TP-Link TL-ER604W manual Remote Subnet, Remote Gateway, Policy Mode, IKE Policy, IPsec Proposal

Page 101

Remote Subnet:

Specify IP address range on your remote network to identify

 

which PCs on the remote network are covered by this policy. It's

 

formed by IP address and subnet mask.

WAN:

Specify the local WAN port for this Policy. The "Remote

 

Gateway" of the remote peer should be set to the IP address of

 

this WAN port.

Remote Gateway:

Enter the Remote Gateway. It can be IP address or Domain

 

name.

Policy Mode:

Select the negotiation mode for the policy.

 

IKE: The parameters for the VPN tunnel are generated

 

automatically via IKE negotiations.

 

Manual: All settings (including the keys) for the VPN tunnel

 

are manually inputted and no key negotiation is needed.

IKE Mode

 

IKE Policy:

It is available when IKE is selected as the negotiation mode.

 

Specify the IKE policy. If there is no policy selection, add new

 

policy on VPN→IKE→IKE Policy page.

IPsec Proposal:

Select IPsec Proposal on IKE mode. Up to four IPsec Proposals

 

can be selected on IKE mode.

PFS:

Select the PFS (Perfect Forward Security) for IKE mode to

 

enhance security. This setting should match the remote peer.

 

With PFS feature, IKE negotiates to create a new key in

 

Phase2. As it is independent of the key created in Phase1, this

 

key can be secure even when the key in Phase1 is

 

de-encrypted. Without PFS, the key in Phase2 is created based

 

on the key in Phase1 and thus once the key in Phase1 is

 

de-encrypted, the key in Phase2 is easy to be de-encrypted, in

 

this case, the communication secrecy is threatened.

SA Lifetime:

Specify IPsec SA Lifetime for IKE mode.

-96-

Page 100 Page 102
Image 101
Page 100 Page 102
Contents TL-ER604W Copyright & Trademarks FCC Statement Contents III Application 130 Hardware Specifications 148149 Glossary 151Package Contents Intended Readers Symbol DescriptionConventions Overview of this GuideOverview of the Router Features Security WirelessTraffic Control Front Panel Appearance LEDs Status IndicationRear Panel Status System ModeNetwork Page  NAT Mode WAN Mode Non-NAT Mode  Classic Mode3.2 WAN1  WAN ModeTips Static IP Static IP WAN Static IP Following items are displayed on this screen Dynamic IP Dynamic IPConnection Type Host NameUnicast Get IP Address byUse the following DNS ServerWAN PPPoE PPPoEActive Mode PasswordSettings Keep Alive Account NameISP Address Service NameSecondary Connection Subnet AddressL2TP Gateway Address10 WAN L2TP Following items are displayed on this screen  L2TP SettingsConnection Default GatewaySecondary Pptp  L2TP StatusServer IP  Pptp SettingsInternet connection by the Connect or Disconnect BigPond  Pptp Status12 WAN Bigpond Following items are displayed on this screen  BigPond SettingsISP  BigPond StatusDhcp 4 LAN4.1 LAN  Dhcp Settings  Dhcp Reservation Dhcp ClientDhcp Reservation  List of Reserved Address MAC AddressSet the MAC Address for LAN port Set the MAC Address for WAN portStatistics Switch MAC Address Port Statistics Port MirrorMode Enable Port MirrorMirroring Port Mirrored Port Rate Control Rate ControlApplication Example  Port Config Port Config Port Vlan Port StatusPort Vlan Wireless Setting WirelessWireless Setting  Wireless Setting Wireless Parameter Ssid Broadcast DescriptionAP Isolation SecurityWPA/WPA2 WEP Hexadecimal and Ascii formats are Multi-SSIDKey Format  General  Multi-SSID ConfigGuest Network Enable/DisableGroup Key EncryptionAuth Type  List of Group 1.3 WDS Parameter ScanBSSIDto be bridged Key Type Wireless Advanced Wireless AdvancedKey : Short GIMAC Filtering  Rule List Host Status Filtering Rules  Host Status User GroupGroup User  Group Config User Config View  View Config List of User View1 NAT NAT SetupAdvanced  One-to-One NAT One-to-One NAT Multi-Nets NAT Multi-Nets NAT List of Rules Application Example Network Requirements Configuration procedureVirtual Server Protocol  Virtual ServerInterface  Port Triggering Port Triggering38 ALG Following items are displayed on this screen 1.6 ALGTraffic Control Setup323 ALG IPsec ALGControl all the time ControlLimited UpstreamBandwidth Control Limited Bandwidth Session LimitSession Limit  List of Session Limit Session ListPolicy Routing ConfigurationLoad Balance WAN 45 Link Backup Following items are displayed on this screen Link BackupProtocol WAN ConfigTiming FailoverStatic Route Routing Protocol  List of Protocol Static Route 47 Static Route Following items are displayed on this screen5.2 RIP  List of RIP 48 RIP Following items are displayed on this screenRoute Table IP-MAC Binding FirewallAnti ARP Spoofing  IP-MAC Binding ARP ScanningARP List Attack Defense Flood Defense Enable AttackPacket Anomaly DefenseMAC Filtering Access ControlURL Filtering  MAC FilteringObject  URL Filtering RuleWeb Filtering Access RulesService  Access RulesPolicy SourceGroup on 3.3.1 Group ServiceDestination Priority List of Service  ServiceName Dest. PortControl Rules App Control Control Rules ApplicationDatabase VPNIKE Policy 1 IKE IKE Policy 62 IKE Policy Following items are displayed on this screenIKE Proposal  IKE Proposal 63 IKE Proposal Following items are displayed on this screen List of IKE Proposal IPsecIPsec Policy Local Subnet  IPsec PolicyPolicy Name Remote Subnet Policy ModeRemote Gateway IKE PolicyESP Authentication Key-In AH Authentication Key-InAH Authentication Key-Out ESP Authentication Key-Out IPsec Proposal IPsec Proposal List of IPsec Policy IPsec  List of IPsec Proposal IPsec SA Protocol Media Tunnel Length of Header Authentication3 L2TP/PPTP  L2TP/PPTP Tunnel 3.1 L2TP/PPTP TunnelMax Connections TunnelL2TP/PPTP Server Pre-shard KeyIP Address Pool  List of ConfigurationsList of L2TP/PPTP Tunnel  IP Address PoolGeneral ServicesPPPoE Server 70 General Following items are displayed on this screen IP Address Pool  Account AccountIP Address Assigned Static IP Address List of Account Is 48. If Enable Advanced Account Features is not selected,Exceptional IP  Exceptional IP BulletinList of Account Title Interval E-Bulletin  List of E-Bulletin Dynamic DNSPublisher  Dyndns Ddns DynDNS No-IP Ddns No-IP List of DynDNS Account  PeanutHull Ddns PeanutHull List of No-IP Account  List of PeanutHull Account Comexe List of Comexe Account UPnP Comexe Ddns Admin Setup MaintenanceAdministrator  List of UPnP Mapping Administrator Login Parameter Remote Management Remote Management List of Subnet Factory DefaultsManagement  Configuration Version RebootExport and Import  ExportLicense Firmware UpgradeInterface Traffic Statistics Statistics Interface Traffic Statistics 123 Advanced WAN Information IP Traffic StatisticsDiagnostics Diagnostics Traffic Statistics  IP Traffic Statistics Tracert Online Detection Ping Ping TimeDNS Lookup Port Displays the detected WAN port DetectionLogs  List of Logs  ConfigSeverity Send System LogsNetwork Requirements ApplicationSystem Mode Network Topology ConfigurationsInternet Setting Internet Connection System ModeIKE Setting VPN SettingSettings IPsec VPNIKE1  IKE Policy IPsec Proposal IPsec SettingPFS DH1  IPsec Policy IP Address Pool Pptp VPN Setting L2TP/PPTP Tunnel User Group Network Management Group  User View App Control11 App Rules Enable Bandwidth ControlLAN WAN1 Bandwidth Control RuleScan and import the entries to ARP List Network SecurityLAN ARP Defense Set Attack Defense WAN ARP DefenseSet IP-MAC Binding Entry Manually 20 Attack Defense 145 Attack DefenseStatistics Traffic MonitoringPage Environmental and Physical Appendix a Hardware SpecificationsAppendix B FAQ Page Glossary Description Appendix C GlossaryAllows dissimilar communication devices to communicate Port or device that connects to a LAN. Other devices Enterprise
Related manuals
Manual 4 pages 13.1 Kb
Top Page Image Contents