TD-W8950ND

150Mbps Wireless Lite N ADSL2+ Modem Router User Guide

If you want to select the tone, click the Tone Selection button to go to the ADSL Tone Settings

page as shown in Figure 4-68.

Figure 4-68

4.5.10 Port Mapping

Choose “Advanced Setup

→

Port Mapping” menu, you can view and configure the parameters in

the screen as shown in Figure 4-69.

Port Mapping supports multiple ports to PVC and bridging groups. Each group will perform as an

independent network.

Figure 4-69

To add a Port Mapping group:

1.

Click the Add button, and Figure 4-70 pop up, and then you will set the port mapping group.

54

TD-W8950ND

150Mbps Wireless Lite N ADSL2+ Modem Router User Guide

Figure 4-70

2.

Enter the Group name and select interfaces from the available interface list and add it to the

grouped interface list using the arrow buttons to create the required mapping of the ports. The

group name must be unique. The max length is 15.

Click Save/Apply button to make the changes effective immediately

)

Note:

Group name only can be a number or letter 0("A~Z" or "a~z").

4.5.11 IPSec

Choose “Advanced Setup

→

IPSec”, you can Add/Remove or Enable/Disable the IPSec tunnel

connections on the screen as shown in Figure 4-71.

Figure 4-71

This section will guide you to configure a VPN tunnel between two TD-W8950NDs. The topology is

as follows.

55

TD-W8950ND

150Mbps Wireless Lite N ADSL2+ Modem Router User Guide

)

Note:

You could also use other VPN Routers to set VPN tunnels with TD-W8950ND. TD-W8950ND

supports up to 10 VPN tunnels simultaneously.

Click Add New Connection in Figure 4-71 and then you will enter the screen shown in Figure 4-72.

Figure 4-72

¾

IPSec Connection Name: Enter a name for your VPN.

56

TD-W8950ND

150Mbps Wireless Lite N ADSL2+ Modem Router User Guide

¾

Remote IPSec Gateway Address: Enter the destination gateway IP address in the box which is

the public WAN IP or Domain Name of the remote VPN server endpoint. (For example: Input

219.134.112.247 in Device1, Input 219.134.112.246 in Device 2)

¾

Tunnel access from local IP addresses: Choose Subnet if you want the Whole LAN to join the

VPN network, or else choose Single Address if you want single IP to join the VPN network.

¾

IP Address for VPN: Enter the IP address of your LAN. (For example: Input 192.168.1.1 in

Device1, Input 192.168.2.1 in Device2)

¾

IP Subnetmask: Enter the Subnet mask of your LAN. ( For example: Input 255.255.255.0 in

both Device1 and Device2)

¾

Tunnel access from remote IP addresses: Choose Subnet if you want the Remote Whole LAN

to join the VPN network, or else choose Single Address if you want single IP to join the VPN

network.

¾

IP Address for VPN: Enter the IP address of the Remote LAN. ( For example: Input

192.168.2.1 in Device1,Input 192.168.1.1 in Device2)

¾

IP Subnetmask: Enter the subnetmask of the remote LAN. ( For example: Input 255.255.255.0

in both Device1 and Device2)

¾

Key Exchange Method: Select Auto (IKE) or Manual.

¾

Authentication Method: Select Pre-Shared Key (recommended) or Certificate (X.509).

¾

Pre-Shared Key: Input the Pre-Shared key for Authentication. (For example: Input 12345678)

¾

Perfect Forward Secrecy: PFS is an additional security protocol.

We recommend you leave the Advanced Settings as default value.

After complete the basic settings and click Save/Apply in both Device1 and Device2, PCs in LAN1

could conmmunicate with PCs in remote LAN2. (For example: You can ping the IP address of PC2

which is 192.168.2.100 in PC1)

)

Note:

The VPN Servers Endpoint from both ends must use the same pre-shared keys and Perfect

Forward Secrecy settings.

Click Show Advanced Settings and then you can configure the Advanced Settings.

57

TD-W8950ND

150Mbps Wireless Lite N ADSL2+ Modem Router User Guide

¾

Main Mode: Select Main Mode to configure the standard negotiation parameters for IKE

phase1.

¾

Aggressive Mode: Select Aggressive Mode to configure IKE phase1 of the VPN Tunnel to

carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)

)

Note:

The difference between the two is that aggressive mode will pass more information in fewer

packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the

identities of the security firewall in the clear. When using aggressive mode, some configuration

parameters such as Diffie-Hellman groups, and PFS can not be negotiated, resulting in a greater

importance of having "compatible" configuration on both ends.

¾

Key Life Time:

Enter the number of seconds for the IPSec lifetime. It is the period of time to pass before

establishing a new IPSec security association (SA) with the remote endpoint. The default value is

3600.

)

Note:

If you want to change the default settings of Advanced Settings, please make sure that both VPN

server endpoints use the same Encryption Algorithm, Integrity Algorithm, Diffie-Hellman Group

and Key Life time in both phase1 and phase2.

58