Linksys BEFVP41 - EtherFast Cable/DSL VPN Router User manual
Instant Broadband™ Series
EtherFast®Cable/DSL
VPN Router with
4-Port 10/100 Switch
Use this guide to install: BEFVP41
User Guide
COPYRIGHT & TRADEMARKS
Copyright © 2002 Linksys, All Rights Reserved. Instant Broadband is a registered trade-
mark of Linksys. Microsoft, Windows, and the Windows logo are registered trademarks
of Microsoft Corporation. All other trademarks and brand names are the property of their
respective proprietors.
LIMITED WARRANTY
Linksys guarantees that every Instant Broadband EtherFast®Cable/DSL VPN Router with
4-Port 10/100 Switch will be free from physical defects in material and workmanship for
one year from the date of purchase, when used within the limits set forth in the
Specifications section of this User Guide. If the product proves defective during this war-
ranty period, call Linksys Technical Support in order to obtain a Return Authorization
Number. BE SURE TO HAVE YOUR PROOF OF PURCHASE AND A BARCODE FROM
THE PRODUCT'S PACKAGING ON HAND WHEN CALLING. When returning a product,
mark the Return Authorization Number clearly on the outside of the package and include
a copy of your original proof of purchase. RETURN REQUESTS CANNOT BE
PROCESSED WITHOUT PROOF OF PURCHASE. All customers located outside the
United States of America and Canada shall be held responsible for shipping and han-
dling charges.
IN NO EVENT SHALL LINKSYS’S LIABILITY EXCEED THE PRICE PAID FOR THE PROD-
UCT FROM DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAM-
AGES RESULTING FROM THE USE OF THE PRODUCT, ITS ACCOMPANYING SOFT-
WARE, OR ITS DOCUMENTATION. LINKSYS DOES NOT OFFER REFUNDS FOR ANY
PRODUCT. Linksys makes no warranty or representation, expressed, implied, or statuto-
ry, with respect to its products or the contents or use of this documentation and all
accompanying software, and specifically disclaims its quality, performance, mer-
chantability, or fitness for any particular purpose. Linksys reserves the right to revise or
update its products, software, or documentation without obligation to notify any individ-
ual or entity. Please direct all inquiries to:
Linksys P.O. Box 18558, Irvine, CA 92623.
FCC STATEMENT
This Instant Broadband EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch has
been tested and complies with the specifications for a Class B digital device, pursuant
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference in a residential installation. This equipment generates, uses,
and can radiate radio frequency energy and, if not installed and used according to the
instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation. If this equipment
does cause harmful interference to radio or television reception, which is found by turn-
ing the equipment off and on, the user is encouraged to try to correct the interference by
one or more of the following measures:
• Reorient or relocate the receiving antenna
• Increase the separation between the equipment or devices
• Connect the equipment to an outlet other than the receiver’s
• Consult a dealer or an experienced radio/TV technician for assistance
UG-BEFVP41-012502C-JL
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 SwitchInstant Broadband™ Series
Table of Contents
Chapter 1: Introduction 1
The EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch 1
Features 1
Package Contents 2
System Requirements 2
Chapter 2: Getting to Know the EtherFast®
Cable/DSL VPN Router with 4-Port 10/100 Switch 3
The Cable/DSL VPN Router’s Rear Panel 3
The Reset Button 4
The Cable/DSL VPN Router’s Front Panel LEDs 4
Chapter 3: Connecting the Cable/DSL VPN Router
to Your Network 6
Overview 6
About Static & Dynamic IP Addresses 6
Connecting Everything Together & Booting Up 7
Chapter 4: Planning Your Virtual Private
Network (VPN) 10
Chapter 5: Configuring Your Network with the
Cable/DSL VPN Router 12
Configuring Your PCs to Connect to the Cable/DSL VPN Router 12
Configuring The Cable/DSL VPN Router 14
Chapter 5: The Cable/DSL VPN Router’s
Web-based Utility 18
Quick & Easy Administration 18
Setup 19
VPN 21
Password 28
Status 29
DHCP 31
Log 32
Help 33
Filters 35
Forwarding 38
Dynamic Routing 40
Static Routing 41
DMZ Host 43
MAC Address Cloning 44
Appendix A: Troubleshooting 45
Common Problems and Solutions 45
Frequently Asked Questions 47
Appendix B: Glossary 52
Appendix C: Configuring IPsec between a
Microsoft Windows 2000 or XP PC and a Linksys
Cable/DSL VPN Router 61
Introduction 61
Environment 61
Step-by-Step 62
Appendix D: SNMP Functions 81
Appendix E: How to Ping Your ISP’s E-mail &
Web Addresses 81
Appendix F: Installing the TCP/IP Protocol 84
Appendix G: Specifications 86
Environmental 86
Appendix H: Warranty Information 87
Appendix I: Contact Information 88
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
• One Linksys Instant Broadband™ EtherFast®Cable/DSL VPN Router with
4-Port 10/100 Switch
• One power adapter
• One user guide and registration card (not shown)
• One Quick Install (not shown)
• One Tech Helper CD-ROM
• One RJ-45 Broadband Internet connection
• One PC with an installed 10Mbps, 100Mbps, or 10/100 Mbps Ethernet card
• TCP/IP network protocol for each PC
• UTP Category 5 (or better) network cable with RJ-45 connector
• Microsoft Internet Explorer 4.0 or later, or Netscape Navigator 4.0 or later.
(5.0 and 4.7, respectively, are strongly recommended.)
2
Instant Broadband™ Series
1
Chapter 1:Introduction
The Cable/DSL VPN Router with 4-Port 10/100 Switch
Congratulations on your purchase of an Instant Broadband™ EtherFast®
Cable/DSL VPN Router with 4-Port 10/100 Switch. The Instant Broadband™
EtherFast®Cable/DSL VPN Router from Linksys is the perfect solution for
sharing a high-speed broadband Internet connection while still maintaining the
ultimate in network security.
Utilizing 56-bit DES and 168-bit 3DES encryption, header authentication, and
IKE key exchange access control, the EtherFast®Router’s full IPSec Virtual
Private Network (VPN) capability provides complete data privacy.
The EtherFast® Cable/DSL VPN Router also boasts an impressive array of fea-
tures including PPPoE support, NAT firewall, and a convenient web manage-
ment interface. Since the Router is compatible with virtually all major operat-
ing systems, it’s easy to set up and use, making the Instant Broadband™
EtherFast® Cable/DSL VPN Router the perfect solution for your broadband
needs.
• Full IPSec Virtual Private Network (VPN) capability
• Supports (56-Bit) DES and (168-Bit) 3DES Encryption Algorithms
• Supports MD5 and SHA Authentication Algorithms
• Supports IKE Key Management
• Hardware Security Co-Processor Inside
• Supports Up to 70 Tunnels
• Compatible with other IPSec VPN Products
• Acts as a DHCP Server for Your Existing Network
• NAT, PPPoE, IP Filter, and MAC Filter Support
• Free Technical Support—24 Hours a Day, 7 Days a Week, Toll-Free
US Calls
• 1-Year Limited Warranty
The EtherFast®Cable/DSL VPN Router with 4-Port 10/100
Switch
Features
Package Contents
System Requirements
Figure 1-1
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
The LAN Indicators
Power Green. The Power LED illuminates when the Router is pow-
ered on.
Link/Act Green. The Link/Act LED serves two purposes. If the LED
is continuously illuminated, the Router is successfully con-
nected to a device through the corresponding port (1-4). If
the LED is flickering, the Router is actively sending or
receiving data over that port.
4
Instant Broadband™ Series
3
Chapter 2:Getting to Know the
EtherFast®Cable/DSL VPN Router
with 4-Port 10/100 Switch
The rear panel of the Router is where all of the Router’s connections are made.
The Cable/DSL VPN Router’s Ports
WAN The WAN (Wide Area Network) Port is where you
will connect your Cable or DSL modem.
Ports 1-4 These four LAN (Local Area Network) ports are
where you will connect networked devices, such as
PCs, print servers, remote hard drives, and anything
else you want to put on your network.
Crossover Switch The Crossover Switch (XII) toggles Port 4 between
crossover mode (X) and straight-through mode (II).
If you are connecting the Router directly to a com-
puter or to an Uplink port, choose straight-through
(II). For anything else, please refer to the chart
shown in Chapter 3, Figure 3-1.
Power The Power Port is where you will connect the
included AC power adapter.
The Cable/DSL VPN Router’s Rear Panel
The Cable/DSL VPN Router’s Front Panel LEDs
Important: The Reset Button*
The Reset button can be used in one of two ways.
1. If your Router is having problems connecting to the Internet,
press the Reset button for just a moment with a paper clip or a
pencil tip. This clears up any jammed connections, and is sim-
ilar to pressing the Reset button on your PC to reboot it.
2. If you are experiencing extreme problems with your Router and
have tried all other troubleshooting measures, press the Reset
Button, and hold it down until the red Diag LED on the front
panel turns on and off completely.
This will restore factory defaults and clear all of the Router’s set-
tings, including the IP addresses you entered.
* The Reset Button is located on the rear panel of the Router.
Figure 2-1
Figure 2-2
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
6
Instant Broadband™ Series
5
Chapter 3:Connecting the
Cable/DSLVPN Router to Your
Network
Overview
Unlike a simple hub or switch, the setup of the EtherFast® Cable/DSL VPN
Router consists of more than simply plugging everything together. Because the
Router acts as a DHCP server, you will have to set some values within the
Router, and also configure your networked PCs to accept the IP Addresses the
Router chooses to assign them.
You will need the following values from your ISP in order to install the
EtherFast®Cable/DSL VPN Router:
• Your broadband-configured PC’s fixed Internet IP Address (if applicable)
• Your broadband-configured PC’s Computer Name and Workgroup Name
•Your Subnet Mask
•Your Default Gateway
•Your Primary DNS IP address
Whoever installed your broadband access should have left this information
with you. If not, call your ISP and they will be able to supply you with it.
About Static & Dynamic IP Addresses
Static IP Addresses A static IP address is an IP address permanently assigned
to a computer in a TCP/IP network. Static IP addresses are usually assigned to
networked devices which are consistently accessed by multiple users, such as
Server PCs, or printers. If you are using the Router to share your cable or DSL
Internet connection, contact your ISP to see if they have assigned your home a
static IP address.You will need that address during the Router’s configuration.
}Only if applicable
Full/Col Green. The Full/Col LED also serves two purposes. If this
LED is continuously illuminated, the connection made
through the corresponding port is successfully running in
Full Duplex mode. If the LED is flickering, the connection is
experiencing collisions. Infrequent collisions are normal. If
this LED is flickering too often, there may be a problem with
your connection. Check the Troubleshooting section if you
think there is a problem.
100 Orange. The 100 LED illuminates when a successful
100Mbps connection is made through the corresponding
port.
The WAN Indicators
Link Green. The Link LED illuminates when a successful connec-
tion is made between the Router and your Broadband device
or network.
Act Green. The Act LED flickers when the Router is sending or
receiving data over the broadband port.
Diag Red. The Diag LED illuminates when the Router goes
through its self-diagnosis mode during boot-up. It will turn
off upon successful completion of the diagnostic. If this LED
stays on for an abnormally long period of time, refer to the
Troubleshooting section.
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
3. If you are using Port 4 to connect to a PC, set the Crossover Switch to
straight-through mode (II). If you are connecting the Router to a hub or
switch, please refer to the chart shown in Figure 3-1 when setting the
Crossover Switch.
4. Connect the network cable from your cable or DSL modem to the WAN
port on your Router’s rear panel. This is the only port that will work for your
modem connection.
5. Connect the power adapter to the Power port on the rear panel of the
Router, and then plug the power adapter into a power outlet.
• The Power LED on the front panel will light up green as soon as the power
adapter is connected properly.
• The Diag LED will light up red for a few seconds when the Router goes
through its self-diagnostic test. This LED will turn off when the self-test is
complete.
8
Instant Broadband™ Series
7
Dynamic IP Addresses A dynamic IP address is an IP address that is automati-
cally assigned to a client station (computer, printer, etc.) in a TCP/IP network.
Dynamic IP addresses are typically assigned by a DHCP server, which can be
a computer on the network or another piece of hardware, such as the Router. A
dynamic IP address may change every time your computer connects to the net-
work.
DHCP (Dynamic Host Configuration Protocol) DHCP is software that automati-
cally assigns IP addresses to client stations logging onto a TCP/IP network.
DHCP eliminates having to manually assign permanent IP addresses to every
device on your network. DHCP software typically runs in servers and is also
found in network devices such as Routers.
Connecting Everything Together & Booting Up
Once you are sure that you have the above values on hand, you can begin the
installation and setup of the EtherFast® Cable/DSL VPN Router.
1. Power everything down, including your PCs, your Cable or DSL modem
and the Router.
2. Connect a network cable from one of your PCs’Ethernet ports to one of the
LAN ports on the back of the Router. Do the same with all the PCs you wish
to connect to the Router.
Note: Some ISPs—most notably some cable providers—configure
their networks so that you do not have to enter a full Internet address
into your web browser or e-mail application to reach your home page
or receive your e-mail. If your Internet home page address is some-
thing very simple, such as “www”, rather than “www.linksys.com”,
or your e-mail server’s address is something similar to “e-mail” or
“pop3”, rather than “pop.mail.linksys.com”, you won’t be able to
properly configure the Cable/DSL VPN Router until you determine
the actual Internet addresses of your Web and e-mail connections.
You must obtain this information prior to connecting the Router to
your network.You can obtain this information by contacting your ISP,
or turn to the How to PingYour ISP’s E-mail and Web Addresses
section in the Appendix.
Note: The diagram above is for reference purposes only. Every
network is different. If you do not make a connection to a hub or
switch by using the settings above, change the position of the
Crossover Switch.
Figure 3-1
Important: It is highly recommended that you plug your Router
into a power strip with surge protection.
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
Chapter 4:Planning Your Virtual
Private Network (VPN)
A VPN is a private network that sends data securely through a public network,
like the Internet. VPN was created as a cost-effective alternative to using a pri-
vate, dedicated, leased line for a private network. Using special encryption
techniques, the VPN creates a secure connection that, in effect, operates as if
you are directly connected to your local network. Virtual Private Networking
can be used to create secure networks linking a central office with branch
offices, telecommuters, and/or professionals on the road.
There are two basic ways to create a VPN connection (See Figure 4-1):
· Gateway to gateway
· Host to gateway
A gateway is a device that features VPN server capabilities. An example of a
gateway is the Cable/DSL VPN Router. The Router functions as a VPN server,
creating a “tunnel” or channel between itself and a remote location, so that data
transmissions between them are secure. A host is a device, such
109
Instant Broadband™ Series
6. Turn on the cable or DSL modem.
7. Press the Reset button on the Router’s front panel with a paper clip or a
pencil. Hold the button in until the Diag LED lights up and then turns off.
This will restore the Router’s factory default settings.
The Hardware Installation is complete.
Figure 4-1
Important: You must have aVPN gateway or host on each end of the
VPN tunnel.
Instant Broadband™ Series
as a computer, with VPN host software installed. Microsoft 2000 and XP have
built-in VPN host software; other versions of Microsoft operating systems
require additional, third-party software applications to be installed.
Gateway to Gateway
An example of a gateway-to-gateway VPN would be a Cable/DSL VPN Router
(gateway) linked to the central office's VPN server (gateway). At home, a
telecommuter uses his Cable/DSL VPN Router for his always-on Internet con-
nection. His Router has a built-in VPN server configured with his office’s VPN
settings. He starts up the Router’s utility and connects to the VPN server at the
central office 40 miles* away. Using the VPN, the telecommuter now has a
secure connection to the central office’s network, as if he were physically con-
nected.
Host to Gateway
An example of a host-to-gateway VPN would be a notebook computer (host)
linked to the central office’s VPN server (gateway). In her hotel room, a travel-
ing businesswoman dials up her ISP. Her notebook computer has VPN host
software configured with her office’s VPN settings. She starts up the VPN host
software and connects to theVPN server at the central office 4000 miles* away.
Using the VPN, the businesswoman now has a secure connection to the central
office’s network, as if she were physically connected.
For additional information and instructions about creating your own VPN,
please visit Linksys’s website at www.linksys.com.
*Distances are examples only; VPNs have no distance limitations.
11 12
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
Chapter 5:Configuring Your
Network with the Cable/DSLVPN
Router
You must now configure your other PCs to accept the IP addresses that the
Router will provide.
1. Click the Start button, select Settings, and then Control Panel.
2. Double-click the Network icon.
3. In the Configuration window, select the TCP/IP protocol line that has been
associated with your network card/adapter. If there is no TCP/IP line listed,
go to the Appendix to install the TCP/IP Protocol now.
Configuring Your PCs to Connect to the Cable/DSL VPN
Router
Note: Make sure that a Network Card or Adapter has been successful-
ly installed into each PC you plan on configuring prior to continuing.
Note: These instructions apply only to Windows 95, Windows 98,
and Windows ME machines. For TCP/IP setup under Windows NT,
2000 and XP, please refer to your Windows manual.
Figure 5-1
1413
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
Now that the Cable/DSLVPN Router is wired into your network, you can begin
configuring your system.
1. Open your web browser and type http://192.168.1.1 in the browser’s
Address box. This number is the default IP address of
the Router. Press the Enter key.
2. A User Name and password prompt will appear. Leave the User Name
field empty, and type admin (the default password) in the Password field.
Click the OK button. If the screen does not appear, make sure your network
adapter is working properly, the network cable is connected, and the Link
LED is lit up on the Router. Restart the computer to obtain an IP address
automatically.
Configuring the Cable/DSL VPN Router
Note: If the TCP/IP protocol is not configured on your PC, go to the
Appendix for TCP/IP installation instructions now.
Important: If you have previously enabled an Internet Sharing
Proxy Service on any of your PCs, you must disable it now.
• If you are running Netscape Navigator, click Edit >>
Preference >> Advanced >> Proxies >> Direct Connection to
the Internet.
• If you are running Internet Explorer v5 or better, click Start >>
Settings >> Control Panel >> Internet Options >>
Connections >> LAN Settings. Remove the checks from all
three boxes. Click OK to continue.
Instant Broadband™ Series
4. Click the Properties button, and then choose the IP Address tab. Select
Obtain an IP address automatically. Click the OK button. You have com-
pleted the client settings.
5. Click the OK button. Windows may ask for original Windows installation
files. Supply them as needed (i.e.: D:\win98, D:\win95, D:\win9x,
c:\windows\options\cabs).
6. Windows will ask you to restart the PC. Click the Yes button.
Repeat these steps for each PC on your network. When all of your PCs are
configured, the Cable/DSLVPN Router Setup and Installation is complete.
Figure 5-2
Figure 5-3
Figure 5-4
1615
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
WAN IP Address These values refer
to the outside network you connect
to every time you access your
Broadband Internet connection. Most
Broadband ISPs assign their clients with a
different IP address each time they log on.
If this is the case with your ISP, click
Obtain an IP Address Automatically and
skip to the next step. If your ISP assigns you
a fixed IP address, click Specify an IP
Address and enter the address into the
Subnet Mask, Default Gateway Address
and DNS fields provided by the ISP.
5. When you have properly configured the Setup page, click the Apply but-
ton, and then click the Continue button.
6. Choose the DHCP tab.
Important: If you have an
existing DHCP server on
your LAN and you don’t
wish to use the router as
your new DHCP server, you
must assign your router a
static LAN IP address. The
router’s IP address must be
compatible with your exist-
ing network. You can not
have two DHCP servers
running on one LAN at the
same time.
Important: To enable PPPoE support, choose Enable, and enter
your User Name and Password. If you do enable PPPoE, remem-
ber to disable any existing PPPoE applications already on your
computer. (More information on PPPoE can be found in the next
section.)
Instant Broadband™ Series
3. The Cable/DSLVPN Router with 4-Port 10/100 Switch’s Setup page will
appear.
4. Configure the following values.
Host Name & Domain Name These fields allow you to supply a host and
domain name for the Router. Some ISPs require these names as identifi-
cation. You may have to check with your ISP to see if your Broadband
Internet service has been configured with a host and domain name. In
most cases, these fields may be left blank.
LAN IP Address These values refer to your internal network settings.
Unless you have specific internal needs, there should be no reason to
change these values. For the internal LAN, the default values are as fol-
lows.
• Private IP Address: 192.168.1.1
• Subnet Mask: 255.255.255.0
Note: The
setup page
shown here
may vary
slightly
from the
one seen on
your router.
Figure 5-5
Figure 5-6
1817
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
Chapter 6:The Cable/DSL VPN
Router’s Web-based Utility
Quick & Easy Administration
The EtherFast Cable/DSL VPN Router has an internal integrated-circuit chip
with no keyboard, monitor, or mouse capabilities. Because of these limitations,
an administrative utility has been programmed into that chip. All router-based
administrative tasks are performed through this utility. The utility can be
accessed by any PC on the network by typing http://192.168.1.1 into the PC’s
web browser address window.
Upon entering the address into the web browser, a password request page will
pop up.
Leave the User Name field empty, but type admin into the Password field.
Then click the OK button.
On the following pages you will find brief descriptions of each utility webpage
and each page’s more important functions. More detailed explanations and
instructions can be found by clicking each page’s Help button. To apply any
settings you’ve altered on any page, click the Apply button, and then click the
Continue button. To clear any values you’ve entered on any page, click the
Cancel button.
Instant Broadband™ Series
7. Unless you already have a DHCP server on your internal network, choose
Enable from the DHCP Server field. By choosing Enable, you will config-
ure the Router to automatically assign IP addresses to each of your PCs. In
the Number of DHCP Users field, enter the number of PCs you plan on net-
working to the Router, or leave it alone. Don’t forget to change this number
if, in the future, you add more PCs to your network.
8. Click the Apply button, and then click the Continue button.
9. Reset the power on the cable or DSL modem, then restart the computer so
the computer can obtain the new Router information.
The Cable/DSLVPN Router is now configured to your network.
Please continue to the following section to complete your network setup.
Figure 6-1
Figure 6-2
2019
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
• Host Name & Domain Name These fields allow you to supply a host and
domain name for the Router. Some ISPs require these names as identifica-
tion.You may have to check with your ISP to see if your Broadband Internet
service has been configured with a host and domain name. In most cases,
these fields may be left blank.
• Firmware Version This entry shows the version of the firmware you are
using. Future versions of the Router’s Firmware may be available on the
Linksys website at www.linksys.com.
• LAN IP Address The IP Address and Subnet Mask of the Router as it is
seen on the internal LAN. The default value is 192.168.1.1 for IP and
255.255.255.0 for Subnet Mask.
• WAN IPAddress The IPAddress and Subnet Mask of the Router as seen
by external users on the Internet (including your ISP). Most Broadband
ISPs assign their clients with a different IP address each time they log on.
IF this is the case with your ISP, click Obtain an IP Address
Automatically. If your ISP assigns you a fixed IP address, click Specify an
IP Address and enter the address into the Subnet Mask, Default Gateway
Address and DNS fields provided by the ISP.
You can test and see if the above settings are correct by successfully connect-
ing to the Internet.
• Login Some DSL-based ISPs use PPPoE (Point-to-Point Protocol over
Ethernet) to establish communications with an end-user. If you are con-
nected to the Internet through a DSL line, check with your ISP to see if they
use PPPoE. If they do, you will have Enable it. To enable PPPoE:
1. Choose the PPPoE option within the Login area of the Setup screen.
2. Enter the User Name you use to log onto your Internet connection.
3. Enter your corresponding Password.
RAS is a service that applies for connections in Singapore only. For users
in Singapore, check with Singtel for more information.
The Login option is set to Disable by default.
Instant Broadband™ Series
Setup
The Basic Setup screen is the first screen you will see when you access the
Utility. If you have already installed and setup the Router, you have already
seen this screen and have already properly configured all of the screen’s values.
Note: The Setup page shown here may vary slightly from
the one seen on your router.
Figure 6-3
Establishing a “Tunnel”
The VPN Router creates a “tunnel” or channel between two end points, so that
the data or information between these points is secure. To establish this tunnel,
select the tunnel you wish to create in the SelectTunnel Entry drop-down box.
It is possible to create up to 70 simultaneous tunnels.
Then check the box next to Enable to enable the tunnel.
Once the tunnel is enabled, enter the name of the tunnel in the Tunnel Name
field. This is to allow you to identify multiple tunnels and does not have to
match the name used at the other end of the tunnel.
Under Local Secure Group and Remote Secure Group, you may choose one
of three options:
• Subnet - If you select Subnet (which is the default), this will allow all com-
puters on the local subnet to access the tunnel. In the example shown in
Figure 5-5, all Local Secure Group computers with IP Addresses
192.168.1.xxx will be able to access the tunnel. All Remote Secure Group
computers with IPAddresses 192.168.2.xxx will be able to access the tunnel.
When using the Subnet setting, the default values of 0should remain in the
IP and Mask fields.
Note: It is possible to set up your VPN Router using any combination of
the three settings under Local and Remote Secure Group. For instance,
when Subnet is chosen on the local end of the tunnel, Subnet does not have
to be chosen at the remote end. So a single IPAddress could be chosen to
access the tunnel on the local end and a range of IPAddresses could be set
at the remote end of the tunnel.
Note: The IP Addresses and Subnet Mast values used here are for example
only. Do not try to use them for your actual setup. Obtain the relevant infor-
mation from your own network to accurately configure your VPN Router.
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
22
Virtual Private Networking (VPN) is a security measure that basically creates
a secure connection between two remote locations. This connection is very
specific as far as its settings are concerned, which is what creates the security.
The VPN screen will allows you to configure your VPN settings to make your
network more secure.
VPN
Note: Network security, while a desirable and often necessary
aspect of networking, is complex and requires a thorough under-
standing of networking principles.
Instant Broadband™ Series
21
Figure 6-4
Figure 6-5
Using Encryption also helps make your connection more secure. There are
two different types of encryption: DES or 3DES. You may choose either of
these, but it must be the same type of encryption that is being used by the
VPN device at the other end of the tunnel. Or, you may choose not to
encrypt by selecting Disable. In our example shown in Figure 5-8, DES
(which is the default) has been selected.
Authentication acts as another level of security. There are two types of
authentication: MD5 and SHA. As with encryption, either of these may be
selected, provided that the VPN device at the other end of the tunnel is using
the same type of authentication. Or, both ends of the tunnel may choose to
Disable authentication. In Figure 5-8, MD5 (the default) has been selected.
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
24
• IP Address - If you select IP Address, only the computer with the spe-
cific IP Address that you enter will be able to access the tunnel. In the
example shown in Figure 5-6, only the computer with IP Address
192.168.1.104 can access the tunnel from this end. Only the computer
with IP Address 192.168.2.58 can access the tunnel from the remote end.
• IP Range - If you select IP Range, it will be a sort of combination of
Subnet and IP Address. You can specify a range of IP Addresses on the
Subnet which will have access to the tunnel. In the example shown in
Figure 5-7, all computers on this end of the tunnel with IP Addresses
between 192.168.1.2 and 192.168.1.200 can access the tunnel from the
local end. Only computers assigned an IP Address between 192.168.2.2
and 192.168.2.135 can access the tunnel from the remote end.
Under Remote Security Gateway, enter the IP Address of theVPN device at the
other end of the tunnel. The remote VPN device can be another VPN Router, a
VPN Server, or a host with VPN software. In the example shown in Figure 5-7,
the IP Address of the Remote Security Gateway is 140.111.1.2. This IP Address
may either be static (permanent) or dynamic (changing), depending on the set-
tings of the remoteVPN device. Make sure that you have entered the IP Address
correctly, or the connection cannot be made. Remember, this is NOT the IP
Address of this VPN Router, but the IP Address of the remote VPN device with
which you wish to communicate.
Instant Broadband™ Series
23
Figure 6-6
Figure 6-7
Figure 6-8
Once your are satisfied with all your settings, click the Apply button. If you
make any mistakes, clicking the Cancel button will exit the screen without sav-
ing any changes, provided that you have not already clicked the Apply button.
After the VPN device is set up at the other end of the tunnel, you may click the
Connect button to use the tunnel. This assumes that both ends of the tunnel
have a physical connection to each other (e.g., over the Internet, physical
wiring, etc.). After clicking the Connect button, click the Summary button. If
the connection is made, the screen shown in Figure 5-11will appear:
Under Status, the word Connected should appear if the connection is success-
ful. The other fields reflect the information that you entered on theVPN screen
to make the connection.
If Disconnected appears under Status, some problem exists that prevents the
creation of the tunnel. Make sure that all of your wiring is securely connected.
Double-check all the values you entered on the VPN screen to make sure they
are correct. If the other end of the tunnel is some distance from you (e.g., in
another city, etc.), call to make sure that the settings on that end of the tunnel
are correct as well.
If, for any reason, you experience a temporary disconnection, the connection will
be re-established as long as the settings on both ends of the tunnel stay the same.
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
26
In order for any encryption to occur, the two ends of the tunnel must agree on
the type of encryption and the way the data will be decrypted. This is done by
sharing a “key” to the encryption code. Under Key Management, you may
choose Auto (IKE) and enter a series of numbers or letters in the Pre-shared
Key field. In the example shown in Figure 5-9, the word MyTest is used. Based
on this word, which MUST be entered at both ends of the tunnel if this method
is used, a code is generated to scramble (encrypt) the data being transmitted over
the tunnel, where it is unscrambled (decrypted). You may use any combination
of up to 23 numbers or letters in this field. No special characters or spaces are
allowed. In the Key Lifetime field, you may optionally select to have the key
expire at the end of a time period of your choosing. Enter the number of seconds
you’d like the key to be useful, or leave it blank for the key to last indefinitely.
Similarly, you may choose Manual Keying, which allows you to generate the
code yourself. Enter your code into the Encryption KEY field. Then enter an
Authentication KEY into that field. These fields must both match the infor-
mation that is being entered in the fields at the other end of the tunnel. The
example in Figure 5-10 shows some sample entries for both the Encryption and
Authentication Key fields. Again, up to 23 alphanumeric characters are
allowed to create this key.
The Inbound SPI and Outbound SPI fields are different, however. The
Inbound SPI value set here must match the Outbound SPI value at the other end
of the tunnel. The Outbound SPI here must match the Inbound SPI value at the
other end of the tunnel. In the example (see Figure 5-10), the Inbound SPI and
Outbound SPI values shown would be opposite on the other end of the tunnel.
Only numeric characters can be used in these fields.
Instant Broadband™ Series
25
Figure 6-9
Figure 6-10
Figure 6-11
28
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
•Router Password It is strongly recommended that you set a password for
the Router. When you first power up the Router, the default Password set-
ting is admin.
If you do not change the password, all users on your network will be able to
access the Router simply by entering the unit’s IP address into their web
browser’s location window and entering admin to access the Router.
If you select the Restore Factory Default option and click the Apply button,
you will clear all of the Router’s settings.
Do not restore the factory defaults unless you are having difficulties with
the Router and have exhausted all other troubleshooting measures. Once the
Router is reset, you will have to re-enter all of your configuration data.
Password
To get more details concerning your tunnel connection, click the View Log but-
ton. The screen in Figure 5-12 will appear:
TheVPN Log screen displays successful connections, transmissions and recep-
tions, and the types of encryptions used.
Once you no longer have need of the tunnel, simply click the Disconnect but-
ton on the bottom of the VPN page.
Instant Broadband™ Series
27
Figure 6-12
Figure 6-13
3029
The Status screen provides the current status of the device. All of the informa-
tion provided is read-only.
•Host Name This field shows the name of this device. This entry is neces-
sary for some ISPs.
•Firmware Version This field shows the installed version of the firmware.
•Login This field shows whether or not you have enabled the use of the
Router’s PPPoE (Point-to-Point Protocol over Ethernet) support. Click
the Connect button if your PPPoE status is Disconnected. This will initiate
a connection to your ISP. Click Disconnect if you want to cut your connec-
tion to your ISP.
•LAN These fields display the current IP Address and Subnet Mask of the
Router, as seen by users on your internal network, as well as the status of
the Router’s DHCP server function. This option is either enabled or dis-
abled.
•WAN These fields display the IPAddress, Subnet Mask and Gateway IP of
the Router as seen by external users on the Internet, as well as the IP
Address of the DNS currently being used. Multiple DNS IP settings are
common. The first available DNS entry is used in most cases.
•DHCP Release Click on the DHCP Release button to delete your PC’s
current IP address.
•DHCP Renew Click on the DHCP Renew button to replace your PC’s cur-
rent IP address with a new IP address.
•DHCP Client Table Click on the Client Table button to show the current
DHCP Client information. (This information is stored in temporary memo-
ry, so the list of clients could disappear.)
He
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
Instant Broadband™ Series
•SNMP Community allows a name to be assigned to any SNMP communi-
ties that have been setup in the network. Four different communities can be
defined, including the two default communities—public and private. For
each SNMP Community name, you can configure each community's
accessibility, making it either Read-Only or Read-Write.
•Restore Factory Default If you set this option to Yes and click the Apply
button, you will clear all of the Router’s settings. Do not restore to the fac-
tory defaults unless you are having difficulties with the Router. Once the
Router is reset, you will have to re-enter your configuration information.
Status
Figure 6-14
The Log feature provides you with a log of all incoming and outgoing URLs or
IP addresses for your Internet connection. The Logviewer keeps track of all
incoming and outgoing activity that can be saved in a text file. The IP address
points to the location where Logviewer is running.
The Outgoing Access Log lists all the URLs or IP addresses of Internet sites
that users on your network have accessed, and the Incoming Access Log gives
you a log of all incoming Internet traffic.
This data can also be accessed by other network users if the file is shared.
•Access Log To activate logging, click the Enable button.
•Send Log to Enter in the IP address of the PC that you want to send the log
to (where your PC is running Logviewer). Make sure that this PC is using
a static IP address. Click the Apply button and then the Continue button
when you’re done. You may download the Logview software at
www.linksys.com.
• Click on OutgoingAccess Log or Incoming Access Log to view each log.
• To disable Logging, click on Disable in the Log window, and then click the
Apply button and the Continue button.
Log
32
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
Instant Broadband™ Series
31
A DHCP (Dynamic Host Configuration Protocol) Server automatically assigns
IP addresses to each computer on your network. Unless you already have one,
it is highly recommended that the Router be set up as a DHCP server.
•DHCP Server Check the Enable option to enable the DHCP server option
of the Router. If you already have a DHCP server on your network, set the
Router’s DHCP option to Disable.
•Starting IP Address Enter a numerical value for the DHCP server to start
with when issuing IP addresses. Do not start with the IP address of the
Router: 192.168.1.1.
•Number of DHCP users Enter the maximum number of PCs that you want
the DHCP server to assign IP addresses to, with the absolute maximum
being 253.
•DHCP Client Table Click on the Client Table button to show the current
DHCP Client information. (This information is stored in temporary memo-
ry, so the list of clients could disappear.)
• When finished, click the Apply button and then the Continue button.
DHCP
Figure 6-15 Figure 6-16
To upgrade the Router’s firmware:
1. Download the latest firmware version from the Linksys website
(www.linksys.com).
2. Go to the Help screen.
3. Click Upgrade Firmware. The page shown in Figure 5-18 will appear.
4. Enter your Router’s administration password into the Password field.
5. Click the Browse button and type the firmware upgrade file that you down-
loaded from the Linksys website into the File Path field.
6. Click the Upgrade button, and follow the instructions there.
EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch
3433
On the Help screen, you will find links to all of the Utility’s internal support
documentation, as well as the application that upgrades the Router’s firmware.
Clicking on any of the topics in the bar on the left will give you help informa-
tion about that topic.
Clicking on the Linksys Website link in the center area will take you to
Linksys’s website, provided you are connected to the Internet. If the link does
not take you to the Linksys website, you may alternately type www.linksys.com
in the address bar at the top of the screen.
Clicking on the Online manual in PDF format link will take you to the latest
version of the manual for this product. The manual will be in Adobe Acrobat
Portable Document File (.pdf) format. You will need theAdobe Acrobat Reader
to view this version of the manual. If you do not have theAcrobat Reader, click
on the Adobe Website link to get it.
For instructions on upgrading your router’s firmware, see the next page.
Help
Instant Broadband™ Series
Figure 6-17
Figure 6-18
Other manuals for BEFVP41 - EtherFast Cable/DSL VPN Router
7
Table of contents
Other Linksys Wireless Router manuals
Linksys
Linksys WRT54G2 - Wireless-G Broadband Router User manual
Linksys
Linksys WRT32X User manual
Linksys
Linksys WRT54G - Wireless-G Broadband Router... User manual
Linksys
Linksys WRVS4400N - Small Business Wireless-N Gigabit Security... User manual
Linksys
Linksys WRT160N - Wireless-N Broadband Router... User manual
Linksys
Linksys EtherFast BEFW11P1 User manual
Linksys
Linksys Linksys E1500 User manual
Linksys
Linksys WRT55AG - Wireless A+G Broadband Router Original operating instructions
Linksys
Linksys WRT51AB User manual
Linksys
Linksys WRT54G3GV2-ST - Wireless-G Router For Mobile Broadband... User manual
Linksys
Linksys E9450 User manual
Linksys
Linksys WRT54GC - Compact Wireless-G Broadband Router... User manual
Linksys
Linksys EtherFast Instant Broadband BEFW11S4 Original operating instructions
Linksys
Linksys WRT54G3G - Wireless-G Router For Verizon Wireless... User manual
Linksys
Linksys WRK54G User manual
Linksys
Linksys WRV210 - Wireless-G VPN Router User manual
Linksys
Linksys WRTH54GS User manual
Linksys
Linksys MAX-STREAM MR6350 Owner's manual
Linksys
Linksys RT41-BU User manual
Linksys
Linksys WRT54GR - Wireless-G Broadband Router Original operating instructions
Popular Wireless Router manuals by other brands
TP-Link
TP-Link TD-W8961ND Operation manual
ZyXEL Communications
ZyXEL Communications P-335U user guide
Apollo
Apollo VioNet 3000 series User guide and instruction manual
Shenzhen JiXinInteligence
Shenzhen JiXinInteligence XR-50B user manual
US Robotics
US Robotics WIRELESS ROUTER 5466 Quick installation guide
Huawei
Huawei EG8245W5-6T quick start