TL-WR842ND

300Mbps Multi-Function Wireless N Router

- 48 -

4.7.3

Address Reservation

Choose menu “

DHCP

→

Address Reservation

”, you can view and add a reserved address for

clients via the next screen (shown in Figure 4-29).When you specify a reserved IP address for a

PC on the LAN, that PC will always receive the same IP address each time when it accesses the

DHCP server. Reserved IP addresses should be assigned to the servers that require permanent

IP settings.

Figure 4-29

Address Reservation

¾

MAC Address -

The MAC address of the PC for which you want to reserve an IP address.

¾

Reserved IP Address -

The IP address reserved for the PC by the Router.

¾

Status

-

The status of this entry, either

Enabled

or

Disabled

.

To Reserve an IP address:

1.

Click the

Add New…

button. Then Figure 4-30 will pop up.

2.

Enter the MAC address (in XX-XX-XX-XX-XX-XX format.) and IP address (in dotted-decimal

notation) of the computer for which you want to reserve an IP address.

3.

Click the

Save

button.

Figure 4-30

Add or Modify an Address Reservation Entry

To modify or delete an existing entry:

1.

Click the

Modify

in the entry you want to modify. If you want to delete the entry, click the

Delete

.

TL-WR842ND

300Mbps Multi-Function Wireless N Router

- 49 -

2.

Modify the information.

3.

Click the

Save

button.

Click the

Enable/Disabled All

button to make all entries enabled/disabled.

Click the

Delete All

button to delete all entries.

Click the

Next

button to go to the next page and Click the

Previous

button to return the previous

page.

4.8

VPN

Figure 4-31 The VPN menu

There are three submenus under the VPN menu (shown in Figure 4-31),

IKE

,

IPsec

and

Security

Alliance List

. Click any of them, and you will be able to configure the corresponding function.

VPN (Virtual Private Network) is a private network established via the public network, generally

via the Internet. However, the private network is a logical network without any physical network

lines, so it is called Virtual Private Network which can guarantee a secured data exchange.

4.8.1

IKE

IKE (Internet Key Exchange) Proposal is used for key negotiation before VPN tunnels based on

IPSec are established. Here you could easily set up high-security connections with IKE but make

sure that the IKE settings should be the same for the local and peer endpoints.

Choose menu “

VPN

→

IKE

”, you can view the information of IKE Policies in this table (shown in

Figure 4-33) and edit them by the action buttons.

Figure 4-32 List of IKE Policy

To add a new IKE Policy entry, click the

Add

button and the next screen will pop-up as shown in

Figure 4-33. You can set parameters for IKE Policy entry on this page.

TL-WR842ND

300Mbps Multi-Function Wireless N Router

- 50 -

Figure 4-33 IKE Policy Settings

¾

Policy Name -

Specify a unique name to the IKE policy for identification and management

purposes.

¾

Exchanged Mode -

Select the IKE Exchange Mode in phase 1, and ensure the remote VPN

peer uses the same mode.

z

Main mode -

Provides identity protection and exchanges more information, which

applies to the scenarios with higher requirement for identity protection.

z

Aggressive mode -

Establishes a faster connection but with lower security, which

applies to scenarios with lower requirement for identity protection.

¾

Local/Peer ID Type -

Select the type of Local ID/Peer ID for negotiation in

Aggressive

mode

.

¾

Local/Peer ID -

If "IP" is selected, enter the IP Address of gateway for negotiation; if "NAME"

is selected, enter the name for negotiation.

¾

Authentication Algorithm

-

Select the authentication algorithm for IKE Negotiation.

¾

Encryption Algorithm -

Select the encryption algorithm for IKE Negotiation.

¾

DH Group -

Select the parameter of Diffie-Hellman algorithm for IKE Negotiation.

¾

Pre-shared Key -

Manually enter ASCII characters for the Pre-shared key that should be the

same for the local and peer endpoints.

¾

Lifetime -

Manually enter the number of seconds for the IKE Lifetime (The period of time to

pass before establishing a new IKE security association (SA) with the peer endpoint). The

default value is 28800.

TL-WR842ND

300Mbps Multi-Function Wireless N Router

- 51 -

¾

DPD -

Enable or disable DPD (Dead Peer Detect) function. If enabled, a Dead Peer Detection

(DPD) packet is sent from the VPN Concentrator to the VPN Client to ensure its peer is still

there.

¾

DPD Interval -

Manually enter the number of seconds for the DPD Interval. The default value

is 10.

To modify or delete an existing entry:

1.

Find the desired entry in the table.

2.

Click

modify

or

delete

as desired on the

Configuration

column.

Click the

Delete All

button to delete all entries.

4.8.2

IPsec

IPsec (IP Security) is a set of services and protocols defined by IETF (Internet Engineering Task

Force) to provide high security for IP packets and prevent attacks.

To ensure a secured communication, the two IPsec peers use IPsec protocol to negotiate the data

encryption algorithm and the security protocols for checking the integrity of the transmission data,

and exchange the key to data de-encryption.

Choose menu “

VPN

→

IPsec

”, you can view the information of IPsec Policies in this table (shown

in Figure 4-34) and edit them by the action buttons. Check the

Enable

box and click the

Save

button to enable IPsec function.

Figure 4-34 List of IPsec Policy

To add a new IPsec Policy entry, click the

Add

button and the next screen will pop-up as shown in

Figure 4-35. You can set parameters for IPsec Policy entry on this page.

TL-WR842ND

300Mbps Multi-Function Wireless N Router

- 52 -

Figure 4-35 IPsec Policy Settings

¾

Policy Name

-

Enter the name for the IPsec Policy.

¾

Local Subnet

-

Enter the local (LAN) subnet and mask.(ex. 192.168.0.0/24)

¾

Peer Subnet -

Enter the Peer subnet and mask.

¾

Peer Gateway

-

Enter the Peer gateway or domain.

¾

Negotiation Mode

-

Here you could find two options, IKE Negotiation Mode and Manually

Mode. You are recommended to select the default mode-- IKE Negotiation Mode, and all the

parameters could be negotiated automatically according to IKE. If Manually Mode is selected,

you should manually set up the Encryption and SPI parameters according to the instructions.

¾

Security Protocol

-

Select the Security Protocol from the drop-down list. Here you could find

AH (Authentication Header) and ESP (Encapsulation Security Payload) protocols.

¾

Authentication Algorithm

-

Select the Authentication Algorithm for IPsec connection. You

could also keep the default value "Auto".

¾

Encryption Algorithm

-

Select the Encryption Algorithm for IPsec connection. You could also

keep the default value "Auto".

¾

In SPI

-

It is for direction in SPI parameter set in manual mode, and the parameter must be

the same as peer

Out SPI.

¾

In Authentication Key

-

It is for direction in authentication key set in manual mode, and the

key must be the same as peer

Out Authentication Key.

¾

Out SPI

-

It is for direction out SPI parameter set in manual mode, and the parameter must be

same as peer

In SPI.