Linksys Befvp41 - etherfast cable/dsl vpn router User manual

Instant Broadband™ Series

EtherFast®Cable/DSL

VPN Router with

4-Port 10/100 Switch

Use this guide to install: BEFVP41

User Guide

mark of Linksys. Microsoft, Windows, and the Windows logo are registered trademarks

of Microsoft Corporation. All other trademarks and brand names are the property of their

respective proprietors.

LIMITED WARRANTY

Linksys guarantees that every Instant Broadband EtherFast®Cable/DSL VPN Router with

4-Port 10/100 Switch will be free from physical defects in material and workmanship for

one year from the date of purchase, when used within the limits set forth in the

Specifications section of this User Guide. If the product proves defective during this war-

ranty period, call Linksys Technical Support in order to obtain a Return Authorization

Number. BE SURE TO HAVE YOUR PROOF OF PURCHASE AND A BARCODE FROM

THE PRODUCT'S PACKAGING ON HAND WHEN CALLING. When returning a product,

mark the Return Authorization Number clearly on the outside of the package and include

a copy of your original proof of purchase. RETURN REQUESTS CANNOT BE

PROCESSED WITHOUT PROOF OF PURCHASE. All customers located outside the

United States of America and Canada shall be held responsible for shipping and han-

dling charges.

IN NO EVENT SHALL LINKSYS’S LIABILITY EXCEED THE PRICE PAID FOR THE PROD-

UCT FROM DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAM-

AGES RESULTING FROM THE USE OF THE PRODUCT, ITS ACCOMPANYING SOFT-

WARE, OR ITS DOCUMENTATION. LINKSYS DOES NOT OFFER REFUNDS FOR ANY

PRODUCT. Linksys makes no warranty or representation, expressed, implied, or statuto-

ry, with respect to its products or the contents or use of this documentation and all

accompanying software, and specifically disclaims its quality, performance, mer-

chantability, or fitness for any particular purpose. Linksys reserves the right to revise or

update its products, software, or documentation without obligation to notify any individ-

ual or entity. Please direct all inquiries to:

Linksys P.O. Box 18558, Irvine, CA 92623.

FCC STATEMENT

This Instant Broadband EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch has

been tested and complies with the specifications for a Class B digital device, pursuant

to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection

against harmful interference in a residential installation. This equipment generates, uses,

and can radiate radio frequency energy and, if not installed and used according to the

instructions, may cause harmful interference to radio communications. However, there is

no guarantee that interference will not occur in a particular installation. If this equipment

does cause harmful interference to radio or television reception, which is found by turn-

ing the equipment off and on, the user is encouraged to try to correct the interference by

one or more of the following measures:

• Reorient or relocate the receiving antenna

• Increase the separation between the equipment or devices

• Connect the equipment to an outlet other than the receiver’s

• Consult a dealer or an experienced radio/TV technician for assistance

UG-BEFVP41-012502C-JL

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 SwitchInstant Broadband™ Series

Table of Contents

Chapter 1: Introduction 1

The EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch 1

Features 1

Package Contents 2

System Requirements 2

Chapter 2: Getting to Know the EtherFast®

Cable/DSL VPN Router with 4-Port 10/100 Switch 3

The Cable/DSL VPN Router’s Rear Panel 3

The Reset Button 4

The Cable/DSL VPN Router’s Front Panel LEDs 4

Chapter 3: Connecting the Cable/DSL VPN Router

to Your Network 6

Overview 6

About Static & Dynamic IP Addresses 6

Connecting Everything Together & Booting Up 7

Chapter 4: Planning Your Virtual Private

Network (VPN) 10

Chapter 5: Configuring Your Network with the

Cable/DSL VPN Router 12

Configuring Your PCs to Connect to the Cable/DSL VPN Router 12

Configuring The Cable/DSL VPN Router 14

Chapter 5: The Cable/DSL VPN Router’s

Web-based Utility 18

Quick & Easy Administration 18

Setup 19

VPN 21

Password 28

Status 29

DHCP 31

Log 32

Help 33

Filters 35

Forwarding 38

Dynamic Routing 40

Static Routing 41

DMZ Host 43

MAC Address Cloning 44

Appendix A: Troubleshooting 45

Common Problems and Solutions 45

Frequently Asked Questions 47

Appendix B: Glossary 52

Appendix C: Configuring IPsec between a

Microsoft Windows 2000 or XP PC and a Linksys

Cable/DSL VPN Router 61

Introduction 61

Environment 61

Step-by-Step 62

Appendix D: SNMP Functions 81

Appendix E: How to Ping Your ISP’s E-mail &

Web Addresses 81

Appendix F: Installing the TCP/IP Protocol 84

Appendix G: Specifications 86

Environmental 86

Appendix H: Warranty Information 87

Appendix I: Contact Information 88

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

• One Linksys Instant Broadband™ EtherFast®Cable/DSL VPN Router with

4-Port 10/100 Switch

• One power adapter

• One user guide and registration card (not shown)

• One Quick Install (not shown)

• One Tech Helper CD-ROM

• One RJ-45 Broadband Internet connection

• One PC with an installed 10Mbps, 100Mbps, or 10/100 Mbps Ethernet card

• TCP/IP network protocol for each PC

• UTP Category 5 (or better) network cable with RJ-45 connector

• Microsoft Internet Explorer 4.0 or later, or Netscape Navigator 4.0 or later.

(5.0 and 4.7, respectively, are strongly recommended.)

Instant Broadband™ Series

Chapter 1:Introduction

The Cable/DSL VPN Router with 4-Port 10/100 Switch

Congratulations on your purchase of an Instant Broadband™ EtherFast®

Cable/DSL VPN Router with 4-Port 10/100 Switch. The Instant Broadband™

EtherFast®Cable/DSL VPN Router from Linksys is the perfect solution for

sharing a high-speed broadband Internet connection while still maintaining the

ultimate in network security.

Utilizing 56-bit DES and 168-bit 3DES encryption, header authentication, and

IKE key exchange access control, the EtherFast®Router’s full IPSec Virtual

Private Network (VPN) capability provides complete data privacy.

The EtherFast® Cable/DSL VPN Router also boasts an impressive array of fea-

tures including PPPoE support, NAT firewall, and a convenient web manage-

ment interface. Since the Router is compatible with virtually all major operat-

ing systems, it’s easy to set up and use, making the Instant Broadband™

EtherFast® Cable/DSL VPN Router the perfect solution for your broadband

needs.

• Full IPSec Virtual Private Network (VPN) capability

• Supports (56-Bit) DES and (168-Bit) 3DES Encryption Algorithms

• Supports MD5 and SHA Authentication Algorithms

• Supports IKE Key Management

• Hardware Security Co-Processor Inside

• Supports Up to 70 Tunnels

• Compatible with other IPSec VPN Products

• Acts as a DHCP Server for Your Existing Network

• NAT, PPPoE, IP Filter, and MAC Filter Support

• Free Technical Support—24 Hours a Day, 7 Days a Week, Toll-Free

US Calls

• 1-Year Limited Warranty

The EtherFast®Cable/DSL VPN Router with 4-Port 10/100

Switch

Features

Package Contents

System Requirements

Figure 1-1

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

The LAN Indicators

Power Green. The Power LED illuminates when the Router is pow-

ered on.

Link/Act Green. The Link/Act LED serves two purposes. If the LED

is continuously illuminated, the Router is successfully con-

nected to a device through the corresponding port (1-4). If

the LED is flickering, the Router is actively sending or

receiving data over that port.

Instant Broadband™ Series

Chapter 2:Getting to Know the

EtherFast®Cable/DSL VPN Router

with 4-Port 10/100 Switch

The rear panel of the Router is where all of the Router’s connections are made.

The Cable/DSL VPN Router’s Ports

WAN The WAN (Wide Area Network) Port is where you

will connect your Cable or DSL modem.

Ports 1-4 These four LAN (Local Area Network) ports are

where you will connect networked devices, such as

PCs, print servers, remote hard drives, and anything

else you want to put on your network.

Crossover Switch The Crossover Switch (XII) toggles Port 4 between

crossover mode (X) and straight-through mode (II).

If you are connecting the Router directly to a com-

puter or to an Uplink port, choose straight-through

(II). For anything else, please refer to the chart

shown in Chapter 3, Figure 3-1.

Power The Power Port is where you will connect the

included AC power adapter.

The Cable/DSL VPN Router’s Rear Panel

The Cable/DSL VPN Router’s Front Panel LEDs

Important: The Reset Button*

The Reset button can be used in one of two ways.

1. If your Router is having problems connecting to the Internet,

press the Reset button for just a moment with a paper clip or a

pencil tip. This clears up any jammed connections, and is sim-

ilar to pressing the Reset button on your PC to reboot it.

2. If you are experiencing extreme problems with your Router and

have tried all other troubleshooting measures, press the Reset

Button, and hold it down until the red Diag LED on the front

panel turns on and off completely.

This will restore factory defaults and clear all of the Router’s set-

tings, including the IP addresses you entered.

* The Reset Button is located on the rear panel of the Router.

Figure 2-1

Figure 2-2

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband™ Series

Chapter 3:Connecting the

Cable/DSLVPN Router to Your

Network

Overview

Unlike a simple hub or switch, the setup of the EtherFast® Cable/DSL VPN

Router consists of more than simply plugging everything together. Because the

Router acts as a DHCP server, you will have to set some values within the

Router, and also configure your networked PCs to accept the IP Addresses the

Router chooses to assign them.

You will need the following values from your ISP in order to install the

EtherFast®Cable/DSL VPN Router:

• Your broadband-configured PC’s fixed Internet IP Address (if applicable)

• Your broadband-configured PC’s Computer Name and Workgroup Name

•Your Subnet Mask

•Your Default Gateway

•Your Primary DNS IP address

Whoever installed your broadband access should have left this information

with you. If not, call your ISP and they will be able to supply you with it.

About Static & Dynamic IP Addresses

Static IP Addresses A static IP address is an IP address permanently assigned

to a computer in a TCP/IP network. Static IP addresses are usually assigned to

networked devices which are consistently accessed by multiple users, such as

Server PCs, or printers. If you are using the Router to share your cable or DSL

Internet connection, contact your ISP to see if they have assigned your home a

static IP address.You will need that address during the Router’s configuration.

}Only if applicable

Full/Col Green. The Full/Col LED also serves two purposes. If this

LED is continuously illuminated, the connection made

through the corresponding port is successfully running in

Full Duplex mode. If the LED is flickering, the connection is

experiencing collisions. Infrequent collisions are normal. If

this LED is flickering too often, there may be a problem with

your connection. Check the Troubleshooting section if you

think there is a problem.

100 Orange. The 100 LED illuminates when a successful

100Mbps connection is made through the corresponding

port.

The WAN Indicators

Link Green. The Link LED illuminates when a successful connec-

tion is made between the Router and your Broadband device

or network.

Act Green. The Act LED flickers when the Router is sending or

receiving data over the broadband port.

Diag Red. The Diag LED illuminates when the Router goes

through its self-diagnosis mode during boot-up. It will turn

off upon successful completion of the diagnostic. If this LED

stays on for an abnormally long period of time, refer to the

Troubleshooting section.

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

3. If you are using Port 4 to connect to a PC, set the Crossover Switch to

straight-through mode (II). If you are connecting the Router to a hub or

switch, please refer to the chart shown in Figure 3-1 when setting the

Crossover Switch.

4. Connect the network cable from your cable or DSL modem to the WAN

port on your Router’s rear panel. This is the only port that will work for your

modem connection.

5. Connect the power adapter to the Power port on the rear panel of the

Router, and then plug the power adapter into a power outlet.

• The Power LED on the front panel will light up green as soon as the power

adapter is connected properly.

• The Diag LED will light up red for a few seconds when the Router goes

through its self-diagnostic test. This LED will turn off when the self-test is

complete.

Instant Broadband™ Series

Dynamic IP Addresses A dynamic IP address is an IP address that is automati-

cally assigned to a client station (computer, printer, etc.) in a TCP/IP network.

Dynamic IP addresses are typically assigned by a DHCP server, which can be

a computer on the network or another piece of hardware, such as the Router. A

dynamic IP address may change every time your computer connects to the net-

work.

DHCP (Dynamic Host Configuration Protocol) DHCP is software that automati-

cally assigns IP addresses to client stations logging onto a TCP/IP network.

DHCP eliminates having to manually assign permanent IP addresses to every

device on your network. DHCP software typically runs in servers and is also

found in network devices such as Routers.

Connecting Everything Together & Booting Up

Once you are sure that you have the above values on hand, you can begin the

installation and setup of the EtherFast® Cable/DSL VPN Router.

1. Power everything down, including your PCs, your Cable or DSL modem

and the Router.

2. Connect a network cable from one of your PCs’Ethernet ports to one of the

LAN ports on the back of the Router. Do the same with all the PCs you wish

to connect to the Router.

Note: Some ISPs—most notably some cable providers—configure

their networks so that you do not have to enter a full Internet address

into your web browser or e-mail application to reach your home page

or receive your e-mail. If your Internet home page address is some-

thing very simple, such as “www”, rather than “www.linksys.com”,

or your e-mail server’s address is something similar to “e-mail” or

“pop3”, rather than “pop.mail.linksys.com”, you won’t be able to

properly configure the Cable/DSL VPN Router until you determine

the actual Internet addresses of your Web and e-mail connections.

You must obtain this information prior to connecting the Router to

your network.You can obtain this information by contacting your ISP,

or turn to the How to PingYour ISP’s E-mail and Web Addresses

section in the Appendix.

Note: The diagram above is for reference purposes only. Every

network is different. If you do not make a connection to a hub or

switch by using the settings above, change the position of the

Crossover Switch.

Figure 3-1

Important: It is highly recommended that you plug your Router

into a power strip with surge protection.

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Chapter 4:Planning Your Virtual

Private Network (VPN)

A VPN is a private network that sends data securely through a public network,

like the Internet. VPN was created as a cost-effective alternative to using a pri-

vate, dedicated, leased line for a private network. Using special encryption

techniques, the VPN creates a secure connection that, in effect, operates as if

you are directly connected to your local network. Virtual Private Networking

can be used to create secure networks linking a central office with branch

offices, telecommuters, and/or professionals on the road.

There are two basic ways to create a VPN connection (See Figure 4-1):

· Gateway to gateway

· Host to gateway

A gateway is a device that features VPN server capabilities. An example of a

gateway is the Cable/DSL VPN Router. The Router functions as a VPN server,

creating a “tunnel” or channel between itself and a remote location, so that data

transmissions between them are secure. A host is a device, such

109

Instant Broadband™ Series

6. Turn on the cable or DSL modem.

7. Press the Reset button on the Router’s front panel with a paper clip or a

pencil. Hold the button in until the Diag LED lights up and then turns off.

This will restore the Router’s factory default settings.

The Hardware Installation is complete.

Figure 4-1

Important: You must have aVPN gateway or host on each end of the

VPN tunnel.

Instant Broadband™ Series

as a computer, with VPN host software installed. Microsoft 2000 and XP have

built-in VPN host software; other versions of Microsoft operating systems

require additional, third-party software applications to be installed.

Gateway to Gateway

An example of a gateway-to-gateway VPN would be a Cable/DSL VPN Router

(gateway) linked to the central office's VPN server (gateway). At home, a

telecommuter uses his Cable/DSL VPN Router for his always-on Internet con-

nection. His Router has a built-in VPN server configured with his office’s VPN

settings. He starts up the Router’s utility and connects to the VPN server at the

central office 40 miles* away. Using the VPN, the telecommuter now has a

secure connection to the central office’s network, as if he were physically con-

nected.

Host to Gateway

An example of a host-to-gateway VPN would be a notebook computer (host)

linked to the central office’s VPN server (gateway). In her hotel room, a travel-

ing businesswoman dials up her ISP. Her notebook computer has VPN host

software configured with her office’s VPN settings. She starts up the VPN host

software and connects to theVPN server at the central office 4000 miles* away.

Using the VPN, the businesswoman now has a secure connection to the central

office’s network, as if she were physically connected.

For additional information and instructions about creating your own VPN,

please visit Linksys’s website at www.linksys.com.

*Distances are examples only; VPNs have no distance limitations.

11 12

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Chapter 5:Configuring Your

Network with the Cable/DSLVPN

Router

You must now configure your other PCs to accept the IP addresses that the

Router will provide.

1. Click the Start button, select Settings, and then Control Panel.

2. Double-click the Network icon.

3. In the Configuration window, select the TCP/IP protocol line that has been

associated with your network card/adapter. If there is no TCP/IP line listed,

go to the Appendix to install the TCP/IP Protocol now.

Configuring Your PCs to Connect to the Cable/DSL VPN

Router

Note: Make sure that a Network Card or Adapter has been successful-

ly installed into each PC you plan on configuring prior to continuing.

Note: These instructions apply only to Windows 95, Windows 98,

and Windows ME machines. For TCP/IP setup under Windows NT,

2000 and XP, please refer to your Windows manual.

Figure 5-1

1413

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Now that the Cable/DSLVPN Router is wired into your network, you can begin

configuring your system.

1. Open your web browser and type http://192.168.1.1 in the browser’s

Address box. This number is the default IP address of

the Router. Press the Enter key.

2. A User Name and password prompt will appear. Leave the User Name

field empty, and type admin (the default password) in the Password field.

Click the OK button. If the screen does not appear, make sure your network

adapter is working properly, the network cable is connected, and the Link

LED is lit up on the Router. Restart the computer to obtain an IP address

automatically.

Configuring the Cable/DSL VPN Router

Note: If the TCP/IP protocol is not configured on your PC, go to the

Appendix for TCP/IP installation instructions now.

Important: If you have previously enabled an Internet Sharing

Proxy Service on any of your PCs, you must disable it now.

• If you are running Netscape Navigator, click Edit >>

Preference >> Advanced >> Proxies >> Direct Connection to

the Internet.

• If you are running Internet Explorer v5 or better, click Start >>

Settings >> Control Panel >> Internet Options >>

Connections >> LAN Settings. Remove the checks from all

three boxes. Click OK to continue.

Instant Broadband™ Series

4. Click the Properties button, and then choose the IP Address tab. Select

Obtain an IP address automatically. Click the OK button. You have com-

pleted the client settings.

5. Click the OK button. Windows may ask for original Windows installation

files. Supply them as needed (i.e.: D:\win98, D:\win95, D:\win9x,

c:\windows\options\cabs).

6. Windows will ask you to restart the PC. Click the Yes button.

Repeat these steps for each PC on your network. When all of your PCs are

configured, the Cable/DSLVPN Router Setup and Installation is complete.

Figure 5-2

Figure 5-3

Figure 5-4

1615

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

WAN IP Address These values refer

to the outside network you connect

to every time you access your

Broadband Internet connection. Most

Broadband ISPs assign their clients with a

different IP address each time they log on.

If this is the case with your ISP, click

Obtain an IP Address Automatically and

skip to the next step. If your ISP assigns you

a fixed IP address, click Specify an IP

Address and enter the address into the

Subnet Mask, Default Gateway Address

and DNS fields provided by the ISP.

5. When you have properly configured the Setup page, click the Apply but-

ton, and then click the Continue button.

6. Choose the DHCP tab.

Important: If you have an

existing DHCP server on

your LAN and you don’t

wish to use the router as

your new DHCP server, you

must assign your router a

static LAN IP address. The

router’s IP address must be

compatible with your exist-

ing network. You can not

have two DHCP servers

running on one LAN at the

same time.

Important: To enable PPPoE support, choose Enable, and enter

your User Name and Password. If you do enable PPPoE, remem-

ber to disable any existing PPPoE applications already on your

computer. (More information on PPPoE can be found in the next

section.)

Instant Broadband™ Series

3. The Cable/DSLVPN Router with 4-Port 10/100 Switch’s Setup page will

appear.

4. Configure the following values.

Host Name & Domain Name These fields allow you to supply a host and

domain name for the Router. Some ISPs require these names as identifi-

cation. You may have to check with your ISP to see if your Broadband

Internet service has been configured with a host and domain name. In

most cases, these fields may be left blank.

LAN IP Address These values refer to your internal network settings.

Unless you have specific internal needs, there should be no reason to

change these values. For the internal LAN, the default values are as fol-

lows.

• Private IP Address: 192.168.1.1

• Subnet Mask: 255.255.255.0

Note: The

setup page

shown here

may vary

slightly

from the

one seen on

your router.

Figure 5-5

Figure 5-6

1817

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Chapter 6:The Cable/DSL VPN

Router’s Web-based Utility

Quick & Easy Administration

The EtherFast Cable/DSL VPN Router has an internal integrated-circuit chip

with no keyboard, monitor, or mouse capabilities. Because of these limitations,

an administrative utility has been programmed into that chip. All router-based

administrative tasks are performed through this utility. The utility can be

accessed by any PC on the network by typing http://192.168.1.1 into the PC’s

web browser address window.

Upon entering the address into the web browser, a password request page will

pop up.

Leave the User Name field empty, but type admin into the Password field.

Then click the OK button.

On the following pages you will find brief descriptions of each utility webpage

and each page’s more important functions. More detailed explanations and

instructions can be found by clicking each page’s Help button. To apply any

settings you’ve altered on any page, click the Apply button, and then click the

Continue button. To clear any values you’ve entered on any page, click the

Cancel button.

Instant Broadband™ Series

7. Unless you already have a DHCP server on your internal network, choose

Enable from the DHCP Server field. By choosing Enable, you will config-

ure the Router to automatically assign IP addresses to each of your PCs. In

the Number of DHCP Users field, enter the number of PCs you plan on net-

working to the Router, or leave it alone. Don’t forget to change this number

if, in the future, you add more PCs to your network.

8. Click the Apply button, and then click the Continue button.

9. Reset the power on the cable or DSL modem, then restart the computer so

the computer can obtain the new Router information.

The Cable/DSLVPN Router is now configured to your network.

Please continue to the following section to complete your network setup.

Figure 6-1

Figure 6-2

2019

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

• Host Name & Domain Name These fields allow you to supply a host and

domain name for the Router. Some ISPs require these names as identifica-

tion.You may have to check with your ISP to see if your Broadband Internet

service has been configured with a host and domain name. In most cases,

these fields may be left blank.

• Firmware Version This entry shows the version of the firmware you are

using. Future versions of the Router’s Firmware may be available on the

Linksys website at www.linksys.com.

• LAN IP Address The IP Address and Subnet Mask of the Router as it is

seen on the internal LAN. The default value is 192.168.1.1 for IP and

255.255.255.0 for Subnet Mask.

• WAN IPAddress The IPAddress and Subnet Mask of the Router as seen

by external users on the Internet (including your ISP). Most Broadband

ISPs assign their clients with a different IP address each time they log on.

IF this is the case with your ISP, click Obtain an IP Address

Automatically. If your ISP assigns you a fixed IP address, click Specify an

IP Address and enter the address into the Subnet Mask, Default Gateway

Address and DNS fields provided by the ISP.

You can test and see if the above settings are correct by successfully connect-

ing to the Internet.

• Login Some DSL-based ISPs use PPPoE (Point-to-Point Protocol over

Ethernet) to establish communications with an end-user. If you are con-

nected to the Internet through a DSL line, check with your ISP to see if they

use PPPoE. If they do, you will have Enable it. To enable PPPoE:

1. Choose the PPPoE option within the Login area of the Setup screen.

2. Enter the User Name you use to log onto your Internet connection.

3. Enter your corresponding Password.

RAS is a service that applies for connections in Singapore only. For users

in Singapore, check with Singtel for more information.

The Login option is set to Disable by default.

Instant Broadband™ Series

Setup

The Basic Setup screen is the first screen you will see when you access the

Utility. If you have already installed and setup the Router, you have already

seen this screen and have already properly configured all of the screen’s values.

Note: The Setup page shown here may vary slightly from

the one seen on your router.

Figure 6-3

Establishing a “Tunnel”

The VPN Router creates a “tunnel” or channel between two end points, so that

the data or information between these points is secure. To establish this tunnel,

select the tunnel you wish to create in the SelectTunnel Entry drop-down box.

It is possible to create up to 70 simultaneous tunnels.

Then check the box next to Enable to enable the tunnel.

Once the tunnel is enabled, enter the name of the tunnel in the Tunnel Name

field. This is to allow you to identify multiple tunnels and does not have to

match the name used at the other end of the tunnel.

Under Local Secure Group and Remote Secure Group, you may choose one

of three options:

• Subnet - If you select Subnet (which is the default), this will allow all com-

puters on the local subnet to access the tunnel. In the example shown in

Figure 5-5, all Local Secure Group computers with IP Addresses

192.168.1.xxx will be able to access the tunnel. All Remote Secure Group

computers with IPAddresses 192.168.2.xxx will be able to access the tunnel.

When using the Subnet setting, the default values of 0should remain in the

IP and Mask fields.

Note: It is possible to set up your VPN Router using any combination of

the three settings under Local and Remote Secure Group. For instance,

when Subnet is chosen on the local end of the tunnel, Subnet does not have

to be chosen at the remote end. So a single IPAddress could be chosen to

access the tunnel on the local end and a range of IPAddresses could be set

at the remote end of the tunnel.

Note: The IP Addresses and Subnet Mast values used here are for example

only. Do not try to use them for your actual setup. Obtain the relevant infor-

mation from your own network to accurately configure your VPN Router.

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Virtual Private Networking (VPN) is a security measure that basically creates

a secure connection between two remote locations. This connection is very

specific as far as its settings are concerned, which is what creates the security.

The VPN screen will allows you to configure your VPN settings to make your

network more secure.

VPN

Note: Network security, while a desirable and often necessary

aspect of networking, is complex and requires a thorough under-

standing of networking principles.

Instant Broadband™ Series

Figure 6-4

Figure 6-5

Using Encryption also helps make your connection more secure. There are

two different types of encryption: DES or 3DES. You may choose either of

these, but it must be the same type of encryption that is being used by the

VPN device at the other end of the tunnel. Or, you may choose not to

encrypt by selecting Disable. In our example shown in Figure 5-8, DES

(which is the default) has been selected.

Authentication acts as another level of security. There are two types of

authentication: MD5 and SHA. As with encryption, either of these may be

selected, provided that the VPN device at the other end of the tunnel is using

the same type of authentication. Or, both ends of the tunnel may choose to

Disable authentication. In Figure 5-8, MD5 (the default) has been selected.

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

• IP Address - If you select IP Address, only the computer with the spe-

cific IP Address that you enter will be able to access the tunnel. In the

example shown in Figure 5-6, only the computer with IP Address

192.168.1.104 can access the tunnel from this end. Only the computer

with IP Address 192.168.2.58 can access the tunnel from the remote end.

• IP Range - If you select IP Range, it will be a sort of combination of

Subnet and IP Address. You can specify a range of IP Addresses on the

Subnet which will have access to the tunnel. In the example shown in

Figure 5-7, all computers on this end of the tunnel with IP Addresses

between 192.168.1.2 and 192.168.1.200 can access the tunnel from the

local end. Only computers assigned an IP Address between 192.168.2.2

and 192.168.2.135 can access the tunnel from the remote end.

Under Remote Security Gateway, enter the IP Address of theVPN device at the

other end of the tunnel. The remote VPN device can be another VPN Router, a

VPN Server, or a host with VPN software. In the example shown in Figure 5-7,

the IP Address of the Remote Security Gateway is 140.111.1.2. This IP Address

may either be static (permanent) or dynamic (changing), depending on the set-

tings of the remoteVPN device. Make sure that you have entered the IP Address

correctly, or the connection cannot be made. Remember, this is NOT the IP

Address of this VPN Router, but the IP Address of the remote VPN device with

which you wish to communicate.

Instant Broadband™ Series

Figure 6-6

Figure 6-7

Figure 6-8

Once your are satisfied with all your settings, click the Apply button. If you

make any mistakes, clicking the Cancel button will exit the screen without sav-

ing any changes, provided that you have not already clicked the Apply button.

After the VPN device is set up at the other end of the tunnel, you may click the

Connect button to use the tunnel. This assumes that both ends of the tunnel

have a physical connection to each other (e.g., over the Internet, physical

wiring, etc.). After clicking the Connect button, click the Summary button. If

the connection is made, the screen shown in Figure 5-11will appear:

Under Status, the word Connected should appear if the connection is success-

ful. The other fields reflect the information that you entered on theVPN screen

to make the connection.

If Disconnected appears under Status, some problem exists that prevents the

creation of the tunnel. Make sure that all of your wiring is securely connected.

Double-check all the values you entered on the VPN screen to make sure they

are correct. If the other end of the tunnel is some distance from you (e.g., in

another city, etc.), call to make sure that the settings on that end of the tunnel

are correct as well.

If, for any reason, you experience a temporary disconnection, the connection will

be re-established as long as the settings on both ends of the tunnel stay the same.

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

In order for any encryption to occur, the two ends of the tunnel must agree on

the type of encryption and the way the data will be decrypted. This is done by

sharing a “key” to the encryption code. Under Key Management, you may

choose Auto (IKE) and enter a series of numbers or letters in the Pre-shared

Key field. In the example shown in Figure 5-9, the word MyTest is used. Based

on this word, which MUST be entered at both ends of the tunnel if this method

is used, a code is generated to scramble (encrypt) the data being transmitted over

the tunnel, where it is unscrambled (decrypted). You may use any combination

of up to 23 numbers or letters in this field. No special characters or spaces are

allowed. In the Key Lifetime field, you may optionally select to have the key

expire at the end of a time period of your choosing. Enter the number of seconds

you’d like the key to be useful, or leave it blank for the key to last indefinitely.

Similarly, you may choose Manual Keying, which allows you to generate the

code yourself. Enter your code into the Encryption KEY field. Then enter an

Authentication KEY into that field. These fields must both match the infor-

mation that is being entered in the fields at the other end of the tunnel. The

example in Figure 5-10 shows some sample entries for both the Encryption and

Authentication Key fields. Again, up to 23 alphanumeric characters are

allowed to create this key.

The Inbound SPI and Outbound SPI fields are different, however. The

Inbound SPI value set here must match the Outbound SPI value at the other end

of the tunnel. The Outbound SPI here must match the Inbound SPI value at the

other end of the tunnel. In the example (see Figure 5-10), the Inbound SPI and

Outbound SPI values shown would be opposite on the other end of the tunnel.

Only numeric characters can be used in these fields.

Instant Broadband™ Series

Figure 6-9

Figure 6-10

Figure 6-11

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

•Router Password It is strongly recommended that you set a password for

the Router. When you first power up the Router, the default Password set-

ting is admin.

If you do not change the password, all users on your network will be able to

access the Router simply by entering the unit’s IP address into their web

browser’s location window and entering admin to access the Router.

If you select the Restore Factory Default option and click the Apply button,

you will clear all of the Router’s settings.

Do not restore the factory defaults unless you are having difficulties with

the Router and have exhausted all other troubleshooting measures. Once the

Router is reset, you will have to re-enter all of your configuration data.

Password

To get more details concerning your tunnel connection, click the View Log but-

ton. The screen in Figure 5-12 will appear:

TheVPN Log screen displays successful connections, transmissions and recep-

tions, and the types of encryptions used.

Once you no longer have need of the tunnel, simply click the Disconnect but-

ton on the bottom of the VPN page.

Instant Broadband™ Series

Figure 6-12

Figure 6-13

3029

The Status screen provides the current status of the device. All of the informa-

tion provided is read-only.

•Host Name This field shows the name of this device. This entry is neces-

sary for some ISPs.

•Firmware Version This field shows the installed version of the firmware.

•Login This field shows whether or not you have enabled the use of the

Router’s PPPoE (Point-to-Point Protocol over Ethernet) support. Click

the Connect button if your PPPoE status is Disconnected. This will initiate

a connection to your ISP. Click Disconnect if you want to cut your connec-

tion to your ISP.

•LAN These fields display the current IP Address and Subnet Mask of the

Router, as seen by users on your internal network, as well as the status of

the Router’s DHCP server function. This option is either enabled or dis-

abled.

•WAN These fields display the IPAddress, Subnet Mask and Gateway IP of

the Router as seen by external users on the Internet, as well as the IP

Address of the DNS currently being used. Multiple DNS IP settings are

common. The first available DNS entry is used in most cases.

•DHCP Release Click on the DHCP Release button to delete your PC’s

current IP address.

•DHCP Renew Click on the DHCP Renew button to replace your PC’s cur-

rent IP address with a new IP address.

•DHCP Client Table Click on the Client Table button to show the current

DHCP Client information. (This information is stored in temporary memo-

ry, so the list of clients could disappear.)

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband™ Series

•SNMP Community allows a name to be assigned to any SNMP communi-

ties that have been setup in the network. Four different communities can be

defined, including the two default communities—public and private. For

each SNMP Community name, you can configure each community's

accessibility, making it either Read-Only or Read-Write.

•Restore Factory Default If you set this option to Yes and click the Apply

button, you will clear all of the Router’s settings. Do not restore to the fac-

tory defaults unless you are having difficulties with the Router. Once the

Router is reset, you will have to re-enter your configuration information.

Status

Figure 6-14

The Log feature provides you with a log of all incoming and outgoing URLs or

IP addresses for your Internet connection. The Logviewer keeps track of all

incoming and outgoing activity that can be saved in a text file. The IP address

points to the location where Logviewer is running.

The Outgoing Access Log lists all the URLs or IP addresses of Internet sites

that users on your network have accessed, and the Incoming Access Log gives

you a log of all incoming Internet traffic.

This data can also be accessed by other network users if the file is shared.

•Access Log To activate logging, click the Enable button.

•Send Log to Enter in the IP address of the PC that you want to send the log

to (where your PC is running Logviewer). Make sure that this PC is using

a static IP address. Click the Apply button and then the Continue button

when you’re done. You may download the Logview software at

www.linksys.com.

• Click on OutgoingAccess Log or Incoming Access Log to view each log.

• To disable Logging, click on Disable in the Log window, and then click the

Apply button and the Continue button.

Log

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband™ Series

A DHCP (Dynamic Host Configuration Protocol) Server automatically assigns

IP addresses to each computer on your network. Unless you already have one,

it is highly recommended that the Router be set up as a DHCP server.

•DHCP Server Check the Enable option to enable the DHCP server option

of the Router. If you already have a DHCP server on your network, set the

Router’s DHCP option to Disable.

•Starting IP Address Enter a numerical value for the DHCP server to start

with when issuing IP addresses. Do not start with the IP address of the

Router: 192.168.1.1.

•Number of DHCP users Enter the maximum number of PCs that you want

the DHCP server to assign IP addresses to, with the absolute maximum

being 253.

•DHCP Client Table Click on the Client Table button to show the current

DHCP Client information. (This information is stored in temporary memo-

ry, so the list of clients could disappear.)

• When finished, click the Apply button and then the Continue button.

DHCP

Figure 6-15 Figure 6-16

To upgrade the Router’s firmware:

1. Download the latest firmware version from the Linksys website

(www.linksys.com).

2. Go to the Help screen.

3. Click Upgrade Firmware. The page shown in Figure 5-18 will appear.

4. Enter your Router’s administration password into the Password field.

5. Click the Browse button and type the firmware upgrade file that you down-

loaded from the Linksys website into the File Path field.

6. Click the Upgrade button, and follow the instructions there.

EtherFast®Cable/DSL VPN Router with 4-Port 10/100 Switch

3433

On the Help screen, you will find links to all of the Utility’s internal support

documentation, as well as the application that upgrades the Router’s firmware.

Clicking on any of the topics in the bar on the left will give you help informa-

tion about that topic.

Clicking on the Linksys Website link in the center area will take you to

Linksys’s website, provided you are connected to the Internet. If the link does

not take you to the Linksys website, you may alternately type www.linksys.com

in the address bar at the top of the screen.

Clicking on the Online manual in PDF format link will take you to the latest

version of the manual for this product. The manual will be in Adobe Acrobat

Portable Document File (.pdf) format. You will need theAdobe Acrobat Reader

to view this version of the manual. If you do not have theAcrobat Reader, click

on the Adobe Website link to get it.

For instructions on upgrading your router’s firmware, see the next page.

Help

Instant Broadband™ Series

Figure 6-17

Figure 6-18

Other manuals for BEFVP41 - EtherFast Cable/DSL VPN Router

Table of contents

Popular Wireless Router manuals by other brands

V7 IFP user manual

SonicWALL

SonicWALL SAVR 80 Getting started guide

LG AD600 quick start

D-Link

D-Link DIR-632 Quick installation guide

Franklin Wireless

Franklin Wireless T9 user manual

ZyXEL Communications

ZyXEL Communications EX3301-TO user guide

Thuraya

Thuraya WE user manual

Fritz!

Fritz! Fon WLAN 7140 Installation, configuration and operation

NEC

NEC NP06LM Important information

TP-Link

TP-Link TL-WR841HP user guide

Floureon

Floureon 3G WIFI ROUTER/POWERBANK quick guide

BT Business Total Broadband Fibre user guide

PHICOMM

PHICOMM M1 user manual

LevelOne

LevelOne WBR-6803 Brochure & specs

Delton

Delton WF2414 user manual

Airlink101

Airlink101 AR675W user manual

TP-Link

TP-Link deco W7200 user guide

Nexxt

Nexxt Trinity3G/4G Quick installation guide

Linksys BEFVP41 - EtherFast Cable/DSL VPN Router User manual

Popular Wireless Router manuals by other brands