1. Home
    2. /
  2. Manuals
    3. /
  3. Cisco
    4. /
  4. RV-120W
    5. /
  5. 24
Page 116 / 163 Scroll up to view Page 111 - 115
Configuring Virtual Private Networks (VPNs) and Security
Configuring Security
Cisco RV120W Administration Guide
107
5
To configure VPN passthrough:
STEP 1
Choose VPN > IPsec > VPN Passthrough.
STEP
2
Choose the type of traffic to allow to pass through the router:
IPsec—Check Enable to allow IP security tunnels to pass through the router.
PPTP—Check Enable to allow Point-to-Point Tunneling Protocol tunnels to
pass through the router.
L2TP—Check Enable to allow Layer 2 Tunneling Protocol tunnels to pass
through the router.
STEP
3
Click Save.
Configuring Security
The Cisco RV120W provides several security methods, including certificate
authentication, RADIUS server support, and 802.1x port-based authentication.
Using Certificates for Authentication
The Cisco RV120W uses digital certificates for IPsec VPN authentication and SSL
validation (for HTTPS and SSL VPN authentication). You can obtain a digital
certificate from a well-known Certificate Authority (CA) such as VeriSign, or
generate and sign your own certificate using functionality available on this
gateway. The gateway comes with a self-signed certificate, and this can be
replaced by one signed by a CA as per your networking requirements.
A CA
certificate provides strong assurance of the server's identity and is a requirement
for most corporate network VPN solutions.
A self certificate is a certificate issued by a CA identifying your device (or self-
signed if you don't want the identity protection of a CA). To request a self
certificate to be signed by a CA, you can generate a Certificate Signing Request
from the gateway by entering identification parameters and sending to the CA for
signing.
Once signed, the CA's Trusted Certificate and signed certificate from the
CA are uploaded to activate the self-certificate validating the identity of this
gateway. The self certificate is then used in IPsec and SSL connections with peers
to validate the gateway's authenticity.
Page 117 / 163
Configuring Virtual Private Networks (VPNs) and Security
Configuring Security
Cisco RV120W Administration Guide
108
5
To configure certificates, choose Security > SSL Certificate. You can choose the
following options:
Generating New Certificates
One of the steps in creating a certificate is to generate a certificate request from
the computer or the device that will be using the certificate. The Certificate
Signing Request (CSR) file needs to be submitted to the CA who will then
generate a certificate for this device.
To generate a certificate request:
STEP 1
Choose Security > SSL Certificate.
STEP
2
Choose Generate a New Certificate.
STEP
3
Click Generate Certificate.
STEP
4
Enter the name of the certificate request.
STEP
5
Enter the subject of the certificate request. The Subject field populates the CN
(Common Name) entry of the generated certificate. Subject names are usually
defined in the following format: CN=, OU=, O=, L=, ST=, C=. For example,
CN=router1, OU=my_company, O=mydept, L=SFO, C=US.
STEP
6
Choose the Hash Algorithm: MD5 or SHA-1. The algorithm used to sign the
certificate (RSA) is shown.
STEP
7
Enter the signature key length, or the length of the signature (512,1024, or 2048).
STEP
8
(Optional) Enter the IP address of the router.
STEP
9
(Optional) Enter the domain name of the router.
STEP 10
(Optional) Enter the e-mail address of the company contact that is used when
generating the self certificate request.
STEP 11
Click Generate. A new certificate request is created.
Importing a Certificate from a File
To import a certificate from a file (for example, if you have been given a certificate
from a CA), the file must be on a computer connected to the Cisco RV120W:
Page 118 / 163
Configuring Virtual Private Networks (VPNs) and Security
Configuring Security
Cisco RV120W Administration Guide
109
5
STEP 1
Choose Security > SSL Certificate.
STEP
2
Click Import Certificate from a File.
STEP
3
Click Browse to locate the certificate on the computer:
Trusted Certificate—The certificate received from the Certificate Authority
(for example, Microsoft, VeriSign, etc.)
Active Self Certificate—The self certificate generated by the Cisco
RV120W.
STEP
4
Click Install Certificate.
Exporting the Router’s Current Certificate
To export the router’s current certificate:
STEP 1
Choose Security > SSL Certificate.
STEP
2
Under Export Certificate, click the following:
Export for Admin—Export the certificate for administrative backup
purposes.
Export for Client—Export the certificate to be downloaded on an endpoint
that will connect to the Cisco RV120W as a VPN client.
Using the Cisco RV120W With a RADIUS Server
A RADIUS server can be configured to maintain a database of user accounts and
can be used for authenticating this device's users. To configure a connection with a
RADIUS server, choose Security > RADIUS Server. You can configure and view the
following details in the RADIUS configuration pages:
IP address—The IP address of the authenticating RADIUS server.
Authentication Port—The RADIUS authentication server's port number used
to send RADIUS traffic.
Timeout—The timeout interval (in seconds) after which the Cisco RV120W
re-authenticates with the RADIUS server.
Page 119 / 163
Configuring Virtual Private Networks (VPNs) and Security
Configuring Security
Cisco RV120W Administration Guide
110
5
Retries—The number of retries for the Cisco RV120W to re-authenticate
with the RADIUS server. If the number of retries is exceeded, authentication
of this device with the RADIUS server has failed.
To configure a connection with a RADIUS server:
STEP 1
In the RADIUS Server Table, click Add.
STEP
2
In the Authentication Server IP Address field, enter the IP address of the
authenticating RADIUS Server.
STEP
3
In the Authentication Port field, enter the port number on which the RADIUS server
sends traffic.
STEP
4
In the Secret field, enter the shared key that allows the Cisco RV120W to
authenticate with the RADIUS server. This key must match the key configured on
the RADIUS server. The single quote, double quote, and space characters are not
allowed in this field.
STEP
5
In the Timeout field, enter the timeout interval after which the Cisco RV120W re-
authenticates with the RADIUS server.
STEP
6
In the Retries field, enter the number of retries for the Cisco RV120W to re-
authenticate with the RADIUS server.
STEP
7
Click Save.
Configuring 802.1x Port-Based Authentication
A port-based network access control uses the physical access characteristics of
IEEE 802 LAN infrastructures in order to provide a means of authenticating and
authorizing devices attached to a LAN port that has point-to-point connection
characteristics. It also prevents access to that port in cases where the
authentication fails. It provides an authentication mechanism to devices trying to
connect to a LAN. The Cisco RV120W acts as a supplicant in the 802.1x
authentication system.
To configure 802.1x Authentication:
STEP 1
Choose Security > 802.1x Configuration.
STEP
2
Check the Enable box to configure a port as an 802.1x supplicant.
STEP
3
Select the LAN port that should be configured as an 802.1x supplicant.
Page 120 / 163
Configuring Virtual Private Networks (VPNs) and Security
Configuring Security
Cisco RV120W Administration Guide
111
5
STEP
4
Enter the username and password sent by the Cisco RV120W to the authenticator
for authentication. The username and password are the credentials sent to the
authenticating server (the device running 802.1X in an authenticator role; for
example, a Cisco Catalyst switch).
STEP
5
Press Save.

Rate

4 / 5 based on 1 vote.

Popular Cisco Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top