TD-W9970

300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide

45

4.5.8 DSL Settings

Choose “

Network

”



“

DSL Settings

”, you can select the DSL Modulation Type and Annex Type in

the next screen. The DSL feature can be selected when you meet the physical connection

problem. Please check the proper settings with your Internet service provider.

Figure 4-29



DSL Modulation Type:

Select the DSL operation Modulation Type which your DSL

connection uses.



Annex Type:

Select the DSL operation Annex Type which your DSL connection uses.

Click the

Save

button to save your settings.

4.5.9 IPSec VPN

Choose “

Network

”



“

IPSec VPN

”, you can Add/Remove or Enable/Disable the IPSec tunnel

connections on the screen as shown in Figure 4-30.

Figure 4-30

This section will guide you to configure a VPN tunnel between two TD-W9970s. The topology is as

follows.

TD-W9970

300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide

46



Note:

You could also use other VPN Routers to set VPN tunnels with TD-W9970. TD-W9970 supports

up to 10 VPN tunnels simultaneously.

Click

Add New Connection

in Figure 4-30 and then you will enter the screen shown in Figure

4-31.

TD-W9970

300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide

47

Figure 4-31



IPSec Connection Name:

Enter a name for your VPN.



Remote IPSec Gateway Address (URL):

Enter the destination gateway IP address in the box

which is the public WAN IP or Domain Name of the remote VPN server endpoint. (For example:

Input

219.134.112.247

in

Device1

, Input

219.134.112.246

in

Device 2

)



Tunnel access from local IP addresses:

Choose Subnet if you want the Whole LAN to join

the VPN network, or else choose Single Address if you want single IP to join the VPN network.



IP Address for VPN:

Enter the IP address of your LAN. (For example: Input

192.168.1.1

in

Device1

, Input

192.168.2.1

in

Device2

)



IP Subnetmask:

Enter the Subnet mask of your LAN. ( For example: Input

255.255.255.0

in

both

Device1

and

Device2

)



Tunnel access from remote IP addresses:

Choose Subnet if you want the Remote Whole

LAN to join the VPN network, or else choose Single Address if you want single IP to join the

VPN network.



IP Address for VPN:

Enter the IP address of the Remote LAN. (For example: Input

192.168.2.1

in

Device1

,Input

192.168.1.1

in

Device2

)



IP Subnetmask:

Enter the subnetmask of the remote LAN. ( For example: Input

255.255.255.0

in both

Device1

and

Device2

)



Key Exchange Method:

Select

Auto (IKE)

or

Manual

.

If you select

Auto

as

Key Exchange Method

, the screen will display as follows:

TD-W9970

300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide

48

Figure 4-32



Authentication Method:

Select Pre-Shared Key (recommended).



Pre-Shared Key:

Enter the Pre-shared Key for IKE authentication, and ensure both the two

peers use the same key. The key should consist of visible characters without blank space.



Perfect Forward Secrecy:

PFS is an additional security protocol.

We recommend you leave the Advanced Settings as default value.



After complete the basic settings and click Save/Apply in both

Device1

and

Device2

, PCs in

LAN1 could communicate with PCs in remote LAN2. (For example: You can ping the IP

address of PC2 which is 192.168.2.100 in PC1)



Note:

The VPN Servers Endpoint from both ends must use the same pre-shared keys and Perfect

Forward Secrecy settings.

Click

Show Advanced Settings

and then you can configure the Advanced Settings.

Figure 4-33

TD-W9970

300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide

49

Settings for Phase 1:



Mode:

You can select

Main

or

Aggressive.

Select

Main

to configure the standard negotiation

parameters for IKE phase1. Select

Aggressive

to configure IKE phase1 of the VPN Tunnel to

carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)



Note:

The difference between the two is that aggressive mode will pass more information in fewer

packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the

identities of the security firewall in the clear. When using aggressive mode, some configuration

parameters such as Diffie-Hellman groups, and PFS cannot be negotiated, resulting in a greater

importance of having "compatible" configuration on both ends.



My Identifier Type

- Select the local ID type for IKE negotiation.

Local Wan IP

: uses an IP

address as the ID in IKE negotiation.

FQDN

: uses a name as the ID.



My Identifier -

This field does not need to enter if

Local WAN IP

is selected in

My Identifier

Type

field. And the WAN IP will be used automatically as Identifier. If Name type is selected,

enter a name for the local device as the ID in IKE negotiation.



Remote Identifier Type

- The remote gateway IP will be inputted automatically if IP Address

type is selected. If Name type is selected, enter the name of the remote peer as the ID in IKE

negotiation.



Remote Identifier

- This field does not need to enter if

Remote WAN IP

is selected in

Remote

Identifier Type

field. And the remote gateway IP will be used automatically as Identifier. If

Name type is selected, enter the name of the remote peer as the ID in IKE negotiation.



Encryption Algorithm -

Specify the encryption algorithm for IKE negotiation. Options include:

DES, 3DES, AES-128, AES-192, AES-256.



Integrity Algorithm -

Select the authentication algorithm for IKE negotiation. Options include:

MD5

and

SHA1

.



Select Diffie-Hellman Group for Key Exchange -

Select the DH (Diffie-Hellman) group to be

used in key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.



Key Life Time:

Enter the number of seconds for the IPSec lifetime. It is the period of time to

pass before establishing a new IPSec security association (SA) with the remote endpoint. The

default value is 3600.

Settings for Phase 1:



Encryption Algorithm -

Specify the encryption algorithm for IKE negotiation. Options include:

DES,3DES, AES-128, AES-192, AES-256



Integrity Algorithm -

Select the authentication algorithm for IKE negotiation. Options include:

MD5

and

SHA1

.



Diffie-Hellman Group for Key Exchange -

Select the DH (Diffie-Hellman) group to be used in

key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.



Key Life Time -

Enter the number of seconds for the IPSec lifetime. It is the period of time to

pass before establishing a new IPSec security association (SA) with the remote endpoint. The

default value is 3600.