Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER604W Remote Subnet, Remote Gateway, Policy Mode,  IKE Mode, IKE Policy, SA Lifetime

Models: TL-ER604W

1 159

Download 159 pages 47.9 Kb

Page 101

Remote Subnet:	Specify IP address range on your remote network to identify
	which PCs on the remote network are covered by this policy. It's
	formed by IP address and subnet mask.
WAN:	Specify the local WAN port for this Policy. The "Remote
	Gateway" of the remote peer should be set to the IP address of
	this WAN port.
Remote Gateway:	Enter the Remote Gateway. It can be IP address or Domain
	name.
Policy Mode:	Select the negotiation mode for the policy.
	 IKE: The parameters for the VPN tunnel are generated
	automatically via IKE negotiations.
	 Manual: All settings (including the keys) for the VPN tunnel
	are manually inputted and no key negotiation is needed.
 IKE Mode
IKE Policy:	It is available when IKE is selected as the negotiation mode.
	Specify the IKE policy. If there is no policy selection, add new
	policy on VPN→IKE→IKE Policy page.
IPsec Proposal:	Select IPsec Proposal on IKE mode. Up to four IPsec Proposals
	can be selected on IKE mode.
PFS:	Select the PFS (Perfect Forward Security) for IKE mode to
	enhance security. This setting should match the remote peer.
	With PFS feature, IKE negotiates to create a new key in
	Phase2. As it is independent of the key created in Phase1, this
	key can be secure even when the key in Phase1 is
	de-encrypted. Without PFS, the key in Phase2 is created based
	on the key in Phase1 and thus once the key in Phase1 is
	de-encrypted, the key in Phase2 is easy to be de-encrypted, in
	this case, the communication secrecy is threatened.
SA Lifetime:	Specify IPsec SA Lifetime for IKE mode.

-96-

Image 101

TP-Link TL-ER604W manual Remote Subnet, Remote Gateway, Policy Mode,  IKE Mode, policy on VPN→IKE→IKE Policy page

Contents

Wireless N Gigabit Broadband VPN Router TL-ER604WCE Mark Warning COPYRIGHT & TRADEMARKSFCC STATEMENT Chapter 1 About this Guide CONTENTSAdvanced Chapter 4 Application Hardware SpecificationsGlossary Appendix A One TL-ER604W Router  One Power Adapter  One RJ45 Ethernet Cable Package Contents Quick Installation Guide  Resource CD The following items should be found in your packageChapter 1 About this Guide Symbol1.1 Intended Readers 1.2 Conventions Wireless Feature  Powerful Data Processing Capability Powerful Firewall Chapter 2 Introduction Flexible Traffic Control 2.2 Features Dual-WAN Ports  Easy-to-useSecurity WirelessTraffic Control 2.3.1 Front Panel 2.3 Appearance LEDs Status Wifi button  Reset button Power 2.3.2 Rear Panel3.1.2 System Mode Chapter 3 Configuration3.1 Network 3.1.1 StatusFigure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT ModeFigure 3-4 Network Topology - Classic Mode Choose the menu Network→System Mode to load the following page NAT Mode 3.1.3.1 WAN Mode Non-NAT Mode  Classic Mode3.1.3.2 WAN1  WAN ModeTips 1 Static IP Static IP  Dynamic IP 2 Dynamic IPConnection Type Host NameUnicast Get IP Address byUse the following DNS ServerGateway Address Displays the Gateway Address assigned by your ISP 3 PPPoEPrimary DNS Displays the IP address of your ISP’s Primary DNS Secondary DNS Displays the IP address of your ISP’s Secondary DNSPassword  PPPoE SettingsActive Mode SettingsISP Address Service NameSecondary Connection Subnet Address4 L2TP Gateway AddressIP Address Primary DNS L2TP Settings Secondary Default GatewayConnection the obtained DNS is displayed5 PPTP  L2TP StatusStatus IP AddressServer IP  PPTP SettingsPassword Connection TypeActive Mode Default Gateway Primary DNS Secondary DNS Upstream BandwidthSecondary Connection Connection Type6 BigPond  PPTP StatusStatus IP Address BigPond Settings Default Gateway  BigPond StatusStatus IP Address3.1.4.1 LAN 3.1.4 LAN3.1.4.2 DHCP  LAN DHCP Settings  DHCP Reservation 3.1.4.3 DHCP Client3.1.4.4 DHCP Reservation  List of Reserved Address 3.1.5 MAC AddressSet the MAC Address for LAN port Set the MAC Address for WAN port3.1.6.1 Statistics 3.1.6 Switch MAC Address PortTips 3.1.6.2 Port Mirror Statistics General Enable Port MirrorMode Port Mirror Rate Control 3.1.6.3 Rate ControlApplication Example Port 3.1.6.4 Port Config Port Config  Port VLAN 3.1.6.5 Port Status3.1.6.6 Port VLAN 3.2.1 Wireless Setting 3.2 Wireless3.2.1.1 Wireless Setting  Wireless SettingMode  Wireless ParameterDescription SSIDSSID Broadcast AP IsolationGroup or above. Enter 0 to disable the updatePeriod 2 WPA/WPA2or above. Enter 0 to disable the update 3 WEPGroup PeriodKey Format 3.2.1.2 Multi-SSIDHexadecimal and ASCII formats are Tips General  Multi-SSID ConfigSpecify a name for the wireless network SSIDGuest Network Enable/DisableAP Isolation SSIDGroup Key EncryptionPassword PeriodHexadecimal and ASCII formats are provided . Hexadecimal format Auth Typeor above. Enter 0 to disable the update Group List of Group 3.2.1.3 WDSTips Tips Parameter ScanBSSIDto be bridged Key Type Wireless Advanced 3.2.1.4 Wireless AdvancedKey ： Short GIBeacon Interval 3.2.2 MAC FilteringRTS Threshold Fragmentation Filtering Rules 3.2.3 Host Status Rule List  General3.3.1 Group 3.3 User Group Host Status  General User Config  Group Config3.3.2 User  List of Group3.3.3 View  View Config List of User View3.4 Advanced 3.4.1.1 NAT Setup3.4.1 NAT  NAPT One-to-One NAT 3.4.1.2 One-to-One NAT List of Rules 3.4.1.3 Multi-Nets NAT Multi-Nets NAT  list of RulesApplication Example Network Requirements Configuration procedure3.4.1.4 Virtual Server Interface  Virtual ServerProtocol Status List of Rules 3.4.1.5 Port Triggering Port Triggering  List of Rules 3.4.1.6 ALGStatus 3.4.2 Traffic Control 3.4.2.1 Setup ALG FTP ALGControl Default LimitControl all the time Limited3.4.2.2 Bandwidth Control Guaranteed Bandwidth Bandwidth Control Rule Direction3.4.3.1 Session Limit 3.4.3 Session LimitLimited Bandwidth Effective TimeCheck here to enable Session Limit, otherwise all the Session Limit Enable Sessionentries will be disabled 3.4.3.2 Session List3.4.4.2 Policy Routing 3.4.4.1 Configuration3.4.4 Load Balance Select the WAN port for transmitting packets  General General 3.4.4.3 Link Backup List of Rules 3.4.4.4 Protocol WAN ConfigTiming Failover3.4.5.1 Static Route 3.4.5 Routing Protocol  List of Protocol List of Rules  Static RouteApplication Example 3.4.5.2 RIP General  List of RIPChoose the menu Advanced→Routing→RIP to load the following page Destination 3.4.5.3 Route TableThe Destination of route entry Gateway3.5.1 Anti ARP Spoofing 3.5 Firewall3.5.1.1 IP-MAC Binding  General IP-MAC Binding 3.5.1.2 ARP ScanningIP Address Status3.5.1.3 ARP List 3.5.2 Attack Defense Flood Defense Enable AttackPacket Anomaly Defense3.5.3 MAC Filtering 3.5.4 Access Control3.5.4.1 URL Filtering  MAC FilteringObject  URL Filtering Rule General ModeConfiguration Procedure 3.5.4.3 Access Rules3.5.4.2 Web Filtering Application Example Network RequirementsService  Access RulesPolicy Sourcegroup on 3.3.1 Group 3.5.4.4 ServicePriority Destination List of Service  ServiceName Dest. Port3.5.5.1 Control Rules 3.5.5 App Control Control Rules Application List of Rules 3.6 VPN3.5.5.2 Database 3.6.1.1 IKE Policy 3.6.1 IKE IKE Policy Local ID 3.6.1.2 IKE ProposalRemote ID Type Remote ID IKE Proposal  List of IKE Proposal 3.6.2 IPsec3.6.2.1 IPsec Policy Policy Name  IPsec PolicyLocal Subnet  General IKE Mode Policy ModeRemote Subnet Remote GatewayAH Authentication Key-In  Manual ModeESP Authentication Key-In AH Authentication Key-Out List of IPsec Policy IPsec 3.6.2.2 IPsec Proposal IPsec Proposal Tips List of IPsec Proposal 3.6.3 L2TP/PPTP Authentication3.6.2.3 IPsec SA Protocol L2TP/PPTP Tunnel 3.6.3.1 L2TP/PPTP Tunnel General ProtocolMax Connections TunnelL2TP/PPTP Server Pre-shard Key3.6.3.2 IP Address Pool  List of Configurations3.6.3.3 List of L2TP/PPTP Tunnel  IP Address Pool3.7.1.1 General 3.7 Services3.7.1 PPPoE Server  General Figure 3-70 General The following items are displayed on this screen IP Address Pool 3.7.1.2 IP Address Pool Account 3.7.1.3 AccountIP Address Assigned Static IP Address3.7.1.4 Exceptional IP is 48. If Enable Advanced Account Features is not selected, the List of Account Status3.7.1.5 List of Account 3.7.2 E-Bulletin Exceptional IP Status E-Bulletin IntervalTitle  GeneralPublisher 3.7.3 Dynamic DNS List of E-Bulletin Object Dyndns DDNS 3.7.3.1 DynDNS No-IP DDNS 3.7.3.2 No-IP List of DynDNS Account  PeanutHull DDNS 3.7.3.3 PeanutHull List of No-IP Account  List of PeanutHull Account 3.7.3.4 Comexe List of Comexe Account 3.7.4 UPnP Comexe DDNS 3.8.1 Admin Setup 3.8 Maintenance3.8.1.1 Administrator  List of UPnP Mapping Administrator 3.8.1.2 Login Parameter General 3.8.1.3 Remote Management Remote Management 3.8.2 Management 3.8.2.1 Factory Defaults List of Subnet Configuration Procedure Configuration Version 3.8.2.3 Reboot3.8.2.2 Export and Import  Export3.8.3 License 3.8.2.4 Firmware Upgrade3.8.4.1 Interface Traffic Statistics 3.8.4 Statistics Interface Traffic Statistics Displays the interfacePackets Rx 3.8.4.2 IP Traffic StatisticsDisplays the number of packets received on the interface Packets Tx3.8.5.1 Diagnostics 3.8.5 Diagnostics Traffic Statistics  IP Traffic Statistics Ping 3.8.5.2 Online Detection Tracert  GeneralPing 3.8.6 TimeDNS Lookup  List of WAN status3.8.7 Logs ConfigCurrent Time System Time List of Logs  ConfigSeverity Send System Logs4.1 Network Requirements Chapter 4 Application4.3.1 Internet Setting 4.2 Network Topology 4.3 Configurations4.3.1.1 System Mode Tips4.3.1.2 Internet Connection 4.3.1.3 Link Backup1 IKE Setting 4.3.2 VPN SettingSettings 4.3.2.1 IPsec VPNClick the Add button to apply Figure 4-4 IKE Proposal  IKE PolicySettings  IPsec Proposal 2 IPsec SettingSettings TipsproposalIPsec1 you just created  IPsec PolicySettings Tips 4.3.2.2 PPTP VPN Setting IP Address Pool L2TP/PPTPEnable ProtocolPPTP ModeServer UsernamePPTP Passwordabcdefg  L2TP/PPTP TunnelSettings 4.3.3.1 User Group 4.3.3 Network Management Group  UserSettings 4.3.3.2 App Control View 2 Interface Bandwidth 1 Enable Bandwidth Control4.3.3.3 Bandwidth Control 3 Bandwidth Control Rule 4.3.3.4 Session LimitSettings Settings1 Scan and import the entries to ARP List 4.3.4 Network Security4.3.4.1 LAN ARP Defense 2 Set IP-MAC Binding Entry Manually 4.3.4.2 WAN ARP Defense3 Set Attack Defense Settings4.3.4.3 Attack Defense 2 Statistics 4.3.4.4 Traffic Monitoring1 Port Mirror Figure 4-23 IP Traffic Statistics Environmental and Physical Appendix A Hardware SpecificationsWireless GeneralAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled Glossary Appendix C GlossaryAH （Authentication Header ） data authentication, and anti-replay services. ESP encapsulatesDescription for services such as IPSec that require keys. Before any IPSecGlossary Description Glossaryenterprise GlossaryDescription