Page 146 / 199 Scroll up to view Page 141 - 145
VPN
Setting Up a Remote Access Tunnel for VPN Clients (Client To Gateway)
Cisco Small Business RV0xx Series Routers Administration Guide
146
9
always accept compression, even if compression is not enabled. If you
enable this feature for this router, also enable it on the client.
-
Keep-Alive:
This feature enables the router to attempt to automatically
re-establish the VPN connection if it is dropped. Check the box to enable
this feature, or uncheck the box to disable it.
-
AH Hash Algorithm:
The AH (Authentication Header) protocol describes
the packet format and default standards for packet structure. With the
use of AH as the security protocol, protection is extended forward into
the IP header to verify the integrity of the entire packet. Check the box to
use this feature. Then select an authentication method: MD5 or SHA1.
MD5 produces a 128-bit digest to authenticate packet data. SHA1
produces a 160-bit digest to authenticate packet data. Both sides of the
tunnel should use the same algorithm.
-
NetBIOS Broadcast:
NetBIOS broadcast messages are used for name
resolution in Windows networking, to identify resources such as
computers, printers, and file servers. These messages are required by
some software applications and Windows features such as Network
Neighborhood. LAN broadcast traffic is typically not forwarded over a
VPN tunnel. However, you can check this box to allow NetBIOS
broadcasts from one end of the tunnel to be rebroadcast to the other
end.
-
Dead Peer Detection (DPD)
(available for Tunnel, not Group VPN)
:
Check the box to enable the router to send periodic HELLO/ACK
messages to check the status of the VPN tunnel. This feature can be
used only when it is enabled on both ends of the VPN tunnel. Specify the
interval between HELLO/ACK messages (how often you want the
messages to be sent).
-
NAT Traversal:
Network Address Translation (NAT) enables users with
private LAN addresses to access Internet resources by using a publicly
routable IP address as the source address. However, for inbound traffic,
the NAT gateway has no automatic method of translating the public IP
address to a particular destination on the private LAN. This issue
prevents successful IPsec exchanges. If your VPN router is behind a NAT
gateway, check this box to enable NAT traversal. Uncheck the box to
disable this feature. The same setting must be used on both ends of the
tunnel.
Page 147 / 199
VPN
Managing VPN Users and Certificates
Cisco Small Business RV0xx Series Routers Administration Guide
147
9
Managing VPN Users and Certificates
Use the
VPN > VPN Client Access
page to configure usernames and passwords
for Cisco QuickVPN users and to generate the SSL certificates to install on their
computers. You can add up to 50 users. First, export a certificate and use the
exported client certificate for the Cisco QuickVPN Client. Then enter the
information at the top of the screen and the users you've entered will appear in the
list at the bottom, showing their status. The Router supports up to 50 Cisco
QuickVPN Clients.
NOTE
QuickVPN Client 1.4.0.5 or later supports Windows 7/XP/Vista. Firewall must
be enabled on Vista and Windows 7. QuickVPN users must have the
administrator rights to the PC.
A user can connect without a certificate installed on the PC. The user will
see a security warning when connecting to the VPN tunnel, but can proceed
without this extra security protection.
For more information about QuickVPN, see
Cisco QuickVPN for Windows,
page 167
.
To open this page:
Click
VPN > VPN Client Access
in the navigation tree.
Add or update users as needed. For each new user, export a client certificate to
install on the user’s PC for a more secure connection.
Users, page 148
Certificate Management, page148
Page 148 / 199
VPN
Managing VPN Users and Certificates
Cisco Small Business RV0xx Series Routers Administration Guide
148
9
NOTE
Before navigating away from this page, click
Save
to save your settings, or click
Cancel
to undo them. Any unsaved changes are abandoned.
When you first save these settings, a message will appear, asking if you would like
the router to automatically change the LAN IP address to prevent conflicting IP
addresses. To change the LAN IP address, click
Yes
. If an IP conflict occurs, the
QuickVPN client will not connect to the router.
Users
To add a VPN user to the list:
Enter the following information, and then click
Add to list
. After adding users, you can generate certificates to be installed
on their computers (see details in
Certificate Management, page148
).
-
Username:
Enter a name for this user.
-
New Password:
Enter a password.
-
Confirm New Password:
Re-enter the password to confirm.
-
Allow Password Change:
Check
Yes
to allow the user to change the
password, or click
No
to prevent the user from changing the assigned
password.
-
Active:
Check the box to make the new user active.
To add another new user:
Enter the information, and then click
Add to list
.
To modify a user in the list:
Click the entry that you want to modify. The
information appears in the text fields. Make the changes, and then click
Update
. If you do not need to make changes, you can click
Add New
to de-
select the entry and clear the text fields.
To delete a user from the list:
Click the entry that you want to delete. To
select a block of entries, click the first entry, hold down the
Shift
key, and
click the final entry in the block. To select individual entries, hold down the
Ctrl
key while clicking. Click
Delete
.
Certificate Management
Generate New Certificate:
To generate a new certificate to replace the
existing certificate on the router, click
Generate
. After clicking the button, a
confirmation page appears. Click
OK
to continue.
Export Certificate for Administrator:
The administrator certificate on the
router contains the private key. You can export a copy of the certificate to
save as a backup file. For example, if you reset the router to the factory
default settings, you should first export the certificate. After you restart the
router, you can import this file to restore the certificate. To export the
Page 149 / 199
VPN
Setting Up VPN Passthrough
Cisco Small Business RV0xx Series Routers Administration Guide
149
9
administrator certificate, click
Export for Admin
. When the
File Download
window appears, click
Save
. Choose a safe place to save the certificate,
enter a descriptive filename, and click
Save
. When the
Download complete
window appears, click
Close
.
Export Certificate for Client:
You can install a client certificate on a user’s
PC to prevent a main-in-the-middle attack. To export the client certificate,
click
Export for Client
. When the
File Download
window appears, click
Save
. Locate the install directory for the client software (typically
C:\Program Files\Cisco Small Business\QuickVPN client), enter a
descriptive filename, and then click
Save
. When the
Download complete
window appears, click
Close
.
NOTE:
A user can connect without a certificate installed on the PC. The user
will see a security warning when connecting to the VPN tunnel, but can
proceed without this extra security protection.
Import Certificate:
To restore a previously saved administrator certificate,
click
Browse
, locate the file, and click
Open
. Then click
Import
. When the
confirmation message appears, click
OK
to replace the existing certificate
with the specified file. Click
Cancel
to close the message without importing
the certificate.
Existing Certificate:
The filename of the current certificate, which is stored
on the router.
Setting Up VPN Passthrough
Use the
VPN >
VPN Passthrough
page to enable or disable passthrough for a
variety of VPN methods. VPN passthrough is enabled by default to allow VPN
clients on the LAN of the router to reach the VPN server on the Internet.
Cisco recommends enabling VPN Passthrough to allow VPN clients to pass
through the router to connect to the VPN endpoint without problems. The
administrator can disable the VPN Passthrough to block VPN clients from reaching
the VPN endpoint on the Internet.
To open this page:
Click
VPN > VPN Passthrough
in the navigation tree.
Page 150 / 199
VPN
Setting Up PPTP Server
Cisco Small Business RV0xx Series Routers Administration Guide
150
9
NOTE
Before navigating away from this page, click
Save
to save your settings, or click
Cancel
to undo them. Any unsaved changes are abandoned.
Enable or disable the following settings, as needed:
IPSec Passthrough:
Internet Protocol Security (IPSec) is a suite of
protocols used to implement secure exchange of packets at the IP layer.
IPSec Passthrough is enabled by default to allow IPSec tunnels to pass
through the router.
PPTP Passthrough:
Point-to-Point Tunneling Protocol (PPTP) allows the
Point-to-Point Protocol (PPP) to be tunneled through an IP network. PPTP
Passthrough is enabled by default.
L2TP Passthrough:
Layer 2 Tunneling Protocol is the method used to
enable Point-to-Point sessions via the Internet on the Layer 2 level. L2TP
Passthrough is enabled by default.
Setting Up PPTP Server
Use the
VPN >
PPTP Server
page to enable up to five PPTP (Point-to-Point
Tunneling Protocol) VPN tunnels for users who are running PPTP client software on
Windows XP or 2000. PPTP clients are included by default in Microsoft Windows.
NOTE
In Windows XP/2000, a user opens the Network Connections panel and creates a
new connection. In the wizard, the user selects the option to create a connection to
the workplace using a Virtual Private Network connection. The user will need to
know the host name or IP address for the router. This value needs to match the value
that you enter on the
VPN > PPTP Server
page. The wizard guides the user to
create a desktop shortcut, which can be used to launch the client. To connect, the

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top