Rv340 Vpn Client To Site

 



RV340 Dual WAN Gigabit Router
Cisco RV340 Dual WAN Gigabit VPN Router
#RV340-K9-NA
List Price: $505.00
Our Price: $233.59

Overview:

Today, secure networking is imperative for every business, even the smallest one.

To configure the Client-to-Site, follow these steps: Step 1 Click VPN Client-to-Site. Step 2 Click Add and the IPsec Client-to-Site Groups table will be displayed. Step 3 To add a Client to Site connection, click Add. Step 4 In the Add a New Group section, select an option (Cisco VPN Client or 3rd Party Client). Jul 21, 2017 RV340 Dual-WAN VPN Router-Product Views Front Panel View. The front panel shows the model number, the Reset button and several LEDs for Power, VPN, Diagnostics, LAN, WAN, and USB.

The RV340 Series security router provides business users with advanced connectivity and secure high-speed access for the growing demand and usage of digital services.

The Cisco RV340 Series routers connect small businesses securely to the Internet. The routers protect employees from threats such as viruses, network attacks, unwanted content, and malicious websites. All that without compromising the online experience.

Rv340 Vpn Client To Site Software

Implementing advanced Unified Threat Management (UTM) features on a high-performing router platform creates one of the most desirable small business connectivity solutions.

Standard are dual WAN ports, business class firewall, and flexible VPN options. Integrated Wi-Fi-5, 16- port LAN switch, and PoE LAN orts are available in model variants.

For cloud-based security, an easy-to-configure Cisco Umbrella™ integration is available.

Security

IT security is a priority for business of all sorts and sizes. With the size of an office or a remote office typically being rather small, IT staff is less likely to be available and offer user support. Any office environment requires the same functionality as the corporate office in terms of security that may include firewall, VPN, IPS, blocking applications and web protection.

The Cisco 340 Series offers comprehensive security and best-in-class performance.

  • Firewall: Stateful, scalable, and flexible.
  • UTM features (your choice of on prem or in the cloud) — Unified security features provide reliable and highly secure Internet connectivity with cloud application detection and policies.
  • Secure connectivity: Flexible VPN functionality with support of Cisco AnyConnect® Secure Mobility Client.
  • Hardware-accelerated performance: Dual core ARM-based architecture with embedded hardware-accelerated VPN.
  • Dual-WAN with load-balancing and 3G/4G failover brings resiliency and increased bandwidth.
  • Partner- or customer-centric single pane-of-glass network management with the integration into FindIT Manager or web UI.
  • Automated software updates to keep the firmware current.

The security features include an on-board UTM feature set and a cloud-based Cisco Umbrella integration. These features can be used independently from each other and require a software license. When the Cisco Umbrella integration is activated, the on-board web security is turned off. All other security features will work.

Cisco Umbrella is a cloud-based web security service that delivers automatic protection from malicious or compromised websites, phishing, C2 Callbacks, and malware. With Cisco Umbrella, you gain visibility and enforcement at the DNS layer, so you can block requests to malicious domains and IPs before a connection to your network or endpoints is ever made. And because it’s built into the foundation of the Internet and delivered from the cloud, Umbrella is the simplest security product to deploy and delivers powerful, effective protection. The router integration allows for easy setup, enhanced visibility and reporting, and a small business–friendly branch license for Cisco Umbrella.

The on-board UTM security features include: Intrusion prevention, gateway antivirus, application identification, client identification, on-board web security. These features protect your network from attacks from the Internet and at the same allow for setting policies for corporate usage of the Internet by limiting Internet surfing to appropriate site categories and eliminating unwanted network traffic, hence boosting employee productivity and overall network performance.

Licensing

To operate the router no license is required. It will work with full performance and all VPN features are turned on.

  1. The customer can add advanced security features to the router using a license. The license will enable IPS, Antivirus, Web Security, App ID, and Client ID. The licensed security features can be trialed at no cost for 90 days.
  2. To integrate the router into Cisco Umbrella as a “network device type,” and to have the advantage of detailed security reporting for all hosts behind the router, a Cisco Umbrella license is required. For customers using only the RV routers, an affordable Cisco Umbrella branch license is available.

RV Security License (LS-RV34X-SEC-1YR=)
Enables dynamic web filter, Internet security and Application Visibility, Client Identification, IPS, and Antivirus.

Umbrella RV Branch License (UMB-BRAN-RV)
1-Year Cisco RV-Branch license. Uses Cisco Umbrella Licensing.

Features and Benefits:

  • Dual WAN
    High resiliency and load balancing for reliable Internet connectivity.
  • Integrated switch
    4- or 16-port*integrated gigabit switch to connect the devices directly to the router. PoE+* for powering connected phones and access point from the router. (RV340, RV340W: 4 Ports, RV345 16 Ports, RV345P: 16 Ports and PoE)
  • Integrated WiFi-5
    Provides connectivity for all wireless devices. Wi-Fi-5 allows router to communicate with multiple devices simultaneously, decreases the time each device has to wait for a signal, and dramatically speeds up the wireless network. (RV340W only)
  • 3G/4G failover via USB modem
    Provides high reliability and connectivity when broadband connection is down.
  • Enhanced VPN functionality
    Protects employees and their data. Enterprise class, easy to set up. Encrypt all your traffic between sites. Flexible options. IPSec IKEv2, IKev1, Anyconnect SSL, L2TP.
  • Support for the Cisco AnyConnect Secure Mobility Client
    Ideal for remote access by mobile devices.
  • Dynamic web filtering
    Enables business efficiency and security while connecting to the Internet, allows Internet access policies for end devices and Internet applications to help ensure performance and security.
  • Client identification
    Identifies the type of connected devices and allows setting policies. Application visibility Generates reports of Internet applications being used by clients and allows setting policies.
  • Cisco Umbrella integration
    The Umbrella integration allows One-Click configuration for Cisco Umbrella cloud-based web security service.
  • Intrusion Prevention System (IPS)
    Blocking network connections that are determined too risky for the organization.
  • Antivirus
    Antivirus delivers deep extensive protection against all types of viruses.
  • Cisco Plug and Play (PnP)
    Cloud-based Zero Touch Deployment. Improve operational efficiency with a simple, secure, and integrated method for device onboarding.
  • Automatic software download and update
    Keeps the router constantly up-to-date without user intervention. Quickest way to mitigate 0-Day vulnerabilities.

Specifications:


Product Specifications
WAN ports2 RJ-45 Gigabit Ethernet
LAN ports4 RJ-45 Gigabit Ethernet
(LAN 1, 2, 3, 4 and LAN 9, 10, 11, 12 are PoE 802.3at, max 30W per port up to 120W total
Console/serial1 RJ-45 port for future use. Port is disabled
USB2 for external 3G/4G modem or flash drive (USB-3, USB-2)
FirewallStateful packet inspection, up to 980 Mbps throughput for TCP and UDP
Quality of Service (QoS)Traffic Classes, WAN Queuing, WAN Policing, WAN Bandwidth Management, Assign detailed QoS (Class of Service (CoS)/Differentiated Services Code Point (DSCP)/policies) settings per application or end device
Web SecurityDynamic web filtering: Cloud based, more than 80 categories, more than 450 million domains classified
Application VisibilityApplication identification: Assign policies to Internet applications
500 unique Apps
Client IdentificationIdentifies and categorizes clients dynamically. Assigns policies based on end device category and operating system.
Intrusion Prevention SystemIDS/IPS inspects network packets, logs and/or blocks a wide range of network attacks. It delivers increased network availability, faster remediation, and comprehensive threat protection.
HTTP/FTP/SMTP/POP3/IMAP
AntivirusProtection from viruses, trojans, spyware, and identity theft by inspecting traffic going through the router.
HTTP/FTP/SMTP/POP3/IMAP
Cisco Umbrella First line of defense for threats on the Internet. Prevention for user and malware-initiated connections. Protection against Malware, C2 callbacks, and phishing. Proxy inspection for risky domains.
IPSec IKEv1 and IKEv2
50 simultaneous connections (any combination of remote access and site-to-site), up to 650 Mbps throughput
IPsec remote accessYes (remote access from any standards-based IPsec client and Cisco IPsec VPN EasyVPN)
Layer 2 Tunneling Protocol (L2TP) over IPsecYes
Generic Routing Encapsulation (GRE) over IPsec Yes
Cisco SSL VPN (Cisco AnyConnect)Maximum 50 SSL VPN tunnels and up to 33Mbps throughput. Also requires Cisco AnyConnect end user licenses to use on the end device. Ideal for mobile devices.
Point-to-Point Tunneling Protocol (PPTP)25 connections, up to 100 Mbps throughput
Teleworker mode (Cisco IPsec VPN)Router acts as a client to connect to central VPN gateway in teleworker mode
VPN pass-through IPSec, PPTP, L2TP
Management protocolsWeb browser (HTTP/HTTPS)
Simple Network Management Protocol (SNMP) v1, v2c, and v3
Representational State Transfer (REST) API
NETCONF
Management PlatformFindIT Network Manager
Firmware upgrade optionsVia local PC, USB stick, or from Cisco.com via web browser.
Unattended automatic firmware upgrade.
LAN
VLANUp to 32 VLANs
Port SecurityYes, 802.1X
Link aggregationYes (static, no LACP)
IPv6Dual stack, 6rd, 6in4, Dual stack lite
WANDHCP client, static IP, PPPoE, PPPTP, L2TP, transparent bridge
RoutingStatic routing, IGMP proxy, Inter-VLAN routing, Routing Information Protocol RIPv1,v2, RIPng
Network Address Translation (NAT)Port Forwarding
Port Address Translation (PAT)
One-to-one NAT
VPN NAT traversal
Session Initiation Protocol (SIP) Application-Level Gateway (ALG), FTP ALG
NAT max sessions>40000
NAT max connections per second 3000
DynDNSChangeIP.com, DynDNS.com, No-IP.com, dnsomatic
IPv6 transition Dual Stack
Hardware DMZ Yes (when enabled, one LAN port will be DMZ port)
DMZ hostYes
System
CPUARM-based architecture, dual core, hardware flow engine
900 Mhz
RAM1 GB DDR3
Flash 256 MB
Wireless
StandardsIEEE 802.11ac, 802.11n, 802.11g, 802.11b, 802.11a, 802.1X (security authentication), 802.1Q (VLAN), 802.11i (WPA2 security), 802.11e (wireless QoS)
Antennas4 external fixed paddle antennas (RV340W)
802.1X supplicantYes
SSID-to-VLAN mappingYes
Auto channel selection Yes
WPA/WPA2Yes, including enterprise authentication
Access controlYes, MAC filtering
Rouge access point detectionNo
QoSWi-Fi Multimedia (WMM) with unscheduled automatic power save
Wireless Peformance
Wireless throughputPHY data rate:
2.4 GHz: 450 Mbps 964-QAM), 600 Mbps (256-QAM)
5 GHz: 1.7 Gbps (256-QAM), 2.1 Gbps (1024-QAM)
Total: Up to 2.7 Gbps
(real-world throughput will vary)
Recommended user supportUp to 50 users at 2.4 GHz and 124 users at 5 GHz simultaneously
Captive Portal for guest access Yes
Wireless Parameters
FrequencyDual concurrent radios (2.4 and 5 GHz)
WLAN802.11n/ac
4x4 MU-MIMO with 4 partial streams at 5GHz
3x3 MIMO with 3 spatial streams at 2.4 GHz
20 MHz, 40 MHz and 80 MHZ channels for 802.11ac
20 MHz and 40 MHz channels for 802.11n
PHY data rate:
2.4 GHz: 450 Mbps (64-QAM), 600 Mbps (256-QAM)
5 GHz: 1.7 Gbps (256-QAM), 2.1 Gbps (1024-QAM)
Total: up to 2.7 Gbps
802.11 Dynamic Frequency Selection (DFS)
MU-MIMO up to 3 clients simultaneously
Data rates supported802.11 a/b/g:
  • 54, 48, 36, 24, 18, 12, 9, 6, 11, 5.5, 2, and 1 Mbps
  • 802.11n: 6.5 to 450 Mbps
    • 20-MHz bandwidth: MCS 0-15 for supported data rates
    • 40-MHz bandwidth: MCS 0-15 for supported data rates

802.11ac:

  • 6.5 Mbps to 1.7 Gbps
    • 20-MHz bandwidth: MCS 0-9 for supported data rates
    • 40-MHz bandwidth: MCS 0-9 for supported data rates
    • 80-MHz bandwidth: MCS 0-9 for supported data rates
Frequency band and operating channelsA (A regulatory domain):
  • 2412 to ~2462 MHz: 11 channels
  • 5.15 to 5.25 GHz: 4 channels
  • 5.25 to 5.35 GHz: 4 channels
  • 5.47 to 5.725 GHz: 8 channels
  • 5.725 to 5.825 GHz: 5 channels

E (E regulatory domain):

  • 2412 to ~2472 MHz: 13 channels
  • 5.15 to 5.25 GHz: 4 channels
  • 5.25 to 5.35 GHz: 4 channels
  • 5.47 to 5.725 GHz: 8 channels

C (C regulatory domain):

  • 2412 to ~2462 MHz: 13 channels
  • 5.15 to 5.25 GHz: 4 channels
  • 5.25 to 5.35 GHz: 4 channels
Transmitter output power2.4 GHz
  • 802.11b: 17.5 +/- 2 dBm
  • 802.11g: 17.5 +/- 2 dBm @ 6 Mbps
  • 802.11g: 15.5 +/- 2 dBm @ 54 Mbps
  • 802.11n (HT20): 17.5 +/- 2 dBm @ MCS0
  • 802.11n (HT20): 15.5 +/- 2 dBm @ MCS7
  • 802.11n (HT40): 15.5 +/- 2 dBm @ MCS7

5 GHz

  • 802.11a: 18.5 +/- 2 dBm @ 6 Mbps
  • 802.11a: 14 +/- 2 dBm @ 54 Mbps
  • 802.11n (HT20): 14 +/- 2 dBm @ MCS7
  • 802.11n (HT40): 14 +/- 2 dBm @ MCS7
  • 802.11ac (VHT80): 12.0 +/- 2 dBm @ VHT9SS
Wireless isolationWireless isolation between clients
Antenna gain in dBi2.4 GHz: 3 dBi each antenna
5 GHz: 5 dBi each antenna
Receiver sensitivity2.4 GHz
  • 802.11b: -82 dBm @ 11 Mbps
  • 802.11g: -71 dBm @ 54 Mbps
  • 802.11n (HT20): -69 dBm @ MCS7
  • 802.11n (HT40): -67 dBm @ MCS7

5 GHz

  • 802.11ac (VHT20): -59 dBm @ MCS8
  • 802.11ac (VHT40): -54 dBm @ MCS9
  • 802.11ac (VHT80): -51 dBm @ MCS9
Wireless Distribution System (WDS)No
Product Dimensions
Dimension280 x 44 x 315 mm (11 x 1.75 x 12.40 in)
Package Dimensions375 x 505 x 80 mm (14.76 x 19.88 x 3.15 in)
Product Weight Device Only 1150 g (2.53 lb)
Packaging Weight2400 g (5.29 lb)
MTBF 50000 hours
Rack mountableYes
Included accessoriesPower supply, power cord, Ethernet cable
FanNo
Power SupplyAC 100-240V/1A DC 12V/3A
CertificationFCC Class B, CE Class B, UL, cUL, CB, CCC, BSMI, KC, Anatel
Operating temperature0° to 40°C (32° to 104°F)
Storage temperature 0° to 70°C (32° to 158°F)
Operating humidity 10% to 85% noncondensing
Storage humidity5% to 90% noncondensing

Documentation:

Download the Cisco RV340, RV345, RV345P, and RV340W Dual WAN Security VPN Router Data Sheet (.PDF)

Pricing Notes:

  • Pricing and product availability subject to change without notice.
RV340 Dual WAN Gigabit Router
Cisco RV340 Dual WAN Gigabit VPN Router
#RV340-K9-NA
List Price: $505.00
Our Price: $233.59

Objective

In a Client-to-Site Virtual Private Network (VPN) connection, clients from the Internet can connect to the server to access the corporate network or Local Area Network (LAN) behind the server but still maintains the security of the network and its resources. This feature is very useful since it creates a new VPN tunnel that would allow teleworkers and business travelers to access your network by using a VPN client software without compromising privacy and security.

The objective of this document is to show you how to configure Client-to-Site VPN connection on the RV34x Series Router.

Applicable Devices

  • RV34x Series
Rv340 Vpn Client To Site

Software Version

  • 1.0.01.16

Configure Client-to-Site VPN

Step 1. Log in to the router web-based utility and choose VPN > Client-to-Site.

Step 2. Click the Add button under IPSec Client-to-Site Tunnels section.

Step 3. In the Add a New Tunnel area, click the Cisco VPN Client radio button.

Step 4. Check the Enable check box to enable the configuration.

Step 5. Enter a group name in the field provided. This will serve as identifier for all the member of this group during the Internet Key Exchange (IKE) negotiations.

Note: Enter characters between A to Z or 0 to 9. Spaces and special characters are not allowed for the group name. In this example, TestGroup is used.

Step 6. Click on the drop-down list to choose the Interface. The options are:

  • WAN1
  • WAN2
  • USB1
  • USB2

Note: In this example, WAN1 is chosen. This is the default setting.

Step 7. In the IKE Authentication Method area, choose an authentication method to be used in IKE negotiations in IKE-based tunnel. The options are:

  • Pre-shared Key — IKE peers authenticate each other by computing and sending a keyed hash of data that includes the Pre-shared Key. If the receiving peer is able to create the same hash independently using its Pre-shared key, it knows that both peers must share the same secret, thus authenticating the other peer. Pre-shared keys do not scale well because each IPSec peer must be configured with the Pre-shared key of every other peer with which it establishes a session.
  • Certificate — The digital certificate is a package that contains information such as a certificate identity of the bearer: name or IP address, the serial number expiration date of the certificate, and a copy of the public key of the certificate bearer. The standard digital certificate format is defined in the X.509 specification. X.509 version 3 defines the data structure for certificates.

Note: In this example, Pre-shared Key is chosen. This is the default setting.

Step 8. Enter a pre-shared key in the field provided. This will be the authentication key among your group of IKE peers.

Step 9. (Optional) Check the Enable check box for the Minimum Pre-shared Key Complexity to view the Pre-shared Key Strength Meter and determine the strength of your key. The strength of your key are defined as follows:

  • Red— The password is weak.
  • Orange— The password is fairly strong.
  • Green — The password is strong.

Note: You can check the Enable check box in the Show Pre-shared Key field to check your password in plain text.

Step 10. (Optional) Click on the plus icon in the User Group table to add a group.

Step 11. (Optional) Choose from the drop-down list whether the user group is for admin or for guests. If you created your own user group with user accounts, you can select it. In this example, we will be selecting TestGroup.

Note: TestGroup is a user group that we have created in System Configuration >User Groups.

Note: In this example, TestGroup is chosen. You can also check the box beside the user group and then click the Delete button if you want to delete a user group.

Step 12. Click on a radio button to choose a Mode. The options are:

  • Client — This option allows the client to request for an IP address and the server supplies the IP addresses from the configured address range.
  • Network Extension Mode (NEM) — This option allows clients to propose their subnet for which VPN services need to be applied on traffic between LAN behind server and subnet proposed by client.

Note: In this example, Client is chosen.

Step 13. Enter the starting IP address in the Start IP field. This will be the first IP address in the pool that can be assigned to a client.

Note: In this example, 192.168.100.1 is used.

Step 14. Enter the ending IP address in the End IP field. This will be the last IP address in the pool that can be assigned to a client.

Note: In this example, 192.168.100.100 is used.

Step 15. (Optional) Under the Mode Configuration area, enter the IP address of the primary DNS server in the field provided.

Note: In this example, 192.168.1.1 is used.

Rv340 Vpn Client To Site Download

Step 16. (Optional) Enter the IP address of the secondary DNS server in the field provided.

Note: In this example, 192.168.1.2 is used.

Step 17. (Optional) Enter the IP address of the primary WINS server in the field provided.

Note: In this example, 192.168.1.1 is used.

Step 18. (Optional) Enter the IP address of the secondary WINS server in the field provided.

Rv340 Vpn Client To Site Free

Note: In this example, 192.168.1.2 is used.

Step 19. (Optional) Enter the default domain to be used in the remote network in the field provided.

Client

Note: In this example, sample.com is used.

Step 20. (Optional) In the Backup Server 1 field, enter the IP address or the domain name of the backup server. This will be where the device can start the VPN connection in case the primary IPSec VPN server fails. You can enter up to three backup servers in the fields provided. The Backup Server 1 has the highest priority among the three servers and the Backup Server 3 has the lowest.

Note: In this example, Example.com is used for Backup Server 1.

Step 21. (Optional) Check the Split Tunnel check box to enable split tunnel. Split Tunneling allows you to access the resources of a private network and the Internet at the same time.

Step 22. (Optional) Under the Split Tunnel Table, click the plus icon to add an IP address for split tunnel.

Step 23. (Optional) Enter the IP address and netmask of the split tunnel in the fields provided.

Note: In this example, 192.168.1.0 and 255.255.255.0 are used. You can also check the box and click on the Add, Edit, and Delete buttons to add, edit, or delete a split tunnel, respectively.

Step 24. (Optional) Check the Split DNS check box to enable split DNS. Split DNS allows you to create separate DNS servers for internal and external networks to maintain security and privacy of network resources.

Step 25. (Optional) Click the plus icon under the Split DNS Table to add a domain name for split DNS.

Step 26. (Optional) Enter the domain name of the split DNS in the field provided.

Note: In this example, labsample.com is used. You can also check the box and click on the Add, Edit, and Delete buttons to add, edit, or delete a split DNS, respectively.

Step 27. Click Apply.

Conclusion

You should now have successfully configured Client-to-Site connection on the RV34x Series Router.

Click on the following articles to learn more on the following topics:

View a video related to this article...