® A Division of Cisco Systems, Inc. 2.4 GHz Wireless-G 54Mbps VPN Broadband Router WIRELESS Model No. WRV54G ver.
Wireless-G VPN Broadband Router Copyright and Trademarks Specifications are subject to change without notice. Instant Etherfast, Linksys, and the Linksys logo are registered trademarks of Linksys Group, Inc. Other brands and product names are trademarks or registered trademarks of their respective holders. Copyright © 2003 Linksys. All rights reserved.
Wireless-G VPN Broadband Router Table of Contents Chapter 1: Introduction 1 Welcome 1 What’s in this Guide? 2 Chapter 2: Planning your Wireless Network The Router’s Functions IP Addresses Why do I need a VPN? What is a VPN? Chapter 3: Getting to Know the Wireless-G VPN Broadband Router The Back Panel The Front Panel Chapter 4: Connecting the Wireless-G Broadband Router Overview Wired Connection to a PC Wireless Connection to a PC Chapter 5: Configuring the PCs Overview Configuring Windows 98 and Mil
Wireless-G VPN Broadband Router Frequently Asked Questions Appendix B: Wireless Security A Brief Overview What Are The Risks? Appendix C: Configuring IPSec between a Windows 2000 PC and the Router Introduction Environment How to Establish a Secure IPSec Tunnel Windows 98 or Me Instructions Windows 2000 or XP Instructions Appendix D: Finding the MAC Address and IP Address for Your Ethernet Adapter Appendix E: SNMP Functions Appendix F: Upgrading Firmware Appendix G: Windows Help Appendix H: Glossary Appe
Wireless-G Broadband VPN Router Chapter 1: Introduction Welcome Wireless-G is the upcoming 54Mbps wireless networking standard that’s almost five times faster than the widely deployed Wireless-B (802.11b) products found in homes, businesses, and public wireless hotspots around the country—but since they share the same 2.4GHz radio band, Wireless-G devices can also interoperate with existing 11Mbps Wireless-B equipment. Since both standards are built in, you can protect your investment in existing 802.
Wireless-G Broadband VPN Router What’s in this Guide? This user guide covers the steps for setting up and using the Wireless-G VPN Broadband Router. • Chapter 1: Introduction This chapter describes the Wireless-G VPN Broadband Router applications and this User Guide. • Chapter 2: Planning your Wireless Network This chapter describes the basics of wireless networking. • Chapter 3: Getting to Know the Wireless-G VPN Broadband Router This chapter describes the physical features of the Router.
Wireless-G Broadband VPN Router • Appendix G: Finding the MAC Address and IP Address for your Ethernet Adapter. This appendix describes how to find the MAC address for your computer’s Ethenet adapter so you can use the MAC filtering and/or MAC address cloning feature of the Router. • Appendix H: Glossary This appendix gives a brief glossary of terms frequently used in networking. • Appendix I: Specifications This appendix provides the technical specifications for the Router.
Wireless-G VPN Broadband Router Chapter 2: Planning your Wireless Network The Router’s Functions Simply put, a router is a network device that connects two networks together. In this instance, the Router connects your Local Area Network (LAN), or the group of PCs in your home or office, to the Internet. The Router processes and regulates the data that travels between these two networks. The Router’s NAT feature protects your network of PCs so users on the public, Internet side cannot “see” your PCs.
Wireless-G VPN Broadband Router If you use the Router to share your cable or DSL Internet connection, contact your ISP to find out if they have assigned a static IP address to your account. If so, you will need that static IP address when configuring the Router. You can get that information from your ISP. Dynamic IP Addresses A dynamic IP address is automatically assigned to a device on the network, such as PCs and print servers.
Wireless-G VPN Broadband Router At this point, your data becomes open to hackers using a variety of methods to steal not only the data you are transmitting but also your network login and security data. Some of the most common methods are as follows: 1) MAC Address Spoofing Packets transmitted over a network, either your local network or the Internet, are preceded by a packet header. These packet headers contain both the source and destination information for that packet to transmit efficiently.
Wireless-G VPN Broadband Router a secure connection that, in effect, operates as if you were directly connected to your local network. Virtual Private Networking can be used to create secure networks linking a central office with branch offices, telecommuters, and/or professionals on the road (travelers can connect to a VPN Router using any computer with VPN client software that supports IPSec, such as SSH Sentinel.
Wireless-G VPN Broadband Router Computer (using VPN client software that supports IPSec) to VPN Router The following is an example of a computer-to-VPN Router VPN. (See Figure 2-3.) In her hotel room, a traveling businesswoman dials up her ISP. Her notebook computer has VPN client software that is configured with her office's VPN settings. She accesses the VPN client software that supports IPSec and connects to the VPN Router at the central office. As VPNs utilize the Internet, distance is not a factor.
Wireless-G VPN Broadband Router Chapter 3: Getting to Know the Wireless-G VPN Broadband Router The Back Panel The Router’s ports, where a network cable is connected, are located on the back panel. Figure 3-1: Back Panel Internet The Internet port connects to your modem. LAN (1-4) The LAN (Local Area Network) ports connect to your PC and other network devices. Power The Power port is where you will connect the power adapter. Reset Button There are two ways to Reset the Router's factory defaults.
Wireless-G VPN Broadband Router The Front Panel The Router's LEDs, where information about network activity is displayed, are located on the front panel. Figure 3-2: Front Panel Power Green. The Power LED lights up when the Access Point is powered on. DMZ Red. The DMZ LED indicates the Access Point's self- diagnosis mode during boot-up and restart. It will turn off upon completing the diagnosis. If this LED stays on for an abnormally long period of time, refer to Appendix A: Troubleshooting.
Wireless-G VPN Broadband Router Chapter 4: Connecting the Wireless-G Broadband Router Overview The Router’s setup consists of more than simply plugging hardware together. You will have to configure your networked PCs to accept the IP addresses that the Router assigns them (if applicable), and you will also have to configure the Router with setting(s) provided by your Internet Service Provider (ISP).
Wireless-G VPN Broadband Router Wired Connection to a PC 1. Before you begin, make sure that all of your network’s hardware is powered off, including the Router, PCs, and cable or DSL modem. 2. Connect one end of an Ethernet network cable to one of the LAN ports (labeled 1-4) on the back of the Router (see Figure 4-1), and the other end to an Ethernet port on a PC. 3. Repeat this step to connect more PCs, a switch, or other network devices to the Router. Figure 4-1: 4.
Wireless-G VPN Broadband Router • The Power LED on the front panel will light up green as soon as the power adapter is connected properly. The Power LED will flash for a few seconds, then light up steady when the self-test is complete. If the LED flashes for one minute or longer, see “Appendix A: Troubleshooting.” 5. Power on one of the PCs on your wireless network(s). 6.
Wireless-G VPN Broadband Router Chapter 5: Configuring the PCs Overview The instructions in this chapter will help you configure each of your computers to be able to communicate with the Router. To do this, you need to configure your PC’s network settings to obtain an IP (or TCP/IP) address automatically, so your PC can function as a DHCP client. Computers use IP addresses to communicate with the Router and each other across a network, such as the Internet.
Wireless-G VPN Broadband Router 4. Now click the Gateway tab, and verify that the Installed Gateway field is blank. Click the OK button. 5. Click the OK button again. Windows may ask you for the original Windows installation disk or additional files. Check for the files at c:\windows\options\cabs, or insert your Windows CD-ROM into your CD-ROM drive and check the correct file location, e.g., D:\win98, D:\win9x, etc. (if “D” is the letter of your CD-ROM drive). 6. Windows may ask you to restart your PC.
Wireless-G VPN Broadband Router Configuring Windows XP PCs The following instructions assume you are running Windows XP with the default interface. If you are using the Classic interface (where the icons and menus look like previous Windows versions), please follow the instructions for Windows 2000. 1. Click the Start button and then the Control Panel icon. Click the Network and Internet Connections icon. Then click the Network Connections icon. 2.
Wireless-G VPN Broadband Router Figure 5-8: IP Address Chapter 5: Configuring the PCs Configuring Windows XP PCs 17
Wireless-G VPN Broadband Router Chapter 6: Configuring the Router Overview Linksys recommends using the Setup CD-ROM for first-time installation of the Router and setting up additional computers. If you do not wish to run the Setup Wizard on the Setup CD-ROM, then follow the steps in this chapter and use the Router’s web-based utility to configure the Router. This chapter will describe each web page in the Utility and each page’s key functions.
Wireless-G VPN Broadband Router • Advanced Wireless Settings. On this screen you can access the Advanced Wireless features of Authentication Type, Basic Data Rates, Control Tx Rates, Beacon Interval, DTIM Interval, RTS Threshold, and Fragmentation Threshold. Beacon Interval :The frequency interval of the beacon, which is a packet broadcast by a router to synchronize a wireless network. Security • Filter.
Wireless-G VPN Broadband Router Status • Router. This screen provides status information about the Router. • Local Network. This provides status information about the local network. How to Access the Web-based Utility To access the web-based utility, launch Internet Explorer or Netscape Navigator, and enter the Router’s default IP address, 192.168.1.1, in the Address field. Then press Enter. A password request page, shown in Figure 6-1 will appear. (non-Windows XP users will see a similar screen.
Wireless-G VPN Broadband Router Static (See Figure 6-3.) If you are required to use a permanent IP address to connect to the Internet, then select Static IP. • IP Address. This is the Router’s IP address, when seen from the WAN, or the Internet. Your ISP will provide you with the IP Address you need to specify here. • Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet (including your ISP). Your ISP will provide you with the Subnet Mask. • Default Gateway.
Wireless-G VPN Broadband Router PPTP (See Figure 6-5.) Point to Point Tunneling Protocol (PPTP) is a service that applies to connections in Europe only (see Figure 68). • Internet IP Address. This is the Router’s IP address, when seen from the Internet. Your ISP will provide you with the IP Address you need to specify here. • Subnet Mask. This is the Router’s Subnet Mask, as seen by external users on the Internet (including your ISP). Your ISP will provide you with the Subnet Mask. • Default Gateway.
Wireless-G VPN Broadband Router 1200 to 1500 range. For most DSL users, it is recommended to use the value 1492. By default, MTU is set at 1500 when disabled. Network Setup • Gateway IP. The values for the Router’s Local IP Address and Subnet Mask are shown here. In most cases, keeping the default values will work. • Local IP Address. The default value is 192.168.1.1. • Subnet Mask. The default value is 255.255.255.0. • Network Address Server Settings (DHCP).
Wireless-G VPN Broadband Router The DDNS Tab The Router offers a Dynamic Domain Name System (DDNS) feature. DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address. It is useful when you are hosting your own website, FTP server, or other server behind the Router. Before you can use this feature, you need to sign up for DDNS service at one of two DDNS service providers, DynDNS.org or TZO.com. DDNS DDNS Service. If your DDNS service is provided by DynDNS.org, then select DynDNS.
Wireless-G VPN Broadband Router MAC Address Clone Tab (See Figure 6-8.) The Router’s MAC address is a 12-digit code assigned to a unique piece of hardware for identification, like a social security number. If your ISP requires MAC address registration, find your adapter’s MAC address by following the instructions in “Appendix D: Finding the MAC Address and IP Address for Your Ethernet Adapter.” MAC Clone • MAC Clone Service. To use MAC address cloning, select Enable. • MAC Address.
Wireless-G VPN Broadband Router Static Routing If the Router is connected to more than one network, it may be necessary to set up a static route between them. A static route is a pre-determined pathway that network information must travel to reach a specific host or network. To create a static route, change the following settings: • Select Number. Select the number of the static route from the drop-down menu. The Router supports up to 20 static route entries. • Delete This Entry.
Wireless-G VPN Broadband Router The Wireless Tab Basic Wireless Settings (See Figure 6-11.) This screen allows you to choose your wireless network mode and wireless security. Wireless Network • Wireless Network Mode. If you have Wireless-G and 802.11b devices in your network, then keep the default setting, Mixed. If you have only Wireless-G devices, select G-Only. If you want to disable wireless networking, select Disable. • Wireless Network Name. Enter the Wireless Network Name (SSID) into the field.
Wireless-G VPN Broadband Router Wireless Security • Wireless SSID Broadcast. When wireless clients survey the local area for wireless networks to associate with, they will detect the SSID broadcast by the Router. To broadcast the Router's SSID, keep the default setting, Enabled. If you do not want to broadcast the Router's SSID, then select Disabled. • WEP. An acronym for Wired Equivalent Privacy, WEP is an encryption method used to protect your wireless data communications.
Wireless-G VPN Broadband Router Wireless Network Access (See Figure 6-13.) Wireless Network Access. If this function is enabled, only the computers on the list will be allowed access to the wireless network. To add a computer to the network, click the Permit to access button, and enter the MAC address in the fields. Click the Select MAC Address From Networked Computers button, and the screen in Figure 6-15 will appear. Select the MAC Address from the list and click the Select button.
Wireless-G VPN Broadband Router Advanced Wireless Settings (See Figure 6-15.) On this screen you can access the Advanced Wireless features, including Authentication Type, Basic Data Rates, Control Tx Rates, Beacon Interval, DTIM Interval, RTS Threshold, and Fragmentation Threshold. • Authentication Type. The default is set to Auto, which allows either Open System or Shared Key authentication to be used. For Open System authentication, the sender and the recipient do NOT use a WEP key for authentication.
Wireless-G VPN Broadband Router The Security Tab Firewall When you click the Security tab, you will see the Firewall screen (see Figure 6-16). This screen contains Filters and Block WAN Requests. Filters block specific internal users from accessing the Internet and block anonymous Internet requests and/or multicasting. • Firewall. To add Firewall Protection, click Enabled. If you do not want Firewall Protection, click Disabled. • Filter Proxy. Use of WAN proxy servers may compromise the Router's security.
Wireless-G VPN Broadband Router VPN Virtual Private Networking (VPN) is a security measure that basically creates a secure connection between two remote locations. This connection is very specific as far as its settings are concerned; this is what creates the security. The VPN screen, shown in Figure 6-17, allows you to configure your VPN settings to make your network more secure. VPN PassThrough • IPSec Passthrough.
Wireless-G VPN Broadband Router settings of the remote VPN device. Make sure that you have entered the IP Address correctly, or the connection cannot be made. Remember, this is NOT the IP Address of the local VPN Router, but the IP Address of the remote VPN Router or device with which you wish to communicate. • Encryption. Using Encryption also helps make your connection more secure. There are two different types of encryption: DES or 3DES (3DES is recommended because it is more secure).
Wireless-G VPN Broadband Router When finished making your changes on this tab, click the Save Settings button to save these changes, or click the Cancel Changes button to undo your changes. Advanced VPN Tunnel Setup From the Advance VPN Tunnel Setup screen, shown in Figure 6-19, you can adjust the settings for specific VPN tunnels. Phase 1 • Phase 1 is used to create a security association (SA), often called the IKE SA.
Wireless-G VPN Broadband Router Other Options • Unauthorized IP Blocking. Click Enabled to block unauthorized IP addresses. Enter in the Rejects Number field to specify how many times IKE must fail before blocking that unauthorized IP address. Enter the length of time that you specify (in seconds) in the Block Period field. When finished making your changes on this tab, click the Save Settings button to save these changes, or click the Cancel Changes button to undo your changes.
Wireless-G VPN Broadband Router • WEP Encryption. Select the level of WEP encryption you wish to use, 64-bit 10 hex digits or 128-bit 26 hex digits. Higher encryption levels offer higher levels of security, but due to the complexity of the encryption, they may decrease network performance. • Passphrase. Instead of manually entering WEP keys, you can enter a Passphrase. This Passphrase is used to generate one or more WEP keys. It is case-sensitive and should not be longer than 16 alphanumeric characters.
Wireless-G VPN Broadband Router 2. Click the Edit List button. This will open the List of PCs screen, shown in Figure 6-24. From this screen, you can enter the IP address or MAC address of any PC to which this policy will apply. You can even enter ranges of PCs by IP address. Click the Apply button to save your settings, the Cancel button to undo any changes, and the Close button to return to the Filters tab. 3.
Wireless-G VPN Broadband Router The Applications and Gaming Tab Port Range Forwarding The Port Forwarding screen sets up public services on your network, such as web servers, ftp servers, e-mail servers, or other specialized Internet applications. (Specialized Internet applications are any applications that use Internet access to perform functions such as videoconferencing or online gaming. Some Internet applications may not require any forwarding.) (See Figure 6-26.
Wireless-G VPN Broadband Router Port Triggering Port Triggering is used for special Internet applications whose outgoing ports differ from the incoming ports. For this feature, the Router will watch outgoing data for specific port numbers. (See Figure 6-27.) The Router will remember the IP address of the computer that sends a transmission requesting data, so that when the requested data returns through the Router, the data is pulled back to the proper computer by way of IP address and port mapping rules.
Wireless-G VPN Broadband Router UPnP Forwarding The UPnP screen provides options for customization of port services for applications. (See Figure 6-28.) Enter the Application in the field. Then, enter the External and Internal Port numbers in the fields. Select the type of protocol you wish to use for each application: TCP, UDP, or Both. Enter the IP Address in the field. Click Enabled to enable UPnP Forwarding for the chosen application.
Wireless-G VPN Broadband Router DMZ The DMZ screen (see Figure 6-29) allows one local user to be exposed to the Internet for use of a special-purpose service such as Internet gaming and videoconferencing, through Software DMZ, or a user can use LAN Port 4 as a DMZ Port, through Hardware DMZ. Whereas Port Range Forwarding can only forward a maximum of 10 ranges of ports, DMZ hosting forwards all the ports for one PC at the same time. • Software DMZ.
Wireless-G VPN Broadband Router The Administration Tab Management The Management screen, shown in Figure 6-30, allows you to change the Router’s access settings as well as configure the SNMP and UPnP (Universal Plug and Play) features. Router Password Local Router Access. To ensure the Router’s security, you will be asked for your password when you access the Router’s Web-based Utility. The default password is admin. • User Name. Enter the default admin. • Router Password.
Wireless-G VPN Broadband Router • SNMP Trap-Community. Enter the password required by the remote host computer that will receive trap messages or notices sent by the Router. • SNMP Trap-Destination. Enter the IP address of the remote host computer that will receive the trap messages. UPnP UPnP allows Windows XP to automatically configure the Router for various Internet applications, such as gaming and videoconferencing. To enable UPnP, click Enabled. • Allow User to make Configuration Changes.
Wireless-G VPN Broadband Router • Syslog Server IP Address. Enter the IP Address of the Syslog Server. • Syslog Priority. Select the priority from the drop-down list. Notification Queue Length • Log queue Length. Enter the number of entries in the log queue in the field. • Log Time Threshold. Enter the time for the threshold in the field. Alert Log Select the type of attacks that you want to be alerted to. Select Syn Flooding, IP Spoofing, Win Nuke, Ping of Death, or Unauthorized Login attempt.
Wireless-G VPN Broadband Router Factory Default (See Figure 6-33.) If you have exhausted all other options and wish to restore the Router to its factory default settings and lose all your settings, click Yes. When finished making your changes on this tab, click the Save Settings button to save these changes, or click the Cancel Changes button to undo your changes. Figure 6-33: Factory Default Firmware Upgrade (See Figure 6-34.) To upgrade the Router’s firmware: 1.
Wireless-G VPN Broadband Router Status Router This screen displays information about your Router and its WAN (Internet) Connections. (See Figure 6-35.) Information The information displayed is the Hardware Version, Software Version, MAC Address, Local MAC Address, and System Up Time. WAN Connections The WAN Connections displayed are the Network Access, WAN IP Address, Subnet Mask, Default Gateway, and DNS. Click the Refresh button if you want to Refresh your screen.
Wireless-G VPN Broadband Router Local Network The Local Network information that is displayed is the IP Address, Subnet Mask, DHCP Server, and DHCP Client Lease Info. To view the DHCP Clients Table, click the DHCP Clients button. See Figure 6-36. The DHCP Active IP Table, Figure 6-37, displays the computer name, IP Address, MAC Address and the expiration time. Click the Close button to return to the Local Network screen.
Wireless-G VPN Broadband Router Wireless The Wireless Network information that is displayed is the MAC Address, Mode, SSID, Channel, and Encryption Function. (See Figure 6-38.) Click the Refresh button if you want to Refresh your screen.
Wireless-G VPN Broadband Router Appendix A: Troubleshooting This appendix consists of two parts: “Common Problems and Solutions” and “Frequently Asked Questions.” Provided are possible solutions to problems that may occur during the installation and operation of the Router. Read the descriptions below to help you solve your problems. If you can’t find an answer here, check the Linksys website at www.linksys.com. Common Problems and Solutions 1. I need to set a static IP address on a PC.
Wireless-G VPN Broadband Router 7. Toward the bottom of the window, select Use the following DNS server addresses, and enter the Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or go on its website to find the information. 8. Click the OK button in the Internet Protocol (TCP/IP) Properties window, and click the OK button in the Local Area Connection Properties window. 9. Restart the computer if asked.
Wireless-G VPN Broadband Router For Windows 98 and Me: • Click Start and Run. In the Open field, type in command. Press the Enter key or click the OK button. For Windows NT, 2000, and XP: • Click Start and Run. In the Open field, type cmd. Press the Enter key or click the OK button. In the command prompt, type ping 192.168.1.1 and press the Enter key. • If you get a reply, the computer is communicating with the Router.
Wireless-G VPN Broadband Router 4. I am not able to access the Setup page of the Router’s web-based utility. • Refer to “Problem #2, I want to test my Internet connection” to verify that your computer is properly connected to the Router. 1. Refer to “Appendix D: Finding the MAC Address and IP address for Your Ethernet Adapter” to verify that your computer has an IP Address, Subnet Mask, Gateway, and DNS. 2. Set a static IP address on your system; refer to “Problem #1: I need to set a static IP address.” 3.
Wireless-G VPN Broadband Router 2. Enter any name you want to use for the Customized Application. 3. Enter the External Port range of the service you are using. For example, if you have a web server, you would enter the range 80 to 80. 4. Check the protocol you will be using, TCP and/or UDP. 5. Enter the IP address of the PC or network device that you want the port server to go to. For example, if the web server’s Ethernet adapter IP address is 192.168.1.100, you would enter 100 in the field provided.
Wireless-G VPN Broadband Router Customized External Port Application UT 7777 to 27900 Halflife 27015 to 27015 PC Anywhere5631 to 5631 VPN IPSEC 500 to 500 TCP UDP IP Address Enable X X X X X X 192.168.1.100 192.168.1.105 192.168.1.102 192.168.1.100 X X X X When you have completed the configuration, click the Save Settings button. 8. I can’t get the Internet game, server, or application to work.
Wireless-G VPN Broadband Router • For Microsoft Internet Explorer 5.0 or higher: 1. Click Start, Settings, and Control Panel. Double-click Internet Options. 2. Click the Connections tab. 3. Click the LAN settings button and remove anything that is checked. 4. Click the OK button to go back to the previous screen. 5. Click the option Never dial a connection. This will remove any dial-up pop-ups for PPPoE users. • For Netscape 4.7 or higher: 1.
Wireless-G VPN Broadband Router 14. My DSL service’s PPPoE is always disconnecting. PPPoE is not actually a dedicated or always-on connection. The DSL ISP can disconnect the service after a period of inactivity, just like a normal phone dial-up connection to the Internet. • There is a setup option to “keep alive” the connection. This may not always work, so you may need to reestablish connection periodically. 1. To connect to the Router, go to the web browser, and enter http://192.168.1.
Wireless-G VPN Broadband Router 17. When I enter a URL or IP address, I get a time-out error or am prompted to retry. • Check if other PCs work. If they do, ensure that your workstation’s IP settings are correct (IP Address, Subnet Mask, Default Gateway, and DNS). Restart the computer that is having a problem. • If the PCs are configured correctly, but still not working, check the Router. Ensure that it is connected and powered on. Connect to it and check its settings.
Wireless-G VPN Broadband Router Network Address Translation (NAT) translates multiple IP addresses on the private LAN to one public address that is sent out to the Internet. This adds a level of security since the address of a PC connected to the private LAN is never transmitted on the Internet. Furthermore, NAT allows the Router to be used with low cost Internet accounts, such as DSL or cable modems, when only one TCP/IP address is provided by the ISP.
Wireless-G VPN Broadband Router The web page hangs; downloads are corrupt, or nothing but junk characters are being displayed on the screen. What do I need to do? Force your Ethernet adapter to 10Mbps or half duplex mode, and turn off the “Auto-negotiate” feature of your Ethernet adapter as a temporary measure. (Please look at the Network Control Panel in your Ethernet adapter’s Advanced Properties tab.) Make sure that your proxy setting is disabled in the browser. Check our website at www.linksys.
Wireless-G VPN Broadband Router No. Does the Router pass PPTP packets or actively route PPTP sessions? The Router allows PPTP packets to pass through. Is the Router cross-platform compatible? Any platform that supports Ethernet and TCP/IP is compatible with the Router. How many ports can be simultaneously forwarded? Theoretically, the Router can establish 520 sessions at the same time, but you can only forward 10 ranges of ports.
Wireless-G VPN Broadband Router • • • • Automatic Rate Selection RTS/CTS feature Fragmentation Power Management What is ad-hoc mode? When a wireless network is set to ad-hoc mode, the wireless-equipped computers are configured to communicate directly with each other. The ad-hoc wireless network will not communicate with any wired network.
Wireless-G VPN Broadband Router What is Spread Spectrum? Spread Spectrum technology is a wideband radio frequency technique developed by the military for use in reliable, secure, mission-critical communications systems. It is designed to trade off bandwidth efficiency for reliability, integrity, and security.
Wireless-G VPN Broadband Router There is no way to know the exact range of your wireless network without testing. Every obstacle placed between the Router and a wireless PC will create signal loss. Lead glass, metal, concrete floors, water and walls will inhibit the signal and reduce range. Start with the Router and your wireless PC in the same room and move it away in small increments to determine the maximum range in your environment.
Wireless-G VPN Broadband Router Appendix B: Wireless Security A Brief Overview Whenever data - in the form of files, emails, or messages - is transmitted over your wireless network, it is open to attacks. Wireless networking is inherently risky because it broadcasts information on radio waves. Just like signals from your cellular or cordless phone can be intercepted, signals from your wireless network can also be compromised. What are the risks inherent in wireless networking? Read on.
Wireless-G VPN Broadband Router But even WEP has its problems. WEP's encryption algorithm is referred to as "simple", which also means "weak", because the technology that scrambles the wireless signal isn't too hard to crack for a persistent hacker. There are five common ways that hackers can break into your network and steal your bandwidth as well as your data. The five attacks are popularly known as: 1. Passive Attacks 2. Jamming Attacks 3. Active Attacks 4. Dictionary-building or Table Attacks 5.
Wireless-G VPN Broadband Router Active Attacks Hackers use Active Attacks for three purposes: 1) stealing data, 2) using your network, and 3) modifying your network so it's easier to hack in the next time. In an Active Attack, the hacker has gained access to all of your network settings (SSID, WEP keys, etc.) and is in your network. Once in your wireless network, the hacker has access to all open resources and transmitted data on the network.
Wireless-G VPN Broadband Router examples below, your implementation and administration of network security measures is the key to maximizing wireless security. No preventative measure will guarantee network security but it will make it more difficult for someone to hack into your network. Often, hackers are looking for an easy target. Making your network less attractive to hackers, by making it harder for them to get in, will make them look elsewhere.
Wireless-G VPN Broadband Router There are a few things you can do to make your SSID more secure: a. Disable Broadcast b. Make it unique c. Change it often Most wireless networking devices will give you the option of broadcasting the SSID. This is a option for convenience, allowing anyone to log into your wireless network. In this case, however, anyone includes hackers. So don't broadcast the SSID. A default SSID is set on your wireless devices by the factory. (The Linksys default SSID is "linksys".
Wireless-G VPN Broadband Router not completely secure. One piece of information still not encrypted is the MAC address, which hackers can use to break into a network by spoofing (or faking) the MAC address. Programs exist on the Internet that are designed to defeat WEP. The best known of these is AirSnort. In about a day, AirSnort can analyze enough of the wireless transmissions to crack the WEP key.
Wireless-G VPN Broadband Router 2.4GHz/802.11b and 802.11g WEP Encryption WEP encryption for the Wireless-G VPN Broadband Router is configured through the Web-Utility's Wireless tab. Enable WEP from this tab and click the Edit WEP Settings button, which will open the WEP screen, shown in Figure B-3. Important: Always remember that each point in your wireless network MUST use the same WEP Encryption method and encryption key or your wireless network will not function properly.
Wireless-G VPN Boradband Router Appendix C: Configuring IPSec between a Windows 2000 PC and the Router Introduction This document demonstrates how to establish a secure IPSec tunnel using preshared keys to join a private network inside the VPN Router and a Windows 2000 or XP PC. You can find detailed information on configuring the Windows 2000 server at the Microsoft website: Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000 http://support.microsoft.com/support/kb/articles/Q252/7/35.
Wireless-G VPN Boradband Router How to Establish a Secure IPSec Tunnel Step 1: Create an IPSec Policy 1. Click the Start button, select Run, and type secpol.msc in the Open field. The Local Security Setting screen will appear as shown in Figure C-1. 2. Right-click IP Security Policies on Local Computer, and click Create IP Security Policy. Figure C-1: Password Screen 3. Click the Next button, and then enter a name for your policy (for example, to_router). Then, click Next. 4.
Wireless-G VPN Boradband Router 3. The IP Filter List screen should appear, as shown in Figure C-4. Enter an appropriate name, such as win>router, for the filter list, and de-select the Use Add Wizard check box. Then, click the Add button. 4. The Filters Properties screen will appear, as shown in Figure C-5. Select the Addressing tab. In the Source address field, select My IP Address. In the Destination address field, select A specific IP Subnet, and fill in the IP Address: 192.168.1.
Wireless-G VPN Boradband Router 8. The IP Filter List screen should appear, as shown in Figure C-7. Enter an appropriate name, such as router>win for the filter list, and de-select the Use Add Wizard check box. Click the Add button. 9. The Filters Properties screen will appear, as shown in Figure C-8. Select the Addressing tab. In the Source address field, select A specific IP Subnet, and enter the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0.
Wireless-G VPN Boradband Router Step 3: Configure Individual Tunnel Rules Tunnel 1: win->router 1. From the IP Filter List tab, shown in Figure C-10, click the filter list win->router. 2. Click the Filter Action tab (as in Figure C-11), and click the filter action Require Security radio button. Then, click the Edit button. 3.
Wireless-G VPN Boradband Router 4. Select the Authentication Methods tab, shown in Figure C-13, and click the Edit button. 5. Change the authentication method to Use this string to protect the key exchange (preshared key), as shown in Figure C-14, and enter the preshared key string, such as XYZ12345. Click the OK button. 6. This new Preshared key will be displayed in Figure C-15. Click the OK or Close button to continue.
Wireless-G VPN Boradband Router 7. Select the Tunnel Setting tab, shown in Figure C-16, and click The tunnel endpoint is specified by this IP Address radio button. Then, enter the Router’s WAN IP Address. 8. Select the Connection Type tab, as shown in Figure C-17, and click All network connections. Then, click the OK or Close button to finish this rule. Tunnel 2: router->win 9.
Wireless-G VPN Boradband Router 10. Go to the IP Filter List tab, and click the filter list router->win, as shown in Figure C-19. 11. Click the Filter Action tab, and select the filter action Require Security, as shown in Figure C-20. Then, click the Edit button. 12. Click the Authentication Methods tab, and verify that the authentication method Kerberos is selected, as shown in Figure C-21. Then, click the Edit button.
Wireless-G VPN Boradband Router 13. Change the authentication method to Use this string to protect the key exchange (preshared key), and enter the preshared key string, such as XYZ12345, as shown in Figure C-22. (This is a sample key string. Yours should be a key that is unique but easy to remember.) Then click the OK button. 14. This new Preshared key will be displayed in Figure C-23. Click the OK button to continue. 15.
Wireless-G VPN Boradband Router 16. Click the Connection Type tab, shown in Figure C-25, and select All network connections. Then click the OK (for Windows XP) or Close (for Windows 2000) button to finish. 17. From the Rules tab, shown in Figure C-26, click the OK button to return to the secpol screen. Step 4: Assign New IPSec Policy In the IP Security Policies on Local Computer window, shown in Figure C-27, right-click the policy named to_router, and click Assign.
Wireless-G VPN Boradband Router Step 5: Create a Tunnel Through the Web-Based Utility 1. Open your web browser, and enter 192.168.1.1 in the Address field. Press the Enter key. 2. When the User name and Password field appears, enter the default the user name and password admin. Press the Enter key. 3. From the Setup tab, click the VPN tab. 4. From the VPN tab, shown in Figure C-28, select the tunnel you wish to create in the Select Tunnel Entry dropdown box. Then click Enabled.
Wireless-G Broadband Router Appendix D: Finding the MAC Address and IP Address for Your Ethernet Adapter This section describes how to find the MAC address for your computer’s Ethernet adapter so you can use the MAC filtering and/or MAC address cloning feature of the Router. You can also find the IP address of your computer’s Ethernet adapter. This IP address is used for the Router’s filtering, forwarding, and/or DMZ features.
Wireless-G Broadband Router Windows 2000 or XP Instructions 1. Click Start and Run. In the Open field, enter cmd. Press the Enter key or click the OK button. Note: The MAC address is also called the Physical Address. 2. At the command prompt, enter ipconfig /all. Then press the Enter key. 3. Write down the Physical Address as shown on your computer screen (Figure E-3); it is the MAC address for your Ethernet adapter. This appears as a series of numbers and letters.
Wireless-G VPN Broadband Router Appendix E: SNMP Functions SNMP (Simple Network Management Protocol) is a widely-used network monitoring and control protocol. Data is passed from a SNMP agent, such as the VPN Router, to the workstation console used to oversee the network. The Router then returns information contained in a MIB (Management Information Base), which is a data structure that defines what is obtainable from the device and what can be controlled (turned off, on, etc.).
Wireless-G VPN Broadband Router Appendix F: Upgrading Firmware The Router's firmware is upgraded through the Web-Utility's Firmware Upgrade tab from the Administration tab. Follow these instructions: 1. Click the Browse button to find the firmware upgrade file that you downloaded from the Linksys website and then extracted. 2. Double-click the firmware file you downloaded and extracted. Click the Upgrade button, and follow the instructions there.
Wireless-G VPN Broadband Router Appendix G: Windows Help All wireless products require Microsoft Windows. Windows is the most used operating system in the world and comes with many features that help make networking easier. These features can be accessed through Windows Help and are described in this appendix. TCP/IP Before a computer can communicate with the Access Point, TCP/IP must be enabled. TCP/IP is a set of instructions, or protocol, all PCs follow to communicate over a network.
Wireless-G VPN Broadband Router Appendix H: Glossary 802.11a - An IEEE wireless networking standard that specifies a maximum data transfer rate of 54Mbps and an operating frequency of 5GHz. 802.11b - An IEEE wireless networking standard that specifies a maximum data transfer rate of 11Mbps and an operating frequency of 2.4GHz. 802.11g - An IEEE wireless networking standard that specifies a maximum data transfer rate of 54Mbps, an operating frequency of 2.4GHz, and backward compatibility with 802.
Wireless-G VPN Broadband Router Buffer - A block of memory that temporarily holds data to be worked on later when a device is currently too busy to accept the data. Cable Modem - A device that connects a computer to the cable television network, which in turn connects to the Internet. CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) - A method of data transfer that is used to prevent data loss in a network.
Wireless-G VPN Broadband Router Dynamic IP Address - A temporary IP address assigned by a DHCP server. Encryption - Encoding data to prevent it from being read by unauthorized people. Ethernet - An IEEE standard network protocol that specifies how data is placed on and retrieved from a common transmission medium. Finger - A program that tells you the name associated with an e-mail address. Firewall - Security measures that protect the resources of a local network from intruders. Firmware - 1.
Wireless-G VPN Broadband Router IPCONFIG - A Windows 2000 and XP utility that displays the IP address for a particular networking device. IPSec (Internet Protocol Security) - A VPN protocol used to implement secure exchange of packets at the IP layer. ISM band - Radio band used in wireless networking transmissions. ISP (Internet Service Provider) - A company that provides access to the Internet.
Wireless-G VPN Broadband Router PPPoE (Point to Point Protocol over Ethernet) - A type of broadband connection that provides authentication (username and password) in addition to data transport. PPTP (Point-to-Point Tunneling Protocol) - A VPN protocol that allows the Point to Point Protocol (PPP) to be tunneled through an IP network. This protocol is also used as a type of broadband connection in Europe. Preamble - Part of the wireless signal that synchronizes network traffic.
Wireless-G VPN Broadband Router TCP/IP (Transmission Control Protocol/Internet Protocol) - A network protocol for transmitting data that requires acknowledgement from the recipient of data sent. Telnet - A user command and TCP/IP protocol used for accessing remote PCs. TFTP (Trivial File Transfer Protocol) - A version of the TCP/IP FTP protocol that uses UDP and has no directory or password capability. Throughput - The amount of data moved successfully from one node to another in a given time period.
Wireless-G VPN Broadband Router Appendix I: Specifications Standards IEEE 802.3, 802.11b and 802.11g Ports One Internet, Ethernet (1-4), Power Buttons One Reset Button, One Power Switch Cabling Type UTP CAT 5 or better Data Rate Up to 54Mbps Transmit Power 20dBm LEDs Power, Internet, Ethernet (1, 2, 3, 4), Wireless-G, DMZ Security Features WEP, 802.1x Authentication WEP Key Bits 64, 128 Dimensions (W x H x D) 7.32" x 6.89" x 1.89" (186 mm x 175 mm x 48 mm) Unit Weight 1.26 lb (0.
Wireless-G VPN Broadband Router Storage Humidity Appendix I: Specifications 5% to 90% Non-Condensing 94
Wireless-G VPN Broadband Router Appendix J: Warranty Information LIMITED WARRANTY Linksys warrants to the original end user purchaser ("You") that, for a period of three years, (the "Warranty Period") Your Linksys product will be free of defects in materials and workmanship under normal use. Your exclusive remedy and Linksys's entire liability under this warranty will be for Linksys at its option to repair or replace the product or refund Your purchase price less any rebates.
Wireless-G VPN Broadband Router Appendix K: Regulatory Information FCC STATEMENT This product has been tested and complies with the specifications for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Wireless-G VPN Broadband Router Note: This equipment is intended to be used in all EU and EFTA countries. Outdoor use may be restricted to certain frequencies and/or may require a license for operation. For more details, contact Linksys Corporate Compliance.
Wireless-G VPN Broadband Router Appendix L: Contact Information Need to contact Linksys? Visit us online for information on the latest products and updates to your existing products at: http://www.linksys.com or ftp.linksys.
