Page 71 / 122 Scroll up to view Page 66 - 70
TD-W8960N
300Mbps Wireless N ADSL2+ Modem Router User Guide
Figure 4-65
This section will guide you to configure a VPN tunnel between two TD-W8960Ns. The topology is
as follows.
)
Note:
You could also use other VPN Routers to set VPN tunnels with TD-W8960N. TD-W8960N
supports up to 10 VPN tunnels simultaneously.
Click
Add New Connection
in Figure 4-65 and then you will enter the screen shown in Figure
4-66.
64
Page 72 / 122
TD-W8960N
300Mbps Wireless N ADSL2+ Modem Router User Guide
Figure 4-66
¾
IPSec Connection Name:
Enter a name for your VPN.
¾
Remote IPSec Gateway Address (IP or Domain Name):
Enter the destination gateway IP
address in the box which is the public WAN IP or Domain Name of the remote VPN server
endpoint. (For example: Input
219.134.112.247
in
Device1
, Input
219.134.112.246
in
Device
2
)
¾
Tunnel access from local IP addresses:
Choose Subnet if you want the Whole LAN to join
the VPN network, or else choose Single Address if you want single IP to join the VPN network.
¾
IP Address for VPN:
Enter the IP address of your LAN. (For example: Input
192.168.1.1
in
Device1
, Input
192.168.2.1
in
Device2
)
¾
IP Subnetmask:
Enter the Subnet mask of your LAN. ( For example: Input
255.255.255.0
in
both
Device1
and
Device2
)
¾
Tunnel access from remote IP addresses:
Choose Subnet if you want the Remote Whole
LAN to join the VPN network, or else choose Single Address if you want single IP to join the
VPN network.
¾
IP Address for VPN:
Enter the IP address of the Remote LAN. ( For example: Input
192.168.2.1
in
Device1
,Input
192.168.1.1
in
Device2
)
¾
IP Subnetmask:
Enter the subnetmask of the remote LAN. ( For example: Input
255.255.255.0
in both
Device1
and
Device2
)
¾
Key Exchange Method:
Select Auto (IKE) or Manual.
¾
Authentication Method:
Select Pre-Shared Key (recommended) or Certificate (X.509).
65
Page 73 / 122
TD-W8960N
300Mbps Wireless N ADSL2+ Modem Router User Guide
¾
Pre-Shared Key:
Input the Pre-Shared key for Authentication. (For example: Input 12345678)
¾
Perfect Forward Secrecy:
PFS is an additional security protocol.
We recommend you leave the Advanced Settings as default value.
After complete the basic settings and click Save/Apply in both
Device1
and
Device2
, PCs in LAN1
could conmmunicate with PCs in remote LAN2. (For example: You can ping the IP address of PC2
which is 192.168.2.100 in PC1)
)
Note:
The VPN Servers Endpoint from both ends must use the same pre-shared keys and Perfect
Forward Secrecy settings.
Click
Show Advanced Settings
and then you can configure the Advanced Settings.
¾
Main Mode:
Select Main Mode to configure the standard negotiation parameters for IKE
phase1.
¾
Aggressive Mode:
Select Aggressive Mode to configure IKE phase1 of the VPN Tunnel to
carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)
)
Note:
The difference between the two is that aggressive mode will pass more information in fewer
packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the
identities of the security firewall in the clear. When using aggressive mode, some configuration
parameters such as Diffie-Hellman groups, and PFS can not be negotiated, resulting in a greater
importance of having "compatible" configuration on both ends.
66
Page 74 / 122
TD-W8960N
300Mbps Wireless N ADSL2+ Modem Router User Guide
¾
Key Life Time:
Enter the number of seconds for the IPSec lifetime. It is the period of time to pass before
establishing a new IPSec security association (SA) with the remote endpoint. The default value is
3600.
)
Note:
If you want to change the default settings of
Advanced Settings
, please make sure that both VPN
server endpoints use the same Encryption Algorithm, Integrity Algorithm, Diffie-Hellman Group
and Key Life time in both
phase1
and
phase2
.
4.5 Wireless
Choose “
Wireless
”, there are six submenus to configure Wireless LAN settings. Click any of them,
and you will be able to configure the corresponding function. The detailed explanations for each
submenu are provided below.
4.5.1 Basic
Choose “
Wireless
Æ
Basic
”, you will see the screen of
Wireless--Basic
settings shown as below.
The basic settings for wireless networking are set on this screen.
Figure 4-67
67
Page 75 / 122
TD-W8960N
300Mbps Wireless N ADSL2+ Modem Router User Guide
This page allows you to configure basic features of the wireless LAN interface. You can enable or
disable the wireless LAN interface, hide the network from active scans, set the wireless network
name (also known as SSID) and restrict the channel set based on Region requirements.
¾
Enable Wireless:
If you want to use wireless features, you must select “Enable Wireless”. If
you deselect “Enable Wireless” option, all the Wireless settings below will be disabled.
¾
Hide Access Point:
When wireless clients survey the local area for wireless networks to
associate with, you can select this option to avoided being surveyed.
¾
Clients Isolation:
Select this option to enable AP isolation function so that stations associated
to the AP will not be able to communicate with each other.
¾
SSID:
Wireless network name shared among all points in a wireless network. The SSID must
be identical for all devices in the wireless network. It is case-sensitive and must not exceed 32
characters (use any of the characters on the keyboard). Make sure this setting is the same for
all stations in your wireless network. Type the desired SSID in the space provided.
¾
BSSID:
Show the MAC address of the Router.
¾
Country:
Restrict the channel set and transmit power.
Click
Apply/Save
to save your settings.
4.5.2 Security
Choose “
Wireless
Æ
Security
”, you will see the screen of
Wireless--Security
settings shown as
below. You can configure security features of the wireless LAN interface by manually setting the
network authentication or through QSS
(Quick Security Setup) method.
68

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top