1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Firewall
  5. Small Business RV215W
  6. Administration manual

Cisco RV215W Administration Manual

Wireless-n vpn firewall
Hide thumbs Also See for RV215W:
Table of Contents

Advertisement

Quick Links

ADMINISTRATION
GUIDE
Cisco RV215W Wireless-N VPN Firewall

Advertisement

Table of Contents
loading

Related Manuals for Cisco RV215W

Summary of Contents for Cisco RV215W

  • Page 1 ADMINISTRATION GUIDE Cisco RV215W Wireless-N VPN Firewall...
  • Page 2 Revised Sep 2014 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their...

  • Page 3: Table Of Contents

    Chapter 6: Configuring Networking Configuring the WAN Settings Configuring the Wired WAN Connections Configuring DHCP Configuring Static IP Configuring PPPoE Configuring PPTP Configuring L2TP Configuring Optional Settings Configuring a Mobile Network Global Settings Mobile Network Setup RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 4: Rv215W Wireless-N Vpn Firewall Administration Guide

    Configuring the IPV6 WAN Connection Configuring IPv6 LAN Connections Configuring IPv6 Static Routing Configuring Routing (RIPng) Configuring Tunneling Viewing IPv6 Tunnel Status Configuring Router Advertisement Configuring Advertisement Prefixes Chapter 7: Configuring the Wireless Network RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 5: Rv215W Wireless-N Vpn Firewall Administration Guide

    Configuring Services Management Configuring Access Rules Adding Access Rules Creating an Internet Access Policy Adding or Editing an Internet Access Policy Configuring Port Forwarding Configuring Single Port Forwarding Configuring Port Range Forwarding Configuring Port Range Triggering RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 6: Rv215W Wireless-N Vpn Firewall Administration Guide

    Configuring Bandwidth Management Configuring Bandwidth Configuring Bandwidth Priority Configuring QoS Port-Based Settings Configuring CoS Settings Configuring DSCP Settings Chapter 11: Administering Your Router Setting Password Complexity Configuring User Accounts Setting the Session Timeout Value RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 7: Rv215W Wireless-N Vpn Firewall Administration Guide

    Restarting the Cisco RV215W Restoring the Factory Defaults Running the Setup Wizard Appendix A: Using Cisco QuickVPN Overview Before You Begin Installing the Cisco QuickVPN Software Installing from the CD-ROM Downloading and Installing from the Internet RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 8 Contents Using the Cisco QuickVPN Software Appendix B: Where to Go From Here RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 9: Chapter 4: Introduction

    To verify the hardware installation and connection to the Internet, complete the following tasks: Check the LED states. For more information, see Cisco RV215W Wireless-N VPN STEP 1 Firewall Quick Start Guide provided with the device.

  • Page 10: Using Setup Wizard

    The login page displays. Enter the user name and password. STEP 4 The default user name is cisco. The default password is cisco. Passwords are case sensitive. Click Log In. Setup Wizard starts.

  • Page 11: Configuration Next Steps

    Displays the Users page where you can change Administrator Password the administrator password and set up a guest account. See Configuring User Accounts. Launch Setup Wizard Launches the Setup Wizard. Follow the on-screen instructions. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 12 Displays the Wireless Statistics page that shows the state of the radio. See Viewing Wireless Statistics. VPN Status Displays the VPN Status page that lists the VPN managed by this router. See Viewing the VPN Status. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 13: Saving Changes

    If you did not enable security (not recommended), leave the wireless encryption fields that were configured with the security type and passphrase blank. Verify your wireless connection and save your settings. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 14: Chapter 5: Viewing The Device Status

    The back panel view shows you the ports that are connected to a device (lit green). • To view a port connection information, mouse-over the port. • To refresh the port information, click Refresh. • To close the port information window, click Close. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 15 MAC Address—The MAC address of the device. • IPv4 Address—Management IP address of the device. • IPv6 Address—Management IP address of the device (when IPv6 is enabled). • DHCP Server—Status of the device IPv4 DHCP server (enabled or disabled). Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 16: Viewing The System Summary

    To view a summary of system settings, choose Status > System Summary. To go to the related window, click the underscored parameter. For example, to modify the LAN IP address, click LAN IP. The LAN Configuration window appears. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 17 Mode—Displays Gateway if NAT is enabled, or Router. • DNS 1—Primary DNS server IP address of the WAN port. • DNS 2—Secondary DNS server IP address of the WAN port. • DDNS—Indicates whether the Dynamic DNS is enabled or disabled. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 18 Block WAN Request—Indicates whether WAN request blocking is on or off. • Remote Management—Indicates whether or not Device Manager can be accessed remotely. VPN Setting Status • QuickVPN Connections Available—Number of available QuickVPN connections. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 19: Viewing Wireless Statistics

    Dropped Number of received and sent packets dropped by the radio, over all configured SSIDs. Multicast Number of multicast packets sent over this radio. Collisions Number of packet collisions reported to the router. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 20: Viewing The Vpn Status

    Protocol Protocol that the user uses. You can change the status of a connection to either establish or disconnect the configured VPN client. To terminate an active VPN connection, click Disconnect. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 21: Viewing The Ipsec Connection Status

    Ext Action—Displays if you can switch between the primary and the secondary VPN connections. If the Rollback enable check box on the Advanced VPN Parameters page is checked, the Switch button is dimmed. If you made any changes, click Save. STEP 2 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 22: Viewing Logs

    To save log messages to an external USB device, click Save Log to USB. To specify the number of entries to show per page, choose a number from the drop-down menu. Use the page navigation buttons to move between log pages. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 23: Viewing Connected Devices

    Show Simplified Statistic Data and click Save. By default, byte data is displayed in bytes and other numerical data is displayed in long form. To reset the port statistics counters, click Clear Count. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 24: Viewing The Guest Network Status

    Time Left—Time remaining that the device can be connected to the guest network. (Time limits are configured in the Wireless > Basic Settings > Guest Net Settings page.) • Action—Actions you can perform on the connected device (for example, disconnect). Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 25: Viewing The Mobile Network Status

    IMS—The unique identification associated with the GSM, UMTS, or LTE network mobile phone users. • Carrier—Mobile network carrier. • Service Type—Type of service accessed. • Signal Strength—Strength of the wireless mobile network signal. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 26: Chapter 6: Configuring Networking

    • Configuring the WAN Settings • Configuring the LAN Settings • Cloning the MAC Address • Configuring Routing • Port Management • Configuring Dynamic DNS • Configuring the IP Mode • Configuring IPv6 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 27: Configuring The Wan Settings

    From the Internet Connection Type drop-down menu, choose Static IP. STEP 2 Enter this information: STEP 3 Internet IP Address IP address of the firewall WAN port. Subnet mask Subnet mask of the firewall WAN port. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 28: Configuring Pppoe

    Keep Alive When you select this option, the Internet connection is always on. In the redial period field, enter the number of seconds after which the device attempts to reconnect if it is disconnected. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 29: Configuring Pptp

    IP address of the default gateway. PPTP Server IP address of the Point-To-Point Tunneling Protocol (PPTP) server. Username The username assigned to you by the ISP. Password The password assigned to you by the ISP. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 30: Configuring L2Tp

    Configuring Optional Settings. STEP 4 Click Save. STEP 5 Configuring L2TP To configure the L2TP settings: Choose Networking > WAN. STEP 1 From the Internet Connection Type drop-down menu, choose L2TP. STEP 2 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 31 PAP—Password Authentication Protocol (PAP) is used to connect to the ISP. CHAP—Challenge Handshake Authentication Protocol (CHAP) is used to connect to the ISP. MS-CHAP or MS-CHAPv2—Microsoft Challenge Handshake Authentication Protocol is used to connect to the ISP. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 32: Configuring Optional Settings

    Use the Mobile Network page to configure the device to connect to a Mobile Broadband USB modem that is connected to its USB interface. To display the Mobile Network window, choose Networking > WAN > Mobile Network. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 33: Global Settings

    Please set APN manually (because the device is unable to determine the access point name) • Searching for service... • no SIM card • SIM locked • SIM busy • SIM ready • pin code needed • pin code error • Card is locked Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 34: Mobile Network Setup

    Authentication used by your service provider. The value can be changed by choosing the authentication type from the drop-down list. The default is Auto. If you do not know which type of authentication to use, select Auto. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 35: Bandwidth Cap Setting

    In the Monthly Bandwidth Cap field, enter the maximum amount of data in STEP 3 megabytes that is allowed to pass before the device takes an action, such as sending an email to an administrator. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 36: E-Mail Setting

    In the Failover Check Interval field, enter the time (in seconds) after which the STEP 5 device must attempt to detect the presence of traffic on the secondary connection. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 37: Wan/Usb Device Update

    Use this page to load the USB module files that support USB dongles. Contact Cisco Support to acquire USB module files. The Dynamic Load USB Modem List shows the 3G and 4G USB dongle module files that are supported on the device.

  • Page 38: Configuring The Lan Settings

    Also, instead of using a DNS server that maps Internet domain names (for example, www.cisco.com) to IP addresses, you can use a Windows Internet Naming Service (WINS) server. A WINS server is the equivalent of a DNS server, but uses the NetBIOS protocol to resolve hostnames.

  • Page 39: Configuring The Dhcp Server

    Allows the device to act as the DHCP server in the network. Disable Disables DHCP on the device when you want to manually configure the IP addresses of all of your network devices. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 40: Configuring Vlans

    VLANs can group endpoints without regard to the physical location of the equipment or users. The device has a default VLAN (VLAN 1) that cannot be deleted. You can create up to four other VLANs on the device. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 41 VLAN is first created. Click Save. STEP 4 To edit the settings of a VLAN, select the VLAN and click Edit. To delete a selected VLAN, click Delete. Click Save to apply changes. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 42: Configuring Static Dhcp

    A and F (inclusive). To edit the settings of a static DHCP client, select the client and click Edit. To delete a selected DHCP client, click Delete. Click Save to apply the changes. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 43: Viewing Dhcp Leased Clients

    LAN IP address, but it cannot be identical to the IP address given to the LAN interface of this gateway. To configure DMZ: Choose Networking > LAN > DMZ Host. STEP 1 Check Enable to enable DMZ on the network. STEP 2 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 44: Configuring Rstp

    The max age is the time period that the router waits to receive a hello message. If the max age is reached, the router tries to change the spanning tree. Enter a number from 6 to 40. The default is 20. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 45: Port Management

    You can configure the speed and flow control settings of the device LAN ports. To configure port speeds and flow control: Choose Networking > Port Management. STEP 1 Configure this information: STEP 2 Port The port number. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 46: Cloning The Mac Address

    For example, some ISPs register your computer NIC card MAC address when the service is first installed. When you place a router behind the cable modem or DSL modem, the MAC address from the device WAN port is not recognized by the ISP. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 47: Configuring Routing

    (Recommended) Click this button to set the device to act as a gateway. Keep this default setting if the device is hosting your network connection to the Internet and is performing the routing functions. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 48: Configuring Dynamic Routing

    Select the RIP Send Packet Version (RIPv1 or RIPv2). The version of RIP used to send routing updates to other routers on the network depends on the configuration settings of the other routers. RIPv2 is backward compatible with RIPv1. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 49: Configuring Static Routing

    Destination LAN IP Enter the IP address of the destination LAN. Subnet Mask Enter the subnet mask of the destination network. Gateway Enter the IP address of the gateway used for this route. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 50: Viewing The Routing Table

    DDNS provider such as DynDNS.com, TZO.com, 3322.org, or noip.com. The router notifies dynamic DNS servers of changes in the WAN IP address, so that any public services on your network can be accessed by using the domain name. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 51 00:MM, where MM is a randomly picked number between 0 and 59. Monthly—Update on the first day of the month at 00:MM, where MM is a randomly picked number between 0 and 59. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 52: Configuring The Ip Mode

    Use IPv4 and IPv6 on the LAN ports and IPv4 on the WAN:IPv4 WAN ports. LAN:IPv4+IPV6, Use IPv4 and IPv6 on both the LAN and WAN ports. WAN:IPv4+IPv6 LAN:IPv4, WAN:IPv6 Use IPv4 on the LAN and IPv6 on the WAN ports. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 53: Configuring Ipv6

    LAN:IPv4+IPv6, WAN:IPv4+IPv6 Configuring the IP Mode for instructions on how to set the IP mode. Configuring DHCPv6 If your ISP provides you with a dynamically assigned address, configure the device as a DHCPv6 client. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 54 IP address of the server at the ISP. Static DNS 1 IP address of the primary IPv6 DNS server. Static DNS 2 IP address of the secondary IPv6 DNS server. Click Save. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 55 Keeps the WAN link up by sending a keep alive message through the port. In the redial period field, enter the number of seconds after which the device attempts to reconnect if it is disconnected. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 56 IPv6 prefix length. Default IPv6 Gateway IP address of the default IPv6 gateway. Static DNS 1 IP address of the primary DNS server. Static DNS 2 IP address of the secondary DNS server. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 57: Configuring Ipv6 Lan Connections

    STEP 2 IPv6 Address Enter the IPv6 address of the device. The default IPv6 address for the gateway is fec0::1 (or FEC0:0000:0000:0000:0000:0000:0000:0001). You can change this 128-bit IPv6 address based on your network requirements. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 58 Client lease time duration (in seconds) for which IPv6 addresses are leased to endpoints on the LAN. Choose Networking > IPv6 > IPv6 LAN Configuration. STEP 5 In the IPv6 Address Pools Table, click Add Row. STEP 6 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 59: Configuring Ipv6 Static Routing

    STEP 1 In the list of static routes, click Add Row. STEP 2 Enter this information: STEP 3 Name Route name. Destination IPv6 address of the destination host or network for this route. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 60: Configuring Routing (Ripng)

    180 seconds, the routes learned from the neighbor are considered as unreachable. After another 240 seconds, if no routing update is received, the router removes these routes from the routing table. On the device, RIPng is disabled by default. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 61: Configuring Tunneling

    STEP 4 Enter the following information: STEP 5 • IPv6 Prefix • IPv6 Prefix Length • Border Relay • IPv4 Mask Length. Click Save. STEP 6 4 to 6 Tunneling To configure 4-to-6 tunneling: Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 62: Viewing Ipv6 Tunnel Status

    This is stateless IPv6 auto configuration, and the device distributes IPv6 prefixes to all nodes on the network. To configure the RADVD: Choose Networking > IPv6 > Router Advertisement. STEP 1 Enter this information: STEP 2 RADVD Status Check Enable to enable RADVD. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 63 (interpreting the router preference value). These values are ignored by hosts that do not implement router preference. This feature is useful if there are other RADVD-enabled devices on the LAN. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 64: Configuring Advertisement Prefixes

    IPv4 network. It is used when an end user wants to connect to the IPv6 Internet using their existing IPv4 connection. Global/Local—A locally unique IPv6 address that you can use in private IPv6 networks or a globally unique IPv6 Internet address. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 65 Prefix Lifetime Prefix lifetime, or the length of time over which the requesting router is allowed to use the prefix. Click Save. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 66: Chapter 7: Configuring The Wireless Network

    32 characters in length. To protect your network, change the default wireless network name to a unique name to distinguish your wireless network from other wireless networks that may exist around you. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 67 • Enable MAC address filtering. Cisco routers and gateways give you the ability to enable MAC address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device.

  • Page 68: General Network Security Guidelines

    Combine letters and numbers to avoid using standard words that can be found in the dictionary. General Network Security Guidelines Wireless network security is useless if the underlying network is not secure. Cisco recommends that you take the following precautions: •...

  • Page 69: Configuring Basic Wireless Settings

    Choose this option if you have only Wireless-B devices in your network. G Only Choose this option if you have only Wireless-G devices in your network. N Only Choose this option if you have only Wireless-N devices in your network. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 70 Voice data, these types of applications can increase battery life by approximately 25% and minimize transmit delays. (Optional) Configure the settings of the four wireless networks (see Editing the STEP 8 Wireless Network Settings). Click Save. STEP 9 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 71: Editing The Wireless Network Settings

    SSID. WMM (Wi-Fi Multimedia) Check this box to enable WMM. WPS Hardware Button Check this box to map the device WPS button on the front panel to this network. Click Save. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 72: Configuring The Security Mode

    (Optional) In the Passphrase field, enter an alphanumeric phrase (longer than eight STEP 7 characters for optimal security) and click Generate Key to generate four unique WEP keys in the WEP Key fields. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 73 STEP 2 In the Select SSID field, choose the SSID for which to configure the security STEP 3 settings. From the Security Mode menu, choose one of the three WPA Personal options. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 74 In the Select SSID field, choose the SSID for which to configure the security STEP 3 settings. From the Security Mode menu, choose one of the three WPA Enterprise options. STEP 4 (WPA-Enterprise only) In the Encryption field, choose one of the following options: STEP 5 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 75: Configuring Mac Filtering

    MAC Address Table from accessing the wireless network. This option is selected by default. • Permit—Select this option to allow devices with the MAC addresses listed in the MAC Address Table to access the wireless network. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 76: Configuring Time Of Day Access

    The following restrictions and configuration guidelines apply: • One guest network can be configured for each device. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 77 Click Save. The system notifies you that the physical Ethernet ports on the device STEP 7 are excluded from the VLAN that you have assigned to the guest network. In addition, Wireless Isolation with SSID and WMM are automatically enabled. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 78: Configuring Advanced Wireless Settings

    WMM No Click to enable this feature. Acknowledgement Enabling WMM No Acknowledgement can result in more efficient throughput, but higher error rates in a noisy Radio Frequency (RF) environment. Default setting is disabled. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 79 Auto to have the device automatically use the fastest possible data rate and enable the Auto-Fallback feature. Auto-Fallback will negotiate the best possible connection speed between the device and a wireless client. The default is Auto. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 80 Setting the Fragmentation Threshold too low may result in poor network performance. Only minor reduction of the default value is recommended. In most cases, it should remain at its default value of 2346. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 81: Configuring Wds

    Check the Allow wireless signal to be repeated by a repeater box to enable STEP 2 WDS. To manually enter the MAC address of a repeater click Manual, or choose Auto to STEP 3 have the router automatically detect remote access points. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 82: Configuring Wps

    Device PIN Status—WPA device personal identification number (PIN) status. Device PIN—Identifies the PIN of a device trying to connect. PIN Lifetime—The lifetime of the key. If the time expires, a new key is negotiated. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 83 Configuring the Wireless Network Configuring WPS After you configure WPS, the following information appears at the bottom of the WPS page: Wi-Fi Protected Setup Status, Network Name (SSID), and Security. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 84: Chapter 8: Configuring The Firewall

    From Zone (LAN/WAN/DMZ) and To Zone (LAN/WAN/DMZ). • Schedules as to when the router should apply rules. • Keywords (in a domain name or on a URL of a web page) that the router should allow or block. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 85: Configuring Basic Firewall Settings

    (insecure WAN), you must create a firewall rule for each service. Configuring Basic Firewall Settings To configure basic firewall settings: Choose Firewall > Basic Settings. STEP 1 Configure the following firewall settings: STEP 2 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 86 Enabling this setting blocks Java applets from being downloaded. Click Auto to automatically block Java, or click Manual and enter a specific port on which to block Java. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 87 Enabling this feature blocks proxy servers. Click Auto to automatically block proxy servers, or click Manual and enter a specific port on which to block proxy servers. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 88: Configuring Remote Management

    Enter the port on which remote access is allowed. Port The default port is 443. When remotely accessing the router, you must enter the remote management port as part of the IP address. For example: https://<remote-ip>:<remote-port>, or https://168.10.1.11:443 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 89: Configuring Universal Plug And Play

    In the Name field, enter a unique name to identify the schedule. This name is STEP 3 available on the Firewall Rule Configuration page in the Select Schedule list. (See Configuring Access Rules.) Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 90: Configuring Services Management

    STEP 4 drop-down menu: • • • TCP & UDP • ICMP In the Start Port field, enter the first TCP or UDP port of the range that the service STEP 5 uses. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 91: Configuring Access Rules

    For example, you may want to apply a rule allowing certain types of traffic before blocking other types of traffic. To reorder access rules: Choose Firewall > Access Rules. STEP 1 Click Reorder. STEP 2 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 92: Adding Access Rules

    Choose All Traffic to allow the rule to apply to all applications and services, or choose a single application to block: • Domain Name System (DNS), UDP or TCP • File Transfer Protocol (FTP) • Hyptertext Transfer Protocol (HTTP) Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 93 Address Range—The rule applies to traffic originating from an IP address located in a range of addresses. Enter the starting IP address in the Start field, and the ending IP address in the Finish field. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 94: Creating An Internet Access Policy

    Adding or Editing an Internet Access Policy To create a Internet access policy: Choose Firewall > Internet Access Policy. STEP 1 Click Add Row. STEP 2 In the Status field, check Enable. STEP 3 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 95 From the Type drop-down menu, choose how to block a website (by specifying the URL or by specifying a keyword that appears in the URL). c. In the Value field, enter the URL or keyword used to block the website. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 96: Configuring Port Forwarding

    Choose Firewall > Single Port Forwarding. A preexisting list of applications is STEP 1 displayed. In the Application field, enter the name of the application for which to configure STEP 2 port forwarding. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 97: Configuring Port Range Forwarding

    In the IP Address field, enter the IP address of the host on the LAN side to which STEP 8 the specific IP traffic will be forwarded. In the Enable field, check the Enable box to enable the rule. STEP 9 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 98: Configuring Port Range Triggering

    In the Triggered Range fields, enter the port number or range of port numbers that STEP 3 will trigger this rule when a connection request from outgoing traffic is made. If the outgoing connection uses only one port, enter the same port number in both fields. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 99 In the Interface drop-down menu, choose Both (Ethernet & 3G), Ethernet, or 3G. STEP 5 In the Enable field, check the Enable box to enable the rule. STEP 6 Click Save. STEP 7 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 100: Chapter 9: Configuring Vpn

    You do not have to configure VPN policies. Remote users can connect by using the PPTP client from a Microsoft computer. There is no need to install a VPN client. However, be aware that security vulnerabilities have been found in this protocol. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 101: Vpn Clients

    VPN Clients Remote Access with Cisco QuickVPN For quick setup with basic VPN security settings, distribute Cisco QuickVPN software to your users, who can then securely access your network resources. Use this option if you want to simplify the VPN setup process. You do not have to configure VPN policies.

  • Page 102: Configuring Quickvpn

    Instruct users to obtain the free Cisco QuickVPN software from Cisco.com, and STEP 2 install it on their computers. See Using the Cisco QuickVPN Software To enable access using Cisco QuickVPN on your device, you must enable remote STEP 3 management to open port 443 for SSL. See Configuring Basic Firewall Settings.

  • Page 103: Creating And Managing Quickvpn Users

    To edit settings for a QuickVPN user, check the box and click Edit. Make changes and click Save. To delete a QuickVPN user, check the box , click Delete and click Save. For more information about QuickVPN, see Appendix A, “Using the Cisco QuickVPN Software.” Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 104: Importing Vpn Client Settings

    For example, you can configure the device at a branch site to connect to the router at the corporate site, so that the branch site can securely access the corporate network. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 105 Remote Endpoint—Choose the way the remote endpoint, or the router to which the device will connect, is identified. For example, by an IP address such as 192.168.1.1, or by a fully qualified domain name such as cisco.com. • Remote WAN (Internet) IP Address—Enter the public IP address or domain name of the remote endpoint.

  • Page 106: Viewing Default Values

    The default values used in the basic VPN settings are those proposed by the VPN consortium and they assume you are using a pre-shared key, or password, that is known to both the device and the router on the other end (for example, a Cisco RV220W). To view the default values: Choose VPN >...

  • Page 107: Adding Or Editing Ike Policies

    In the IKE SA Parameters section, the Security Association (SA) parameters STEP 2 define the strength and mode for negotiating the SA. You can configure the following settings: • Encryption Algorithm—Choose the algorithm used to negotiate the SA: 3DES AES-128 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 108 DPD message before considering the peer to be dead. Check the XAUTH Type Enable check box to configure extended authentication STEP 3 for your IPsec VPN policy. Provide the authentication username and password. Click Save. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 109: Managing Vpn Policies

    Remote Endpoint—Select the type of identifier that you want to provide for the gateway at the remote endpoint: IP Address or FQDN (Fully Qualified Domain Name). Enter the identifier in the space provided. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 110 For a Manual policy type, enter the settings in the Manual Policy Parameters section: • SPI-Incoming, SPI-Outgoing—Enter a hexadecimal value between 3 and 8 characters; for example, 0x1234. • Encryption Algorithm—Select the algorithm used to encrypt the data: 3DES AES-128 AES-192 AES-256 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 111 The default value is 3600 seconds. The minimum value is 300 seconds. • Encryption Algorithm—Select the algorithm used to encrypt the data. • Integrity Algorithm—Select the algorithm used to verify the integrity of the data. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 112: Configuring Certificate Management

    To import a certificate: Choose VPN > Certificate Management. STEP 1 Click the Import Certificate From a File button. STEP 2 Click Browse and locate the certificate file. STEP 3 Click Install Certificate. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 113 You can export certificates for clients to your computer or to an external location on a USB drive. The certificate for the client allows QuickVPN users to securely connect to the Cisco RV215W. QuickVPN users must place the certificate in the install directory of the QuickVPN client.

  • Page 114: Configuring Vpn Passthrough

    PPTP Check Enable to allow PPTP tunnels to pass through the device. L2TP Check Enable to allow Layer 2 Tunneling Protocol (L2TP) tunnels to pass through the device. Click Save. STEP 3 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 115 Configuring VPN Configuring VPN Passthrough Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 116: Chapter 10: Configuring Quality Of Service (Qos)

    Configuring Quality of Service (QoS) The Cisco RV215W lets you configure the following quality of service (QoS) features: • Configuring Bandwidth Management, page 116 • Configuring QoS Port-Based Settings, page 119 • Configuring CoS Settings, page 120 • Configuring DSCP Settings, page 121 Quality of service (QoS) assigns priority to various applications, users, or data flows, or guarantees a level of performance to a data flow.

  • Page 117: Configuring Bandwidth

    STEP 1 In the Bandwidth Management field, check Enable. The maximum bandwidth STEP 2 provided by your ISP appears in the Bandwidth section. In the Bandwidth Priority Table, click Add Row. STEP 3 Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 118 To delete an entry from the table, check the relevant box, click Delete and click Save. To add a new service definition, click the Service Management button. You can define a new service to use for all firewall and QoS definitions. See Configuring Services Management. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 119: Configuring Qos Port-Based Settings

    Configuring Quality of Service (QoS) Configuring QoS Port-Based Settings Configuring QoS Port-Based Settings You can configure QoS settings for every LAN port on the Cisco RV215W. The device supports 4 priority queues that allow for traffic prioritization per physical switch port.

  • Page 120: Configuring Cos Settings

    STEP 1 Choose the Ethernet or 3G radio button. STEP 2 For each CoS priority level in the CoS Settings Table, choose a priority value from STEP 3 the Traffic Forwarding Queue drop-down menu. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 121: Configuring Dscp Settings

    For each DSCP value in the DSCP Settings Table, choose a priority level from the STEP 4 Queue drop-down menu. This maps the DSCP value to the selected QoS queue. Click Save. STEP 5 To restore the default DSCP settings, click Restore Default and Save. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 122: Chapter 11: Administering Your Router

    Configuring Date and Time Settings, page 134 • Backing Up and Restoring the System, page 135 • Upgrading Firmware or Changing the Language, page 139 • Restarting the Cisco RV215W, page 141 • Restoring the Factory Defaults, page 142 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 123: Setting Password Complexity

    Password Aging Check Enable to expire passwords after a specified time. Password aging time Enter the number of days after which the password expires (1–365). The default is 180 days. Click Save. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 124: Configuring User Accounts

    Configuring User Accounts The device supports two user accounts for administering and viewing settings: an administrative user (default user name and password: cisco) and a guest user (default user name: guest). The guest account has read-only access. You can set and change the username and password for both the administrator and guest accounts.

  • Page 125: Setting The Session Timeout Value

    In the SNMP System Information section of the SNMP page, you can enable SNMP. Before you can use SNMP, install SNMP software on your computer. The device supports only SNMPv3 for SNMP management and SNNPv1/2/3 for SNMP trap messages. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 126: Editing Snmpv3 Users

    Choose Administration > SNMP. STEP 1 Under SNMPv3 User Configuration, configure the following settings: STEP 2 UserName Select the account to configure (admin or guest). Access Privilege Displays the access privileges of the selected user account. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 127: Configuring The Snmp Traps

    STEP 2 IP Address Enter the IP address of the SNMP manager or trap agent. Port Enter the SNMP trap port of the IP address to which the trap messages will be sent. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 128: Using Diagnostic Tools

    You can use the PING utility to test connectivity between this router and another device in the network. You can also use the Ping tool to test connectivity to the Internet by pinging a fully qualified domain name (for example, www.cisco.com). To use PING: Choose Administration >...
  • Page 129 Choose Administration > Diagnostics > Network Tools. STEP 1 In the Internet Name field, enter the Internet name of the host. STEP 2 Click Lookup. The nslookup results appear. STEP 3 Click Close when done. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 130: Configuring Port Mirroring

    STEP 3 mirroring, do not use it for any other traffic. Click Save. STEP 4 Configuring Logging The Cisco RV215W allows you to configure logging options. Configuring Logging Settings To configure logging: Choose Administration > Logging > Log Settings. STEP 1 In the Log Mode field, check Enable.
  • Page 131 To enable these logging settings, check this box. Click Save. STEP 5 To edit an entry in the Logging Setting Table, select the entry and click Edit. Make your changes, then click Save. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 132: Configuring E-Mail Settings

    Administering Your Router Configuring Logging Configuring E-mail Settings You can configure the Cisco RV215W to send event logs, new firmware alerts and 3G alerts by e-mail. We recommend that you set up a separate e-mail account for sending and receiving e-mail alerts.
  • Page 133 Time If you chose a daily or weekly schedule for sending logs, choose the time of day at which to send the logs. Click Save. STEP 5 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 134: Configuring Bonjour

    Administering Your Router Configuring Bonjour Configuring Bonjour Bonjour is a service advertisement and discovery protocol. On the Cisco RV215W, Bonjour only advertises the default services configured on the device when Bonjour is enabled. To enable Bonjour: Choose Administration > Bonjour.

  • Page 135: Backing Up And Restoring The System

    When the firewall is working as configured, you can back up the configuration for restoring later. During backup, your settings are saved as a file on your PC. You can restore the firewall settings from this file. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 136: Backing Up The Configuration Settings

    You can download the startup configuration to other Cisco RV215W devices for easy deployment. Mirror configuration Select this option to instruct the device to back up the startup configuration after 24 hours of operation without any change in the startup configuration.

  • Page 137: Restoring The Configuration Settings

    USB devices. Click Start to Upload. STEP 4 The device uploads the configuration file and uses the settings it contains to update the startup configuration. The device then restarts and uses the new configuration. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 138: Copying The Configuration Settings

    To generate an encryption key: Choose Administration > Backup/Restore Settings. STEP 1 Click Show Advanced Settings. STEP 2 In the box, enter the seed phrase used to generate the key. STEP 3 Click Save. STEP 4 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 139: Upgrading Firmware Or Changing The Language

    STEP 4 upgraded, check one of the following check boxes: • Notify via Admin GUI— Receive notifications on the RV215W Administration GUI when you log on the next time. • Email to — Receive notifications through e-mail alerts. Click Email Address to configure e-mail settings.

  • Page 140: Upgrading Firmware Manually

    Download the latest firmware to your PC or to a USB device. To download the STEP 3 latest version of the firmware from cisco.com to a USB device, click Start Download in Save to USB from cisco.com. To upgrade to the latest firmware version, choose one of the following options to...

  • Page 141: Changing The Language

    Optionally, to restore the device configuration parameters to factory default vaues, STEP 4 select Reset all configuration/settings to factory defaults. Click Start Upgrade. STEP 5 Restarting the Cisco RV215W To restart the router: Choose Administration > Reboot. STEP 1 Click Reboot. STEP 2 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 142: Restoring The Factory Defaults

    Choose Administration > Restore Factory Defaults. STEP 1 Click Default. STEP 2 Running the Setup Wizard To run the Setup Wizard: Choose Administration > Setup Wizard. STEP 1 Follow the online instructions. STEP 2 Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 143: Appendix A: Using Cisco Quickvpn

    Using Cisco QuickVPN Overview This appendix explains how to install and use the Cisco QuickVPN software that can be downloaded from Cisco.com. QuickVPN works with computers running Windows 7, Windows XP, Windows Vista, or Windows 2000. (Computers using other operating systems will have to use third-party VPN software.) This appendix includes the following sections: •...

  • Page 144: Installing The Cisco Quickvpn Software

    Installing the Cisco QuickVPN Software Installing the Cisco QuickVPN Software Installing from the CD-ROM Insert the Cisco RV215W CD-ROM into your CD-ROM drive. After the Setup STEP 1 Wizard begins, click the Install QuickVPN link. The License Agreement window appears.
  • Page 145 The Setup Wizard copies the files to the chosen location. Copying Files Finished Installing Files Click Finish to complete the installation. Proceed to “Using the Cisco QuickVPN STEP 5 Software,” on page 146. Cisco RV215W Wireless-N VPN Firewall Administration Guide...

  • Page 146: Downloading And Installing From The Internet

    Appendix B, “Where to Go From Here,” go to the Software Downloads link. STEP 1 Enter Cisco RV215W in the search box and find the QuickVPN software. STEP 2 Save the zip file to your PC, and extract the .exe file.
  • Page 147 To terminate the VPN tunnel, click Disconnect. To change your password, click Change Password. For information, click Help. If you clicked Change Password and have permission to change your own STEP 9 password, the Connect Virtual Private Connection window appears. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 148 New Password field. Then enter the new password again in the Confirm New Password field. Click OK to save your new password. STEP 11 You can change your password only if the Allow User to Change Password box NOTE has been checked for that username. Cisco RV215W Wireless-N VPN Firewall Administration Guide...
  • Page 149 Software Downloads Go to tools.cisco.com/support/downloads, and (Login Required) enter the model number in the Software Search box. Product Documentation Wireless-N VPN Firewall www.cisco.com/en/US/products/ps9923/ tsd_products_support_series_home.html Cisco Partner Central www.cisco.com/web/partners/sell/smb (Partner Login Required) Marketplace www.cisco.com/go/marketplace Cisco RV215W Wireless-N VPN Firewall Administration Guide...

Table of Contents