Linksys WRV200 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Linksys

WRV200

Page 26 / 72 Scroll up to view Page 21 - 25

Chapter µ

Configuring the Wireless-G Router

²±

Wireless-G VPN Router with RangeBooster

VPN > VPN Client Access

User Name

Enter a name for the VPN client.

Password

Enter a password for the VPN client.

Re-enter to confirm

Enter the password again to confirm

it.

Allow user to change password?

If you want to let the

user change his or her password from the user’s QuickVPN

client, select

Yes

When you have finished entering the user name and

password of the VPN client, click

Add/Save

to add the VPN

client to your list. A warning message will appear the first

time you add a VPN client. After all VPN clients are added

to the VPN Client List Table, click

Save Settings

VPN C;lient Access Warning

VPN Client List Table

No.

This is the number assigned to this VPN client. The

Router supports up to 10 QuickVPN clients.

Active

If you want to activate this VPN client, click the

Active

checkbox.

Username

The Username assigned to this VPN client will

be displayed here.

Password

The Password assigned to this VPN client will

be displayed here.

Edit/Remove

If you want to change the settings for a

VPN client, click

Edit

and then make your changes. If you

want to delete a VPN client from your list, click

Remove

Certificate Management

This section allows you to manage the certificate used

for securing the communication between the router and

QuickVPN clients.

Generate

Click this button to generate a new certificate

to replace the existing certificate on the router.

Export for Admin

Click this button to export the certificate

for administrator. A dialog will ask you to specify where

you want to store your certificate. The default file name

is “WRV200_Admin.pem” but you can use another name.

The certificate for administrator contains the private key

and needs to be stored in a safe place as a backup. If the

router’s configuration is reset to the factory default, this

certificate can be imported and restored on the router.

Export for Client

Click this button to export the certificate

for client. A dialog will ask where you want to store your

certificate. The default file name is “WRV200_Client.pem”

but you can use another name. For QuickVPN users to

securely connect to the router, this certificate needs to be

placed in the install directory of the QuickVPN client.

Import

Click this button to import a certificate previously

saved to a file using

Export for Admin

Export for

Client

. Enter the file name in the field or click

Browse

locate the file on your computer, then click

Import

When you have finished making changes to the screen,

click

Save Settings

to save the changes, or click

Cancel

Changes

to undo your changes. For help information,

click More.

VPN > VPN Passthrough

The

VPN > VPN Passthrough

screen is used to allow VPN

tunnels to pass through the Router’s firewall using IPSec,

L2TP, or PPTP protocols.

VPN > VPN Passthrough

IPSec PassThrough

Internet Protocol Security (IPSec) is

a suite of protocols used to implement secure exchange

of packets at the IP layer. IPSec Passthrough is enabled by

default to allow IPSec tunnels to pass through the Router.

To disable IPSec Passthrough, select

Disabled

Page 27 / 72

Chapter µ

Configuring the Wireless-G Router

²²

Wireless-G VPN Router with RangeBooster

PPTP PassThrough

Point-to-Point Tunneling Protocol

(PPTP) allows the Point-to-Point Protocol (PPP) to be

tunneled through an IP network. PPTP Passthrough is

enabled by default. To disable it, select

Disabled

L²TP PassThrough

Layer 2 Tunneling Protocol is the

method used to enable Point-to-Point sessions via the

Internet on the Layer 2 level. L2TP Passthrough is enabled

by default. To disable L2TP Passthrough, select

Disabled

When you have finished making changes to the screen,

click

Save Settings

to save the changes, or click

Cancel

Changes

to undo your changes. For help information,

click More.

VPN > IPSec VPN

The

VPN > IPSec VPN

screen is used to create and configure

a Virtual Private Network (VPN) tunnel.

VPN > IPSec VPN

Tunnel Entry

To create a new tunnel, select

new.

configure an existing tunnel, select it from the drop-down

menu.

VPN Tunnel

Check the

Enabled

option to enable this

tunnel.

Tunnel Name

Enter a name for this tunnel, such as

“Anaheim Office”.

NAT-Traversal

You can enable NAT-Traversal to support

the remote IPSec peer operating behind a NAT device. To

enable NAT traversal, check the

Enabled

option. If NAT

traversal is enabled, the

Remote Secure Group

and

Remote

Secure Gateway

must be set to

Any

Advanced Settings

To define allowable remote private

networks, click

Advanced Settings

A screen appears

with the following settings.

Allowable Remote Private Networks

You can select

Allow All

to allow the peer to sit in any private network

that is behind a NAT, or

By Manual Setting

to indicate

designated private networks manually.

Manual Setting

Enter the IP Address and Mask of

what you want to accept that remote peer sat behind

NAT. Click the checkbox and then click

Save Settings

to save and enable your new configuration.

NAT Traversal Advanced Settings

Local Secure Group

The Local Secure Group is the computer(s) on your LAN

that can access the tunnel.

Type

From the drop-down menu, select

Subnet

, to

include the entire network for the tunnel; select

Address

if you want a specific computer; or select

Host

which is used with Port Forwarding to direct the traffic to

the correct computer. The screen will change depending

on the selected option. The options are described below.

Subnet

Enter the

IP Address

and

Mask

of the local

VPN Router in the fields provided. To allow access

to the entire IP subnet, enter 0 for the last set of IP

Addresses (e.g., 192.168.1.0).

IP Addr.

Enter the IP Address of the local VPN Router.

The Mask will be displayed.

Host

The VPN tunnel will terminate at the router with

this setting. Use Port Range Forwarding to direct traffic

to the correct computer. Refer to the

Firewall > Port

Range Forwarding

screen.

Remote Secure Group

The Remote Secure Group is the computer(s) on the

remote end of the tunnel that can access the tunnel.

Type

From the drop-down menu, select

Subnet

, to

include the entire network for the tunnel; select

address

if you want a specific computer; select

Host

, if

•

Page 28 / 72

Chapter µ

Configuring the Wireless-G Router

²³

Wireless-G VPN Router with RangeBooster

the VPN will terminate at the Router, instead of the PC;

Any

, to allow any computer to access the tunnel. The

screen will change depending on the selected option. The

options are described below.

Subnet

Enter the IP Address and Mask of the remote

VPN router in the fields provided. To allow access to the

entire IP subnet, enter

for the last set of IP Addresses

(e.g., 192.168.1.0).

IP Addr.

Enter the IP Address of the remote VPN

router. The Mask will be displayed.

Host

The VPN tunnel will terminate at the router with

this setting. Use Port Range Forwarding to direct traffic

to the correct computer. Refer to the

Firewall > Port

Range Forwarding

screen.

Any

Allows any computer to access the tunnel.

Remote Secure Gateway

The Remote Secure Gateway is the VPN device, such as a

second VPN router, on the remote end of the VPN tunnel.

Enter the IP Address of the VPN device at the other end

of the tunnel. The remote VPN device can be another

VPN router, a VPN server, or a computer with VPN client

software that supports IPSec. The IP address may either be

static (permanent) or dynamic, depending on the settings

of the remote VPN device.

If the IP Address is static, select

IP Addr.

and enter the IP

address. Make sure that you have entered the IP address

correctly, or the connection cannot be made. Remember,

this is NOT the IP address of the local VPN Router; it is the

IP address of the remote VPN router or device with which

you wish to communicate. If the IP address is dynamic,

select

FQDN

for DDNS or

Any

. If FQDN is selected, enter

the domain name of the remote router, so the Router can

locate a current IP address using DDNS. If

Any

is selected,

then the Router will accept requests from any IP address.

Key Management

Key Exchange Method

IKE is an Internet Key Exchange

protocol used to negotiate key material for Security

Association

(SA).

IKE

uses

the

Pre-shared

Key

authenticate the remote IDE peer. Select

Auto (IKE)

for the

Key Exchange Method. Both ends of a VPN tunnel must

use the same mode of key management. The settings

available on this screen may change, depending on the

selection you have made.

Operation Mode

Use this option to set the operation

mode to

Main

(default) or

Aggressive

. Main Mode

operation is supported in ISAKMP SA establishment.

ISAKMP Encryption Method

There are four different

types of encryption:

³DES

AES-±²8

AES-±9²

, or

AES-

²µ¶

. You may choose any of these, but it must be the

•

same type of encryption that is being used by the VPN

device at the other end of the tunnel.

ISAKMP Authentication Method

There are two types

of authentication: MD5 and SHA (SHA is recommended

because it is more secure). As with encryption, either

of these may be selected, provided that the VPN device

at the other end of the tunnel is using the same type of

authentication.

ISAKMP

Group

This

for

Diffie-Hellman

key

negotiation. There are 7 groups available for ISAKMP SA

establishment. Group 1024, 1536, 2048, 3072, 4096, 6144,

and 8192 represent different bits used in Diffie-Hellman

mode operation. The default value is

±0²´

ISAKMP Key Lifetime(s)

This field specifies how long

an ISAKMP key channel should be kept, before being

renegotiated.

The default is

²8800

seconds.

PFS

PFS (Perfect Forward Secrecy) ensures that the initial

key exchange and IKE proposals are secure. To use PFS,

click the

Enabled

radio button.

IPSec Encryption Method

Using encryption also helps

make your connection more secure. There are four

different types of encryption:

³DES

AES-±²8

AES-±9²

AES-²µ¶

. You may choose any of these, but it must be

the same type of encryption that is being used by the VPN

device at the other end of the tunnel.

IPSec

Authentication

Method

Authentication

acts

as another level of security. There are two types of

authentication: MD5 and SHA (SHA is recommended

because it is more secure). As with encryption, either

of these may be selected, provided that the VPN device

at the other end of the tunnel is using the same type of

authentication. Or, both ends of the tunnel may choose to

disable authentication.

IPSec DH Group

This is the same as the

ISAKMP DH Group

setting.

IPSec Key Lifetime(s)

In this field, you may optionally

select to have the key expire at the end of a time period of

your choosing. Enter the number of seconds you’d like the

key to be used until a re-key negotiation between each

endpoint is completed. The default is

³¶00

seconds.

Pre-shared Key

Enter a series of numbers or letters in

the

Pre-shared Key

field. Based on this word, which MUST

be entered at both ends of the tunnel, a key is generated

to scramble (encrypt) the data being transmitted over the

tunnel, where it is unscrambled (decrypted). You may use

any combination of up to 24 numbers or letters in this

field. No special characters or spaces are allowed.

Tunnel Options

Dead

Peer

Detection

You

can

select

Dead

Peer

Detection

(DPD) to detect the status of a remote Peer.

Page 29 / 72

Chapter µ

Configuring the Wireless-G Router

²´

Wireless-G VPN Router with RangeBooster

DPD will issue DPD packets (ISAKMP format) to query a

remote peer, and wait for a reply to recognize that it is

still alive. There are 3 auxiliary options: Detection Delay(s),

Detection Timeout(s), and DPD Action for DPD.

Detection Delay(s)

You can indicate the interval between

DPD query packets. The default value is

³0

seconds.

Detection Timeout(s)

You can indicate the length of

timeout when DPD cannot hear any DPD reply. The default

value is

±²0

seconds.

DPD Action

When DPD Timeout expires, the DPD will take

DPD Action to deal with the connection. You can select

Wait for Response to still wait for remote peer response, or

select

Suspend Connection

to stop passively recovering

the connection or select

Recover Connection

If IKE failed more than _times, block this unauthorized

IP for _ seconds

This feature is enabled by default. It

enables the Router to block unauthorized IP addresses.

Specify the number of times IKE must fail before the Router

blocks that unauthorized IP address.

Anti-replay

This protects the Router from anti-replay

attacks, when people try to capture your authentication

packets in an attempt to gain access. The feature is

enabled by default.

When you have finished making changes to the screen,

click

Save Settings

to save the changes, or click

Cancel

Changes

to undo your changes. For help information,

click More.

VPN > VPN Summary

This page summarizes the comprehensive details of IPSec

VPN Tunnels that include Tunnel Name, Remote Gateway,

Remote Group, Local Group, Key Methods, Tunnel Status,

and Start/Stop/Detail Connection. Each field displays

information according to a pre-configured value of IPSec

tunnel separately, and each IPSec tunnel can be easily

commanded to start/stop connection here. VPN Summary

can help an administrator to manage and examine all

IPSec tunnels status.

Tunnel Name

The field displays the name of the tunnel.

Remote Gateway

The field displays the remote gateway.

If the pre-configured type is IP Addr., the field displays the

IP address of remote gateway. If the pre-configured type

of remote gateway is Any, the field displays ANY. If the

pre-configured type is FQDN, the field displays the FQDN

string directly.

Remote Group

The field displays the remote peer that

is designated for VPN communication after a IPSec VPN

tunnel is established. If the pre-configured type of the

remote group is IP Addr., the field displays the IP address

of the remote peer. If the pre-configured type of the

remote group is Subnet, the field displays the subnet type

“IP Address/Mask”. If the pre-configured type of remote

group is Host or Any, the field displays the “Host” or “Any”

directly.

Local Group

The field displays the local peer that is

designated for VPN communication after an IPSec VPN

tunnel is established. If the pre-configured type of local

group is IP Addr., the field displays the IP address of the

local peer. If the pre-configured type of local group is

Subnet, the field displays the subnet type “IP Address/

Mask”. If the pre-configured type of local group is Host,

the field displays the “Host” directly.

Key Methods

The field displays the IPSec authentication

and encryption key methods of the Key exchange Method

that is followed with the setting value of the Password

Forward Secrecy.

Tunnel Status

The field displays the status of IPSec

Tunnel as follows.

The Tunnel is Connected.

Try to Connect to Remote Peer.

Stop

The Tunnel is Stopped.

The Tunnel is Disabled.

Any

The Tunnel always waits for the connection from

the remote initiator.

NAT-T

The Tunnel enables the NAT-Traversal to allow

the remote initiator that is behind the NAT to construct

this IPSec Tunnel.

Start/Stop/Restart Connection

You can manually start/

stop IPSec connection according to pre-configured tunnel

settings. If the pre-configured type of remote gateway or

remote group is either

Any

NAT-Traversal

, the

Detai

button can also examine Remote Security Gateway

information.

•

Page 30 / 72

Chapter µ

Configuring the Wireless-G Router

²µ

Wireless-G VPN Router with RangeBooster

Detail

Each Tunnel has a

Detail

button. This button will

become available when a Tunnel Status reveals a “C”, “T”,

“Any”, and “ NAT-T”. When you press the Detail button, a

“VPN Advanced Tunnel Information” screen appears. This

feature provides more detailed information for advanced

configuration and management. VPN Advanced Tunnel

Information will show Advanced Tunnel Information and

Remote Security Gateway.

VPN Log Button

Use to check the overall related VPN

behaviors and contact messages of a VPN Tunnel and

VPN Client. Click this button to view the VPN operation

situation. If you want to clear this log information, click

Clear Log Now

Click the

Refresh

button to update the on-screen

information.

QoS

Quality of Service (QoS) ensures better service to high-

priority service. The QoS tab allows you to configure the

Router’s QoS settings.

QoS > Application-Based QoS

Application-based QoS involves Internet traffic, which

may involve demanding, real-time applications, such as

videoconferencing. To enable Application-based QoS,

you can select either

Priority Queue

Bandwidth

Allocation

. The remaining fields in the screen depend on

the selection.

Priority Queue

QoS > Application Based QoS - Priority Queue

Application-based QoS manages information as it is

transmitted from LAN to WAN. Depending on the settings

of the Priority Queue, this feature will assign information a

high or low priority for the five preset applications and up

to thirteen additional applications that you specify.

High Priority and Low Priority

For each application,

select

High Priority

Low Priority

. The packets will be

put into High or Low Priority Queue for the egress port of

WAN according to your settings.

Specific Port #

You can add up to thirteen additional

applications by entering their respective application port

numbers in the

Specific Port #

field.

Bandwidth Allocation

QoS > Application Based QoS - Bandwidth Allocation

For each of the three Application Level Gateways (ALGs),

you can choose a Bandwidth Allocation Policy from

Guaranteed

and

Spare

with a specified percentage value

to control the bandwidth utilization from LAN to WAN. It

depends on the specified policy to let the bandwidth be

reserved or shared with the applications. Guaranteed will

reserve specific bandwidth for the applications and Spare

will use the remaining bandwidth for other applications.

User Define Button

You can define the policies regarding

source or destination IP, protocol and port number. You

also can mark the DSCP field with specific value to egress

packets. The bandwidth utilization could be controlled

from LAN to WAN.

When you have finished making changes to the screen,

click

Save Settings

to save the changes, or click

Cancel

Changes

to undo your changes. For help information,

click

QoS > Port-Based QoS

Port-based QoS ensures better service to a specific LAN port.

QoS > Port-Based QoS

Priority

Select the QoS priority for each LAN port. High/

Low setting will queue all egress packets from this port

Rate

Popular Linksys Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share