Manuals / TP-Link / Computer Equipment / Network Router

TP-Link TL-ER6120 manual ¾ IPsec Proposal

Models: TL-ER6120

1 169

Download 169 pages 57.81 Kb

Page 99

¾IPsec Proposal

Figure 3-60 IPsec Proposal

The following items are displayed on this screen:

¾IPsec Proposal

Proposal Name: Specify a unique name to the IPsec Proposal for

identification and management purposes. The IPsec proposal can be applied to IPsec policy.

Security Protocol: Select the security protocol to be used. Options include:

zAH: AH (Authentication Header) provides data origin authentication, data integrity, and anti-replay services.

zESP: ESP (Encapsulating Security Payload) provides data encryption in addition to origin authentication, data integrity, and anti-replay services.

AH Authentication: Select the algorithm used to verify the integrity of the data for AH authentication. Options include:

zMD5: MD5 (Message Digest Algorithm) takes a message of arbitrary length and generates a 128-bit message digest.

zSHA: SHA (Secure Hash Algorithm) takes a message less than the 64th power of 2 in bits and generates a 160-bit message digest.

ESP Authentication: Select the algorithm used to verify the integrity of the data

-94-

Image 99

TP-Link TL-ER6120 manual ¾ IPsec Proposal

Contents

Rev 1910010516 TL-ER6120 Multi-WAN VPN RouterCOPYRIGHT & TRADEMARKS FCC STATEMENTCE Mark Warning Chapter 1 About this Guide CONTENTSNetwork Requirements Chapter 4 ApplicationAppendix B Hardware SpecificationsGlossary Appendix APackage Contents 1.2 Conventions SymbolChapter 1 About this Guide 1.1 Intended ReadersProvides the possible solutions to the problems that may occur during Lists the hardware specifications of this RouterSpecifications Appendix B FAQ2.1 Overview of the Router z Powerful Data Processing Capabilityz Powerful Firewall Chapter 2 IntroductionHardware 2.2 Featuresz Multi-WAN Ports z Easy-to-useSecurity 2.3 Appearance2.3.1 Front Panel Traffic ControlIndication z Reset buttonz LEDs Statusz Power Socket 2.3.2 Rear Panelz Grounding Terminal Chapter 3 Configuration 3.1 Network3.1.1 Status 3.1.2 System Mode Figure 3-1 StatusThe TL-ER6120 Router can work in three modes NAT, Non-NAT and Classic Figure 3-3 Network Topology - Non-NAT Mode Figure 3-2 Network Topology - NAT Modez Non-NAT Mode z NAT Mode3.1.3 WAN 3.1.3.1 WAN Modez Classic Mode ¾ WAN Mode3.1.3.2 WAN1 1 Static IPTips 2 Dynamic IP ¾ Static IP¾ Dynamic IP Use the following DNS ¾ Dynamic IP StatusGet IP Address by Unicast3 PPPoE Connection Type Select PPPoE if your ISP provides xDSL Virtual ¾ PPPoE SettingsFigure 3-9 WAN - PPPoE The following items are displayed on this screensecondary Optional. Enter the ISP address provided by your ISPSubnet Address ¾ PPPoE StatusConnection Type IP AddressIP Address 4 L2TPAccount Name Enter the Account Name provided by your ISP. If you are ¾ L2TP SettingsFigure 3-10 WAN - L2TP The following items are displayed on this screenIf Static IP is selected, configure the subnet mask of WAN You can select the proper Active Mode according to yourStatus IP Address Primary DNS Secondary DNS ¾ L2TP Status5 PPTP Primary DNS/Secondary DNS Upstream Bandwidth Downstream Bandwidth¾ PPTP Settings Figure 3-11 WAN - PPTPThe following items are displayed on this screen Account Name ¾ PPTP Status 6 BigPondz “Disconnected” indicates that the connection has been ¾ BigPond Settings Status ¾ BigPond Status3.1.4 LAN 3.1.4.1 LAN¾ LAN 3.1.4.2 DHCP ¾ DHCP Settings3.1.4.4 DHCP Reservation 3.1.4.3 DHCP Client¾ DHCP Reservation ¾ List of Reserved AddressActivate or Inactivate the corresponding entry 3.1.5.1 DMZ 3.1.5 DMZ3.1.6 MAC Address ¾ DMZTips ¾ MAC Address Set the MAC Address for LAN portSet the MAC Address for WAN port Set the MAC Address for DMZ port3.1.7 Switch 3.1.7.1 Statistics¾ Statistics 3.1.7.2 Port Mirror ¾ Port Mirror ¾ General3.1.7.3 Rate Control Application ExampleTips ¾ Rate Control 3.1.7.4 Port Config3.1.7.5 Port Status ¾ Port ConfigTips 3.2 User Group3.1.7.6 Port VLAN ¾ Port VLAN¾ List of Group ¾ Group Config3.2.1 Group 3.2.2 User¾ User Config 3.2.3 View¾ List of User ¾ NAPT 3.3.1.1 NAT Setup3.3 Advanced 3.3.1 NAT¾ List of Rules 3.3.1.2 One-to-One NAT3.3.1.3 Multi-Nets NAT ¾ Multi-Nets NAT¾ list of Rules Application Example Network Requirements Configuration procedure ¾ Virtual Server 3.3.1.4 Virtual Server¾ List of Rules 3.3.1.5 Port Triggering3.3.1.6 ALG ¾ Port Triggering¾ List of Rules 3.3.2.1 Setup 3.3.2 Traffic Control¾ ALG ¾ Interface Bandwidth 3.3.2.2 Bandwidth Control ¾ Bandwidth Control Rule ¾ List of RulesSelect the data stream direction for the entry. The direction of arrowhead 3.3.3 Session Limit 3.3.3.1 Session Limit¾ General ¾ Session Limit 3.3.4.1 Configuration3.3.4 Load Balance 3.3.3.2 Session List3.3.4.2 Policy Routing 3.3.4.3 Link Backup ¾ General¾ List of Rules ¾ General ¾ List of Rules 3.3.4.4 Protocol¾ List of Protocol 3.3.5 Routing3.3.5.1 Static Route ¾ Protocol¾ List of Rules ¾ Static RouteThere is a network topology as the following figure shown Application Example¾ General 3.3.5.2 RIP¾ List of RIP 3.3.5.3 Route Table3.4 Firewall 3.4.1 Anti ARP Spoofing3.4.1.1 IP-MAC Binding Status ¾ IP-MAC Binding¾ General IP Address¾ List of Rules 3.4.1.2 ARP Scanning3.4.1.3 ARP List 3.4.2 Attack DefenseFigure 3-48 Attack Defense The following items are displayed on this screen¾ General 3.4.3 MAC Filtering ¾ MAC Filtering¾ General ¾ General 3.4.4 Access Control3.4.4.1 URL Filtering ¾ List of Rules¾ List of Rules Configuration Procedure¾ URL Filtering Rule Select the mode for URL Filtering. “Keyword’’ indicates that all the3.4.4.2 Web Filtering 3.4.4.3 Access Rules¾ Access Rules Select the service for the entry. Only the service belonging to theother service types can still pass through the Router. You can add group on3.2.1 Group Select the Source IP Range for the entries, including the followingSelect this option to specify the priority for the added entries. The ¾ List of Rules 3.4.4.4 Service3.4.5.1 Control Rules ¾ Service¾ List of Service 3.4.5 App Control¾ General ¾ Control Rules3.5 VPN 3.4.5.2 Database¾ List of Rules 3.5.1.1 IKE Policy 3.5.1 IKE¾ IKE Policy ¾ List of IKE Policy 3.5.1.2 IKE Proposal¾ IKE Proposal 3.5.2 IPsec 3.5.2.1 IPsec Policy¾ List of IKE Proposal ¾ IPsec Policy Select the network mode for IPsec policy. Options include¾ General z IKE Mode Key-In z Manual ModeIPsec Proposal Incoming SPI3.5.2.2 IPsec Proposal ¾ List of IPsec Policy IPsecTips ¾ IPsec Proposal ¾ List of IPsec Proposal 3.5.2.3 IPsec SAProtocol Authentication3.5.3 L2TP/PPTP 3.5.3.1 L2TP/PPTP Tunnel¾ L2TP/PPTP Tunnel Specify the working mode for this Router. Options include¾ General tunnel TunnelSelect the network mode for the tunnel. Options include¾ List of Configurations 3.5.3.2 IP Address Pool¾ IP Address Pool ¾ List of IP Pool 3.6 Services3.6.1 PPPoE Server 3.5.3.3 List of L2TP/PPTP Tunnel3.6.1.1 General ¾ General PPPoE Server Dial-up Access OnlyIdle Timeout Authentication Auth Protocol Radius Server Shared Key 3.6.1.2 IP Address PoolIP Address Range 3.6.1.3 Account¾ IP Address Pool Pool Name¾ Account 3.6.1.4 Exceptional IP ¾ List of Account¾ Exceptional IP 3.6.2 E-Bulletin 3.6.1.5 List of Account¾ List of Account ¾ General ¾ E-BulletinEnable E-Bulletin Enable LogsTips 3.6.3 Dynamic DNS¾ List of E-Bulletin Content Object Effective Time Publisher Description Status¾ Dyndns DDNS 3.6.3.1 DynDNS3.6.3.2 No-IP ¾ List of DynDNS Account¾ No-IP DDNS 3.6.3.3 PeanutHull ¾ List of No-IP Account¾ PeanutHull DDNS 3.6.3.4 Comexe ¾ List of PeanutHull Account¾ Comexe DDNS ¾ List of Comexe Account 3.6.4 UPnP¾ List of UPnP Mapping 3.7 Maintenance3.7.1 Admin Setup 3.7.1.1 Administrator3.7.1.2 Login Parameter ¾ AdministratorTips Application Example Network Requirements Configuration Procedure¾ General Web Management Port Enter the Web Management Port for the Router¾ Remote Management 3.7.2.1 Factory Defaults3.7.2 Management 3.7.1.3 Remote Management¾ Export 3.7.2.3 Reboot¾ Configuration Version 3.7.2.2 Export and Import3.7.3 License 3.7.2.4 Firmware Upgrade3.7.4 Statistics 3.7.4.1 Interface Traffic Statistics¾ Interface Traffic Statistics ¾ Advanced WAN Information 3.7.4.2 IP Traffic Statistics3.7.5 Diagnostics 3.7.5.1 Diagnostics¾ IP Traffic Statistics ¾ Ping 3.7.5.2 Online Detection ¾ Tracert¾ General 3.7.6 Time ¾ List of WAN status¾ Current Time ¾ Config 3.7.7 Logs¾ List of Logs Level Send System LogsDescription 4.1 Network Requirements Chapter 4 Application4.2 Network Topology 4.3 Configurations 4.3.1 Internet SettingTips 4.3.1.1 System Mode 4.3.1.2 WAN Mode4.3.1.3 Internet Connection 4.3.1.4 Link Backup Figure 4-4 Link Backup 131Figure 4-3 WAN - Static IP 4.3.2.1 IPsec VPN 4.3.2 VPN Setting1 IKE Setting SettingsTips Policy NameSettings 2 IPsec Settingz IPsec Proposal z IPsec PolicyproposalIPsec1 you just created TipsSettings 4.3.2.2 PPTP VPN Settingz IP Address Pool z L2TP/PPTP Tunnel4.3.3 Network Management 4.3.3.1 User Groupz Group Settings z Userz View Figure 4-11 Group ConfigSettings 1 Enable Bandwidth Control4.3.3.2 App Control 4.3.3.3 Bandwidth ControlKeep the default value 2 Interface Bandwidth3 Bandwidth Control Rule Settings4.3.4 Network Security 4.3.3.4 Session LimitSettings 4.3.4.1 LAN ARP Defense 1 Scan and import the entries to ARP List2 Set IP-MAC Binding Entry Manually 00-11-22-33-44-aa 4.3.4.2 WAN ARP Defense3 Set Attack Defense Settings4.3.4.3 Attack Defense 4.3.4.4 Traffic Monitoring1 Port Mirror 2 Statistics Figure 4-25 IP Traffic Statistics Chapter 5 CLI 5.1 ConfigurationFigure 5-3 Select the port to connect Figure 5-2 Connection DescriptionFigure 5-5 Connection Properties Settings 149 Figure 5-4 Port SettingsMode 5.2 Interface ModeAccessing Path Logout or Access the next5.3 Online Help admin5.4 Command Introduction 5.4.1 ip TP-LINK ip-mac get modeTP-LINK # ip-mac set mode restrict 5.4.2 ip-macTP-LINK # sys export config TP-LINK # sys restore5.4.4 user TP-LINK # sys import configTP-LINK # user set username Enter new username tplink TP-LINK user set password Enter old passwordTP-LINK # user set password Enter old password 5.4.5 historyExit CLI View the history command5.4.6 exit TP-LINK history clearPorts Appendix A Hardware SpecificationsPower StandardsAppendix B FAQ 4. Make sure that the NAT DMZ service is disabled data authentication, and anti-replay services. ESP encapsulates Appendix C GlossaryGlossary AH （Authentication Header ）for services such as IPSec that require keys. Before any IPSec GlossaryDescription Glossary DescriptionTelnet is used for remote terminal connection, enabling users to Description Glossary