Cisco Quickvpn - pc Instruction Manual

Cisco Small Business

RVS4000 4-Port Gigabit Security Router with VPN

ADMINISTRATION

GUIDE

CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the

Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting

To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems,

Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare,

GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound,

MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The

Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and

certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between

Cisco and any other company. (0812R)

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide iii

Contents

About This Document 1

How to Use This Guide 1

Organization 1

Finding Information in PDF Files 2

Finding Text in a PDF 3

Finding Text in Multiple PDF Files 3

Chapter 1: Introduction 6

Chapter 2: Networking and Security Basics 7

An Introduction to LANs 7

The Use of IP Addresses 7

The Intrusion Prevention System (IPS) 9

Chapter 3: Planning Your Virtual Private Network (VPN) 11

Why do I need a VPN? 11

1) MAC Address Spoofing 12

2) Data Sniffing 12

3) Man in the middle attacks 12

What is a VPN? 12

VPN Router to VPN Router 13

Computer (using the Cisco QuickVPN Client software) to VPN Router 14

Chapter 4: Getting Started with the RVS4000 Router 16

Front Panel 16

Back Panel 17

Placement Options 18

Desktop Option 18

Stand Option 18

Wall Option 19

Installing the Router 20

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide iv

Contents

Configuring the Router 21

Chapter 5: Setting Up and Configuring the Router 24

Setup 25

Setup > Summary 26

Setup > WAN 28

Setup > LAN 36

Setup > DMZ 40

Setup > MAC Address Clone 40

Setup > Advanced Routing 41

Setup > Time 43

Setup > IP Mode 44

Firewall 44

Firewall > Basic Settings 45

Firewall > IP Based ACL 46

Firewall > Internet Access Policy 50

Firewall > Single Port Forwarding 53

Firewall > Port Range Forwarding 54

Firewall > Port Range Triggering 55

ProtectLink 56

ProtectLink > ProtectLink Purchase 56

VPN 57

VPN > Summary 57

VPN > IPSec VPN 58

VPN > VPN Client Accounts 63

VPN > VPN Passthrough 65

QoS 65

QoS > Bandwidth Management 66

QoS > QoS Setup 68

QoS > DSCP Setup 69

Administration 70

Administration > Management 70

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide v

Contents

Router Access 70

Administration > Log 72

Administration > Diagnostics 74

Administration > Backup & Restore 75

Administration > Factory Default 76

Administration > Reboot 77

Administration > Firmware Upgrade 77

IPS 78

IPS > Configuration 78

IPS > P2P/IM 79

IPS > Report 80

IPS > Information 82

L2 Switch 82

L2 > Create VLAN 82

L2 > VLAN Port Setting 84

L2 > VLAN Membership 85

L2 > RADIUS 86

L2 > Port Setting 87

L2 > Statistics 88

L2 > Port Mirroring 89

L2 > RSTP 90

Status 91

Status > Gateway 91

Status > Local Network 93

Chapter 6: Using the VPN Setup Wizard 95

VPN Setup Wizard 95

Before You Begin 95

Running the VPN Router Software Wizard 96

Building Your VPN Connection Remotely 105

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide vi

Contents

Appendix A: Troubleshooting 113

Frequently Asked Questions 126

Appendix B: Using Cisco QuickVPN for Windows 2000, XP, or Vista 130

Overview 130

Before You Begin 130

Installing the Cisco QuickVPN Software 131

Installing from the CD-ROM 131

Downloading and Installing from the Internet 133

Using the Cisco QuickVPN Software 134

Distributing Certificates to QuickVPN Users 136

Appendix C: Configuring IPSec with a Windows 2000 or XP Computer 138

Introduction 138

Environment 139

Windows 2000 or Windows XP 139

RVS4000 139

How to Establish a Secure IPSec Tunnel 139

Establishing a Secure IPSec Tunnel 140

Appendix D: Gateway-to-Gateway VPN Tunnel 162

Overview 162

Before You Begin 162

Configuration when the Remote Gateway Uses a Static IP Address 163

Configuration when the Remote Gateway Uses a Dynamic IP Address 167

Configuration When Both Gateways Use Dynamic IP Addresses 172

Appendix E: Trend Micro ProtectLink Gateway Service 178

Overview 178

How to Access the Web-Based Utility 178

How to Purchase, Register, or Activate the Service 179

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide vii

Contents

ProtectLink 179

How to Use the Service 181

ProtectLink > Web Protection 182

ProtectLink > Email Protection 186

ProtectLink > License 186

Appendix F: Specifications 188

Specifications 188

Performance 188

Setup/Config 188

Management 189

Security Features 189

QoS 189

Network 190

VPN 190

Routing 190

Layer 2 190

Environmental 191

Appendix G: Where to Go From Here 192

Product Resources 192

Related Documentation 193

Preface

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 1

About This Document

The focus of this guide is on the hardware and software features found on the

Cisco Small Business RVS4000 4-Port Gigabit Security Router with VPN.

Advanced configuration settings and security options are covered in this

administration guide.

How to Use This Guide

This administration guide has been designed to make understanding the router

easier. Look for the following items when reading this guide:

CAUTION This exclamation point indicates that caution should be used when performing a

step or a serious error may occur.

NOTE This checkmark indicates there is a note of interest and is something you should

pay special attention to while using the router.

Organization

This table describes the contents of each chapter in this document.

Chapter Title Description

Chapter 1 Introduction Introduces the product and this user

manual.

Chapter 2 Networking and

Security Basics

Introduces basic networking and

security concepts.

Chapter 3 Planning Your Virtual

Private Network (VPN)

Describes how to connect the

product.

Preface

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 2

Finding Information in PDF Files

The Cisco RVS4000 router documents are published as PDF files. The PDF Find/

Search tool within Adobe® Reader® lets you find information quickly and easily

online. You can perform the following tasks:

•Search an individual PDF file.

•Search multiple PDF files at once (for example, all PDFs in a specific folder

or disk drive).

Chapter 4 Getting Started with the

RVS4000 Router

Describes the physical features of

the RVS4000 router and provides

information for installing the router.

Chapter 5 Setting Up and

Configuring the Router

Describes how to set up the product

software.

Chapter 6 Using the VPN Setup

Wizard

Describes how to configure a

gateway-to-gateway VPN tunnel

between two VPN routers.

Appendix A Troubleshooting Provides solutions to problems that

may occur during the installation and

operation of the router.

Appendix B Using Cisco QuickVPN

for Windows 2000, XP, or

Vista

Explains how to install and use the

Cisco QuickVPN software

Appendix C Configuring IPSec with a

Windows 2000 or XP

Computer

Explains how to establish a secure

IPSec tunnel using preshared keys to

join a private network inside the

router and a Windows 2000 or XP

computer.

Appendix D Gateway-to-Gateway

VPN Tunnel

Explains how to configure an IPSec

VPN tunnel between two VPN

routers by example.

Appendix E Trend Micro ProtectLink

Gateway Service

Explains how to use the Trend Micro

ProtectLink Gateway service

Appendix F Specifications Provides product specifications.

Chapter Title Description

Preface

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 3

•Perform advanced searches.

Finding Text in a PDF

Follow this procedure to find text in a PDF file.

STEP 1 Enter your search terms in the Find text box on the toolbar.

NOTE By default, the Find tool is available at the right end of the Acrobat toolbar. If the

Find tool does not appear, choose Edit > Find.

STEP 2 Optionally, click the arrow next to the Find text box to refine your search by

choosing special options such as Whole Words Only.

STEP 3 Press Enter.

STEP 4 Acrobat displays the first instance of the search term.

STEP 5 Press Enter again to continue to more instances of the term.

Finding Text in Multiple PDF Files

The

window lets you search for terms in multiple PDF files that are stored

on your computer or local network. The PDF files do not need to be open.

STEP 1 Start Acrobat Professional or Adobe Reader.

STEP 2 Choose Edit > Search, or click the arrow next to the

Find

box and then choose

Open Full Acrobat Search.

Preface

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 4

STEP 3 In the

window, complete the following steps:

a. Enter the text that you want to find.

b. Choose All PDF Documents in.

From the drop-down box, choose Browse for Location. Then choose the

location on your computer or local network, and click OK.

c. If you want to specify additional search criteria, click Use Advanced Search

Options, and choose the options you want.

d. Click Search.

Preface

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 5

STEP 4 When the Results appear, click + to open a folder, and then click any link to open

the file where the search terms appear.

For more information about the Find and Search functions, see the Adobe Acrobat

online help.

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 6

Introduction

Thank you for choosing the Cisco RVS4000 4-Port Gigabit Security Router with

VPN. The 4-Port Gigabit Security Router with VPN is an advanced Internet-sharing

network solution for your small business needs. Like any router, it lets multiple

computers in your office share an Internet connection.

The 4-Port Gigabit Security Router with VPN also features a built-in 4-Port full-

duplex 10/100/1000 Ethernet switch to connect four PCs directly, or you can

connect more hubs and switches to create as big a network as you need.

The Virtual Private Network (VPN) capability creates encrypted “tunnels” through

the Internet, allowing up to 5 remote offices and 5 traveling users to securely

connect into your office network from off-site. Users connecting through a VPN

tunnel are attached to your company’s network — with secure access to files, e-

mail, and your intranet — just as if they were in the building. You can also use the

VPN capability to allow users on your small office network to securely connect out

to a corporate network. The QoS features provide consistent voice and video

quality throughout your business.

The 4-Port Gigabit Security Router with VPN can serve as a DHCP Server, and has

a powerful SPI firewall and Intrusion Prevention System (IPS) to protect your PCs

against intruders and most known Internet attacks. It can be configured to filter

internal users’ access to the Internet, and has IP and MAC address filtering so you

can specify exactly who has access to your network. Configuration is a snap with

the web browser-based configuration utility.

This administration guide will give you all the information you need to connect, set

up, and configure your router.

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 7

Networking and Security Basics

This chapter describes networking and security basics. It includes the following

sections:

•An Introduction to LANs, page 7

•The Use of IP Addresses, page 7

•The Intrusion Prevention System (IPS), page 9

An Introduction to LANs

A router is a network device that connects two networks together.

The router connects your local area network (LAN), or the group of PCs in your

home or office, to the Internet. The router processes and regulates the data that

travels between these two networks.

The router’s Network Address Translation (NAT) technology protects your network

of PCs so users on the Internet cannot “see” your PCs. This is how your LAN

remains private. The router protects your network by inspecting the first packet

coming in through the Internet port before delivery to the final destination on one

of the Ethernet ports. The router inspects Internet port services like the web

server, ftp server, or other Internet applications, and, if allowed, it will forward the

packet to the appropriate PC on the LAN side.

The Use of IP Addresses

IP stands for Internet Protocol. Every device in an IP-based network, including PCs,

print servers, and routers, requires an IP address to identify its location, or

address, on the network. This applies to both the Internet and LAN connections.

There are two ways of assigning IP addresses to your network devices.

Networking and Security Basics

The Use of IP Addresses

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 8

A static IP address is a fixed IP address that you assign manually to a PC or other

device on the network. Since a static IP address remains valid until you disable it,

static IP addressing ensures that the device assigned it will always have that same

IP address until you change it. Static IP addresses are commonly used with

network devices such as server PCs or print servers.

If you use the router to share your cable or DSL Internet connection, contact your

ISP to find out if they have assigned a static IP address to your account. If so, you

will need that static IP address when configuring the router. You can get the

information from your ISP.

A dynamic IP address is automatically assigned to a device on the network. These

IP addresses are called dynamic because they are only temporarily assigned to

the PC or other device. After a certain time period, they expire and may change. If

a PC logs onto the network (or the Internet) and its dynamic IP address has

expired, the DHCP server will assign it a new dynamic IP address.

A DHCP server can either be a designated PC on the network or another network

device, such as the router. By default, the router’s Internet Connection Type is

Obtain an IP automatically (DHCP).

The PC or network device obtaining an IP address is called the DHCP client. DHCP

frees you from having to assign IP addresses manually every time a new user is

added to your network.

For DSL users, many ISPs may require you to log on with a user name and

password to gain access to the Internet. This is a dedicated, high-speed

connection type called Point to Point Protocol over Ethernet (PPPoE). PPPoE is

similar to a dial-up connection, but PPPoE does not dial a phone number when

establishing a connection. It also will provide the router with a dynamic IP address

to establish a connection to the Internet.

By default, a DHCP server (on the LAN side) is enabled on the router. If you already

have a DHCP server running on your network, you MUST disable one of the two

DHCP servers. If you run more than one DHCP server on your network, you will

experience network errors, such as conflicting IP addresses. To disable DHCP on

the router, see the Basic Setup section in Chapter 5, “Setting Up and Configuring

the Router.”

Networking and Security Basics

The Intrusion Prevention System (IPS)

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 9

NOTE Since the router is a device that connects two networks, it needs two IP

addresses—one for the LAN, and one for the Internet. In this Administration

Guide, you’ll see references to the “Internet IP address” and the “LAN IP

address”.

Since the router uses NAT technology, the only IP address that can be seen

from the Internet for your network is the router’s Internet IP address.

However, even this Internet IP address can be blocked so the router and

network seem invisible to the Internet.

The Intrusion Prevention System (IPS)

IPS is an advanced technology to protect your network from malicious attacks. IPS

works together with your SPI Firewall, IP Based Access Control List (ACL),

Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to

achieve the highest level of security. IPS works by providing real-time detection

and prevention as an in-line module in a router.

The RVS4000 has hardware-based acceleration for real-time pattern matching for

detecting malicious attacks. It actively filters and drops malicious TCP/UDP/ICMP/

IGMP packets and can reset TCP connections. This protects your client PCs and

servers running various operating systems including Windows, Linux, and Solaris

from network worm attacks. However, this system does not prevent viruses

contained in e-mail attachments.

The P2P (Peer-to-Peer) and IM (Instant Messaging) control allows the system

administrator to prevent network users from using those protocols to

communicate with people over the Internet. This helps the administrators to set up

company policies on how to use the Internet bandwidth wisely.

The signature file is the heart of the IPS system. It is similar to the Virus definition

file on your PC’s Anti-Virus software. IPS uses this file to match against packets

coming into the router and performs actions accordingly. The RVS4000 is shipped

with a signature file containing 1000+ rules, which cover the following categories:

DDoS, Buffer Overflow, Access Control, Scan, Trojan Horse, Misc., P2P, IM, Virus,

Worm, and Web Attacks.

Customers are encouraged to update their IPS signature file regularly to prevent

any new types of attacks on the Internet.

Networking and Security Basics

The Intrusion Prevention System (IPS)

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 10

IPS Scenarios

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 11

Planning Your Virtual Private Network (VPN)

This chapter provides information for planning your VPN and includes the

following sections:

•Why do I need a VPN?, page11

•What is a VPN?, page12

Why do I need a VPN?

Computer networking provides a flexibility not available when using an archaic,

paper-based system. With this flexibility, however, comes an increased risk in

security. This is why firewalls were first introduced. Firewalls help to protect data

inside of a local network. But what do you do once information is sent outside of

your local network, when e-mails are sent to their destination, or when you have to

connect to your company’s network when you are out on the road? How is your

data protected?

That is when a VPN can help. VPNs are called Virtual Private Networks because

they secure data moving outside of your network as if it were still within that

network.

When data is sent out across the Internet from your computer, it is always open to

attacks. You may already have a firewall, which will help protect data moving

around or held within your network from being corrupted or intercepted by entities

outside of your network, but once data moves outside of your network—when you

send data to someone via e-mail or communicate with an individual over the

Internet—the firewall will no longer protect that data.

At this point, your data becomes open to hackers using a variety of methods to

steal not only the data you are transmitting but also your network login and

security data. Some of the most common methods are as follows:

Planning Your Virtual Private Network (VPN)

What is a VPN?

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 12

1) MAC Address Spoofing

Packets transmitted over a network, either your local network or the Internet, are

preceded by a packet header. These packet headers contain both the source and

destination information for that packet to transmit efficiently. A hacker can use this

information to spoof (or fake) a MAC address allowed on the network. With this

spoofed MAC address, the hacker can also intercept information meant for

another user.

2) Data Sniffing

Data “sniffing” is a method used by hackers to obtain network data as it travels

through unsecured networks, such as the Internet. Tools for just this kind of activity,

such as protocol analyzers and network diagnostic tools, are often built into

operating systems and allow the data to be viewed in clear text.

3) Man in the middle attacks

Once the hacker has either sniffed or spoofed enough information, he can now

perform a “man in the middle” attack. This attack is performed, when data is being

transmitted from one network to another, by rerouting the data to a new

destination. Even though the data is not received by its intended recipient, it

appears that way to the person sending the data.

These are only a few of the methods hackers use and they are always developing

more. Without the security of your VPN, your data is constantly open to such

attacks as it travels over the Internet. Data travelling over the Internet will often

pass through many different servers around the world before reaching its final

destination. That’s a long way to go for unsecured data and this is when a VPN

serves its purpose.

What is a VPN?

A VPN, or Virtual Private Network, is a connection between two endpoints—a VPN

router, for instance—in different networks that allows private data to be sent

securely over a shared or public network, such as the Internet. This establishes a

private network that can send data securely between these two locations or

networks.

Planning Your Virtual Private Network (VPN)

What is a VPN?

Cisco RVS4000 4-Port Gigabit Security Router with VPN Administration Guide 13

This is done by creating a “tunnel”. A VPN tunnel connects the two PCs or

networks and allows data to be transmitted over the Internet as if it were still

within those networks. Not a literal tunnel, it is a connection secured by encrypting

the data sent between the two networks.

VPN was created as a cost-effective alternative to using a private, dedicated,

leased line for a private network. Using industry standard encryption and

authentication techniques—IPSec, short for IP Security—VPN creates a secure

connection that, in effect, operates as if you were directly connected to your local

network. VPN can be used to create secure networks linking a central office with

branch offices, telecommuters, and/or professionals on the road (travelers can

connect to a VPN router using any computer with the Cisco QuickVPN Client

software.)

There are two basic ways to create a VPN connection:

•VPN router to VPN router

•Computer (using the Cisco QuickVPN Client software) to VPN router

The VPN router creates a “tunnel” or channel between two endpoints, so that data

transmissions between them are secure. A computer with the Cisco QuickVPN

Client software can be one of the two endpoints (refer to Appendix B, “Using

Cisco QuickVPN for Windows 2000, XP, or Vista”). If you choose not to run the VPN

client software, any computer with the built-in IPSec Security Manager (Microsoft

2000 and XP) allows the VPN router to create a VPN tunnel using IPSec (refer to

Appendix C, “Configuring IPSec with a Windows 2000 or XP Computer”). Other

versions of Microsoft operating systems require additional, third-party VPN client

software applications that support IPSec to be installed.

VPN Router to VPN Router

An example of a VPN router-to-VPN router VPN would be as follows. At home, a

telecommuter uses his VPN router for his always-on Internet connection. His router

is configured with his office’s VPN settings. When he connects to his office’s router,

the two routers create a VPN tunnel, encrypting and decrypting data. As VPNs

utilize the Internet, distance is not a factor. Using the VPN, the telecommuter now

has a secure connection to the central office’s network, as if he were physically

connected. For more information, refer to Appendix D, “Gateway-to-Gateway VPN

Tunnel.”

Other manuals for QuickVPN - PC

This manual suits for next models

Table of contents

Other Cisco Network Router manuals

Popular Network Router manuals by other brands

NETGEAR

NETGEAR WNR2000v2 - Wireless- N 300 Router datasheet

Asus

Asus DSL-N17U user guide

Cabletron Systems

Cabletron Systems MMAC-Plus 9T106-01 user guide

D-Link

D-Link DIR-X1860 user manual

IBM

IBM J02M quick start

Longshine

Longshine LCS-883R-DSL-4FN manual

D-Link

D-Link DWR-953 Quick installation guide

eWON

eWON COSY 141 installation guide

QNAP

QNAP iVW-FH233 user manual

Huawei

Huawei V300R005 Configuration guide

D-Link

D-Link DWR-956 user manual

Alcatel

Alcatel OmniAccess 600- series quick start guide

American DJ

American DJ Duo Station User instructions

Linksys

Linksys RV082 user guide

ei3

ei3 Amphion S14-N quick start guide

BEC

BEC 7800 user manual

NetComm

NetComm NB9WMAXXn Setup guide

MikroTik

MikroTik CRS504-4XQ-IN quick guide

Cisco QuickVPN - PC Instruction Manual

Popular Network Router manuals by other brands