Cisco CVR100W Router Manual PDF (Setup & Configuration Guide)

Page 101 / 150 Scroll up to view Page 96 - 100

Configuring VPN

Configuring VPN Clients

Cisco CVR100W Wireless-N VPN Router Administration Guide

99

6

3.

To enable access using Cisco QuickVPN on this router, you must enable remote

management. See

Configuring Remote Management

.

Site-to-Site VPN

The CVR100W supports site-to-site VPN for a single gateway-to-gateway VPN

tunnel. For example, you can configure the CVR100W at a branch site to connect to

the router at the corporate site, so that the branch site can securely access the

corporate network. See

Configuring Basic VPN Setup

and

Configuring

Advanced VPN Setup

for more information on configuring site-to-site VPN.

Configuring VPN Clients

This section describes how to create and manage the QuickVPN users.

Creating and Managing QuickVPN Users

To create QuickVPN users:

STEP 1

Choose

VPN

>

VPN Clients

.

STEP

2

In the

VPN Client Settings

table, click

Add Row

.

STEP

3

Enter the following information:

STEP

4

Click

Save

.

STEP

5

To edit the settings of a QuickVPN user, check the relative box and click

Edit

.

When you are done making changes, click

Save

.

Enable

Check to enable the user.

Username

Enter the username of the QuickVPN user

(4 to 32 characters). The usernameof the VPN client

cannot be same as the name of an existing VPN policy.

Password

Enter the password (4 to 32 characters).

Allow User to Change

Password

Check to allow the user to change its password.

Page 102 / 150

Configuring VPN

Configuring VPN Clients

Cisco CVR100W Wireless-N VPN Router Administration Guide

100

6

STEP

6

To delete a QuickVPN user, check the relative box and click

Delete

. Then, click

Save

.

Importing VPN Client Settings

You can import the VPN client settings that contain the usernames and passwords

of clients from a Comma Separated Value (CSV) text file.

You can first use Excel to create a CSV file containing the VPN client settings. The

file should contain one row for the headings and one or more rows for the VPN

clients.

For example, the following specifies the settings of two users to import:

!

CAUTION

Importing VPN client settings deletes the existing settings.

To import VPN client settings:

STEP 1

Choose

VPN

>

VPN Clients

.

STEP

2

Click

Browse

to locate a CSV file containing the VPN client settings.

STEP

3

Click

Import

to load the file.

STEP

4

A warning message appears saying “This operation will replace the existing VPN

user settings. Are you sure to continue?” Click

Yes

.

PROTOCOL

USERNAME

PASSWORD

QuickVPN

user1

password1

QuickVPN

user2

password2

Page 103 / 150

Configuring VPN

Configuring Basic VPN Setup

Cisco CVR100W Wireless-N VPN Router Administration Guide

101

6

Configuring Basic VPN Setup

The CVR100W supports site-to-site VPN for a single gateway-to-gateway VPN

tunnel. In this configuration, the CVR100W creates a secure connection to another

VPN-enabled router. For example, you can configure the CVR100W at a branch site

to connect to the router at the corporate site, so that the branch site can securely

access the corporate network. You could have a router like the Cisco RV220W that

supports ten site-to-site VPN tunnels and have a CVR100W at each remote site to

provide secure connectivity.

Viewing Default VPN Settings

The basic VPN setup sets most parameters to defaults as proposed by the VPN

Consortium (VPNC), and assumes a pre-shared key, which greatly simplifies the

setup.

To view the default VPN settings on your CVR100W:

STEP 1

Choose

VPN

>

Basic VPN Setup

.

STEP

2

Click

View Default Settings

.

The following default VPN settings are displayed:

Basic VPN Setup Default Values for IKE

Exchange Mode

Main

Local WAN (Internet)

ID

Local WAN (Internet) IP Address

Remote WAN

(Internet) ID

Remote WAN (Internet) IP Address

Encryption Algorithm

AES-128

Authentication

Algorithm

SHA-1

Authentication

Method

Pre-Shared Key

Page 104 / 150

Configuring VPN

Configuring Basic VPN Setup

Cisco CVR100W Wireless-N VPN Router Administration Guide

102

6

STEP

3

Click

Back

to return to the Basic VPN Setup page.

Configuring Basic VPN Settings

To configure basic VPN settings for a site-to-site connection:

STEP 1

Choose

VPN

>

Basic VPN Setup

.

STEP

2

Enter the following information:

Diffie-Hellman (DH)

Group

Group2 (1024 bit)

SA-Lifetime

8 Hours

Basic VPN Setup Default Values for VPN

Encryption Algorithm

AES-128

Integrity Algorithm

SHA-1

SA-Lifetime

1 Hours

PFS Key Group

DH-Group 2 (1024 bit)

Policy Name and Remote IP Type

Policy Name

Enter a unique name for the VPN policy. The VPN

policy name cannot be same as the username of an

existing VPN client.

Pre-Shared Key

Enter the pre-shared key, or password, that will be

exchanged between the two routers. It must be

between 8 and 49 characters.

Endpoint Information

Remote Endpoint

Choose the way that the remote endpoint, or the router

to which the CVR100W will connect, is identified by IP

address or FQDN (Fully-qualified Domain Name).

Remote WAN

(Internet) IP Address

Enter the public IP address or domain name of the

remote endpoint.

Page 105 / 150

Configuring VPN

Configuring Basic VPN Setup

Cisco CVR100W Wireless-N VPN Router Administration Guide

103

6

NOTE

The remote WAN and remote LAN IP addresses cannot exist on the same

subnet. For example, a remote LAN IP address of 192.168.1.100 and a local

LAN IP address of 192.168.1.115 would cause conflict when traffic is routed

over the VPN. The third octet must be different so that the IP addresses are

on different subnets. For example, a remote LAN IP address of 192.168.1.100

and a local LAN IP address of 192.168.2.100 are acceptable.

STEP

3

Click

Save

.

STEP

4

Click

Back

. The Advanced VPN Setup page opens. You can configure advanced

VPN settings on this page.

Redundancy Endpoint

Choose the way that the remote redundancy endpoint,

or the router to which the CVR100W will connect, is

identified by IP address or FQDN.

Redundancy WAN

(Internet) IP Address

Enter the public IP address or domain name of the

remote redundancy endpoint.

Local WAN (Internet)

IP Address

Enter the public IP address or domain name of the local

endpoint (CVR100W).

Secure Connection Remote Accessibility

Remote LAN (Local

Network) IP Address

Enter the private network (LAN) address of the remote

endpoint. This is the IP address of the internal network

at the remote site.

Remote LAN (Local

Network) Subnet

Mask

Enter the private network (LAN) subnet mask of the

remote endpoint.

Local LAN (Local

Network) IP Address

Enter the private network (LAN) address of the local

network. This is the IP address of the internal network

on the CVR100W.

Local LAN (Local

Network) Subnet

Mask

Enter the private network (LAN) subnet mask of the

local network (CVR100W).

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share