Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems RV016, RV042G manual IPSec Setup

Models: RV016 RV042G

1 199

Download 199 pages 48.22 Kb

Page 133

VPN	9
VPN
Setting Up a Gateway to Gateway (Site to Site) VPN

-Dynamic IP + E-mail Addr.(USER FQDN) Authentication: Choose this option if this router has a dynamic IP address and does not have a Dynamic DNS hostname. Enter any Email Address to use for authentication.

If both routers have dynamic IP addresses (as with PPPoE connections), do not choose Dynamic IP + Email Addr. for both gateways. For the remote gateway, choose IP Address and IP Address by DNS Resolved.

•Local/Remote Security Group Type: Specify the LAN resources that can use this tunnel. The Local Security Group is for this router’s LAN resources; the Remote Security Group is for the other router’s LAN resources.

-IP Address: Choose this option to specify one device that can use this tunnel. Then enter the IP address of the device.

-Subnet: Choose this option (the default option) to allow all devices on a subnet to use the VPN tunnel. Then enter the subnetwork IP address and mask.

-IP Range: Choose this option to specify a range of devices that can use the VPN tunnel. Then identify the range of IP addresses by entering the first address in the Begin IP field and the final address in the End IP field.

IPSec Setup

Enter the Internet Protocol Security settings for this tunnel.

IMPORTANT: In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption, decryption, and authentication. Enter exactly the same settings on both routers.

•Keying Mode: Choose one of the following key management methods:

-Manual: Choose this option if you want to generate the key yourself and you do not want to enable key negotiation. Manual key management is used in small static environments or for troubleshooting purposes. Enter the required settings. For information, see Required fields for Manual mode, page 134.

-IKE with Preshared Key: Choose this option to use the Internet Key Exchange protocol to set up a Security Association (SA) for your tunnel. IKE uses a preshared key to authenticate the remote IKE peer. This setting is recommended and is selected by default. Enter the required settings. For more information, see Required fields for IKE with

Cisco Small Business RV0xx Series Routers Administration Guide

133

Image 133

Cisco Systems RV016, RV042G manual IPSec Setup

Contents

Cisco Small Business ADMINISTRATION GUIDERV0xx Series Routers RV042 Dual WAN VPN Router RV042G Gigabit Dual WAN VPN Router78-19576-01 B0 2011-2012 Cisco Systems, Inc. All rights reservedContents Chapter 3 SetupChapter 1 Introduction Chapter 2 Viewing System Summary InformationChapter 4 DHCP ContentsChapter 5 System Management Chapter 6 Port ManagementChapter 9 VPN Contents Introduction RV0xx Series Router FeaturesRV0xx Series Router Features, page Mounting Options, page Connecting the Equipment, page15Cisco Small Business RV0xx Series Routers Administration Guide RV0xx Series Router FeaturesIntroduction RV042 and RV042G PortsIntroduction PortsPort DescriptionIntroduction Status LightsLight DescriptionFeature Other Hardware FeaturesReset To restart the router or restoreDefault Settings Mounting OptionsPlacement Tips Desktop PlacementIntroduction Wall MountingSuggested Hardware for RV042 and RV042G Suggested Hardware for RV082 and RV016Introduction Cisco Small Business RV0xx Series Routers Administration GuideMounting Options Rack Mounting RV082 or RV016Introduction Connecting the EquipmentRV042 and RV042G Internet Port RV082 Internet PortIntroduction Getting Started with the ConfigurationIntroduction Troubleshooting TipsNavigation, page18 Pop-Up Windows, page19 Setup Wizards, page Features of the User InterfaceSaving the Settings, page19 Help, page19 Logout, page19 NavigationSaving the Settings Setup WizardsPop-Up Windows HelpConfiguration, page Port Statistics, page WAN Status, page Viewing System Summary InformationFirewall Setting Status, page VPN Setting Status, page Log Setting Status, pageCisco ProtectLink Web System InformationViewing System Summary Information Port Statistics ConfigurationViewing System Summary Information Port Information WindowThis window displays the following information Viewing System Summary InformationViewing System Summary Information WAN StatusWAN information VPN Setting Status Firewall Setting StatusLog Setting Status Viewing System Summary InformationSetting Up the Network, page DMZ Setting, page SetupChanging the Administrator Username and Password, page Setting the System Time, page Setting Up a DMZ Host, pageSetup Setting Up the NetworkLAN Setting device IP address and subnets, page WAN Setting Internet connection, page DMZ Setting, pageSetup LAN Setting device IP address and subnetsIP Mode Changing the device IP address, pageEnabling multiple subnets IPv4 only SetupSTEP 3 In the pop-up window, add or edit entries as needed SetupSetup WAN Setting Internet connectionSetup DMZ SettingSetting Up the Network SetupCisco Small Business RV0xx Series Routers Administration Guide Editing a WAN Connection with IPv4 Addressing Editing a WAN ConnectionEditing a WAN Connection with IPv6 Addressing Subnet Mask IPv4 The subnet mask specified by your ISP Page Page IPv4 IPv6 Editing a DMZ ConnectionPrefix Length Enter the prefix length. The default value is If you are using IPv6 addressing, enter the following informationCisco Small Business RV0xx Series Routers Administration Guide Setup Changing the Administrator Username and PasswordTo open this page Click Setup Password in the navigation tree Includes at least 8 characters Is not the same as the username SetupSetup Setting the System TimeTo open this page Click Setup Time in the navigation tree Setup Setting Up a DMZ HostTo open this page Click Setup DMZ Host in the navigation tree Setup Setting Up Port Forwarding and Port TriggeringPort Range Forwarding Port Range Forwarding, page Port Triggering, pageEnable Check the box to enable this port range forwarding entry SetupAdding a service SetupPort Triggering SetupSetup Setting Up Universal Plug and Play UPnPTo open this page Click Setup UPnP in the navigation tree Setup Adding a service SetupSetup Setting Up One-to-One NATTo open this page Click Setup One-to-One NAT in the navigation pane Setting Up One-to-One NAT SetupSetup Cloning a MAC Address for the RouterCloning a MAC Address for the Router Editing the MAC Address Clone Settings To open this page Click Setup Dynamic DNS in the navigation tree Assigning a Dynamic DNS Host Name to a WAN InterfaceEditing the Dynamic DNS Setup Configuring Dynamic Routing, page Configuring Static Routing, page Setting Up Advanced RoutingDynamic Routing for IPv4 Configuring Dynamic Routingdata None, RIPv1, RIPv2 - Broadcast, or RIPv2 - Multicast Dynamic Routing for IPv6 Configuring Static RoutingPrefix Length Pv6 only Enter the prefix length Cisco Small Business RV0xx Series Routers Administration Guide Setting Up Advanced RoutingTo open this page Click Setup IPv6 Transition in the navigation tree IPv6 Transitionto Go From Here.” DHCP Setting Up the DHCP Server or DHCP RelaySetting Up the DHCP Server or DHCP Relay, page Viewing the DHCP Status Information, pageDHCP To open this page Click DHCP DHCP Setup in the navigation treeEnabling DHCP Server and DHCP Relay Dynamic IP used for DHCP Server only DHCPDNS used for DHCP Server only WINS used for DHCP Server, IPv4 OnlyDHCP Using the Static IP List to Block Devices, pageAbout Static IP Addresses for IPv4 Only Assigning static IP addresses by adding devices from a list, pageAssigning static IP addresses by entering devices manually DHCPDHCP Using the Static IP List to Block DevicesDNS Local Database DHCPDHCP Server Viewing the DHCP Status InformationClient Table DHCPDHCP Router Advertisement IPv6Router Advertisement IPv6 RA Flags Choose whether or not hosts can use DHCPv6 to obtain addresses and other information. The options are described below DHCPSystem Management Setting Up Dual WAN and Multi-WAN ConnectionsSetting Up Dual WAN and Multi-WAN Connections, page Managing the Bandwidth Settings, page Setting Up SNMP, pageSystem Management Mode - Cisco RV042, RV042G, and RV082System Management Mode - Cisco RV016System Management Interface SettingNetwork Service Detection Editing the Dual WAN and Multi-WAN SettingsMax Bandwidth Provided by ISP Protocol Binding for Cisco RV016 only, when Load Balancer is selected Adding a service Cisco Small Business RV0xx Series Routers Administration Guide Max Bandwidth Provided by ISP Managing the Bandwidth SettingsBandwidth Management Type Appendix F, “Bandwidth Management.”Priority for Priority management only Choose the priority for this Adding a service Setting Up SNMP Setting Up SNMPEnabling Device Discovery with Bonjour Enabling Device Discovery with Bonjour Cisco Small Business RV0xx Series Routers Administration GuideDNS Name Lookup Using Built-In Diagnostic ToolsPing Restoring the Factory Default Settings Restoring the Factory Default SettingsUpgrading the Firmware Restarting the Router Restoring the Settings from a Configuration File Backing Up and Restoring the SettingsRestoring the Settings from a Configuration File, page Backing Up Configuration Files and Mirror Files, pageCopying a Startup File or Mirror File Backing Up Configuration Files and Mirror FilesSTEP 3 Close the Download Complete window To copy a file, click the button Port Management Configuring the Port SettingsConfiguring the Port Settings, page Viewing the Status Information for a Port, pagePort Management Summary Viewing the Status Information for a PortPort Management Port Management StatisticsFirewall Configuring the General Firewall SettingsConfiguring the General Firewall Settings, page Managing Access Rules, page Configuring Firewall Access Rules, pageFirewall Configuring the General Firewall SettingsFirewall Restrict Web FeaturesFirewall Don’t block Java/ActiveX/Cookies/Proxy to Trusted Domains If you blocked any of the web features, you can check this box to allow these features for the domains that you enter on the trusted list. This area of the page is available only if you checked one of the other boxes to disable a web feature. If you leave the box unchecked, then the selected web features are blocked for all websitesAbout Access Rules Configuring Firewall Access RulesAbout Access Rules, page103 Managing Access Rules, page Configuring Access Rules, pageFirewall Managing Access RulesFirewall To delete all custom rules Click Restore to Default RulesServices IPv4 and IPv6 Configuring Access RulesSchedule IPv4 Only Adding a service Cisco Small Business RV0xx Series Routers Administration Guide Forbidden Domains, page Website Blocking by Keywords, page Using Content Filters to Control Internet AccessSchedule, page Web.”Forbidden Domains Using Content Filters to Control Internet AccessWebsite Blocking by Keywords Schedule Getting Started with Cisco ProtectLink Web Cisco ProtectLink WebSpecifying the Global Settings for Approved URLs and Clients, page Getting Started with Cisco ProtectLink Web, pageChoose the appropriate option Cisco ProtectLink WebSpecifying the Global Settings for Approved URLs and Clients Specifying the Global Settings for Approved URLs and ClientsCisco ProtectLink Web Approved Clients Configuration Approved URL ConfigurationApproved URLs and Approved Clients Cisco ProtectLink WebWeb Protection Enabling Web Protection for URL FilteringCisco ProtectLink Web Cisco ProtectLink Web URL FilteringWeb Reputation Business Hour SettingCisco ProtectLink Web URL Overflow Control Updating the ProtectLink LicenseCisco ProtectLink Web License Information LicenseCisco ProtectLink Web Setting Up a Gateway to Gateway Site to Site VPN, page Introduction to VPNsSetting Up VPN Passthrough, page Setting Up PPTP Server, page Remote Access Client To Gateway, pageConfiguration tasks Remote Access Client To GatewaySite to Site VPN Gateway To Gateway Gateway-to-Gateway VPN Tunnel Between RV0xx Series Routers.”QuickVPN, page125 and Remote Access with PPTP, page125 NOTE Consider two other remote access options Remote Access with CiscoRemote Access with PPTP Remote Access with Cisco QuickVPNSummary Viewing the Summary Information for VPNTo open this page Click VPN Summary in the navigation tree Tunnel Status GroupVPN Status Up a Remote Access Tunnel for VPN Clients Client To Gateway, pageVPN Clients Status Setting Up a Gateway to Gateway Site to Site VPN Setting Up a Gateway to Gateway Site to Site VPNAdd a New Tunnel Local Group Setup and Remote Group SetupIP + Domain Name FQDN Authentication Choose this option if this router has a static IP address and a registered domain name, such as MyServer.MyDomain.com. Also enter the Domain Name to use for authentication. The domain name can be used only for one tunnel connection IPSec Setup Preshared Key, page Preshared Key, page 135 and Advanced settings for IKE withRequired fields for Manual mode Required fields for IKE with Preshared Key Phase 1 / Phase 2 Authentication Select a method of authenticationAdvanced settings for IKE with Preshared Key AH Hash Algorithm The AH Authentication Header protocol describes the packet format and default standards for packet structure. With the use of AH as the security protocol, protection is extended forward into the IP header to verify the integrity of the entire packet. Check the box to use this feature. Then select an authentication method MD5 or SHA1. MD5 produces a 128-bit digest to authenticate packet data. SHA1 produces a 160-bit digest to authenticate packet data. Both sides of the tunnel should use the same algorithm Page Setting Up a Remote Access Tunnel for VPN Clients Client To Gateway Setting Up a Remote Access Tunnel for VPN Clients Client To GatewayCisco Small Business RV0xx Series Routers Administration Guide RV0xxAdd a New Tunnel DNS hostname available from providers such as DynDNS.com. Enter a Domain Name to use for authentication. The domain name can be used only for one tunnel connection Remote Client Setup for a Group “Group VPN” Type Required fields for Manual mode Enter the settings for manual mode IPSec SetupRequired fields for IKE with Preshared Key Phase 1 / Phase 2 Authentication Select a method of authenticationAggressive Mode available for Tunnel, not Group VPN Two modes of Page To open this page Click VPN VPN Client Access in the navigation tree Managing VPN Users and CertificatesUsers, page Certificate Management, page148 Certificate Management UsersTo open this page Click VPN VPN Passthrough in the navigation tree Setting Up VPN PassthroughSetting Up PPTP Server Setting Up PPTP ServerPPTP Server IP Address RangeTo open this page Click VPN PPTP Server in the navigation tree Connection List Logging System Statistics Setting Up the System Log and AlertsSetting Up the System Log and Alerts, page Viewing the System Log, pageSyslog section Log Setting, page Buttons, pageE-mail section Logging System StatisticsLogging System Statistics Log SettingLogging System Statistics ButtonsLogging System Statistics Viewing the System LogTo open this page click Log System Statistics in the navigation tree Received Bytes The number of bytes received through this interface Logging System StatisticsBasic Setup, page Access Rule Setup, page160 WizardWizard on the System Summary page Access Rule Setup Basic SetupWizard Term GlossaryDefinition Term GlossaryDefinition Fragmentation ThresholdTerm GlossaryDefinition RADVD RouterTerm GlossaryDefinition RIPng RIP next generationTroubleshooting The DSL telephone line does not fit into the router’s Internet port TroubleshootingThe router does not have a coaxial port for the cable connection Introduction Cisco QuickVPN for WindowsCisco QuickVPN Client Installation and Configuration, page Using the Cisco QuickVPN Software, pageUsing the Cisco QuickVPN Software Cisco QuickVPN Client Installation and ConfigurationCisco QuickVPN for Windows STEP 3 To save this profile, click Save Cisco QuickVPN for WindowsConfiguring a VPN Tunnel on a Cisco RV0xx Series Router, page Topology OptionsOverview, page Topology Options, page Other Design Considerations, pageFigure 1 Hub and Spoke VPN Hub and Spoke TopologyFigure 2 Mesh VPN Mesh TopologyFigure 3 Gateway To Gateway Tunnel with Static IP Addresses Other Design ConsiderationsFigure 4 Gateway To Gateway Tunnel with a Dynamic IP Address LAN SetupConfiguring a VPN Tunnel on a Cisco RV0xx Series Router Field Example Sites with Static WAN IP AddressesValue Value FieldValue FieldField ValuesField Example Site with a Dynamic WAN IP AddressValues FieldValue FieldValue FieldField ValuesValues FieldOverview IPSec NAT TraversalIPSec NAT Traversal Configuration of Router AIPSec NAT Traversal Configuration of Router BBandwidth Management Creation of New ServicesCreation of New Services, page STEP 4 On the Bandwidth Management page, click Service ManagementBandwidth Management Creation of New Bandwidth Management RulesSTEP 5 Click Save Bandwidth ManagementRV042 SpecificationsNetwork SpecificationsSpecifications RV042G5.12 x 1.52 x 7.87 in. W x H x D 130 x 38.5 x 200 mm Performance SpecificationsSecurity NetworkManagement SpecificationsEnvironmental Specifications Cisco RV082Cisco RV082 Management SpecificationsSpecifications Cisco RV016Cisco RV016 Security SpecificationsNetwork Management SpecificationsEnvironmental Support Where to Go From HereProduct Documentation Cisco Small Business