Linksys WRV200, User Manual

Page 1: ...Model No VPN Router with RangeBooster Wireless G WRV200 WIRELESS GHz 2 4802 11g User Guide ...

Page 2: ... that are presented like this Also each figure diagram screenshot or other image is provided with a figure number and description like this Figure numbers and descriptions can also be found in the List of Figures section in the Table of Contents WRV200 UG 60407NC BW This exclamation point means there is a caution or warning and is something that could damage your property or the Router This checkm...

Page 3: ...The Back Panel 9 The Front Panel 10 Chapter 5 Connecting the Wireless G VPN Router 11 Overview 11 Wired Connection to a PC 11 Wireless Connection to a PC 12 Chapter 6 Configuring the Wireless G VPN Router 13 Overview 13 How to Access the Web based Utility 15 The Setup Tab Basic Setup 15 The Setup Tab DDNS 21 The Setup Tab MAC Address Clone 22 The Setup Tab Advanced Routing 23 The Wireless Tab Basi...

Page 4: ...he Administration Tab Log 53 The Administration Tab Diagnostics 54 The Administration Tab Factory Defaults 55 The Administration Tab Firmware Upgrade 55 The Administration Tab Reboot 55 The Status Tab Router 56 The Status Tab Local Network 57 The Status Tab System Performance 59 The Status Tab VPN Clients 60 Appendix A Troubleshooting 61 Common Problems and Solutions 61 Frequently Asked Questions ...

Page 5: ...N Settings for the VPN Routers 96 Configuring the Key Management Settings 98 Configuring PC 1 and PC 2 99 Appendix F Finding the MAC Address and IP Address for your Ethernet Adapter 100 Windows 98 or Me Instructions 100 Windows 2000 or XP Instructions 101 Appendix G SNMP Functions 102 Appendix H Upgrading Firmware 103 Appendix I Windows Help 104 Appendix J Glossary 105 Appendix K Specifications 11...

Page 6: ...t Connection Type PPPoE 16 Figure 6 5 Internet Connection Type PPTP 17 Figure 6 6 Internet Connection Type L2TP 18 Figure 6 7 Static Table 20 Figure 6 8 The Setup Tab VLAN 20 Figure 6 9 The Setup Tab DDNS DynDNS org 21 Figure 6 10 The Setup Tab DDNS TZO com 21 Figure 6 11 Setup Tab MAC Address Clone 22 Figure 6 12 The Setup Tab Advanced Routing 23 Figure 6 13 Routing Table Entry List 24 Figure 6 1...

Page 7: ...6 The VPN Tab IPSec VPN 41 Figure 6 37 Local Secure Group Subnet and Remote Secure Group IP Addr 41 Figure 6 38 Local Secure Group IP Address and Remote Secure Group IP Address 42 Figure 6 39 Local Secure Group Host and Remote Secure Group IP Addr 42 Figure 6 40 Local Secure Group IP Addr and Remote Secure Group Any 42 Figure 6 41 Key Exchange Method Auto IKE 43 Figure 6 42 Advanced Settings 43 Fi...

Page 8: ...ection 82 Figure C 5 QuickVPN Software Profile 82 Figure C 6 Connecting 82 Figure C 7 Activating Policy 82 Figure C 8 Verifying Network 82 Figure C 9 QuickVPN QuickVPN Software Status 83 Figure C 10 QuickVPN Tray Icon Connection 83 Figure C 11 QuickVPN Tray Icon No Connection 83 Figure C 12 QuickVPN QuickVPN Software Change Password 83 Figure D 1 Local Security Screen 85 Figure D 2 Rules Tab 85 Fi...

Page 9: ... 92 Figure D 23 New Preshared Key 92 Figure D 24 Tunnel Setting Tab 92 Figure D 25 Connection Type 93 Figure D 26 Rules 93 Figure D 27 Local Computer 93 Figure D 28 VPN Tab 94 Figure E 1 Diagram of All VPN Tunnels 95 Figure E 2 Login Screen 96 Figure E 3 Security VPN Screen VPN Tunnel 96 Figure E 4 Security VPN Screen VPN Tunnel 97 Figure E 5 Auto IKE Advanced Settings Screen 98 Figure F 1 IP Conf...

Page 10: ...Wireless G VPN Router with RangeBooster ...

Page 11: ...useful in homes and offices they can also be fun PCs on a wired network create a LAN or Local Area Network They are connected with Ethernet cables which is why the network is called wired PCs equipped with wireless cards or adapters can communicate without cumbersome cables By sharing the same wireless settings within their transmission radius they form a wireless network The Wireless G VPN Router...

Page 12: ...hapter 4 Getting to Know the Wireless G VPN Router This chapter describes the physical features of the Router Chapter 5 Connecting the Wireless G VPN Router This chapter instructs you on how to connect the Router to your network Chapter 6 Configuring the Wireless G VPN Router This chapter explains how to use the Web Based Utility to configure the settings on the Router Appendix A Troubleshooting T...

Page 13: ...otocol Appendix H Upgrading Firmware This appendix instructs you on how to upgrade the firmware on your Router should you need to do so Appendix I Windows Help This appendix describes how you can use Windows Help for instructions about networking such as installing the TCP IP protocol Appendix J Glossary This appendix gives a brief glossary of terms frequently used in networking Appendix K Specifi...

Page 14: ...s points to work in succession to extend the roaming range and you can set up your wireless network to communicate with your Ethernet hardware as well If the wireless network is relatively small and needs to share resources only with the other computers on the wireless network then the Ad Hoc mode can be used Ad Hoc mode allows computers equipped with wireless transmitters and receivers to communi...

Page 15: ...communicate with the Wireless PrintServer WPS54GU2 WPS11 and Wireless Ethernet Bridges WET54G WET11 When you wish to connect your wireless network with your wired network you can use the Router s three LAN ports To add more ports any of the Router s LAN ports can be connected to any of Linksys s switches such as the EZXS55W or EZXS88W With these and many other Linksys products your networking opti...

Page 16: ... the Internet the firewall will no longer protect that data At this point your data becomes open to hackers using a variety of methods to steal not only the data you are transmitting but also your network login and security data Some of the most common methods are as follows 1 MAC Address Spoofing Packets transmitted over a network either your local network or the Internet are preceded by a packet...

Page 17: ... a private dedicated leased line for a private network Using industry standard encryption and authentication techniques IPSec short for IP Security the VPN creates a secure connection that in effect operates as if you were directly connected to your local network Virtual Private Networking can be used to create secure networks linking a central office with branch offices telecommuters and or profe...

Page 18: ...er to Appendix E Configuring VPN Tunnels Computer using the Linksys VPN client software to VPN Router The following is an example of a computer to VPN Router VPN In her hotel room a traveling businesswoman dials up her ISP Her notebook computer has the Linksys VPN client software which is configured with her office s IP address She accesses the Linksys VPN client software and connects to the VPN R...

Page 19: ...uter s factory defaults Either press the Reset Button for approximately five seconds or restore the defaults from the Administration tab Factory Defaults in the Router s Web based Utility Ethernet 1 4 The Ethernet ports connect to your PCs and other network devices Internet The Internet port connects to your cable or DSL modem IMPORTANT If you reset the Router all of your settings including Intern...

Page 20: ... DMZ port Internet Green The Internet LED lights up when the Router is connected to your cable or DSL modem If the LED is flashing the Router is sending or receiving data over the Internet port Wireless Green The Wireless G LED lights whenever there is a successful wireless connection If the LED is flashing the Router is actively sending or receiving data over the wireless network Ethernet 1 4 Gre...

Page 21: ...tep 2 to connect additional PCs or other network devices to the Router 4 Connect a different Ethernet network cable from your cable or DSL modem to the Internet port on the Router s rear panel 5 Power on the cable or DSL modem 6 Connect the power adapter to the Router s Power port and then plug the power adapter into a power outlet The Power LED on the front panel will light up green as soon as th...

Page 22: ... for a few seconds and then it will be solidly lit when the self test is complete If the LED flashes for one minute or longer see Appendix A Troubleshooting 5 Power on one of the PCs on your wireless network s 6 For initial access to the Router through a wireless connection make sure the PC s wireless adapter has its SSID set to linksys the Router s default setting and its WEP encryption disabled ...

Page 23: ...Firewall VPN QoS Administration and Status Additional tabs will be available after you click one of the main tabs Setup Basic Setup Enter the Internet connection and network settings on this screen VLAN The Router provides a port based VLAN feature DDNS On this screen enable the Router s Dynamic Domain Name System DDNS feature MAC Address Clone If you need to clone a MAC address onto the Router us...

Page 24: ... exposed to the Internet for use of special purpose services Access Restriction This tab allows you to block or allow specific kinds of Internet usage and traffic during specific days and times URL Filtering This tab allows you to create an URL Filtering policy VPN VPN Client Access Use this screen to designate VPN clients and their passwords VPN Passthrough This tab is used to allow VPN tunnels t...

Page 25: ...ed for all network traffic VPN Clients This screen provides status information about the Router s VPN clients How to Access the Web based Utility To access the web based utility launch Internet Explorer or Netscape Navigator and enter the Router s default IP address 192 168 1 1 in the Address field Then press Enter A password request page will appear Windows XP users will see a similar screen Ente...

Page 26: ...ter s Subnet Mask as seen by external users on the Internet including your ISP Your ISP will provide you with the Subnet Mask Default Gateway Your ISP will provide you with the Default Gateway Address which is the ISP server s IP address Primary DNS Required and Secondary DNS Optional Your ISP will provide you with at least one DNS Domain Name System Server IP Address When you have finished making...

Page 27: ...ick the radio button next to Keep Alive In the Redial Period field you specify how often you want the Router to check the Internet connection The default Redial Period is 30 seconds When you have finished making changes to the screen click the Save Settings button to save the changes or click the Cancel Changes button to undo your changes PPTP Point to Point Tunneling Protocol PPTP is a service th...

Page 28: ...he WAN or the Internet Your ISP will provide you with the IP Address you need to specify here Subnet Mask This is the Router s Subnet Mask as seen by external users on the Internet including your ISP Your ISP will provide you with the Subnet Mask Default Gateway Your ISP will provide you with the Default Gateway Address L2TP Server IP Enter the IP address of the L2TP server User Name and Password ...

Page 29: ...ifies the largest packet size permitted for network transmission Select Enabled and enter the value desired It is recommended that you leave this value in the 1200 to 1500 range For most DSL users it is recommended to use the value 1492 By default MTU is set at 1500 when disabled LAN Setup The LAN Setup section allows you to change the Router s local network settings LAN IP The Router s Local IP A...

Page 30: ...highlight the entry in the table click the Edit button make your changes in the fields then click Add To remove an entry highlight the entry then click Remove Manual DNS Setting To enter the DNS IP addresses manually enter up to two in the fields provided Time Setting This is where you set the time for the Router You can set the time and date manually or automatically Manually Select the date from...

Page 31: ...d by TZO then select TZO com The features available on the DDNS screen will vary depending on which DDNS service provider you use DynDNS org User Name Password and Host Name Enter the User Name Password and Host Name of the account you set up with DynDNS org Internet IP Address The Router s current Internet IP Address is displayed here Because it is dynamic it will change Status The status of the ...

Page 32: ...ter s MAC address follow the instructions in Appendix F Finding the MAC Address and IP Address for Your Ethernet Adapter MAC Address Clone To use MAC address cloning select Enabled MAC Clone Address Enter the MAC Address registered with your ISP Then click the Save Settings button Clone My MAC Address If you want to clone the MAC address of the PC you are currently using to configure the Router th...

Page 33: ...ting click the Enabled radio button Receive RIP Versions To use dynamic routing for reception of network data select the protocol you want RIPv1 or RIPv2 Transmit RIP Versions To use dynamic routing for transmission of network data select the protocol you want RIPv1 or RIPv2 Static Routing If the Router is connected to more than one network you can configure static routes to direct packets to the ...

Page 34: ...55 255 0 This determines by using the values 255 that the first three numbers of a network IP address identify this particular network while the last digit from 1 to 254 identifies the specific host Gateway Enter the IP address of the gateway device that allows for contact between the Router and the remote network or host Interface Select LAN Wireless or Internet depending on the location of the s...

Page 35: ...ata transmission should be set depending on the speed of your wireless network You can select from a range of transmission speeds and the Router will negotiate the connection speed between the Router and a wireless client by this rate Wireless SSID Broadcast When wireless clients survey the local area for wireless networks to associate with they will detect the SSID broadcast by the Router To broa...

Page 36: ...is feature Wireless PCs will not be able to see each other This feature is very useful when setting up a wireless hotspot location WPA Personal WPA gives you two encryption methods with dynamic encryption keys Select TKIP or AES from the Enryption drop down menu Enter a Shared Secret Pre Shared Key of 8 32 characters Then enter the Key Renewal which instructs the Router how often it should change ...

Page 37: ...changes Help information is shown on the right hand side of a screen For additional information click More WPA2 Enterprise This option features WPA2 used in coordination with a RADIUS server This should only be used when a RADIUS server is connected to the Router Enter the RADIUS server s IP address Enter the RADIUS server s port number along with the Shared Secret key which is the key shared betw...

Page 38: ...ould change the encryption keys WPA2 Enterprise Mixed This option features WPA2 used in coordination with a RADIUS server This should only be used when a RADIUS server is connected to the Router Enter the RADIUS server s IP address and port number along with the shared secret authentication key shared by the Router and the server Last enter the Key Renewal period which instructs the Router how oft...

Page 39: ...een click the Save Settings button to save the changes or click the Cancel Changes button to undo your changes Help information is shown on the right hand side of a screen For additional information click More WEP WEP is a basic encryption method which is not as secure as WPA To indicate which WEP key to use select the appropriate Default Transmit Key number Then select the level of WEP encryption...

Page 40: ...designated computers For a more convenient way to add MAC addresses click the Select MAC Address From Networked Computers button The Networked Computers screen will appear Select the MAC Addresses you want Then click the Select button Click the Refresh button if you want to refresh the screen Click the Close button to return to the previous screen If you want detailed instructions on how to find t...

Page 41: ...n select from a range of transmission speeds or you can select Auto to have the Router automatically use the fastest possible data rate and enable the Auto Fallback feature Auto Fallback will negotiate the best possible connection speed between the Router and a wireless client The default setting is Auto CTS Protection Mode CTS Clear To Send Protection Mode s default setting is Auto The Router wil...

Page 42: ...screen click the Save Settings button to save the changes or click the Cancel Changes button to undo your changes For help information click More The Wireless Tab WDS This tab is used for Wireless Distribution System WDS WDS will ONLY work with the SSID1 Make sure that the channel and security settings are the same for all WDS enabled devices WDS allows a wireless signal to be repeated by a repeat...

Page 43: ... multicast packets to be forwarded to the appropriate computers Select Enabled to filter multicasting or Disabled to disable this feature Web Block Proxy Use of WAN proxy servers may compromise the Router s security Denying Filter Proxy will disable access to any WAN proxy servers To enable proxy filtering click Enabled Java Java is a programming language for websites If you deny Java applets you ...

Page 44: ... client function disabled and must have a new static IP address assigned to it because its IP address may change when using the DHCP function Port Forwarding Application In this field enter the name you wish to give the application Each name can be up to 12 characters Start End This is the port range Enter the number that starts the port range under Start and the number that ends the range under E...

Page 45: ...on In this field enter the name you wish to give the application Each name can be up to 12 characters Triggered Range Start Port End Port Enter the number that starts the triggered port range under Start Port and the number that ends the range under End Port Forwarded Range Start Port End Port Enter the number that starts the forwarded port range under Start Port and the number that ends the range...

Page 46: ...e DMZ This feature allows one local PC to be exposed to the Internet for use of a special purpose service such as Internet gaming and videoconferencing To use this feature select Enabled To disable the Software DMZ feature select Disabled DMZ Host IP Address To expose one PC enter the computer s IP address To get the IP address of a computer refer to Appendix F Finding the MAC Address and IP Addre...

Page 47: ...et Access Policy drop down menu 2 To enable this policy click the radio button beside Enable 3 Enter a Policy Name in the field provided 4 Click the appropriate option Deny or Allow depending on whether you want to block or allow Internet access for the PC with the given IP address 5 Decide which days and what times you want this policy to be enforced Select the individual days during which the po...

Page 48: ...ing policy 1 Select a number from the URL Filtering Policy drop down menu 2 Enter a Policy Name in the field provided 3 To enable this policy select Enabled from the Status menu 4 Enter the Start IP Address and End IP Address what will be affected by the policy After making your changes click the Save Settings button to apply your changes 5 The address entered to access Internet site by entering t...

Page 49: ...ord If you want to let the user change his or her password from the user s QuickVPN client select Yes When you have finished entering the user name and password of the VPN client click the Add Save button to add the VPN client to your list A warning message will appear the first time you add a VPN client After all VPN clients are added to the VPN Client List Table click Save Settings VPN Client Li...

Page 50: ...a suite of protocols used to implement secure exchange of packets at the IP layer To allow IPSec Passthrough click the Enabled button To disable IPSec Passthrough click the Disabled button PPTP PassThrough PPTP Point to Point Tunneling Protocol Passthrough allows the Point to Point PPP to be tunneled through an IP network To allow PPTP Passthrough click the Enabled button To disable PPTP Passthrou...

Page 51: ...UDP packet While the IP address and port number of such UDP packet being modified by NAT the encapsulated ESP can still be integrity for remote IPSec peer verification Because we do not know where the NAT server of the remote peer is located exactly the Remote Secure Group and Remote Secure Gateway must be set to Any when NAT Traversal is enabled Select Enabled to enable NAT Traversal support for ...

Page 52: ...PN router a VPN server or a computer with VPN client software that supports IPSec The IP address may either be static permanent or dynamic depending on the settings of the remote VPN device If the IP Address is static select IP Addr and enter the IP address Make sure that you have entered the IP address correctly or the connection cannot be made Remember this is NOT the IP address of the local VPN...

Page 53: ...roposals are secure To use PFS click the Enabled radio button ISAKMP Key Lifetime s The Field specifies how long an ISAKMP key channel should been kept before being renegotiated IPSec Key Lifetime s In this field you may optionally select to have the key expire at the end of a time period of your choosing Enter the number of seconds you d like the key to be used until a re key negotiation between ...

Page 54: ...itial key exchange and IKE proposals are secure To use PFS select Enabled Group The value is the same as Phase 1 Group IPSec Key Lifetime s In the Key Lifetime field you may optionally select to have the key expire at the end of a time period of your choosing Enter the number of seconds you d like the key to be used until a re key negotiation between each endpoint is completed Tunnel Options Dead ...

Page 55: ...on such two error situation are caused by regular NAT IP translation NAT Traversal will help to establish IPSec Tunnels and encapsulate the original ESP packet with a UDP header and a trailer Such UDP packet will be regularly translated private public IP and port number by NAT but the internal encapsulated ESP packet can keep the original integrity and secrecy for remote IPSec peer verification Yo...

Page 56: ...r a IPSec VPN tunnel is established If the pre configured type of the remote group is IP Addr the field displays the IP address of the remote peer If the pre configured type of the remote group is Subnet the field displays the subnet type IP Address Mask If the pre configured type of remote group is Host or Any the field displays the Host or Any directly Local Group The field displays the local pe...

Page 57: ...information Detail Each Tunnel has a Detail button This button will become available when a Tunnel Status reveals a C T Any and NAT T When you press the Detail button a VPN Advanced Tunnel Information screen appears This feature provides more detailed information for advanced configuration and management VPN Advanced Tunnel Information will show Advanced Tunnel Information and Remote Security Gate...

Page 58: ...hree additional applications by entering their respective application port numbers in the Specific Port field Bandwidth Allocation For each of the three Application Level Gateways ALGs you can choose a Bandwidth Allocation Policy from Guaranteed and Spare with a specified percentage value to control the bandwidth utilization from LAN to WAN It depends on specified policy to let the bandwidth to be...

Page 59: ...packets If the other end is not able to process more packets it will send a pause frame and a sending port will hold the packets Ingress Rate This setting lets the user choose the input data rate for a port Packets exceeding this rate will be dropped The rates can be 128kbps 256kbps 512kbps 1Mbps 2Mbps 4Mbps 8Mbps 16Mbps 32Mbps or no rate control Egress Rate This setting lets the user choose the o...

Page 60: ...o HTTPS Remote Router Access This feature allows you to access the Router from a remote location via the Internet Remote Management This feature allows you to manage the Router from a remote location via the Internet To enable Remote Management click the Enabled radio button Use HTTPS To use the SSL encryption select Enabled Remote Upgrade If you want to be able to upgrade the Router remotely from...

Page 61: ... Head Office Floor 5 Networking 3 Get Community Enter the password that allows read only access to the Router s SNMP information The default name is public Set Community Enter the password that allows read write access to the Router s SNMP information The default name is private A name must be entered in this field SNMP Trap Community Enter the password required by the remote host computer that wi...

Page 62: ... button and follow the on screen instructions Restore Configurations To restore the Routers configuration click this button and follow the on screen instructions You must have previously backed up the Router s configuration When you have finished making changes on this screen click the Save Settings button to save the changes or click the Cancel Changes button to undo your changes For help informa...

Page 63: ...r can know where the mail is from Recipient To Enter the e mail address where you want the alerts to be sent Event Types There are ACL DoS URL Detect and New Connection event types for E Mail Alert You can select some of them to enable those event alerts System Log You may keep a log of the router s activities This requires the installation of an external log viewer To enable System Log click Enab...

Page 64: ...mited Click the Start to Ping button to start the test The results of the test will be displayed in the window To stop the test click the Stop button Click the Clear Log button to clear the screen Click the Close button to return to the Diagnostics screen Traceroute Test IP or URL Address Enter the IP or URL address of the network device whose performance you wish to test Click the Start to Tracer...

Page 65: ...de Firmware In the field provided enter the name of the extracted firmware upgrade file or click the Browse button to find this file After you have selected the appropriate file click the Start to Upgrade button and follow the on screen instructions For help information click More The Administration Tab Reboot To restart the Router select Yes then click the Save Settings button Figure 6 53 The Adm...

Page 66: ...in name is displayed here Internet Connection Configuration Type This shows the information required by your ISP for connection to the Internet This information was entered on the Setup Tab IP Address The Router s Internet IP Address is displayed here Subnet Mask and Default Gateway The Router s Subnet Mask and Default Gateway address are displayed here for DHCP and static IP connections DNS Shown...

Page 67: ...rt of the IP address range used by the device on you local network is displayed here End IP The end of the IP address range used by the device on you local network is displayed here DHCP Clients Table Click this button to view a list of PCs that have been assigned IP addresses by the Router The DHCP Active IP Table screen lists the DHCP Server IP Address Computer Names IP Addresses MAC Addresses a...

Page 68: ...the channel on which your wireless network is broadcasting SSID MAC Address As entered on the Wireless tab this will display the MAC Address of the SSID listed in the table and on your network Wireless Network Name SSID As entered on the Wireless tab This displays the SSID of your network Security Mode As selected on the Wireless tab this will display what type of wireless security the Router uses...

Page 69: ...ckets sent is displayed here Bytes Received The number of bytes received is shown here Bytes Sent The number of bytes sent is shown here Error Packets Received The number of error packets received is displayed here Dropped Packets Received The number of dropped packets received is displayed here LAN Statistics for the network traffic on each of the four LAN ports are shown in four separate columns...

Page 70: ... users whose information you wish to see No This is the number assigned to the VPN client Username The Username assigned to the VPN client will be displayed here Status This is the status of the VPN connection Start Time The time the VPN connection began is displayed here End Time The time the VPN connection ended is shown here Duration This is the length of time the VPN connection has lasted Disc...

Page 71: ...ress on a PC You can assign a static IP address to a PC by performing the following steps For Windows 98 and Me 1 Click Start Settings and Control Panel Double click Network 2 In The following network components are installed box select the TCP IP associated with your Ethernet adapter If you only have one Ethernet adapter installed you will only see one TCP IP line with no association to an Ethern...

Page 72: ... you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like previous Windows versions please follow the instructions for Windows 2000 1 Click Start and Control Panel 2 Click the Network and Internet Connections icon and then the Network Connections icon 3 Right click the Local Area Connection that is associated with the Ethernet...

Page 73: ...If you get a reply the computer is connected to the Router If you do NOT get a reply try the ping command from a different computer to verify that your original computer is not the cause of the problem D In the command prompt type ping www yahoo com and press the Enter key If you get a reply the computer is connected to the Internet If you cannot open a webpage try the ping command from a differen...

Page 74: ... enabled VPNs that use IPSec with the ESP Encapsulation Security Payload known as protocol 50 authentication will work fine At least one IPSec session will work through the Router however simultaneous IPSec sessions may be possible depending on the specifics of your VPNs VPNs that use IPSec and AH Authentication Header known as protocol 51 are incompatible with the Router AH has limitations due to...

Page 75: ...P address is 192 168 1 100 you would enter 100 in the field provided Check Appendix F Finding the MAC Address and IP Address for Your Ethernet Adapter for details on getting an IP address 6 Check the Enable option for the port services you want to use Consider the example below When you have completed the configuration click the Save Settings button 8 I need to set up online game hosting or use ot...

Page 76: ...perly consider exposing one PC to the Internet using DeMilitarized Zone DMZ hosting This option is available when an application requires too many ports or when you are not sure which port services to use Make sure you disable all the forwarding entries if you want to successfully use DMZ hosting since forwarding has priority over DMZ hosting In other words data that enters the Router will be chec...

Page 77: ...o connect directly to the LAN For Microsoft Internet Explorer 5 0 or higher 1 Click Start Settings and Control Panel Double click Internet Options 2 Click the Connections tab 3 Click the LAN settings button and remove anything that is checked 4 Click the OK button to go back to the previous screen 5 Click the option Never dial a connection This will remove any dial up pop ups for PPPoE users For N...

Page 78: ...nnection This may not always work so you may need to re establish connection periodically 1 To connect to the Router go to the web browser and enter http 192 168 1 1 or the IP address of the Router 2 Enter the password if asked The default password is admin 3 On the Setup screen select the option Keep Alive and set the Redial Period option at 20 seconds 4 Click the Save Settings button 5 Click the...

Page 79: ...igured correctly but still not working check the Router Ensure that it is connected and powered on Connect to it and check its settings If you cannot connect to it check the LAN and power connections If the Router is configured correctly check your Internet connection DSL cable modem etc to see if it is working correctly You can remove the Router to verify a direct connection Manually configure th...

Page 80: ...ay have many private addresses behind this single address provided by the ISP Does the Router support any operating system other than Windows 95 Windows 98SE Windows Millennium Windows 2000 or Windows XP Yes but Linksys does not at this time provide technical support for setup configuration or troubleshooting of any non Windows operating systems Does the Router support ICQ send file Yes with the f...

Page 81: ...he Router by holding down the reset button until the Power LED fully turns on and off Reset your cable or DSL modem by powering the unit off and then on Obtain and flash the latest firmware release that is readily available on the Linksys website www linksys com How will I be notified of new Router firmware upgrades All Linksys firmware upgrades are posted on the Linksys website at www linksys com...

Page 82: ...ws PPTP packets to pass through Is the Router cross platform compatible Any platform that supports Ethernet and TCP IP is compatible with the Router How many ports can be simultaneously forwarded Theoretically the Router can establish 520 sessions at the same time but you can only forward 10 ranges of ports What are the advanced features of the Router The Router s advanced features include Advance...

Page 83: ...s networks The 802 11g standard allows wireless networking hardware from different manufacturers to communicate provided that the hardware complies with the 802 11g standard The 802 11g standard states a maximum data transfer rate of 54Mbps and an operating frequency of 2 4GHz What IEEE 802 11b features are supported The product supports the following IEEE 802 11b functions CSMA CA plus Acknowledg...

Page 84: ...ications between end node and host computer can then be transmitted up and down the backbone As the user moves on the end node s RF transmitter regularly checks the system to determine whether it is in touch with the original access point or whether it should seek a new one When a node no longer receives acknowledgment from its original access point it undertakes a new search Upon finding a new ac...

Page 85: ...EP is Wired Equivalent Privacy a data privacy mechanism based on a 64 bit or 128 bit shared key algorithm as described in the IEEE 802 11 standard What is a MAC Address The Media Access Control MAC address is a unique number assigned by the manufacturer to any Ethernet networking device such as a network adapter that allows the network to identify it at the hardware level For all practical purpose...

Page 86: ... G VPN Router with RangeBooster How many channels frequencies are available with the Router There are eleven available channels ranging from 1 to 11 in North America If your questions are not addressed here refer to the Linksys website www linksys com ...

Page 87: ...mance 7 Change the WEP encryption keys periodically To ensure network security steps one through five should be followed at least Security Threats Facing Wireless Networks Wireless networks are easy to find Hackers know that in order to join a wireless network wireless networking products first listen for beacon messages These messages can be easily decrypted and contain much of the network s info...

Page 88: ...AC Addresses This makes it harder for a hacker to access your network with a random MAC Address WEP Encryption Wired Equivalent Privacy WEP is often looked upon as a cure all for wireless security concerns This is overstating WEP s ability Again this can only provide enough security to make a hacker s job more difficult There are several ways that WEP can be maximized 1 Use the highest level of en...

Page 89: ...along with a key shared between the device and the server Last enter a Group Key Renewal period which instructs the device how often it should change the encryption keys RADIUS WEP used in coordination with a RADIUS server This should only be used when a RADIUS server is connected to the Router or other device First enter the RADIUS server s IP Address and port number along with a key shared betwe...

Page 90: ...oftware program only works with a Wireless G VPN Router that is properly configured to accept a QuickVPN connection Follow these instructions for configuring the VPN client settings for the Router 1 Click the VPN tab 2 Click the VPN Client Access tab 3 Enter the username in the Username field 4 Enter the password in the Password field and enter it again in the Re enter to confirm field 5 Click the...

Page 91: ...exe file 7 Double click the exe file and follow the on screen instructions Then proceed to the next section Using the Linksys QuickVPN Software NOTE If you have the Wireless G VPN Router Setup CD ROM available then follow these instructions 1 Insert the Setup CD ROM into your CD ROM drive The Setup Wizard should run automatically and the Welcome screen should appear If it does not click Start and ...

Page 92: ...ster To save this profile click the Save button Multiple profiles can be set up if you want to establish a tunnel to multiple sites Note that only one tunnel can be active at a time To delete this profile click the Delete button For information click the Help button 3 To begin your QuickVPN connection click the Connect button and the Connecting Activating Policy and Verifying Network screens appea...

Page 93: ...our password click the Change Password button For information click the Help button 5 If you clicked the Change Password button and have permission to change your own password you will see the Connect Virtual Private Connection screen Enter your password in the Old Password field Enter your new password in the New Password field Then enter the new password again in the Confirm New Password field C...

Page 94: ...rosoft KB Q257225 Basic IPSec Troubleshooting in Windows 2000 http support microsoft com support kb articles Q257 2 25 asp Environment The IP addresses and other specifics mentioned in this appendix are for illustration purposes only Windows 2000 or Windows XP IP Address 140 111 1 2 User ISP provides IP Address this is only an example Subnet Mask 255 255 255 0 WRV54G WAN IP Address 140 111 1 1 Use...

Page 95: ...ter Then click Next 4 Deselect the Activate the default response rule check box and then click the Next button 5 Click the Finish button making sure the Edit check box is checked Step 2 Build Filter Lists Filter List 1 win Router 1 In the new policy s properties screen verify that the Rules tab is selected Deselect the Use Add Wizard check box and click the Add button to create a new rule 2 Make s...

Page 96: ... Select the Addressing tab In the Source address field select My IP Address In the Destination address field select A specific IP Subnet and fill in the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 These are the Router s default settings If you have changed these settings enter your new values 5 If you want to enter a description for your filter click the Description tab and enter the desc...

Page 97: ...en will appear Select the Addressing tab In the Source address field select A specific IP Subnet and enter the IP Address 192 168 1 0 and Subnet mask 255 255 255 0 Enter your new values if you have changed the default settings In the Destination address field select My IP Address 10 If you want to enter a description for your filter click the Description tab and enter the description there 11 Clic...

Page 98: ...ter list win Router 2 Click the Filter Action tab and click the filter action Require Security radio button Then click the Edit button 3 From the Security Methods tab verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK button Figure D 12 Security Met...

Page 99: ...the Edit button 5 Change the authentication method to Use this string to protect the key exchange preshared key and enter the preshared key string such as XYZ12345 Click the OK button 6 This new Preshared key will be displayed Click the Apply button to continue if it appears on your screen otherwise proceed to the next step Figure D 13 Authentication Methods Figure D 14 Preshared Key Figure D 15 N...

Page 100: ...adio button Then enter the Router s WAN IP Address 8 Select the Connection Type tab and click All network connections Then click the OK or Close button to finish this rule Tunnel 2 Router win 9 In the new policy s properties screen make sure that win Router is selected and deselect the Use Add Wizard check box Then click the Add button to create the second IP filter Figure D 16 Tunnel Setting Tab ...

Page 101: ...ecurity Then click the Edit button From the Security Methods tab verify that the Negotiate security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK button 12 Click the Authentication Methods tab and verify that the authentication method Kerberos is selected Then click the Edit but...

Page 102: ...12345 This is a sample key string Yours should be a key that is unique but easy to remember Then click the OK button 14 This new Preshared key will be displayed Click the Apply button to continue if it appears on your screen otherwise proceed to the next step 15 Click the Tunnel Setting tab Click the radio button for The tunnel endpoint is specified by this IP Address and enter the Windows 2000 XP...

Page 103: ...ork connections Then click the OK or Close button to finish 17 From the Rules tab click the OK or Close button to return to the screen showing the security policies Step 4 Assign New IPSec Policy In the IP Security Policies on Local Machine window right click the policy named to_Router and click Assign A green arrow appears in the folder icon Figure D 25 Connection Type Figure D 26 Rules Figure D ...

Page 104: ... Router fields 7 Select from two different types of encryption DES or 3DES 3DES is recommended because it is more secure You may choose either of these but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel Or you may choose not to encrypt by selecting Disable 8 Select from two types of authentication MD5 and SHA SHA is recommended because it...

Page 105: ... to configure an IPSec VPN tunnel between two VPN Routers by example Two PCs are used to test the liveliness fo the tunnel Before You Begin The following is a list of equipment you need Two Windows desktop PCs each PC will be connected to a VPN Router Two VPN Routers that are both connected to the Internet NOTE Each computer must have a network adapter installed Figure E 1 Diagram of All VPN Tunne...

Page 106: ...ilar screen Complete the User Name and Password fields admin is the default user name and password Then click the OK button 4 Click the VPN tab 5 Click the IPSec VPN tab 6 For the VPN Tunnel setting select Enabled 7 Enter a name in the Tunnel Name field 8 For the Local Secure Group select Subnet Enter VPN Router 1 s local network settings in the IP Address and Mask fields 9 For the Remote Secure G...

Page 107: ... is the default user name and password Then click the OK button 4 If the LAN IP address is still the default one change it to 172 168 1 1 and save the setting 5 Click the VPN tab 6 Click the IPSec VPN tab 7 For the VPN Tunnel setting select Enabled 8 Enter a name in the Tunnel Name field 9 For the Local Secure Group select Subnet Enter VPN Router 2 s local network settings in the IP Address and Ma...

Page 108: ...ck the Advanced Settings button Otherwise click the Save Settings button and proceed to the next section Configuring VPN Router 2 7 On the Auto IKE Advanced Settings screen keep the default Operation Mode Main 8 For Phase 1 select 3DES from the Encryption drop down menu 9 Select MD5 from the Authentication drop down menu 10 Select 1024 bit from the Group drop down menu 11 Enter 3600 in the Key Lif...

Page 109: ...er to Windows Help for more information 2 Verify that PC 1 and PC 2 can ping each other refer to Windows Help for more information If the computers can ping each other then you know the VPN tunnel is configured correctly You can select different algorithms for the encryption authentication and other key management settings for VPN Routers 1 and 2 Refer to the previous section Configuring the Key M...

Page 110: ...dows 98 Me 2000 or XP Windows 98 or Me Instructions 1 Click Start and Run In the Open field enter winipcfg Then press the Enter key or the OK button 2 When the IP Configuration screen appears select the Ethernet adapter you have connected to the Router via a CAT 5 Ethernet network cable 3 Write down the Adapter Address as shown on your computer screen This is the MAC address for your Ethernet adap...

Page 111: ...ress the Enter key 3 Write down the Physical Address as shown on your computer screen it is the MAC address for your Ethernet adapter This appears as a series of numbers and letters The MAC address Physical Address is what you will use for MAC address cloning or MAC filtering On the MAC Address Physical Address screen the example shows the Ethernet adapter s IP address as 192 168 1 100 Your comput...

Page 112: ...to the workstation console used to oversee the network The Router then returns information contained in a MIB Management Information Base which is a data structure that defines what is obtainable from the device and what can be controlled turned off on etc SNMP functions such as statistics configuration and device information are not available without third party Management Software The Router is ...

Page 113: ...l have to re enter all of your configuration settings To upgrade the Router s firmware follow these instructions 1 Download the Router s firmware upgrade file from the Linksys website www linksys com 2 Extract the file on your computer 3 Click the Administration tab and then the Firmware Upgrade tab of the Router s Web based Utility 4 On the Upgrade Firmware screen enter the location of the extrac...

Page 114: ...ctions or protocol all PCs follow to communicate over a network This is true for wireless networks as well Your PCs will not be able to utilize wireless networking without having TCP IP enabled Windows Help provides complete instructions on enabling TCP IP Shared Resources If you wish to share printers folder or files over your network Windows Help provides complete instructions on utilizing share...

Page 115: ...device and cause it to start executing instructions Broadband An always on fast Internet connection Browser An application program that provides a way to look at and interact with all the information on the World Wide Web Byte A unit of data that is usually eight bits long Cable Modem A device that connects a computer to the cable television network which in turn connects to the Internet Daisy Cha...

Page 116: ...Ethernet IEEE standard network protocol that specifies how data is placed on and retrieved from a common transmission medium Firewall A set of related programs located at a network gateway server that protects the resources of a network from users from other networks Firmware The programming code that runs a networking device FTP File Transfer Protocol A protocol used to transfer files over a TCP ...

Page 117: ...ng storage and or transmission between users Packet A unit of data sent over a network Passphrase Used much like a password a passphrase simplifies the WEP encryption process by automatically generating the WEP encryption keys for Linksys products Ping Packet INternet Groper An Internet utility used to determine whether a particular IP address is online POP3 Post Office Protocol 3 A standard mail ...

Page 118: ... network s name Static IP Address A fixed address assigned to a computer or device that is connected to a network Static Routing Forwarding data in a network via a fixed path Subnet Mask An address code that determines the size of the network Switch 1 A data switch that connects computing devices to host computers allowing a large number of devices to share a limited number of ports 2 A device for...

Page 119: ...e address of a file located on the Internet VPN Virtual Private Network A security measure to protect data as it leaves one network and goes to another over the Internet WAN Wide Area Network The Internet WEP Wired Equivalent Privacy A method of encrypting network data transmitted on a wireless network for greater security WLAN Wireless Local Area Network A group of computers and associated device...

Page 120: ...r better LEDs Power DMZ Internet Wireless Ethernet 1 2 3 4 Transmit Power 19 dBm Security Features WEP WPA WPA2 WEP Key Bits 64 128 Dimensions 6 69 x 1 65 x 7 62 W x H x D 170 mm x 42 mm x 194 mm Unit Weight 12 52 oz 0 355 kg Power 12 V 1A Certifications FCC IC 03 Operating Temp 32º 104º F 0º 40º C Storage Temp 4º 158º F 20º 70º C Operating Humidity 10 to 85 Non Condensing Storage Humidity 5 to 90...

Page 121: ...ENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF NON INFRINGEMENT ARE DISCLAIMED Some jurisdictions do not allow limitations on how long an implied warranty lasts so the above limitation may not apply to You This warranty gives You specific legal rights and You may also have other rights which vary by jurisdiction This warranty does not apply if the Product a has been altered except by L...

Page 122: ... try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment or devices Connect the equipment to an outlet other than the receiver s Consult a dealer or an experienced radio TV technician for assistance FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set...

Page 123: ...s Covered by EU Directive 2002 96 EC on Waste Electric and Electronic Equipment WEEE This document contains important information for users with regards to the proper disposal and recycling of Linksys products Consumers are required to comply with this notice for all electronic products bearing the following symbol ...

Page 124: ...114 Appendix M Regulatory Information Wireless G VPN Router with RangeBooster ...

Page 125: ...115 Appendix M Regulatory Information Wireless G VPN Router with RangeBooster ...

Page 126: ...116 Appendix M Regulatory Information Wireless G VPN Router with RangeBooster ...

Page 127: ...117 Appendix M Regulatory Information Wireless G VPN Broadband Router For more information visit www linksys com ...

Page 128: ...t networking with Linksys products Give our advice line a call at 800 546 5797 LINKSYS Or fax your request in to 949 823 3002 If you experience problems with any Linksys product you can call us at 800 326 7114 Don t wish to call You can e mail us at support linksys com If any Linksys product proves defective during its warranty period you can call the Linksys Return Merchandise Authorization depar...