3 L2TP/PPTP, IPsec SA | TP-Link TL-ER604W manual

3.6.2.3IPsec SA

This page displays the information of the IPsec SA (Security Association).

Choose the menu VPN→IPsec→IPsec SA to load the following page.

Figure 3-66 IPsec SA

Figure 3-66displays the connection status of the NO.1 entry in the List of IPsec policy in Figure 3-64.As shown in the figure, the Router is using WAN2 for tunnel connection, and the IP address of WAN2 and the default gateway of remote peer are 172.30.70.151 and 172.30.70.161 respectively. Security protocol and other parameters for IPsec tunnel and the remote router should be configured the same.

As Security Association is unidirectional, an ingoing SA and an outgoing SA are created to protect data flows for each tunnel after IPsec tunnel is successfully established. The ingoing SPI value and outgoing SPI value are different. However, the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vice versa. The connection status on the remote endpoint of this tunnel is as the following figure shows. The SPI value is obtained via auto-negotiation.

3.6.3 L2TP/PPTP

Layer 2 VPN tunneling protocol consists of L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol).

Both L2TP and PPTP encapsulate packet and add extra header to the packet by using PPP (Point to Point Protocol). Table depicts the difference between L2TP and PPTP.

Protocol	Media	Tunnel	Length of Header	Authentication

PPTP	IP network	Single tunnel	6 bytes at least	Not supported

	IP network of
	UDP, frame relay
L2TP	virtual circuit,	Multiple tunnels	4 bytes at least	Supported
	X.25 virtual
	circuit

		-100-

Image 105

TP-Link TL-ER604W manual 3 L2TP/PPTP, IPsec SA, Protocol Media Tunnel Length of Header Authentication

Contents

TL-ER604W Copyright & Trademarks FCC Statement Contents III Application 130 Hardware Specifications 148149 Glossary 151 Package Contents Intended Readers Symbol DescriptionConventions Overview of this Guide Overview of the Router Features Wireless Traffic ControlSecurity Front Panel Appearance LEDs Status Indication Rear Panel System Mode NetworkStatus Page  NAT Mode WAN Mode Non-NAT Mode  Classic Mode 3.2 WAN1  WAN ModeTips Static IP  Static IP WAN Static IP Following items are displayed on this screen  Dynamic IP Dynamic IPConnection Type Host Name Unicast Get IP Address byUse the following DNS Server WAN PPPoE PPPoE Active Mode PasswordSettings Keep Alive Account Name ISP Address Service NameSecondary Connection Subnet Address L2TP Gateway Address 10 WAN L2TP Following items are displayed on this screen  L2TP Settings Default Gateway SecondaryConnection Pptp  L2TP Status Server IP  Pptp Settings Internet connection by the Connect or Disconnect BigPond  Pptp Status 12 WAN Bigpond Following items are displayed on this screen  BigPond Settings ISP  BigPond Status 4 LAN 4.1 LANDhcp  Dhcp Settings Dhcp Client Dhcp Reservation Dhcp Reservation  List of Reserved Address MAC AddressSet the MAC Address for LAN port Set the MAC Address for WAN port Statistics Switch MAC Address Port  Statistics Port Mirror Mode Enable Port MirrorMirroring Port Mirrored Port Rate Control Application Example Rate Control  Port Config Port Config Port Status Port Vlan Port Vlan Wireless Setting WirelessWireless Setting  Wireless Setting  Wireless Parameter Ssid Broadcast DescriptionAP Isolation Security WPA/WPA2 WEP Multi-SSID Key FormatHexadecimal and Ascii formats are  General  Multi-SSID Config Guest Network Enable/Disable Group Key Encryption Auth Type  List of Group 1.3 WDS  Parameter ScanBSSIDto be bridged Key Type  Wireless Advanced Wireless AdvancedKey ： Short GI MAC Filtering Host Status  Filtering Rules Rule List User Group Group Host Status  Group Config  User ConfigUser View  View Config List of User View NAT Setup Advanced1 NAT  One-to-One NAT One-to-One NAT Multi-Nets NAT  List of Rules Multi-Nets NAT Application Example Network Requirements Configuration procedure Virtual Server  Virtual Server InterfaceProtocol  Port Triggering Port Triggering 38 ALG Following items are displayed on this screen 1.6 ALG Traffic Control Setup323 ALG IPsec ALG Control all the time ControlLimited Upstream Bandwidth Control Session Limit Session LimitLimited Bandwidth  List of Session Limit Session List Configuration Load BalancePolicy Routing WAN 45 Link Backup Following items are displayed on this screen Link Backup Protocol WAN ConfigTiming Failover Static Route Routing Protocol  List of Protocol  Static Route 47 Static Route Following items are displayed on this screen 5.2 RIP  List of RIP 48 RIP Following items are displayed on this screen Route Table Firewall Anti ARP SpoofingIP-MAC Binding  IP-MAC Binding ARP Scanning ARP List Attack Defense Flood Defense Enable AttackPacket Anomaly Defense MAC Filtering Access ControlURL Filtering  MAC Filtering Object  URL Filtering Rule Web Filtering Access Rules Service  Access RulesPolicy Source Group on 3.3.1 Group ServiceDestination Priority  List of Service  ServiceName Dest. Port Control Rules App Control Control Rules Application Database VPN IKE Policy 1 IKE  IKE Policy 62 IKE Policy Following items are displayed on this screen IKE Proposal  IKE Proposal 63 IKE Proposal Following items are displayed on this screen IPsec IPsec Policy List of IKE Proposal  IPsec Policy Policy NameLocal Subnet Remote Subnet Policy ModeRemote Gateway IKE Policy ESP Authentication Key-In AH Authentication Key-InAH Authentication Key-Out ESP Authentication Key-Out IPsec Proposal  List of IPsec Policy IPsec IPsec Proposal  List of IPsec Proposal Protocol Media Tunnel Length of Header Authentication 3 L2TP/PPTPIPsec SA  L2TP/PPTP Tunnel 3.1 L2TP/PPTP Tunnel Max Connections TunnelL2TP/PPTP Server Pre-shard Key IP Address Pool  List of ConfigurationsList of L2TP/PPTP Tunnel  IP Address Pool Services PPPoE ServerGeneral 70 General Following items are displayed on this screen IP Address Pool  Account AccountIP Address Assigned Static IP Address Is 48. If Enable Advanced Account Features is not selected, Exceptional IP List of Account Bulletin List of Account Exceptional IP Interval  E-BulletinTitle Dynamic DNS Publisher List of E-Bulletin  Dyndns Ddns DynDNS No-IP  List of DynDNS Account No-IP Ddns PeanutHull  List of No-IP Account PeanutHull Ddns  List of PeanutHull Account Comexe UPnP  Comexe Ddns List of Comexe Account Admin Setup MaintenanceAdministrator  List of UPnP Mapping  Administrator Login Parameter  Remote Management Remote Management Factory Defaults Management List of Subnet  Configuration Version RebootExport and Import  Export License Firmware Upgrade Interface Traffic Statistics Statistics Interface Traffic Statistics 123  Advanced WAN Information IP Traffic Statistics Diagnostics Diagnostics Traffic Statistics  IP Traffic Statistics Online Detection  Ping Tracert Ping TimeDNS Lookup Port Displays the detected WAN port Detection Logs  List of Logs  ConfigSeverity Send System Logs Network Requirements Application Network Topology Configurations Internet SettingSystem Mode Internet Connection System Mode IKE Setting VPN SettingSettings IPsec VPN IKE1  IKE Policy  IPsec Proposal IPsec Setting PFS DH1  IPsec Policy  IP Address Pool Pptp VPN Setting  L2TP/PPTP Tunnel User Group Network Management Group  User  View App Control 11 App Rules Enable Bandwidth Control LAN WAN1 Bandwidth Control Rule Network Security LAN ARP DefenseScan and import the entries to ARP List WAN ARP Defense Set IP-MAC Binding Entry ManuallySet Attack Defense 20 Attack Defense 145 Attack Defense Statistics Traffic MonitoringPage Environmental and Physical Appendix a Hardware Specifications Appendix B FAQ Page Glossary Description Appendix C Glossary Allows dissimilar communication devices to communicate Port or device that connects to a LAN. Other devices Enterprise