Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6020 manual IPsec,  List of IKE Proposal

Models: TL-ER6020

1 168

Download 168 pages 1.21 Kb

Page 92

Encryption: Specify the encryption algorithm for IKE negotiation. Options include:

DES: DES (Data Encryption Standard) encrypts a 64-bit block of plain text with a 56-bit key.

3DES: Triple DES, encrypts a plain text with 168-bit key.

AES128: Uses the AES algorithm and 128-bit key for encryption.

AES192: Uses the AES algorithm and 192-bit key for encryption.

AES256: Uses the AES algorithm and 256-bit key for encryption.

DH Group: Select the DH (Diffie-Hellman) group to be used in key negotiation phase 1. The DH Group sets the strength of the algorithm in bits. Options include DH1, DH2 and DH5.

DH1: 768 bits

DH2: 1024 bits

DH3: 1536 bits

List of IKE Proposal

In this table, you can view the information of IKE Proposals and edit them by the action buttons.

3.5.2 IPsec

IPsec (IP Security) is a set of services and protocols defined by IETF (Internet Engineering Task Force) to provide high security for IP packets and prevent attacks.

To ensure a secured communication, the two IPsec peers use IPsec protocol to negotiate the data encryption algorithm and the security protocols for checking the integrity of the transmission data, and exchange the key to data de-encryption.

IPsec has two important security protocols, AH (Authentication Header) and ESP (Encapsulating Security Payload). AH is used to guarantee the data integrity. If the packet has been tampered during transmission, the receiver will drop this packet when validating the data integrity. ESP is used to check the data integrity and encrypt the packets. Even if the encrypted packet is intercepted, the third party still cannot get the actual information.

-87-

Image 92

TP-Link TL-ER6020 manual IPsec,  List of IKE Proposal

Contents

TL-ER6020 Gigabit Dual-WAN VPN Router REV1.0.1 1910010852CE Mark Warning COPYRIGHT & TRADEMARKSFCC STATEMENT CONTENTS Chapter 1 About this GuideChapter 4 Application Network RequirementsChapter 5 CLI Hardware SpecificationsGlossary Package Contents  One TL-ER6020 Router  One Power Cord  One Console Cable Two mounting brackets and other fittings  Installation Guide The following items should be found in your packageSymbol Chapter 1 About this Guide1.1 Intended Readers 1.2 ConventionsLists the hardware specifications of this Router SpecificationsAppendix B FAQ Provides the possible solutions to the problems that may occur during Powerful Data Processing Capability  Powerful FirewallChapter 2 Introduction 2.1 Overview of the Router2.2 Features  Dual-WAN Ports Easy-to-use Hardware2.3 Appearance 2.3.1 Front PanelTraffic Control Security Reset button  LEDsStatus Indication Power Socket 2.3.2 Rear Panel Grounding Terminal  Kensington Security SlotChapter 3 Configuration 3.1.2 System Mode3.1 Network 3.1.1 StatusFigure 3-2 Network Topology - NAT Mode Figure 3-3 Network Topology - Non-NAT Mode NAT Mode  Non-NAT Mode  Classic Mode3.1.3 WAN 1 Static IP Static IP 2 Dynamic IP Upstream BandwidthDownstream Specify the bandwidth for receiving packets on the port Dynamic IP  Dynamic IP Status 3 PPPoEFigure 3-8 WAN - PPPoE  PPPoE Settings on. The connection can be re-established automatically when it576-1492. The default MTU is 1480. It is recommended to keep the Enter the Account Name provided by your ISP. If you are not clearHere allows you to configure the secondary connection. Dynamic IP Dynamic IP is selected, the obtained subnet address of WAN port iscorrect and your network is connected well. Consult your ISP if  PPPoE Status4 L2TP The following items are displayed on this screen  L2TP SettingsFigure 3-9 WAN - L2TP Internet connection by the Connect or Disconnect button. It  L2TP Status Primary DNSSecondary DNS Upstream Bandwidth PPTP Settings 5 PPTPFigure 3-10 WAN - PPTP The following items are displayed on this screenAccount Name Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth  PPTP Status Status6 BigPond  BigPond Settings  BigPond Status StatusIP Address Subnet Mask3.1.4 LAN 3.1.4.1 LAN3.1.4.2 DHCP  LAN DHCP Settings 3.1.4.3 DHCP Client 3.1.4.4 DHCP Reservation List of Reserved Address 3.1.5 DMZ DHCP Reservation 3.1.5.1 DMZ Tips 3.1.6 MAC Address DMZ Set the MAC Address for LAN port Set the MAC Address for WAN portSet the MAC Address for DMZ port  MAC Address3.1.7 Switch 3.1.7.1 StatisticsTips 3.1.7.2 Port Mirror Statistics General Port MirrorMode Mirroring Port3.1.7.3 Rate Control Application Example3.1.7.4 Port Config  Rate Control Port Config 3.1.7.5 Port Status3.2 User Group 3.1.7.6 Port VLAN Port VLAN Tips Group Config 3.2.1 Group3.2.2 User  List of Group User Config  View Config3.2.3 View  List of User3.3.1 NAT 3.3.1.1 NAT Setup3.3 Advanced 3.3.1.2 One-to-One NAT  NAPT NAT-DMZ  One-to-One NAT Multi-Nets NAT 3.3.1.3 Multi-Nets NAT List of Rules  list of Rules Application Example Network RequirementsConfiguration procedure 3.3.1.4 Virtual Server  Virtual Server InterfaceProtocol Status List of Rules 3.3.1.5 Port Triggering Port Triggering Status  List of Rules ALG 3.3.2 Traffic Control3.3.1.6 ALG  General 3.3.2.1 Setup Default Limit 3.3.2.2 Bandwidth Control  Interface Bandwidthdata flow might pass. Individual WAN port cannot be selected if  Bandwidth Control Rule List of Rules  General 3.3.3 Session Limit3.3.3.1 Session Limit 3.3.4.1 Configuration 3.3.4 Load Balance3.3.3.2 Session List  Session Limit3.3.4.2 Policy Routing  List of Rules 3.3.4.3 Link Backup General You can select Timing or Failover Mode  General3.3.4.4 Protocol TimingFailover Status ：3.3.5 Routing 3.3.5.1 Static Route Protocol  List of Protocol Static Route  List of Rules3.3.5.2 RIP Application ExampleChoose the menu Advanced→Routing→RIP to load the following page  General3.3.5.3 Route Table  List of RIP3.4.1.1 IP-MAC Binding 3.4 Firewall3.4.1 Anti ARP Spoofing  IP-MAC Binding  GeneralIP Address Status3.4.1.2 ARP Scanning 3.4.2 Attack Defense 3.4.1.3 ARP List General Figure 3-49 Attack DefenseThe following items are displayed on this screen 3.4.3 MAC Filtering  MAC FilteringEnable Attack Packet Anomaly3.4.4 Access Control 3.4.4.1 URL Filtering URL Filtering Rule  List of RulesConfiguration Procedure Select the mode for URL Filtering. “Keyword’’ indicates that all the List of Rules Application Example Network Requirements3.4.4.2 Web Filtering 3.4.4.3 Access Rules Access Rules group on3.2.1 Group Select the service for the entry. Only the service belonging to theother service types can still pass through the Router. You can add Select the Source IP Range for the entries, including the following List of Rules 3.4.4.4 ServicePriority  Service  List of Service3.4.5 App Control 3.4.5.1 Control Rules Control Rules  General3.4.5.2 Database  List of Rules3.5 VPN 3.5.1 IKE3.5.1.1 IKE Policy  IKE PolicySA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation  IKE Proposal 3.5.1.2 IKE Proposal List of IKE Policy 3.5.2 IPsec  List of IKE Proposal3.5.2.1 IPsec Policy  IPsec Policy General Policy Name IKE Mode policy on VPN→IKE→IKE Policy pagewhich PCs on the remote network are covered by this policy. Its Gateway of the remote peer should be set to the IP address of Manual Mode Phase2. As it is independent of the key created in Phase1, thisde-encrypted. Without PFS, the key in Phase2 is created based de-encrypted, the key in Phase2 is easy to be de-encrypted, inTips 3.5.2.2 IPsec Proposal List of IPsec Policy IPsec  IPsec Proposal 3.5.2.3 IPsec SA  List of IPsec ProposalAuthentication 3.5.3 L2TP/PPTP3.5.3.1 L2TP/PPTP Tunnel Protocol L2TP/PPTP Tunnel  GeneralProtocol ModeEnter the account name of L2TP/PPTP tunnel. It should be configured Select the IP Pool Name to specify the address range for the servers List of Configurations 3.5.3.2 IP Address Pool IP Address Pool  List of IP Pool3.6 Services 3.6.1 PPPoE Server3.5.3.3 List of L2TP/PPTP Tunnel 3.6.1.1 GeneralFigure 3-66 General The following items are displayed on this screen  General3.6.1.2 IP Address Pool  List of IP Pool 3.6.1.3 Account IP Address Pool  Account  List of Account is 48. If Enable Advanced Account Features is not selected, the3.6.1.4 Exceptional IP 3.6.2 E-Bulletin 3.6.1.5 List of Account Exceptional IP  List of Account E-Bulletin  GeneralInterval TitleTips 3.6.3 Dynamic DNS List of E-Bulletin 3.6.3.1 DynDNS  Dyndns DDNS No-IP DDNS 3.6.3.2 No-IP List of DynDNS Account 3.6.3.3 PeanutHull  List of No-IP Account PeanutHull DDNS  Comexe DDNS 3.6.3.4 Comexe List of PeanutHull Account 3.6.4 UPnP  List of Comexe Account3.7 Maintenance 3.7.1 Admin Setup3.7.1.1 Administrator  Administrator General 3.7.1.2 Login ParameterRe-enter the new password for confirmation  List of Subnet 3.7.1.3 Remote Management Remote Management 3.7.2.1 Factory Defaults 3.7.2 Management3.7.2.2 Export and Import Configuration Procedure3.7.2.3 Reboot  Configuration Version Export  Import3.7.2.4 Firmware Upgrade 3.7.3 License Interface Traffic Statistics 3.7.4 Statistics3.7.4.1 Interface Traffic Statistics 3.7.4.2 IP Traffic Statistics  Advanced WAN Information3.7.5 Diagnostics 3.7.5.1 Diagnostics Traffic Statistics  IP Traffic Statistics Ping  Tracert3.7.5.2 Online Detection  List of WAN statusDisplays whether the Online Detection is enabled  General Current Time  Config3.7.6 Time  Config 3.7.7 Logs List of Logs Level Error conditionsDescription SeverityChapter 4 Application 4.1 Network RequirementsTips 4.2 Network Topology 4.3 Configurations4.3.1 Internet Setting 4.3.1.2 Internet Connection 4.3.1.1 System Mode4.3.1.3 Link Backup 4.3.2 VPN Setting 1 IKE SettingSettings 4.3.2.1 IPsec VPNSettings  IKE PolicyAuthenticationMD5 Encryption3DES 2 IPsec Setting  IPsec ProposalSettings TipsproposalIPsec1 you just created  IPsec PolicySettings Tips 4.3.2.2 PPTP VPN Setting IP Address Pool L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  L2TP/PPTP TunnelSettings 4.3.3 Network Management 4.3.3.1 User Group Group  User4.3.3.2 App Control  ViewSettings Settings1 Enable Bandwidth Control 4.3.3.3 Bandwidth Control2 Interface Bandwidth 3 Bandwidth Control RuleSettings Keep the default valueSettings 4.3.4 Network Security4.3.3.4 Session Limit 2 Set IP-MAC Binding Entry Manually 4.3.4.1 LAN ARP Defense1 Scan and import the entries to ARP List 4.3.4.2 WAN ARP Defense 3 Set Attack DefenseSettings 00-11-22-33-44-aa1 Port Mirror 4.3.4.3 Attack Defense4.3.4.4 Traffic Monitoring 2 Statistics Figure 4-23 IP Traffic Statistics 5.1 Configuration Chapter 5 CLIFigure 5-2 Connection Description Figure 5-3 Select the port to connectFigure 5-4 Port Settings Figure 5-5 Connection Properties Settings 1485.2 Interface Mode Accessing Path Logout or Access the next modeenable adminenable Enter the privileged modeShow command history IP configuration5.4 Command Introduction TP-LINK ip-mac get modeIp-mac Bind Mode normal TP-LINK # ip-mac set mode restrictTP-LINK # sys reboot This command will reboot system, Continue?Y/N TP-LINK # sys restoreThis command will restore system, Continue?Y/N TP-LINK # sys export configPassword admin File name config.bin Try to get the configuration file config.binGet configuration file config bin succeed, file size is 7104 bytes TP-LINK sys show CPU Used Rate 1% TP-LINK # sys updateTP-LINK user get Username admin Password admin TP-LINK user set password Enter old passwordEnter new password Confirm new password TP-LINK # user get Username admin Password adminView the history command 5.4.6 exitTP-LINK history 1. history 2. sys show 3. historyAppendix A Hardware Specifications PowerStandards PortsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled Appendix C Glossary GlossaryAH（Authentication Header） data authentication, and anti-replay services. ESP encapsulatesDescription for services such as IPSec that require keys. Before any IPSecGlossary Glossary DescriptionGlossary DescriptionTelnet is used for remote terminal connection, enabling users to enterprise