![background image](http://html1.mh-extra.com/html/tp-link/tl-er604w/tl-er604w_user-manual_1144823095.webp)
-90-
cause the private data to be exposed to all the users on the Internet. The VPN (Virtual Private Network)
technology is developed and used to establish the private network through the public network, which
can guarantee a secured data exchange.
VPN adopts the tunneling technology to establish a private connection between two endpoints. It is a
connection secured by encrypting the data and using point-to-point authentication. The following
diagram is a typical VPN topology.
Figure 3-61 VPN – Network Topology
As the packets are encapsulated and de-encapsulated in the Router, the tunneling topology
implemented by encapsulating packets is transparent to users. The tunneling protocols supported by
TL-ER604W contain Layer 3 IPsec and Layer 2 L2TP/PPTP.
3.6.1 IKE
In the IPsec VPN, to ensure a secure communication, the two peers should encapsulate and
de-encapsulate the packets using the information both known. Therefore the two peers need to
negotiate a security key for communication with IKE (Internet Key Exchange) protocols.
Actually IKE is a hybrid protocol based on three underlying security protocols, ISAKMP (Internet
Security Association and Key Management Protocol), Oakley Key Determination Protocol, and
SKEME Security Key Exchange Protocol. ISAKMP provides a framework for Key Exchange and SA
(Security Association) negotiation. Oakley describes a series of key exchange modes. SKEME
describes another key exchange mode different from those described by Oakley.
IKE consists of two phases. Phase 1 is used to negotiate the parameters, key exchange algorithm and
encryption to establish an ISAKMP SA for securely exchanging more information in Phase 2. During
phase 2, the IKE peers use the ISAKMP SA established in Phase 1 to negotiate the parameters for
security protocols in IPsec and create IPsec SA to secure the transmission data.
3.6.1.1 IKE
Policy
On this page you can configure the related parameters for IKE negotiation.
Choose the menu
VPN
→
IKE
→
IKE Policy
to load the following page.
Содержание TL-ER604W
Страница 1: ...TL ER604W Wireless N Gigabit Broadband VPN Router Rev1 0 1 1910010844...
Страница 163: ...4 Router B s Status page...
Страница 171: ...12...
Страница 178: ...19 Step 4 Right click on Phase 1 add a new phrase 2...
Страница 180: ...21 Step 6 Click Save and Apply and then right click on Phrase 2 Tunnel click on Open Tunnel...
Страница 181: ...22 Step 7 If the client connect to the VPN Server successfully you can see IPsec SA on the list...
Страница 192: ...33 Step 13 If client connect to the VPN Server successfully you can see IPsec SA on the list...
Страница 194: ...35 Router B s Status Page...
Страница 202: ...43 Choose Connect to a workplace and then click on Next Step 4 Select Use my Internet connection VPN...
Страница 204: ...45 Step 7 The VPN connection is created and ready to use click on Close...
Страница 206: ...47 Step 11 If the PPTP tunnel is established successfully you can check it on List of Tunnel...
Страница 211: ...52 Step 3 Choose Connect to a workplace and then click on Next...
Страница 212: ...53 Step 4 Select Use my Internet connection VPN...
Страница 214: ...55 Step 7 The VPN connection is created and ready to use click on Close...
Страница 217: ...58...