User Guide
Table Of Contents
- 1 At a glance
- 2 Quick setup
- 3 Login
- 4 System status
- 5 Internet settings
- 6 Wireless
- 7 Address reservation
- 8 Bandwidth control
- 9 Authentication
- 9.1 Overview
- 9.2 Configure captive portal
- 9.3 Example of captive portal
- 9.4 User management
- 10 AP mangement
- 11 Filter management
- 12 More settings
- 12.1 LAN settings
- 12.2 WAN parameters
- 12.3 Configure static route
- 12.4 Port mirroring
- 12.5 Manage your router remotely using web UI
- 12.6 DDNS
- 12.7 Port forwarding
- 12.8 DMZ host
- 12.9 UPnP
- 12.10 Any IP
- 12.11 Security settings
- 12.12 VPN server
- 12.13 VPN client
- 12.14 IPSec
- 12.15 Example of configuring VPN conenctions
- 12.16 Multi-WAN policy
- 13 Maintenance
- Appendix
162
Parameter description
Parameter
Description
IPSec
It is used to enable or disable the IPSec function.
WAN
It specifies the WAN port of the IPSec connection on this end. The remote gateway of the
IPSec peer should be the IP address of the WAN port you specified here.
Encapsulation
Mode
The router uses either of the following to encapsulate IP packets.
- Tunnel Mode: It is most commonly used between security gateways.
- Transport Mode: It is mainly used for end-to-end communications.
Connection
Name
It specifies the name of the IPSec tunnel.
Exchange Mode
It specifies whether the device is an imitator that starts the VPN request, or a responder
that answers the request.
- Initiator mode: It indicates the device that starts the VPN attempt.
- Responder mode: It indicates the device that answers the Initiator’s request.
IPSec peers cannot be set to Responder mode at the time. Otherwise, IPSec connection
fails.
Tunnel Protocol
The router supports ESP and AH protocols, as well as the mix of the two.
- ESP: It indicates the Encapsulating Security Payload protocol for verifying data integrity
and encrypting data. If a packet processed using this protocol is intercepted during
transmission, it is difficult for the intercepting party to obtain the real information
contained in the packet. This compatible protocol is widely used in gateway products.
- AH: It indicates the Authentication Header protocol used for verifying data integrity. If a
packet is tampered during transmission, the receiver discards it during data integrity
verification.
- AH+ESP: It indicates that the router uses both AH and ESP protocols.
Remote Gateway
IP address or domain name of the specified WAN port of the IPSec peer.
Local LAN/Prefix
Length
It specifies the network segment and subnet mask of LAN network of this device.
For example: Assume that the LAN IP address and subnet mask of this device are
192.168.0.252 and 255.255.255.0 respectively, you can enter 192.168.0.0/24.
Remote
LAN/Prefix
Length
It specifies the LAN network segment and subnet mask of the IPSec peer. If the remote
gateway is a single host, enter its IP address and subnet mask, such as 192.168.100.1/32.
Key Negotiation
The key negotiation method to establish an IPSec tunnel.
- Auto (default): It indicates that an SA is set up, maintained, and deleted automatically
using IKE (Internet Key Exchange). This reduces configuration complexity and simplifies
IPSec usage and management. Such an SA (Security Association) has a life cycle and is
updated regularly, leading to higher security.
- Manual: It indicates that an SA is set up by manually specifying encryption and
authentication algorithms and keys. Such an SA does not have a life cycle, and therefore
it remains valid unless being manually deleted, leading to a security risks. Generally, this
mode is used only for commissioning.