User's Manual
Table Of Contents
- TL-ER604W(UN)1.0-UG-2016.4.27修改
- 路由器
- TL-ER604W(UN)1.0-UG-2016.4.27修改
- Package Contents
- Chapter 1 About this Guide
- Chapter 2 Introduction
- Chapter 3 Configuration
- Chapter 4 Application
- Appendix A Hardware Specifications
- Appendix B FAQ
- Appendix C Glossary
Remote Subnet:
Specify IP address range on your remote network to identify which PCs
on the remote network are covered by this policy. It's formed by IP
address and subnet mask.
WAN:
Specify the local WAN port for this Policy. The "Remote Gateway" of
the remote peer should be set to the IP address of this WAN port.
Remote Gateway:
Enter the Remote Gateway. It can be IP address or Domain name.
Policy Mode:
Select the negotiation mode for the policy.
IKE: The parameters for the VPN
tunnel are generated
automatically via IKE negotiations.
Manual: All settings (including the keys) for the VPN tunnel are
manually inputted and no key negotiation is needed.
These two modes will be introduced in detail in the following.
Status:
Activate or inactivate the entry.
IKE Mode and Manual Mode will be introduced in detail in the following.
● IKE Mode
IKE Policy:
It is available when IKE is selected as the negotiation mode. Specify
the IKE policy. If there is no policy selection, add new policy on
VPN→IKE→IKE Policy page.
IPsec Proposal:
Select IPsec Proposal on IKE mode. Up to four IPsec Proposals can be
selected on IKE mode.
PFS:
Select the PFS (Perfect Forward Security) for IKE mode to enhance
security. This setting should match the remote peer. With PFS feature,
IKE negotiates to create a new key in Phase2. As it is independent of
the key created in Phase1, this key can be secure even when the key in
Phase1 is de-encrypted. Without PFS, the key in Phase2 is created
based on the key in Pha
se1 and thus once the key in Phase1 is
de-encrypted, the key in Phase2 is easy to be de-encrypted, in this
case, the communication secrecy is threatened.
-96-