Cisco RV130 Router Manual PDF (Setup & Configuration Guide)

Page 101 / 141 Scroll up to view Page 96 - 100

Configuring the Firewall

Configuring Port Forwarding

Cisco RV130/130W Wireless Multifunction VPN Router Administration Guide

98

5

Page 102 / 141

6

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

99

Configuring VPN

•

Configuring Site-to-Site IPsec VPN Advanced Parameters, page101

•

Configuring IPsec VPN Server, page 105

•

Configuring PPTP, page 107

VPN Tunnel Types

You can configure VPN on your device to provide you a secure communication

channel or a tunnel between:

•

Two gateway routers

•

A remote client device and a gateway router

Configuring Basic Site-to-Site IPsec VPN

Your device supports site-to-site IPsec VPN for a single gateway-to-gateway VPN

tunnel. After configuring these basic VPN settings, you can connect securely to

another VPN-enabled router. For example, you can configure your device at a

branch site to connect to a router that connects site-to-site VPN tunnels at the

corporate site, so that the branch site has secure access to the corporate network.

To configure basic VPN settings for a site-to-site IPsec connection:

STEP 1

Choose

VPN >

Site-to-Site IPsec VPN

>

Basic VPN Setup

.

STEP

2

In the New Connection Name field, enter a name for the VPN tunnel.

STEP

3

In the Pre-Shared Key field, enter the pre-shared key, or password, that will be

exchanged between the two routers. It must be between 8 and 49 characters.

STEP

4

In the Endpoint Information fields, enter the following information:

Page 103 / 141

Configuring VPN

Configuring Basic Site-to-Site IPsec VPN

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

100

6

•

Remote Endpoint

—Choose if the router to which your device will connect

will be identified by its IP address or by a fully qualified domain name. For

example, an IP address such as 192.168.1.1 or a fully qualified domain name

such as cisco.com.

•

Remote WAN (Internet) IP Address

—Enter the public IP address or domain

name of the remote endpoint.

•

Local WAN (Internet) IP Address—Enter the public IP address or domain

name of your device.

STEP

5

In the Secure Connection Remote Accessibility fields, enter the following

information:

•

Remote LAN (Local Network) IP Address

—The private network (LAN)

address of the remote endpoint. This is the IP address of the internal network

at the remote site.

•

Remote LAN Subnet Mask

—The private network (LAN) subnet mask of the

remote endpoint.

•

Local LAN (Local Network) IP Address

—The private network (LAN)

address of the local network. This is the IP address of the internal network

on the device.

•

Local LAN (Local Network) Subnet Mask

—The private network (LAN)

subnet mask of the local network.

Note: The remote WAN and remote LAN IP addresses cannot exist on the same

subnet. For example, a remote LAN IP address of 192.168.1.100 and a local LAN IP

address of 192.168.1.115 causes a conflict when traffic is routed over the VPN. The

third octet must be different so that the IP addresses are on different subnets. For

example, a remote LAN IP address of 192.168.1.100 and a local LAN IP address of

192.168.2.100 is acceptable.

STEP

6

Click

Save

.

Viewing Default Values

Click

View Default Settings

to view the default values used in the basic VPN

settings. These values are proposed by the VPN consortium and assume that you

are using a pre-shared key, or password that is known to both your device and the

remote endpoint.

Page 104 / 141

Configuring VPN

Configuring Site-to-Site IPsec VPN Advanced Parameters

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

101

6

Configuring Site-to-Site IPsec VPN Advanced Parameters

Advanced VPN parameters such as IKE and other VPN policies control how the

device initiates and receives VPN connections.

To configure advanced VPN parameters, choose VPN > Site-to-Site IPsec VPN >

Advanced VPN Setup.

Managing IKE Policies

The Internet Key Exchange (IKE) protocol dynamically exchanges keys between

two IPsec hosts. You can create IKE policies to define the security parameters to

be used when exchanging data with the remote router over the IPsec VPN

connection. For example, you can create IKE policies to define parameters for peer

authentication and encryption algorithms. Ensure that the encryption,

authentication, and key-group parameters in your VPN policy. are compatible with

settings at the remote router.

To add an IKE policy

:

STEP 1

On the Advanced VPN Setup page, click Add Row.

STEP

2

Enter a unique name for the IKE policy to identify and manage the policy easily.

STEP

3

In the Exchange Mode

field, choose one of the following modes for the policy:

•

Main

—Negotiates the tunnel with higher security, but is slower.

•

Aggressive

—Establishes a faster connection, but with lowered security.

STEP

4

In the Local Identifier and Remote Identifier

fields, indicate if you want to identify

your device and the remote router by their real IP address or their public IP

address. If you select IP address, enter the real IP address of your device and the

remote router.

STEP

5

In the IKE SA Parameters section, configure parameters to define the strength and

mode for negotiating Security Association (SA) between your device and the

remote router:

a.

In the

Encryption Algorithm

field, choose the algorithm to encrypt data.

b.

In the

Authentication Algorithm

field, specify the authentication algorithm for

the VPN header. Ensure that the authentication algorithm is configured

identically on both sides of the VPN tunnel.

Page 105 / 141

Configuring VPN

Configuring Site-to-Site IPsec VPN Advanced Parameters

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

102

6

c.

In the

Pre-Shared Key

field, enter the key or password. Ensure that the

password does not contain double-quotes (“).

d.

In the

Diffie-Hellman (DH) Group

field, specify the DH Group algorithm used

when exchanging a pre-shared key. The DH Group sets the strength of the

algorithm in bits. Ensure that the DH Group is configured identically on both

sides of the IKE policy.

e.

In the SA-Lifetime field, enter the interval, in seconds, after which the Security

Association becomes invalid.

f.

To enable the

Dead Peer Detection

feature, check the

Enable

box. Dead Peer

Detection (DPD) is used to detect if the peer is alive. If the peer is detected as

dead, the device deletes the IPsec and IKE Security Association. If you enable

this feature, also enter these settings:

-

DPD Delay—

The interval, in seconds, between consecutive DPD R-U-

THERE messages. DPD R-U-THERE messages are sent only when the

IPsec traffic is idle.

-

DPD Timeout—

The maximum time that the device should wait to

receive a response to the DPD message before considering the peer to

be dead.

STEP

6

Click Save.

NOTE

If you have a VPN connection already configured, you cannot add another without

deleting the existing VPN connection.

Managing VPN Policies

NOTE

Before you create an Auto VPN Policy, ensure that you create the IKE policy based

on which you want to create the auto VPN policy.

To manage VPN policies:

STEP 1

Choose

VPN > Site-to-Site IPsec VPN > Advanced VPN Setup

. Click

Add Row

.

STEP

2

In the

Add / Edit VPN Policy Configuration

section:

a.

In the

Policy Name

field, enter a unique name to identify the policy.

b.

In the

Policy Type

field, choose one of the following options:

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share