Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6120 VPN Setting, IPsec VPN, IKE Setting, z IKE Proposal, Settings, z IKE Policy

Models: TL-ER6120

1 169

Download 169 pages 57.81 Kb

Page 137

4.3.2 VPN Setting

4.3.2 VPN Setting

To enable the hosts in the remote branch office (WAN: 116.31.85.133, LAN: 172.31.10.1) to access the servers in the headquarters, you can create the VPN tunnel via the TP-LINK VPN routers between the headquarters and the remote branch office to guarantee a secured communication. The following takes IPsec settings of the Router in the headquarters for example.

Moreover, you can configure the PPTP VPN Server to establish a remote mobile office, which enables the staff on business to access the FTP server and Mail server in the headquarters via PPTP dial-up connection.

4.3.2.1IPsec VPN

1)IKE Setting

To configure the IKE function, you should create an IKE Proposal firstly.

zIKE Proposal

Choose the menu VPN→IKE→IKE Proposal to load the configuration page.

Settings:

Proposal Name:

proposal_IKE_1

Authentication:MD5

Encryption:3DES

DH Group:

DH2

Click the <Add> button to apply.

Figure 4-6 IKE Proposal

zIKE Policy

Choose the menu VPN→IKE→IKE Policy to load the configuration page.

Settings:

-132-

Image 137

TP-Link TL-ER6120 manual VPN Setting, IPsec VPN, IKE Setting, z IKE Proposal, Settings, z IKE Policy

Contents

Rev 1910010516 TL-ER6120 Multi-WAN VPN RouterCE Mark Warning COPYRIGHT & TRADEMARKSFCC STATEMENT Chapter 1 About this Guide CONTENTSNetwork Requirements Chapter 4 ApplicationGlossary Hardware SpecificationsAppendix A Appendix BPackage Contents Chapter 1 About this Guide Symbol1.1 Intended Readers 1.2 ConventionsSpecifications Lists the hardware specifications of this RouterAppendix B FAQ Provides the possible solutions to the problems that may occur duringz Powerful Firewall z Powerful Data Processing CapabilityChapter 2 Introduction 2.1 Overview of the Routerz Multi-WAN Ports 2.2 Featuresz Easy-to-use Hardware2.3.1 Front Panel 2.3 AppearanceTraffic Control Securityz LEDs z Reset buttonStatus Indicationz Grounding Terminal z Power Socket2.3.2 Rear Panel 3.1.1 Status Chapter 3 Configuration3.1 Network The TL-ER6120 Router can work in three modes NAT, Non-NAT and Classic 3.1.2 System ModeFigure 3-1 Status Figure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT Modez Non-NAT Mode z NAT Modez Classic Mode 3.1.3.1 WAN Mode¾ WAN Mode 3.1.3 WANTips 3.1.3.2 WAN11 Static IP 2 Dynamic IP ¾ Static IP¾ Dynamic IP Get IP Address by ¾ Dynamic IP StatusUnicast Use the following DNS3 PPPoE Figure 3-9 WAN - PPPoE ¾ PPPoE SettingsThe following items are displayed on this screen Connection Type Select PPPoE if your ISP provides xDSL Virtualsecondary Optional. Enter the ISP address provided by your ISPConnection Type ¾ PPPoE StatusIP Address Subnet AddressIP Address 4 L2TPFigure 3-10 WAN - L2TP ¾ L2TP SettingsThe following items are displayed on this screen Account Name Enter the Account Name provided by your ISP. If you areIf Static IP is selected, configure the subnet mask of WAN You can select the proper Active Mode according to your5 PPTP ¾ L2TP StatusPrimary DNS/Secondary DNS Upstream Bandwidth Downstream Bandwidth Status IP Address Primary DNS Secondary DNSThe following items are displayed on this screen ¾ PPTP SettingsFigure 3-11 WAN - PPTP Account Name z “Disconnected” indicates that the connection has been ¾ PPTP Status6 BigPond ¾ BigPond Settings Status ¾ BigPond Status¾ LAN 3.1.4 LAN3.1.4.1 LAN 3.1.4.2 DHCP ¾ DHCP Settings3.1.4.4 DHCP Reservation 3.1.4.3 DHCP ClientActivate or Inactivate the corresponding entry ¾ DHCP Reservation¾ List of Reserved Address 3.1.5.1 DMZ 3.1.5 DMZTips 3.1.6 MAC Address¾ DMZ Set the MAC Address for WAN port Set the MAC Address for LAN portSet the MAC Address for DMZ port ¾ MAC Address¾ Statistics 3.1.7 Switch3.1.7.1 Statistics 3.1.7.2 Port Mirror ¾ Port Mirror ¾ GeneralTips 3.1.7.3 Rate ControlApplication Example ¾ Rate Control 3.1.7.4 Port Config3.1.7.5 Port Status ¾ Port Config3.1.7.6 Port VLAN 3.2 User Group¾ Port VLAN Tips3.2.1 Group ¾ Group Config3.2.2 User ¾ List of Group¾ List of User ¾ User Config3.2.3 View 3.3 Advanced 3.3.1.1 NAT Setup3.3.1 NAT ¾ NAPT¾ List of Rules 3.3.1.2 One-to-One NAT¾ list of Rules 3.3.1.3 Multi-Nets NAT¾ Multi-Nets NAT Application Example Network Requirements Configuration procedure ¾ Virtual Server 3.3.1.4 Virtual Server¾ List of Rules 3.3.1.5 Port Triggering¾ List of Rules 3.3.1.6 ALG¾ Port Triggering ¾ ALG 3.3.2.1 Setup3.3.2 Traffic Control ¾ Interface Bandwidth 3.3.2.2 Bandwidth Control Select the data stream direction for the entry. The direction of arrowhead ¾ Bandwidth Control Rule¾ List of Rules ¾ General 3.3.3 Session Limit3.3.3.1 Session Limit 3.3.4 Load Balance 3.3.4.1 Configuration3.3.3.2 Session List ¾ Session Limit3.3.4.2 Policy Routing ¾ List of Rules 3.3.4.3 Link Backup¾ General ¾ General ¾ List of Rules 3.3.4.4 Protocol3.3.5.1 Static Route 3.3.5 Routing¾ Protocol ¾ List of Protocol¾ List of Rules ¾ Static RouteThere is a network topology as the following figure shown Application Example¾ General 3.3.5.2 RIP¾ List of RIP 3.3.5.3 Route Table3.4.1.1 IP-MAC Binding 3.4 Firewall3.4.1 Anti ARP Spoofing ¾ General ¾ IP-MAC BindingIP Address Status¾ List of Rules 3.4.1.2 ARP Scanning3.4.1.3 ARP List 3.4.2 Attack Defense¾ General Figure 3-48 Attack DefenseThe following items are displayed on this screen ¾ General 3.4.3 MAC Filtering¾ MAC Filtering 3.4.4.1 URL Filtering 3.4.4 Access Control¾ List of Rules ¾ General¾ URL Filtering Rule Configuration ProcedureSelect the mode for URL Filtering. “Keyword’’ indicates that all the ¾ List of Rules3.4.4.2 Web Filtering 3.4.4.3 Access Rulesother service types can still pass through the Router. You can add ¾ Access RulesSelect the service for the entry. Only the service belonging to the Select this option to specify the priority for the added entries. The group on3.2.1 GroupSelect the Source IP Range for the entries, including the following ¾ List of Rules 3.4.4.4 Service¾ List of Service ¾ Service3.4.5 App Control 3.4.5.1 Control Rules¾ General ¾ Control Rules¾ List of Rules 3.5 VPN3.4.5.2 Database 3.5.1.1 IKE Policy 3.5.1 IKE¾ IKE Policy ¾ List of IKE Policy 3.5.1.2 IKE Proposal¾ IKE Proposal ¾ List of IKE Proposal 3.5.2 IPsec3.5.2.1 IPsec Policy ¾ General ¾ IPsec PolicySelect the network mode for IPsec policy. Options include z IKE Mode IPsec Proposal z Manual ModeIncoming SPI Key-InTips 3.5.2.2 IPsec Proposal¾ List of IPsec Policy IPsec ¾ IPsec Proposal ¾ List of IPsec Proposal 3.5.2.3 IPsec SA3.5.3 L2TP/PPTP Authentication3.5.3.1 L2TP/PPTP Tunnel Protocol¾ General ¾ L2TP/PPTP TunnelSpecify the working mode for this Router. Options include tunnel TunnelSelect the network mode for the tunnel. Options include¾ IP Address Pool ¾ List of Configurations3.5.3.2 IP Address Pool 3.6.1 PPPoE Server 3.6 Services3.5.3.3 List of L2TP/PPTP Tunnel ¾ List of IP Pool3.6.1.1 General ¾ General PPPoE Server Dial-up Access OnlyIdle Timeout Authentication Auth Protocol Radius Server Shared Key 3.6.1.2 IP Address Pool¾ IP Address Pool 3.6.1.3 AccountPool Name IP Address Range¾ Account ¾ Exceptional IP 3.6.1.4 Exceptional IP¾ List of Account ¾ List of Account 3.6.2 E-Bulletin3.6.1.5 List of Account Enable E-Bulletin ¾ E-BulletinEnable Logs ¾ General¾ List of E-Bulletin 3.6.3 Dynamic DNSContent Object Effective Time Publisher Description Status Tips¾ Dyndns DDNS 3.6.3.1 DynDNS¾ No-IP DDNS 3.6.3.2 No-IP¾ List of DynDNS Account ¾ PeanutHull DDNS 3.6.3.3 PeanutHull¾ List of No-IP Account ¾ Comexe DDNS 3.6.3.4 Comexe¾ List of PeanutHull Account ¾ List of Comexe Account 3.6.4 UPnP3.7.1 Admin Setup 3.7 Maintenance3.7.1.1 Administrator ¾ List of UPnP MappingTips 3.7.1.2 Login Parameter¾ Administrator ¾ General Configuration ProcedureWeb Management Port Enter the Web Management Port for the Router Application Example Network Requirements3.7.2 Management 3.7.2.1 Factory Defaults3.7.1.3 Remote Management ¾ Remote Management¾ Configuration Version 3.7.2.3 Reboot3.7.2.2 Export and Import ¾ Export3.7.3 License 3.7.2.4 Firmware Upgrade¾ Interface Traffic Statistics 3.7.4 Statistics3.7.4.1 Interface Traffic Statistics ¾ Advanced WAN Information 3.7.4.2 IP Traffic Statistics¾ IP Traffic Statistics 3.7.5 Diagnostics3.7.5.1 Diagnostics ¾ Ping ¾ General 3.7.5.2 Online Detection¾ Tracert ¾ Current Time 3.7.6 Time¾ List of WAN status ¾ List of Logs ¾ Config3.7.7 Logs Description LevelSend System Logs 4.1 Network Requirements Chapter 4 ApplicationTips 4.2 Network Topology 4.3 Configurations4.3.1 Internet Setting 4.3.1.3 Internet Connection 4.3.1.1 System Mode4.3.1.2 WAN Mode Figure 4-3 WAN - Static IP 4.3.1.4 Link BackupFigure 4-4 Link Backup 131 1 IKE Setting 4.3.2 VPN SettingSettings 4.3.2.1 IPsec VPNTips Policy Namez IPsec Proposal 2 IPsec Settingz IPsec Policy SettingsproposalIPsec1 you just created Tipsz IP Address Pool 4.3.2.2 PPTP VPN Settingz L2TP/PPTP Tunnel Settingsz Group 4.3.3 Network Management4.3.3.1 User Group z View z UserFigure 4-11 Group Config Settings4.3.3.2 App Control 1 Enable Bandwidth Control4.3.3.3 Bandwidth Control Settings3 Bandwidth Control Rule 2 Interface BandwidthSettings Keep the default valueSettings 4.3.4 Network Security4.3.3.4 Session Limit 2 Set IP-MAC Binding Entry Manually 4.3.4.1 LAN ARP Defense1 Scan and import the entries to ARP List 3 Set Attack Defense 4.3.4.2 WAN ARP DefenseSettings 00-11-22-33-44-aa1 Port Mirror 4.3.4.3 Attack Defense4.3.4.4 Traffic Monitoring 2 Statistics Figure 4-25 IP Traffic Statistics Chapter 5 CLI 5.1 ConfigurationFigure 5-3 Select the port to connect Figure 5-2 Connection DescriptionFigure 5-5 Connection Properties Settings 149 Figure 5-4 Port SettingsAccessing Path 5.2 Interface ModeLogout or Access the next Mode5.3 Online Help admin5.4 Command Introduction TP-LINK # ip-mac set mode restrict TP-LINK ip-mac get mode5.4.2 ip-mac 5.4.1 ipTP-LINK # sys export config TP-LINK # sys restore5.4.4 user TP-LINK # sys import configTP-LINK # user set password Enter old password TP-LINK user set password Enter old password5.4.5 history TP-LINK # user set username Enter new username tplink5.4.6 exit View the history commandTP-LINK history clear Exit CLIPower Appendix A Hardware SpecificationsStandards PortsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled Glossary Appendix C GlossaryAH （Authentication Header ） data authentication, and anti-replay services. ESP encapsulatesDescription for services such as IPSec that require keys. Before any IPSecGlossary Telnet is used for remote terminal connection, enabling users to GlossaryDescription Description Glossary