TD-W8980

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router User Guide

37

)

Note:

You could also use other VPN Routers to set VPN tunnels with TD-W8980. TD-W8980 supports

up to 10 VPN tunnels simultaneously.

Click

Add New Connection

in Figure 4-21 and then you will enter the screen shown in Figure

4-22.

Figure 4-22

¾

IPSec Connection Name:

Enter a name for your VPN.

¾

Remote IPSec Gateway Address (URL):

Enter the destination gateway IP address in the box

which is the public WAN IP or Domain Name of the remote VPN server endpoint. (For example:

Input

219.134.112.247

in

Device1

, Input

219.134.112.246

in

Device 2

)

TD-W8980

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router User Guide

38

¾

Tunnel access from local IP addresses:

Choose Subnet if you want the Whole LAN to join

the VPN network, or else choose Single Address if you want single IP to join the VPN network.

¾

IP Address for VPN:

Enter the IP address of your LAN. (For example: Input

192.168.1.1

in

Device1

, Input

192.168.2.1

in

Device2

)

¾

IP Subnetmask:

Enter the Subnet mask of your LAN. ( For example: Input

255.255.255.0

in

both

Device1

and

Device2

)

¾

Tunnel access from remote IP addresses:

Choose Subnet if you want the Remote Whole

LAN to join the VPN network, or else choose Single Address if you want single IP to join the

VPN network.

¾

IP Address for VPN:

Enter the IP address of the Remote LAN. ( For example: Input

192.168.2.1

in

Device1

,Input

192.168.1.1

in

Device2

)

¾

IP Subnetmask:

Enter the subnetmask of the remote LAN. ( For example: Input

255.255.255.0

in both

Device1

and

Device2

)

¾

Key Exchange Method:

Select Auto (IKE) or Manual.

¾

Authentication Method:

Select Pre-Shared Key (recommended).

¾

Pre-Shared Key:

Input the Pre-Shared key for Authentication. (For example: Input 12345678)

¾

Perfect Forward Secrecy:

PFS is an additional security protocol.

We recommend you leave the Advanced Settings as default value.

After complete the basic settings and click Save/Apply in both

Device1

and

Device2

, PCs in LAN1

could communicate with PCs in remote LAN2. (For example: You can ping the IP address of PC2

which is 192.168.2.100 in PC1)

)

Note:

The VPN Servers Endpoint from both ends must use the same pre-shared keys and Perfect

Forward Secrecy settings.

Click

Show Advanced Settings

and then you can configure the Advanced Settings.

TD-W8980

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router User Guide

39

Figure 4-23

¾

Mode:

Select Main Mode to configure the standard negotiation parameters for IKE phase1.

¾

Aggressive Mode:

Select Aggressive Mode to configure IKE phase1 of the VPN Tunnel to

carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)

)

Note:

The difference between the two is that aggressive mode will pass more information in fewer

packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the

identities of the security firewall in the clear. When using aggressive mode, some configuration

parameters such as Diffie-Hellman groups, and PFS can not be negotiated, resulting in a greater

importance of having "compatible" configuration on both ends.

¾

Key Life Time:

Enter the number of seconds for the IPSec lifetime. It is the period of time to

pass before establishing a new IPSec security association (SA) with the remote endpoint. The

default value is 3600.

)

Note:

If you want to change the default settings of

Advanced Settings

, please make sure that both VPN

server endpoints use the same Encryption Algorithm, Integrity Algorithm, Diffie-Hellman Group

and Key Life time in both

phase1

and

phase2

.

4.6 DHCP Server

Choose “

DHCP Server

”, you can see the next submenus:

TD-W8980

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router User Guide

40

Click any of them, and you will be able to configure the corresponding function.

4.6.1 DHCP Settings

Choose menu “

DHCP Server

”

Æ

“

DHCP Settings

”, you can configure the DHCP Server on the

page as shown in Figure 4-24.The modem router is set up by default as a DHCP (Dynamic Host

Configuration Protocol) server, which provides the TCP/IP configuration for all the PC(s) that are

connected to the modem router on the LAN.

Figure 4-24

¾

Start IP Address:

Enter a value for the DHCP server to start with when issuing IP addresses.

Because the default IP address for the modem router is 192.168.1.1, the default Start IP

Address is

192.168.1.100

, and the Start IP Address must be 192.168.1.100 or greater, but

smaller than 192.168.1.254.

¾

End IP Address:

Enter a value for the DHCP server to end with when issuing IP addresses.

The End IP Address must be smaller than 192.168.1.254. The default End IP Address is

192.168.1.254

.

¾

Address Lease Time:

The Leased Time is the amount of time in which a network user will be

allowed connection to the modem router with their current dynamic IP address. Enter the

amount of time, in hours, then the user will be “leased” this dynamic IP address. After the

dynamic IP address has expired, the user will be automatically assigned a new dynamic IP

address. The default is

24

hours.

¾

Default Gateway -

(Optional.) It is suggested to input the IP address of the LAN port of the

modem router. The default value is 192.168.1.1.

¾

Default Domain -

(Optional.) Input the domain name of your network.

¾

Primary DNS -

(Optional.) Input the DNS IP address provided by your ISP or consult your

ISP.

TD-W8980

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router User Guide

41

¾

Secondary DNS -

(Optional.) Input the IP address of another DNS server if your ISP

provides two DNS servers.

¾

DHCP Relay:

Select

Relay

, then you will see the next screen, and the modem router will work

as a DHCP Relay. A DHCP relay is a computer that forwards DHCP data between computers

that request IP addresses and the DHCP server that assigns the addresses. Each of the

device's interfaces can be configured as a DHCP relay. If it is enabled, the DHCP requests

from local PCs will forward to the DHCP server runs on WAN side. To have this function

working properly, please run on router mode only, disable the DHCP server on the LAN port,

and make sure the routing table has the correct routing entry.

)

Note:

1)

To use the DHCP server function of the modem router, you must configure all computers on

the LAN as "Obtain an IP Address automatically".

2)

You have to disable NAT of the WAN connections, or the DHCP Relay may not take effect.

3)

If you select

Disabled

, the DHCP function will not take effect.

Click the

Save

button to save your settings.

4.6.2 Clients List

Choose menu “

DHCP Server

”

Æ

“

Clients List

”, you can view the information about the clients

attached to the modem router in the screen as shown in Figure 4-25.

Figure 4-25

¾

Client Name

:

The name of the DHCP client

¾

MAC Address

:

The MAC address of the DHCP client

¾

IP Address

:

The IP address that the modem router has allocated to the DHCP client

¾

Valid Time

:

The time of the DHCP client leased. After the dynamic IP address has expired,

a new dynamic IP address will be automatically assigned to the user.

You cannot change any of the values on this page. To update this page and to show the current

attached devices, click the

Refresh

button.