User's Manual
Table Of Contents
- Introduction
- LAN Ethernet Interfaces
- Wireless Access Point (Cisco RV180W)
- Firewall and VPN Client Access
- Wireless Distribution System (Cisco RV180W)
- Virtual Networks
- Wireless Security (Cisco RV180W)
- Quality of Service (Cisco RV180W)
- Configuration and Administration
- Front Panel
- Back Panel
- Front Panel
- Back Panel
- Installation Guidelines
- Wall Mounting
- Configuring Networking
- Configuring the IPv4 WAN (Internet)
- Configuring PPPoE Profiles
- Configuring IPv4 LAN (Local Network) Settings
- Configuring Virtual LAN (VLAN) Membership
- Configuring Multiple VLAN Subnets
- Configuring Static DHCP
- Configuring Advanced DHCP Settings
- Viewing DHCP Leased Clients
- Configuring RSTP (Cisco RV180W)
- Configuring Jumbo Frames
- Choosing the Routing Mode
- Viewing Routing Information
- Configuring Static Routes
- Configuring Dynamic Routing
- Configuring the IP Mode
- Configuring IPv6 WAN Settings
- Configuring IPv6 LAN Properties
- Configuring IPv6 Routing
- Configuring Tunneling
- Configuring Router Advertisement
- Configuring the Wireless Network (Cisco RV180W)
- Wireless Security Tips
- General Network Security Guidelines
- Enabling Rogue AP Detection
- Authorizing a Rogue AP
- Adding and Editing Authorized APs
- Configuring the Firewall
- Creating an Access Rule
- Adding a Port Triggering Rule
- Adding a Port Forwarding Configuration
- Configuring One-to-One Network Address Translation (NAT)
- Configuring MAC Address Filtering
- Configuring IP/MAC Address Binding
- Creating Custom Services
- Creating Firewall Schedules
- Configuring Sessions
- Configuring Internet Group Management Protocol (IGMP)
- Configuring LAN (Local Network) Groups
- Enabling Session Initiation Protocol Application-Level Gateway (SIP ALG)
- Configuring Virtual Private Networks (VPNs) and Security
- Creating Cisco QuickVPN Client Users
- Configuring a Basic VPN
- Configuring Advanced VPN Parameters
- Configuring VPN Clients
- Monitoring VPN Tunnel Status
- Configuring VPN Users
- Configuring VPN Passthrough
- Using SSL Certificates for Authentication
- Using the Cisco RV180/RV180W With a RADIUS Server
- Configuring 802.1x Port-Based Authentication
- Configuring Quality of Service (QoS)
- Administering Your Cisco RV180/RV180W
- Configuring Web Access
- Configuring User Accounts
- Setting the Session Timeout Value
- Configuring SNMP
- Configuring Additional SNMP Information
- Configuring Logging Policies
- Configuring Firewall Logs
- Configuring Remote Logging
- Configuring Bonjour
- Configuring UPnP
- Viewing the Cisco RV180/RV180W Status
- Using Cisco QuickVPN for Windows 7, 2000, XP, or Vista
- Installing from the CD-ROM
- Downloading and Installing from the Internet
- Where to Go From Here
Configuring Virtual Private Networks (VPNs) and Security
Configuring VPNs
Cisco RV180/RV180W Administration Guide 108
5
DRAFT - CISCO CONFIDENTIAL
NOTE: The double quote character (“) is not supported in the pre-shared key.
STEP 4 Choose the Diffie-Hellman (DH) Group algorithm, which is used when exchanging
keys. The DH Group sets the strength of the algorithm in bits.
NOTE: Ensure that the DH Group is configured identically on both sides of the IKE
policy.
STEP 5 In the SA Lifetime field, enter the interval, in seconds, after which the Security
Association becomes invalid.
STEP 6 To enable dead peer detection, check the Enable box. Dead Peer Detection is
used to detect whether the peer is alive or not. If peer is detected as dead, the
router deletes the IPsec and IKE Security Association.
STEP 7 In the Detection Period field, enter the interval, in seconds, between consecutive
DPD R-U-THERE messages. DPD R-U-THERE messages are sent only when the
IPsec traffic is idle.
STEP 8 In the Reconnect after Failure Count field, enter the maximum number of DPD
failures allowed before tearing down the connection.
Extended Authentication (XAUTH) Parameters
Rather than configuring a unique VPN policy for each user, you can enable the VPN
gateway router to authenticate users from a stored list of user accounts or with an
external authentication server such as a RADIUS server. When connecting many
VPN clients to a VPN gateway router, Extended Authentication (XAUTH) allows
authentication of users with methods in addition to the authentication method
mentioned in the IKE SA parameters. XAUTH can be configured in the following
modes:
STEP 1 Select the XAUTH type:
• None—Disables XAUTH.
• Edge Device—Authentication is done by one of the following:
- User Database—User accounts created in the router are used to
authenticate users. See Configuring VPN Users, page 115.
- RADIUS-PAP—Authentication is done using a RADIUS server and
password authentication protocol (PAP).
- RADIUS-CHAP—Authentication is done using a RADIUS server and
challenge handshake authentication protocol (CHAP).