Cisco Small Business RV 120W Wireless-N VPN Firewall ...
Cisco Small Business RV 120W Wireless-N VPN Firewall ... Cisco Small Business RV 120W Wireless-N VPN Firewall ...
Configuring Virtual Private Networks (VPNs) and SecurityConfiguring Advanced VPN Parameters5NOTE Ensure that the authentication algorithm is configured identically on bothsides.STEP 3Choose the authentication method:• Select Pre-Shared Key for a simple password based key that is shared withthe IKE peer.• Select RSA-Signature to disable the pre-shared key text field and use theActive Self Certificate uploaded in the Certificates page. A certificate mustbe configured in order for RSA-Signature to work.NOTE The double quote character (“) is not supported in the pre-shared key.STEP 4Choose the Diffie-Hellman (DH) Group algorithm, which is used when exchangingkeys. The DH Group sets the strength of the algorithm in bits.NOTE Ensure that the DH Group is configured identically on both sides of the IKEpolicy.STEP 5STEP 6STEP 7STEP 8In the SA Lifetime field, enter the interval, in seconds, after which the SecurityAssociation becomes invalid.To enable dead peer detection, check the Enable box. Dead Peer Detection isused to detect whether the peer is alive or not. If peer is detected as dead, therouter deletes the IPsec and IKE Security Association.In the Detection Period field, enter the interval, in seconds, between consecutiveDPD R-U-THERE messages. DPD R-U-THERE messages are sent only when theIPsec traffic is idle.In the Reconnect after Failure Count field, enter the maximum number of DPDfailures allowed before tearing down the connection.Cisco RV120W Administration Guide 97
Configuring Virtual Private Networks (VPNs) and SecurityConfiguring Advanced VPN Parameters5Extended Authentication (XAUTH) ParametersRather than configuring a unique VPN policy for each user, you can enable the VPNgateway router to authenticate users from a stored list of user accounts or with anexternal authentication server such as a RADIUS server. When connecting manyVPN clients to a VPN gateway router, Extended Authentication (XAUTH) allowsauthentication of users with methods in addition to the authentication methodmentioned in the IKE SA parameters. XAUTH can be configured in the followingmodes:STEP 1Select the XAUTH type:• None—Disables XAUTH.• Edge Device—Authentication is done by one of the following:- User Database—User accounts created in the router are used toauthenticate users. See Configuring VPN Users, page 105.- RADIUS-PAP—Authentication is done using a RADIUS server andpassword authentication protocol (PAP).- RADIUS-CHAP—Authentication is done using a RADIUS server andchallenge handshake authentication protocol (CHAP).• IPsec Host—The router is authenticated by a remote gateway with ausername and password combination. In this mode, the router acts as a VPNClient of the remote gateway.STEP 2If you selected IPsec Host, enter the username and password for the host.Configuring VPN PoliciesTo configure a VPN policy:STEP 1STEP 2STEP 3STEP 4Choose VPN > IPsec > Advanced VPN Setup.In the VPN Policy Table, click Add.Enter a unique name to identify the policy.Choose the Policy Type:Cisco RV120W Administration Guide 98
- Page 55 and 56: Configuring NetworkingConfiguring I
- Page 57 and 58: Configuring NetworkingConfiguring I
- Page 59 and 60: Configuring NetworkingConfiguring I
- Page 61 and 62: Configuring the Wireless NetworkA N
- Page 63 and 64: Configuring the Wireless NetworkUnd
- Page 65 and 66: Configuring the Wireless NetworkCon
- Page 67 and 68: Configuring the Wireless NetworkCon
- Page 69 and 70: Configuring the Wireless NetworkCon
- Page 71 and 72: Configuring the Wireless NetworkCon
- Page 73 and 74: Configuring the Wireless NetworkCon
- Page 75 and 76: Configuring the FirewallCisco RV120
- Page 77 and 78: Configuring the FirewallConfiguring
- Page 79 and 80: Configuring the FirewallConfiguring
- Page 81 and 82: Configuring the FirewallConfiguring
- Page 83 and 84: Configuring the FirewallConfiguring
- Page 85 and 86: Configuring the FirewallConfiguring
- Page 87 and 88: Configuring the FirewallConfiguring
- Page 89 and 90: Configuring the FirewallConfiguring
- Page 91 and 92: Configuring the FirewallConfiguring
- Page 93 and 94: Configuring the FirewallConfiguring
- Page 95 and 96: Configuring the FirewallConfiguring
- Page 97 and 98: Configuring the FirewallFirewall Co
- Page 99 and 100: Configuring the FirewallFirewall Co
- Page 101 and 102: 5Configuring Virtual Private Networ
- Page 103 and 104: Configuring Virtual Private Network
- Page 105: Configuring Virtual Private Network
- Page 109 and 110: Configuring Virtual Private Network
- Page 111 and 112: Configuring Virtual Private Network
- Page 113 and 114: Configuring Virtual Private Network
- Page 115 and 116: Configuring Virtual Private Network
- Page 117 and 118: Configuring Virtual Private Network
- Page 119 and 120: Configuring Virtual Private Network
- Page 121 and 122: 6Configuring Quality of Service (Qo
- Page 123 and 124: Configuring Quality of Service (QoS
- Page 125 and 126: Configuring Quality of Service (QoS
- Page 127 and 128: Administering Your Cisco RV120WConf
- Page 129 and 130: Administering Your Cisco RV120WUsin
- Page 131 and 132: Administering Your Cisco RV120WConf
- Page 133 and 134: Administering Your Cisco RV120WConf
- Page 135 and 136: Administering Your Cisco RV120WCapt
- Page 137 and 138: Administering Your Cisco RV120WConf
- Page 139 and 140: Administering Your Cisco RV120WConf
- Page 141 and 142: Administering Your Cisco RV120WConf
- Page 143 and 144: Administering Your Cisco RV120WUpgr
- Page 145 and 146: 8Viewing the Cisco RV120W StatusThi
- Page 147 and 148: Viewing the Cisco RV120W StatusView
- Page 149 and 150: Viewing the Cisco RV120W StatusView
- Page 151 and 152: Viewing the Cisco RV120W StatusView
- Page 153 and 154: Viewing the Cisco RV120W StatusView
- Page 155 and 156: Viewing the Cisco RV120W StatusView
Configuring Virtual Private Networks (<strong>VPN</strong>s) and SecurityConfiguring Advanced <strong>VPN</strong> Parameters5NOTE Ensure that the authentication algorithm is configured identically on bothsides.STEP 3Choose the authentication method:• Select Pre-Shared Key for a simple password based key that is shared withthe IKE peer.• Select RSA-Signature to disable the pre-shared key text field and use theActive Self Certificate uploaded in the Certificates page. A certificate mustbe configured in order for RSA-Signature to work.NOTE The double quote character (“) is not supported in the pre-shared key.STEP 4Choose the Diffie-Hellman (DH) Group algorithm, which is used when exchangingkeys. The DH Group sets the strength of the algorithm in bits.NOTE Ensure that the DH Group is configured identically on both sides of the IKEpolicy.STEP 5STEP 6STEP 7STEP 8In the SA Lifetime field, enter the interval, in seconds, after which the SecurityAssociation becomes invalid.To enable dead peer detection, check the Enable box. Dead Peer Detection isused to detect whether the peer is alive or not. If peer is detected as dead, therouter deletes the IPsec and IKE Security Association.In the Detection Period field, enter the interval, in seconds, between consecutiveDPD R-U-THERE messages. DPD R-U-THERE messages are sent only when theIPsec traffic is idle.In the Reconnect after Failure Count field, enter the maximum number of DPDfailures allowed before tearing down the connection.<strong>Cisco</strong> <strong>RV</strong><strong>120W</strong> Administration Guide 97