Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6120 manual z Manual Mode, IPsec Proposal, Incoming SPI, Key-In, Encryption

Models: TL-ER6120

1 169

Download 169 pages 57.81 Kb

Page 97

Phase1 is de-encrypted. Without PFS, the key in Phase2 is created based on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in Phase2 is easy to be de-encrypted, in this case, the communication secrecy is threatened.

SA Lifetime: Specify IPsec SA Lifetime for IKE mode.

Status:Activate or inactivate the entry.

zManual Mode

IPsec Proposal:		Select the IPsec Proposal. Only one proposal can be
		selected on Manual mode. You need to first create the
		IPsec Proposal.
Incoming SPI:		Specify the Incoming SPI (Security Parameter Index)
		manually. The Incoming SPI here must match the
		Outgoing SPI value at the other end of the tunnel, and
		vice versa.
AH	Authentication	Specify the inbound AH Authentication Key manually if AH
Key-In:		protocol is used in the corresponding IPsec Proposal. The
		inbound key here must match the outbound AH
		authentication key at the other end of the tunnel, and vice
		versa.
ESP	Authentication	Specify the inbound ESP Authentication Key manually if
Key-In:		ESP protocol is used in the corresponding IPsec
		Proposal. The inbound key here must match the outbound
		ESP authentication key at the other end of the tunnel, and
		vice versa.
ESP	Encryption	Specify the inbound ESP Encryption Key manually if ESP
Key-In:		protocol is used in the corresponding IPsec Proposal. The
		inbound key here must match the outbound ESP
		encryption key at the other end of the tunnel, and vice
		versa.

-92-

Image 97

TP-Link TL-ER6120 manual z Manual Mode, IPsec Proposal, Incoming SPI, Key-In, Encryption

Contents

Rev 1910010516 TL-ER6120 Multi-WAN VPN RouterFCC STATEMENT COPYRIGHT & TRADEMARKSCE Mark Warning Chapter 1 About this Guide CONTENTSNetwork Requirements Chapter 4 ApplicationGlossary Hardware SpecificationsAppendix A Appendix BPackage Contents Chapter 1 About this Guide Symbol1.1 Intended Readers 1.2 ConventionsSpecifications Lists the hardware specifications of this RouterAppendix B FAQ Provides the possible solutions to the problems that may occur duringz Powerful Firewall z Powerful Data Processing CapabilityChapter 2 Introduction 2.1 Overview of the Routerz Multi-WAN Ports 2.2 Featuresz Easy-to-use Hardware2.3.1 Front Panel 2.3 AppearanceTraffic Control Securityz LEDs z Reset buttonStatus Indication2.3.2 Rear Panel z Power Socketz Grounding Terminal 3.1 Network Chapter 3 Configuration3.1.1 Status Figure 3-1 Status 3.1.2 System ModeThe TL-ER6120 Router can work in three modes NAT, Non-NAT and Classic Figure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT Modez Non-NAT Mode z NAT Modez Classic Mode 3.1.3.1 WAN Mode¾ WAN Mode 3.1.3 WAN1 Static IP 3.1.3.2 WAN1Tips 2 Dynamic IP ¾ Static IP¾ Dynamic IP Get IP Address by ¾ Dynamic IP StatusUnicast Use the following DNS3 PPPoE Figure 3-9 WAN - PPPoE ¾ PPPoE SettingsThe following items are displayed on this screen Connection Type Select PPPoE if your ISP provides xDSL Virtualsecondary Optional. Enter the ISP address provided by your ISPConnection Type ¾ PPPoE StatusIP Address Subnet AddressIP Address 4 L2TPFigure 3-10 WAN - L2TP ¾ L2TP SettingsThe following items are displayed on this screen Account Name Enter the Account Name provided by your ISP. If you areIf Static IP is selected, configure the subnet mask of WAN You can select the proper Active Mode according to your5 PPTP ¾ L2TP StatusPrimary DNS/Secondary DNS Upstream Bandwidth Downstream Bandwidth Status IP Address Primary DNS Secondary DNSFigure 3-11 WAN - PPTP ¾ PPTP SettingsThe following items are displayed on this screen Account Name 6 BigPond ¾ PPTP Statusz “Disconnected” indicates that the connection has been ¾ BigPond Settings Status ¾ BigPond Status3.1.4.1 LAN 3.1.4 LAN¾ LAN 3.1.4.2 DHCP ¾ DHCP Settings3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client¾ List of Reserved Address ¾ DHCP ReservationActivate or Inactivate the corresponding entry 3.1.5.1 DMZ 3.1.5 DMZ¾ DMZ 3.1.6 MAC AddressTips Set the MAC Address for WAN port Set the MAC Address for LAN portSet the MAC Address for DMZ port ¾ MAC Address3.1.7.1 Statistics 3.1.7 Switch¾ Statistics 3.1.7.2 Port Mirror ¾ Port Mirror ¾ GeneralApplication Example 3.1.7.3 Rate ControlTips ¾ Rate Control 3.1.7.4 Port Config3.1.7.5 Port Status ¾ Port Config3.1.7.6 Port VLAN 3.2 User Group¾ Port VLAN Tips3.2.1 Group ¾ Group Config3.2.2 User ¾ List of Group3.2.3 View ¾ User Config¾ List of User 3.3 Advanced 3.3.1.1 NAT Setup3.3.1 NAT ¾ NAPT¾ List of Rules 3.3.1.2 One-to-One NAT¾ Multi-Nets NAT 3.3.1.3 Multi-Nets NAT¾ list of Rules Application Example Network Requirements Configuration procedure ¾ Virtual Server 3.3.1.4 Virtual Server¾ List of Rules 3.3.1.5 Port Triggering¾ Port Triggering 3.3.1.6 ALG¾ List of Rules 3.3.2 Traffic Control 3.3.2.1 Setup¾ ALG ¾ Interface Bandwidth 3.3.2.2 Bandwidth Control ¾ List of Rules ¾ Bandwidth Control RuleSelect the data stream direction for the entry. The direction of arrowhead 3.3.3.1 Session Limit 3.3.3 Session Limit¾ General 3.3.4 Load Balance 3.3.4.1 Configuration3.3.3.2 Session List ¾ Session Limit3.3.4.2 Policy Routing ¾ General 3.3.4.3 Link Backup¾ List of Rules ¾ General ¾ List of Rules 3.3.4.4 Protocol3.3.5.1 Static Route 3.3.5 Routing¾ Protocol ¾ List of Protocol¾ List of Rules ¾ Static RouteThere is a network topology as the following figure shown Application Example¾ General 3.3.5.2 RIP¾ List of RIP 3.3.5.3 Route Table3.4.1 Anti ARP Spoofing 3.4 Firewall3.4.1.1 IP-MAC Binding ¾ General ¾ IP-MAC BindingIP Address Status¾ List of Rules 3.4.1.2 ARP Scanning3.4.1.3 ARP List 3.4.2 Attack DefenseThe following items are displayed on this screen Figure 3-48 Attack Defense¾ General ¾ MAC Filtering 3.4.3 MAC Filtering¾ General 3.4.4.1 URL Filtering 3.4.4 Access Control¾ List of Rules ¾ General¾ URL Filtering Rule Configuration ProcedureSelect the mode for URL Filtering. “Keyword’’ indicates that all the ¾ List of Rules3.4.4.2 Web Filtering 3.4.4.3 Access RulesSelect the service for the entry. Only the service belonging to the ¾ Access Rulesother service types can still pass through the Router. You can add Select the Source IP Range for the entries, including the following group on3.2.1 GroupSelect this option to specify the priority for the added entries. The ¾ List of Rules 3.4.4.4 Service¾ List of Service ¾ Service3.4.5 App Control 3.4.5.1 Control Rules¾ General ¾ Control Rules3.4.5.2 Database 3.5 VPN¾ List of Rules 3.5.1.1 IKE Policy 3.5.1 IKE¾ IKE Policy ¾ List of IKE Policy 3.5.1.2 IKE Proposal¾ IKE Proposal 3.5.2.1 IPsec Policy 3.5.2 IPsec¾ List of IKE Proposal Select the network mode for IPsec policy. Options include ¾ IPsec Policy¾ General z IKE Mode IPsec Proposal z Manual ModeIncoming SPI Key-In¾ List of IPsec Policy IPsec 3.5.2.2 IPsec ProposalTips ¾ IPsec Proposal ¾ List of IPsec Proposal 3.5.2.3 IPsec SA3.5.3 L2TP/PPTP Authentication3.5.3.1 L2TP/PPTP Tunnel ProtocolSpecify the working mode for this Router. Options include ¾ L2TP/PPTP Tunnel¾ General tunnel TunnelSelect the network mode for the tunnel. Options include3.5.3.2 IP Address Pool ¾ List of Configurations¾ IP Address Pool 3.6.1 PPPoE Server 3.6 Services3.5.3.3 List of L2TP/PPTP Tunnel ¾ List of IP Pool3.6.1.1 General ¾ General PPPoE Server Dial-up Access OnlyIdle Timeout Authentication Auth Protocol Radius Server Shared Key 3.6.1.2 IP Address Pool¾ IP Address Pool 3.6.1.3 AccountPool Name IP Address Range¾ Account ¾ List of Account 3.6.1.4 Exceptional IP¾ Exceptional IP 3.6.1.5 List of Account 3.6.2 E-Bulletin¾ List of Account Enable E-Bulletin ¾ E-BulletinEnable Logs ¾ General¾ List of E-Bulletin 3.6.3 Dynamic DNSContent Object Effective Time Publisher Description Status Tips¾ Dyndns DDNS 3.6.3.1 DynDNS¾ List of DynDNS Account 3.6.3.2 No-IP¾ No-IP DDNS ¾ List of No-IP Account 3.6.3.3 PeanutHull¾ PeanutHull DDNS ¾ List of PeanutHull Account 3.6.3.4 Comexe¾ Comexe DDNS ¾ List of Comexe Account 3.6.4 UPnP3.7.1 Admin Setup 3.7 Maintenance3.7.1.1 Administrator ¾ List of UPnP Mapping¾ Administrator 3.7.1.2 Login ParameterTips ¾ General Configuration ProcedureWeb Management Port Enter the Web Management Port for the Router Application Example Network Requirements3.7.2 Management 3.7.2.1 Factory Defaults3.7.1.3 Remote Management ¾ Remote Management¾ Configuration Version 3.7.2.3 Reboot3.7.2.2 Export and Import ¾ Export3.7.3 License 3.7.2.4 Firmware Upgrade3.7.4.1 Interface Traffic Statistics 3.7.4 Statistics¾ Interface Traffic Statistics ¾ Advanced WAN Information 3.7.4.2 IP Traffic Statistics3.7.5.1 Diagnostics 3.7.5 Diagnostics¾ IP Traffic Statistics ¾ Ping ¾ Tracert 3.7.5.2 Online Detection¾ General ¾ List of WAN status 3.7.6 Time¾ Current Time 3.7.7 Logs ¾ Config¾ List of Logs Send System Logs LevelDescription 4.1 Network Requirements Chapter 4 Application4.3.1 Internet Setting 4.2 Network Topology 4.3 ConfigurationsTips 4.3.1.2 WAN Mode 4.3.1.1 System Mode4.3.1.3 Internet Connection Figure 4-4 Link Backup 131 4.3.1.4 Link BackupFigure 4-3 WAN - Static IP 1 IKE Setting 4.3.2 VPN SettingSettings 4.3.2.1 IPsec VPNTips Policy Namez IPsec Proposal 2 IPsec Settingz IPsec Policy SettingsproposalIPsec1 you just created Tipsz IP Address Pool 4.3.2.2 PPTP VPN Settingz L2TP/PPTP Tunnel Settings4.3.3.1 User Group 4.3.3 Network Managementz Group z View z UserFigure 4-11 Group Config Settings4.3.3.2 App Control 1 Enable Bandwidth Control4.3.3.3 Bandwidth Control Settings3 Bandwidth Control Rule 2 Interface BandwidthSettings Keep the default value4.3.3.4 Session Limit 4.3.4 Network SecuritySettings 1 Scan and import the entries to ARP List 4.3.4.1 LAN ARP Defense2 Set IP-MAC Binding Entry Manually 3 Set Attack Defense 4.3.4.2 WAN ARP DefenseSettings 00-11-22-33-44-aa4.3.4.4 Traffic Monitoring 4.3.4.3 Attack Defense1 Port Mirror 2 Statistics Figure 4-25 IP Traffic Statistics Chapter 5 CLI 5.1 ConfigurationFigure 5-3 Select the port to connect Figure 5-2 Connection DescriptionFigure 5-5 Connection Properties Settings 149 Figure 5-4 Port SettingsAccessing Path 5.2 Interface ModeLogout or Access the next Mode5.3 Online Help admin5.4 Command Introduction TP-LINK # ip-mac set mode restrict TP-LINK ip-mac get mode5.4.2 ip-mac 5.4.1 ipTP-LINK # sys export config TP-LINK # sys restore5.4.4 user TP-LINK # sys import configTP-LINK # user set password Enter old password TP-LINK user set password Enter old password5.4.5 history TP-LINK # user set username Enter new username tplink5.4.6 exit View the history commandTP-LINK history clear Exit CLIPower Appendix A Hardware SpecificationsStandards PortsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled Glossary Appendix C GlossaryAH （Authentication Header ） data authentication, and anti-replay services. ESP encapsulatesGlossary for services such as IPSec that require keys. Before any IPSecDescription Description GlossaryTelnet is used for remote terminal connection, enabling users to Description Glossary