ADMINISTRATION GUIDE Cisco Small Business WRVS4400N Wireless-N Gigabit Security Router with VPN
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) © 2009 Cisco Systems, Inc. All rights reserved.
Contents Chapter 1: Introduction 6 Chapter 2: Networking and Security Basics 8 An Introduction to LANs 8 The Use of IP Addresses 9 The Intrusion Prevention System (IPS) 11 Chapter 3: Planning Your Virtual Private Network (VPN) 13 Why do I need a VPN? 13 What is a VPN? 15 Chapter 4: Getting Started with the WRVS4400N Router 18 Front Panel 19 Back Panel 20 WRVS4400N Antennas 20 Placement Options 21 Installing the Router 24 Configuring the Router 26 Chapter 5: Setting Up and Conf
Contents Configuring the L2 Switch Settings 141 Viewing Status 152 Chapter 6: Using the VPN Setup Wizard 160 VPN Setup Wizard 160 Before You Begin 160 Running the VPN Router Software Wizard 161 Appendix A: Troubleshooting Frequently Asked Questions Appendix B: Using Cisco QuickVPN for Windows 2000, XP, or Vista 178 191 195 Overview 195 Before You Begin 196 Installing the Cisco QuickVPN Software 197 Using the Cisco QuickVPN Software 199 Distributing Certificates to QuickVPN Users 20
Contents Appendix E: Cisco ProtectLink Web Service 210 Overview 210 How to Access the Web-Based Utility 210 How to Purchase, Register, or Activate the Service 211 How to Use the Service 214 Appendix F: Specifications 219 General 219 Performance 220 Management 220 Security 221 QoS 221 Layer 2 222 Environmental 222 Appendix G: Where to Go From Here Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 223 5
1 Introduction Thank you for choosing the Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN. The Wireless-N Gigabit Security Router with VPN is an advanced Internet-sharing network solution for your small business needs. WRVS4400N lets multiple computers in your office share an Internet connection through both wired and wireless connections.
1 Introduction NAPT allows you to open specific TCP/UDP port numbers to the Internet to provide limited service while minimizing harmful traffic at the same time. The Virtual Private Network (VPN) capability is another security feature that creates encrypted “tunnels” through the Internet, allowing up to five remote offices and five traveling users to securely connect into your office network from off-site.
2 Networking and Security Basics This chapter describes networking and security basics. It includes the following sections: • An Introduction to LANs, page 8 • The Use of IP Addresses, page 9 • The Intrusion Prevention System (IPS), page 11 An Introduction to LANs A router is a network device that connects two networks together. The router connects your local area network (LAN), or the group of personal computers in your home or office, to the Internet.
Networking and Security Basics The Use of IP Addresses 2 The second level router only forwards data packets through a wired network so you don’t have to use the Cisco WRVS4400N Wireless-N Gigabit Security Router. You can use any wired router in the Cisco family such as RVS4000 that has 4 LAN ports and 1 WAN port. The Use of IP Addresses IP stands for Internet Protocol.
Networking and Security Basics The Use of IP Addresses 2 If you use the router to share your cable or DSL Internet connection, contact your ISP to find out if they have assigned a static IP address to your account. If so, you will need that static IP address when configuring the router. You can get the information from your ISP. A dynamic IP address is automatically assigned to a device on the network.
Networking and Security Basics The Intrusion Prevention System (IPS) 2 The Intrusion Prevention System (IPS) IPS is an advanced technology to protect your network from malicious attacks. IPS works together with your SPI Firewall, IP Based Access Control List (ACL), Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to achieve the highest level of security. IPS works by providing real-time detection and prevention as an in-line module in a router.
Networking and Security Basics The Intrusion Prevention System (IPS) Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 2 12
3 Planning Your Virtual Private Network (VPN) This chapter provides information for planning your VPN and includes the following sections: • Why do I need a VPN?, page 13 • What is a VPN?, page 15 Why do I need a VPN? Computer networking provides a flexibility not available when using an archaic, paper-based system. With this flexibility, however, comes an increased risk in security. This is why firewalls were first introduced. Firewalls help to protect data inside of a local network.
Planning Your Virtual Private Network (VPN) Why do I need a VPN? 3 At this point, your data becomes open to hackers using a variety of methods to steal not only the data you are transmitting but also your network login and security data.
Planning Your Virtual Private Network (VPN) What is a VPN? 3 What is a VPN? A VPN, or Virtual Private Network, is a connection between two endpoints—a VPN router, for instance—in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. This establishes a private network that can send data securely between these two locations or networks. This is done by creating a “tunnel”.
Planning Your Virtual Private Network (VPN) What is a VPN? 3 VPN Router to VPN Router An example of a VPN router-to-VPN router VPN would be as follows. At home, a telecommuter uses his VPN router for his always-on Internet connection. His router is configured with his office’s VPN settings. When he connects to his office’s router, the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs utilize the Internet, distance is not a factor.
Planning Your Virtual Private Network (VPN) What is a VPN? 3 Computer to VPN Router The following is an example of a computer-to-VPN router VPN. In her hotel room, a traveling businesswoman connects to her ISP. Her notebook computer has the Cisco QuickVPN Client software, which is configured with her office’s IP address. She accesses the Cisco QuickVPN Client software and connects to the VPN router at the central office. As VPNs utilize the Internet, distance is not a factor.
4 Getting Started with the WRVS4400N Router This chapter describes the physical features of the WRVS4400N router and provides information for installing the router.
Getting Started with the WRVS4400N Router Front Panel 4 Front Panel The LEDs are located on the front panel of the router. Front of Router POWER LED—Lights up green to indicate the router is powered on. The LED flashes when the router is running a diagnostic test. DIAG LED—If this light is off, the system is ready. The Diag LED blinks red during firmware upgrades. IPS LED—The IPS LED lights up when the Intrusion Prevention System (IPS) function is enabled.
Getting Started with the WRVS4400N Router Back Panel 4 Back Panel The Ethernet ports, Internet port, Reset button, and Power port are on the back panel of the router. RESET Button—The Reset button can be used in two ways: • If the router is having problems connecting to the Internet, press the Reset button for just a second with a paper clip or a pencil tip. This is similar to pressing the reset button on your personal computer to reboot it.
Getting Started with the WRVS4400N Router Placement Options 4 Placement Options You can place the router horizontally on the rubber feet, mount it in the stand, or mount it on the wall. Desktop Option For desktop placement, place the Cisco WRVS4400N router horizontally on a surface so it sits on its four rubber feet.
4 Getting Started with the WRVS4400N Router Placement Options Stand Option 1 100 274945 POWER DIAG IPS WIRELESS 10 1000 2 3 ETHERNET 4 INTERNET WRVS4400N To install the router vertically in the supplied stands, follow the steps below. To place the router vertically, follow these steps. STEP 1 Locate the left side panel of the router.
4 Getting Started with the WRVS4400N Router Placement Options STEP 3 Repeat step 2 with the other stand. Wall Option To mount the Cisco WRVS4400N router on the wall, follow these steps. STEP 1 Determine where you want to mount the router and install two screws (not supplied) that are 2-9/16 in. apart (approximately 64.5 mm).
Getting Started with the WRVS4400N Router Installing the Router 4 Installing the Router To prepare the router for installation do the following: • Obtain the setup information for your specific type of Internet connection from your Internet Service Provider (ISP). • Power off all of your network hardware, including the router, PCs, and cable modem or DSL modem. Perform the steps in this section to install the hardware.
Getting Started with the WRVS4400N Router Installing the Router 4 STEP 3 Connect an Ethernet network cable from your cable or DSL modem to the Internet port on the router’s back panel. STEP 4 Power on the cable or DSL modem. STEP 5 Connect the power adapter to the Power port on the router and plug the other end into an electrical outlet. STEP 6 The Power and Internet LEDs on the front panel will light up green as soon as the power adapter is connected properly. STEP 7 Power on the PCs.
Getting Started with the WRVS4400N Router Configuring the Router 4 Configuring the Router To configure the WRVS4400N router, plug a PC into the router and launch the webbased configuration utility as follows. NOTE Before setting up the router, make sure your PCs are configured to obtain an IP (or TCP/IP) address automatically from the router. STEP 1 Launch a web browser, such as Internet Explorer or Mozilla Firefox. STEP 2 In the Address field enter http://192.168.1.1 and press Enter.
Getting Started with the WRVS4400N Router Configuring the Router 4 • Heartbeat Signal: Heartbeat Signal is used primarily in Australia. Check with your ISP for the necessary setup information. • L2TP: L2TP is used mostly in Europe. Check with your ISP for the necessary setup information. STEP 8 When you are finished entering your Internet connection settings, click Save. STEP 9 Restart or power on your PC to obtain the new router setting.
5 Setting Up and Configuring the WRVS4400N Wireless-N Router The Wireless-N router works right out of the box with the default settings. However, to change these settings, you can use the router’s web-based configuration utility. You can access the web-based configuration utility via a web browser (such as Microsoft Internet Explorer or Mozilla Firefox) from a computer connected to the same network the router is connected to.
Setting Up and Configuring the WRVS4400N Wireless-N Router Accessing the Web-Based Utility 5 Accessing the Web-Based Utility There are two ways to connect to your wireless router for the first time: • Physically connect your personal computer to one of the four LAN ports on the router. Then, configure your personal computer to obtain its IP address automatically from a DHCP server.
Setting Up and Configuring the WRVS4400N Wireless-N Router Navigating the Utility 5 Navigating the Utility The web-based utility consists of the following main windows: • Setup • Wireless • Firewall • ProtectLink • VPN • QoS • Administration • IPS • L2 Switch • Status Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 30
Setting Up and Configuring the WRVS4400N Wireless-N Router Navigating the Utility 5 Additional windows branch out from these main windows. The following briefly describes the windows of the utility. Setup This window allows you to configure the router’s basic functionality and set its time through the following windows: • Summary—Displays a read-only summary of the router's basic information. • WAN—Displays, and allows the modification of, Internet connection settings on this window.
Setting Up and Configuring the WRVS4400N Wireless-N Router Navigating the Utility 5 Wireless This window allows you to enter a variety of wireless settings for the built-in access point of the router through the following windows: • Basic Settings—Chooses the wireless network mode (for example, B/G/NMixed), SSID, and radio channel. • Security Settings—Configures the built-in access point’s security settings. • Connection Control—Controls the wireless connections from client devices to the router.
Setting Up and Configuring the WRVS4400N Wireless-N Router Navigating the Utility 5 ProtectLink This window allows you to check e-mail messages, filter website addresses (URLs), and block potentially malicious websites for the Cisco ProtectLink Web hosted service, thereby providing security for your network. VPN This window allows you to configure VPN tunnels and accounts to establish a secured channel through the Internet through the following windows: • Summary—Displays IPSec tunnel status summary.
Setting Up and Configuring the WRVS4400N Wireless-N Router Navigating the Utility 5 Administration This window allows you to administer the router through the following windows: • Management—Allows you to alter the router’s password, its access privileges, SNMP settings, and UPnP settings. • Log—Allows the configuration of Log settings. • Diagnostics—Allows you to check the connection between the router and another network device on the LAN or Internet.
Setting Up and Configuring the WRVS4400N Wireless-N Router Navigating the Utility 5 L2 Switch This window allows you to configure layer 2 switching features on the 4 port Ethernet switch (LAN ports only) through the following windows: • Create VLAN—Creates a Virtual Local Area Network (VLAN) assignment. • VLAN & Port Assignment—Configures VLAN and port settings. • RADIUS—Configures Remote Authorization Dial-In User Service (RADIUS) settings.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Setting Up Your Wireless-N Router This section describes how to configure the general settings of your router: • Configuring Basic Setup Settings on page 37 • Displaying A Read-Only Summary of the Basic Router Information on page 38 • Configuring Internet Connection Settings on page 40 • Configuring DDNS Service Settings on page 50 • Configuring Local Area Network (LAN) Settings on page 52 • Using The
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Configuring Basic Setup Settings You can configure the following basic setup settings: • WAN Click Setup > WAN and select the appropriate Internet connection type according to your ISP if connecting your WAN port to the WAN (DSL or cable modem). Otherwise, most cases can use the default setting to get a WAN port IP address from a DHCP server. • Advanced Routing Click Setup > Advanced Routing.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Displaying A Read-Only Summary of the Basic Router Information The Setup > Summary window displays read-only information about the router. To view the Setup > Summary window, follow these steps: STEP 1 Click Setup > Summary. STEP 2 Click Refresh to display the latest router settings.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router • 5 Port Statistics This section displays the following color-coded status information on the router's Ethernet ports: • • • - Green—Indicates that the port has a connection. - Black (unlit)—Indicates that the port has no connection. Network Setting Status - LAN IP—Displays the IP address of the router's LAN interface. - WAN IP—Displays the IP address of the router's WAN interface.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router • 5 Log Setting Status - E-mail—If this entry appears in the window, email cannot be sent because you have not specified an outbound SMTP server address. Click E-mail to display the Administration > Log window where you can configure the SMTP mail server.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router STEP 5 5 If required by your ISP, configure the following settings: • Host Name—Enter the host-name provided by your ISP if you have broadband/cable Internet service and your ISP requires you to use a hostname as network identification. In most cases you can leave this field blank.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Automatic Configuration - DHCP Server To have the router automatically get its IP address from your ISP’s DHCP server, leave the connection type at its default setting of Automatic Configuration DHCP Server. Most cable modem ISPs use the default option.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Static IP To use a permanent IP address to connect to the Internet, select Static IP from the Internet Connection Type drop-down menu and fill in the following settings: • Internet IP Address—Enter the IP address provided by your ISP. This is the router’s IP address on the WAN port that can be reached from the Internet. • Subnet Mask—Enter the subnet mask provided by your ISP.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 PPPoE If your ISP is DSL-based and uses Point-to-Point Protocol over Ethernet (PPPoE) to establish Internet connections, select PPPoE from the Internet Connection Type drop-down menu to enable it, and do the following: • User Name and Password—Enter the user name and password provided by your ISP for PPPoE authentication.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 and the default Redial Period is 30 seconds. Use this option to minimize your Internet connection response time as it is always connected. PPTP In Europe and Israel only, select PPTP from the Internet Connection Type dropdown menu if you wish to use the Point-to-Point Tunneling Protocol (PPTP) service, and enter the following: • IP Address—Enter the IP address provided by your ISP.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 • Connect on Demand: Max Idle Time—Configure the router to cut the Internet connection after it has been inactive for a specified period of time (Max Idle Time). If your Internet connection has been terminated due to inactivity, Connect on Demand enables the router to automatically reestablish your connection as soon as you attempt to access the Internet again.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Heart Beat Signal In Australia, select Heart Beat Signal from the Internet Connection Type dropdown menu to use this service. Check with your ISP for the necessary setup information, and enter the following: • User Name and Password—Enter the user name and password provided by your ISP. • Heart Beat Server—Enter the IP address of the Heart Beat server.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router • 5 Keep Alive: Redial period—Select this option, to have the router periodically check your Internet connection. If you are disconnected, then the router automatically reestablishes your connection. To use this option, click the option next to Keep Alive. In the Redial Period field, specify how often you want the router to check the Internet connection.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 • User Name and Password—Enter the user name and password provided by your ISP. • Connect on Demand: Max Idle Time—Configure the router to cut the Internet connection after it has been inactive for a specified period of time (Max Idle Time).
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Configuring DDNS Service Settings DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the router. By default, DDNS service is disabled. To enable and configure the DDNS settings for your router, follow these steps: STEP 1 To use DDNS service, sign up for one at DynDNS.org or TZO.com.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router STEP 3 5 To configure your router to use TZO.com: a. From the DDNS Service drop-down menu, select TZO.com. b. Configure the TZO.com settings: STEP 4 • E-mail Address, TZO Password, and Domain Name—Enter the E-mail address, password, and domain name of the account you set up with TZO. • Status—The status of the TZO service connection.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Configuring Local Area Network (LAN) Settings The Setup > LAN Setup window displays the router’s local network settings for the four Ethernet ports. To configure the LAN settings for the router, follow these steps: STEP 1 Click Setup > LAN Setup. STEP 2 Configure the LAN settings: • IPv4—This section displays the settings for the router’s local IPv4 address and subnet mask.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router • 5 Server Settings (DHCP)—Unless you already have a DHCP server, it is highly recommended that you leave the router enabled as a DHCP server. To use the router as your network’s DHCP (Dynamic Host Configuration Protocol) server, so that it automatically assigns an IP address to each personal computer on your network, Enable DHCP server. (DHCP is enabled by default.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router - • 5 WINS—If you have a WINS server, enter that server's IP address in the field. Otherwise, leave this blank. The Windows Internet Naming Service (WINS) performs name resolution function (similar to DNS) in the Windows network environment. It can help you to determine the IP address of a remote Windows personal computer from its computer name.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router • 5 DHCPv6—To enable the DHCP v6 feature, select Enable. To disable DHCP v6, select Disable. STEP 3 - Lease time—Enter the lease time in minutes. - DHCP address range start—Enter the starting DHCP v6 IP address. - DHCP address range end—Enter the ending DHCP v6 IP address. - Primary DNS—Enter the Primary IPv6 DNS server address. - Secondary DNS—Enter the Secondary IPv6 DNS server address. Click Save.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 To configure DMZ Hosting, follow these steps: STEP 1 Click Setup > DMZ STEP 2 Fill in the DMZ Hosting settings: • DMZ Hosting—To allow one local personal computer to be exposed to the Internet for use of a special-purpose service such as Internet gaming and video-conferencing, select Enable. - • STEP 3 To disable the DMZ feature, select Disable.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Cloning Your Network Adapter’s MAC Address onto Your Router Some ISPs require that you register a MAC address. The Setup > MAC Address Clone window allows the cloning of your personal computer network adapter's MAC address onto the router, instead of you having to call your ISP again to now change the registered MAC address to that of the router.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router STEP 3 5 Click Save. Configuring the Router’s Advanced Settings The Setup > Advanced Routing window allows you to configure the router’s Operating Mode and settings for Dynamic Routing, Static Routing, and Inter-VLAN routing.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router • 5 To s elect t he operating mode in which the router functions: - Select Gateway to allow all devices on your LAN to share the same WAN (Internet) IP address, the normal mode of operation—in Gateway mode, the NAT (Network Address Translation) mechanism is enabled.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 c. For RIP Recv Packet Version, choose the version of RIP packets you want to receive from peers (RIPv1 or RIPv2) to match the version supported by other routers on your LAN. STEP 4 Configure Static Routing if necessary: Some ISPs require static routes to build your routing table instead of using dynamic routing protocols.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router STEP 5 5 View the Routing Table if necessary to verify routing. To view the routing table established either through dynamic or static routing methods, click the Show Routing Table button. STEP 6 Enable Inter-VLAN Routing if needed. Select Enable to allow packets to be routed between VLANs that are in different subnets. The default is Enable. STEP 7 Click Save.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Changing the Router’s Time Settings The Setup > Time window allows you to either define your router’s time manually or automatically through the Time Server. The default is Automatically. To define your router’s time, follow these steps: STEP 1 Click Setup > Time. STEP 2 Specify how to set the local time: a.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 b. Automatically • STEP 3 Set the local time using Network Time Protocol (NTP) Automatically—If you wish to use a Network Time Protocol server to set the time and date, select this option, then complete the following fields. - Time Zone—Select the time zone for your location and your setting synchronizes over the Internet with public NTP (Network Time Protocol) Servers.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 Selecting IPv4 Mode or Dual Stack IPv4 And IPv6 Mode The Setup > IP Mode window allows you to choose IP Mode settings for the router. To configure IP Mode settings for the router, follow these steps: STEP 1 Click Setup > IP Mode. STEP 2 Configure the IP Mode settings: • IPv4 Only—Select this option to use IPv4 on the Internet and local network.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router 5 • 6to4 Tunnel—Allows your IPv6 network to connect to other IPv6 networks via tunnels through IPv4 (per RFC3056). The remote router also needs to support 6to4. Because the tunnel can be automatically formed based on traffic, there is no limit as to how many tunnels you can have. • 6 to 4 Gateway Access Control—By default, this route allows 6to4 connections to or from any other 6to4 gateway.
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router - 5 Block following sites—Prevent a limited set of 6to4 gateways from establishing tunnels with the router. Up to 20 sites can be configured. .
Setting Up and Configuring the WRVS4400N Wireless-N Router Setting Up Your Wireless-N Router • STEP 3 5 Static 6to4 DNS entry—Allow users to configure static DNS entry to map hostname to IPv6 address. This provides a convenient way for users to access remote IPv6 hosts. Click Save.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings 5 Configuring Wireless Settings This section describes how to configure the wireless settings of the router: • Configuring Basic Settings on page 68 • Configuring Wireless Security on page 72 • Configuring Advanced Wireless Settings on page 81 • Configuring Connection Control on page 80 • Configuring Advanced Wireless Settings on page 81 Configuring Basic Settings The Wireless > Basic Settings window allows
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings STEP 2 5 Configure the basic wireless settings: • Wireless Network Mode—Select one of the following modes. The default is B/G/N-Mixed. - B-Only—All the wireless client devices can be connected to the router at Wireless-B data rates with a maximum speed of 11Mbps. - G-Only—Both Wireless-N and Wireless-G client devices can be connected at Wireless-G data rates with a maximum speed of 54Mbps.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings - 5 Disabled—To disable wireless connectivity completely. This might be useful during system maintenance. • Wireless Channel—Select the appropriate channel to be used between your wireless router and your client devices. The default is channel 6. You can also select Auto so that your router selects the channel with the lowest amount of wireless interference while the system is booting up.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings STEP 3 5 • SSID Name—The SSID is the unique name shared between all devices in a wireless network. It is case-sensitive, must not exceed 32 alphanumeric characters, and may be any keyboard character. Make sure this setting is the same for all devices in your wireless network. The default SSID name is ciscosb. • SSID Broadcast—Allows the SSID to be broadcast on your network.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings 5 Configuring Wireless Security The Wireless > Wireless Security window allows you to configure the wireless router’s wireless security settings. To change the router’s wireless security settings, follow these steps: STEP 1 Click Wireless > Wireless Security.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings 5 The following section describes the detailed options for each Security Mode. • Disable—To disable wireless security completely, select Disable.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • 5 WEP—This security mode is defined in the original IEEE 802.11. This mode is not recommended now due to its weak security protection. Users are urged to migrate to WPA or WPA2. - Authentication Type—Choose the 802.11 authentication type as either Open System or Shared Key. The default is Open System. - Encryption—Select a level of WEP encryption, 64 bits (10 hex digits) or 128 bits (26 hex digits).
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • • 5 WPA-Personal (also known as WPA-PSK) - Encryption—WPA offers you two encryption methods, TKIP and AES for data encryption. Select the type of algorithm you want to use, TKIP or AES. The default is TKIP. - Shared Key—Enter a WPA Shared Key of 8-63 characters. - Key Renewal—Enter a key renewal timeout period, which instructs the router how often it should change the encryption keys.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • 5 WPA2-Personal Mixed—This security mode supports the transition from WPA-Personal to WPA2-Personal. You can have client devices that use either WPA-Personal or WPA2-Personal. The router automatically chooses the encryption algorithm used by each client device. - Encryption—Mixed Mode automatically chooses TKIP or AES for data encryption. - Shared Key—Enter a WPA Shared Key of 8-63 characters.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • 5 WPA-Enterprise—This option features WPA used in coordination with a RADIUS server for client authentication. (This should only be used when a RADIUS server is connected to the router.) - Encryption—WPA offers you two encryption methods, TKIP and AES for data encryption. Select the type of algorithm you want to use, TKIP or AES. The default is TKIP. - RADIUS Server—Enter the RADIUS server’s IP address.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • 5 WPA2-Enterprise—This option features WPA2 used in coordination with a RADIUS server for client authentication. (This should only be used when a RADIUS server is connected to the router.) - Encryption—WPA2 always uses AES for data encryption. - RADIUS Server—Enter the RADIUS server’s IP address. - RADIUS Port—Enter the port number used by the RADIUS server. The default is 1812.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • STEP 4 5 WPA2-Enterprise Mixed—This security mode supports the transition from WPA-Enterprise to WPA2-Enterprise. You can have client devices that use either WPA-Enterprise or WPA2-Enterprise. The wireless router chooses the encryption algorithm used by each client device. - Encryption—Mixed Mode automatically chooses TKIP or AES for data encryption. - RADIUS Server—Enter the RADIUS server’s IP address.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings 5 Configuring Connection Control The Wireless > Connection Control window displays the Connection Control settings for the router, giving you two ways to control the connection (association) of wireless client devices. You can either prevent specific devices from connecting to the router, or you can allow only specific client devices to connect to the router. The client devices are specified by their MAC addresses.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • • STEP 3 5 Connection Control—Prevent or Allow specific MAC addresses access to the Wireless Network. - Prevent—Denies connection to the Wireless Network through the router, for the MAC addresses specified below. - Allow—Grants connection to the Wireless Network through the router, for the MAC addresses specified below.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings 5 To configure advanced wireless settings for the router, follow these steps: STEP 1 Click Wireless > Advanced Settings. STEP 2 Configure the advanced wireless settings as needed by changing the following advanced parameters (some only for Wireless-N) for this router. Wireless-N data rates are classified into 16 MCS numbers (0-15). MCS stands for Modulation and Coding Scheme.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings STEP 3 5 • CTS Protection Mode—CTS (Clear-To-Send) Protection Mode function boosts the router’s ability to catch all wireless transmissions, but severely decrease performance. Keep the default setting, Auto, so the router can use this feature as needed, when the Wireless-N/G products are not able to transmit to the router in an environment with heavy 802.11b traffic.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings 5 Configuring VLAN & QoS Settings The Wireless > VLAN & QoS window displays the QoS and VLAN settings for the router’s Access Point. The QoS (Quality of Service) feature allows you specify priorities for different traffic. Lower priority traffic slows down to allow greater throughput or less delay for high priority traffic. The 802.1Q VLAN feature allows traffic from different sources to be segmented.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • STEP 3 5 QoS - U-APSD(WMM Power Save)—Select Enabled or Disabled as required. - WMM—Wi-Fi Multimedia is a QoS feature defined by WiFi Alliance before IEEE 802.11e was finalized. Now it is part of IEEE 802.11e. When it is enabled, it provides four priority queues for different types of traffic. It automatically maps the incoming packets to the appropriate queues based on QoS settings (in IP or layer 2 header).
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings 5 Configuring Router WDS Settings The Wireless > WDS window displays the WDS (Wireless Distribution System) settings for the device. To configure the WDS settings for the router, follow these steps: STEP 1 Click Wireless > WDS. STEP 2 Configure the WDS settings: • WDS MAC Address—Displays the read-only MAC address for the WDS.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Wireless Settings • STEP 3 5 Remote Access Point's MAC Address—Either enter the MAC address directly, or, if the other access point is on-line, you can click the Site Survey button and select from a list of available access points. Click Save.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 Configuring Firewall Settings This section describes how to configure the Firewall settings of the router: • Configuring Basic Settings on page 89 • Configuring IP Based ACL on page 91 • Editing IP ACL Rules on page 93 • Configuring Internet Access Policy on page 94 • Configuring Single Port Forwarding on page 99 • Configuring Port Range Forwarding on page 100 • Configuring Port Range Triggering on page
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 Configuring Basic Settings The Firewall > Basic Settings window displays the firewall-specific settings of the router. To configure basic firewall settings for the router, follow these steps: STEP 1 Click Firewall > Basic Settings.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings STEP 3 5 • Multicast Pass-through—When enabled, the router allows IP Multicast traffic to come in from the Internet. The default is Disable. • SIP Application Layer Gateway—When enabled, the SIP Application Layer Gateway (ALG) allows Session Initiation Protocol (SIP) packets (used for Voice over IP) to traverse the NAT firewall.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 Configuring IP Based ACL The Firewall > IP Based ACL window displays a summary of the configured IP-based access control list. The access list restricts traffic going through the router either from WAN or LAN port. There are two ways to restrict data traffic. You can block specific types of traffic according to your ACL definitions. Or you can allow only specific types of traffic according to your ACL definition.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 To configure the IP Based ACL for the router, follow these steps: STEP 1 Click Firewall > IP Based ACL. STEP 2 Configure the IP based ACL settings for the router: • Priority—Defines the order on which rule is checked against first. The smaller number has higher priority. The default rules is always be checked last. • Enable—Tells the router if the rule is active or not.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 • Page Selections—Select specific page of ACL list from the drop-down menu to be displayed. Or navigate them page by page through Previous Page and Next Page button. • Add New Rule—Click this button to enter the page to define a new ACL rule. • Disable All Rule—Click this button to disable all the user defined rules. • Delete All Rule—Click this button to delete all the user defined rules.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings STEP 3 5 • Log—If checked, this ACL rule is logged when a packet match happens. • Log Prefix—This string is attached in front of the log for the matched event. • Source Interface—Select LAN, WAN, or ANY interface. • Source—The source IP address to be matched against. You can define a Single IP address, a Range of IP addresses (start IP and end IP), a Network (IP Prefix and Network Mask), or ANY IP addresses.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 To configure Internet access policy for the router, follow these steps: STEP 1 Click Firewall > Internet Access Policy. STEP 2 Configure the router’s Internet access policy settings by creating, modifying, verifying, and deleting policies as appropriate.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 Creating a Policy To create an Internet access policy, follow these steps: STEP 1 Select a policy number from the Internet Access Policy drop-down menu. STEP 2 Enter a Policy Name in the field provided. STEP 3 Enable this policy by clicking the Enable option. STEP 4 Click the Edit List of PCs button to select which personal computers are affected by the policy. The List of PCs window appears.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings STEP 7 5 If you wish to block access to Web sites, use the Website Blocking by URL Address or Website Blocking by Keyword feature. • Website Blocking by URL Address—Enter the URL or domain name of the web sites you wish to block. • Website Blocking by Keyword—Enter the keywords you wish to block in the fields provided. If any of these keywords appears in the URL of a web site, access to the site is blocked.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 Deleting a Policy To delete a policy, select it from the drop-down menu, then click the Delete button. Viewing all Policies To view a summary of all the policies, click the Summary button. On the Summary window, the policies are listed with the following information: No., Policy Name, Days, Time, and a check box to delete (clear) the policy.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 Configuring Single Port Forwarding The Firewall > Single Port Forwarding window displays the specific port and other settings associated with each public service that uses just a single port. Single Port Forwarding is one of the NAPT features and allows users of the Internet to access this server by using the WAN port address and the matched external port number.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings • 5 Internal Port—Port number used by the router when forwarding Internet traffic to the personal computer or server on your LAN and is usually the same as the External Port number. If it is different, the router performs a Port Translation, so that the port number used by Internet users is different from the port number used by the server or Internet application.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 To configure port range forwarding for the router, follow these steps: STEP 1 Click Firewall > Port Range Forwarding. STEP 2 Configure port range forwarding settings for the router: STEP 3 • Application—Enter the name of the application you wish to configure. • Start—Enter the beginning of the port number range (external ports) used by the server or Internet application.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings 5 Configuring Port Range Triggering The Firewall > Port Range Triggering window displays the configurations of triggered range and forwarded range of ports that are used by applications that request ports to be opened on demand. Port Range Triggering is an NAPT (Network Address Port Translation) feature. Port Range Triggering is used for special applications that can request a port to be opened on demand.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring Firewall Settings STEP 3 5 • Application—Enter the name of the application you wish to configure. • Triggered Range—For each application, list the triggered port number range. These are the ports used by outgoing traffic. Check with the Internet application documentation for the port number(s) needed. In the first field, enter the starting port number of the Triggered Range.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the ProtectLink Web Service 5 Configuring the ProtectLink Web Service The Cisco ProtectLink Web service provides security for your network. It checks email messages, filters website addresses (URLs), and blocks potentially malicious websites. For detailed information on how to configure the ProtectLink Service, go to Appendix E, “Cisco ProtectLink Web Service”.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 Configuring the VPN Settings This section describes how to configure the VPN settings of the router: • Displaying A VPN Status Summary of the IPSec Tunnel and Clients on page 105 • Configuring IPSec VPN on page 108 • Setting Up Local Groups on page 110 • Setting Up and Configuring Remote Groups on page 111 • Setting Up IPSec on page 113 • Configuring VPN Client Accounts on page 115 • Configuring VPN Pass
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings • 5 Tunnel Status - Tunnels(s) Used—Displays the number of tunnels used. - Tunnel(s) Available—Displays the number of available tunnels. - Detail button—Click Detail to display more tunnel information. - No—Displays the number of the tunnel. - Name—Displays the name of the tunnel, as defined by the Tunnel Name field on the VPN > IPSec VPN window.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings • 5 - Tunnel Test—Click Connect to verify the tunnel status; the test result is updated in the Status column. If the tunnel is connected, you can disconnect the IPSec VPN connection by clicking Disconnect. - Config—Click Edit to change the tunnel's settings. Click Trash to delete all of the tunnel's settings. - Tunnels(s) Enabled—Displays the number of enabled tunnels.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 Configuring IPSec VPN The VPN > IPSec VPN window displays settings for configuring a VPN tunnel. Virtual Private Network (VPN) is a security measure that creates a secure connection between two remote locations. Configure these settings so that the gateway creates VPN tunnels. To configure the VPN Gateway to create VPN tunnels, follow these steps: STEP 1 Click VPN > IPSec VPN.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings STEP 3 STEP 4 5 Configure the settings in the following sections of the VPN > IPSec VPN window: • Setting Up Local Groups on page 110 • Setting Up and Configuring Remote Groups on page 111 • Setting Up IPSec on page 113 To configure advanced settings, click Advanced. • Aggressive Mode—There are two types of Phase 1 exchanges: Main mode and Aggressive mode.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 Setting Up Local Groups The Local Group Setup section of the VPN > IPSec VPN window displays settings for configuring the local groups of VPN tunnel connections. To configure local groups of VPN tunnel connections, do the following: STEP 1 Click VPN > IPSec VPN. STEP 2 Configure Local Group Setup settings: • STEP 3 Local Security Gateway Type—There are two types.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 Setting Up and Configuring Remote Groups The Remote Group Setup section of the VPN > IPSec VPN window displays settings for configuring the remote groups of VPN tunnel connections. To set up and configure a remote group, follow these steps: STEP 1 Click VPN > IPSec VPN. STEP 2 Configure Remote Group Setup settings. • Remote Security Gateway Type—There are two types.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings STEP 3 5 - IP Only—If you select IP Only, only the specific IP address that you enter can access the tunnel. It's the IP address of the remote VPN router or device which you wish to communicate. The remote VPN device can be another VPN router or a VPN Server. If you know the static IP address of remote VPN device, select IP address from drop-down menu.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 Setting Up IPSec The IPSec Setup section of the VPN > IPSec VPN window displays the security parameters for configuring a VPN. To set up IPSec for the router, follow these steps: STEP 1 Click VPN > IPSec Setup. STEP 2 Configure the security parameters for VPN IPSec: • Keying Mode—The router supports both IKE with Preshared Key (automatic) and Manual key management.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 • Encryption— The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. 3DES is supported. Notice that both sides of the VPN tunnel must use the same Encryption method. • Authentication— Authentication determines a method to authenticate the ESP packets. Either MD5 or SHA1 may be selected. Notice that both sides (VPN endpoints) must use the same Authentication method.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 Configuring VPN Client Accounts The VPN > VPN Client Accounts window displays the settings for administering your VPN Client users. Enter the information at the top of the window and the users you've entered appear in the list at the bottom, showing their status. This works with the Cisco QuickVPN client only. (The router supports up to five Cisco QuickVPN Clients by default.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 • Allow User to Change Password—Determines whether the user is allowed to change their password. • VPN Client List Table • - No—Displays the user number. - Active—When checked, the designated user can connect, otherwise the VPN client account is disabled. - Username—Displays the username. - Edit button—Modify the username, password, or toggle between whether the user is allowed to change their password.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the VPN Settings 5 Configuring VPN Passthrough The VPN > VPN Passthrough window displays the settings needed to allow users to have the router pass through the traffic, using their own VPN algorithms to connect to their remote routers. To configure VPN Passthrough settings for the router, follow these steps: STEP 1 Click VPN > VPN Passthrough. STEP 2 Configure VPN Passthrough settings.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the QoS Settings • STEP 3 5 L2TP Passthrough—Layer 2 Tunneling Protocol is the similar to PPP but allows Layer 2 and the PPP session to terminate at different servers or locations. L2TP Passthrough is enabled by default. To disable L2TP Passthrough, select Disabled. Click Save.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the QoS Settings 5 Managing Bandwidth The QoS > Bandwidth Management window displays the settings for configuring bandwidth management for the router. To configure the bandwidth management settings, follow these steps: STEP 1 Click QoS > Bandwidth Management.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the QoS Settings • STEP 3 5 Priority - Service—Select the service from the drop-down menu. If it does not contain the service you need, click Service Management to add the service. - Direction—Select Upstream for outbound traffic or Downstream for inbound traffic from the drop-down menu. - Priority—Select service priority (High, Medium, Normal, or Low). The default is Medium.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the QoS Settings 5 Configuring QoS The QoS > QoS Setup window displays the settings needed for users to configure QoS Trust Mode for each LAN port. To configure QoS setup window settings for the router, follow these steps: STEP 1 Click QoS > QoS Setup. STEP 2 Configure the QoS Setup settings: • Port ID—The number of the LAN port. • Trust Mode—Select either Port, CoS, or DSCP. The default is Port.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the QoS Settings STEP 3 5 Click Save. Configuring DSCP The QoS > DSCP Setup window displays the settings for configuring DSCP as the trust mode for QoS for each LAN port. To configure DSCP setup settings, follow these steps: STEP 1 Click QoS > DSCP Setup. STEP 2 Configure the DSCP setup settings for the router: • DSCP—The Differentiated Services Code Point value in the incoming packet.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings STEP 3 5 Click Save.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 Configuring Management Settings The Administration > Management window displays the settings for configuring the password and Simple Network Management Protocol (SNMP) for the router. To configure management settings for the router, follow these steps: STEP 1 Click Administration > Management.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings • - Router Userlist—Select a user to configure from the drop-down menu. - Router Username—Enter the user name. - Router Password—Enter the password. - Re-enter to Confirm—Retype the password in this field. Access List—This section specifies which source IP addresses can manage the device. Default is Disable.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 Configuring System Logs The Administration > Log window displays the options for configuring the management of the router’s system logs. The wireless router provides four categories of event logging (Firewall, VPN, System, and ACL). You can configure the router to send the event log to you through e-mail, upload the log to syslog server, or view the log locally on the router.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 To configure System Logs for the router, follow these steps: STEP 1 Click Administration > Log. STEP 2 Configure the system logs for the router: • Log Setting - • Log Level—Select the log levels that the router should record.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings • STEP 3 5 - Denial of Service Thresholds—Enter the number of DoS attacks that need to be detected (and blocked) by the software firewall before an email alert is sent. The minimum value is 20, the maximum value is 100. Note that if IPS has been enabled, IPS blocks DoS attacks before they reach the firewall. In that case, check the IPS Report to see event details.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 Diagnosing Router Problems The Administration > Diagnostics window displays information for configuring test parameters for diagnosing the wireless router using ping tests, traceroute tests, and cable diagnostics. To diagnose router problems, follow these steps: STEP 1 Click Administration > Diagnostics.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings • • STEP 3 5 - Ping Timeout—Enter the desired time period (in milliseconds). If a response is not received within the defined ping period, the ping is considered to have failed. - Start Test—Click this button to begin the test. A new window appears and display the test results. A summary of the test results appears at the bottom of this window. - Ping Result. Displays the ping status results.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 Backing Up and Restoring Configurations The Administration > Backup & Restore window lets you back up and restore router configuration information. To back up or restore administration configurations, follow these steps: STEP 1 Click Administration > Backup & Restore. STEP 2 To back up router configuration, click Backup.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 Restoring Factory Default Settings The Administration > Factory Defaults window provides a means of restoring the configuration of the router to its factory defaults. To restore factory default settings for the router, follow these steps: STEP 1 Click Administration > Factory Defaults. STEP 2 Click Restore Factory Defaults to reset all configuration settings to their default values.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 Rebooting the Router The Administration > Reboot window provides means to reboot the router. To reboot the router, follow these steps: STEP 1 Click Administration > Reboot. STEP 2 Click Reboot to reboot the router. This operation does not cause the router to lose any of its stored settings.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the Administration Settings 5 Upgrading the Router Firmware The Administration > Firmware Upgrade window allows you to upgrade router firmware from a downloaded file. To upgrade firmware, download the latest firmware upgrade file for the product from www.cisco.com, extract the file to your computer, and perform these steps: STEP 1 Click Browse to locate the file firmware upgrade.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring IPS Settings 5 Configuring IPS Settings This section describes how to configure the Intrusion Prevention Systems for the router: • Configuring IPS on page 135 • Setting P2P/IM Policy on page 137 • Viewing Reports on page 139 • Viewing Protection Information on page 140 The router supports advanced IPS, an integral part of the self-defending strategy—IPS allows you to stay current on the latest threats so that malicious or damag
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring IPS Settings 5 To configure general IPS settings: STEP 1 Click IPS > Configuration. STEP 2 In the IPS Function field, click Enable. STEP 3 In the Anomaly Detection section, configure the detection settings: STEP 4 • HTTP—Web attacks use weaknesses on HTTP protocol to trigger the buffer overflow on Web servers. The default is Disable.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring IPS Settings 5 Setting P2P/IM Policy The IPS > P2P/IM window allows you to set up policies on using P2P or IM software across the Internet. To configure the P2P/IM policy settings, follow these steps: STEP 1 Click IPS > P2P/IM. STEP 2 Configure the IPS P2P/IM settings for the router: • Peer to Peer When users download files from the Internet by Peer-to-Peer (P2P) software, the WAN port bandwidth are occupied.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring IPS Settings • - DIRECTCONNECT - PIGO - WINMX 5 Instant Messenger Users might use IM software to chat with friends or transfer files, which can hog the bandwidth. Click Block to enable the blocking to the following IM software applications. The default is Non-Block. STEP 3 - MSN - ICQ - YAHOO_MESSENGER - IRC - ODIGO - REDIFF - GOOGLE TALK - IM_QQ Click Save.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring IPS Settings 5 Viewing Reports The IPS > Report window provides the network history status, including network traffic and attack counts, through diagram and tables. To view IPS reports follow these steps: STEP 1 Click IPS > Report. The IPS > Report window displays the following: STEP 2 • Report Diagram—A twenty-four hour diagram displaying network traffic and attacks.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring IPS Settings 5 Viewing Protection Information The Administration > Information window displays information about the types of malicious threat that the router is protected against through its IPS features, the version of the signature pattern files and when the router was last updated. To view protection information, follow these steps: STEP 1 Click Administration > Information. STEP 2 View the administration information.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 Configuring the L2 Switch Settings This section describes how to configure the Layer 2 Switch settings of the router: • Configuring Virtual LANs (VLANs) on page 142 • Configuring VLAN Membership and Port Assignment on page 144 • Configuring RADIUS Mode on page 146 • Configuring Port Settings on page 147 • Viewing Statistics Overview on page 149 • Mirroring Ports on page 150 • Configuring RSTP on pa
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 Configuring Virtual LANs (VLANs) The L2 Switch > VLAN window displays the settings for creating and adding a VLAN to the router. VLANs are logical subgroups of a LAN created via software rather than defining a hardware solution. VLANs combine user stations and network devices into a single domain regardless of the physical LAN segment to which they are attached.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 To configure Virtual LANS for the router, follow these steps: STEP 1 Click L2 Switch > Create VLAN. STEP 2 Configure Virtual LANS for the router: STEP 3 • VLAN ID—The VLAN ID number. This can be any number from 2 to 3290, or from 3293 to 4094. (VLAN ID 1 is reserved for the default VLAN, which is used for untagged frames received on the interface. VLAN IDs 3291–3292 are reserved and cannot be used.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 Configuring VLAN Membership and Port Assignment The L2 Switch > VLAN & Port Assignment window displays the port settings and VLAN membership settings for configuring VLANs for the router. To configure VLAN membership and port assignments for the router, follow these steps: STEP 1 Click L2 Switch > VLAN & Port Assignment. STEP 2 Configure port settings for the router.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings - 5 General—All frames can be tagged or untagged coming in to the switch. If untagged, the default PVID applies to the packet. Only the General mode users can choose the Acceptable Ingress Frame Type and PVID options.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 Configuring RADIUS Mode The L2 Switch > RADIUS window displays the settings for configuring and enabling the RADIUS mode for the router. The RADIUS mode provides authentication on devices connecting to the LAN ports. This mode requires the installation of a RADIUS server on your local network. To configure the RADIUS mode for the server, follow these steps: STEP 1 Click L2 Switch > RADIUS.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings • STEP 3 5 Administration State—Select one of the following options from the dropdown menu: - Auto—Controlled port state is set by the RADIUS mode. - Force Authorized—Controlled port state is set to Force-Authorized (forward traffic). All connections can be made. This is the default value. - Force Unauthorized—Controlled port state is set to ForceUnauthorized (discard traffic). All connections are blocked.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 To configure L2 switch port settings for the router, follow these steps: STEP 1 Click L2 Switch > Port Settings. STEP 2 Configure L2 switch port settings for the router: STEP 3 • Port—Specifies the number of the four LAN ports. • Link—Displays the port duplex mode (Full or Half) and speed (10/100/1000 Mbps).
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 Viewing Statistics Overview The L2 Switch > Statistics Overview window displays port statistics summary. To view L2 switch statistics summary, follow these steps: STEP 1 Click L2 Switch > Statistics Overview. STEP 2 View the L2 switch statistics. An explanation of the statistics provided is given below: • Tx Bytes—Displays the number of bytes transmitted from the selected port.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 Mirroring Ports The L2 Switch > Port Mirroring window displays the settings for configuring port mirroring for the router. To configure L2 switch port mirroring, follow these steps: STEP 1 Click L2 Switch > Port Mirroring. STEP 2 Configure the L2 switch port mirroring settings for the router: • Mirror Source—Enable or disable source port mirroring for each port on the router.
Setting Up and Configuring the WRVS4400N Wireless-N Router Configuring the L2 Switch Settings 5 Configuring RSTP The L2 Switch > RSTP window displays the settings for configuring Rapid Spanning Tree Protocol (RSTP) for the router. The RSTP protocol prevents loops in the network and dynamically reconfigures the physical links in a switch that should forward frames. To configure RSTP for the router, follow these steps: STEP 1 Click L2 Switch > RSTP.
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status 5 • Force Version—The default protocol version to use. Select Normal (uses RSTP) or Compatible (compatible with old STP). The default is Normal. • Protocol Enable—Check this box to enable RSTP on the associated port. The default is unchecked (RSTP disabled). • Edge—Check this box to specify that the associated port is an edge port (end station).
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status 5 Viewing WAN/Gateway Status The Status > Gateway window displays the WAN / Gateway status of the router, providing some basic information on the router (for example, firmware version, time) and WAN port MAC/IP address and connection status. To view the WAN/Gateway status of the router, follow these steps: STEP 1 Click Status > WAN. STEP 2 View the WAN / Gateway status of the router.
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status • • 5 Internet Connection - Connection Mode—Displays the Internet connection type setting on WAN port. - Interface—Displays the WAN port Interface status (Up or Down). - IP Address—Displays the WAN port IP address. - Subnet Mask—Displays the WAN port IP subnet mask. - Default Gateway—Displays the default router to reach Internet or other networks from the WAN port.
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status 5 Viewing Local Network Status The Status > Local Network window displays the LAN status of the router, providing some basic information on the LAN ports of this router. To view local network status, follow these steps: STEP 1 Click Status > Local Network. STEP 2 View the local network status. • Current IP address System—Displays the IP versions configured on the LAN side. • MAC Address—Displays the LAN port MAC address.
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status 5 • Start IP Address—Displays the beginning of the range of IP addresses used by the DHCP Server. • End IP Address—Displays the end of the range of IP addresses used by the DHCP Server. • DHCP Client Table button—Click to open the DHCP Client Table window, which shows you which personal computers have been assigned an IP address from the router’s DHCP server.
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status 5 Viewing Wireless LAN Status The Status > Wireless LAN window displays the status of the wireless LAN of the router, providing some basic information on the Wireless LAN. . To view the wireless LAN status for the router, follow these steps: STEP 1 Click Status > Wireless LAN. STEP 2 View the wireless LAN status. • Wireless IP Address— The IP address assigned to the wireless interface of this router.
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status • Security—Displays the Wireless Security mode. • SSID Broadcast—Displays the setting on SSID Broadcast. 5 Viewing System Performance The Status > System Performance window displays system performance of the router, such as data packet statistics on the LAN switch and Wireless LAN of the router. To view the system performance of the router, follow these steps: STEP 1 Click Status > System Performance.
Setting Up and Configuring the WRVS4400N Wireless-N Router Viewing Status 5 • Error Packets Received—Shows the number of error packets received. • Drop Received Packets—Shows the number of packets being dropped after they were received. The All LAN ports column shows the aggregate traffic statistics from all four LAN ports.
6 Using the VPN Setup Wizard This chapter describes using the VPN Setup Wizard and includes these sections: • VPN Setup Wizard, page 160 • Before You Begin, page 160 • Running the VPN Router Software Wizard, page 161 VPN Setup Wizard Now you can configure a gateway-to-gateway VPN tunnel between two VPN routers in a fast and efficient way by using the VPN Setup Wizard. The VPN Setup Wizard works with users running Microsoft Windows 2000, XP, and Vista.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 STEP 1 Click Firewall > Basic Settings. STEP 2 Enable Remote Management and enter 8080 in the Port field. Please note that you cannot enter any other value if you want to use the VPN Wizard. Also, make sure that HTTPS has been selected. STEP 3 Click Save Settings. STEP 4 Click VPN > Summary and make sure the Tunnel(s) available are not zero.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Welcome Window STEP 4 An informational window discussing the VPN Wizard appears. When you are ready, click Next to proceed.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Informational Window STEP 5 The Choose a way to build VPN window appears. • If your PC is local to one of the two routers, choose Build VPN connection from Local LAN port of one router, click Next, and continue with these instructions. • If your PC is remote to the routers, choose Build VPN connection from Internet remotely, and see the“Building Your VPN Connection Remotely,” on page 170 for instructions on this type of installation.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Build VPN Connection Remotely STEP 6 If you picked Build VPN connection from Local LAN port of one router, enter the required data in the Configure VPN Tunnel window and click Next to continue.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Configure VPN Tunnel STEP 7 • Router 1 User Name: Enter the user name of the Router 1. • Router 1 Password: Enter the password of the Router 1. • Router 2 User Name: Enter the user name of the Router 2. • Router 2 Password: Enter the password of the Router 2. • Tunnel Name: Enter a name for this tunnel. • Pre-shared Key: IKE uses the Pre-shared Key field to authenticate the remote IKE peer.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Check Router Configuration STEP 8 The Summary window appears. Use the Click box to view the VPNC Summary window.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Summary Window STEP 9 The VPNC Summary window appears showing the settings that were made to industry standards. Click Close when you are ready to continue. VPNC Summary Window STEP 10 In the Summary window, if all your entries appear correct, click Go. Otherwise click Back to go back and make any corrections.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Configure the Router STEP 11 Click Testing to make sure the connection is successfully established.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Test the Connection STEP 12 When testing is done, click Exit to end the Wizard.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Exit the Wizard Congratulations! Setup is now complete. You may now log into the Web Administrator Interface and see the results. Test Results Building Your VPN Connection Remotely This procedure continues from Step 5 on page 163. Use this procedure to build your VPN connection from a remote PC.
Using the VPN Setup Wizard Running the VPN Router Software Wizard STEP 1 6 Choose Build VPN connection from Internet remotely. Click Next to continue. Build VPN Connection Remotely STEP 2 Enter the required data in the Configure VPN Tunnel window and then click Next to continue.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Configure VPN Tunnel Window • Router 1 User Name: Enter the user name of the Router 1. • Router 1 Password: Enter the password of the Router 1. • Router 2 User Name: Enter the user name of the Router 2. • Router 2 Password: Enter the password of the Router 2. • Tunnel Name: Enter a name for this tunnel. • Pre-shared Key: IKE uses the Pre-shared Key field to authenticate the remote IKE peer.
Using the VPN Setup Wizard Running the VPN Router Software Wizard STEP 3 6 The router configuration is checked. Check Router Configuration STEP 4 The Summary window appears. Use the Click box to view the VPNC Summary window.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Summary Window STEP 5 The VPNC Summary window appears showing the settings that were made to industry standards. Click Close when you are ready to continue. VPNC Summary Window STEP 6 In the Summary window, if all your entries appear correct, click Go. Otherwise click Back to go back and make any corrections.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Configure the Router STEP 7 Click Testing to make sure the connection is successfully established.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Test the Connection STEP 8 When testing is done, click Exit to end the Wizard.
Using the VPN Setup Wizard Running the VPN Router Software Wizard 6 Congratulations! Setup is now complete. You may now log into the Web Administrator Interface and see the results.
A Troubleshooting This appendix provides solutions to problems that may occur during the installation and operation of the router. Read the descriptions below to help solve your problems. If you can’t find an answer here, check the Cisco website at www.cisco.com. I need to set a static IP address on a PC. The router, by default, assigns an IP address range of 192.168.1.100 to 192.168.1.149 using the DHCP server on the router. To set a static IP address, you can only use the ranges 192.168.1.2 to 192.168.
A Troubleshooting STEP 7 Select Use the following DNS server addresses, and enter the Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or go on its website to find the information. STEP 8 Click OK in the Internet Protocol (TCP/IP) Properties window, and click OK in the Local Area Connection Properties window. STEP 9 Restart the computer if asked. Windows XP STEP 1 Click Start and Control Panel.
A Troubleshooting I want to test my Internet connection. STEP 1 Check your TCP/IP settings. Windows 2000 a. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections. b. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and click Properties. c. In the “Components checked are used by this connection” box, select Internet Protocol (TCP/IP), and click Properties.
A Troubleshooting STEP 3 STEP 4 STEP 5 At the command prompt, type ping 192.168.1.1 and press Enter. • If you get a reply, the computer is communicating with the router. • If you do NOT get a reply, check the cable, and make sure Obtain an IP address automatically is selected in the TCP/IP settings for your Ethernet adapter. At the command prompt, type ping followed by your Internet IP address and press Enter. The Internet IP Address can be found in the web interface of the router.
A Troubleshooting STEP 5 Make sure the cable connecting from your cable or DSL modem is connected to the router’s Internet port. Verify that the Status page of the router’s web-based utility shows a valid IP address from your ISP. STEP 6 Turn off the computer, router, and cable/DSL modem. Wait 30 seconds, and then turn on the router, cable/DSL modem, and computer. Check System > Summary from the router’s web-based utility to see if you get an IP address.
A Troubleshooting router’s IP address through the Setup menu of the web-based utility. If you assigned a static IP address to any computer or network device on the network, you need to change its IP address accordingly to 192.168.2.Y (Y being any number from 1 to 254). Note that each IP address must be unique within the network. Your VPN may require port 500/UDP packets to be passed to the computer that is connecting to the IPSec server. Check the Cisco website at www.cisco.com for more information.
A Troubleshooting I can’t get an Internet game, server, or application to work. If you are having difficulties getting any Internet game, server, or application to function properly, consider exposing one PC to the Internet using DeMilitarized Zone (DMZ) hosting. This option is available when an application requires too many ports or when you are not sure which port services to use.
A Troubleshooting STEP 3 Enter the IP Address of the server that you want the Internet users to access. For example, if the web server’s Ethernet adapter IP address is 192.168.1.100, you would enter 100 in the field provided. Then check the Enable checkbox for the entry. Consider the examples below: Application Start and End Protocol IP Address Enable UT 7777 to 27900 Both 192.168.1.100 X Halflife 27015 to 27015 Both 192.168.1.105 X PC Anywhere 5631 to 5631 UDP 192.168.1.
A Troubleshooting I am a PPPoE user and I need to remove the proxy settings or the dialup pop-up window. If you have proxy settings, you need to disable these on your computer. Because the router is the gateway for the Internet connection, the computer does not need any proxy settings to gain access. Please follow these directions to verify that you do not have any proxy settings and that the browser you use is set to connect directly to the LAN. For Microsoft Internet Explorer 5.
A Troubleshooting I need to upgrade the firmware. In order to upgrade the firmware with the latest features, you need to go to the Cisco website and download the latest firmware. Follow these steps: STEP 1 Go to the Cisco website and download the latest firmware. For the firmware download link, see Appendix G, “Where to Go From Here.” From the firmware download link, click Download Software. Select the router from the menu and choose the firmware from the options.
A Troubleshooting My DSL service’s PPPoE is always disconnecting. PPPoE is not actually a dedicated or always-on connection. The DSL ISP can disconnect the service after a period of inactivity, just like a normal phone dial-up connection to the Internet. There is a setup option to “keep alive” the connection. This may not always work, so you may need to re-establish connection periodically. STEP 1 To connect to the router, go to the web browser, and enter http://192.168.1.
A Troubleshooting I need to use port triggering. Port triggering looks at the outgoing port services used and will trigger the router to open a specific port, depending on which port an Internet application uses. Follow these steps: STEP 1 To connect to the router, go to the web browser, and enter http://192.168.1.1 or the IP address of the router. STEP 2 Enter the password, if asked (the default password is admin). STEP 3 Click Firewall > Port Range Triggering.
A Troubleshooting When I enter a URL or IP address, I get a time-out error or am prompted to retry. • Check if other PCs work. If they do, ensure that your workstation’s IP settings are correct (IP Address, Subnet Mask, Default Gateway, and DNS). Restart the computer that is having a problem. • If the PCs are configured correctly, but still not working, check the router. Ensure that it is connected and powered on. Connect to it and check its settings.
A Troubleshooting Frequently Asked Questions Frequently Asked Questions Q. What is the maximum number of IP addresses that the router will support? The router will support up to 253 IP addresses. Q. Is IPSec Passthrough supported by the router? Yes, enable or disable IPSec Passthrough on the VPN > VPN Pass Through window. Q. Where is the router installed on the network? In a typical environment, the router is installed between the cable/DSL modem and the LAN.
A Troubleshooting Frequently Asked Questions Q. I set up an Unreal Tournament Server, but others on the LAN cannot join. What do I need to do? If you have a dedicated Unreal Tournament server running, you need to create a static IP for each of the LAN computers and forward ports 7777, 7778, 7779, 7780, 7781, and 27900 to the IP address of the server. You can also use a port forwarding range of 7777 to 27900.
A Troubleshooting Frequently Asked Questions Q. If all else fails in the installation, what can I do? Reset the router by holding down the Reset button for ten seconds. Reset your cable or DSL modem by powering the unit off and then on. Obtain and flash the latest firmware release that is readily available on the Cisco website at www.cisco.com. Q. How can I be notified of new router firmware upgrades? All Cisco firmware upgrades are posted on the Cisco website at www.cisco.
A Troubleshooting Frequently Asked Questions Q. Does the router pass PPTP packets or actively route PPTP sessions? The router allows PPTP packets to pass through. Q. Is the router cross-platform compatible? Any platform that supports Ethernet and TCP/IP is compatible with the router. Q. How many ports can be simultaneously forwarded? Theoretically, the router can establish 2,048 sessions at the same time, but you can only forward 30 ranges of ports. Q.
B Using Cisco QuickVPN for Windows 2000, XP, or Vista Overview This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from www.cisco.com. QuickVPN works with computers running Windows 2000, XP, or Vista. (Computers using other operating systems will have to use third-party VPN software.) For Windows Vista, QuickVPN Client version 1.2.5 or later is required.
Using Cisco QuickVPN for Windows 2000, XP, or Vista Before You Begin B Before You Begin The QuickVPN program only works with a Cisco 4-Port Gigabit Security Router with VPN that is properly configured to accept a QuickVPN connection. Follow these instructions to configure the router’s VPN client settings: STEP 1 Click VPN > VPN Client Accounts. STEP 2 Enter the username in the Username field. STEP 3 Enter the password in the Password field, and enter it again in the Re-enter to confirm field.
Using Cisco QuickVPN for Windows 2000, XP, or Vista Installing the Cisco QuickVPN Software B Installing the Cisco QuickVPN Software Installing from the CD-ROM STEP 1 Insert the WRVS4400N CD-ROM into your CD-ROM drive. Go to the Start menu and then click Run. In the field provided, enter D:\VPN_Client.exe (if “D” is the letter of your CD-ROM drive). STEP 2 The License Agreement window appears. Click Yes to accept the agreement and the appropriate files are copied to the computer.
Using Cisco QuickVPN for Windows 2000, XP, or Vista Installing the Cisco QuickVPN Software B Copying Files Finished Installing Files STEP 3 Click Finished to complete the installation. Proceed to “Using the Cisco QuickVPN Software,” on page 199.
Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software B Downloading and Installing from the Internet STEP 1 Go to firmware download link in Appendix G, “Where to Go From Here.” STEP 2 From the firmware download link, click Download Software. STEP 3 Select Cisco Small Business Routers > WRVS4400 from the menu. STEP 4 Select QuickVPN Utility. STEP 5 Save the zip file to your PC, and extract the .exe file. STEP 6 Double-click the .
Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software B c. In the Server Address field, enter the IP address or domain name of the Cisco 4-Port Gigabit Security Router with VPN. d. In the Port For QuickVPN field, enter the port number that the QuickVPN client will use to communicate with the remote VPN router, or keep the default setting, Auto. QuickVPN Login To save this profile, click Save.
Using Cisco QuickVPN for Windows 2000, XP, or Vista Using the Cisco QuickVPN Software B QuickVPN Status To terminate the VPN tunnel, click Disconnect. To change your password, click Change Password. For information, click Help. STEP 5 If you clicked Change Password and have permission to change your own password, you will see the Connect Virtual Private Connection window. Enter your password in the Old Password field. Enter your new password in the New Password field.
Using Cisco QuickVPN for Windows 2000, XP, or Vista Distributing Certificates to QuickVPN Users B NOTE You can change your password only if you have been granted that privilege by your system administrator. Distributing Certificates to QuickVPN Users The following explains how to export a certificate from the WRVS4400N for distribution to QuickVPN users, as well as how to install the certificate on the QuickVPN users’ PCs. STEP 1 Generate the certificate as follows: a. Log on to the Web-based Utility.
C Configuring a Gateway-to-Gateway IPSec Tunnel This appendix describes configuring IPSec with a computer that is using Windows 2000 or Windows XP. It includes the following sections: • “Introduction” on page 203 • “Environment” on page 204 Introduction This appendix explains how to configure an IPSec VPN tunnel between two VPN routers by example. In this example, two personal computers test the liveliness of the tunnel.
Configuring a Gateway-to-Gateway IPSec Tunnel Environment C Environment The following is a list of equipment you need: • Two Windows desktop PCs (each PC connects to a VPN Router) • Two VPN routers that are both connected to the Internet Configuring the VPN Settings for the VPN Routers • “Configuring the VPN Settings for VPN Router 1” on page 204 • “Configuring the VPN Settings for VPN Router 2” on page 205 Configuring the VPN Settings for VPN Router 1 Follow these instructions for the first VPN R
Configuring a Gateway-to-Gateway IPSec Tunnel Configuring the VPN Settings for the VPN Routers C STEP 8 For the Remote Secure Group, select Subnet. Enter VPN Router 2’s local network settings in the IP Address and Mask fields. Note that the subnet of Router 2 must be different than the subnet of Router 1. STEP 9 For the Remote Secure Gateway, select IP Addr. Enter VPN Router 2’s WAN IP address in the IP Address field. STEP 10 Click the Save Settings button.
Configuring a Gateway-to-Gateway IPSec Tunnel Configuring the Key Management Settings C Configuring the Key Management Settings • “Configuring the Key Management Settings for VPN Router 1” on page 206 • “Configuring the Key Management Settings for VPN Router 2” on page 207 Configuring the Key Management Settings for VPN Router 1 Following these instructions for VPN Router 1. STEP 1 On the IPSec VPN window, select 3DES from the Encryption drop-down menu.
Configuring a Gateway-to-Gateway IPSec Tunnel Configuring PC 1 and PC 2 C Configuring the Key Management Settings for VPN Router 2 For VPN Router 2, follow the same instructions as you did for configuring VPN Router 1. Configuring PC 1 and PC 2 STEP 1 Set PC 1 and PC 2 to be DHCP clients (refer to Windows Help for more information). STEP 2 Verify that PC 1 and PC 2 can ping each other (refer to Windows Help for more information).
D Finding Out MAC and IP Addresses This appendix describes how to find the MAC address for your computer’s Ethernet adapter so you can use the MAC address cloning feature of the router. You can also find the IP address of your computer’s Ethernet adapter. This IP address is used for the router’s filtering, forwarding, and/or DMZ features. Follow the steps in this appendix to find the adapter’s MAC or IP address in Windows 98, Me, 2000, or XP. Windows 98 or Me Instructions STEP 1 Click Start > Run.
Finding Out MAC and IP Addresses Windows 2000 or XP Instructions D Windows 2000 or XP Instructions STEP 1 Click Start and Run. In the Open field, enter cmd. Press the Enter key or click the OK button. STEP 2 At the command prompt, enter ipconfig /all. Then press the Enter key. STEP 3 Write down the Physical Address as shown on your computer screen. It is the MAC address for your Ethernet adapter. This appears as a series of numbers and letters.
E Cisco ProtectLink Web Service Overview The optional Cisco ProtectLink Web service provides security for your network. It scans e-mail messages, filters website addresses (URLs), and blocks potentially malicious websites. ProtectLink is available for online purchase through online resellers such as CDW.com and PCConnection.com.
Cisco ProtectLink Web Service How to Purchase, Register, or Activate the Service E NOTE If the Remote Management feature on the Firewall > General window has been enabled, then users with administrative privileges can remotely access the web-based utility. Use http://, or use https:// if you have enabled the HTTPS feature. STEP 2 A login window prompts you for your User name and Password.
Cisco ProtectLink Web Service How to Purchase, Register, or Activate the Service E NOTE If the ProtectLink menu is not displayed, upgrade the router’s firmware. For the firmware download link, see Appendix G, “Where to Go From Here.” ProtectLink (Inactive) Follow the instructions for the appropriate option: • I want to learn more about Cisco ProtectLink. • I want to register online. • I want to activate Cisco ProtectLink. I want to learn more about Cisco ProtectLink Web.
Cisco ProtectLink Web Service How to Purchase, Register, or Activate the Service E NOTE To have your e-mail checked, you will need to provide the domain name and IP address of your e-mail server. If you do not know this information, contact your ISP. I have my Activation Code (AC) and want to activate ProtectLink Web. If you have registered, click this link. A wizard begins. Follow the on-screen instructions. When the wizard is complete, the Web Protection and License menus will appear.
Cisco ProtectLink Web Service How to Use the Service E How to Use the Service Configure the service to protect your network. NOTE You need to purchase a ProtectLink Web license to use Web Protection. If you do not have a license, you will be prompted to purchase a license when you click ProtectLink > Web Protection. ProtectLink > Web Protection The Web Protection features are provided by the router. Configure the website filtering settings on the ProtectLink > Web Protection window.
Cisco ProtectLink Web Service How to Use the Service E ProtectLink > Web Protection Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN Administration Guide 215
Cisco ProtectLink Web Service How to Use the Service E Web Protection Enable URL Filtering To filter website addresses (URLs), select this option. Enable Web Reputation To block potentially malicious websites, select this option. URL Filtering Reset Counter The router counts the number of attempted visits to a restricted URL. To reset the counter to zero, click Reset Counter. For each URL category, select the appropriate Filtering option.
Cisco ProtectLink Web Service How to Use the Service E Approved URLs You can designate up to 20 trusted URLs that will always be accessible. Enable Approved URL list To set up a list of always accessible URLs, select this option. URL(s) to approve Enter the trusted URL(s). Separate multiple URLs with semicolons (“;”). Add To add the URLs, click Add. Approved URLs list The trusted URLs are displayed. To delete a URL, click its trash can icon.
Cisco ProtectLink Web Service How to Use the Service E ProtectLink > License The license for the Cisco ProtectLink Web service is valid for one year from the time the activation code for Web Protection is generated. On the License window, license information is displayed. Use this window to renew your license, add seats, or view license information online. ProtectLink > License License Update Information To refresh the license information displayed on-screen, click Update Information.
F Specifications This appendix lists the specifications of the Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN. General Model WRVS4400N Standards Draft IEEE802.11n, IEEE802.11g, IEEE802.11b, IEEE802.3, IEEE802.3u, 802.1X (Security Authentication), IEEE802.1Q (VLAN), 802.11i (Security WPA2), 802.
F Specifications Performance Performance Radio Transmit Power 11b: 18 +/- 1.5 dbm 11g: 17 +/- 1.5 dbm 11n: 16.5 +/- 1.5 dbm Receiver Sensitivity 11.b: 11 Mbps @ -85 dBm 11.g: 54 Mbps @ -70 dBm 11.n: 270 Mbps @ -65 dBm Active WLAN Clients Up to 64 Clients Wireless Securities WEP, WPA-Personal, WPA-Enterprise, WPA2-Personal, WPA2-Enterprise Antenna 3 (Omnidirectional), Gain in dBi is 1.8.
F Specifications Security Security VPN • 5 QuickVPN tunnels for remote client access • 5 IPSec Gateway-to-Gateway Tunnels for branch office connectivity • 3DES Encryption • MD5/SHA1 Authentication • IPSec NAT-T • VPN Passthrough of PPTP, L2TP, IPSec Access Control IP Access Control List (ACL); MAC-based wireless access control Firewall SPI stateful packet inspection (SPI) firewall Content Filtering Static URL blocking or keyword blocking (included), Dynamic Filtering through Cisco Prote
F Specifications Layer 2 Layer 2 VLAN Support Port-based and 802.
G Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco WRVS4400N Wireless-N Gigabit Security Router with VPN. Product Resources Support Cisco Small Business Support Community www.cisco.com/go/smallbizsupport Cisco Small Business Support and Resources www.cisco.com/go/smallbizhelp Phone Support Contacts www.cisco.com/go/sbsc Cisco Small Business Firmware Downloads www.cisco.
G Where to Go From Here Cisco Small Business Cisco Partner Central for Small Business (Partner Login Required) www.cisco.com/web/partners/sell/smb Cisco Small Business Home www.cisco.com/smb Related Documentation For hardware setup for the Cisco WRVS4400N router, see the Cisco Small Business Model WRVS4400N Wireless-N Gigabit Security Router with VPN Quick Start Guide.
