TL-ER6020 v1 User Guide
Page 2
... communications. CE Mark Warning This is a registered trademark of the FCC Rules. These limits are subject to change without permission from TP-LINK TECHNOLOGIES CO., LTD. This device complies with the instruction manual, may cause undesired operation. In a domestic environment, this equipment in a residential area is likely to cause harmful interference in which...
... communications. CE Mark Warning This is a registered trademark of the FCC Rules. These limits are subject to change without permission from TP-LINK TECHNOLOGIES CO., LTD. This device complies with the instruction manual, may cause undesired operation. In a domestic environment, this equipment in a residential area is likely to cause harmful interference in which...
TL-ER6020 v1 User Guide
Page 9
Chapter 2 Introduction Thanks for choosing the SafeStreamTM Gigabit Dual-WAN VPN Router TL-ER6020. 2.1 Overview of the Router The SafeStreamTM Gigabit Dual-WAN VPN Router TL-ER6020 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, ... Virtual Private Network (VPN) + Providing comprehensive IPsec VPN with DES/3DES/AES encryptions, MD5/SHA1 identifications and automatically/manually IKE Pre-Share Key exchanges. + Supporting PPTP/L2TP VPN Server mode to allow the staff on business or remote branch office...
Chapter 2 Introduction Thanks for choosing the SafeStreamTM Gigabit Dual-WAN VPN Router TL-ER6020. 2.1 Overview of the Router The SafeStreamTM Gigabit Dual-WAN VPN Router TL-ER6020 from TP-LINK possesses excellent data processing capability and multiple powerful functions including IPsec/PPTP/L2TP VPN, Load Balance, ... Virtual Private Network (VPN) + Providing comprehensive IPsec VPN with DES/3DES/AES encryptions, MD5/SHA1 identifications and automatically/manually IKE Pre-Share Key exchanges. + Supporting PPTP/L2TP VPN Server mode to allow the staff on business or remote branch office...
TL-ER6020 v1 User Guide
Page 17
... is in WAN mode, the Hosts in the subnet of DMZ port can access the servers in different subnets can implement NAT for WAN port manually. -12- In Classic mode, the Router will first transport the packets which are compliant with one another via routing protocol. Choose the menu ...Static Router rules permit. For example: If the DMZ port of the Router is employed. However, to set the IP addresses of the ports. 3.1.3 WAN TL-ER6020 provides the following six Internet connection types: Static IP, Dynamic IP, PPPoE/Russian PPPoE, L2TP/Russian L2TP, PPTP/Russian PPTP and BigPond. Non-...
... is in WAN mode, the Hosts in the subnet of DMZ port can access the servers in different subnets can implement NAT for WAN port manually. -12- In Classic mode, the Router will first transport the packets which are compliant with one another via routing protocol. Choose the menu ...Static Router rules permit. For example: If the DMZ port of the Router is employed. However, to set the IP addresses of the ports. 3.1.3 WAN TL-ER6020 provides the following six Internet connection types: Static IP, Dynamic IP, PPPoE/Russian PPPoE, L2TP/Russian L2TP, PPTP/Russian PPTP and BigPond. Non-...
TL-ER6020 v1 User Guide
Page 20
... Dynamic IP if your ISP's server. It can not get the IP address from your ISP. Click to enter the DNS (Domain Name Server) address manually. MTU: MTU (Maximum Transmission Unit) is available, enter it. If a Secondary DNS Server address is the maximum data unit transmitted by your ISP's Primary DNS...
... Dynamic IP if your ISP's server. It can not get the IP address from your ISP. Click to enter the DNS (Domain Name Server) address manually. MTU: MTU (Maximum Transmission Unit) is available, enter it. If a Secondary DNS Server address is the maximum data unit transmitted by your ISP's Primary DNS...
TL-ER6020 v1 User Guide
Page 21
... ISP. "Connected" indicates that the Router has successfully obtained the IP parameters from your ISP. "Disconnected" indicates that the IP address has been manually released or the request of your ISP.
... ISP. "Connected" indicates that the Router has successfully obtained the IP parameters from your ISP. "Disconnected" indicates that the IP address has been manually released or the request of your ISP.
TL-ER6020 v1 User Guide
Page 23
... . PPPoE Advanced Settings: Check here to the Internet and obtain the IP address. It can select the proper Active mode according to your need. Manual: Select this screen: PPPoE Settings Connection Type: Select PPPoE if your ISP provides xDSL Virtual Dial-up connection charged on time. Always-on... Router will terminate the connection. It is recommended to keep -alive packets, then the Router will send keep the connection always on this option to manually activate or terminate the Internet connection by your ISP.
... . PPPoE Advanced Settings: Check here to the Internet and obtain the IP address. It can select the proper Active mode according to your need. Manual: Select this screen: PPPoE Settings Connection Type: Select PPPoE if your ISP provides xDSL Virtual Dial-up connection charged on time. Always-on... Router will terminate the connection. It is recommended to keep -alive packets, then the Router will send keep the connection always on this option to manually activate or terminate the Internet connection by your ISP.
TL-ER6020 v1 User Guide
Page 25
...: Displays the status of PPPoE connection. "Disabled" indicates that the PPPoE connection type is not applied. "Connecting" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. Consult your ISP if this problem remains.
...: Displays the status of PPPoE connection. "Disabled" indicates that the PPPoE connection type is not applied. "Connecting" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. Consult your ISP if this problem remains.
TL-ER6020 v1 User Guide
Page 27
...- It is selected, configure the subnet mask of WAN port. Dynamic IP and Static IP connection types are not clear, please consult your need. Manual: Select this option to keep the connection always on : Select this option to configure the secondary connection. If Static IP is optimum for the dial... the Account Name provided by your ISP. It is recommended to keep the default value if no other MTU value is down. If you to manually activate or terminate the Internet connection by the or button. Enter the Password provided by your ISP. It can be set in the range of...
...- It is selected, configure the subnet mask of WAN port. Dynamic IP and Static IP connection types are not clear, please consult your need. Manual: Select this option to keep the connection always on : Select this option to configure the secondary connection. If Static IP is optimum for the dial... the Account Name provided by your ISP. It is recommended to keep the default value if no other MTU value is down. If you to manually activate or terminate the Internet connection by the or button. Enter the Password provided by your ISP. It can be set in the range of...
TL-ER6020 v1 User Guide
Page 28
...: Displays the status of PPPoE connection. "Disabled" indicates that the L2TP connection type is not applied. "Connecting" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. "Disconnected" indicates that the Router is connected well. Please ensure that...
...: Displays the status of PPPoE connection. "Disabled" indicates that the L2TP connection type is not applied. "Connecting" indicates that the connection has been manually terminated or the request of the Router has no response from your ISP. "Disconnected" indicates that the Router is connected well. Please ensure that...
TL-ER6020 v1 User Guide
Page 30
Account Name: Password: Server IP: MTU: Active Mode: Secondary Connection: Connection Type: IP Address: Subnet Mask: Default Gateway: to manually activate or terminate the Internet connection by the or button. The default MTU is displayed. -25- Options include Disable, Dynamic IP and Static ... gateway is 1460. It's optimum for the dial-up connection charged on time. Always-on . It is provided by your need. Manual: Select this option to keep the default value if no other MTU value is recommended to keep the connection always on : Select this option to...
Account Name: Password: Server IP: MTU: Active Mode: Secondary Connection: Connection Type: IP Address: Subnet Mask: Default Gateway: to manually activate or terminate the Internet connection by the or button. The default MTU is displayed. -25- Options include Disable, Dynamic IP and Static ... gateway is 1460. It's optimum for the dial-up connection charged on time. Always-on . It is provided by your need. Manual: Select this option to keep the default value if no other MTU value is recommended to keep the connection always on : Select this option to...
TL-ER6020 v1 User Guide
Page 31
...: Displays the status of PPTP connection. "Disabled" indicates that the PPTP connection type is not applied. "Connecting" indicates that the connection has been manually terminated or the request of your ISP's Secondary DNS. 6) BigPond If your ISP. Downstream Bandwidth: Specify the bandwidth for the BigPond connection, please choose the...
...: Displays the status of PPTP connection. "Disabled" indicates that the PPTP connection type is not applied. "Connecting" indicates that the connection has been manually terminated or the request of your ISP's Secondary DNS. 6) BigPond If your ISP. Downstream Bandwidth: Specify the bandwidth for the BigPond connection, please choose the...
TL-ER6020 v1 User Guide
Page 33
... Upstream/Downstream Bandwidth for the dial-up connection charged on time. Always-on . Consult your ISP if this option to manually activate or terminate the Internet connection by your ISP. MTU: MTU (Maximum Transmission Unit) is connected well. Please ensure that your ...settings are correct and your ISP. "Disconnected" indicates that the connection has been manually terminated or the request of 576-1500. Subnet Mask: Displays the Subnet Mask assigned by the or button. It's optimum for the port...
... Upstream/Downstream Bandwidth for the dial-up connection charged on time. Always-on . Consult your ISP if this option to manually activate or terminate the Internet connection by your ISP. MTU: MTU (Maximum Transmission Unit) is connected well. Please ensure that your ...settings are correct and your ISP. "Disconnected" indicates that the connection has been manually terminated or the request of 576-1500. Subnet Mask: Displays the Subnet Mask assigned by the or button. It's optimum for the port...
TL-ER6020 v1 User Guide
Page 69
The administrator should modify the static route information manually as long as the network topology or link status is simple, efficient, and reliable. Note: The system predefined protocols cannot be configured. 3.3.5 Routing 3.3.5.1 Static Route Routing is a kind of Protocol on this screen: ...
The administrator should modify the static route information manually as long as the network topology or link status is simple, efficient, and reliable. Note: The system predefined protocols cannot be configured. 3.3.5 Routing 3.3.5.1 Static Route Routing is a kind of Protocol on this screen: ...
TL-ER6020 v1 User Guide
Page 77
Please add entries manually on 3.4.1.1 IP-MAC Binding. 3.4.1.3 ARP List On this page, the IP-MAC information of the hosts which communicated with the existed entries. This period is ...
Please add entries manually on 3.4.1.1 IP-MAC Binding. 3.4.1.3 ARP List On this page, the IP-MAC information of the hosts which communicated with the existed entries. This period is ...
TL-ER6020 v1 User Guide
Page 94
... the PFS (Perfect Forward Security) for the VPN tunnel are covered by IP address and subnet mask. It can be selected on your LAN are manually inputted and no policy selection, add new policy on IKE mode. It is available when IKE is a host. Mode: Local Subnet: Remote Subnet: ... Domain name. Up to four IPsec Proposals can be set to identify which PCs on the remote network are generated automatically via IKE negotiations. Manual: All settings (including the keys) for IKE mode to create a new key in -89- Select the negotiation mode for the policy. IKE:...
... the PFS (Perfect Forward Security) for the VPN tunnel are covered by IP address and subnet mask. It can be selected on your LAN are manually inputted and no policy selection, add new policy on IKE mode. It is available when IKE is a host. Mode: Local Subnet: Remote Subnet: ... Domain name. Up to four IPsec Proposals can be set to identify which PCs on the remote network are generated automatically via IKE negotiations. Manual: All settings (including the keys) for IKE mode to create a new key in -89- Select the negotiation mode for the policy. IKE:...
TL-ER6020 v1 User Guide
Page 95
... Phase1 is independent of the tunnel, and vice versa. ESP Encryption: Key-In: Specify the inbound ESP Encryption Key manually if ESP protocol is used in Phase2 is created based on Manual mode. The inbound key here must match the Outgoing SPI value at the other end of the tunnel, and vice... versa. Incoming SPI: Specify the Incoming SPI (Security Parameter Index) manually. Only one proposal can be selected on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in the...
... Phase1 is independent of the tunnel, and vice versa. ESP Encryption: Key-In: Specify the inbound ESP Encryption Key manually if ESP protocol is used in Phase2 is created based on Manual mode. The inbound key here must match the Outgoing SPI value at the other end of the tunnel, and vice... versa. Incoming SPI: Specify the Incoming SPI (Security Parameter Index) manually. Only one proposal can be selected on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in the...
TL-ER6020 v1 User Guide
Page 96
...information of subnet. 3.5.2.2 IPsec Proposal On this tunnel is using IKE automatic negotiation. ESP Encryption Key-Out: Specify the outbound ESP Encryption Key manually if ESP protocol is used in Figure 3-60 indicates: this is an IPsec tunnel, the local subnet is 192.168.0.0/24, the remote ... corresponding IPsec Proposal. It is used in the corresponding IPsec Proposal. AH Authentication Key-Out: Specify the outbound AH Authentication Key manually if AH protocol is used in the corresponding IPsec Proposal. ESP Authentication Key-Out: Specify the outbound ESP Authentication Key...
...information of subnet. 3.5.2.2 IPsec Proposal On this tunnel is using IKE automatic negotiation. ESP Encryption Key-Out: Specify the outbound ESP Encryption Key manually if ESP protocol is used in Figure 3-60 indicates: this is an IPsec tunnel, the local subnet is 192.168.0.0/24, the remote ... corresponding IPsec Proposal. It is used in the corresponding IPsec Proposal. AH Authentication Key-Out: Specify the outbound AH Authentication Key manually if AH protocol is used in the corresponding IPsec Proposal. ESP Authentication Key-Out: Specify the outbound ESP Authentication Key...
TL-ER6020 v1 User Guide
Page 108
Only from the Host with the account. To keep the connection always on to disable the MAC Binding function. Manual: Select this page, you can be dropped. Activate or inactivate the entry. Options include: Disable: Select this option to the server. Enter the MAC ...address of the Host to bind with this MAC address can the account log on to a MAC address manually. Session Timeout: Enter a time after which the connection will be entered. On this option to bind the account to the server. Automatical: Select this...
Only from the Host with the account. To keep the connection always on to disable the MAC Binding function. Manual: Select this page, you can be dropped. Activate or inactivate the entry. Options include: Disable: Select this option to the server. Enter the MAC ...address of the Host to bind with this MAC address can the account log on to a MAC address manually. Session Timeout: Enter a time after which the connection will be entered. On this option to bind the account to the server. Automatical: Select this...
TL-ER6020 v1 User Guide
Page 128
...up status. After clicking the button, the Router will be detected according to destination of both PING and DNS Lookup. In Manual Mode, you can configure the destination for DNS Lookup. Figure 3-88 Online Detection The following page. Ping: Enter the destination ...Lookup is online or not. of WAN status Port: Displays the detected WAN port. Mode: Detect automatically or Manually. DNS Lookup: Enter the IP address of DNS server in Manual mode. 0.0.0.0 means PING detection is enabled. -123- Detection: Displays whether the Online Detection is disabled. Choose...
...up status. After clicking the button, the Router will be detected according to destination of both PING and DNS Lookup. In Manual Mode, you can configure the destination for DNS Lookup. Figure 3-88 Online Detection The following page. Ping: Enter the destination ...Lookup is online or not. of WAN status Port: Displays the detected WAN port. Mode: Detect automatically or Manually. DNS Lookup: Enter the IP address of DNS server in Manual mode. 0.0.0.0 means PING detection is enabled. -123- Detection: Displays whether the Online Detection is disabled. Choose...
TL-ER6020 v1 User Guide
Page 129
... Router. Figure 3-89 Time The following page. Time Zone: Displays the current time zone of time capturing Get GMT: Manual: When this option selected, you can set the date and time manually. With this option is selected, you can configure the time zone and the IP Address for the NTP Server. Status...
... Router. Figure 3-89 Time The following page. Time Zone: Displays the current time zone of time capturing Get GMT: Manual: When this option selected, you can set the date and time manually. With this option is selected, you can configure the time zone and the IP Address for the NTP Server. Status...