User's Manual
Table Of Contents
- Introduction
- LAN Ethernet Interfaces
- Wireless Access Point (Cisco RV180W)
- Firewall and VPN Client Access
- Wireless Distribution System (Cisco RV180W)
- Virtual Networks
- Wireless Security (Cisco RV180W)
- Quality of Service (Cisco RV180W)
- Configuration and Administration
- Front Panel
- Back Panel
- Front Panel
- Back Panel
- Installation Guidelines
- Wall Mounting
- Configuring Networking
- Configuring the IPv4 WAN (Internet)
- Configuring PPPoE Profiles
- Configuring IPv4 LAN (Local Network) Settings
- Configuring Virtual LAN (VLAN) Membership
- Configuring Multiple VLAN Subnets
- Configuring Static DHCP
- Configuring Advanced DHCP Settings
- Viewing DHCP Leased Clients
- Configuring RSTP (Cisco RV180W)
- Configuring Jumbo Frames
- Choosing the Routing Mode
- Viewing Routing Information
- Configuring Static Routes
- Configuring Dynamic Routing
- Configuring the IP Mode
- Configuring IPv6 WAN Settings
- Configuring IPv6 LAN Properties
- Configuring IPv6 Routing
- Configuring Tunneling
- Configuring Router Advertisement
- Configuring the Wireless Network (Cisco RV180W)
- Wireless Security Tips
- General Network Security Guidelines
- Enabling Rogue AP Detection
- Authorizing a Rogue AP
- Adding and Editing Authorized APs
- Configuring the Firewall
- Creating an Access Rule
- Adding a Port Triggering Rule
- Adding a Port Forwarding Configuration
- Configuring One-to-One Network Address Translation (NAT)
- Configuring MAC Address Filtering
- Configuring IP/MAC Address Binding
- Creating Custom Services
- Creating Firewall Schedules
- Configuring Sessions
- Configuring Internet Group Management Protocol (IGMP)
- Configuring LAN (Local Network) Groups
- Enabling Session Initiation Protocol Application-Level Gateway (SIP ALG)
- Configuring Virtual Private Networks (VPNs) and Security
- Creating Cisco QuickVPN Client Users
- Configuring a Basic VPN
- Configuring Advanced VPN Parameters
- Configuring VPN Clients
- Monitoring VPN Tunnel Status
- Configuring VPN Users
- Configuring VPN Passthrough
- Using SSL Certificates for Authentication
- Using the Cisco RV180/RV180W With a RADIUS Server
- Configuring 802.1x Port-Based Authentication
- Configuring Quality of Service (QoS)
- Administering Your Cisco RV180/RV180W
- Configuring Web Access
- Configuring User Accounts
- Setting the Session Timeout Value
- Configuring SNMP
- Configuring Additional SNMP Information
- Configuring Logging Policies
- Configuring Firewall Logs
- Configuring Remote Logging
- Configuring Bonjour
- Configuring UPnP
- Viewing the Cisco RV180/RV180W Status
- Using Cisco QuickVPN for Windows 7, 2000, XP, or Vista
- Installing from the CD-ROM
- Downloading and Installing from the Internet
- Where to Go From Here
Configuring Virtual Private Networks (VPNs) and Security
Configuring Security
Cisco RV180/RV180W Administration Guide 117
5
DRAFT - CISCO CONFIDENTIAL
Configuring Security
The Cisco RV180/RV180W provides several security methods, including
certificate authentication, RADIUS server support, and 802.1x port-based
authentication.
Using SSL Certificates for Authentication
The Cisco RV180/RV180W uses digital certificates for IPsec VPN authentication
and SSL validation (for HTTPS and SSL VPN authentication). You can obtain a
digital certificate from a well-known Certificate Authority (CA) such as VeriSign, or
generate and sign your own certificate using functionality available on this
gateway. The gateway comes with a self-signed certificate, and this can be
replaced by one signed by a CA as per your networking requirements. A CA
certificate provides strong assurance of the server's identity and is a requirement
for most corporate network VPN solutions.
A self certificate is a certificate issued by a CA identifying your device (or self-
signed if you don't want the identity protection of a CA). To request a self
certificate to be signed by a CA, you can generate a Certificate Signing Request
from the gateway by entering identification parameters and sending to the CA for
signing. Once signed, the CA's Trusted Certificate and signed certificate from the
CA are uploaded to activate the self-certificate validating the identity of this
gateway. The self certificate is then used in IPsec and SSL connections with peers
to validate the gateway's authenticity.
To configure certificates, choose Security > SSL Certificate. You can choose the
following options:
• Truste d Certificates—Upload a certificate from a trusted authority (for
example, a certificate Authority such as Microsoft or VeriSign). See
Uploading a Trusted Certificate.
• Self Certificates—Upload a certificate that has been generated from the
Cisco RV180/RV180W, and either signed by a CA, or self-signed. See
Uploading a Self Certificate.
• Self Certificate Requests—Generate a self-certificate request to give to a
CA for signing, or to self-certify. See Generating New Certificate
Requests.
• Export Router Certificate—Export a router certificate to give to clients who
want to connect to the router and use the certificate for authentication. See
Exporting the Router’s Current Certificate.