Remote Subnet, Remote Gateway, Policy Mode | TP-Link TL-ER604W

Remote Subnet:	Specify IP address range on your remote network to identify
	which PCs on the remote network are covered by this policy. It's
	formed by IP address and subnet mask.
WAN:	Specify the local WAN port for this Policy. The "Remote
	Gateway" of the remote peer should be set to the IP address of
	this WAN port.
Remote Gateway:	Enter the Remote Gateway. It can be IP address or Domain
	name.
Policy Mode:	Select the negotiation mode for the policy.
	 IKE: The parameters for the VPN tunnel are generated
	automatically via IKE negotiations.
	 Manual: All settings (including the keys) for the VPN tunnel
	are manually inputted and no key negotiation is needed.
 IKE Mode
IKE Policy:	It is available when IKE is selected as the negotiation mode.
	Specify the IKE policy. If there is no policy selection, add new
	policy on VPN→IKE→IKE Policy page.
IPsec Proposal:	Select IPsec Proposal on IKE mode. Up to four IPsec Proposals
	can be selected on IKE mode.
PFS:	Select the PFS (Perfect Forward Security) for IKE mode to
	enhance security. This setting should match the remote peer.
	With PFS feature, IKE negotiates to create a new key in
	Phase2. As it is independent of the key created in Phase1, this
	key can be secure even when the key in Phase1 is
	de-encrypted. Without PFS, the key in Phase2 is created based
	on the key in Phase1 and thus once the key in Phase1 is
	de-encrypted, the key in Phase2 is easy to be de-encrypted, in
	this case, the communication secrecy is threatened.
SA Lifetime:	Specify IPsec SA Lifetime for IKE mode.

-96-

Image 101

TP-Link TL-ER604W manual Remote Subnet, Remote Gateway, Policy Mode, IKE Policy, IPsec Proposal

Contents

TL-ER604W Copyright & Trademarks FCC Statement Contents III Application 130 Hardware Specifications 148149 Glossary 151 Package Contents Intended Readers Symbol DescriptionConventions Overview of this Guide Overview of the Router Features Security WirelessTraffic Control Front Panel Appearance LEDs Status Indication Rear Panel Status System ModeNetwork Page  NAT Mode WAN Mode Non-NAT Mode  Classic Mode 3.2 WAN1  WAN ModeTips Static IP  Static IP WAN Static IP Following items are displayed on this screen  Dynamic IP Dynamic IPConnection Type Host Name Unicast Get IP Address byUse the following DNS Server WAN PPPoE PPPoE Active Mode PasswordSettings Keep Alive Account Name ISP Address Service NameSecondary Connection Subnet Address L2TP Gateway Address 10 WAN L2TP Following items are displayed on this screen  L2TP Settings Connection Default GatewaySecondary Pptp  L2TP Status Server IP  Pptp Settings Internet connection by the Connect or Disconnect BigPond  Pptp Status 12 WAN Bigpond Following items are displayed on this screen  BigPond Settings ISP  BigPond Status Dhcp 4 LAN4.1 LAN  Dhcp Settings  Dhcp Reservation Dhcp ClientDhcp Reservation  List of Reserved Address MAC AddressSet the MAC Address for LAN port Set the MAC Address for WAN port Statistics Switch MAC Address Port  Statistics Port Mirror Mode Enable Port MirrorMirroring Port Mirrored Port  Rate Control Rate ControlApplication Example  Port Config Port Config  Port Vlan Port StatusPort Vlan Wireless Setting WirelessWireless Setting  Wireless Setting  Wireless Parameter Ssid Broadcast DescriptionAP Isolation Security WPA/WPA2 WEP Hexadecimal and Ascii formats are Multi-SSIDKey Format  General  Multi-SSID Config Guest Network Enable/Disable Group Key Encryption Auth Type  List of Group 1.3 WDS  Parameter ScanBSSIDto be bridged Key Type  Wireless Advanced Wireless AdvancedKey ： Short GI MAC Filtering  Rule List Host Status Filtering Rules  Host Status User GroupGroup User  Group Config User Config View  View Config List of User View 1 NAT NAT SetupAdvanced  One-to-One NAT One-to-One NAT  Multi-Nets NAT Multi-Nets NAT List of Rules Application Example Network Requirements Configuration procedure Virtual Server Protocol  Virtual ServerInterface  Port Triggering Port Triggering 38 ALG Following items are displayed on this screen 1.6 ALG Traffic Control Setup323 ALG IPsec ALG Control all the time ControlLimited Upstream Bandwidth Control Limited Bandwidth Session LimitSession Limit  List of Session Limit Session List Policy Routing ConfigurationLoad Balance WAN 45 Link Backup Following items are displayed on this screen Link Backup Protocol WAN ConfigTiming Failover Static Route Routing Protocol  List of Protocol  Static Route 47 Static Route Following items are displayed on this screen 5.2 RIP  List of RIP 48 RIP Following items are displayed on this screen Route Table IP-MAC Binding FirewallAnti ARP Spoofing  IP-MAC Binding ARP Scanning ARP List Attack Defense Flood Defense Enable AttackPacket Anomaly Defense MAC Filtering Access ControlURL Filtering  MAC Filtering Object  URL Filtering Rule Web Filtering Access Rules Service  Access RulesPolicy Source Group on 3.3.1 Group ServiceDestination Priority  List of Service  ServiceName Dest. Port Control Rules App Control Control Rules Application Database VPN IKE Policy 1 IKE  IKE Policy 62 IKE Policy Following items are displayed on this screen IKE Proposal  IKE Proposal 63 IKE Proposal Following items are displayed on this screen  List of IKE Proposal IPsecIPsec Policy Local Subnet  IPsec PolicyPolicy Name Remote Subnet Policy ModeRemote Gateway IKE Policy ESP Authentication Key-In AH Authentication Key-InAH Authentication Key-Out ESP Authentication Key-Out  IPsec Proposal IPsec Proposal List of IPsec Policy IPsec  List of IPsec Proposal IPsec SA Protocol Media Tunnel Length of Header Authentication3 L2TP/PPTP  L2TP/PPTP Tunnel 3.1 L2TP/PPTP Tunnel Max Connections TunnelL2TP/PPTP Server Pre-shard Key IP Address Pool  List of ConfigurationsList of L2TP/PPTP Tunnel  IP Address Pool General ServicesPPPoE Server 70 General Following items are displayed on this screen IP Address Pool  Account AccountIP Address Assigned Static IP Address  List of Account Is 48. If Enable Advanced Account Features is not selected,Exceptional IP  Exceptional IP BulletinList of Account Title Interval E-Bulletin  List of E-Bulletin Dynamic DNSPublisher  Dyndns Ddns DynDNS  No-IP Ddns No-IP List of DynDNS Account  PeanutHull Ddns PeanutHull List of No-IP Account  List of PeanutHull Account Comexe  List of Comexe Account UPnP Comexe Ddns Admin Setup MaintenanceAdministrator  List of UPnP Mapping  Administrator Login Parameter  Remote Management Remote Management  List of Subnet Factory DefaultsManagement  Configuration Version RebootExport and Import  Export License Firmware Upgrade Interface Traffic Statistics Statistics Interface Traffic Statistics 123  Advanced WAN Information IP Traffic Statistics Diagnostics Diagnostics Traffic Statistics  IP Traffic Statistics  Tracert Online Detection Ping Ping TimeDNS Lookup Port Displays the detected WAN port Detection Logs  List of Logs  ConfigSeverity Send System Logs Network Requirements Application System Mode Network Topology ConfigurationsInternet Setting Internet Connection System Mode IKE Setting VPN SettingSettings IPsec VPN IKE1  IKE Policy  IPsec Proposal IPsec Setting PFS DH1  IPsec Policy  IP Address Pool Pptp VPN Setting  L2TP/PPTP Tunnel User Group Network Management Group  User  View App Control 11 App Rules Enable Bandwidth Control LAN WAN1 Bandwidth Control Rule Scan and import the entries to ARP List Network SecurityLAN ARP Defense Set Attack Defense WAN ARP DefenseSet IP-MAC Binding Entry Manually 20 Attack Defense 145 Attack Defense Statistics Traffic MonitoringPage Environmental and Physical Appendix a Hardware Specifications Appendix B FAQ Page Glossary Description Appendix C Glossary Allows dissimilar communication devices to communicate Port or device that connects to a LAN. Other devices Enterprise