W to find the DNS server of the remote router without going through the ISP Internet Otherwise uncheck the box to disable this feature If you enable Split DNS also enter these settings Domain Name Server 1 Enter a Dom...

Page 119: ...Enter the encryption key of the outbound policy The length of the key depends on the algorithm chosen as shown above Integrity Algorithm Select the algorithm used to verify the integrity of the data Key In Enter the integrity key for ESP with Integrity mode for the inbound policy The length of the key depends on the algorithm chosen MD5 16 characters SHA 1 20 characters SHA2 256 32 characters SHA2...

Page 120: ...For example if the downstream traffic is very high the lifebyte for a download stream may expire frequently The lifebyte of the upload stream may not expire as frequently It is recommended that the values be reasonably set to reduce the difference in expiry frequencies of the SAs otherwise the system may eventually run out of resources as a result of this asymmetry The lifebyte specifications are ...

Page 121: ...t 192 168 2 0 255 255 255 0 SPI Incoming 0x1111 Encryption Algorithm DES Key In 11112222 Key Out 33334444 SPI Outgoing 0x2222 Integrity Algorithm MD5 Key In 1122334444332211 Key Out 5566778888776655 Router 2 WAN1 10 0 0 2 LAN 192 168 2 1 Subnet 255 255 255 0 Policy Name manualVPN Policy Type Manual Policy Local Gateway WAN1 Remote Endpoint 10 0 0 1 Local IP Subnet 192 168 2 0 255 255 255 0 Remote ...

Page 122: ...r detailed instructions on setup as well as the router s online help To open this page In the navigation tree choose VPN IPsec VPN Users STEP 1 If you are using a Point to Point Tunneling Protocol VPN server enter these settings in the PPTP Server Configuration section PPTP Server Check the Enable box to enable this feature or uncheck the box to disable it Starting IP Address Enter the starting IP...

Page 123: ...nclude at least 6 characters Allow User to Change Password Check the box if you want the user to be able to change the password Otherwise uncheck the box Protocol Choose the type of user QuickVPN The user uses the Cisco QuickVPN client and is authenticated by the VPN server PPTP The user is authenticated by a PPTP server XAUTH The user is authenticated by an external authorization server such as a...

Page 124: ... Protocol tunnels to pass through the router STEP 2 Click Save to save your settings or click Cancel to reload the page with the current settings SSL VPN Server SSL VPN is a flexible and secure way to extend network resources to virtually any remote user who has access to the Internet and a web browser A benefit is that you do not have to install and maintain VPN client software on the remote mach...

Page 125: ...reate a VPN tunnel see Elements of SSL VPN page 126 Port Forwarding Port Forwarding service supports TCP connections between the remote user and the Cisco RV220W A web based ActiveX or Java client is installed on the client machine The administrator can define the services and applications that are available to remote port forwarding users Users do not have access to the full LAN To configure port...

Page 126: ...uld be sufficient for most purposes As needed you can create more complex policies See Configuring VPN Policies page117 Port Forwarding You can configure port forwarding to allow access to a limited set of resources For example you may want the SSL VPN users to access the email service only See SSL VPN Policies page129 Portal Layouts To access your network via SSL VPN a user starts a web browser a...

Page 127: ... Layout page 127 To choose a different layout for the default SSL layout check the box and then click Set Default To delete a layout check the box and then click Delete To select all layouts check the box in the heading row and then click Delete When the confirmation message appears click OK to continue with the deletion or otherwise click Cancel To view a portal layout click the hyperlink in the ...

Page 128: ...e cached The HTTP meta tags cache control directives prevent out of date web pages and data from being stored on the client s web browser cache ActiveX Web Cache Cleaner Check this box to load an ActiveX cache control whenever users login to this SSL VPN portal STEP 2 In the SSL VPN Portal Pages to Display section check the box for each SSL VPN Portal page that users can access through this portal...

Page 129: ...s Policies are applied based on the following levels of precedence User level policies take precedence over Group level policies Group level policies take precedence over Global policies When two policies are in conflict a more specific policy takes precedence over a general policy For example a policy for a specific IP address takes precedence over a policy for a range of addresses that includes ...

Page 130: ...source you must first add the resource on the VPN SSL VPN Server Resources page See Configuring a Resource page 132 To edit a layout check the box and then click Edit Then enter the settings on the SSL VPN Policy Configuration page See Configuring an SSL VPN Policy page130 To delete a layout check the box and then click Delete To select all layouts check the box in the heading row and then click D...

Page 131: ...source in the Apply Policy to field enter the IP address of the device Mask Length If you chose IP Network in the Apply Policy to field enter the length of the subnet mask Port Range Port Number Begin End Specify a port or a range of ports to apply the policy to all TCP and UDP traffic with those ports Leave the fields empty to apply the policy to all traffic Service Choose VPN Tunnel Port Forward...

Page 132: ...the settings on the Resource Configuration page See Configuring a Resource page132 To edit a resource check the box and then click Edit Then enter the settings on the Resource Configuration page See Configuring a Resource page 132 To delete a resource check the box and then click Delete To select all resources check the box in the heading row and then click Delete When the confirmation message app...

Page 133: ...dit and delete the applications and host names for SSL VPN port forwarding To open this page In the navigation tree choose VPN SSL VPN Server Port Forwarding In the Configured Applications for Port Forwarding Table perform these tasks To add an entry click Add Then enter the settings on the Port Forwarding Application Configuration page See Configuring a TCP Application for SSL VPN Port Forwarding...

Page 134: ...erwise click Cancel Configuring a TCP Application for SSL VPN Port Forwarding Use the Port Fowarding Application Configuration page to add or edit a port forwarding application To open this page From the VPN SSL VPN Server Port Forwarding page click Add or select an entry in the Configured Applications for Port Forwarding Table and click Edit STEP 1 Click VPN SSL VPN Server Port Forwarding The fol...

Page 135: ...me FQDN for the network server to give users an easy way to connect to the server without having to remember and enter an IP address NOTE The local server IP address of the configured hostname must match the IP address of the configured application for port forwarding To open this page From the VPN SSL VPN Server Port Forwarding page click Add or select an entry in the Configured Host Names for Po...

Page 136: ...interface address of the VPN tunnel client does not conflict with the address of any physical devices on the LAN The IP address range for the SSL VPN virtual network adapter should be either in a different subnet or non overlapping range as the corporate LAN If the SSL VPN client is assigned an IP address in a different subnet than the corporate network a client route must be added to allow access...

Page 137: ...igned to SSL VPN clients Note Configure an IP address range that does not directly overlap with any of addresses on your local network For example the default range is 192 168 251 1 to 192 168 251 254 LCP Timeout Set the value for LCP echo interval used by sslvpn tunnel connections The effective LCP timeout value is 3 times the value configured The updated value will be effective only for the new ...

Page 138: ...aging Client Routes page138 Configuring a Client Route page 139 Managing Client Routes Use the VPN SSL VPN Client Configured Client Routes page to configure client routes This feature is available only if you enabled Split Tunnel Support on the SSL VPN Client page To open this page In the navigation tree choose VPN SSL VPN Client Configured Client Routes Perform these tasks To add a route click Ad...

Page 139: ...th the current settings Click Back to return to the VPN SSL VPN Client Configured Client Routes page Viewing the SSL VPN Client Portal To view the SSL VPN Client Portal click VPN SSL VPN Client SSL VPN Client Portal in the navigation tree NOTE Remote users will use the Portal URL to access the VPN portal The client portal provides remote access to the corporate network through the following option...

Page 140: ...220W Administration Guide 140 6 NOTE 1 The Change Password section is available only for users who belong to the local data base 2 The administrator can enable or disable certain features 3 The user must ensure that Java Java Script Active X controls are enabled or allowed in the web browser settings ...

Page 141: ... Exchange IKE authentication phase to authenticate connecting VPN gateways or clients or to be authenticated by remote entities You can use the self signed certificate that ships with the router or request one from a Certification Authority CA such as VeriSign Thawte and other organizations To request and install a CA certificate A CA certificate provides strong assurance of the server s identity ...

Page 142: ...ficate check the box and then click Delete To select multiple certificates check the box in the heading row To upload a trusted certificate click Upload For more information see Importing a Trusted Certificate from a File page143 Active Self Certificates You can upload signed certificates issued to you by trusted Certification Authorities CAs Before establishing a VNP tunnel a remote IKE server va...

Page 143: ...File Follow this procedure to import a Trusted Certificate These certificates are used to verify the validity of certificates signed by Certificate Authorities To open this page From the Security SSL Certificate page Trusted Certificates CA Certificate Table click Upload STEP 1 Click Browse to locate the certificate on the computer STEP 2 Click Upload to install the certificate Importing an Active...

Page 144: ...mpany name If it includes any special characters such as omit the symbol and either spell it out or omit it Country Name C Enter the two letter code for the country without punctuation for country for example US for United Status or CA for Canada State or Province S Enter the full name of the state or province Do not abbreviate the state or province name for example California Locality or City L E...

Page 145: ...se click Cancel A new certificate request is added to the Self Certificate Requests table on the Security SSL Certificate page Viewing a Certificate Request Use the Certificate Request Data page to view the content of the generated certificate request To open this page From the Security SSL Certificate page Self Certificate Requests table click View STEP 1 Select the text with your mouse STEP 2 Ri...

Page 146: ...ions To open this page In the navigation tree choose Security RADIUS Server Perform these tasks To add a server click Add Then enter the settings on the Add Edit RADIUS Server Configuration page See Adding or Editing a RADIUS Server Configuration page147 To edit a server check the box and then click Edit Then enter the settings on the Add Edit RADIUS Server Configuration page See Adding or Editing...

Page 147: ...r Authentication Port Enter the port number on which the RADIUS server sends traffic Secret Enter the shared key that allows the Cisco RV220W to authenticate with the RADIUS server This key must match the key configured on the RADIUS server The single quote double quote and space characters are not allowed in this field Timeout Enter the timeout interval after which the Cisco RV220W re authenticat...

Page 148: ...rying to connect to a LAN The Cisco RV220W acts as a supplicant in the 802 1x authentication system To open this page In the navigation tree choose Security 802 1x Configuration STEP 1 Enter these settings 802 1x Check the Enable box to configure a port as an 802 1x supplicant Select LAN Local Network Port Select the LAN port that should be configured as an 802 1x supplicant Username Enter the use...

Page 149: ...raffic For example you can ensure that sufficient bandwidth is available for your SIP voice traffic while limiting the amount of bandwidth that is consumed by web browsing To open this page In the navigation tree choose QoS WAN QoS Profiles STEP 1 In the Global Settings section enter these settings WAN QoS Check the Enable box to enable QoS features or uncheck the box to disable these features WAN...

Page 150: ... Cancel to reload the page with the current settings STEP 5 In the WAN QoS Profile Table perform these tasks if you want to create profiles for Profile Binding To add a new profile click Add Then enter these settings Name Enter a descriptive name to identify this profile Priority Choose the priority class Minimum Bandwidth Rate If you chose Rate Limit for the WAN QoS mode enter the minimum bandwid...

Page 151: ...r services such as HTTP for Internet browsing Managing Profile Binding Rules page151 Configuring a Profile Binding Rule page 152 Managing Profile Binding Rules Use the QoS Profile Binding page to view add edit or delete profile binding rules for your WAN QoS profiles To open this page In the navigation tree choose QoS Profile Binding Perform the following tasks To add a new profile binding rule cl...

Page 152: ...wing options to identify the traffic group that is subject to this rule IP Address Range The rule applies to a range of IP addresses If you choose this option enter the Starting IP Address and Ending IP Address MAC Address The rule applies to a single device If you choose this option enter the MAC Address of the device VLAN This rule applies to a specified VLAN If you choose this option choose the...

Page 153: ...warding Queues Use the QoS CoS Settings CoS Settings page to map CoS priorities to traffic forwarding queues To open this page In the navigation tree choose QoS CoS Settings CoS Settings STEP 1 To enable CoS to Queue settings check the Enable box Otherwise uncheck the box The CoS to Traffic Forwarding Queue Mapping Table is available only when CoS to Queue is enabled STEP 2 In the CoS to Traffic F...

Page 154: ...hanism for classifying and managing network traffic and providing QoS guarantees To open this page In the navigation tree choose QoS CoS Settings COS to DSCP STEP 1 To enable CoS to DSCP settings check the Enable box Otherwise uncheck the box The 802 1p Priority section is available only when CoS to DSCP is enabled STEP 2 For each 802 1p Priority enter a DSCP value Valid values are from 0 to 63 ST...

Page 155: ...ains the following sections Password Rules for Password Complexity page156 Remote Management page 157 User Management page 158 Network Management SNMP page169 WAN Traffic Meter page172 Diagnostics page174 Logging page176 Discovery Settings page182 Time Settings page184 Backing Up or Restoring a Configuration page185 CSV File Import for User Accounts page186 Firmware Upgrade page 189 Rebooting the ...

Page 156: ...settings Minimal Password Length Enter the minimum number of characters for a valid password You can enter a number from 5 to 64 This setting is required when Password Rules Enforcement is enabled Minimum Number of Character Classes Enter the minimum number of character classes for a valid password You can enter 3 or 4 This setting is required when Password Rules Enforcement is enabled The possibl...

Page 157: ...nistrator and any guest passwords before continuing See Users page163 STEP 1 To enable Remote Management check the Enable box STEP 2 Choose one of these methods for granting access All IP Addresses This option allows any IP address to access the Configuration Utility Change the default password before choosing this option See Users page 163 IP Address Range This option allows any IP address in the...

Page 158: ...Domains Domains and groups are used to streamline the management of SSL VPN user settings Instead of specifying settings for each user individually you specify the domain and group settings once and then assign users to groups Domain settings determine the authentication method and access portal Later you will assign groups to domains and users to groups You can create multiple domains and groups ...

Page 159: ...To delete a domain check the box and then click Delete To select all domains check the box in the heading row and then click Delete When the confirmation message appears click OK to continue with the deletion or otherwise click Cancel Configuring a Domain Use the Domains Configuration page to enter the settings for a domain To open this page From the Administration User Management Domains page cli...

Page 160: ...n Secret If you chose a RADIUS authentication type above enter the authentication secret for access to the server Workgroup If you chose the NT Domain authentication type enter the name or ID of the NT workgroup LDAP Base DN If you chose the LDAP authentication type enter the base domain name Active Directory Domain If you chose the Active Directory authentication type enter the Active Directory d...

Page 161: ... Management Groups page to view add edit or delete groups To open this page In the navigation tree choose Administration User Management Groups The default group for each domain is indicated by an asterisk Perform these tasks To add a group click Add Then enter the settings on the Groups Name page See Configuring a Group page 162 To edit a group check the box and then click Edit Then enter the set...

Page 162: ...Enter these settings Group Name Enter a unique name to identify the group If you selected the default group of a domain as indicated by an asterisk in the group name the name cannot be changed Domain Select the authenticating domain to which the group is attached If you selected the default group of a domain as indicated by an asterisk in the group name the domain cannot be changed Idle Timeout En...

Page 163: ...this page In the navigation tree choose Administration User Management Users CAUTION When first configuring your Cisco RV220W change the default administrator name and password as soon as possible Perform these tasks To add a user click Add Then enter the settings on the User Configuration page See Configuring a User page164 To edit a user check the box and then click Edit Then enter the settings ...

Page 164: ...user and then click Edit STEP 1 Enter the following information Username Enter the username First Name Enter the user s given name Last Name Enter the user s surname User Type Choose one of the options described below This setting cannot be changed for the default Administrator and the default Guest SSL VPN User An SSL VPN user can log in to the network by using VPN client software Administrator A...

Page 165: ...Idle Timeout overrides the individual user setting STEP 2 Click Save to save your settings or click Cancel to reload the page with the current settings Click Back to return to the Administration User Management Users page User Log in Policies Use the User Log In Policies page to enable or disable the user s log in privileges and to deny or allow a login from the WAN interface To open this page Fro...

Page 166: ...ned Browsers Choose this option to prevent a user from logging on when using a web browser in the Defined Browsers list A log in is allowed from a browser that is not in the list Allow Log in only from Defined Browsers Choose this option to allow a user to log on only when using a web browser in the Defined Browsers list STEP 2 In the Defined Browsers table perform these tasks To add a browser cli...

Page 167: ...n using an IP address in the Defined Addresses list A log in is allowed from a browser that is not in the list Allow Log in only from Defined Browsers Choose this option to allow a user to log on only when using an IP address in the Defined Addresses list STEP 2 In the Defined Addresses table perform these tasks To add an address click Add Then enter the settings on the Defined Address Configurati...

Page 168: ...to a login policy STEP 1 Enter these settings Source Address Type Choose the type of address Network Address IP Address Enter the address Mask Length Enter the number of masked bits as in CIDR slash notation Valid values are from 0 to 32 STEP 2 Click Save to save your settings or click Cancel to reload the page with the current settings Click Back to return to the Administration User Management Us...

Page 169: ...t SNMP page to enable SNMP and manage the user security settings and trap settings To open this page In the navigation tree choose Administration Network Management SNMP STEP 1 At the top of the page check the Enable box to enable SNMP Uncheck the box to disable this feature After changing this setting click Save to save your changes or click Cancel to reload the page with the current settings STE...

Page 170: ...ck Edit The Username and Access Privilege cannot be changed STEP 1 In the Security Level field choose the appropriate settings for your SNMP manager NoAuthNoPriv Doesn t require any Authentication and Privacy AuthNoPriv Submit only the Authentication Algorithm and Password AuthPriv Submit Authentication Algorithm Authentication Password Privacy Algorithm and Privacy Password STEP 2 Based on the se...

Page 171: ...nity Enter the community string to which the agent belongs Most agents are configured to listen for traps in the Public community STEP 2 Click Save to save your settings or click Cancel to reload the page with the current settings Click Back to return to the Administration Network Management SNMP page SNMP System Information Use the Administration Network Management SNMP System Information page to...

Page 172: ...oose Administration WAN Traffic Meter STEP 1 In WAN Traffic Meter section enter the following settings WAN Traffic Meter Check the Enable box to enable this feature or uncheck the box to disable it Traffic Limit Type If you enabled the traffic meter choose one of the following options No Limit Choose this option if you do not want to enforce limits for WAN traffic Downloads Only Choose this option...

Page 173: ...g page See Remote Logging Configuration page180 When Limit Is Reached Choose the action to take when the Monthly Limit is reached Block All Traffic If you chose Downloads Only for the Traffic Limit Type all traffic from the WAN is blocked If you chose Both Directions all incoming and outgoing traffic is blocked Block All Traffic Except E Mail Blocks traffic as described for Block All Traffic but a...

Page 174: ...e This Month s Limit field Diagnostics Cisco provides tools to help you verify network connections and troubleshoot issues Network Tools page174 Capture Packets page176 Network Tools Use the Administration Diagnostics Network Tools page to use diagnostic tools for troubleshooting To open this page In the navigation tree choose Administration Diagnostics Network Tools To ping an IP address or domai...

Page 175: ...iate routers between this router and the destination will be displayed STEP 3 Click Back to return to the Administration Diagnostics Network Tools page To look up the IP address for a server Use the DNS Lookup tool to retrieve the IP address of a web FTP mail server or other device by using its domain name You can use this tool to verify that your DNS Server settings are functional STEP 1 In the P...

Page 176: ...capture packets click Packet Trace STEP 2 In the pop up window select an interface and then click Start To stop the packet capture click Stop STEP 3 Click Download to save a copy of the packet capture STEP 4 Capture packets for another interface or close the pop up window Logging You can configure the Cisco RV220W to log events and send notifications when specified events occur Logging Policies pa...

Page 177: ... For more information see Configuring a Logging Policy page177 To delete a policy check the box and then click Delete To select all policies check the box in the heading row and then click Delete When the confirmation message appears click OK to continue with the deletion or otherwise click Cancel Configuring a Logging Policy Use the Add Edit Logging Policy Configuration page to add or edit a logg...

Page 178: ...ention Information Messages that provide information only Debugging Messages that are used to debug programs STEP 2 Click Save to save your settings or click Cancel to clear your entries Click Back to return to the Administration Logging Logging Policies page Firewall Logs Use the Administration Logging Firewall Logs page to specify the firewall events that are logged You can view the logs on the ...

Page 179: ... useful when the Default Outbound Policy is Block Always see the Firewall Access Rules page For example if Accept Packets from LAN to WAN is checked and there is a firewall rule to allow SSH traffic from the LAN then whenever a LAN machine tries to make an SSH connection those packets will be accepted and a message will be logged In this example logging policy applies only if the log option is set...

Page 180: ...Logs Settings section The log content is determined by the default logging policy See Logging page176 Note To complete this information you may need to contact your email administrator or email service provider or refer to their support documentation You may need assistance to find settings such as the IP address or name of the outgoing SMTP server the SMTP port and the SMTP authentication type Re...

Page 181: ...e section Emails will be sent only on the specified schedule Unit Select the frequency at which to send the logs Never Hourly Daily or Weekly If you choose Never email logs are not sent This option is useful when you do not want to receive logs by e mail but want to use the email settings for other email functions Day If you chose Weekly choose the day of the week when the logs will be sent Time I...

Page 182: ...scover Bonjour services on the router In this implementation Bonjour advertises only these services _csco sb _tcp _http _tcp Service _https _tcp will be advertised if Remote Management is enabled NOTE For discovery of Cisco Small Business products Cisco FindIT Network Discovery Utility works through a simple toolbar in your web browser This utility discovers Cisco devices in the network and displa...

Page 183: ...is enabled Advertisement Period Enter the interval in seconds at which the router will broadcast its UPnP information to all devices within range Advertisement Time to Live Enter the number of seconds that an advertisement is active STEP 3 In the UPnP Interface Control Table check or uncheck the Enable UPnP box to enable or disable UPnP on each VLAN UPnP is enabled by default on the default VLAN I...

Page 184: ...r network To open this page In the navigation tree choose Administration Time Settings The date time and time zone appear at the top of the page STEP 1 In the Time Settings section enter the following settings Date Time Select your time zone relative to Greenwich Mean Time GMT Adjust for Daylight Savings Time Check Enable to adjust the time automatically for daylight Saving Time if applicable in y...

Page 185: ...ate section STEP 4 Click Save to save your settings or click Cancel to reload the page with the current settings Backing Up or Restoring a Configuration Use the Administration Backup Restore page to back up a configuration file for later restoration to restore a previous backup file or to copy a configuration file The router has two configuration files the startup and the mirror The Startup file i...

Page 186: ...te button to back up the Startup Configuration or the Mirror Configuration STEP 2 Choose a location where you want to save the file Tip Give the file a unique name to identify it if you need to restore it later Do not change the cfg file extension To copy a configuration file Click the appropriate button for the operation that you want to perform Copy Mirror to Startup or Copy Startup to Mirror CS...

Page 187: ... IP Address AuthenticationRadiusSecret String NTDomainWorkGroup String LDAPBaseDN String ActiveDirectoryDomain String SSLVPNGroup Code GroupName DomainName GroupTimeOut Possible Values SSLVPNGroup Code 4 GroupName String DomainName String GroupTimeOut integer SNMPv3USER Code userName accessType securityLevel authAlgo authPassword privAlgo privPassword Possible Values SNMPv3USER Code 3 userName cis...

Page 188: ...ues IPSECUSER Code 1 Username String Password String UserType boolean 0 Standard Ipsec 1 Cisco Quick VPN AllowChangePassword boolean SSLVPNUSER Code UserName FirstName LastName GroupName UserType UserTimeOut DenyLogin DenyLoginFromWan LoginFromIP LoginFromBrowser Password Possible Values SSLVPNUSER Code 0 UserName String FirstName String LastName String GroupName String UserType integer UserTimeOu...

Page 189: ...lect the csv file Click Import Firmware Upgrade Cisco may provide firmware upgrades for the Cisco RV220W After downloading a firmware file to your computer use the Administration Firmware Upgrade to select the file and install it NOTE For links to firmware and other resources on Cisco com see Appendix D Where to Go From Here CAUTION During a firmware upgrade do not try to go online turn off the de...

Page 190: ...rebooted with the new firmware After the router reboots and you log in you can use the Status System Summary page to verify that the new firmware is installed See Viewing the System Summary page196 Rebooting the Cisco RV220W Use the Administration Reboot Router to reboot the router by using the Configuration Utility To open this page In the navigation tree choose Administration Reboot Router Click...

Page 191: ...ide 191 9 CAUTION During a restore operation do not try to go online turn off the router shut down the PC or do anything else to the router until the operation is complete This should take about a minute When the test light turns off wait a few more seconds before doing anything with the router ...

Page 192: ...age 196 Viewing the Wireless Statistics page199 Viewing the IPsec Connection Status page 200 Viewing the VPN Client Connection Status page 201 Viewing Logs page 202 Viewing Available LAN Hosts page 202 Viewing the Port Triggering Status page 203 Viewing Interface Statistics page 203 Viewing Port Statistics page 204 Viewing Open Ports page 206 Viewing Active Users page 206 Viewing the SSL VPN Conne...

Page 193: ...lick the port To refresh the port information click Refresh To close the port information sheet click Close Device Information Resource Utilization Host Name The name of the device To change the name click Edit See IPv4 LAN Local Network page 22 Firmware Version The current software version the device is running Serial Number The serial number of the device Users The number of users who are active...

Page 194: ...ystem crash that make the system unusable Typically this type of message is broadcast to all users Alert Messages about conditions such as a corrupted system database that require immediate corrective action Critical Messages about serious conditions such as a disk failure Error Messages about conditions that require corrective action but are not critical Warning Warnings about possible issues Cli...

Page 195: ...e state of the Internet connection up or down Site to Site Tunnels Displays the connected IPSec VPN tunnels click the link to view the IPsec statistics For more information see Viewing the IPsec Connection Status page 200 PPTP Users The number of Point to Point Tunneling Protocol PPTP users Click the link to view the statistics for the connected users For more information see Viewing the VPN Clien...

Page 196: ...ndor ID of the device Serial Number RV220W serial number ProtectLink License Info Contains licensing information for Cisco ProtectLink Web LAN Information MAC Address Hardware address IPv4 Address Address and subnet mask of the device IPv6 Address Address and subnet mask of the device shown only if IPv6 is enabled DHCP Server Indicates whether the device s DHCP server is enabled or disabled If it ...

Page 197: ...ned dynamically through a DHCP server assigned statically by the user or obtained through a PPPoE PPTP L2TP ISP connection Connection State Indicates if the WAN port is connected to the Internet Service Provider IP Address IP address of the WAN port Subnet Mask Subnet Mask for the WAN port NAT Indicates if the security appliance is in NAT mode enabled or routing mode disabled Gateway Gateway IP ad...

Page 198: ...of the WAN port Wireless Information This section displays information about the Wireless Radio settings Country Displays the country for which the radio is configured Operating Frequency Displays the operational frequency band Wireless Network Mode Displays the Wi Fi mode of the radio for example N or N G Channel Displays the current channel in use by the radio Click Refresh to refresh the wirele...

Page 199: ...test information The Wireless Statistics window shows a cumulative total of relevant wireless statistics for the radio and access points configured on the device The counters are reset when the device is rebooted Radio Statistics A given radio can have multiple virtual access points configured and active concurrently This table indicates cumulative statistics for the available radio s Packets The ...

Page 200: ...refresh the page automatically To modify the poll interval click the Stop button and then click Start to restart automatic refresh Viewing the IPsec Connection Status Use the Status IPsec Connection Status page to view the status of IPsec connections To open this page In the navigation tree choose Status IPsec Connection Status Click Refresh to obtain the latest information This page displays the ...

Page 201: ...o view the status of the VPN client connections To open this page In the navigation tree choose Status VPN Client Connection Status The VPN Client Connection Status page displays this information Username The username of the VPN user associated with the QuickVPN or PPTP tunnel Remote IP Displays the IP address of the remote QuickVPN client This could be a NAT Public IP if the client is behind the ...

Page 202: ...drop down list select the type of log to display Kernel logs are those that are a part of the kernel code for example firewall System logs are those that are a part of user space applications for example NTP Session DHCP IPSec VPN logs are those related to ipsec negotiations These are related user space logs Local0 Wireless are those related to wireless connection and negotiation Click Refresh Log...

Page 203: ...r traffic that matches the port triggering rules flows through them The table displays the following fields LAN IP Address Displays the LAN IP address of the device which caused the ports to be opened Open Ports Displays the ports that have been opened so that traffic from WAN destined to the LAN IP address can flow through the router Time Remaining Seconds This field displays the time for which t...

Page 204: ...n seconds for the poll interval This causes the page to re read the statistics from the RV220W and refresh the page automatically To modify the poll interval click the Stop button and then Start to restart automatic refresh Viewing Port Statistics The Port Statistics page displays port statistics To view port statistics STEP 1 Choose Status Port Statistics STEP 2 In the Poll Interval field enter t...

Page 205: ...s this information Port The name of the port Status The status of the port enabled or disabled Operational Mode The bandwidth the port is operating at Packets The number of received sent packets per second Bytes The number of received sent bytes of information per second Frames The number of received sent frames per second ...

Page 206: ...ss IP address of the host from which the user accessed the RV220W Proto The protocol TCP UDP and raw used by the port Recv Q The number of received bytes in the waiting for delivery queue These bytes have been read from the input stream but are not yet copied by the program using this port Send Q The number of bytes in the waiting to send queue These bytes are buffered but not yet successfully tra...

Page 207: ... VPN tunnel This information may be useful if telnet console access is available to the user for cross verification Peer PPP Interface IP The IP address assigned to PPP interface at the remote client side from which the tunnel was established Tx Packets The number of packets transferred by the remote client through the tunnel Tx Dropped Packets The number of packets dropped by the remote client wh...

Page 208: ...t the associated SSLVPN tunnel if one is created You can also configure the type and duration of the information displayed In the Poll Interval field enter a value in seconds for the poll interval This causes the page to re read the statistics from the RV220W and refresh the page automatically To modify the poll interval click the Stop button and then click Start to restart automatic refresh ...

Page 209: ...hing the Antennas page 214 Connecting the Equipment page 214 Verifying the Hardware Installation page 216 Connecting to Your Wireless Network page 217 Getting to Know the Cisco RV220W Front Panel POWER The Power light is green to indicate the unit is powered on The light flashes green when the RV220W starts up DIAG If the DIAG light is off the RV220W is ready The light blinks red during firmware u...

Page 210: ...ugh the corresponding port 1 2 3 or 4 The light for a port flashes green when the RV220W is actively sending or receiving data over that port WAN The WAN Internet light is green when the unit is connected to your cable or DSL modem The light flashes green when the unit is sending or receiving data over the WAN port Back Panel RESET Button The RESET button has two functions If the RV220W has proble...

Page 211: ... a wall Placement Tips Ambient Temperature To prevent the RV220W from overheating do not operate it in an area that exceeds an ambient temperature of 104 F 40 C Air Flow Be sure that there is adequate air flow around the RV220W Mechanical Loading Be sure that the RV220W is level and stable to avoid any hazardous conditions For desktop placement place the RV220W horizontally on a flat surface so th...

Page 212: ...sturdy Take into account the dimensions of the RV220W and allow for 3 inches 76 2 mm of clearance around it STEP 2 For horizontal mounting drill two pilot holes into the surface 5 7 8 inches 150 mm apart For vertical mounting drill two pilot holes into the surface 4 1 4 inches 108 mm apart STEP 3 Optional If using drywall anchors hammer into holes 1 0 30 to 0 32 in 7 7 to 8 2 mm 2 0 86 to 0 88 in ...

Page 213: ...lots on the bottom of the unit line up with the two screws If installing vertically hold the left side of the unit pointing up and line up the unit so that the wall mount slots on the bottom of the unit line up with the two screws 279938 RV220W Wireless N Network Security Firewall POWER DIAG DMZ WIRELESS Small Business RV 220W LAN 100 10 RV220W Wire less N Network Se cu rity Firewall P O W E R 1 2...

Page 214: ...ou begin the installation make sure that you have the following equipment and services Required Functional Internet Connection Broadband DSL or cable modem Ethernet cable for WAN Internet connection PC with functional network adapter Ethernet connection to run the Device Manager The Device Manager is supported on the following web browsers Microsoft Internet Explorer 6 0 or later Mozilla Firefox 3...

Page 215: ...rnet cable to one of the LAN Ethernet ports on the back of the unit In this example the LAN 2 port is used Connect the other end to an Ethernet port on the PC that you will use to run the web based Device Manager STEP 3 Power on the cable or DSL modem and wait until the connection is active STEP 4 Connect the power adapter to the RV220W Power port CAUTION Use only the power adapter 12V 1A that is ...

Page 216: ...the front panel is green when the power adapter is connected properly and the unit is turned on Verifying the Hardware Installation To verify the hardware installation complete these tasks Check the LED states as described in Getting to Know the Cisco RV220W page 209 Connect a PC to an available LAN port and verify that you can connect to a website on the Internet such as www cisco com Configure a...

Page 217: ...e user documentation for your device STEP 1 Open the wireless connection settings window or program for your device Your PC may have special software installed to manage wireless connections or you may find wireless connections under the Control Panel in the Network Connections or Network and Internet window The location depends on your operating system STEP 2 Enter the network name SSID that you ...

Page 218: ...isco QuickVPN to connect to this router after Remote Management and user records are enabled Clients can connect to servers on the RV220W default LAN but no other subnets IMPORTANT The LANs that are connected by a VPN tunnel cannot use the same LAN IP address range As a best practice configure this router with a different IP address than the default LAN IP address 192 168 1 1 which is a common def...

Page 219: ...uickVPN is installed on a computer running Windows 7 or Vista the Windows Firewall must be enabled Cisco QuickVPN uses several exe programs in the QVPN installation directory If the exe programs are mistaken as malware QVPN will not work It may be necessary to adjust the firewall and anti virus settings Installing from the CD ROM STEP 1 Insert the RV220W CD ROM into your CD ROM drive After the Set...

Page 220: ...Choose the destination to which you want to copy the files for example C Cisco Small Business QuickVPN Client Click Browse and choose a new location if you don t want to use the default location Click Next STEP 4 The Setup Wizard copies the files to the chosen location Copying Files Finished Installing Files ...

Page 221: ... follow the on screen instructions Proceed to the next section Using the Cisco QuickVPN Software on page 221 Using the Cisco QuickVPN Software STEP 1 Double click the Cisco QuickVPN software icon on your desktop or in the system tray STEP 2 The QuickVPN Login window appears In the Profile Name field enter a name for your profile In the User Name and Password fields enter the User Name and Password...

Page 222: ...nnel you can create multiple profiles but note that only one tunnel can be active at a time To delete this profile click Delete For information click Help STEP 3 To begin your QuickVPN connection click Connect The connection s progress is displayed Connecting Provisioning Activating Policy and Verifying Network STEP 4 When your QuickVPN connection is established the QuickVPN tray icon turns green ...

Page 223: ...ssword you will see the Connect Virtual Private Connection window Enter your password in the Old Password field Enter your new password in the New Password field Then enter the new password again in the Confirm New Password field Click OK to save your new password Click Cancel to cancel your change For information click Help Connect Virtual Private Connection NOTE You can change your password only...

Page 224: ...for associated clients it sends the next DTIM with a DTIM Interval value Its clients hear the beacons and awaken to receive the broadcast and multicast messages dynamic routing Dynamic routing enables the router to adjust automatically to physical changes in the network s layout Using the dynamic RIP protocol the router calculates the most efficient route for the network s data packets to travel b...

Page 225: ...t The largest packet that can be sent over the network Network Address Translation NAT Network Address Translation NAT is a technique that allows several endpoints on a LAN to share an Internet connection In this scenario the computers on the LAN use a private IP address range while the WAN port on the router is configured with a single public IP address The router translates the internal private ...

Page 226: ...eas where many client devices are associating with the wireless device or in areas where the clients are far apart and can detect only the access point but not other clients Although a low threshold value consumes more bandwidth and reduces the throughput of the packet frequent RTS packets can help the network to recover from interference or collisions Routing Information Protocol RIP This protoco...

Page 227: ...owing Some ISPs require static routes to build your routing table instead of using dynamic routing protocols You can use static routes to reach peer routers that do not support dynamic routing protocols If the router is connected to more than one network or there are multiple routers installed on your network it may be necessary to set up static routes to enable traffic between them You can use st...

Page 228: ...mall Business Support and Resources www cisco com go smallbizhelp Phone Support Contacts www cisco com go sbsc Downloads and Documentation Firmware www cisco com go software Enter the model number to search Open Source Documentation www cisco com en US products ps9923 prod_release_notes_list html See the RV220W links Cisco RV220W Documentation www cisco com go smallbizrouters See the Technical Doc...