USER GUIDE BUSINESS SERIES 10/100 8-Port VPN Router Model: RV082
About This Guide About This Guide Icon Descriptions While reading through the User Guide you may see various icons that call attention to specific items. Below is a description of these icons: NOTE: This check mark indicates that there is a note of interest and is something that you should pay special attention to while using the product. Copyright and Trademarks Linksys, Cisco and the Cisco Logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S.
Table of Contents Chapter 1: Introduction 1 Introduction to the Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction to VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 VPN Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents One-to-One NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Setup > MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 MAC Clone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Setup > DDNS . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents VPN > Client to Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Add a New Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 IPSec Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 VPN > VPN Client Access . . . . . . . .
Table of Contents Configuration of PC 1 and PC 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Configuration when the Remote Gateway Uses a Dynamic IP Address . . . . . . . . . . . 67 Configuration of the RVL200 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Configuration of the RV082 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Appendix I: Warranty Information 85 Exclusions and Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Obtaining Warranty Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 1 Chapter 1: Introduction Introduction to the Router Thank you for choosing the Linksys 10/100 8-Port VPN Router. The Router lets multiple computers in your office share an Internet connection. The dual Internet ports let you connect a second Internet line as a backup, or you can use both Internet ports at the same time, allowing the Router to manage bandwidth demands for maximum efficiency.
Chapter 1 Introduction Computer (using VPN client software) to VPN Router The following is an example of a computer-to-VPN Router VPN. In her hotel room, a traveling businesswoman connects to her Internet Service Provider (ISP). Her notebook computer has VPN client software that is configured with her office’s VPN settings. She accesses the VPN client software and connects to the VPN Router at the central office. As VPNs use the Internet, distance is not a factor.
Chapter 2 Chapter 2: Product Overview Front Panel Product Overview Reset The Reset button can be used for a warm reset or a reset to factory defaults. •• Warm Reset If the Router is having problems connecting to the Internet, press and hold in the Reset button for a second using the tip of a pen. This is similar to pressing the power button on your computer to reboot it. •• Reset to Factory Defaults If you are Diag (Red) The Diag LED lights up when the Router is not ready for use.
Chapter 3 Installation Chapter 3: Installation Wall-Mount Placement Physical Installation Two screws are needed to mount the Router. The Router has two wall-mount slots on its bottom panel. The distance between the two slots is 94 mm (3.70 inches). There are three ways to place the Router. The first way is to place the Router horizontally on a surface. The second way is to mount the Router on a wall. The third way is to mount the Router in a standard-sized, 19-inch high rack.
Chapter 3 5. Place the wall-mount slots over the screws and slide the Router down until the screws fit snugly into the wall-mount slots. Rack-Mount Placement Installation 3. Repeat step 2 to attach the other bracket to the opposite side. 4. After the brackets are attached to the Router, use suitable screws to securely attach the brackets to any standard 19-inch rack. The Router includes two brackets and eight screws for mounting on a standard-sized, 19-inch high rack.
Chapter 3 Installation 3. Connect your cable or DSL modem’s Ethernet cable to the Router’s Internet port. If you are using the DMZ/Internet port, then connect an Ethernet cable to the DMZ/Internet port. Connect the other end to a network device, such as a modem or public server. Connect to the Internet Port 4. Power on the cable or DSL modem. If you have a network device connected to the DMZ/Internet port, power on the network device. 5.
Chapter 4 Chapter 4: Advanced Configuration Overview The Router’s web-based utility allows you to set up the Router and perform advanced configuration and troubleshooting. This chapter will explain all of the functions in this utility. Advanced Configuration System Summary The first screen that appears is the System Summary screen, which displays the Router’s current status and settings. This information is read-only.
Chapter 4 Advanced Configuration System Up Time This is the length of time in days, hours, and minutes that the Router has been active. The current time and date are also displayed. Trend Micro™ ProtectLink Gateway The optional Trend Micro ProtectLink Gateway service provides security for your network. It checks e-mail messages, filters website addresses (URLs), and blocks potentially malicious websites.
Chapter 4 Advanced Configuration DDNS It shows the DDNS settings of the Router’s WAN port(s) and hyperlinks to the Setup > DDNS screen. DMZ Host It shows the DMZ private IP address and hyperlinks to the Setup > DMZ Host screen. The default is Disabled. Firewall Setting Status SPI (Stateful Packet Inspection) It shows the status (On/Off ) of the SPI setting and hyperlinks to the Firewall > General screen.
Chapter 4 Advanced Configuration be sent out, probably use incorrect settings,” will be displayed. Setup > Network The Network screen shows all of the Router’s basic setup functions. The Router can be used in most network setups without changing any of the default values; however, you may need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL or cable) carrier. The setup information is provided by your ISP.
Chapter 4 If you want to delete a subnet you have created, select it and click Delete selected subnet. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Network screen. You can also divide a Class C network into four subnets. For example, the current LAN settings show the Device IP Address as 192.168.1.1 and the Subnet Mask as 255.255.255.192. Advanced Configuration the Router.
Chapter 4 Advanced Configuration Static IP Specify WAN IP Address Enter the external IP address of the Router. Subnet Mask Enter the subnet mask of the Router. Default Gateway Address Enter the IP address of the default gateway. DNS Server (Required) 1/2 Enter at least one DNS server IP address. Multiple DNS server IP settings are common. In most cases, the first available DNS entry is used.
Chapter 4 Advanced Configuration Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Save Settings to save your changes, or click Cancel Changes to undo them. PPTP (Point-to-Point Tunneling Protocol) Transparent Bridge Point to Point Tunneling Protocol (PPTP) is a service used in Europe, Israel, and other countries. To connect two network segments, select Transparent Bridge. (You do not need to change the attached network settings.
Chapter 4 Advanced Configuration DMZ (Range) Range If Range is selected, the DMZ port and the WAN port will be in the same subnet. To specify a range, select this option and configure the following: Heart Beat Signal •• IP Range for DMZ port Enter the starting and ending IP addresses. User Name and Password Enter your account’s User Name and Password. The maximum number of characters is 60. Click Save Settings to save your changes, or click Cancel Changes to undo them.
Chapter 4 Advanced Configuration Click Save Settings to save your change, or click Cancel Changes to undo it. Click Save Settings to save your changes, or click Cancel Changes to undo them. Setup > Time Setup > DMZ Host The Router uses the time settings to time stamp log events, automatically apply the Access Rules and Content Filter, and perform other activities for other internal purposes.
Chapter 4 Advanced Configuration Service Management Service Name Enter a name. Setup > Forwarding Forwarding Port Range Forwarding Port forwarding can be used to set up public services on your network. When users from the Internet make certain requests on your network, the Router can forward those requests to computers equipped to handle the requests. If, for example, you set the port number 80 (HTTP) to be forwarded to IP address 192.168.1.
Chapter 4 Incoming Port Range Enter the starting and ending port numbers of the incoming port range. Click Add to List, and configure as many entries as you would like, up to a maximum of 30. To delete an entry, select it and click Delete selected application. Click Show Tables to see the details of your entries. The Port Range Forwarding Table List appears. Advanced Configuration UPnP UPnP Function Select Yes to enable the UPnP function. Otherwise, keep the default, No.
Chapter 4 Advanced Configuration One-to-One NAT One-to-One NAT Select Enable to use the One-to-One NAT function. UPnP Forwarding Table List Click Refresh to update the on-screen information. Click Close to exit this screen and return to the UPnP screen. On the UPnP screen, click Save Settings to save your changes, or click Cancel Changes to undo them.
Chapter 4 MAC Clone Advanced Configuration DynDNS.org WAN1/2 If you have enabled the Dual WAN feature, then you will have two ports, WAN1 and WAN2, available for MAC address assignment or cloning. User Defined WAN MAC Address To manually clone a MAC address, select User Defined WAN MAC Address, and then enter the 12 digits of your adapter’s MAC address. MAC Address from this PC To clone the MAC address of the computer you are currently using to configure the Router, select MAC Address from this PC.
Chapter 4 Advanced Configuration Password Enter your PeanutHull account information. 3322.org Host Name Enter your host name in the three Host Name fields. For example, if your host name were myhouse. oray.net, then myhouse would go into the first field, oray would go into the second field, and net would go into the last field. Click Save Settings, and the status of the DDNS function will be updated. Internet IP Address The Router’s current Internet IP address is displayed.
Chapter 4 Working Mode Select Gateway mode if the Router is hosting your network’s connection to the Internet. Select Router mode if the Router exists on a network with other routers, including a separate network gateway that handles the Internet connection. In Router mode, any computer connected to the Router will not be able to connect to the Internet unless you have another router function as the gateway.
Chapter 4 Advanced Configuration Setup Enable DHCP Server To use the Router as your network’s DHCP server, select Enable DHCP Server. If you already have a DHCP server on your network, remove the check mark. Then configure the Dynamic IP settings. Dynamic IP •• Client Lease Time The Client Lease Time is the amount of time a network user will be allowed connection to the Router with their current dynamic IP address.
Chapter 4 To update the on-screen information, click Refresh. To exit this screen and return to the Setup screen, click Close. Static IP Address Enter the static IP address. You can enter 0.0.0.0 if you want the Router to assign a static IP address to the device. MAC Address Enter the MAC address of the device. Name Enter a descriptive name for the device. Enable Select Enable to assign the static IP address to this device.
Chapter 4 Advanced Configuration Dual-WAN Smart Link Backup/Load Balance If you want to use one of the WAN ports as the primary port and the other WAN port as backup, then select Smart Link Backup. If you want the Router to automatically manage the Internet connection through both WAN ports, then select Load Balance. The Router will automatically compute the ratio of the bandwidths of WAN1 and WAN2, and then it will use Weighted Round Robin (WRR) to balance the loads of the two WANs.
Chapter 4 •• Generate the Error Condition in the System Log Failover will not occur; only an error condition will be logged. Network Service Detection can test a WAN port’s network connectivity by pinging the Default Gateway or a specific IP address. WAN1/2 Default Gateway Select this option to ping the Default Gateway. ISP Host Select this option to ping the ISP Host. Then enter the IP address.
Chapter 4 Advanced Configuration Service Name Enter a name. For IP Binding only, select All. Protocol Select the protocol it uses. Port Range Enter its range. Click Add to List. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Dual-WAN screen. If you want to modify a service you have created, select it and click Update this service. Make changes. Click Save Settings to save your changes, or click Cancel Changes to undo them.
Chapter 4 Advanced Configuration Summary (Rate Control Selected) To change a rule, click Edit. To update the list, click Refresh. To return to the Bandwidth Management screen, click Close. On the Bandwidth Management screen, click Save Settings to save your changes, or click Cancel Changes to undo them. Priority Service Management Service Name Enter a name. Protocol Select the protocol it uses. Port Range Enter its range. Click Add to List.
Chapter 4 Advanced Configuration To change a rule, click Edit. To update the list, click Refresh. To return to the Bandwidth Management screen, click Close. On the Bandwidth Management screen, click Save Settings to save your changes, or click Cancel Changes to undo them. System Management > SNMP Service Management Service Name Enter a name. Protocol Select the protocol it uses.
Chapter 4 Advanced Configuration no more than 64 alphanumeric characters long must be entered. message.) The Router will then query the DNS server and display the results. Send SNMP Trap to Enter the IP address or domain name that should receive the traps sent by the Router. Name The host name is displayed. Click Save Settings to save your changes, or click Cancel Changes to undo them.
Chapter 4 Factory Default Return to Factory Default Setting Click Return to Factory Default Setting if you want to restore the Router to its factory default settings. After clicking the button, a confirmation screen appears. Click OK to continue. Advanced Configuration Extract the file on your computer. Then follow the Firmware Upgrade instructions. System Management > Restart If you need to restart the Router, Linksys recommends that you use the Restart tool on this screen.
Chapter 4 System Management > Setting Backup Advanced Configuration Port Management > Port Setup Import Configuration File Basic Per Port Config. To import a configuration file, first specify where your backup preferences file is located. Click Browse, and then select the appropriate configuration file. The Basic Per Port Config. table displays the following: Import After you select the file, click Import. This process may take up to a minute.
Chapter 4 Advanced Configuration To update the on-screen information, click Refresh. Firewall > General Enable or disable a variety of firewall, security, and web features. Port Management > Port Status Port ID To see the status information and settings for a specific port, select its ID number or name. Port Status Summary For the selected port, the Summary table displays the following: Type The port type is displayed. Firewall > General Interface The interface type, LAN or WAN, is displayed.
Chapter 4 for the Remote Management setting, and enter the port number (port 80, the default, or 8080 is usually used). NOTE: If the Remote Management feature on the Firewall > General screen has been enabled, then users with administrative privileges can remotely access the web-based utility. Use http://, or use https:// if you have enabled the HTTPS feature. HTTPS HTTPS is a secured HTTP session.
Chapter 4 Access Rules Advanced Configuration Add a New Access Rule Except for the default rules, all configured access rules are listed in the Access Rules table, and you can set the priority for each custom rule. If the Access Rules table has multiple pages, select a different page to view from the Jump to drop-down menu. If you want more or fewer entries listed per page, select a different number from the entries per page drop-down menu.
Chapter 4 Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Add a New Access Rule screen. If you want to delete a service you have created, select it and click Delete selected service. Click Save Settings to save your changes, or click Cancel Changes to undo them. Click Exit to return to the Add a New Access Rule screen.
Chapter 4 Click Save Settings to save your changes, or click Cancel Changes to undo them. NOTE: The content filter rules will be automatically disabled if the Trend Micro ProtectLink service is activated on the Router. Advanced Configuration For each VPN tunnel, the No., Name, Status, Phase 2 Enc/ Auth/Grp, Local Group, Remote Group, and Remote Gateway will be displayed.
Chapter 4 Name It shows the Tunnel Name that you gave the VPN tunnel. Status This indicates the status of the VPN tunnel. Phase2 Enc/Auth/Grp This shows the Phase 2 Encryption type (NULL/DES/3DES/AES-128/AES-192/ AES-256), Authentication method (NULL/MD5/SHA1), and DH Group number (1/2/5) that you chose in the IPSec Setup section. If you selected Manual for the Keying Mode in the IPSec section, then only the Encryption type and Authentication method will be displayed.
Chapter 4 Advanced Configuration IP Only The default is IP Only. Only the device with a specific IP address will be able to access the tunnel. Local Security Gateway Type > IP Only IP address The WAN (or Internet) IP address of the Router automatically appears. IP + Domain Name(FQDN) Authentication The IP address and FQDN must match the Remote Security Gateway of the remote VPN device, and they can only be used for one tunnel connection.
Chapter 4 Advanced Configuration Local Security Group Type > Subnet Local Security Gateway Type > Dynamic IP + Domain Name(FQDN) Authentication IP address Enter the IP address. The default is 192.168.1.0. Domain Name Enter the domain name for authentication. (Once used, you cannot use it again to create a new tunnel connection.) Subnet Mask Enter the subnet mask. The default is 255.255.255.0. Dynamic IP + E-mail Addr.
Chapter 4 IP address Select this option if you know the static IP address of the remote VPN device at the other end of the tunnel, and then enter the IP address. IP by DNS Resolved Select this option if you do not know the static IP address of the remote VPN device but you do know its domain name. Then enter the remote VPN device’s domain name on the Internet. The Router will retrieve the IP address of the remote VPN device via its public DNS records.
Chapter 4 Remote Security Group Type > IP IP address Enter the appropriate IP address. Subnet The default is Subnet. All computers on the remote subnet will be able to access the tunnel. Remote Security Group Type > Subnet IP address Enter the IP address. Subnet Mask Enter the subnet mask. The default is 255.255.255.0. IP Range Specify a range of IP addresses within a subnet that will be able to access the tunnel. Remote Security Group Type > IP Range IP range Enter the range of IP addresses.
Chapter 4 Preshared Key This specifies the pre-shared key used to authenticate the remote IKE peer. Enter a key of keyboard and hexadecimal characters, e.g., My_@123 or 4d795f40313233. This field allows a maximum of 30 characters and/or hexadecimal values. Both ends of the VPN tunnel must use the same Preshared Key. It is strongly recommended that you change the Preshared Key periodically to maximize VPN security. Manual If you select Manual, you generate the key yourself, and no key negotiation is needed.
Chapter 4 want the Router to propose compression when it initiates a connection. If the responders reject this proposal, then the Router will not implement compression. When the Router works as a responder, it will always accept compression, even if compression is not enabled. Keep-Alive Keep-Alive helps maintain IPSec VPN tunnel connections. If a connection is dropped and detected, it will be re-established immediately. Select this option to use this feature.
Chapter 4 Advanced Configuration NOTE: The 10/100 8-Port VPN Router supports IPSec VPN client software, including the Linksys QuickVPN software. To manage access for Linksys QuickVPN clients, click the VPN Client Access tab. (For more information about QuickVPN, refer to “Appendix B: Linksys QuickVPN for Windows 2000, XP, or Vista”.) Add a New Tunnel Tunnel/Group VPN To create a tunnel for a single VPN client, select Tunnel. To create a tunnel for multiple VPN clients, select Group VPN.
Chapter 4 Advanced Configuration Local Security Group Type > Subnet Local Security Gateway Type > Dynamic IP + Domain Name(FQDN) Authentication IP address Enter the IP address. The default is 192.168.1.0. Domain Name Enter the domain name for authentication. (Once used, you cannot use it again to create a new tunnel connection.) Subnet Mask Enter the subnet mask. The default is 255.255.255.0. Dynamic IP + E-mail Addr.
Chapter 4 Advanced Configuration the remote computer requests to create a tunnel with the Router, the Router will work as a responder. Remote Client > IP + Domain Name(FQDN) Authentication IP address Select this option if you know the static IP address of the remote computer at the other end of the tunnel, and then enter the IP address. IP by DNS Resolved Select this option if you do not know the static IP address of the remote computer but you do know its domain name.
Chapter 4 Advanced Configuration (The Microsoft VPN client software does not support Aggressive mode and FQDN or User FQDN ID options.) Local Security Group Type > Subnet IP address Enter the IP address. The default is 192.168.1.0. Subnet Mask Enter the subnet mask. The default is 255.255.255.0. IP Range Specify a range of IP addresses within a subnet that will be able to access the tunnel. Local Security Group Type > IP Range IP range Enter the range of IP addresses. The default is 192.168.1.0~254.
Chapter 4 Advanced Configuration Perfect Forward Secrecy If the Perfect Forward Secrecy (PFS) feature is enabled, IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication, so hackers using brute force to break encryption keys will not be able to obtain future IPSec keys.
Chapter 4 the Authentication Key will be automatically completed with zeroes until it has 40 hexadecimal values. Make sure both ends of the VPN tunnel use the same Authentication Key. Advanced For most users, the settings on the VPN page should suffice; however, the Router provides advanced IPSec settings for advanced users using the IKE with Preshared Key mode. Click Advanced to view the Advanced settings. Advanced Aggressive Mode There are two types of Phase 1 exchanges, Main Mode and Aggressive Mode.
Chapter 4 3. Add the QuickVPN client to the list. VPN Client Users User Name Enter the user name. New Password Enter the new password. Confirm New Password Re-enter the new password. Change Password Allowed To allow the user to change his or her password, select Yes. Otherwise, keep the default, No. Active To activate the new user, select Active. To add the new user to the list, click Add to list. After a user has been added, you can change the user’s settings.
Chapter 4 L2TP Pass Through Layer 2 Tunneling Protocol is the method used to enable Point-to-Point sessions via the Internet on the Layer 2 level. L2TP Pass Through is enabled by default. Click Save Settings to save your changes, or click Cancel Changes to undo them. VPN > PPTP Server The PPTP Server screen allows you to enable up to five PPTP VPN tunnels between the Router and PPTP VPN clients. These PPTP VPN clients must be computers running PPTP client software and Windows XP or 2000.
Chapter 4 Advanced Configuration so unless you change this setting, the Router will e-mail the log to you when there are more than 50 log entries. Log Time Threshold You can designate how often the log will be e-mailed to you. The default is 10 minutes, so unless you change this setting, the Router will e-mail the log to you every 10 minutes. The Router will e-mail the log every time the Log Queue Length or Log Time Threshold is reached.
Chapter 4 Advanced Configuration View System Log To view logs, click this option. The System Log screen appears. Incoming Log Table Time The time of each log event is displayed. You can sort each log by time sequence. System Log Current Time The time of the Router is displayed. Event-Type The type of log event is displayed. Message The message associated with each log event is displayed. Select the log you wish to view: ALL, System Log, Access Log, Firewall Log, or VPN Log.
Chapter 4 Advanced Configuration connection(s). Run the Access Rule Setup Wizard to set up the security policy for the Router. 3. Your Internet Service Provider (ISP) may require you to use a host and domain name for your Internet connection. If your ISP requires them, complete the Host Name and Domain Name fields; otherwise leave these blank. Click Next to continue. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizard. Wizard Basic Setup 1.
Chapter 4 5. Depending on which connection type you have selected, the appropriate screen will appear. Follow the instructions for the appropriate connection type: Obtain an IP automatically If you want to use the ISP’s DNS server, select Use DNS Server provided by ISP (default). If you want to designate a specific DNS server IP address, select Use the Following DNS Server Addresses, and enter the DNS server IP addresses you want to use (you must enter at least one).
Chapter 4 Advanced Configuration PPPoE Complete the User Name and Password fields with the information provided by your ISP. Click Next to continue. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizard. Connect on Demand or Keep Alive 6. To set up the WAN2 port as a WAN (Internet) port, repeat step 5. To set up the WAN2 port as a DMZ port, go to step 7. 7. Complete the DMZ IP and Subnet Mask fields with the information provided by your ISP.
Chapter 4 8. If you want to save your changes, click Save Settings. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizard. Advanced Configuration 3. From the drop-down menu, select Allow or Deny depending on the intent of the Access Rule. Click Next to continue. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizard. Save Settings 9.
Chapter 4 5. Select the Source Interface: LAN, WAN1, WAN2, or Any from the Interface pull-down menu. Select the Source IP address(es) for this Access Rule. If it can be any IP address, select Any. If it is one IP address, select Single and enter the IP address. If it is a range of IP addresses, select Range, and enter the range of IP addresses. Click Next to continue. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizard. Advanced Configuration 6.
Chapter 4 Advanced Configuration and select the appropriate days of the week. Click Next to continue. Click Previous if you want to return to the previous screen. Click Exit if you want to exit the Setup Wizard. Support Manual If you want the latest version of this User Guide, click On Line Manual. The Support page of the Linksys website appears. When It Works 8. If you want to save your changes, click Save Settings. Click Previous if you want to return to the previous screen.
Appendix A Appendix A: Troubleshooting The firmware upgrade has failed. A firmware upgrade takes approximately ten minutes. An error may occur if you powered off the Router, pressed the Reset button, closed the System Management > Firmware Upgrade screen, or disconnected the computer from the Router during the firmware upgrade. Troubleshooting The Router does not have a coaxial port for the cable connection. The Router does not replace your modem.
Appendix B Linksys QuickVPN for Windows 2000, XP, or Vista Appendix B: Linksys QuickVPN for Windows 2000, XP, or Vista Linksys QuickVPN Instructions Introduction 2. Configure a user name and password. The 10/100 8-Port VPN Router (model number: RV082) supports IPSec VPN client software, including the Linksys QuickVPN software (also known as the Linksys VPN client). The Router supports up to 50 Linksys QuickVPN clients free of charge.
Appendix B Linksys QuickVPN for Windows 2000, XP, or Vista 3. In the Router’s web-based utility, click the VPN tab. 4. Click the VPN Client Access tab. 5. Click Generate to generate a new certificate (if needed). 3. For the Change Password Allowed setting, select Yes to allow the user to change his or her password. Otherwise, keep the default, No. 4. To activate the new user, select Active. 5. Click Add to list. 6. Click Save Settings. NOTE: If the Router’s LAN IP address is the default, 192.168.1.
Appendix B Linksys QuickVPN for Windows 2000, XP, or Vista Copying Files Copying Files Installation Complete Installation Complete 3. Click Finish to complete the installation. Proceed to the section, “Install the Client Certificate”. 10. Click Finish to complete the installation. Proceed to the section, “Install the Client Certificate”. Download from the Internet Install the Client Certificate 1. Go to www.linksys.com and select Products.
Appendix B Linksys QuickVPN for Windows 2000, XP, or Vista •• Password Enter the Password assigned to you. •• Server Address Enter the IP address or domain name of the Linksys 10/100 8-Port VPN Router. •• Port for QuickVPN Enter the port number that the QuickVPN client will use to communicate with the remote VPN router, or keep the default, Auto. To terminate the VPN tunnel, click Disconnect. To change your password, click Change Password. For information, click Help.
Appendix C Gateway-to-Gateway VPN Tunnel Appendix C: Gateway-to-Gateway VPN Tunnel Overview This appendix explains how to configure an IPSec VPN tunnel between two VPN Routers, using an example. Two computers are used to test the liveliness of the tunnel. Configuration of the RVL200 Follow these instructions for the first VPN Router, designated RVL200. The other VPN Router is designated the RV082. 1. Launch the web browser for a networked computer, designated PC 1. 2.
Appendix C 11. In the Preshared Key field, enter a string for this key, for example, 13572468. Gateway-to-Gateway VPN Tunnel 9. For the Remote Security Gateway Type, select IP Only. Enter the RVL200’s WAN IP address in the IP Address field. 10. For the Remote Security Group Type, select Subnet. Enter the RVL200’s local network settings in the IP Address and Subnet Mask fields. 11. In the IPSec Setup section, select the appropriate encryption, authentication, and other key management settings.
Appendix C Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Dynamic IP Address This example assumes the Remote Gateway is using a dynamic IP address. If the Remote Gateway uses a static IP address, refer to “Configuration when the Remote Gateway Uses a Static IP Address.” RVL200 IPSec VPN Settings RV082 Dynamic IP: B.B.B.B with Domain Name: www.abc.com LAN: 192.168.1.1 RVL200 WAN: A.A.A.A LAN: 192.168.5.1 8. For the Remote Security Gateway Type, select IP Only.
Appendix C 7. Select Enable. 8. For the Local Security Gateway Type, select IP Only. The WAN IP address (B.B.B.B) of the RV082 will be automatically detected. For the Local Security Group Type, select Subnet. Enter the RV082’s local network settings in the IP Address and Subnet Mask fields. Gateway-to-Gateway VPN Tunnel Configuration when Both Gateways Use Dynamic IP Addresses This example assumes both Gateways are using dynamic IP addresses.
Appendix C Gateway-to-Gateway VPN Tunnel 7. Select Enable. 8. For the Local Security Gateway Type, select IP Only. The WAN IP address (B.B.B.B) of the RV082 will be automatically detected. For the Local Security Group Type, select Subnet. Enter the RV082’s local network settings in the IP Address and Subnet Mask fields. RVL200 IPSec VPN Settings 8. For the Remote Security Gateway Type, select IP Only. Then select IP by DNS Resolved. Enter the RV082’s domain name in the field provided. 9.
Appendix D Appendix D: IPSec NAT Traversal IPSec NAT Traversal Configuration of Scenario 1 In this scenario, Router A is the RVL200 Initiator, while Router B is the RVL200 Responder. Overview Network Address Translation (NAT) traversal is a technique developed so that data protected by IPSec can pass through a NAT. (See NAT 1 and NAT 2 in the diagram.) Since IPSec provides integrity for the entire IP datagram, any changes to the IP addressing will invalidate the data.
Appendix D 7. For the Local Security Gateway Type, select IP Only. The WAN IP address of Router A will be automatically detected. IPSec NAT Traversal For the Local Security Group Type, select Subnet. Enter Router B’s local network settings in the IP Address and Subnet Mask fields. For the Local Security Group Type, select Subnet. Enter Router A’s local network settings in the IP Address and Subnet Mask fields. Router B’s IPSec VPN Settings Router A’s IPSec VPN Settings 8.
Appendix D IPSec NAT Traversal Configuration of Scenario 2 Configuration of the One-to-One NAT Rules In this scenario, Router B is the RVL200 Initiator, while Router A is the RVL200 Responder. Router B will have the Remote Security Gateway IP address set to a public IP address that is associated with the WAN IP address of Router A, which is behind the NAT. Hence the public IP address (192.168.99.1) must be mapped to the WAN IP address (192.168.11.
Appendix D 4. Click the One-to-One NAT tab. 5. For the One-to-One NAT setting, select Enable. 6. In the Private Range Begin field, enter 111.11. 7. In the Public Range Begin field, enter 11.101. 8. In the Range Length field, enter an appropriate value. The range length cannot exceed the number of valid IP addresses. To map a single address, enter 1. 9. Click Add to List. 10. Click Save Settings. Refer to “Chapter 4: Advanced Configuration” for more details about one-to-one NAT rules.
Appendix D IPSec NAT Traversal 9. For the Remote Security Group Type, select Subnet. Enter Router B’s local network settings in the IP Address and Subnet Mask fields. 10. In the IPSec Setup section, select the appropriate encryption, authentication, and other key management settings. 11. In the Preshared Key field, enter a string for this key, for example, 13572468. 12. If you need more detailed settings, click Advanced Settings. Otherwise, click Save Settings.
Appendix E Bandwidth Management Appendix E: Bandwidth Management Overview This appendix explains how to ensure Quality of Service (QoS) on Vonage Voice over Internet Protocol (VoIP) phone service. This example uses Vonage; however, similar instructions will apply to other VoIP services. Creation of New Services Create two Vonage 2. new services, Vonage VoIP and 1. Visit Vonage’s website at http://www.vonage.com. Find out the ports used for Vonage VoIP service. 2.
Appendix E Bandwidth Management Creation of New Bandwidth Management Rules Create four new rules: Vonage VoIP (Upstream), Vonage VoIP (Downstream), Vonage 2 (Upstream), and Vonage 2 (Downstream). 1. On the Bandwidth Management screen, select Vonage VoIP from the Service drop-down menu. 2. Enter the IP address or range you need to control. To include all internal IP addresses, keep the default, 0. 3. From the Direction drop-down menu, select Upstream for outbound traffic. 4. In the Min.
Appendix F Appendix F: Firmware Upgrade Firmware Upgrade 3. In the Firmware Download section, click Firmware Download from Linksys Web Site. Overview This appendix explains how to upgrade the firmware of the Router. How to Access the Web-Based Utility 1. For local access of the Router’s web-based utility, launch your web browser, and enter the Router’s default IP address, 192.168.1.1, in the Address field. Press the Enter key. Address Bar System Management > Firmware Upgrade 4.
Appendix F Firmware Upgrade 7. The utility zip file will automatically open. Extract .exe file to an appropriate location on your computer. 8. Double-click the .exe file. 9. In the Router IP field, enter the IP address of the Router. Firmware Upgrade Utility Login 10. In the Password field, enter the password for access to the Router. 11. Click Next, instructions.
Appendix G Appendix G: Trend Micro ProtectLink Gateway Service Trend Micro ProtectLink Gateway Service How to Purchase, Register, or Activate the Service You can purchase, register, or activate the service using the System Summary or ProtectLink screen. System Summary Overview The optional Trend Micro ProtectLink Gateway service provides security for your network. It checks e-mail messages, filters website addresses (URLs), and blocks potentially malicious websites.
Appendix G Trend Micro ProtectLink Gateway Service NOTE: To have your e-mail checked, you will need to provide the domain name and IP address of your e-mail server. If you do not know this information, contact your ISP. Activate If you have registered, click Activate. A wizard begins. Follow the on-screen instructions. When the wizard is complete, the System Summary screen will indicate that the service has been activated.
Appendix G ProtectLink > Web Protection The Web Protection features are provided by the Router. Configure the website filtering settings on this screen. Trend Micro ProtectLink Gateway Service Business Hours To filter this URL category during the business hours you have specified, select this option. Leisure Hours To filter this URL category during non‑business hours, select this option. Instances Blocked The number of attempted visits is displayed.
Appendix G Add To add the IP addresses or ranges, click Add. Approved Clients list The IP addresses or range of trusted clients are displayed. To delete an IP address or range, click its trash can icon. URL Overflow Control Specify the behavior you want if there are more URL requests than the service can handle. Temporarily block URL requests (This is the recommended setting) If there are too many URL requests, the overflow will be held back until they can be processed. This is the default setting.
Appendix G Trend Micro ProtectLink Gateway Service Renew To renew your license, click Renew. Then follow the on-screen instructions. Add Seats Each seat allows an e-mail account to use Email Protection. To add seats to your license, click Add Seats. Then follow the on-screen instructions.
Appendix H Appendix H: Specifications Specifications NAT Many-to-One, One-to-One DMZ DMZ Port, DMZ Host Routing Static and RIP v1, v2 QoS Specifications Model RV082 10/100 8-Port VPN Router Standards IEEE 802.3, 802.
Appendix I Appendix I: Warranty Information Linksys warrants this Linksys hardware product against defects in materials and workmanship under normal use for the Warranty Period, which begins on the date of purchase by the original end-user purchaser and lasts for the period specified for this product at www.linksys.com/warranty. The internet URL address and the web pages referred to herein may be updated by Linksys from time to time; the version in effect at the date of purchase shall apply.
Appendix I Warranty Information original purchase when returning your product. Products received without a RMA number and dated proof of original purchase will be rejected. Do not include any other items with the product you are returning to Linksys. Defective product covered by this limited warranty will be repaired or replaced and returned to you without charge.
Appendix J Appendix J: Software License Agreement Software in Linksys Products This product from Cisco-Linksys LLC or from one of its affiliates Cisco Systems-Linksys (Asia) Pte Ltd. or CiscoLinksys K.K. (“Linksys”) contains software (including firmware) originating from Linksys and its suppliers and may also contain software from the open source community. Any software originating from Linksys and its suppliers is licensed under the Linksys Software License Agreement contained at Schedule 1 below.
Appendix J Collection and Processing of Information.
Appendix J Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
Appendix J c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License.
Appendix J 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License.
Appendix J will apply to that open source software. The license terms below in this Schedule 3 are from the public web site at http:// .gnu.org/licenses/old-licenses/lgpl-2.1.html GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Appendix J In other cases, permission to use a particular library in nonfree programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.
Appendix J sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
Appendix J Library will not necessarily be able to recompile the application to use the modified definitions.) b. Use a suitable shared library mechanism for linking with the Library.
Appendix J It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices.
Appendix J Software License Agreement OpenSSL License Original SSLeay License Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). 1.
Appendix J Software License Agreement PURPOSE ARE DISCLAIMED.
Appendix K Appendix K: Regulatory Information FCC Statement This product has been tested and complies with the specifications for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used according to the instructions, may cause harmful interference to radio communications.
Appendix K User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste Electric and Electronic Equipment (WEEE) This document contains important information for users with regards to the proper disposal and recycling of Linksys products.
Appendix K Regulatory Information Eesti (Estonian) - Keskkonnaalane informatsioon Euroopa Liidus asuvatele klientidele Français (French) - Informations environnementales pour les clients de l’Union européenne Euroopa Liidu direktiivi 2002/96/EÜ nõuete kohaselt on seadmeid, millel on tootel või pakendil käesolev sümbol , keelatud kõrvaldada koos sorteerimata olmejäätmetega. See sümbol näitab, et toode tuleks kõrvaldada eraldi tavalistest olmejäätmevoogudest.
Appendix K Regulatory Information Lietuvškai (Lithuanian) - Aplinkosaugos informacija, skirta Europos Sąjungos vartotojams Nederlands (Dutch) - Milieu-informatie voor klanten in de Europese Unie Europos direktyva 2002/96/EC numato, kad įrangos, kuri ir kurios pakuotė yra pažymėta šiuo simboliu (įveskite simbolį), negalima šalinti kartu su nerūšiuotomis komunalinėmis atliekomis. Šis simbolis rodo, kad gaminį reikia šalinti atskirai nuo bendro buitinių atliekų srauto.
Appendix K Regulatory Information Português (Portuguese) - Informação ambiental para clientes da União Europeia Slovenčina (Slovene) - Okoljske informacije za stranke v Evropski uniji A Directiva Europeia 2002/96/CE exige que o equipamento que exibe este símbolo no produto e/ou na sua embalagem não seja eliminado junto com os resíduos municipais não separados. O símbolo indica que este produto deve ser eliminado separadamente dos resíduos domésticos regulares.
Appendix L Contact Information Appendix L: Contact Information Linksys Contact Information Website http://www.linksys.com Support Site http://www.linksys.com/support FTP Site ftp.linksys.com Advice Line 800-546-5797 (LINKSYS) Support 800-326-7114 RMA (Return Merchandise http://www.linksys.com/warranty Authorization) NOTE: Details on warranty and RMA issues can be found in the Warranty section of this Guide.
