TP-Link TL-ER6020 manual VPN Setting, IPsec VPN, IKE Setting,  IKE Proposal, Settings

Page 135
4.3.2 VPN Setting

Figure 4-3 Link Backup

4.3.2 VPN Setting

To enable the hosts in the remote branch office (WAN: 116.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between the headquarters and the remote branch office to guarantee a secured communication. The following takes IPsec settings of the Router in the headquarters for example.

Moreover, you can configure the PPTP VPN Server to establish a remote mobile office, which enables the staff on business to access the FTP server and Mail server in the headquarters via PPTP dial-up connection.

4.3.2.1IPsec VPN

1)IKE Setting

To configure the IKE function, you should create an IKE Proposal firstly.

IKE Proposal

Choose the menu VPN→IKE→IKE Proposal to load the configuration page.

Settings:

Proposal Name:

proposal_IKE_1

-130-

Page 134 Page 136
Image 135
Page 134 Page 136
Contents REV1.0.1 1910010852 TL-ER6020 Gigabit Dual-WAN VPN RouterCOPYRIGHT & TRADEMARKS FCC STATEMENTCE Mark Warning Chapter 1 About this Guide CONTENTSNetwork Requirements Chapter 4 ApplicationHardware Specifications GlossaryChapter 5 CLI The following items should be found in your package Package Contents One TL-ER6020 Router  One Power Cord  One Console Cable  Two mounting brackets and other fittings  Installation Guide1.2 Conventions SymbolChapter 1 About this Guide 1.1 Intended ReadersProvides the possible solutions to the problems that may occur during Lists the hardware specifications of this RouterSpecifications Appendix B FAQ2.1 Overview of the Router  Powerful Data Processing Capability Powerful Firewall Chapter 2 IntroductionHardware 2.2 Features Dual-WAN Ports  Easy-to-useSecurity 2.3 Appearance2.3.1 Front Panel Traffic ControlIndication  Reset button LEDs Status Kensington Security Slot  Power Socket2.3.2 Rear Panel  Grounding Terminal3.1.2 System Mode Chapter 3 Configuration3.1 Network 3.1.1 StatusFigure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT Mode NAT Mode 1 Static IP 3.1.3 WAN Non-NAT Mode  Classic Mode Static IP Specify the bandwidth for receiving packets on the port 2 Dynamic IPUpstream Bandwidth Downstream Dynamic IP 3 PPPoE  Dynamic IP StatusFigure 3-8 WAN - PPPoE Enter the Account Name provided by your ISP. If you are not clear  PPPoE Settingson. The connection can be re-established automatically when it 576-1492. The default MTU is 1480. It is recommended to keep theDynamic IP is selected, the obtained subnet address of WAN port is Here allows you to configure the secondary connection. Dynamic IP PPPoE Status 4 L2TPcorrect and your network is connected well. Consult your ISP if Figure 3-9 WAN - L2TP  L2TP SettingsInternet connection by the Connect or Disconnect button. It  L2TP Status  PPTP Settings 5 PPTPFigure 3-10 WAN - PPTP Account Name  PPTP Status Status 6 BigPondPrimary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth  BigPond Settings  BigPond Status  LAN 3.1.4 LAN3.1.4.1 LAN 3.1.4.2 DHCP DHCP Settings 3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client3.1.5 DMZ  DHCP Reservation List of Reserved Address 3.1.5.1 DMZ  DMZ 3.1.6 MAC Address MAC Address Set the MAC Address for LAN portSet the MAC Address for WAN port Set the MAC Address for DMZ port3.1.7.1 Statistics 3.1.7 Switch Statistics 3.1.7.2 Port MirrorGeneral Port MirrorMirroring Port Application Example 3.1.7.3 Rate Control Rate Control 3.1.7.4 Port Config3.1.7.5 Port Status  Port Config3.2 User Group 3.1.7.6 Port VLAN Port VLAN  List of Group  Group Config3.2.1 Group 3.2.2 User List of User  User Config View Config 3.2.3 View3.3.1.1 NAT Setup 3.3 Advanced3.3.1 NAT  One-to-One NAT 3.3.1.2 One-to-One NAT NAPT  NAT-DMZ3.3.1.3 Multi-Nets NAT  List of Rules Multi-Nets NAT Application Example Network Requirements  list of RulesConfiguration procedure 3.3.1.4 Virtual Server Protocol  Virtual Server Port Triggering 3.3.1.5 Port Triggering List of Rules 3.3.2 Traffic Control 3.3.1.6 ALG ALG 3.3.2.1 Setup  Default Limit General  Interface Bandwidth 3.3.2.2 Bandwidth Controldata flow might pass. Individual WAN port cannot be selected if  Bandwidth Control Rule3.3.3.1 Session Limit 3.3.3 Session Limit Session Limit 3.3.4.1 Configuration3.3.4 Load Balance 3.3.3.2 Session List3.3.4.2 Policy Routing 3.3.4.3 Link Backup You can select Timing or Failover Mode Status : 3.3.4.4 ProtocolTiming Failover List of Protocol 3.3.5 Routing3.3.5.1 Static Route  Protocol Static Route 3.3.5.2 RIP Choose the menu Advanced→Routing→RIP to load the following page  List of RIP 3.3.5.3 Route Table3.4 Firewall 3.4.1 Anti ARP Spoofing3.4.1.1 IP-MAC Binding  IP-MAC Binding 3.4.1.2 ARP Scanning 3.4.1.3 ARP List 3.4.2 Attack DefenseFigure 3-49 Attack Defense Packet Anomaly 3.4.3 MAC Filtering MAC Filtering Enable Attack3.4.4 Access Control 3.4.4.1 URL Filtering URL Filtering Rule Select the mode for URL Filtering. “Keyword’’ indicates that all the Configuration Procedure3.4.4.3 Access Rules  Access Rules3.4.4.2 Web Filtering Select the Source IP Range for the entries, including the following group on3.2.1 GroupSelect the service for the entry. Only the service belonging to the other service types can still pass through the Router. You can addPriority 3.4.4.4 Service List of Service  Service3.4.5 App Control 3.4.5.1 Control Rules Control Rules 3.4.5.2 Database 3.5.1 IKE 3.5 VPN IKE Policy 3.5.1.1 IKE PolicySA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation 3.5.1.2 IKE Proposal  List of IKE Policy IKE Proposal  List of IKE Proposal 3.5.2 IPseccan be entered 3.5.2.1 IPsec Policy IPsec Policy Policy NameGateway of the remote peer should be set to the IP address of  IKE Modepolicy on VPN→IKE→IKE Policy page which PCs on the remote network are covered by this policy. Itsde-encrypted, the key in Phase2 is easy to be de-encrypted, in  Manual ModePhase2. As it is independent of the key created in Phase1, this de-encrypted. Without PFS, the key in Phase2 is created based List of IPsec Policy IPsec 3.5.2.2 IPsec Proposal IPsec Proposal  List of IPsec Proposal 3.5.2.3 IPsec SAProtocol Authentication3.5.3 L2TP/PPTP 3.5.3.1 L2TP/PPTP Tunnel L2TP/PPTP Tunnel Select the IP Pool Name to specify the address range for the servers Enter the account name of L2TP/PPTP tunnel. It should be configured List of IP Pool  List of Configurations3.5.3.2 IP Address Pool  IP Address Pool3.6.1.1 General 3.6 Services3.6.1 PPPoE Server 3.5.3.3 List of L2TP/PPTP TunnelFigure 3-66 General The following items are displayed on this screen 3.6.1.2 IP Address Pool 3.6.1.3 Account  Account is 48. If Enable Advanced Account Features is not selected, the 3.6.1.4 Exceptional IP List of Account 3.6.2 E-Bulletin 3.6.1.5 List of Account Exceptional IP Specify the interval to release the bulletin  E-BulletinInterval Title List of E-Bulletin 3.6.3 Dynamic DNS Dyndns DDNS 3.6.3.1 DynDNS3.6.3.2 No-IP  List of DynDNS Account No-IP DDNS  List of No-IP Account 3.6.3.3 PeanutHull PeanutHull DDNS 3.6.3.4 Comexe  List of PeanutHull Account Comexe DDNS  List of Comexe Account 3.6.4 UPnP Administrator 3.7 Maintenance3.7.1 Admin Setup 3.7.1.1 AdministratorRe-enter the new password for confirmation 3.7.1.2 Login Parameter3.7.1.3 Remote Management  Remote Management List of Subnet 3.7.2.1 Factory Defaults 3.7.2 Management3.7.2.2 Export and Import  Import 3.7.2.3 Reboot Configuration Version  Export3.7.3 License 3.7.2.4 Firmware Upgrade3.7.4 Statistics 3.7.4.1 Interface Traffic Statistics Interface Traffic Statistics  Advanced WAN Information 3.7.4.2 IP Traffic Statistics IP Traffic Statistics 3.7.5 Diagnostics3.7.5.1 Diagnostics  Traffic Statistics Tracert  Ping3.7.5.2 Online Detection  List of WAN statusDisplays whether the Online Detection is enabled  Config 3.7.6 Time Current Time  List of Logs 3.7.7 LogsThe system is unusable LevelError conditions Severity4.1 Network Requirements Chapter 4 Application4.3.1 Internet Setting 4.2 Network Topology 4.3 Configurations4.3.1.3 Link Backup 4.3.1.1 System Mode4.3.1.2 Internet Connection 4.3.2.1 IPsec VPN 4.3.2 VPN Setting1 IKE Setting SettingsAuthenticationMD5 Encryption3DES  IKE Policy2 IPsec Setting  IPsec ProposalproposalIPsec1 proposalIPsec1 you just created  IPsec Policy IP Address Pool 4.3.2.2 PPTP VPN SettingL2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  L2TP/PPTP Tunnel User 4.3.3 Network Management4.3.3.1 User Group  Group View 4.3.3.2 App Control4.3.3.3 Bandwidth Control 1 Enable Bandwidth Control2 Interface Bandwidth 3 Bandwidth Control RuleKeep the default value 4.3.3.4 Session Limit 4.3.4 Network Security4.3.4.1 LAN ARP Defense 1 Scan and import the entries to ARP List2 Set IP-MAC Binding Entry Manually 4.3.4.2 WAN ARP Defense 3 Set Attack Defense00-11-22-33-44-aa 4.3.4.3 Attack Defense 4.3.4.4 Traffic Monitoring1 Port Mirror 2 Statistics Figure 4-23 IP Traffic Statistics Chapter 5 CLI 5.1 ConfigurationFigure 5-3 Select the port to connect Figure 5-2 Connection DescriptionFigure 5-5 Connection Properties Settings 148 Figure 5-4 Port Settings5.2 Interface Mode admin Accessing PathLogout or Access the next mode enableIP mac bind configuration enableShow command history IP configurationTP-LINK ip get lan Lan Ip Lan Mask 5.4 Command Introduction5.4.2 ip-mac 5.4.1 ipTP-LINK # sys export config TP-LINK # sys reboot This command will reboot system, Continue?Y/NTP-LINK # sys restore This command will restore system, Continue?Y/NTP-LINK sys show CPU Used Rate 1% TP-LINK # sys update Password admin File name config.binTry to get the configuration file config.bin Get configuration file config bin succeed, file size is 7104 bytesTP-LINK # user get Username admin Password admin TP-LINK user get Username admin Password adminTP-LINK user set password Enter old password Enter new password Confirm new password1. history 2. sys show 3. history View the history command5.4.6 exit TP-LINK historyPorts Appendix A Hardware SpecificationsPower StandardsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled data authentication, and anti-replay services. ESP encapsulates Appendix C GlossaryGlossary AH(Authentication Header)for services such as IPSec that require keys. Before any IPSec Description enterprise Telnet is used for remote terminal connection, enabling users to
Related manuals
Manual 28 pages 30.84 Kb

TL-ER6020 specifications

The TP-Link TL-ER6020 is a robust and efficient router designed for small to medium-sized businesses seeking reliable network performance and advanced features. Combining dual WAN capability with comprehensive security features, it ensures that businesses can maintain consistent and secure internet connectivity, even during peak usage times or in the event of a failure from one ISP.

One of the primary features of the TL-ER6020 is its dual WAN support, which allows users to connect two different internet sources. This not only enhances reliability through load balancing but also ensures redundancy. In cases where the primary WAN connection fails, the router can seamlessly switch to the secondary connection, minimizing downtime and maintaining business operations.

Security is a critical aspect of any network appliance, and the TL-ER6020 does not disappoint. It comes equipped with multiple security features, including advanced firewall capabilities, IP/MAC/URL filtering, and DoS attacks prevention. These tools work together to provide a secure network environment, safeguarding sensitive business data from unauthorized access and potential threats.

The router also supports VLAN (Virtual Local Area Network) technology, which allows businesses to segment their networks for better performance and security. By creating separate networks for different departments or functions, companies can enhance their network management and control traffic flow more efficiently.

Additionally, the TL-ER6020 features quality of service (QoS) capabilities that prioritize network traffic based on user needs. This ensures that critical applications, such as VoIP or video conferencing, receive the bandwidth they require for optimal performance, while less critical traffic is deprioritized during peak times.

For user management, the TL-ER6020 includes an intuitive web-based interface that simplifies configuration and monitoring. Administrators can easily manage network settings, view statistics, and troubleshoot issues without the need for extensive technical expertise.

In terms of physical specifications, the TL-ER6020 is built with reliability in mind, featuring cooling vents to prevent overheating and an efficient power supply. Its compact design allows for easy placement in various environments, whether in a server room or on a desk.

Overall, the TP-Link TL-ER6020 is a solid choice for businesses looking to build a secure, versatile, and high-performance network. Its combination of dual WAN capabilities, strong security features, VLAN support, and QoS make it a comprehensive solution for modern networking needs.
Top Page Image Contents