User's Manual
Table Of Contents
- Introduction
- LAN Ethernet Interfaces
- Wireless Access Point (Cisco RV180W)
- Firewall and VPN Client Access
- Wireless Distribution System (Cisco RV180W)
- Virtual Networks
- Wireless Security (Cisco RV180W)
- Quality of Service (Cisco RV180W)
- Configuration and Administration
- Front Panel
- Back Panel
- Front Panel
- Back Panel
- Installation Guidelines
- Wall Mounting
- Configuring Networking
- Configuring the IPv4 WAN (Internet)
- Configuring PPPoE Profiles
- Configuring IPv4 LAN (Local Network) Settings
- Configuring Virtual LAN (VLAN) Membership
- Configuring Multiple VLAN Subnets
- Configuring Static DHCP
- Configuring Advanced DHCP Settings
- Viewing DHCP Leased Clients
- Configuring RSTP (Cisco RV180W)
- Configuring Jumbo Frames
- Choosing the Routing Mode
- Viewing Routing Information
- Configuring Static Routes
- Configuring Dynamic Routing
- Configuring the IP Mode
- Configuring IPv6 WAN Settings
- Configuring IPv6 LAN Properties
- Configuring IPv6 Routing
- Configuring Tunneling
- Configuring Router Advertisement
- Configuring the Wireless Network (Cisco RV180W)
- Wireless Security Tips
- General Network Security Guidelines
- Enabling Rogue AP Detection
- Authorizing a Rogue AP
- Adding and Editing Authorized APs
- Configuring the Firewall
- Creating an Access Rule
- Adding a Port Triggering Rule
- Adding a Port Forwarding Configuration
- Configuring One-to-One Network Address Translation (NAT)
- Configuring MAC Address Filtering
- Configuring IP/MAC Address Binding
- Creating Custom Services
- Creating Firewall Schedules
- Configuring Sessions
- Configuring Internet Group Management Protocol (IGMP)
- Configuring LAN (Local Network) Groups
- Enabling Session Initiation Protocol Application-Level Gateway (SIP ALG)
- Configuring Virtual Private Networks (VPNs) and Security
- Creating Cisco QuickVPN Client Users
- Configuring a Basic VPN
- Configuring Advanced VPN Parameters
- Configuring VPN Clients
- Monitoring VPN Tunnel Status
- Configuring VPN Users
- Configuring VPN Passthrough
- Using SSL Certificates for Authentication
- Using the Cisco RV180/RV180W With a RADIUS Server
- Configuring 802.1x Port-Based Authentication
- Configuring Quality of Service (QoS)
- Administering Your Cisco RV180/RV180W
- Configuring Web Access
- Configuring User Accounts
- Setting the Session Timeout Value
- Configuring SNMP
- Configuring Additional SNMP Information
- Configuring Logging Policies
- Configuring Firewall Logs
- Configuring Remote Logging
- Configuring Bonjour
- Configuring UPnP
- Viewing the Cisco RV180/RV180W Status
- Using Cisco QuickVPN for Windows 7, 2000, XP, or Vista
- Installing from the CD-ROM
- Downloading and Installing from the Internet
- Where to Go From Here
Configuring Virtual Private Networks (VPNs) and Security
Configuring VPNs
Cisco RV180/RV180W Administration Guide 113
5
DRAFT - CISCO CONFIDENTIAL
Auto Policy Parameters
If you chose auto as the policy type in Step 4, configure the following:
STEP 1 SA Lifetime—Enter the duration of the Security Association and choose the unit
from the drop-down list:
• Seconds—Choose this option to measure the SA Lifetime in seconds. After
the specified number of seconds passes, the Security Association is
renegotiated. The default value is 3600 seconds. The minimum value is 300
seconds.
• Kbytes—Choose this option to measure the SA Lifetime in kilobytes. After
the specified number of kilobytes of data is transferred, the SA is
renegotiated. The minimum value is 1920000 KB.
NOTE: When configuring a lifetime in kilobytes (also known as lifebytes), be aware
that two SAs are created for each policy. One SA applies to inbound traffic, and
one SA applies to outbound traffic. Due to differences in the upstream and
downstream traffic flows, the SA may expire asymmetrically. For example, if the
downstream traffic is very high, the lifebyte for a download stream may expire
frequently. The lifebyte of the upload stream may not expire as frequently. It is
recommended that the values be reasonably set, to reduce the difference in
expiry frequencies of the SAs; otherwise the system may eventually run out of
resources as a result of this asymmetry. The lifebyte specifications are generally
recommended for advanced users only.
STEP 2 Select the algorithm used to encrypt the data.
STEP 3 Select the algorithm used to verify the integrity of the data.
STEP 4 Under PFS Key Group, check the Enable box to enable Perfect Forward Secrecy
(PFS) to improve security. While slower, this protocol helps to prevent
eavesdroppers by ensuring that a Diffie-Hellman exchange is performed for every
phase-2 negotiation.
STEP 5 Choose the IKE policy that will define the characteristics of phase 1 of the
negotiation. (For information on creating these policies, see Configuring IKE
Policies, page 105.)