1. Home
    2. /
  2. Manuals
    3. /
  3. TP-Link
    4. /
  4. TL-R600VPN
    5. /
  5. 11
Page 51 / 82 Scroll up to view Page 46 - 50
TL-R600VPN
SafeStream
Gigabit Broadband VPN Router User Guide
TM
45
Figure 4-40
¾
IPSec:
Enable or disable IPsec and click save to apply.
¾
Policy Name:
The unique name to the IPsec policy for identification and management
purposes.
¾
Local Subnet:
The IP address range on your local LAN to identify which PCs on your LAN
are covered by this policy. It's formed by IP address and subnet mask.
¾
Remote Subnet:
The
IP address range on your remote network to identify which PCs on the
remote network are covered by this policy. It's formed by IP address and subnet mask.
¾
Exchange Mode:
The negotiation mode for the policy.
To add/modify an IPsec entry:
Step 1:
Click
Add New…
/
Modify
shown in Figure 4-40, you will see a new screen shown in
Figure 4-41.
Step 2:
Enter the Policy Name, Local Subnet, Remote Subnet, Remote Gateway, PFS Lifetime
and then select the Exchange Mode, Security Protocol, Authentication Algorithm, Encryption
Algorithm, IKE Security Policy, PFS Group. Then enable or disable the settings.
Page 52 / 82
TL-R600VPN
SafeStream
Gigabit Broadband VPN Router User Guide
TM
46
Figure 4-41
¾
Policy Name:
Enter the unique name to the IPsec policy for identification and management
purposes.
¾
Local Subnet:
Enter the IP address range on your local LAN to identify which PCs on your
LAN are covered by this policy. It's formed by IP address and subnet mask.
¾
Remote Subnet:
Enter
the
IP address range on your remote network to identify which PCs
on the remote network are covered by this policy. It's formed by IP address and subnet mask.
¾
Remote Gateway:
Enter the Remote Gateway. It can be IP address or domain name.
Exchange Mode:
Select the negotiation mode for the policy.
z
IKE: The parameters for the VPN tunnel are generated automatically via
IKE negotiations.
z
Manual: All settings (including the keys) for the VPN tunnel are manually
input and no key negotiation is needed.
z
IKE Mode
Security Policy:
It is available when IKE is selected as the
negotiation mode. Select the Security Policy for
IPsec.
Authentication Algorithm:
Select the Authentication Algorithm for IPsec
policy. The default value is “Auto”.
Page 53 / 82
TL-R600VPN
SafeStream
TM
Gigabit Broadband VPN Router User Guide
47
Encryption Algorithm:
Select the Encryption Algorithm for IPsec policy.
The default value is “Auto”.
IKE Security Policy:
Select the IKE Security Policy for IPsec policy.
PFS Group:
Select the PFS (Perfect Forward Security) for IKE
mode to enhance security. This setting should
match the remote peer. With PFS feature, IKE
negotiates to create a new key in Phase2. As it is
independent of the key created in Phase1, this key
can be secure even when the key in Phase1 is
de-encrypted. Without PFS, the key in Phase2 is
created based on the key in Phase1 and thus once
the key in Phase1 is de-encrypted, the key in
Phase2 is easy to be de-encrypted, in this case,
the communication secrecy is threatened.
Lifetime:
Specify IPsec SA Lifetime for IKE mode.
Status:
Enable or disable the entry.
z
Manual Mode
Security Protocol:
Select the Security Protocol for IPsec.
Authentication
Algorithm:
Select the Authentication Algorithm for IPsec policy. The
default value is “SHA1”.
Encryption
Algorithm:
Select the Encryption Algorithm for IPsec policy. The
default value is “AES256”.
Incoming SPI:
Specify the Incoming SPI (Security Parameter Index)
manually. The Incoming SPI here must match the
Outgoing SPI value at the other end of the tunnel, and
vice versa.
In
Authentication
Key:
Specify the inbound AH Authentication Key manually if AH
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound AH
Page 54 / 82
TL-R600VPN
SafeStream
TM
Gigabit Broadband VPN Router User Guide
48
authentication key at the other end of the tunnel, and vice
versa.
In Encryption Key:
Specify the Inbound Encryption Key manually if ESP
protocol The inbound key here must match the outbound
Encryption Key at the other end of the tunnel, and vice
versa.
Outgoing SPI:
Specify the Outgoing SPI (Security Parameter Index)
manually. The Outgoing SPI here must match the
Incoming SPI value at the other end of the tunnel, and
vice versa.
Out Authentication
Key:
Specify the outbound AH Authentication Key manually if
AH protocol is used in the corresponding IPsec Proposal.
The outbound key here must match the inbound AH
authentication key at the other end of the tunnel, and vice
versa.
Out
Encryption
Key:
Specify the outbound Encryption Key manually The
outbound key here must match the inbound Encryption
Key at the other end of the tunnel, and vice versa.
Status:
Enable or Disable the entry.
Other configurations for the entries as shown in Figure 4-40:
Click the
Delete All
button to delete all the entries.
Click the
Previous
button to view the information in the previous screen,
click the
Next
button to
view the information in the next screen.
4.8.3
SA List
This page displays the information of the IPsec SA (Security Association). Choose the menu
IPsec VPN
SA
List
to load the following page.
Page 55 / 82
TL-R600VPN
SafeStream
Gigabit Broadband VPN Router User Guide
TM
49
Figure 4-42
This page displays the connection status of the IPsec Policy. As Security Association is unidirec-
tional, an ingoing SA and an outgoing SA are created to protect data flows for each tunnel after
IPsec tunnel is successfully established. The ingoing SPI value and outgoing SPI value are dif-
ferent. However, the Incoming SPI value must match the Outgoing SPI value at the other end of
the tunnel, and vice versa. The connection status on the remote endpoint of this tunnel is as the
following figure shows. The SPI value is obtained via auto-negotiation.
4.9
PPTP VPN Server
Choose menu “
PPTP VPN Server
”, the next submenus are shown below.
Figure 4-43
Click any of them, and you will be able to configure the corresponding function. The detailed
explanations for each submenu are provided below.
4.9.1
Server Settings
Choose menu “
PPTP VPN Server
Server Settings
”, you can configure the parameters of the
PPTP Server in the next screen (shown in Figure 4-44).
Figure 4-44
¾
PPTP Server
Enable or disable the PPTP Server.

Rate

3.5 / 5 based on 2 votes.

Popular TP-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top