User Manual
Table Of Contents
- Introduction
- Front Panel
- Back Panel
- Installation Guidelines
- Wall Mounting
- Using the Setup Wizard
- Entering Login and Internet Connection Information
- Manually Connecting Your System
- Logging In
- Using the Getting Started Page
- Navigating through the Pages
- Saving Your Changes
- Viewing the Help Files
- Viewing the System Summary
- Viewing the Wireless Status
- Viewing the IPsec Connection Status
- Viewing the QuickVPN Connection Status
- Viewing Logs
- Viewing Available LAN Hosts
- Viewing the Port Triggering Status
- Viewing Port Statistics
- Configuring Networking
- Configuring the WAN for an IPv4 Network
- Configuring the WAN for an IPv6 Network
- Creating PPPoE Profiles
- Changing the Default Cisco RV 120W IP Address
- Configuring DHCP
- Configuring the LAN DNS Proxy
- Configuring Virtual LANs (VLANs)
- Configuring Port VLANs
- Configuring Multiple VLAN Subnets
- Configuring IPv6 LAN Properties
- Configuring LAN Groups
- Adding a Static IP Address for a Device on the LAN
- Configuring a DMZ Host
- Configuring Internet Group Management Protocol (IGMP)
- Choosing the Routing Mode
- Viewing Routing Information
- Configuring Static Routing
- Configuring Dynamic Routing
- Configuring the Routing Mode
- Configuring IPv6 Static Routing
- Configuring RIP next generation (RIPng)
- Configuring IPv6 to IPv4 Tunneling
- Configuring Router Advertisement
- Configuring the Wireless Network
- Wireless Security Tips
- General Network Security Guidelines
- Configuring the Group Key Refresh Interval
- Configuring RADIUS Authentication Parameters
- Enabling or Disabling APs
- Editing an AP’s Properties
- Using MAC Filtering
- Viewing AP Status
- Configuring the Firewall
- Protecting from Attacks
- Configuring Universal Plug and Play (UPnP)
- Enabling Session Initiation Protocol Application-Level Gateway (SIP ALG)
- Configuring the Default Outbound Policy
- Creating a Firewall Rule
- Managing Firewall Rules
- Creating Custom Services
- Blocking Web Applications and Components
- Adding Trusted Domains
- Adding Blocked Keywords
- Configuring MAC Address Filtering
- Configuring IP/MAC Address Binding
- Restricting Sessions
- Configuring Virtual Private Networks (VPNs) and Security
- Creating Cisco QuickVPN Client Users
- Using the VPN Wizard
- Viewing the Default Values
- Configuring IP Security Policies
- Configuring VPN Policies
- Configuring VPN Clients
- Monitoring VPN Tunnel Status
- Configuring IPsec Users
- Configuring VPN Passthrough
- Using Certificates for Authentication
- Using the Cisco RV 120W With a RADIUS Server
- Configuring 802.1x Port-Based Authentication
- Configuring Quality of Service (QoS)
- Configuring 802.1p to Queue Mapping
- Configuring 802.1p CoS to DSCP Remarking
- Administering Your Cisco RV 120W
- Editing SNMPv3 Users
- Adding SNMP Traps
- Configuring Access Control Rules
- Configuring Additional SNMP Information
- Using PING
- Using Trace Route
- Performing a DNS Lookup
- Capturing and Tracing Packets
- Configuring Local Logging
- Configuring Remote Logging
- Configuring the Logging Type and Notification
- Configuring E-Mailing of Log Events
- Configuring VLAN Associations
- Using Cisco QuickVPN for Windows 2000, XP, or Vista
- Installing from the CD-ROM
- Downloading and Installing from the Internet
- Where to Go From Here
Configuring Virtual Private Networks (VPNs) and Security
Configuring VPNs
Cisco RV 120W Administration Guide 108
5
STEP 6 To enable dead peer detection, check the box. Dead Peer Detection is used to
detect whether the peer is alive or not. If peer is detected as dead, the router
deletes the IPsec and IKE Security Association.
STEP 7 In the Detection Period field, enter the interval, in seconds, between consecutive
DPD R-U-THERE messages. DPD R-U-THERE messages are sent only when the
IPsec traffic is idle.
STEP 8 In the Reconnect after Failure Count field, enter the maximum number of DPD
failures allowed before tearing down the connection.
Extended Authentication (XAUTH) Parameters
Rather than configuring a unique VPN policy for each user, you can enable the VPN
gateway router to authenticate users from a stored list of user accounts or with an
external authentication server such as a RADIUS server. When connecting many
VPN clients to a VPN gateway router, Extended Authentication (XAUTH) allows
authentication of users with methods in addition to the authentication method
mentioned in the IKE SA parameters. XAUTH can be configured in the following
modes:
STEP 1 Select the XAUTH type:
• None—Disables XAUTH.
• IPsec Host—The router is authenticated by a remote gateway with a
username and password combination. In this mode, the router acts as a VPN
Client of the remote gateway.
• User Database—User accounts created in the router are used to
authenticate users. See Configuring IPsec Users, page 114.
STEP 2 If you selected IPsec Host, enter the username and password for the host.
Configuring VPN Policies
To configure a VPN policy:
STEP 1 Choose VPN > IPsec > IPsec Policies.
STEP 2 In the VPN Policies Table, click Add.