Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6120 manual IPsec SA, ¾ List of IPsec Proposal

Models: TL-ER6120

1 169

Download 169 pages 57.81 Kb

Page 100

¾List of IPsec Proposal

for ESP authentication. Options include:

zMD5: MD5 (Message Digest Algorithm) takes a message of arbitrary length and generates a 128-bit message digest.

zSHA: SHA (Secure Hash Algorithm) takes a message less than the 64th power of 2 in bits and generates a 160-bit message digest.

ESP Encryption: Select the algorithm used to encrypt the data for ESP encryption. Options include:

NONE: Performs no encryption.

DES: DES (Data Encryption Standard) encrypts a 64-bit block of plain text with a 56-bit key. The key should be 8 characters.

3DES: Triple DES, encrypts a plain text with 168-bit key. The key should be 24 characters.

AES128: Uses the AES algorithm and 128-bit key for encryption. The key should be 16 characters.

¾List of IPsec Proposal

In this table, you can view the information of IPsec Proposals and edit them by the action buttons.

3.5.2.3IPsec SA

This page displays the information of the IPsec SA (Security Association).

Choose the menu VPN→IPsec→IPsec SA to load the following page.

Figure 3-61 IPsec SA

Figure 3-61displays the connection status of the NO.1 entry in the List of IPsec policy in Figure 3-59.As shown in the figure, the Router is using WAN2 for tunnel connection, and the IP address of WAN2

-95-

Image 100

TP-Link TL-ER6120 manual IPsec SA, ¾ List of IPsec Proposal

Contents

TL-ER6120 Multi-WAN VPN Router Rev 1910010516FCC STATEMENT COPYRIGHT & TRADEMARKSCE Mark Warning CONTENTS Chapter 1 About this GuideChapter 4 Application Network RequirementsHardware Specifications GlossaryAppendix A Appendix BPackage Contents Symbol Chapter 1 About this Guide1.1 Intended Readers 1.2 ConventionsLists the hardware specifications of this Router SpecificationsAppendix B FAQ Provides the possible solutions to the problems that may occur duringz Powerful Data Processing Capability z Powerful FirewallChapter 2 Introduction 2.1 Overview of the Router2.2 Features z Multi-WAN Portsz Easy-to-use Hardware2.3 Appearance 2.3.1 Front PanelTraffic Control Securityz Reset button z LEDsStatus Indication2.3.2 Rear Panel z Power Socketz Grounding Terminal 3.1 Network Chapter 3 Configuration3.1.1 Status Figure 3-1 Status 3.1.2 System ModeThe TL-ER6120 Router can work in three modes NAT, Non-NAT and Classic Figure 3-2 Network Topology - NAT Mode Figure 3-3 Network Topology - Non-NAT Modez NAT Mode z Non-NAT Mode3.1.3.1 WAN Mode z Classic Mode¾ WAN Mode 3.1.3 WAN1 Static IP 3.1.3.2 WAN1Tips ¾ Static IP 2 Dynamic IP¾ Dynamic IP ¾ Dynamic IP Status Get IP Address byUnicast Use the following DNS3 PPPoE ¾ PPPoE Settings Figure 3-9 WAN - PPPoEThe following items are displayed on this screen Connection Type Select PPPoE if your ISP provides xDSL VirtualOptional. Enter the ISP address provided by your ISP secondary¾ PPPoE Status Connection TypeIP Address Subnet Address4 L2TP IP Address¾ L2TP Settings Figure 3-10 WAN - L2TPThe following items are displayed on this screen Account Name Enter the Account Name provided by your ISP. If you areYou can select the proper Active Mode according to your If Static IP is selected, configure the subnet mask of WAN¾ L2TP Status 5 PPTPPrimary DNS/Secondary DNS Upstream Bandwidth Downstream Bandwidth Status IP Address Primary DNS Secondary DNSFigure 3-11 WAN - PPTP ¾ PPTP SettingsThe following items are displayed on this screen Account Name 6 BigPond ¾ PPTP Statusz “Disconnected” indicates that the connection has been ¾ BigPond Settings ¾ BigPond Status Status3.1.4.1 LAN 3.1.4 LAN¾ LAN ¾ DHCP Settings 3.1.4.2 DHCP3.1.4.3 DHCP Client 3.1.4.4 DHCP Reservation¾ List of Reserved Address ¾ DHCP ReservationActivate or Inactivate the corresponding entry 3.1.5 DMZ 3.1.5.1 DMZ¾ DMZ 3.1.6 MAC AddressTips Set the MAC Address for LAN port Set the MAC Address for WAN portSet the MAC Address for DMZ port ¾ MAC Address3.1.7.1 Statistics 3.1.7 Switch¾ Statistics 3.1.7.2 Port Mirror ¾ General ¾ Port MirrorApplication Example 3.1.7.3 Rate ControlTips 3.1.7.4 Port Config ¾ Rate Control¾ Port Config 3.1.7.5 Port Status3.2 User Group 3.1.7.6 Port VLAN¾ Port VLAN Tips¾ Group Config 3.2.1 Group3.2.2 User ¾ List of Group3.2.3 View ¾ User Config¾ List of User 3.3.1.1 NAT Setup 3.3 Advanced3.3.1 NAT ¾ NAPT3.3.1.2 One-to-One NAT ¾ List of Rules¾ Multi-Nets NAT 3.3.1.3 Multi-Nets NAT¾ list of Rules Application Example Network Requirements Configuration procedure 3.3.1.4 Virtual Server ¾ Virtual Server3.3.1.5 Port Triggering ¾ List of Rules¾ Port Triggering 3.3.1.6 ALG¾ List of Rules 3.3.2 Traffic Control 3.3.2.1 Setup¾ ALG ¾ Interface Bandwidth 3.3.2.2 Bandwidth Control ¾ List of Rules ¾ Bandwidth Control RuleSelect the data stream direction for the entry. The direction of arrowhead 3.3.3.1 Session Limit 3.3.3 Session Limit¾ General 3.3.4.1 Configuration 3.3.4 Load Balance3.3.3.2 Session List ¾ Session Limit3.3.4.2 Policy Routing ¾ General 3.3.4.3 Link Backup¾ List of Rules ¾ General 3.3.4.4 Protocol ¾ List of Rules3.3.5 Routing 3.3.5.1 Static Route¾ Protocol ¾ List of Protocol¾ Static Route ¾ List of RulesApplication Example There is a network topology as the following figure shown3.3.5.2 RIP ¾ General3.3.5.3 Route Table ¾ List of RIP3.4.1 Anti ARP Spoofing 3.4 Firewall3.4.1.1 IP-MAC Binding ¾ IP-MAC Binding ¾ GeneralIP Address Status3.4.1.2 ARP Scanning ¾ List of Rules3.4.2 Attack Defense 3.4.1.3 ARP ListThe following items are displayed on this screen Figure 3-48 Attack Defense¾ General ¾ MAC Filtering 3.4.3 MAC Filtering¾ General 3.4.4 Access Control 3.4.4.1 URL Filtering¾ List of Rules ¾ GeneralConfiguration Procedure ¾ URL Filtering RuleSelect the mode for URL Filtering. “Keyword’’ indicates that all the ¾ List of Rules3.4.4.3 Access Rules 3.4.4.2 Web FilteringSelect the service for the entry. Only the service belonging to the ¾ Access Rulesother service types can still pass through the Router. You can add Select the Source IP Range for the entries, including the following group on3.2.1 GroupSelect this option to specify the priority for the added entries. The 3.4.4.4 Service ¾ List of Rules¾ Service ¾ List of Service3.4.5 App Control 3.4.5.1 Control Rules¾ Control Rules ¾ General3.4.5.2 Database 3.5 VPN¾ List of Rules 3.5.1 IKE 3.5.1.1 IKE Policy¾ IKE Policy 3.5.1.2 IKE Proposal ¾ List of IKE Policy¾ IKE Proposal 3.5.2.1 IPsec Policy 3.5.2 IPsec¾ List of IKE Proposal Select the network mode for IPsec policy. Options include ¾ IPsec Policy¾ General z IKE Mode z Manual Mode IPsec ProposalIncoming SPI Key-In¾ List of IPsec Policy IPsec 3.5.2.2 IPsec ProposalTips ¾ IPsec Proposal 3.5.2.3 IPsec SA ¾ List of IPsec ProposalAuthentication 3.5.3 L2TP/PPTP3.5.3.1 L2TP/PPTP Tunnel ProtocolSpecify the working mode for this Router. Options include ¾ L2TP/PPTP Tunnel¾ General TunnelSelect the network mode for the tunnel. Options include tunnel3.5.3.2 IP Address Pool ¾ List of Configurations¾ IP Address Pool 3.6 Services 3.6.1 PPPoE Server3.5.3.3 List of L2TP/PPTP Tunnel ¾ List of IP Pool¾ General PPPoE Server Dial-up Access Only 3.6.1.1 General3.6.1.2 IP Address Pool Idle Timeout Authentication Auth Protocol Radius Server Shared Key3.6.1.3 Account ¾ IP Address PoolPool Name IP Address Range¾ Account ¾ List of Account 3.6.1.4 Exceptional IP¾ Exceptional IP 3.6.1.5 List of Account 3.6.2 E-Bulletin¾ List of Account ¾ E-Bulletin Enable E-BulletinEnable Logs ¾ General3.6.3 Dynamic DNS ¾ List of E-BulletinContent Object Effective Time Publisher Description Status Tips3.6.3.1 DynDNS ¾ Dyndns DDNS¾ List of DynDNS Account 3.6.3.2 No-IP¾ No-IP DDNS ¾ List of No-IP Account 3.6.3.3 PeanutHull¾ PeanutHull DDNS ¾ List of PeanutHull Account 3.6.3.4 Comexe¾ Comexe DDNS 3.6.4 UPnP ¾ List of Comexe Account3.7 Maintenance 3.7.1 Admin Setup3.7.1.1 Administrator ¾ List of UPnP Mapping¾ Administrator 3.7.1.2 Login ParameterTips Configuration Procedure ¾ GeneralWeb Management Port Enter the Web Management Port for the Router Application Example Network Requirements3.7.2.1 Factory Defaults 3.7.2 Management3.7.1.3 Remote Management ¾ Remote Management3.7.2.3 Reboot ¾ Configuration Version3.7.2.2 Export and Import ¾ Export3.7.2.4 Firmware Upgrade 3.7.3 License3.7.4.1 Interface Traffic Statistics 3.7.4 Statistics¾ Interface Traffic Statistics 3.7.4.2 IP Traffic Statistics ¾ Advanced WAN Information3.7.5.1 Diagnostics 3.7.5 Diagnostics¾ IP Traffic Statistics ¾ Ping ¾ Tracert 3.7.5.2 Online Detection¾ General ¾ List of WAN status 3.7.6 Time¾ Current Time 3.7.7 Logs ¾ Config¾ List of Logs Send System Logs LevelDescription Chapter 4 Application 4.1 Network Requirements4.3.1 Internet Setting 4.2 Network Topology 4.3 ConfigurationsTips 4.3.1.2 WAN Mode 4.3.1.1 System Mode4.3.1.3 Internet Connection Figure 4-4 Link Backup 131 4.3.1.4 Link BackupFigure 4-3 WAN - Static IP 4.3.2 VPN Setting 1 IKE SettingSettings 4.3.2.1 IPsec VPNPolicy Name Tips2 IPsec Setting z IPsec Proposalz IPsec Policy SettingsTips proposalIPsec1 you just created4.3.2.2 PPTP VPN Setting z IP Address Poolz L2TP/PPTP Tunnel Settings4.3.3.1 User Group 4.3.3 Network Managementz Group z User z ViewFigure 4-11 Group Config Settings1 Enable Bandwidth Control 4.3.3.2 App Control4.3.3.3 Bandwidth Control Settings2 Interface Bandwidth 3 Bandwidth Control RuleSettings Keep the default value4.3.3.4 Session Limit 4.3.4 Network SecuritySettings 1 Scan and import the entries to ARP List 4.3.4.1 LAN ARP Defense2 Set IP-MAC Binding Entry Manually 4.3.4.2 WAN ARP Defense 3 Set Attack DefenseSettings 00-11-22-33-44-aa4.3.4.4 Traffic Monitoring 4.3.4.3 Attack Defense1 Port Mirror 2 Statistics Figure 4-25 IP Traffic Statistics 5.1 Configuration Chapter 5 CLIFigure 5-2 Connection Description Figure 5-3 Select the port to connectFigure 5-4 Port Settings Figure 5-5 Connection Properties Settings 1495.2 Interface Mode Accessing PathLogout or Access the next Modeadmin 5.3 Online Help5.4 Command Introduction TP-LINK ip-mac get mode TP-LINK # ip-mac set mode restrict5.4.2 ip-mac 5.4.1 ipTP-LINK # sys restore TP-LINK # sys export configTP-LINK # sys import config 5.4.4 userTP-LINK user set password Enter old password TP-LINK # user set password Enter old password5.4.5 history TP-LINK # user set username Enter new username tplinkView the history command 5.4.6 exitTP-LINK history clear Exit CLIAppendix A Hardware Specifications PowerStandards PortsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled Appendix C Glossary GlossaryAH （Authentication Header ） data authentication, and anti-replay services. ESP encapsulatesGlossary for services such as IPSec that require keys. Before any IPSecDescription Description GlossaryTelnet is used for remote terminal connection, enabling users to Glossary Description