Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6020  Manual Mode, Phase2. As it is independent of the key created in Phase1, this

Models: TL-ER6020

1 168

Download 168 pages 1.21 Kb

Page 95

	Phase2. As it is independent of the key created in Phase1, this
	key can be secure even when the key in Phase1 is
	de-encrypted. Without PFS, the key in Phase2 is created based
	on the key in Phase1 and thus once the key in Phase1 is
	de-encrypted, the key in Phase2 is easy to be de-encrypted, in
	this case, the communication secrecy is threatened.
SA Lifetime:	Specify IPsec SA Lifetime for IKE mode.
Status:	Activate or inactivate the entry.
 Manual Mode
IPsec Proposal:	Select the IPsec Proposal. Only one proposal can be selected
	on Manual mode. You need to first create the IPsec Proposal.
Incoming SPI:	Specify the Incoming SPI (Security Parameter Index) manually.
	The Incoming SPI here must match the Outgoing SPI value at
	the other end of the tunnel, and vice versa.
AH Authentication Key-In:	Specify the inbound AH Authentication Key manually if AH
	protocol is used in the corresponding IPsec Proposal. The
	inbound key here must match the outbound AH authentication
	key at the other end of the tunnel, and vice versa.
ESP Authentication Key-In:	Specify the inbound ESP Authentication Key manually if ESP
	protocol is used in the corresponding IPsec Proposal. The
	inbound key here must match the outbound ESP authentication
	key at the other end of the tunnel, and vice versa.
ESP Encryption: Key-In:	Specify the inbound ESP Encryption Key manually if ESP
	protocol is used in the corresponding IPsec Proposal. The
	inbound key here must match the outbound ESP encryption key
	at the other end of the tunnel, and vice versa.
Outgoing SPI:	Specify the Outgoing SPI (Security Parameter Index) manually.
	The Outgoing SPI here must match the Incoming SPI value at
	the other end of the tunnel, and vice versa.

-90-

Image 95

TP-Link TL-ER6020 manual  Manual Mode, Phase2. As it is independent of the key created in Phase1, this

Contents

REV1.0.1 1910010852 TL-ER6020 Gigabit Dual-WAN VPN RouterCE Mark Warning COPYRIGHT & TRADEMARKSFCC STATEMENT Chapter 1 About this Guide CONTENTSNetwork Requirements Chapter 4 ApplicationChapter 5 CLI Hardware SpecificationsGlossary The following items should be found in your package Package Contents One TL-ER6020 Router  One Power Cord  One Console Cable  Two mounting brackets and other fittings  Installation Guide1.2 Conventions SymbolChapter 1 About this Guide 1.1 Intended ReadersProvides the possible solutions to the problems that may occur during Lists the hardware specifications of this RouterSpecifications Appendix B FAQ2.1 Overview of the Router  Powerful Data Processing Capability Powerful Firewall Chapter 2 IntroductionHardware 2.2 Features Dual-WAN Ports  Easy-to-useSecurity 2.3 Appearance2.3.1 Front Panel Traffic ControlIndication  Reset button LEDs Status Kensington Security Slot  Power Socket2.3.2 Rear Panel  Grounding Terminal3.1.1 Status Chapter 3 Configuration3.1.2 System Mode 3.1 NetworkFigure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT Mode NAT Mode 1 Static IP  Non-NAT Mode Classic Mode 3.1.3 WAN Static IP Specify the bandwidth for receiving packets on the port 2 Dynamic IPUpstream Bandwidth Downstream Dynamic IP 3 PPPoE  Dynamic IP StatusFigure 3-8 WAN - PPPoE Enter the Account Name provided by your ISP. If you are not clear  PPPoE Settingson. The connection can be re-established automatically when it 576-1492. The default MTU is 1480. It is recommended to keep theDynamic IP is selected, the obtained subnet address of WAN port is Here allows you to configure the secondary connection. Dynamic IPcorrect and your network is connected well. Consult your ISP if  PPPoE Status4 L2TP The following items are displayed on this screen  L2TP SettingsFigure 3-9 WAN - L2TP Internet connection by the Connect or Disconnect button. It Upstream Bandwidth  L2TP StatusPrimary DNS Secondary DNSThe following items are displayed on this screen  PPTP Settings5 PPTP Figure 3-10 WAN - PPTPAccount Name Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth  PPTP Status Status6 BigPond  BigPond Settings Subnet Mask  BigPond StatusStatus IP Address LAN 3.1.4 LAN3.1.4.1 LAN 3.1.4.2 DHCP DHCP Settings 3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client List of Reserved Address 3.1.5 DMZ DHCP Reservation 3.1.5.1 DMZ Tips 3.1.6 MAC Address DMZ  MAC Address Set the MAC Address for LAN portSet the MAC Address for WAN port Set the MAC Address for DMZ port3.1.7.1 Statistics 3.1.7 SwitchTips 3.1.7.2 Port Mirror Statistics Mirroring Port GeneralPort Mirror ModeApplication Example 3.1.7.3 Rate Control Rate Control 3.1.7.4 Port Config3.1.7.5 Port Status  Port ConfigTips 3.2 User Group3.1.7.6 Port VLAN  Port VLAN List of Group  Group Config3.2.1 Group 3.2.2 User List of User  User Config View Config 3.2.3 View3.3.1 NAT 3.3.1.1 NAT Setup3.3 Advanced  One-to-One NAT 3.3.1.2 One-to-One NAT NAPT  NAT-DMZ Multi-Nets NAT 3.3.1.3 Multi-Nets NAT List of Rules Application Example Network Requirements  list of RulesConfiguration procedure 3.3.1.4 Virtual Server Status  Virtual ServerInterface Protocol List of Rules 3.3.1.5 Port Triggering Port Triggering  List of Rules Status ALG 3.3.2 Traffic Control3.3.1.6 ALG  General 3.3.2.1 Setup Default Limit  Interface Bandwidth 3.3.2.2 Bandwidth Controldata flow might pass. Individual WAN port cannot be selected if  Bandwidth Control Rule List of Rules  General 3.3.3 Session Limit3.3.3.1 Session Limit  Session Limit 3.3.4.1 Configuration3.3.4 Load Balance 3.3.3.2 Session List3.3.4.2 Policy Routing  List of Rules 3.3.4.3 Link Backup General  General You can select Timing or Failover ModeStatus ： 3.3.4.4 ProtocolTiming Failover List of Protocol 3.3.5 Routing3.3.5.1 Static Route  Protocol List of Rules  Static RouteApplication Example 3.3.5.2 RIP General Choose the menu Advanced→Routing→RIP to load the following page List of RIP 3.3.5.3 Route Table3.4.1.1 IP-MAC Binding 3.4 Firewall3.4.1 Anti ARP Spoofing Status  IP-MAC Binding General IP Address3.4.1.2 ARP Scanning 3.4.1.3 ARP List 3.4.2 Attack Defense General Figure 3-49 Attack DefenseThe following items are displayed on this screen Packet Anomaly 3.4.3 MAC Filtering MAC Filtering Enable Attack List of Rules 3.4.4 Access Control3.4.4.1 URL Filtering  URL Filtering RuleApplication Example Network Requirements Configuration ProcedureSelect the mode for URL Filtering. “Keyword’’ indicates that all the  List of Rules3.4.4.2 Web Filtering 3.4.4.3 Access Rules Access Rules Select the Source IP Range for the entries, including the following group on3.2.1 GroupSelect the service for the entry. Only the service belonging to the other service types can still pass through the Router. You can add List of Rules 3.4.4.4 ServicePriority  List of Service  Service General 3.4.5 App Control3.4.5.1 Control Rules  Control Rules List of Rules 3.4.5.2 Database3.5.1 IKE 3.5 VPN IKE Policy 3.5.1.1 IKE PolicySA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation  IKE Proposal 3.5.1.2 IKE Proposal List of IKE Policy  List of IKE Proposal 3.5.2 IPsecPolicy Name 3.5.2.1 IPsec Policy IPsec Policy  GeneralGateway of the remote peer should be set to the IP address of  IKE Modepolicy on VPN→IKE→IKE Policy page which PCs on the remote network are covered by this policy. Itsde-encrypted, the key in Phase2 is easy to be de-encrypted, in  Manual ModePhase2. As it is independent of the key created in Phase1, this de-encrypted. Without PFS, the key in Phase2 is created basedTips 3.5.2.2 IPsec Proposal List of IPsec Policy IPsec  IPsec Proposal  List of IPsec Proposal 3.5.2.3 IPsec SAProtocol Authentication3.5.3 L2TP/PPTP 3.5.3.1 L2TP/PPTP TunnelMode  L2TP/PPTP Tunnel General ProtocolSelect the IP Pool Name to specify the address range for the servers Enter the account name of L2TP/PPTP tunnel. It should be configured List of IP Pool  List of Configurations3.5.3.2 IP Address Pool  IP Address Pool3.6.1.1 General 3.6 Services3.6.1 PPPoE Server 3.5.3.3 List of L2TP/PPTP Tunnel General Figure 3-66 General The following items are displayed on this screen3.6.1.2 IP Address Pool  List of IP Pool 3.6.1.3 Account IP Address Pool  Account  List of Account is 48. If Enable Advanced Account Features is not selected, the3.6.1.4 Exceptional IP  List of Account 3.6.2 E-Bulletin3.6.1.5 List of Account  Exceptional IPTitle  E-Bulletin General IntervalTips 3.6.3 Dynamic DNS List of E-Bulletin  Dyndns DDNS 3.6.3.1 DynDNS No-IP DDNS 3.6.3.2 No-IP List of DynDNS Account  List of No-IP Account 3.6.3.3 PeanutHull PeanutHull DDNS  Comexe DDNS 3.6.3.4 Comexe List of PeanutHull Account  List of Comexe Account 3.6.4 UPnP Administrator 3.7 Maintenance3.7.1 Admin Setup 3.7.1.1 Administrator General 3.7.1.2 Login ParameterRe-enter the new password for confirmation  List of Subnet 3.7.1.3 Remote Management Remote Management Configuration Procedure 3.7.2.1 Factory Defaults3.7.2 Management 3.7.2.2 Export and Import Import 3.7.2.3 Reboot Configuration Version  Export3.7.3 License 3.7.2.4 Firmware Upgrade Interface Traffic Statistics 3.7.4 Statistics3.7.4.1 Interface Traffic Statistics  Advanced WAN Information 3.7.4.2 IP Traffic Statistics IP Traffic Statistics 3.7.5 Diagnostics3.7.5.1 Diagnostics  Traffic Statistics Tracert  Ping General 3.7.5.2 Online Detection List of WAN status Displays whether the Online Detection is enabled Current Time  Config3.7.6 Time  Config 3.7.7 Logs List of Logs Severity LevelError conditions Description4.1 Network Requirements Chapter 4 ApplicationTips 4.2 Network Topology 4.3 Configurations4.3.1 Internet Setting 4.3.1.2 Internet Connection 4.3.1.1 System Mode4.3.1.3 Link Backup 4.3.2.1 IPsec VPN 4.3.2 VPN Setting1 IKE Setting SettingsSettings  IKE PolicyAuthenticationMD5 Encryption3DES Tips 2 IPsec Setting IPsec Proposal SettingsproposalIPsec1 you just created  IPsec PolicySettings Tips 4.3.2.2 PPTP VPN Setting IP Address Pool L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  L2TP/PPTP TunnelSettings  User 4.3.3 Network Management4.3.3.1 User Group  GroupSettings 4.3.3.2 App Control View Settings4.3.3.3 Bandwidth Control 1 Enable Bandwidth ControlKeep the default value 2 Interface Bandwidth3 Bandwidth Control Rule SettingsSettings 4.3.4 Network Security4.3.3.4 Session Limit 2 Set IP-MAC Binding Entry Manually 4.3.4.1 LAN ARP Defense1 Scan and import the entries to ARP List 00-11-22-33-44-aa 4.3.4.2 WAN ARP Defense3 Set Attack Defense Settings1 Port Mirror 4.3.4.3 Attack Defense4.3.4.4 Traffic Monitoring 2 Statistics Figure 4-23 IP Traffic Statistics Chapter 5 CLI 5.1 ConfigurationFigure 5-3 Select the port to connect Figure 5-2 Connection DescriptionFigure 5-5 Connection Properties Settings 148 Figure 5-4 Port Settings5.2 Interface Mode admin Accessing PathLogout or Access the next mode enableIP configuration enableEnter the privileged mode Show command historyTP-LINK # ip-mac set mode restrict 5.4 Command IntroductionTP-LINK ip-mac get mode Ip-mac Bind Mode normalTP-LINK # sys export config TP-LINK # sys reboot This command will reboot system, Continue?Y/NTP-LINK # sys restore This command will restore system, Continue?Y/NTP-LINK sys show CPU Used Rate 1% TP-LINK # sys update Password admin File name config.binTry to get the configuration file config.bin Get configuration file config bin succeed, file size is 7104 bytesTP-LINK # user get Username admin Password admin TP-LINK user get Username admin Password adminTP-LINK user set password Enter old password Enter new password Confirm new password1. history 2. sys show 3. history View the history command5.4.6 exit TP-LINK historyPorts Appendix A Hardware SpecificationsPower StandardsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled data authentication, and anti-replay services. ESP encapsulates Appendix C GlossaryGlossary AH（Authentication Header）Description for services such as IPSec that require keys. Before any IPSecGlossary Description Glossaryenterprise GlossaryDescription Telnet is used for remote terminal connection, enabling users to