Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6020 manual IPsec SA,  List of IPsec Proposal

Models: TL-ER6020

1 168

Download 168 pages 1.21 Kb

Page 98

List of IPsec Proposal

ESP Authentication: Select the algorithm used to verify the integrity of the data for ESP authentication. Options include:

MD5: MD5 (Message Digest Algorithm) takes a message of arbitrary length and generates a 128-bit message digest.

SHA: SHA (Secure Hash Algorithm) takes a message less than the 64th power of 2 in bits and generates a 160-bit message digest.

ESP Encryption: Select the algorithm used to encrypt the data for ESP encryption. Options include:

NONE: Performs no encryption.

DES: DES (Data Encryption Standard) encrypts a 64-bit block of plain text with a 56-bit key. The key should be 8 characters.

3DES: Triple DES, encrypts a plain text with 168-bit key. The key should be 24 characters.

AES128: Uses the AES algorithm and 128-bit key for encryption. The key should be 16 characters.

List of IPsec Proposal

In this table, you can view the information of IPsec Proposals and edit them by the action buttons.

3.5.2.3IPsec SA

This page displays the information of the IPsec SA (Security Association).

Choose the menu VPN→IPsec→IPsec SA to load the following page.

Figure 3-62 IPsec SA

Figure 3-62displays the connection status of the NO.1 entry in the List of IPsec policy in Figure 3-60.As shown in the figure, the Router is using WAN2 for tunnel connection, and the IP address of WAN2 and the default gateway of remote peer are 172.30.70.151 and 172.30.70.161 respectively. Security protocol and other parameters for IPsec tunnel and the remote router should be configured the same.

As Security Association is unidirectional, an ingoing SA and an outgoing SA are created to protect data flows for each tunnel after IPsec tunnel is successfully established. The ingoing SPI value and

-93-

Image 98

TP-Link TL-ER6020 manual IPsec SA,  List of IPsec Proposal

Contents

TL-ER6020 Gigabit Dual-WAN VPN Router REV1.0.1 1910010852CE Mark Warning COPYRIGHT & TRADEMARKSFCC STATEMENT CONTENTS Chapter 1 About this GuideChapter 4 Application Network RequirementsChapter 5 CLI Hardware SpecificationsGlossary  Two mounting brackets and other fittings  Installation Guide Package Contents One TL-ER6020 Router  One Power Cord  One Console Cable The following items should be found in your package1.1 Intended Readers SymbolChapter 1 About this Guide 1.2 ConventionsAppendix B FAQ Lists the hardware specifications of this RouterSpecifications Provides the possible solutions to the problems that may occur duringChapter 2 Introduction  Powerful Data Processing Capability Powerful Firewall 2.1 Overview of the Router Easy-to-use 2.2 Features Dual-WAN Ports HardwareTraffic Control 2.3 Appearance2.3.1 Front Panel SecurityStatus  Reset button LEDs Indication Grounding Terminal  Power Socket2.3.2 Rear Panel  Kensington Security Slot3.1 Network Chapter 3 Configuration3.1.2 System Mode 3.1.1 StatusFigure 3-2 Network Topology - NAT Mode Figure 3-3 Network Topology - Non-NAT Mode NAT Mode 3.1.3 WAN  Non-NAT Mode Classic Mode 1 Static IP Static IP Downstream 2 Dynamic IPUpstream Bandwidth Specify the bandwidth for receiving packets on the port Dynamic IP  Dynamic IP Status 3 PPPoEFigure 3-8 WAN - PPPoE 576-1492. The default MTU is 1480. It is recommended to keep the  PPPoE Settingson. The connection can be re-established automatically when it Enter the Account Name provided by your ISP. If you are not clearHere allows you to configure the secondary connection. Dynamic IP Dynamic IP is selected, the obtained subnet address of WAN port iscorrect and your network is connected well. Consult your ISP if  PPPoE Status4 L2TP The following items are displayed on this screen  L2TP SettingsFigure 3-9 WAN - L2TP Internet connection by the Connect or Disconnect button. It Secondary DNS  L2TP StatusPrimary DNS Upstream BandwidthFigure 3-10 WAN - PPTP  PPTP Settings5 PPTP The following items are displayed on this screenAccount Name Primary DNS Secondary DNS Upstream Bandwidth Downstream Bandwidth  PPTP Status Status6 BigPond  BigPond Settings IP Address  BigPond StatusStatus Subnet Mask3.1.4.2 DHCP 3.1.4 LAN3.1.4.1 LAN  LAN DHCP Settings 3.1.4.3 DHCP Client 3.1.4.4 DHCP Reservation List of Reserved Address 3.1.5 DMZ DHCP Reservation 3.1.5.1 DMZ Tips 3.1.6 MAC Address DMZ Set the MAC Address for DMZ port Set the MAC Address for LAN portSet the MAC Address for WAN port  MAC Address3.1.7 Switch 3.1.7.1 StatisticsTips 3.1.7.2 Port Mirror Statistics Mode GeneralPort Mirror Mirroring Port3.1.7.3 Rate Control Application Example3.1.7.4 Port Config  Rate Control Port Config 3.1.7.5 Port Status Port VLAN 3.2 User Group3.1.7.6 Port VLAN Tips3.2.2 User  Group Config3.2.1 Group  List of Group3.2.3 View  User Config View Config  List of User3.3.1 NAT 3.3.1.1 NAT Setup3.3 Advanced  NAT-DMZ 3.3.1.2 One-to-One NAT NAPT  One-to-One NAT Multi-Nets NAT 3.3.1.3 Multi-Nets NAT List of Rules  list of Rules Application Example Network RequirementsConfiguration procedure 3.3.1.4 Virtual Server Protocol  Virtual ServerInterface Status List of Rules 3.3.1.5 Port Triggering Port Triggering Status  List of Rules ALG 3.3.2 Traffic Control3.3.1.6 ALG  General 3.3.2.1 Setup Default Limit 3.3.2.2 Bandwidth Control  Interface Bandwidthdata flow might pass. Individual WAN port cannot be selected if  Bandwidth Control Rule List of Rules  General 3.3.3 Session Limit3.3.3.1 Session Limit 3.3.3.2 Session List 3.3.4.1 Configuration3.3.4 Load Balance  Session Limit3.3.4.2 Policy Routing  List of Rules 3.3.4.3 Link Backup General You can select Timing or Failover Mode  GeneralFailover 3.3.4.4 ProtocolTiming Status ： Protocol 3.3.5 Routing3.3.5.1 Static Route  List of Protocol Static Route  List of Rules3.3.5.2 RIP Application ExampleChoose the menu Advanced→Routing→RIP to load the following page  General3.3.5.3 Route Table  List of RIP3.4.1.1 IP-MAC Binding 3.4 Firewall3.4.1 Anti ARP Spoofing IP Address  IP-MAC Binding General Status3.4.1.2 ARP Scanning 3.4.2 Attack Defense 3.4.1.3 ARP List General Figure 3-49 Attack DefenseThe following items are displayed on this screen Enable Attack 3.4.3 MAC Filtering MAC Filtering Packet Anomaly URL Filtering Rule 3.4.4 Access Control3.4.4.1 URL Filtering  List of Rules List of Rules Configuration ProcedureSelect the mode for URL Filtering. “Keyword’’ indicates that all the Application Example Network Requirements3.4.4.2 Web Filtering 3.4.4.3 Access Rules Access Rules other service types can still pass through the Router. You can add group on3.2.1 GroupSelect the service for the entry. Only the service belonging to the Select the Source IP Range for the entries, including the following List of Rules 3.4.4.4 ServicePriority  Service  List of Service Control Rules 3.4.5 App Control3.4.5.1 Control Rules  General3.4.5.2 Database  List of Rules3.5 VPN 3.5.1 IKE3.5.1.1 IKE Policy  IKE PolicySA Lifetime Specify ISAKMP SA Lifetime in IKE negotiation  IKE Proposal 3.5.1.2 IKE Proposal List of IKE Policy 3.5.2 IPsec  List of IKE Proposal General 3.5.2.1 IPsec Policy IPsec Policy Policy Namewhich PCs on the remote network are covered by this policy. Its  IKE Modepolicy on VPN→IKE→IKE Policy page Gateway of the remote peer should be set to the IP address ofde-encrypted. Without PFS, the key in Phase2 is created based  Manual ModePhase2. As it is independent of the key created in Phase1, this de-encrypted, the key in Phase2 is easy to be de-encrypted, inTips 3.5.2.2 IPsec Proposal List of IPsec Policy IPsec  IPsec Proposal 3.5.2.3 IPsec SA  List of IPsec Proposal3.5.3.1 L2TP/PPTP Tunnel Authentication3.5.3 L2TP/PPTP ProtocolProtocol  L2TP/PPTP Tunnel General ModeEnter the account name of L2TP/PPTP tunnel. It should be configured Select the IP Pool Name to specify the address range for the servers IP Address Pool  List of Configurations3.5.3.2 IP Address Pool  List of IP Pool3.5.3.3 List of L2TP/PPTP Tunnel 3.6 Services3.6.1 PPPoE Server 3.6.1.1 GeneralFigure 3-66 General The following items are displayed on this screen  General3.6.1.2 IP Address Pool  List of IP Pool 3.6.1.3 Account IP Address Pool  Account  List of Account is 48. If Enable Advanced Account Features is not selected, the3.6.1.4 Exceptional IP  Exceptional IP 3.6.2 E-Bulletin3.6.1.5 List of Account  List of AccountInterval  E-Bulletin General TitleTips 3.6.3 Dynamic DNS List of E-Bulletin 3.6.3.1 DynDNS  Dyndns DDNS No-IP DDNS 3.6.3.2 No-IP List of DynDNS Account 3.6.3.3 PeanutHull  List of No-IP Account PeanutHull DDNS  Comexe DDNS 3.6.3.4 Comexe List of PeanutHull Account 3.6.4 UPnP  List of Comexe Account3.7.1.1 Administrator 3.7 Maintenance3.7.1 Admin Setup  Administrator General 3.7.1.2 Login ParameterRe-enter the new password for confirmation  List of Subnet 3.7.1.3 Remote Management Remote Management 3.7.2.2 Export and Import 3.7.2.1 Factory Defaults3.7.2 Management Configuration Procedure Export 3.7.2.3 Reboot Configuration Version  Import3.7.2.4 Firmware Upgrade 3.7.3 License Interface Traffic Statistics 3.7.4 Statistics3.7.4.1 Interface Traffic Statistics 3.7.4.2 IP Traffic Statistics  Advanced WAN Information Traffic Statistics 3.7.5 Diagnostics3.7.5.1 Diagnostics  IP Traffic Statistics Ping  TracertDisplays whether the Online Detection is enabled 3.7.5.2 Online Detection List of WAN status  General Current Time  Config3.7.6 Time  Config 3.7.7 Logs List of Logs Description LevelError conditions SeverityChapter 4 Application 4.1 Network RequirementsTips 4.2 Network Topology 4.3 Configurations4.3.1 Internet Setting 4.3.1.2 Internet Connection 4.3.1.1 System Mode4.3.1.3 Link Backup Settings 4.3.2 VPN Setting1 IKE Setting 4.3.2.1 IPsec VPNSettings  IKE PolicyAuthenticationMD5 Encryption3DES Settings 2 IPsec Setting IPsec Proposal TipsproposalIPsec1 you just created  IPsec PolicySettings Tips 4.3.2.2 PPTP VPN Setting IP Address Pool L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  L2TP/PPTP TunnelSettings  Group 4.3.3 Network Management4.3.3.1 User Group  UserSettings 4.3.3.2 App Control View Settings1 Enable Bandwidth Control 4.3.3.3 Bandwidth ControlSettings 2 Interface Bandwidth3 Bandwidth Control Rule Keep the default valueSettings 4.3.4 Network Security4.3.3.4 Session Limit 2 Set IP-MAC Binding Entry Manually 4.3.4.1 LAN ARP Defense1 Scan and import the entries to ARP List Settings 4.3.4.2 WAN ARP Defense3 Set Attack Defense 00-11-22-33-44-aa1 Port Mirror 4.3.4.3 Attack Defense4.3.4.4 Traffic Monitoring 2 Statistics Figure 4-23 IP Traffic Statistics 5.1 Configuration Chapter 5 CLIFigure 5-2 Connection Description Figure 5-3 Select the port to connectFigure 5-4 Port Settings Figure 5-5 Connection Properties Settings 1485.2 Interface Mode enable Accessing PathLogout or Access the next mode adminShow command history enableEnter the privileged mode IP configurationIp-mac Bind Mode normal 5.4 Command IntroductionTP-LINK ip-mac get mode TP-LINK # ip-mac set mode restrictThis command will restore system, Continue?Y/N TP-LINK # sys reboot This command will reboot system, Continue?Y/NTP-LINK # sys restore TP-LINK # sys export configGet configuration file config bin succeed, file size is 7104 bytes Password admin File name config.binTry to get the configuration file config.bin TP-LINK sys show CPU Used Rate 1% TP-LINK # sys updateEnter new password Confirm new password TP-LINK user get Username admin Password adminTP-LINK user set password Enter old password TP-LINK # user get Username admin Password adminTP-LINK history View the history command5.4.6 exit 1. history 2. sys show 3. historyStandards Appendix A Hardware SpecificationsPower PortsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled AH（Authentication Header） Appendix C GlossaryGlossary data authentication, and anti-replay services. ESP encapsulatesDescription for services such as IPSec that require keys. Before any IPSecGlossary Glossary DescriptionTelnet is used for remote terminal connection, enabling users to GlossaryDescription enterprise