Cisco RV-120W Router Manual PDF (Setup & Configuration Guide)

Page 101 / 163 Scroll up to view Page 96 - 100

5

Cisco RV120W Administration Guide

92

Configuring Virtual Private Networks (VPNs)

and Security

This chapter describes VPN configuration, beginning with the

“Configuring

VPNs” section on page 92

.

It also describes how to configure router security, beginning with the

“Configuring

Security” section on page 107

.

The following sections are covered:

•

Configuring VPNs, page 92

•

Configuring a Basic VPN, page 93

•

Configuring Advanced VPN Parameters, page 94

•

Configuring Security, page 107

Configuring VPNs

A VPN provides a secure communication channel (“tunnel”) between two gateway

routers or a remote PC client and a gateway router. The following types of tunnels

can be created:

•

Gateway-to-gateway VPN—Connects two or more routers to secure traffic

between remote sites.

•

Remote Client (client-to-gateway VPN tunnel)—A remote client, such as a

PC running VPN client software, initiates a VPN tunnel. The IP address of the

remote PC client is not known in advance. The gateway acts as responder.

•

Remote client behind a NAT router—The client has a dynamic IP address

and is behind a NAT Router. The remote PC client at the NAT router initiates

a VPN tunnel. The IP address of the remote NAT router is not known in

advance. The gateway WAN port acts as a responder.

Page 102 / 163

Configuring Virtual Private Networks (VPNs) and Security

Configuring a Basic VPN

Cisco RV120W Administration Guide

93

5

Creating Cisco QuickVPN Client Users

To use the Cisco QuickVPN, you must do the following:

STEP 1

Enable remote management. See

Configuring Remote Management, page 119

.

STEP

2

Create QuickVPN users. See

Configuring VPN Users, page105

. After a user

account is created, the credentials can be used by the QuickVPN client.

For more information on installing and using Cisco QuickVPN, see

Appendix A,

“Using Cisco QuickVPN for Windows 7, 2000, XP, or Vista.”

Configuring a Basic VPN

Use the basic VPN setup function to create a VPN with default values as proposed

by the VPN Consortium (VPNC) and a Pre-shared Key (PSK). You can change

these values later if you need to further configure any VPN parameters.

To configure a basic VPN:

STEP 1

Choose VPN > IPsec > Basic VPN Setup.

STEP

2

Choose to which peers the VPN tunnel will connect:

•

Gateway—Connects the Cisco RV120W to a gateway using a secure

tunnel.

•

VPN Client—Connects the Cisco RV120W to remote clients. The remote

clients must run VPN client software.

STEP

3

Enter a name for the connection. The connection name is used for management.

STEP

4

Enter a pre-shared key. The VPN client or gateway will need to enter this key to

establish the VPN connection.

STEP

5

Choose the type of address for the remote gateway, or the gateway to which the

Cisco RV120W will connect:

•

IP Address—Enter the IP address of the gateway in the field below.

•

FQDN (Fully-Qualified Domain Name)—Enter the domain name in the field

below (for example, http://www.cisco.com).

Page 103 / 163

Configuring Virtual Private Networks (VPNs) and Security

Configuring Advanced VPN Parameters

Cisco RV120W Administration Guide

94

5

STEP

6

Choose the type of address for the local gateway (the Cisco RV120W):

•

IP Address—Enter the IP address of the gateway in the box below.

•

FQDN (Fully-Qualified Domain Name)—Enter the domain name in the box

below (for example, http://www.cisco.com).

STEP

7

If you chose gateway in Step 2, enter the IP address and subnet mask of the

remote LAN. The remote gateway to which the Cisco RV120W will connect is

located on that LAN.

NOTE

The IP address range used on the remote LAN must be different from the IP

address range used on the local LAN.

STEP

8

Click Save.

Viewing the Default VPN Settings

To view the default VPN settings:

STEP 1

Choose VPN > IPsec > Basic VPN Setup.

STEP

2

Click View Default Settings. Settings cannot be changed from this page, but can

be configured through the Basic VPN Setup or Advanced VPN Setup menus.

Configuring Advanced VPN Parameters

The Advanced VPN Setup page allows you to configure advanced VPN

parameters, such as IKE and other VPN policies. These policies control how the

Cisco RV120W initiates and receives VPN connections with other endpoints.

Page 104 / 163

Configuring Virtual Private Networks (VPNs) and Security

Configuring Advanced VPN Parameters

Cisco RV120W Administration Guide

95

5

Configuring IKE Policies

The Internet Key Exchange (IKE) protocol dynamically exchanges keys between

two IPsec hosts. You can create IKE policies to define the security parameters

such as authentication of the peer, encryption algorithms, etc. to be used in this

process. Be sure to use compatible encryption, authentication, and key-group

parameters for the VPN policy.

To configure IKE Policies:

STEP 1

Choose VPN > IPsec > Advanced VPN Setup. In the IKE Policy table, click Add.

STEP

2

Under Policy Name, enter a unique name for the policy for identification and

management purposes.

STEP

3

Under Direction/Type, choose one of the following connection methods:

•

Initiator—The router will initiate the connection to the remote end.

•

Responder—The router will wait passively and respond to remote IKE

requests.

•

Both—The router will work in either Initiator or Responder mode.

STEP

4

Under Exchange Mode, choose one of the following options:

•

Main—This mode negotiates the tunnel with higher security, but is slower.

•

Aggressive—This mode establishes a faster connection, but with lowered

security.

NOTE

If either the Local or Remote identifier type is not an IP address, then

negotiation is only possible in Aggressive Mode. If FQDN, User FQDN or DER

ASN1 DN is selected, the router disables Main mode and sets the default to

Aggressive mode.

STEP

5

In the Local section, under Identifier Type, choose the Internet Security

Association and Key Management Protocol (ISAKMP) identifier for this router:

•

Local WAN (Internet) IP

•

FQDN

•

User-FQDN

•

DER ASN1 DN

Page 105 / 163

Configuring Virtual Private Networks (VPNs) and Security

Configuring Advanced VPN Parameters

Cisco RV120W Administration Guide

96

5

STEP

6

If you chose FQDN, User-FQDN, or DER ASN1 DN as the identifier type, enter the IP

address or domain name in the Identifier field.

STEP

7

In the Remote section, under Identifier Type, choose the ISAKMP identifier for this

router:

•

Remote WAN (Internet) IP

•

FQDN

•

User FQDN

•

DER ASN1 DN

STEP

8

If you chose FQDN, User-FQDN, or DER ASN1 DN as the identifier type, enter the IP

address or domain name in the Identifier field.

IKE SA Parameters

The Security Association (SA) parameters define the strength and mode for

negotiating the SA.

STEP 1

Choose the encryption algorithm, or the algorithm used to negotiate the SA:

•

DES

•

3DES

•

AES-128

•

AES-192

•

AES-256

STEP

2

Specify the authentication algorithm for the VPN header:

•

MD5

•

SHA-1

•

SHA2-256

•

SHA2-384

•

SHA2-512

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share