1. Home
    2. /
  2. Manuals
    3. /
  3. Linksys
    4. /
  4. RVS4000
    5. /
  5. 8
Page 36 / 105 Scroll up to view Page 31 - 35
27
Chapter 6: Setting Up and Configuring the Router
Firewall Tab
4-Port Gigabit Security Router with VPN
8.
You can filter access to various applications accessed over the Internet, such as FTP or telnet, by selecting up
to two services to block in the
Blocked Services
section. The block services select list offers a choice of
preset applications. If you select a preset application, its port numbers and protocol are displayed and can not
be changed. If the application you want to block is not listed, select User-Defined, then you can enter the port
range and protocol for the service you wish to block. To remove the blocking, select “None” in the service list.
9.
Click the
Save Settings
button to save the policy settings.
Single Port Forwarding
Application Name
. Enter the name of the application you wish to configure.
External Port
. This is the port number used by the server or Internet application. Internet users must connect
using this port number. Check with the software documentation of the Internet application for more information.
Internal Port
. This is the port number used by the Router when forwarding Internet traffic to the PC or server on
your LAN. Normally, this is the same as the External Port number. If it is different, the Router performs a “Port
Translation”, so that the port number used by Internet users is different to the port number used by the server or
Internet application.
For example, you could configure your Web Server to accept connections on both port 80 (standard) and port
8080. Then enable Port Forwarding, and set the External Port to 80, and the Internal Port to 8080. Now, any traffic
from the Internet to your Web server will be using port 8080, even though the Internet users used the standard
port, 80. (Users on the local LAN can and should connect to your Web Server using the standard port 80.)
Protocol
. Select the protocol used for this application, TCP and/or UDP.
IP Address
. For each application, enter the IP address of the PC running the specific application.
Enabled
. Click the Enabled checkbox to enable port forwarding for the relevant application.
Port Range Forwarding
Application
. Enter the name of the application you wish to configure.
Start
. This is the beginning of the port range. Enter the beginning of the range of port numbers (external ports)
used by the server or Internet application. Check with the software documentation of the Internet application for
more information if necessary.
Figure 6-20: Single Port Forwarding
Figure 6-21: Port Range Forwarding
Downloaded from
www.Manualslib.com
manuals search engine
Page 37 / 105
28
Chapter 6: Setting Up and Configuring the Router
VPN Tab
4-Port Gigabit Security Router with VPN
End
. This is the end of the port range. Enter the end of the range of port numbers (external ports) used by the
server or Internet application. Check with the software documentation of the Internet application for more
information if necessary.
Protocol
. Select the protocol(s) used for this application, TCP and/or UDP.
IP Address
. For each application, enter the IP address of the PC running the specific application.
Enabled
. Click the Enabled checkbox to enable port range forwarding for the relevant application.
Port Range Triggering
Application Name
. Enter the name of the application you wish to configure.
Triggered Range
. For each application, list the triggered port number range. These are the ports used by
outgoing traffic. Check with the Internet application documentation for the port number(s) needed. In the first
field, enter the starting port number of the Triggered Range. In the second field, enter the ending port number of
the Triggered Range.
Forwarded Range
. For each application, list the forwarded port number range. These are the ports used by
incoming traffic. Check with the Internet application documentation for the port number(s) needed. In the first
field, enter the starting port number of the Forwarded Range. In the second field, enter the ending port number of
the Forwarded Range.
Enabled
. Click the Enabled checkbox to enable port range triggering for the relevant application.
VPN Tab
IPSec VPN
Select Tunnel Entry
. Select a tunnel to configure.
Delete Button
. Click this button to delete all settings for the selected tunnel.
Summary Button
. Clicking this button shows the settings and status of all enabled tunnels.
IPSec VPN Tunnel
. Check the Enable option to enable this tunnel.
Tunnel Name
. Enter a name for this tunnel, such as “Anaheim Office”.
Figure 6-22: Port Range Triggering
Figure 6-23: VPN
Downloaded from
www.Manualslib.com
manuals search engine
Page 38 / 105
29
Chapter 6: Setting Up and Configuring the Router
VPN Tab
4-Port Gigabit Security Router with VPN
Local Security Group
Local Security Group Type
. Select the local LAN user(s) behind the router that can use this VPN tunnel. This may
be a single IP address or Sub-network. Notice that the Local Security Group must match the other router's
Remote Security Group.
IP Address
. Enter the IP address on the local network.
Subnet Mask
. If the “Subnet” option is selected, enter the mask to determine the IP addresses on the local
network.
Remote Security Group
Remote Security Group
. Select the remote LAN user(s) behind the remote gateway who can use this VPN tunnel.
This may be a single IP address, a Sub-network, or any addresses. If “Any” is set, the router acts as responder
and accepts request from any remote user. Notice that the Remote Security Group must match the other router's
Local Security Group.
IP Address
. Enter the IP address on the remote network.
Subnet Mask
. If the “Subnet” option is selected, enter the mask to determine the IP addresses on the remote
network.
Remote Security Gateway
Remote Security Gateway Type
. Select the desired option - IP address or “Any”. If the remote gateway has a
dynamic IP address, select “Any”.
IP Address
. The IP address in this field must match the public IP address (i.e. WAN IP Address) of the remote
gateway at the other end of this tunnel.
Key Management
Key Exchange Method
. The router supports both automatic and manual key management. When choosing
automatic key management, IKE (Internet Key Exchange) protocols are used to negotiate key material for SA. If
manual key management is selected, no key negotiation is needed. Basically, manual key management is used in
small static environments or for troubleshooting purpose. Notice that both sides must use the same Key
Management method.
Auto IKE
Downloaded from
www.Manualslib.com
manuals search engine
Page 39 / 105
30
Chapter 6: Setting Up and Configuring the Router
VPN Tab
4-Port Gigabit Security Router with VPN
Encryption
. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets.
Only 3DES is supported. Notice that both sides must use the same Encryption method.
Authentication
. Authentication determines a method to authenticate the ESP packets. Either MD5 or SHA1
may be selected. Notice that both sides (VPN endpoints) must use the same Authentication method.
MD5: A one way hashing algorithm that produces a 128-bit digest.
SHA1: A one way hashing algorithm that produces a 160-bit digest.
PFS
. If PFS is enabled, IKE Phase 2 negotiation will generate a new key material for IP traffic encryption and
authentication. Note: that both sides must have this selected.
Pre-Shared Key
. IKE uses the Pre-shared Key field to authenticate the remote IKE peer. Both character and
hexadecimal values are acceptable in this field. e.g. “My_@123” or “0x4d795f40313233” Note: that both
sides must use the same Pre-shared Key.
Key Life Time
. This field specifies the lifetime of the IKE generated key. If the time expires, a new key will be
renegotiated automatically. The Key Life Time may range from 300 to 100,000,000 seconds. The default Life
Time is 3600 seconds.
Manual
Encryption Algorithm
. The Encryption method determines the length of the key used to encrypt/decrypt ESP
packets. Only 3DES is supported. Notice that both sides must use the same Encryption method.
Encryption Key
. This field specifies a key used to encrypt and decrypt IP traffic. Both character and
hexadecimal value are acceptable in this field. Note: that both sides must use the same Encryption Key.
Authentication Algorithm
. Authentication determines a method to authenticate the ESP packets. Either MD5
or SHA1 may be selected. Notice that both sides (VPN endpoints) must use the same Authentication method.
MD5: A one way hashing algorithm that produces a 128-bit digest.
SHA1: A one way hashing algorithm that produces a 160-bit digest.
Authentication Key
. This field specifies a key used to authenticate IP traffic. Both character and hexadecimal
values are acceptable in this field. Note: that both sides must use the same Authentication Key.
Inbound SPI/Outbound SPI
. The SPI (Security Parameter Index) is carried in the ESP header. This enables
the receiver to select the SA, under which a packet should be processed. The SPI is a 32-bit value. Both
decimal and hexadecimal values are acceptable. e.g. “987654321” or “0x3ade68b1”. Each tunnel must have
Downloaded from
www.Manualslib.com
manuals search engine
Page 40 / 105
31
Chapter 6: Setting Up and Configuring the Router
VPN Tab
4-Port Gigabit Security Router with VPN
unique an Inbound SPI and Outbound SPI. No two tunnels share the same SPI. Notice that Inbound SPI must
match the other router's Outbound SPI, and vice versa.
Status
Status
. This field shows the connection status for the selected tunnel. The state is either connected or
disconnected.
Connect button
. Use this to establish a connection for the current VPN tunnel. If you have made any changes,
click Save Settings to first apply your changes.
Disconnect button
. Use this to break a connection for the current VPN tunnel.
View Log button
. Click this to view the VPN log, which shows details of each tunnel established.
Advanced Settings button
. If the Key Exchange Method is Auto (IKE), this button provides access to some
additional settings relating to IKE. Use this if this router is unable to establish a VPN tunnel to the remote VPN
Gateway; ensure the Advanced Settings match those on the remote VPN Gateway.
Advanced Settings
Phase 1
Operation Mode
. Select the method to match the remote VPN endpoint.
Main: Main Mode is slower but more secure.
Aggressive: Aggressive mode is faster but less secure.
Local Identity
. Select the desired option to match the “Remote Identity” setting at the other end of this
tunnel.
Local IP address: Your WAN IP Address.
Name: Your domain name.
Remote Identity
. Select the desired option to match the “Local Identity” setting at the other end of this
tunnel.
Local IP address: WAN IP Address of the remote VPN endpoint.
Name: Domain name of the remote VPN endpoint.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

3.5 / 5 based on 2 votes.

Popular Linksys Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top