USER GUIDE EtherFast® Cable/DSL VPN Router with 4-Port Switch Model: BEFVP41 (EU/LA)
About This Guide About This Guide Icon Descriptions While reading through the User Guide you may see various icons that call attention to specific items. Below is a description of these icons: NOTE: This check mark indicates that there is a note of interest and is something that you should pay special attention to while using the product. WARNING: This exclamation point indicates that there is a caution or warning and it is something that could damage your property or product.
Table of Contents Chapter 1: Introduction 1 Introduction to VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 VPN Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 VPN Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Appendix E: Regulatory Information 25 FCC Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Safety Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Industry Canada Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introduction Chapter 1 Chapter 1: Introduction Thank you for choosing the Linksys by Cisco EtherFast Cable/DSL VPN Router with 4-Port Switch. The Router lets you access the Internet through its four switched ports. You can also use the Router to share resources such as computers, printers and files. A variety of security features help to protect your data and your privacy while online. Security features include Virtual Private Network (VPN) technology and a Stateful Packet Inspection (SPI) firewall.
Introduction Chapter 1 Off-Site Internet There are additional ways to enhance data security beyond the VPN Router. Here are some suggestions: •• Enhance security on your other networks. Install firewall routers for your Internet connections, and use the most up-to-date security measures for wireless networking. Notebook with VPN Client Software VPN Router Central Office •• Narrow the scope of your VPN tunnel as much as possible.
Product Overview Chapter 2 Chapter 2: Product Overview Back Panel Front Panel Power (Green) The Power LED lights up and will stay on while the Router is powered on. It flashes when the Router goes through its self-diagnostic mode during every boot-up or upgrades its firmware. 1, 2, 3, 4 (Green) These numbered LEDs, corresponding with the numbered ports on the Router’s back panel, serve two purposes. If the LED is continuously lit, the Router is successfully connected to a device through that port.
Advanced Configuration Chapter 3 Chapter 3: Advanced Configuration After setting up the Router with the Setup Wizard (located on the CD-ROM), the Router will be ready for use. However, if you’d like to change its advanced settings, use the Router’s web-based utility. This chapter describes each web page of the utility and each page’s key functions. You can access the utility via a web browser on a computer connected to the Router.
Advanced Configuration Chapter 3 Static IP If you are required to use a permanent IP address to connect to the Internet, select Static IP. Connection Type > Static IP IP Address Enter the Router’s IP address, as seen from the Internet. This is provided by your ISP. before your Internet connection terminates. The default Max Idle Time is 5 minutes. Keep Alive: Redial Period If you select this option, the Router will periodically check your Internet connection.
Advanced Configuration Chapter 3 PPTP Point-to-Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe only. Connection Type > Heart Beat Signal User Name and Password Enter the User Name and Password provided by your ISP. Heart Beat Server Enter the IP address of your ISP’s Heart Beat server. This is provided by your ISP. Connection Type > PPTP IP Address Enter the Router’s IP address, as seen from the Internet. This is provided by your ISP.
Advanced Configuration Chapter 3 Router select the best MTU for your Internet connection, keep the default setting, Automatic. Size When Manual is selected in the MTU field, this option is enabled. Leave this value in the 1200 to 1500 range. The default size is 1400. Network Setup The Network Setup section changes the settings on the network connected to the Router’s Ethernet ports. amount of time, in minutes, that the user will be “leased” this dynamic IP address.
Advanced Configuration Chapter 3 Setup > MAC Address Clone Advanced Routing A MAC address is a 12-digit code assigned to a unique piece of hardware for identification. Some ISPs will require you to register a MAC address in order to access the Internet. If you do not wish to re-register the MAC address with your ISP, you may assign the MAC address you have currently registered with your ISP to the Router with the MAC Address Clone feature.
Advanced Configuration Chapter 3 Block WAN Requests Routing Table For each route, the Destination LAN IP address, Subnet Mask, Gateway, Hop Count, and Interface are displayed. Click Refresh to update the information. Click Save Settings to apply your changes, or click Cancel Changes to cancel your changes. Security > Firewall The Firewall screen is used to configure a firewall that can filter out various types of unwanted traffic on the Router’s local network.
Advanced Configuration Chapter 3 VPN Tunnel IP Address The Router creates a tunnel between two endpoints, so that the data traveling between these endpoints is secure. Only the computer with a specific IP address will be able to access the tunnel. IP Addr. Enter the appropriate address. Select Tunnel Entry Select the tunnel you wish to create. It is possible to create up to 50 simultaneous tunnels. IP Range Delete To delete a tunnel, select it from the drop-down menu, and then click Delete.
Advanced Configuration Chapter 3 for a specific computer on the Internet (for example: vpn.myvpnserver.com). Any The remote VPN Router will accept a request from any IP address. The remote VPN device can be another VPN Router, a VPN server, or a computer with VPN client software that supports IPSec. If the remote user has an unknown or dynamic IP address (such as a professional on the road or a telecommuter using DHCP or PPPoE), then select this option.
Advanced Configuration Chapter 3 Key Lifetime Enter the number of seconds you want the key to last before a re-key negotiation between each endpoint is completed. The default is 3600 seconds. Phase 2 The Encryption, Authentication, and PFS settings are automatically displayed. Group Select the Diffie-Hellman Group, which is a cryptographic technique that uses public and private keys for encryption and decryption. Select 768-bit or 1024‑bit.
Advanced Configuration Chapter 3 7. Select any Blocked Services and enter a range of ports in the fields provided. If the service you want to block is not listed or you want to edit a service’s settings, then click Add/Edit Service. 8. If you want to block websites with specific URL addresses, enter each URL in a separate field next to Website Blocking by URL Address. 9. If you want to block websites using specific keywords, enter each keyword in a separate field next to Website Blocking by Keyword. 10.
Advanced Configuration Chapter 3 Start and End Enter the number or range of port(s) used by the server or Internet applications. Check with the Internet application documentation for more information. TCP UDP Select the protocol used for this application, either TCP or UDP, or Both. IP Address For each application, enter the IP address of the PC running the specific application. Enabled Select Enabled to enable port forwarding for the applications you have defined.
Advanced Configuration Chapter 3 TFTP (Trivial File Transfer Protocol) - A version of the TCP/IP FTP protocol that has no directory or password capability. Finger - A UNIX command widely used on the Internet to find out information about a particular user, such as a telephone number, whether the user is currently logged on, and the last time the user was logged on. The person being “fingered” must have placed his or her profile on the system in order for the information to be available.
Advanced Configuration Chapter 3 Data is passed from an SNMP agent, such as the Router, to the workstation console used to oversee the network. The Router then returns information contained in a Management Information Base (MIB), a data structure that defines what is obtainable from the device and what can be controlled. SNMP functions, such as statistics, configuration, and device information, are not available without third-party management software.
Advanced Configuration Chapter 3 Denial of Service Thresholds Enter the number of Denial of Service (DoS) attacks the Router detects before it sends an e-mail alert. The default is 20. Ping Test SMTP Mail Server If you want any log or alert information e-mailed to you, then enter the name or numerical IP address of your SMTP server. Your ISP can provide you with this information. Ping Target IP Enter the address of the PC or other device whose connection you wish to test.
Advanced Configuration Chapter 3 have saved will be lost when the default settings are restored. Administration > Firmware Upgrade The Firmware Upgrade screen allows you to upgrade the Router’s firmware. Do not upgrade the firmware unless you are experiencing problems with the Router or the new firmware has a feature you want to use. Status > Gateway Gateway Information Administration > Firmware Upgrade NOTE: The Router may lose the settings you have customized.
Advanced Configuration Chapter 3 Local Network Local MAC Address The MAC address of the Router’s local interface is displayed. IP Address The local IP address of the Router is displayed. Subnet Mask The Subnet Mask of the Router is displayed. DHCP Server The status of the Router’s DHCP server function is displayed. DHCP Clients Table Click this option to view a list of PCs that are using the Router as a DHCP server.
Troubleshooting Appendix A Appendix A: Troubleshooting Your computer cannot connect to the Internet. When you double-click the web browser, you are prompted for a username and password. If you want to get rid of the prompt, follow these instructions. Launch the web browser and perform the following steps (these steps are specific to Internet Explorer but are similar for other browsers): Follow these instructions until your computer can connect to the Internet: 1. Select Tools > Internet Options.
Appendix B VPN Tunnel Appendix B: VPN Tunnel Overview This appendix describes an example of how to set up a VPN tunnel between two VPN Routers. Refer to “Chapter 3: Advanced Configuration” for more information. Instructions 1. Open your web browser, and enter 192.168.1.1 in the Address field. Press Enter. 2. On the login screen, enter the password you have set up for the Router (the default is admin). Press Enter. 3. Click the Security > VPN tab. 4.
Specifications Appendix C Appendix C: Specifications Model BEFVP41 Standards IEEE 802.3 (10BaseT), IEEE 802.3u (100BaseTX) VPN Encryption DES (56-bit), 3DES (168-bit) VPN Authentication MD5, SHA Ports Internet: One 10/100 RJ-45 Port Local Network: Four 10/100 RJ-45 Ports Cabling Type UTP Category 5 or Better LEDs Power, Ethernet (1-4), Internet Environmental Dimensions 186 x 48 x 154 mm Unit Weight 360 g Power External, 12VDC, 1A Certifications FCC, CE Operating Temp.
Appendix D Appendix D: Warranty Information Limited Warranty Linksys warrants that this Linksys hardware product will be substantially free of defects in materials and workmanship arising under normal use during the Warranty Period, which begins on the date of purchase by the original enduser purchaser and lasts for the period specified below: •• Two (2) years for new product •• Ninety (90) days for refurbished product This limited warranty is non-transferable and extends only to the original end-user pur
Appendix D Warranty Information and a copy of your dated proof of original purchase when returning your product. Products received without a RMA number and dated proof of original purchase will be rejected. Do not include any other items with the product you are returning to Linksys. Defective product covered by this limited warranty will be repaired or replaced and returned to you without charge.
Regulatory Information Appendix E Appendix E: Regulatory Information FCC Statement This product has been tested and complies with the specifications for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Appendix E User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste Electric and Electronic Equipment (WEEE) This document contains important information for users with regards to the proper disposal and recycling of Linksys products.
Appendix E Regulatory Information Eesti (Estonian) - Keskkonnaalane informatsioon Euroopa Liidus asuvatele klientidele Français (French) - Informations environnementales pour les clients de l’Union européenne Euroopa Liidu direktiivi 2002/96/EÜ nõuete kohaselt on seadmeid, millel on tootel või pakendil käesolev sümbol , keelatud kõrvaldada koos sorteerimata olmejäätmetega. See sümbol näitab, et toode tuleks kõrvaldada eraldi tavalistest olmejäätmevoogudest.
Appendix E Regulatory Information Lietuvškai (Lithuanian) - Aplinkosaugos informacija, skirta Europos Sąjungos vartotojams Nederlands (Dutch) - Milieu-informatie voor klanten in de Europese Unie Europos direktyva 2002/96/EC numato, kad įrangos, kuri ir kurios pakuotė yra pažymėta šiuo simboliu (įveskite simbolį), negalima šalinti kartu su nerūšiuotomis komunalinėmis atliekomis. Šis simbolis rodo, kad gaminį reikia šalinti atskirai nuo bendro buitinių atliekų srauto.
Appendix E Regulatory Information Português (Portuguese) - Informação ambiental para clientes da União Europeia Slovenščina (Slovene) - Okoljske informacije za stranke v Evropski uniji A Directiva Europeia 2002/96/CE exige que o equipamento que exibe este símbolo no produto e/ou na sua embalagem não seja eliminado junto com os resíduos municipais não separados. O símbolo indica que este produto deve ser eliminado separadamente dos resíduos domésticos regulares.
Appendix F Appendix F: Software License Agreement Software in Linksys Products This product from Cisco-Linksys LLC or from one of its affiliates Cisco Systems-Linksys (Asia) Pte Ltd. or CiscoLinksys K.K. (“Linksys”) contains software (including firmware) originating from Linksys and its suppliers and may also contain software from the open source community. Any software originating from Linksys and its suppliers is licensed under the Linksys Software License Agreement contained at Schedule 1 below.
Software License Agreement Appendix F your Linksys product and/or the Software is being used in accordance with the terms of this Agreement; (iii) to provide improvements to the way Linksys delivers technology to you and to other Linksys customers; (iv) to enable Linksys to comply with the terms of any agreements it has with any third parties regarding your Linksys product and/or Software and/or (v) to enable Linksys to comply with all applicable laws and/or regulations, or the requirements of any regulat
Appendix F GNU General Public License is intended to guarantee your freedom to share and change free software–to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation’s software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.
Appendix F c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License.
Software License Agreement Appendix F 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License.
Appendix F GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.
Appendix F freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a “work based on the library” and a “work that uses the library”. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.
Appendix F Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3.
Appendix F Software License Agreement b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user’s computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. 8.
Software License Agreement Appendix F software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12.
Appendix F Software License Agreement OpenSSL License Original SSLeay License Copyright © 1998-2007 The OpenSSL Project. All rights reserved. Copyright © 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). 1.
Appendix F Software License Agreement DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.