Page 56 / 125 Scroll up to view Page 51 - 55
TD-W9970
300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide
45
4.5.8 DSL Settings
Choose “
Network
DSL Settings
”, you can select the DSL Modulation Type and Annex Type in
the next screen. The DSL feature can be selected when you meet the physical connection
problem. Please check the proper settings with your Internet service provider.
Figure 4-29
DSL Modulation Type:
Select the DSL operation Modulation Type which your DSL
connection uses.
Annex Type:
Select the DSL operation Annex Type which your DSL connection uses.
Click the
Save
button to save your settings.
4.5.9 IPSec VPN
Choose “
Network
IPSec VPN
”, you can Add/Remove or Enable/Disable the IPSec tunnel
connections on the screen as shown in Figure 4-30.
Figure 4-30
This section will guide you to configure a VPN tunnel between two TD-W9970s. The topology is as
follows.
Page 57 / 125
TD-W9970
300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide
46
Note:
You could also use other VPN Routers to set VPN tunnels with TD-W9970. TD-W9970 supports
up to 10 VPN tunnels simultaneously.
Click
Add New Connection
in Figure 4-30 and then you will enter the screen shown in Figure
4-31.
Page 58 / 125
TD-W9970
300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide
47
Figure 4-31
IPSec Connection Name:
Enter a name for your VPN.
Remote IPSec Gateway Address (URL):
Enter the destination gateway IP address in the box
which is the public WAN IP or Domain Name of the remote VPN server endpoint. (For example:
Input
219.134.112.247
in
Device1
, Input
219.134.112.246
in
Device 2
)
Tunnel access from local IP addresses:
Choose Subnet if you want the Whole LAN to join
the VPN network, or else choose Single Address if you want single IP to join the VPN network.
IP Address for VPN:
Enter the IP address of your LAN. (For example: Input
192.168.1.1
in
Device1
, Input
192.168.2.1
in
Device2
)
IP Subnetmask:
Enter the Subnet mask of your LAN. ( For example: Input
255.255.255.0
in
both
Device1
and
Device2
)
Tunnel access from remote IP addresses:
Choose Subnet if you want the Remote Whole
LAN to join the VPN network, or else choose Single Address if you want single IP to join the
VPN network.
IP Address for VPN:
Enter the IP address of the Remote LAN. (For example: Input
192.168.2.1
in
Device1
,Input
192.168.1.1
in
Device2
)
IP Subnetmask:
Enter the subnetmask of the remote LAN. ( For example: Input
255.255.255.0
in both
Device1
and
Device2
)
Key Exchange Method:
Select
Auto (IKE)
or
Manual
.
If you select
Auto
as
Key Exchange Method
, the screen will display as follows:
Page 59 / 125
TD-W9970
300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide
48
Figure 4-32
Authentication Method:
Select Pre-Shared Key (recommended).
Pre-Shared Key:
Enter the Pre-shared Key for IKE authentication, and ensure both the two
peers use the same key. The key should consist of visible characters without blank space.
Perfect Forward Secrecy:
PFS is an additional security protocol.
We recommend you leave the Advanced Settings as default value.
After complete the basic settings and click Save/Apply in both
Device1
and
Device2
, PCs in
LAN1 could communicate with PCs in remote LAN2. (For example: You can ping the IP
address of PC2 which is 192.168.2.100 in PC1)
Note:
The VPN Servers Endpoint from both ends must use the same pre-shared keys and Perfect
Forward Secrecy settings.
Click
Show Advanced Settings
and then you can configure the Advanced Settings.
Figure 4-33
Page 60 / 125
TD-W9970
300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide
49
Settings for Phase 1:
Mode:
You can select
Main
or
Aggressive.
Select
Main
to configure the standard negotiation
parameters for IKE phase1. Select
Aggressive
to configure IKE phase1 of the VPN Tunnel to
carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)
Note:
The difference between the two is that aggressive mode will pass more information in fewer
packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the
identities of the security firewall in the clear. When using aggressive mode, some configuration
parameters such as Diffie-Hellman groups, and PFS cannot be negotiated, resulting in a greater
importance of having "compatible" configuration on both ends.
My Identifier Type
- Select the local ID type for IKE negotiation.
Local Wan IP
: uses an IP
address as the ID in IKE negotiation.
FQDN
: uses a name as the ID.
My Identifier -
This field does not need to enter if
Local WAN IP
is selected in
My Identifier
Type
field. And the WAN IP will be used automatically as Identifier. If Name type is selected,
enter a name for the local device as the ID in IKE negotiation.
Remote Identifier Type
- The remote gateway IP will be inputted automatically if IP Address
type is selected. If Name type is selected, enter the name of the remote peer as the ID in IKE
negotiation.
Remote Identifier
- This field does not need to enter if
Remote WAN IP
is selected in
Remote
Identifier Type
field. And the remote gateway IP will be used automatically as Identifier. If
Name type is selected, enter the name of the remote peer as the ID in IKE negotiation.
Encryption Algorithm -
Specify the encryption algorithm for IKE negotiation. Options include:
DES, 3DES, AES-128, AES-192, AES-256.
Integrity Algorithm -
Select the authentication algorithm for IKE negotiation. Options include:
MD5
and
SHA1
.
Select Diffie-Hellman Group for Key Exchange -
Select the DH (Diffie-Hellman) group to be
used in key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.
Key Life Time:
Enter the number of seconds for the IPSec lifetime. It is the period of time to
pass before establishing a new IPSec security association (SA) with the remote endpoint. The
default value is 3600.
Settings for Phase 1:
Encryption Algorithm -
Specify the encryption algorithm for IKE negotiation. Options include:
DES,3DES, AES-128, AES-192, AES-256
Integrity Algorithm -
Select the authentication algorithm for IKE negotiation. Options include:
MD5
and
SHA1
.
Diffie-Hellman Group for Key Exchange -
Select the DH (Diffie-Hellman) group to be used in
key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.
Key Life Time -
Enter the number of seconds for the IPSec lifetime. It is the period of time to
pass before establishing a new IPSec security association (SA) with the remote endpoint. The
default value is 3600.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top