TP-LINK TL-R600VPN router
Contents
1. Figure 2 2 gt AC power receptacle Connect the female of the power cord head here and the male head to the AC power outlet gt RESET Use the button to restore the router to the factory defaults There are two ways to reset the router TL R6OOVPN REA cc TUS CTO Method one Use the Factory Defaults function on System Tools gt Factory Defaults page in the router s Web based Utility Method two With the router powered on use a pin to press and hold the RESET button about 5 seconds until the SYS LED lights up and flashes And then release the button and wait the router to reboot to its factory default settings ca Note 1 Please use only the power cord provided with this Router 2 Ensure the router is powered on before it restarts completely gt LAN Four RJ45 ports for connecting the router to the local PCs gt WAN One RJ45 port for connecting the router to a cable DSL modem or Ethernet 2 2 System Requirements gt Broadband Internet Access Service DSL Cable Ethernet gt One DSL Cable modem that has an RJ45 connector It s not necessary if you connect the router to Ethernet gt Each PC on the LAN needs a working Ethernet Adapter and an Ethernet cable with RJ45 connectors gt Web browser such as Microsoft Internet Explorer 5 0 or higher Netscape Navigator 6 0 or higher 2 3 Installation Environment Requirements gt The router should not in direct sunlight or2. PP TP VPN See iia 49 AO SEINE OG MMOS ac 225 faeces Gatie craiidag tee O da eluate 49 49 2 ACCOUNT SCAN S rd betets recente A E aveke ae atti 50 BDO AS OMMCC OM VANS eases acne espe ects eescta cess amas Gace eemamnctet deat ccatata cies eet de eee eee 51 4 ES tee emer ner eer me einer eee nee a ae See Senne ere eee 51 Ai Bano Wit OMI Ol cesscea cee cesc cesses ice 52 eda COM Ole oe UNO AAA A E ascent tases 52 A no 53 412 RS MAS BOANO is esve sed aaenierawdualnemateaneuanoarncakeutesatuarins 54 AZ Bndng Seta cael aa Gaal na A a nance 54 A A A 56 41 Dynamic DNS la teagan 57 1434 Dynadas DONS a pio 57 ATS 2 AA o A E 58 413 0 COMEX DION Sissi tl illa ind 58 A A A eeeceecee 59 e 4 SN SAA A eT ee ve ener Mer RT an ere 60 ANA Time SUING S ed IDO orbe 61 414 2 Diagnostic TOOIS asi edil 62 AAAS O A A E A E E AEE 62 ATA A Factor Deals nd ad 63 4 14 5 Backup and RCSIGIC adi s 64 ATA O RODOO rra rl tdt 65 A Ae A ania a a a a a bseaenneaneaaes 66 ASS System LOG nist teil aloe ee eee eee dee eee ean a 66 4 14 9 Remote Manageme nl c ccccscccssseccsssceseeececeseesesececeueeeeasecesageesseeessaeeensueeenseeesneeeens 67 ANA AO SLAUSUCS leon 68 ADDENGIX A Specifications iii 70 Appendix B Preventing Lightning oocooccoccccncnnnocconcconcccncnaronnonaronnnanonanonrenanannos 71 Append ERA nr is 72 Appendix D Glossary oocconcocccccconccccconcocccnncnncnnncnnrnnncnnrnnrnnnrnnrnnrrnnrnnrnnncnnrnnnrnncnanos
3. 192 168 2 1 MailLog Clear Log Current Mo 1 Page Figure 4 73 The router can keep logs of all traffic You can query the logs to find what happened to the router Click the Refresh button to refresh the logs Click the Save Log button to save all the logs in a text file Click the Mail Log button to send the logs to the specified mailbox Click the Clean All button to clean all the logs 4 14 9 Remote Management Choose menu Security Remote Management you can configure the Remote Management function on this screen shown in Figure 4 74 This feature allows you to manage your Router from a remote location via the Internet Remote Management Web Management Port 80 Remote Management IP Address 255 255 255 255 Enter 255 255 255 255 for all Save Figure 4 74 gt Web Management Port Web browser access normally uses the standard HTTP service port 80 This router s default remote management web port number is 80 For greater security you can change the remote management web interface to a custom port by entering that number in the box provided Choose a number between 1024 and 65534 but do not use the number of any common service port 67 TL R6OOVPN REA cl cl A TUS CTO gt Remote Management IP Address This is the current address you will use when accessing your router from the Internet The default IP address is 0 0 0 0 It means this function is disabled To enable this func
4. Policy Allow the packets not specified by any access control policy to pass through the Router Deny the packets not specified by any access control policy to pass through the Router ID Rule Name Host Target schedule Action Status Modify 1 test Any Permanent Deny Enabled Edit Delete Current Mo Page Figure 4 29 gt Enable Internet Access Control Enable or disable the Internet Access Control Default Filter Policy Select a policy to allow or deny the packets matching the rules to pass Y through the Router Rule Name Display the name of the rule and this name is unique Host Displays the hosts to which the rule takes effect Target Displays the corresponding target of the rule Schedule Displays the effective time of the rule Action Display the actions of the router to deal with the packets VV VV V V Status Displays the rule is enabled or disabled To add modify an Internet Access Control entry Step 1 Click Add New Edit shown in Figure 4 29 you will see a new screen shown in Figure 4 30 Step 2 Enter the Rule Name and select the Host Target Schedule Action and Status 38 TL RG0OVPN REESE TU O El RETA MIS E Add or Modify Internet Access Control Entry Host Click Here To Add New Host List Target Any Target Click Here To Add New Target List Schedule Tie Click Here To Add New Schedule Action Deny e status Een
5. a Virtual Server Entry Service Port 21 AA OF KR IP Address 192 166 0 100 4 qn Protocol E Status Enabled l Common Service Port FTP we Save Figure 4 19 Step 3 After that select Enable to make the entry take effect Step 4 Click Save button to save the configuration ca Note 1 If you want to add more than one reserved IP please go to step 1 to continue 2 Itis possible that you configure more than one type of available service on a computer or server it means the IP addresses for the virtual servers are same Other configurations for the entries as shown in Figure 4 18 Click the Delete button to delete the entry Click the Enable All button to enable all the entries Click the Disable All button to disable all the entries Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen c Note If you set the virtual server of the service port as 80 you must set the web management port on System Tools gt Remote Management screen to be any value except 80 such as 8080 Or else there will be a conflict to disable the virtual server TL R6OOVPN REA el rc A TUS CTO 4 5 2 Port Triggering Choose menu Forwarding Port Triggering you can view and add port triggering in the next screen shown in Figure 4 20 Some applications require multiple
6. allow VPN tunnels using VPN protocols to pass through the Router e PPTP Passthrough Check the box before Enable to allow the PPTP tunnels to pass through the router e L2TP Passthrough Check the box before Enable to allow the L2TP tunnels to pass through the router e IPSec Passthrough Check the box before Enable to allow the IPSec tunnels to pass through the router gt ALG You can determine whether to provide ALG Application Level Gateway service for FTP TFTP H323 and RTSP to keep these special applications from the effect of NAT service e FTP ALG Select Enable to allow FTP services to operate properly e TFTP ALG Select Enable to allow TFTP services to operate properly e H323 ALG Select Enable to allow H323 services to operate properly e RTSP ALG Select Enable to allow RTSP services to operate properly TL R6OOVPN REA cl cc A sd TUS CTO 4 6 2 Advanced Security Choose menu Security Advanced Security you can protect the Router from being attacked by TCP SYN Flood UDP Flood and ICMP Flood in the next screen shown in Figure 4 26 Y vV WV Advanced Security Packets Statistics Interval 5 60 10 Seconds Dos Attack Defence Disable Enable Enable lOMP FLOOD Attack Filtering ICMP FLOOD Packets Threshold 5 3600 50 Packets s Enable UOP FLOOD Filtering UDP FLOOD Packets Threshold 5 3600 soo Packets s Enable TOP S7hM FLOOD Attack Filtering TCP SYN FLOOD Packets Thres
7. automatically in the screen above For Windows 98 OS or earlier the PC and router may need to be restarted Now you can run the Ping command in the command prompt to verify the network connection Please click the Start menu on your desktop select run tab type cmd in the field and then type ping 192 168 0 1 on the next screen and then press Enter If the result displayed is similar to the screen below the connection between your PC and the Router has been established Pinging 192 168 60 1 with 32 bytes of data Reply from 192 168 0 1 bytes 32 time ims TTL 254 Reply from 192 168 0 1 bytes 32 time ims TTL 254 Reply from 192 168 0 1 hbytes 32 time ims TTL 254 Reply from 192 168 0 1 bhytes 32 time ims TTL 254 Ping statistics for 192 168 6 1 Packets Sent 4 Received 4 Lost B Hz loss Approximate round trip times in milli seconds Minimum Ams Maximum ims Average Ams Figure 3 5 TL R6OOVPN REA e cc A US CTO If the result displayed is similar to the screen shown below it means that your PC has not connected to the Router Documents and Settings Administrator ping 192 168 60 1 Pinging 192 168 80 1 wath 32 bytes of data Request timed out tequest timed out fequest timed out Request timed out Ping statistics for 192 168 6 1 Packets Sent 4 Received HW Lost 4 18HH loss Figure 3 6 You can check it follow the steps below cf Note 1 Is the connection between
8. configure the effective time of the Access Control rule in the next screen shown in Figure 4 35 schedule Settings D Schedule Description Day Time Modify Every Day 00 00 24 00 Edit Delete Current No 1 Page Figure 4 35 gt Schedule Description Displays the description of the schedule and the description is unique gt Day Displays the day on which the rule takes effect gt Time Displays the time between which the rule takes effect 41 TL R6OOVPN REA ec A US CTO To add modify a target for Access Control Rule Step 1 Click Add New Edit shown in Figure 4 35 you will see a new screen shown in Figure 4 36 Step 2 Enter the Schedule Description and select the days and then specify the Start Time and Stop Time Advance Schedule Settings Mote The Schedule is based on the time ofthe Router schedule Description Day Everyday Select Days hon Tue Wed Thu Fri sal sun Time all day 24 hours Start Time e HAMM Stop Time e HAMM Figure 4 36 Step 3 Click the Save button Other configurations for the entries as shown in Figure 4 35 Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 8 IPsec VPN Choose menu IPsec VPN the next submenus are shown below SA List Figure 4 37 Click any of them and you will be able to config
9. may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment CE Mark Warning CE This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Package Contents The following items should be found in your box gt One TL R600VPN SafeStream Gigabit Broadband VPN Router gt One power cord for TL R600VPN SafeStream Gigabit Broadband VPN Router gt One Resource CD for TL R600VPN SafeStream Gigabit Broadband VPN Router including e This User Guide e Other Helpful Information Cf Note 1 The provided power cord may be different due to local power specifications 2 Make sure that the package contains the above items If any of the listed items are damaged or missing please contact your distributor Conventions The Router or TL R600VPN mentioned in this guide stands for TL R600VPN SafeStream Gigabit Broadband VPN Router without any explanation CONTENTS Chapter de INtoOduciIO Ni 1 11 Overview Of the ROUTE nunca lo a 1 MZ a E PO E bac tahoe Pa eter eect ed Stel had a 1 E o E A 1 Chapter 2 Hardware installati0N coonconccccconnoccccnconconncnnronrcnnnonrnnn
10. the version has a new feature that you want to use 2 When you upgrade the router s firmware you may lose its current configurations so please back up the router s current settings before you upgrade its firmware 3 Do not turn off the router or press the Reset button while the firmware is being upgraded 4 The router will reboot after the upgrading has been finished 4 14 4 Factory Defaults Choose menu System Tools Factory Defaults you can restore the configurations of the Router to factory defaults on the screen shown in Figure 4 67 Factory Defaults Click the following button to reset all configuration settings to their default values Figure 4 67 Click the Restore button to reset all configuration settings to their default values TL R6OOVPN REA e cc A US CTO c Note 1 2 The default Password is admin 3 The default IP Address is 192 168 0 1 4 The default Subnet Mask is 255 255 255 0 All settings you have saved will be lost when the default settings are restored The default User Name is admin 4 14 5 Backup and Restore Choose menu System Tools Backup and Restore you can save the current configuration of the Router as a backup file and restore the configuration via a backup file Shown in Figure 4 70 Backup amp Restore Backup Figure 4 68 To back up the Router s current settings Step 1 Click the Backup button shown in Figure 4 68 click Save button in the next scre
11. to reboot TL R6OOVPN REA cc A US CTO 44 DHCP Choose menu DHCP the next submenus are shown below DHCP DHCP Clients List Address Reservation Figure 4 12 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 4 4 1 DHCP Settings Choose menu DHCP DHCP Settings you can configure the DHCP in the next screen shown in Figure 4 13 The router is set up by default as a DHCP Dynamic Host Configuration Protocol server which provides the TCP IP configuration for all the PCs that are connected to the router on the LAN DHCP Settings DHCP Server O Disable Enable Start IP Address End IP Address Address Lease Time 120 minutes 1 2880 minutes the default value is 120 Default Gateway optional Default Domain optional Primary DNS optional secondary DNS foptional DAVE Figure 4 13 gt DHCP Server Enable or disable the DHCP server If you disable the Server you must have another DHCP server within your network or else you must manually configure the computer gt Start IP Address This field specifies the first address in the IP address pool The default address is 192 168 0 100 gt End IP Address This field specifies the end address in the IP address pool The default address is 192 168 0 199 26 TL R6OOVPN REA cc A US CTO gt Address Lease Time This is the amo
12. to the router may still happen To protect the router from lightning better the following should be considered 1 e Communication cable should be kept indoors as much as possible to reduce the possibility of equipment damage due to lightning If the Ethernet cable is designed for use indoors under normal circumstances the router should not be used outdoors Ensure the ground point of the socket of AC power supply is well grounded To enhance the lightning protection capability of the power supply a lightning arrester could be installed at the input end of the power supply Please read the User Manual of the arrester carefully before installing it As for the signal line to which the interface modules of TL R600VPN are connected such as LAN s Ethernet cable ISDN line telephone line E1 T1 line etc a special lightning arrester should be installed at the input end of the signal line to enhance the lightning protection capability Please read the User Manual of the arrester carefully before installing it Note The lightning arrester is not provided with our product If needed please self supply the arrester and read the User Manual of the arrester carefully before installing it 71 TL R6OOVPN REA e cc A US CTO Appendix C FAQ 1 How do configure the router to access Internet by ADSL users Step 1 First configure the ADSL modem in RFC1483 bridge model Step 2 Connect the Ethernet cable from your AD
13. 0 0 0 0 0 Internet IP Address 0 0 0 0 Internet DNS 0 0 0 0 0 0 0 0 MTU Size in bytes 1420 The defaultis 1420 do not change unless necessary Max Idle Time cn minutes 0 means remain active at all times WAN Connection Mode Connect on Demand O Connect Automatically O Connect Manually Figure 4 9 gt User Name Password Enter the User Name and Password provided by your ISP These fields are case sensitive gt Connect on Demand You can configure the router to disconnect your Internet connection after a specified period of the Internet connectivity Max Idle Time If your Internet connection has been terminated due to inactivity Connect on Demand enables the router to automatically re establish your connection as soon as you attempt to access the Internet again If you wish to activate Connect on Demand click the radio button If you want your Internet connection to remain active at all times enter 0 in the Max Idle Time field Otherwise TL R6OOVPN REA cc A US CTO enter the number of minutes you want to have elapsed before your Internet connection terminates gt Connect Automatically Connect automatically after the router is disconnected To use this option click the radio button gt Connect Manually You can configure the router to make it connect or disconnect manually After a specified period of inactivity Max Idle Time the router will disconnect your Internet connection and not be a
14. 76 TL R6OOVPN REA el A US amet 0 Chapter 1 Introduction 1 1 Overview of the Router The TL R600VPN SafeStream Gigabit Broadband VPN Router from TP LINK provides multiple VPN protocols and high VPN performance Abundant security strategies such as SPI firewall protect your network against the attacks and Access Control provide online behavior management Anymore web based management makes the network setup be an easy work It s really a cost effective and reliable VPN solution for chain stores and branch offices 1 2 Features Complies with IEEE 802 3 802 3u 802 3x standards Supports Bandwidth Control Built in NAT and DHCP server supporting static IP address distributing Supports Virtual Server Port Triggering and DMZ host Built in firewall supporting IP address filtering Domain Name filtering and MAC address filtering Supports connecting disconnecting Internet at a specified time of day VV VV VV WV Supports access control allowing parents and network administrators to establish restricted access policies based on the time of day for children or staff Supports TCP IP PPPoE DHCP ICMP NAT SNTP Supports UPnP Dynamic DNS Static Routing VPN pass through Supports Traffic Statistics Supports IP amp MAC Binding Supports ICMP FLOOD UDP FLOOD TCP SYN FLOOD filter Ignores Ping packets from WAN or LAN ports Supports firmware upgrade Supports Remote and Web management Supports IPsec VPN and PPTP Serve
15. Defaults Backup amp Restore Reboot Password System Log Remote Management Statistics Figure 4 63 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 60 TL R6OOVPN REA el cc A US CTO 4 14 1 Time Settings Choose menu System Tools Time Settings you can configure the time on the screen shown in Figure 4 64 Time Settings Time zone S6MT 08 00 Beijing Hong Kong Perth Singapore i HHIMMISS NTP Server 0000 Optional NTP Serveri 0 000 Optional set Gh Date El Time ia Mote Click the GET GMT to Update the time from the internet with the pre defined servers or entering the customized serverfiP Address or Domain Name in the above frames ave Figure 4 64 gt Time zone Select your local time zone from this pull down list gt Date Enter your local date in MM DD YY into the right blanks gt Time Enter your local time in HH MM SS into the right blanks To configure the system time manually Step 1 Select your local time zone Step 2 Enter date and time in the right blanks Step 3 Click Save to save the configuration To configure the system automatically Step 1 Enter the address of the preferred NTP server Step 2 Click the Get GMT button to get system time from Internet if you have connected to the Internet Step 3 Click Save t
16. Disable button to disable the function gt Packets Statistics Interval The default value is 10 Select a value between 5 and 60 seconds in the pull down list The Packets Statistic interval value indicates the time section of the packets statistic gt Sort Rules Select the rule for displaying the traffic information gt Statistics Table This table displays the statistics information about the traffic 68 TL R6OOVPN REA A CTS IP Address The IP address whose statistics information are displayed MAC Address The total amount of packets received and transmitted by the Total router The total amount of bytes received and transmitted by the router The total amount of packets received and transmitted in the last Packets Statistic interval seconds Bui The total amount of bytes received and transmitted in the last es Packets Statistic interval seconds The total amount of the ICMP packets transmitted to WAN in the Current ICMP Tx last Packets Statistic interval seconds UDPT The total amount of the UDP packets transmitted to WAN in the X last Packets Statistic interval seconds TCP SYN The total amount of the TCP SYN packets transmitted to WAN in Tx the last Packets Statistic interval seconds ca Note 1 If the Current Statistics Status function is disabled the DoS protection in Advanced Security will be ineffective 2 Select the Auto refresh then the traffic information w
17. Only one user can use these tools at one time 2 These two functions may take several seconds sometimes please wait 3 Options Number of Pings Ping size and Ping Timeout are available for Ping function 4 Option Traceroute Hops is available for Traceroute function 4 14 3 Firmware Choose menu System Tools Firmware you can update the latest version of firmware for the Router on the screen shown in Figure 4 66 TL RG0OVPN REEL Ta em elle feleli Korolo lalo BA A ad Me aColeli mm Ol 1 mm ETTC Firmware Upgrade v v Firmware Version 1 0 0 Build 111028 Rel 51449n Hardware Version R600YFPN v1 D0000000 Figure 4 66 Firmware Version This displays the current firmware version Hardware Version This displays the current hardware version The hardware version of the upgrade file must accord with the Router s current hardware version To upgrade the router s firmware follow these instructions below Step 1 Download a more recent firmware upgrade file from the TP LINK website http www tp link com Step 2 Type the path and file name of the update file into the File field Or click the Browse button to locate the update file Step 3 Click the Upgrade button c Note 1 New firmware versions are posted at http www tp link com and can be downloaded for free If the router is not experiencing difficulties there is no need to download a more recent firmware version unless
18. PoE you will see the screen as shown in Figure 3 11 Enter the Username and Password provided by your ISP These fields are case sensitive If you have difficulty with this process please contact your ISP Quick Setup PPPoE Next Figure 3 11 Step 5 If you choose Dynamic IP in Figure 3 9 the router will automatically receive the IP parameters from your ISP without needing to enter any parameters Step 6 If you Choose Static IP you should enter the detailed IP information in Figure 3 12 Click the Next button Quick Setup Static IP IP Address Subnet Mask Default Gateway Optional Primary DNS Optional secondary DNS Optional Figure 3 12 TL R6OOVPN REA cc A US CTO Step 7 After that you will see the next screen Click Finish to complete the quick installation Quick Setup Finish Congratulations The Router is now connecting you to the Internet For detail settings please click other menus if necessary Figure 3 13 TL RG0OVPN REESE TU CEE ETA MIS E Chapter 4 Configuring the Router It is recommended to use the Quick Installation Guide for first time installation For advanced users if you want to know more about this device and make use of its functions adequately you need to read this chapter and configure advanced settings though the Web based Utility After a successful login you can configure and manage the router There are main menus on the left of the Web based Utility Sub
19. SL modem to the WAN port on the router The telephone cord plugs into the Line port of the ADSL modem Step 3 Login to the router click the menu Network WAN on the left of your browser On the WAN screen select PPPoE Russia PPPoE for the type of WAN connection Then enter the user name and password in the corresponding field and finish it by clicking Connect WAN Connection Type PPPOE Pussia PPPoE s PPPoE Connection User Name Username Password Confirm Password Figure 1 Step 4 If your ADSL lease is in pay according time mode select Connect on Demand or Connect Manually or Time based Connecting for Internet connection mode Type an appropriate number for Max Idle Time or Period of Time to avoid wasting paid time Otherwise you can select Connect Automatically for Internet connection mode Wan Connection Mode Connect on Demand Max Idle Time minutes 0 means remain active at all times O Connect Automatically O Time based Connecting Period ofTimefrom 0 0 HH MM taf23 O AMM O Connect Manually Max Idle Time 15 minutes 0 means remain active at all times Figure 2 c Note 1 Sometimes the connection cannot be disconnected although you specify a time to Max Idle Time because some applications still visit the Internet continually in the background 2 Ifyou are a Cable user please configure the router following the above steps 12 TL R6OO
20. Save and the router will reboot TL R6OOVPN REA cc A TUS CTO Remote Management Web Management Port Remote Management IP Address 255 255 255 255 Save Figure 6 c Note If the above configuration takes effect you should login the Router by entering http 192 168 0 1 88 the router s LAN IP address Web Management Port in the address field of the web browser Address 192 168 0 1 88 Step 2 To add a WEB Server Login to the router click the menu Forwarding Virtual Servers on the left of your browser On the Virtual Server screen add a Virtual Server rule as shown in the next screen Configure 80 as the Service Port and enter your IP address assuming 192 168 0 188 for an example remember to Enable and Save Virtual Servers ID Service Port IP Address Protocol Status Modify 1 21 142168 0 100 TCP Enabled Modify Delete 2 80 142168 0 101 TEP Enabled Modify Delete a 720 142168 0 102 ALL Enabled Modify Delete Add New Enable All Disable All Delete All Previous Mest Figure 7 75 TL R6OOVPN REA cl cc A US CTO Appendix D Glossary gt DDNS Dynamic Domain Name System The capability of assigning a fixed host and domain name to a dynamic Internet IP address DHCP Dynamic Host Configuration Protocol A protocol that automatically configure the TCP IP parameters for the all the PCs that are connected to a DHCP server DMZ Demilitarized Zone A Dem
21. TP LINK TL R600VPN SafeStream Gigabit Broadband VPN Router Rev 1 0 0 1910010557 COPYRIGHT amp TRADEMARKS Specifications are subject to change without notice TP LINK isa registered trademark of TP LINK TECHNOLOGIES CO LTD Other brands and product names are trademarks or registered trademarks of their respective holders No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptation without permission fromTP LINK TECHNOLOGIES CO LTD Copyright 2011 TP LINK TECHNOLOGIES CO LTD All rights reserved http www tp link com FCC STATEMENT FE This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device
22. VPN REA cc A US CTO 2 How do configure the router to access Internet by Ethernet users Step 1 Login to the router click the menu Network WAN on the left of your browser On the WAN screen select Dynamic IP for WAN Connection Type and finish it by clicking Save Step 2 Some ISPs require that you register the MAC address of your adapter which is connected to your cable or DSL modem during installation If your ISP requires MAC register login to the router and click the menu Network MAC Clone On the MAC Clone screen if your PC s MAC address is a proper MAC address click the Clone MAC Address button and your PC s MAC address will be filled in the WAN MAC Address field Or else enter the specific MAC address into the WAN MAC Address field manually Then click the Save button It will take effect after rebooting MAC Clone WAN MAC Address D0 04 EB 13 B 01 Restore Factory MAC Your PCs MAC Address 40 61 86 FC 75 03 Clone MAC Address Dave Figure 3 3 Iwantto use Netmeeting what do need to do 1 If you start a Netmeeting as a host no configuration is needed but entering the invitee s IP address 2 If you start a Netmeeting as an invitee you need to configure Virtual Server or DMZ Host first Method one Use Virtual Server Login to the router click the menu Forwarding Virtual Servers On the Virtual Server screen add a Virtual Server rule as shown in the next screen config
23. VPN REA cl cc A sd TUS CTO Static IP If you are given a fixed IP static IP please select Static IP shown in Figure 4 4 and then fixed IP parameters specified by your ISP 3 IP Address 192 168 0 200 Subnet Mask AER 5S 785 ll Default Gateway 192 168 0 1 Optional MTU Size in bytes 1500 The default is 1500 do not change unless necessary Primary DNS 0 0 0 0 Optional secondary DNS 0 0 0 0 Optional Save Figure 4 4 IP Address Enter the IP address in dotted decimal notation provided by your ISP Subnet Mask Enter the subnet Mask in dotted decimal notation provided by your ISP usually is 255 255 255 0 Default Gateway Enter the gateway IP address in dotted decimal notation provided by your ISP Optional MTU Size The normal MTU Maximum Transmission Unit value for most Ethernet networks is 1500 Bytes For some ISPs you may need to modify the MTU But this is rarely required and should not be done unless you are sure it is necessary for your ISP connection Primary DNS Type the DNS address in dotted decimal notation provided by your ISP Optional Secondary DNS Type another DNS address in dotted decimal notation provided by your ISP if provided Optional PPPoE Russia PPPoE If you are given a user name and a password please select PPPoE Russia PPPoE shown in Figure 4 5 If you are not sure which connection type you use currently please contact your ISP to obtain the cor
24. ation in the previous screen click the Next button to view the information in the next screen 4 8 3 SA List This page displays the information of the IPsec SA Security Association Choose the menu IPsec VPN SA List to load the following page 48 TL R6OOVPN REA cc A US US T List of Security Association ID Name SPI Tunnel Initiator Tunnel Receiver security Protocol AH Auth ESP Auth ESP Encr Mow the listis empty Figure 4 42 This page displays the connection status of the IPsec Policy As Security Association is unidirec tional an ingoing SA and an outgoing SA are created to protect data flows for each tunnel after IPsec tunnel is successfully established The ingoing SPI value and outgoing SPI value are dif ferent However the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel and vice versa The connection status on the remote endpoint of this tunnel is as the following figure shows The SPI value is obtained via auto negotiation 4 9 PPTP VPN Server Choose menu PPTP VPN Server the next submenus are shown below PPTP VPN Server Account Settings Connection Status Figure 4 43 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 4 9 1 Server Settings Choose menu PPTP VPN Server Server Settings you can configure the parameters of the PPTP Server in
25. ble to re establish your connection automatically as soon as you attempt to access the Internet again To use this option click the radio button If you want your Internet connection to remain active at all times enter 0 in the Max Idle Time field Otherwise enter the number in minutes that you wish to have the Internet connecting last unless a new link requested c Note Sometimes the connection cannot be disconnected although you specify a time to Max Idle Time because some applications visit the Internet continually in the background 4 3 2 LAN Choose menu Network LAN you can configure the IP parameters of the LAN on the screen below LAN MAC Address 00 04 EB 00 1 7 01 IP Address 192 168 0 1 Subnet Mask 255 255 2558 0 Figure 4 10 gt MAC Address This field displays the physical address of the LAN The value can t be changed gt IP Address Enter the IP address for the LAN of the Router the formal is in dotted decimal notation the factory default value is 192 168 0 1 gt Subnet Mask Enter the subnet mask for the LAN of the Router this address code determines the size of the network Normally use 255 255 255 0 as the subnet mask c Note 1 If you change the IP address of the LAN you must use the new IP address to login to the router 2 Ifthe new LAN IP Address you set is not in the same subnet the IP Address pools in the DHCP sever will not take effect until they are re configured Besides this
26. bnet Mask The Subnet Mask determines which portion of an IP address is the network portion and which portion is the host portion gt Default Gateway This is the IP address of the gateway device that allows for contact between the router and the network or host gt Status This field displays the status Enabled means the rule is effective Disabled means the rule is ineffective TL R6OOVPN REA ec A US CTO To add modify a static routing entry Step 1 Click Add New Modify shown in Figure 4 48 you will see a new screen shown in Figure 4 49 Step 2 Enter the appropriate Destination IP Address Subnet Mask and Default Gateway and then select the status Add or Modify a Static Route Entry Destination IP Address 222 48 588 100 Subnet Mask 255 255 255 0 Default Gateway 222 00 50 Status Enabled Figure 4 49 Step 3 Click Save to make the entry take effect c Note If you want to add more than one static route please go to step 1 to continue Other configurations for the entries as shown in Figure 4 48 Click the Delete button to delete the entry Click the Enable All button to enable all the entries Click the Disable All button to disable all the entries Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 11 Bandwidth Control Choose menu Bandw
27. boot automatically 7 Restore the router s settings to factory default system will reboot automatically 4 14 7 Password Choose menu System Tools Password you can change the factory default user name and password of the router in the next screen shown in Figure 4 72 After configuration click the Save button The Username and password must not exceed 14 characters in length and must notincliude any spaces Confirm New Password fs Figure 4 72 c Note 1 Itis strongly recommended that you change the factory default user name and password of the router All users who try to access the router s web based utility will be prompted for the router s user name and password 2 The new user name and password must not exceed 14 characters in length and must not include any spaces Enter the new Password twice to confirm it 3 You can click the Clean All button to clean all the configurations 4 14 8 System Log Choose menu System Tools System Log you can view the logs of the Router TL RG0OVPN REESE Ta O El Jgey leley lale BA A ad Mm aColeli am Ol 1 mm CITIT system Log Auto Mail Feature Disabled Mail Settings Log Type Index Time Log Content 1 Nov 9105211 OTHER INFO User clear system log Time 2011 11 09 10 52 11 4294725 H Ver RGOOWPN v1 00000000 S Wer 1 0 0 Build 111028 Rel 51449n L 192 168 0 1 M 255 255 255 0 Wi DHCP W 192 168 2 4 M 255 255 255 0 6
28. can browse the builtin web pages to perform Administrator tasks Your PCs MAC Address Figure 4 27 gt Management Rules Here displays the management rules e All the PCs on the LAN are allowed to access the Router s Web Based Utility This rule determines that all the PCs connected to the router can visit the router s Web Based Utility e Only the PCs listed can browse the built in web pages to perform Administrator tasks This rule determines that only the specified LAN PCs can visit the Web Based Utility to configure the router To add a PC to the management list Step 1 Select the option of Only the PCs listed can browse the built in web pages to perform Administrator tasks Step 2 Enter the PC s MAC address in the MAC1 2 3 4 field or click the Add button to add your PC s MAC Address to the list Step 3 Click the Save button 4 7 Access Control Choose menu Access Control the next submenus are shown below Access Control Schedule Figure 4 28 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 37 TL R6OOVPN REA cl cc A sd TUS CTO 4 7 1 Rule Choose menu Access Control Rule you can configure the Internet Access Control to manage Internet activities from LAN hosts in the next screen shown in Figure 4 29 Access Control Rule Management Enable Internet Access Control Default Filter
29. connections like Internet games video conferencing Internet calling and so on These applications cannot work with a pure NAT router Port Triggering is used for some of these applications that can work with an NAT router Port Triggering ID Trigger Port Trigger Protocol Incoming Port Incoming Protocol Status Modify 1 6112 ALL 6112 ALL Enabled Modify Delete Figure 4 20 gt Trigger Port This displays the port for outgoing traffic An outgoing connection using this port will Trigger this rule gt Trigger Protocol This displays the protocol used for Trigger Ports either TCP UDP or All all protocols supported by the router gt Incoming Port This displays the port or port range used by the remote system they are used for responding to the outgoing request A response using one of these ports will be forwarded to the PC that triggered this rule You can input at most 5 groups of ports or port section Every group of ports must be apart with For example 2000 2038 2050 2051 2085 3010 3030 gt Incoming Protocol This displays the protocol used for Incoming Ports Range either TCP UDP or ALL all protocols supported by the router gt Status This displays the status Enabled means that the rule will take effect Disabled means that the rule will not take effect Once configured the operation for Port Triggering will proceed as follows Step 1 A local host makes an outgoing connection using a destinatio
30. ddress O ID MAC Address IP Address Bind Link 1 00 E0 4 00 0 BE 192 165 0 4 To page Step 4 Click Back to return the previous screen c Note You can click to page to edit the entry in the corresponding screen Other configurations for the entries as shown in Figure 4 55 Click the Delete button to delete the entry Click the Enable All button to enable all the entries Click the Disable All button to disable all the entries Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen Click the Next button to view the information in the next screen 4 12 2 ARP List Choose menu IP amp MAC Binding ARP List you can view the ARP list in the next screen shown in Figure 4 58 This screen displays the ARP list it shows all the existing IP amp MAC Binding entries To manage the computer you could observe the computers in the LAN by checking the relationship of MAC address and IP address on the ARP list and you could configure the items on the ARP list also ARP List ID MAC Address IP Address Status Configure 1 00 E0 40 00 07 BE 192 168 0 4 Bound 9 O0 19 66 19 40 7F 192 168 0 121 Unbound BindAll Loaqal Refresh Figure 4 58 Click Load to load the specific item to the IP amp MAC Binding list shown in Figure 4 55 56 TL R6OOVPN REA e rc US CTO Click Delete to load the specific item to the IP amp MAC Bindin
31. e A Figure 4 30 Step 3 Click the Save button Other configurations for the entries as shown in Figure 4 29 Click the Delete button to delete the entry Click the Enable All button to enable all the entries Click the Disable All button to disable all the entries Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 7 2 Host Choose menu Access Control Host you can configure Host of the Access Control rule in the next screen shown in Figure 4 31 Host Settings IO Host Description Information Modify 1 1 IF 192 168 0102 192 166 0 110 Edit Delete Add New Delete Al current Mo Page Figure 4 31 gt Host Description Displays the description of the host and the description is unique gt Information Displays the MAC address or IP address of the PCs to which the rule take effect To add modify a host for Access Control Rule Step 1 Click Add New Edit shown in Figure 4 31 you will see a new screen shown in Figure 4 32 39 TL R6OOVPN REA e cc A US CTO Step 2 Select the Mode and enter the Host Description and LAN IP Address Add or Modify a Host Entry Host Description Figure 4 32 Step 3 Click the Save button Other configurations for the entries as shown in Figure 4 31 Click the Delete All button to delete all th
32. e All Disable All Delete All Find Previous Next Current Ma Page Figure 4 55 54 TL R6OOVPN REA cl rc A US CTO gt MAC Address This field displays the MAC address of the controlled computer in the LAN gt IP Address This field displays the assigned IP address of the controlled computer in the LAN gt Bind Select whether enable the ARP binding or not Only bind the MAC address and IP address can the function take effect To add modify an IP 8 MAC binding entry Step 1 Click Add New Edit shown in Figure 4 55 you will see a new screen shown in Figure 4 56 Step 2 Enter the MAC Address and IP Address in the corresponding field IP amp MAC Binding Settings Bind MAC Address a0 En 46 00 07 BE IP Address 192 168 04 Figure 4 56 Step 3 Select Bind the MAC and IP address and then click Save button to save the configuration To find a specific IP amp MAC binding entry Step 1 Click Find shown in Figure 4 55 you will see a new screen shown in Figure 4 57 Step 2 Enter the specific MAC Address or IP Address in the corresponding field Find IP amp MAC Binding Entry ID MAC Address IP Address Bind Link Now the current list is empty Figure 4 57 Step 3 Click Find button then you will see the entry with the specific MAC address or IP address 55 TL R6OOVPN REA cc A sd TUS CTO Find IP amp MAC Binding Entry MAC Address 00 E0 40 00 07 BE IP A
33. e Delete button to delete the entry Click the Enable All button to enable all the entries Click the Disable All button to disable all the entries Click the Delete All button to delete all the entries 50 TL R6OOVPN REA el cc A sd TUS CITO Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 9 3 Connection Status Choose the menu PPTP VPN Server Connection Status you can view the connection status of each user in the next screen shown in Figure 4 47 Connection Status ID Account Remote IP Address PPTP IP Address Online Time Figure 4 47 gt Remote IP Address Displays the original IP address of the remote client gt PPTP IP Address Displays the IP address the PPTP Server assigned to the remote client gt Online Time Displays the online time of the PPTP Server 4 10 Static Routing Choose menu Static Routing you can configure the static route in the next screen shown in Figure 4 48 A static route is a pre determined path that network information must travel to reach a specific host or network Static Routing ID Destination IP Address Subnet Mask Default Gateway Status Modify 1 222 88 88 100 255 255 255 0 222 100 00 1 Disabled Modify Delete Figure 4 48 gt Destination IP Address The Destination IP Address is the address of the network or host that you want to assign to a static route gt Su
34. e IP parameters 15 TL RGO0OVPN REESE TUN O El ERE MIS ES WAN Connection Type Dynamic IP v IP Address 192 168 2 2 Subnet Mask 255 255 Aa Default Gateway 192 168 2 1 Release MTU Size in bytes 1500 The default is 1500 do not change unless necessary F Use These DNS Servers secondary DNS 0000 Optional Host Name TL REDO PRJ GetIP with Unicast DHCP tis usually not required save Figure 4 3 gt MTU Size The normal MTU Maximum Transmission Unit value for most Ethernet networks is 1500 Bytes For some ISPs you need to reduce the MTU But this is rarely required and should not be done unless you are sure it is necessary for your ISP connection gt Primary DNS amp Secondary DNS If your ISP gives you one or two DNS addresses select Use These DNS Servers and enter the primary and secondary addresses into the correct fields Otherwise the DNS servers will be assigned dynamically from ISP gt Host Name This option specifies the host name of the router c Note If you get Address not found errors when you go to a Web site it is likely that your DNS servers are set up improperly You should contact your ISP to get correct DNS server gt Get IP with Unicast DHCP A few ISPs DHCP servers do not support the broadcast applications If you can not get the IP address normally you can choose this option You don t need select this option generally 2 TL R6OO
35. e entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 7 3 Target Choose menu Access Control Target you can configure Target of the Access Control rule in the next screen shown in Figure 4 33 Target Settings ID Target Description information Modify Ado New Current No Figure 4 33 gt Target Description Displays the description of the target and the description is unique gt Information Displays the IP address port or domain name that the PCs can access or not To add modify a target for Access Control Rule Step 1 Click Add New Modify shown in Figure 4 33 you will see a new screen shown in Figure 4 34 Step 2 Select the Mode Protocol and Common Service Port and enter the Target Description IP Address and Target port 40 TL R6OOVPN REA e rc A US CTO Add or Modify an Access Target Entry Mode IP Address Target Description IP Address Target Port Protocol Common Service Port please select wal Figure 4 34 Step 3 Click the Save button Other configurations for the entries as shown in Figure 4 33 Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 7 4 Schedule Choose menu Access Control Target you can
36. en shown in Figure 4 69 to proceed File Download Do you want to save this file El Mame config bin E Type Unknown File Type From 192 168 0 1 Dave co Cancel While files from the Internet can be useful some files can potentially harm your computer IF you do not trust the source do not save this file What s the risk Figure 4 69 Step 2 Save the file as the appointed file Shown in Figure 4 70 64 TL R6OOVPN REA e cc US US TT Savein i TL REDO PH My Recent Documents Desktop biy Documents My Computer A My Network Save as type BIN file Wt Cancel Figure 4 70 To restore the Router s settings Step 1 Click the Browse button to locate the update file for the device or enter the exact path to the Setting file in the text box Step 2 Click the Restore button to complete 4 14 6 Reboot Choose menu System Tools Reboot click the Reboot button to reboot the router via the next screen Click this button to reboot the device Figure 4 71 ca Note Some settings of the router will take effect only after rebooting which include 1 Change LAN IP Address System will reboot automatically N MAC Clone system will reboot automatically Eh O DHCP service function Static address assignment of DHCP server Ol Web Service Port of the router TL R6OOVPN REA cc A US CTO 6 Upgrade the firmware of the router system will re
37. equested c Note Sometimes the connection cannot be disconnected although you specify a time to Max Idle Time because some applications visit the Internet continually in the background 5 L2TP Russia L2TP If your ISP provides L2TP connection please select L2TP Russia L2TP option 21 TL R6OOVPN REA e cc A US CTO WAN Connection Type User Name Password Server IP Address Name L2TP Russia LATP e Username AL Disconnected DynamicIP Static IP po Vv M Vv Yy IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway 0 0 0 0 DNS 0 0 0 0 0 0 0 0 Internet IP Address 0 0 0 0 Internet DNS 0 0 0 0 0 0 0 0 MTU Size in bytes 1460 The defaultis 1460 do not change unless necessary Max Idle Time minutes 0 means remain active at all times WAN Connection Mode Connect on Demand Connect Automatically Connect Manually Figure 4 8 User Name Password Enter the User Name and Password provided by your ISP These fields are case sensitive Connect on Demand You can configure the router to disconnect your Internet connection after a specified period of the Internet connectivity Max Idle Time If your Internet connection has been terminated due to inactivity Connect on Demand enables the router to automatically re establish your connection as soon as you attempt to access the Internet again If you wish to activate Connect on Demand click the radio button If y
38. fy the Incoming SPI Security Parameter Index manually The Incoming SPI here must match the Outgoing SPI value at the other end of the tunnel and vice versa In Authentication Specify the inbound AH Authentication Key manually if AH Key protocol is used in the corresponding IPsec Proposal The inbound key here must match the outbound AH 47 TL R6OOVPN REA e cc A US CTO authentication key at the other end of the tunnel and vice versa In Encryption Key Specify the Inbound Encryption Key manually if ESP protocol The inbound key here must match the outbound Encryption Key at the other end of the tunnel and vice versa Outgoing SPI Specify the Outgoing SPI Security Parameter Index manually The Outgoing SPI here must match the Incoming SPI value at the other end of the tunnel and vice versa Out Authentication Specify the outbound AH Authentication Key manually if Key AH protocol is used in the corresponding IPsec Proposal The outbound key here must match the inbound AH authentication key at the other end of the tunnel and vice versa Out Encryption Specify the outbound Encryption Key manually The Key outbound key here must match the inbound Encryption Key at the other end of the tunnel and vice versa Status Enable or Disable the entry Other configurations for the entries as shown in Figure 4 40 Click the Delete All button to delete all the entries Click the Previous button to view the inform
39. g list Click the Bind All button to bind all the current items available after enable Click the Load All button to load all items to the IP amp MAC Binding list shown in Figure 4 55 Click the Refresh button to refresh all items ca Note An item could not be loaded to the IP amp MAC Binding list if the IP address of the item has been loaded before 4 13 Dynamic DNS Choose menu Dynamic DNS you can configure Dynamic DNS function The router offers a Dynamic Domain Name System DDNS feature DDNS lets you assign a fixed host and domain name to a dynamic Internet IP address It is useful when you are hosting your own website FTP server or other server behind the router Before using this feature you need to sign up for DDNS service providers such as www dyndns org or www oray net or www comexe cn or www no ip com The Dynamic DNS client service provider will give you a password or key 4 13 1 Dyndns DDNS If your dynamic DNS Service Provider is www dyndns org you can configure in the next screen shown in Figure 4 59 Service Provider Dindns www dyndns org Goto register Password Domain Hame Enable DONS Connection Status CONS not launching Figure 4 59 gt Connection Status The status of the DDNS service is displayed here To set up for Dyndns DDNS follow these instructions Step 1 Type the User Name and Password for your DDNS account Step 2 Enter the domai
40. gure the basic network parameters To continue please click the Next button To exit please click the Exit button Exit Next Figure 3 8 Step 2 Select the connection type to connect to the ISP and then click the Next button Quick Setup WAN Connection Type The Quick Setup is preparing to setup your connection type of YWAN port The Router will try to detect the Internet connection tpe your ISF provides ifyou select the Auto Detect option otherwise you need to specify the connection type manually Auto Detect Let the Router automatically detect the connection type your ISP provides PPPoE Usually for ADSL Modern and you will need a PPPoE username and password from your ISF O Dynamic IP Usually for Cable Modern and the router will automatically obtain an IP address from the DHCP server Static IP This type of connection uses a permanent fixed static IP address that your ISF assigned Next Figure 3 9 10 TL R6OOVPN REA el A US amet Ce c Note Four ways to connect to Internet are provided in Quick Setup Please select one compatible with your ISP If you are given another way not listed here refer to Network WAN for detailed list Step 3 If Auto Detect is chosen the router will detect the Internet connection type provided by your ISP automatically Quick Setup WAN Connection Type Detecting the connection type your ISP provides please wait Figure 3 10 Step 4 If you choose PP
41. he entries as shown in Figure 4 38 Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 8 2 IPsec Choose menu IPsec VPN gt IPsec you can configure the related parameters for IPsec negotiation and view the IPsec policy in the next screen shown in Figure 4 40 TL RG0OVPN REESE TU O El RETA ISE List of IPsec Policy IPsec Enable O Disable ID Policy Name Local Subnet Remote Subnet Exchange Mode Status Modify policy 192 158 2 0524 142 168 1 0024 IKE Enabled Modifr Delete Add New Delete All Current Mo 1 Page Figure 4 40 gt IPSec Enable or disable IPsec and click save to apply gt Policy Name The unique name to the IPsec policy for identification and management purposes gt Local Subnet The IP address range on your local LAN to identify which PCs on your LAN are covered by this policy It s formed by IP address and subnet mask gt Remote Subnet The IP address range on your remote network to identify which PCs on the remote network are covered by this policy It s formed by IP address and subnet mask gt Exchange Mode The negotiation mode for the policy To add modify an IPsec entry Step 1 Click Add New Modify shown in Figure 4 40 you will see a new screen shown in Figure 4 41 Step 2 Enter the Policy Name Local Subnet Remo
42. hen click the Properties button lt Local Area Connection Properties General Authentication Advanced Connect using Eg Realtek ATLE139 Family PC Fast Ett This connection uses the following items El Client for Microsoft Networks Ed a File and Printer e for Microsoft Networks z Sose z _ Install Uninet o Properties Po Description Transmission Control Protocal lnternet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected Notify me when this connection has limited or no connectivity Figure 3 3 TL RG0OVPN REESE TUN O El ERA MIS E Step 4 Configure the IP address as shown in Figure 3 4 After that click OK Internet Protocol TCP IP Properties General Tou can getlP settings assigned automatically if your network supports this capability Othermize you need to ask your network administrator hor the appropriate IP settings Obtain an IF address automatically Use the following IF address IP address 192 1 ei 0 2 Subnet mask 255 e La O A El Default gateway 192 168 0 1 2 Use the following ONS server addresses Preferred ONS server 192 168 U 1 Alternate DNS server Figure 3 4 CS Note You can configure the PC to get an IP address automatically select Obtain an IP address automatically and Obtain DNS server address
43. his is because there may still be active applications in the background which may cause fee accounted by your ISP Connect Automatically Connect automatically after the router is disconnected To use this option click the radio button Time based Connecting You can configure the router to make it connect or disconnect based on time Enter the start time in HH MM for connecting and end time in HH MM for disconnecting in the Period of Time fields TL R6OOVPN REA cc A CO c Note Only you have set the system time on System Tools Time screen will the Time based Connecting function take effect gt Connect Manually You can configure the router to make it connect or disconnect manually After a specified period of inactivity Max Idle Time the router will disconnect your Internet connection and not be able to re establish your connection automatically even though you attempt to access the Internet again You need click the Connect button manually to connect immediately or click the Disconnect button manually to disconnect immediately To use this option click the radio button If you want your Internet connection to remain active at all times enter 0 in the Max Idle Time field Otherwise enter the number in minutes that you wish to have the Internet connecting last unless a new link is requested c Note 1 If you want your Internet connection to remain active at all times enter O in the Max Idle Time field Otherwise enter
44. hold 5 3600 50 Packatsis Block Ping Packet From WAM Port Block Ping Packet From LAM Port Figure 4 26 Packets Statistics Interval This is the interval for capturing the statistics DoS Attack Defense Enable or disable the DoS Attack Defense Enable ICMP FLOOD Attack Filtering The attackers flood normal communication by attacking the server with a lot of ICMP packets Check the box to activate the function to prevent an ICMP Flood attack The threshold should be within the range of 5 3600 and the default value is 50 Enable UDP FLOOD Filtering Check the box to activate the function to prevent the UDP Flood attack of a fixed source IP Once the packets rate exceeds threshold value the packets will be blocked The threshold should be within the range of 5 3600 and the default value is 500 Enable TCP SYN FLOOD Attack Filtering Check the box to activate the function to prevent a TCP SYN Flood attack Once the packets rate exceeds threshold value the packets will be blocked The threshold should be within the range of 5 3600 and the default value is 50 TL R6OOVPN REA cl rc A TUS CTO 4 6 3 Local Management Choose menu Security Local Management you can configure to prevent the local PCs from accessing the router s web based utility in the next screen shown in Figure 4 27 Local Management Management Rules Allthe PCs on the LAN are allowed to access the Routers Web Based Utility Only the PCs listed
45. idth Control the next submenus are shown below Bandwidth Control Control Settings Figure 4 50 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 4 11 1 Control Settings Choose menu Control Settings you can configure the Egress Bandwidth and Ingress Band width in the next screen shown in Figure 4 51 52 TL R6OOVPN REA cl cc A TUS CTO Bandwidth Control Settings Enable Bandwidth Control C Line Type ADSL Other Egress Bandwidth 512 kbps Ingress Bandwidth 2048 kbps Figure 4 51 gt Enable Bandwidth Control Enable or disable the Bandwidth Control Line Type Select the Line Type of the WAN port gt Egress Ingress Bandwidth Enter the Egress and Ingress Bandwidth through the WAN Yy port 4 11 2 Rule List Bandwidth Control Rules List Egress Bandwidthikbpsi Ingress Bandwidthikbpsi ID Description Enable hd o dif Wiin blax Wiin hax 1 192 168 0 100 192 166 0 199 1100 1000 100 1000 Modity Delete Now is the 1 v page Figure 4 52 gt Description This is the information about the rules such as address range Egress bandwidth This field displays the max and mix upload bandwidth through the WAN port the default is 0 gt Ingress bandwidth This field displays the max and mix download bandwidth through the WAN port the default is 0 gt Enable This displays the stat
46. ilitarized Zone allows one local host to be exposed to the Internet for a special purpose service such as Internet gaming or videoconferencing DNS Domain Name Server An Internet Server that translates the names of websites into IP addresses Domain Name A descriptive name for an address or group of addresses on the Internet DoS Denial of Service A hacker attack designed to prevent your computer or network from operating or communicating DSL Digital Subscriber Line A technology that allows data to be sent or received over existing traditional phone lines ISP Internet Service Provider A company that provides access to the Internet MTU Maximum Transmission Unit The size in bytes of the largest packet that can be transmitted NAT Network Address Translation NAT technology translates IP addresses of a local area network to a different IP address for the Internet PPPOE Point to Point Protocol over Ethernet PPPOE is a protocol for connecting remote hosts to the Internet over an always on connection by simulating a dial up connection 76
47. ill be refreshed automatically during the Packets Statistics Interval Click the Refresh button to refresh the information in the table immediately Click the Auto refresh checkbox to refresh automatically Click the Refresh button to refresh immediately Click the Reset All button to recount again Click the Delete All button to delete all the number 69 TL R6OOVPN REA e rc A sd TUS CTO Appendix A Specifications IEEE 802 3 IEEE 802 3u IEEE 802 3ab TCP IP DHCP ICMP NAT PPPoE SNTP HTTP DNS Safety amp Emission FCC CE One 10 100 1000Mbps Auto Negotiation WAN RJ45 port Standards and Protocols Four 10 100 1000Mbps Auto Negotiation LAN RJ45 ports 10BASE T UTP category 3 4 5 cable maximum 100m ElA TIA 568 1000 STP maximum 100m 100BASE TX UTP category 5 5e cable maximum 100m EIA TIA 568 1000 STP maximum 100m Cabling Type 1000BASE T UTP STP of Category 5 5e 6 or above maximum 100m Physical and Environment Working Temperature 0 C 40 C 32F 104 F Working Humidity 10 90 RH Non condensing 70 TL R6OOVPN REA cc A US CTO Appendix B Preventing Lightning To avoid damage during a lightning storm and ensure a stable performance our router has adopted the professional lightning protection technology to prevent the lightning However although these measures have been taken to protect TL R600VPN from lightning if the lightning intensity exceeds a certain range damage
48. ion by clicking the button If you have not connected to the Internet a Connect button will be shown and you can then establish the connection by clicking the button gt Traffic Statistics This field displays the traffic statistics of WAN ports gt System Up Time This field displays the time of the router running from the time it is powered on or is reset TL R6OOVPN REA e cc A US CTO 4 2 Quick Setup Please refer to chapter 3 Quick Installation Guide 4 3 Network Choose menu Network the next submenus are shown below LAN MAC Clone Figure 4 2 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 4 3 1 WAN Choose menu Network WAN you can configure the IP parameters of the WAN on the screen below The Router provides six connection types for WAN to connect to the Internet they are Dynamic IP Static IP PPPoE Russia PPPoE BigPondCable L2TP Russia L2TP and PPTP Russia PPTP For configuring the WAN you should select the connection type firstly according to your needs 1 Dynamic IP If you aren t given any login parameters and IP information please select Dynamic IP shown in Figure 4 3 then the router will automatically get IP parameters from your ISP Click the Renew button to renew the IP parameters from your ISP Click the Release button to release th
49. l are manually input and no key negotiation is needed e IKE Mode Security Policy Authentication Algorithm It is available when IKE is selected as the negotiation mode Select the Security Policy for IPsec Select the Authentication Algorithm for IPsec policy The default value is Auto TL R6OOVPN REA cc A US CTO Encryption Algorithm Select the Encryption Algorithm for IPsec policy The default value is Auto IKE Security Policy Select the IKE Security Policy for IPsec policy PFS Group Select the PFS Perfect Forward Security for IKE mode to enhance security This setting should match the remote peer With PFS feature IKE negotiates to create a new key in Phase2 As it is independent of the key created in Phase this key can be secure even when the key in Phasel is de encrypted Without PFS the key in Phase2 is created based on the key in Phase1 and thus once the key in Phase1 is de encrypted the key in Phase2 is easy to be de encrypted in this case the communication secrecy is threatened Lifetime Specify IPsec SA Lifetime for IKE mode Status Enable or disable the entry e Manual Mode Security Protocol Select the Security Protocol for IPsec Authentication Select the Authentication Algorithm for IPsec policy The Algorithm default value is SHA1 Encryption Select the Encryption Algorithm for IPsec policy The Algorithm default value is AES256 Incoming SPI Speci
50. llowed to be used only by one host on LAN synchronously The trigger connection of other hosts on LAN will be refused 4 Incoming Port Range cannot overlap each other Other configurations for the entries as shown in Figure 4 20 Click the Delete button to delete the entry Click the Enable All button to enable all the entries Click the Disable All button to disable all the entries Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen TL R6OOVPN REA e cc A US CTO 4 5 3 DMZ Choose menu Forwarding DMZ you can view and configure DMZ host in the screen shown in Figure 4 22 The DMZ host feature allows one local host to be exposed to the Internet for a special purpose service such as Internet gaming or videoconferencing DMZ host forwards all the ports at the same time Any PC whose port is being forwarded must have its DHCP client function disabled and should have a new static IP address assigned to it because its IP address may change when using the DHCP function Current DMZ Status O Enabled Disabled DMZ Host IP Address 0000 save Figure 4 22 To assign a computer or server to be a DMZ server Step 1 Click the Enable radio button Step 2 Enter the local host IP address in the DMZ Host IP Address field Step 3 Click the Save button ce Note After you set the DMZ h
51. lue between 0 and 120 The router will detect Access Concentrator online at every interval between the times If the value is 0 it means the Router does not detect Primary DNS 8 Secondary DNS If you know that your ISP does not automatically transmit DNS addresses to the router during login select Use the following DNS servers and enter the address in dotted decimal notation of your ISP s primary DNS server If a secondary DNS server address Is available enter it as well BigPond Cable If your ISP provides BigPond Cable or Heart Beat Signal connection please select BigPond Cable option AN Yy WAH Connection Type BigPond Cable a User Name username Auth Domain MTU Size in bytes 1500 The defaultis 1500 do not change unless necessary Connect an Demand hax Idle Time minutes 0 means remain active at all times Connect Automatically Connect Manually hax Idle Time 15 minutes 0 means remain active at all times Connect Disconnected save Figure 4 7 User Name Password Enter the User Name and Password provided by your ISP These fields are case sensitive Auth Server Enter the authenticating server IP address or host name Auth Domain Type in the domain suffix server name based on your location MTU Size The normal MTU Maximum Transmit Unit value for most Ethernet networks is 1500 bytes For some ISPs you may need to modify the MTU But this is rarely required a
52. menus will be available after you click one of the main menus On the center of the web based Utility you can configure the function Besides this you can refer to the help on the right of the Web based Utility To apply any settings you have altered on the page please click the Save button 4 1 Status Choose Status menu you can view the router s current status and configuration as shown in Figure 4 1 All information is read only 13 TL R6OOVPN REA cc A US CTO Firmware Version 1 0 0 Build 111028 Rel 51449n Hardware Version REOO YPH v1 00000000 LAN MAC Address 00 04 EB 1 3 76 00 IP Address 192 168 0 1 Subnet Mask 255 255 255 0 WAN MAC Address 00 04 EB 13 78 01 IP Address 192 168 2 4 Dynamic IP Subnet Mask 299 259 259 0 Default Gateway 192 168 2 1 DNS Server 182 168 2 1 0 0 0 0 Traffic Statistics Received sent Bytes 1596589897 392484096 Packets 164096 1317117 System Up Time 3 days 22 20 38 Figure 4 1 gt LAN This field displays the current information for the LAN including the MAC address IP address and Subnet Mask gt WAN This field displays the parameters applied to the WAN port of the router including MAC address IP address Subnet Mask Default Gateway and so on c Note If PPPoE L2TP PPTP is chosen as the WAN connection type the Disconnect button will be shown here while you are accessing the Internet You can also cut the connect
53. n name that your dynamic DNS service provider offers Step 3 Enable DDNS and click Save to save the current configuration Click Login to login the DDNS service 57 TL R6OOVPN REA e cc A US CTO Click Logout to logout the DDNS service The status of the DDNS service connection is displayed in the Connection Status field 4 13 2 PeanutHull DDNS If your dynamic DNS Service Provider is www oray net you can configure in the next screen shown in Figure 4 60 service Provider PeanutHull www oray com Goto register User Name username Enable DONS Connection Status DORMS notlaunching Service Type Domain Name MILL Save Figure 4 60 To set up for PeanutHull DDNS follow these instructions Step 1 Type the User Name and Password for your DDNS account Step 2 Enable DDNS and click Save to save the current configuration Click the Login button to login to the DDNS service Click Logout to logout of the DDNS service The status of the DDNS service connection is displayed in the Connection Status field 4 13 3 Comexe DDNS If your dynamic DNS Service Provider is www comexe cn you can configure in the next screen shown in Figure 4 61 TL R6OOVPN REA e cc A TUS CTO DONS Service Provider Comexe ind COMEXE CH w Go to register Domain Name Domain Name Domain Name Domain Name Domain Name ll User Name username Password Enable DONS Connection Stat
54. n port number defined in the Trigger Port field Step 2 The router records this connection opens the incoming port or ports associated with this entry in the Port Triggering table and associates them with the local host Step 3 When necessary the external host will be able to connect to the local host using one of the ports defined in the Incoming Ports field 31 TL R6OOVPN REA ec A US CTO To add modify a port triggering entry Step 1 Step 2 Click Add New Modify shown in Figure 4 20 you will see a new screen shown in Figure 4 21 Select the application you want from the Common Applications then the Trigger port and Incoming ports will be added to the corresponding field automatically you only need to configure the Trigger protocol and Incoming Protocol for the entry If the Common Applications does not contain the applications that you want please configure these options manually Add or Modify a Port Triggering Entry Trigger Port 1102 Trigger Protocol ALL oo Incoming Port 1102 Incoming Protocol ALL oo Status Enabled Common Applications Rattle net Save Figure 4 21 Step 3 After that select Enabled to make the entry take effect Step 4 Click Save button to save the configuration ca Note 1 If you want to add more than one reserved IP please go to step 1 to continue 2 When the trigger connection is released the according opening ports will be closed 3 Each rule a
55. nd should not be done unless you are sure it is necessary for your ISP connection 20 TL R6OOVPN REA cc A US CTO gt Connect on Demand You can configure the router to disconnect your Internet connection after a specified period of the Internet connectivity Max Idle Time If your Internet connection has been terminated due to inactivity Connect on Demand enables the router to automatically re establish your connection as soon as you attempt to access the Internet again If you wish to activate Connect on Demand click the radio button If you want your Internet connection to remain active at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet connection terminates gt Connect Automatically Connect automatically after the router is disconnected To use this option click the radio button gt Connect Manually You can configure the router to make it connect or disconnect manually After a specified period of inactivity Max Idle Time the router will disconnect your Internet connection and not be able to re establish your connection automatically as soon as you attempt to access the Internet again To use this option click the radio button If you want your Internet connection to remain active at all times enter 0 in the Max Idle Time field Otherwise enter the number in minutes that you wish to have the Internet connecting last unless a new link r
56. near a heater or heating vent gt The router should not be cluttered or crowded There should be at least 2 inches 5 cm of clear space on all sides of the router gt The router should be well ventilated especially if it is in a closet gt Operating temperature 0 C 40 C 32 F 104T gt Operating Humidity 10 90 RH Non condensing c Note 1 Do not use this product near water for example in a wet basement or near a swimming pool 2 Avoid using this product during an electrical storm There may be a remote risk of electric shock from lightning 2 4 Connect to Ground Connecting the router to ground is to quickly release the lightning over voltage and over current of the router which is also a necessary measure to protect the body from electric shock The following will instruct you to connect the Router to the Ground Connecting to the Ground via the power supply The Router can be grounded via the PE Protecting Earth cable of the AC power supply as shown in the following figure TL R6OOVPN REA cl rc A TUS CTO Y EGO 2 1 AC Power Cord with PE cable 2 Router Rear Panel ca Note If you intend to connect the Router to the ground via the PE Protecting Earth cable of AC power cord please make sure the PE Protecting Earth cable in the electrical outlet is well grounded in advance 2 5 Connecting the Router Before you install the router you should connect your PC to the In
57. nnnnnanenanannos 2 ZA Panel La OU ina 2 Za TRAS es 61 exes gt te Lele ad lo ce din ed 2 Ze IM RCP da 2 Ze Sy SIEM IREGUINEMOEING a e a 3 2 3 Installation Environment Requirements occooccoccoccccncociconconccocnconoconnnnoncoconcononanonnonancnnnos 3 24 SOME CLOS FOUNA lt A isc 3 2 50 Connecting Me Router aiii i sabes wscasuetoanu e a de esemeunshte 4 Chapter 3 Quick Installation Guide oncoccconconcccnconccccccnnoncccncnaronncancnnrnannenannnnos 6 dal COMIQUIS Pana errar dt na o ee ia Dd net Sai asa 6 o EE ance 9 Chapter 4 Configuring the Router cconcccncocccocccocccnoconaconanonnnonnonanenarenaronnrnanenns 13 AT alado ee 13 4A 0 e res 10 6 etter A nc eee Ce re 15 BS A 15 A ete huah aati deen A 15 BO AN o do 24 O A A ee 25 4a acerca eae ee theae daca sated a E 26 AA DAGA SOUS uo incita 26 44 2 D GCGP Clients USE a n a aE aa E EA 27 44 gt Addiess RE E A iorenn eect ceees 27 A Forwarding esse E aE E E 29 AI A 29 AA ONO oaea e a 31 O A ee 33 A E a A o A 33 AO OCCU A a Ne Oe nee 34 401 Basic ecu ab 34 A62 Advance ocu ceanna ctas d 36 4 6 3 Local Management oocccconncccocccoconoconononononccnnnncnnnnnnnnnnnnnonnnonannnnannnnnnnnnnnnnnnnnnnnnnnnacenannnss 37 AT ACCESS COMMO lied scars dia 37 A RUIG aua Re ee ee eee eee 38 Aa oy eRe ae OREN RON O OS 39 AS A ais 40 ASA SONES iS AA SA AAA ne ee 41 HS WP SEG VEN a ido 42 A 42 AZ MES a aan 44 AE A ne ee eee ee ere 48 250
58. nt Yy gt Lease Time This field displays the time of the DHCP client leased Before the time is up DHCP client will request to renew the lease automatically 4 4 3 Address Reservation Choose menu DHCP Address Reservation you can view and add reserved addresses for clients via the next screen shown in Figure 4 15 If you specify a reserved IP address for a PC on the LAN that PC will always receive the same IP address each time when it accesses the DHCP server Reserved IP addresses should be assigned to servers that require permanent IP settings 27 TL R6OOVPN REA cc sd TUS CTO Address Reservation ID MAC Address Reserved IP Address Status Modify 1 00 19 66 149 40 7F 1942 168 0 100 Enabled Modify Delete Add New Enable All Disable All Delete All Figure 4 15 gt MAC Address This field displays the MAC address of the PC for which you want to reserve IP address V Assigned IP Address This field displays the IP address of the router reserved Yy Status This field displays the status of the virtual server entry Enabled means that the entry will take effect Disabled means that the entry will not take effect To add modify a reserved IP address Step 1 Click Add New Modify shown in Figure 4 15 you will see a new screen shown in Figure 4 16 Step 2 Enter the MAC address IP address and select Status as shown in the screen below Add or Modify a Address Reservation Entr
59. o save the configuration c Note 1 This setting will be used for some time based functions such as firewall You must specify your time zone once you login to the router successfully or else the time limited on these functions will not take effect 2 The time will be lost if the router is turned off 3 The router will obtain GMT time automatically from Internet if it has already connected to the Internet TL R6OOVPN REA cc A US CTO 4 14 2 Diagnostic Tools Choose menu System Tools Diagnostic Tools you can test the connectivity between the router and the destination on this page Diagnostic Tools Diagnostic Parameters Diagnostic Tool Ping O Traceroute IP Address Domain Name A Ping Count 1 50 Ping Packet Size 4 14 72 Bytes Ping Timeout 100 2000 Milliseconds Traceroute Hops o 1 30 Diagnostic Results The Router is ready Figure 4 65 Diagnostic Tool Choose the diagnostic tool Ping and Tracert are available IP address Domain Name Enter destination IP address or Domain name here Ping Count Indicates the number of Echo Request messages sent The default is 4 Ping Packet Size Indicates the data field length of ping packet Ping Timeout Indicates the time before the Ping timeout VV VV V WV Traceroute Hops Specify the maximum hops of the Traceroute here Click Start to start the test and the result will display in the Diagnostic Result table c Note 1
60. ost the firewall related to the host will not take effect 4 5 4 UPnP Choose menu Forwarding UPHnP you can view the information about UPnP in the screen shown in Figure 4 23 You can click Refresh to update the Current UPnP Settings List before viewing the information The Universal Plug and Play UPnP feature allows the devices such as Internet computers to access the local host resources or devices as needed UPnP devices can be automatically discovered by the UPnP service application on the LAN TL RG0OVPN REESE Ta eam elle feleli Jger leley lale Me IS mm CITIT Current UPnP Status Enabled Current UPnP Settings List ID App Description External Port Protocol internal Port IP Address Status Figure 4 23 Current UPnP Status If you want to use the Router s UPnP function please click Enable V button If you don t want use the function please click Disable button Allowing the function may cause a risk to security this feature is disabled by default Yy App Description This displays the description provided by the application in the UPnP request External Port This displays the external port which the router opened for the application Protocol This displays the protocol for the application Internal Port This displays the internal port which the router opened for local host IP Address The UPnP device that is currently accessing the router Y Y VV WV Status This displays the s
61. ou want your Internet connection to remain active at all times enter 0 in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet connection terminates Connect Automatically Connect automatically after the router is disconnected To use this option click the radio button Connect Manually You can configure the router to make it connect or disconnect manually After a specified period of inactivity Max Idle Time the router will disconnect your Internet connection and not be able to re establish your connection automatically as soon as you attempt to access the Internet again To use this option click the radio button If you want your Internet connection to remain active at all times enter 0 in the Max Idle Time field 22 TL R6OOVPN REA cl cc A US CTO Otherwise enter the number in minutes that you wish to have the Internet connecting last unless a new link requested ca Note Sometimes the connection cannot be disconnected although you specify a time to Max Idle Time because some applications visit the Internet continually in the background 6 PPTP Russia PPTP If your ISP provides PPTP connection please select PPTP Russia PPTP option WAN Connection Type PPTP Russia PPTP w User Name username Connect Disconnected DynamicIP Static IP Server IP Address Name 1 1 1 1 IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway 0 0 0 0 DNS 0 0 0
62. r VV VV VV VV WV 1 3 Conventions Parameters provided in the pictures are just references for setting up the product which may differ from the actual situation You can set the parameters according to your demand TL R6OOVPN REA e cc A US CTO Chapter 2 Hardware installation 2 1 Panel Layout 2 1 1 The Front Panel The Router s LEDs are located on the front panel Viewed from left to right TP LINK TL R600VPN m LAN SafeStream 2 3 4 1000Mbps Gigabit Broadband VPN Router Ol 10 100Mbps Figure 2 1 LED Descriptions Not lit The router is powered off Lit up Green The router is powered on Not lit The router has a hardware error Lit up Green The router has a hardware error Flashing The router works properly Green Not lit There is no device linked to the corresponding port There is a device linked to the corresponding port but no Lit up activity Green light indicates the linked device is running at Green Yellow 1000Mbps and yellow indicates the linked device is running at 10 100Mbps The corresponding port is transmitting or receiving data Flashing Green light indicates the linked device is running at Green Yellow 1000Mbps and yellow indicates the linked device is running at 10 100Mbps WAN LAN 2 1 2 The Rear Panel The rear panel contains the following features Viewed from left to right III 100 240V 50 60Hz 0 3A RESET LAN WAN
63. rect information Vv Yy 4 V Yy TL RGOOVPN REESE RETA MIS ES WAN Connection Type PPPoaEsRussia PPPoE PPPoE Connection Secondary Connection Disabled Dynamic Static IP For Dual AccessfRussia PPPoE Wan Connection Mode Connect on Demand hax Idle Time minutes 0 means remain active at all times Connect Automatically O Time based Connecting Period of Time fram o o HH MM to 23 3 59 HH Mit Connect Manually hax Idle Time 115 minutes 0 means remain active at all times Connect Disconnected Figure 4 5 User Name Password Enter the User Name and Password provided by your ISP These fields are case sensitive Connect on Demand You can configure the router to disconnect your Internet connection after a specified period of inactivity Max Idle Time If your Internet connection has been terminated due to inactivity Connect on Demand enables the router to automatically re establish your connection as soon as you attempt to access the Internet again If you wish to activate Connect on Demand check the radio button and click Save to apply Note 1 If you want your Internet connection to remain active at all times enter O in the Max Idle Time field Otherwise enter the number of minutes you want to have elapsed before your Internet connection terminates 2 Sometimes the connection can not be disconnected although you specify a time to Max Idle Time T
64. tatus Enabled means that the port is still active Disabled means that the port is inactive 4 6 Security Choose menu Security the next submenus are shown below Security Advanced Security Local Management Figure 4 24 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 4 6 1 Basic Security Choose menu Security Basic Security you can configure the basic security of the router in the next screen shown in Figure 4 25 34 TL R6OOVPN REA cc A sd TUS CTO Firewall SPI Firewall Enable Disable VPN PPTP Passthrough Enable Disable L2TP Passthrough Enable Disable IPSec Passthrough Enable Disable ALG FTP ALG Enable Disable TFTP ALG Enable Disable H323 ALG Enable Disable RTSP ALG Enable Disable Figure 4 25 gt Firewall Enable the general firewall or not e SPI Firewall SPI Stateful Packet Inspection keeps track of the state of network connections traveling across it It distinguishes legitimate packets for different types of connections Only packets matching a known active connection will be allowed by the firewall others will be rejected SPI Firewall is enabled by factory default If you want all the computers on the LAN exposed to the external network you can disable it gt VPN VPN Passthrough must be enabled if you want to
65. te Subnet Remote Gateway PFS Lifetime and then select the Exchange Mode Security Protocol Authentication Algorithm Encryption Algorithm IKE Security Policy PFS Group Then enable or disable the settings TL R600VPN IPsec Policy Settings Policy Name Local Subnet Remote Subnet Remote Gateway Exchange Mode security Protocol Authentication Algorithm Encryption Algorithm IKE Security Policy PFS Group PFS Lifetime Status SafeStream Gigabit Broadband VPN Router User Guide IKE O Manual ESP w policy Click here to add IKE list NGNE 20000 seconds 60 6048600 Enable AUTO l Save Back gn cu T A Figure 4 41 gt Policy Name Enter the unique name to the IPsec policy for identification and management purposes gt Local Subnet Enter the IP address range on your local LAN to identify which PCs on your LAN are covered by this policy It s formed by IP address and subnet mask gt Remote Subnet Enter the IP address range on your remote network to identify which PCs on the remote network are covered by this policy It s formed by IP address and subnet mask gt Remote Gateway Enter the Remote Gateway lt can be IP address or domain name Exchange Mode Select the negotiation mode for the policy e IKE The parameters for the VPN tunnel are generated automatically via IKE negotiations Manual All settings including the keys for the VPN tunne
66. ternet through your broadband service successfully If there is any problem please contact your ISP for help After that please install the router according to the following steps Don t forget to pull out the power plug and keep your hands dry 1 Power off your PC s Cable DSL modem and the router TL R6OOVPN REA cc A sd TUS CTO Connect the PC s and all Switches Hubs on your LAN to the LAN Ports on the router shown in Figure 2 3 Connect the DSL Cable modem to the WAN port on the router shown in Figure 2 3 Connect the AC power adapter to the AC power socket on the router and the other end into an electrical outlet The router will start to work automatically Power on your PC s and Cable DSL modem 100 240V 50 60Hz 0 3A LAN XDSL Cable Ethernet I EA i Figure 2 3 TL R6OOVPN RRA e A o US amet Ce Chapter 3 Quick Installation Guide This chapter describes how to configure the basic functions of your TL R600VPN SafeStreamTM Gigabit Broadband VPN Router These procedures only take you a few minutes You can access the Internet via the router immediately after it has been successfully configured 3 1 Configure PC Step 1 Click the Start menu on your desktop right click My Network Places and then select Properties shown in Figure 3 1 tio Fl aces poy AIN mingzhu 22 s j Internet i My Documents Internet Explorer 4 My Recent Documen
67. the Virtual TL R6OOVPN REA cc A US CTO Server and DMZ Host may change accordingly at the same time you d better re configure it as well 4 3 3 MAC Clone Choose menu Network MAC Clone you can configure the MAC address of the WAN on the screen below shown in Figure 4 11 Some ISPs require that you register the MAC address of your adapter which is connected to your cable DSL modem or Ethernet during installation You do not generally need to change anything here MAC Clone WAN MAC Address 00 04 EB 13 B 01 Restore Factory MAC Your PCs MAC Address 40 81 86 fc 76 c3 Clone MAC Address Figure 4 11 WAN MAC Address This field displays the current MAC address of the WAN port which is used for the WAN port If your ISP requires that you register the MAC address please enter the correct MAC address into this field The format for the MAC address is XX XX XX XX XX XX for example OO OA EB E6 B9 49 Your PC s MAC Address This field displays the MAC address of the PC that is managing the router If the MAC address is required you can click the Clone MAC Address button and this MAC address will fill in the WAN MAC Address field M V Note 1 Click Restore Factory MAC to restore the MAC address of WAN port to the factory default value 2 Only the PC s on your LAN can use the MAC Address Clone feature 3 After you finish the configuration click the Save button and the router will prompt you
68. the next screen shown in Figure 4 44 PPTP Server Settings PPTP Server O Enable Disable MPPE Encryption O Enable Disable IP Range Start 192 160 0 400 IP Range End 192 160 0 415 Save Figure 4 44 gt PPTP Server Enable or disable the PPTP Server 49 TL R6OOVPN REA e rc US CTO gt MPPE Encryption Enable or disable the MPPE Encryption If enabled the PPTP tunnel will be encrypted by MPPE gt IP Range Start Enter the start IP address to define a range for the server s IP assignment gt IP Range End Enter the end IP address to define a range for the server s IP assignment 4 9 2 Account Settings Choose the menu PPTP VPN Server Account Settings you can configure the PPTP account in the next screen shown in Figure 4 45 PPTP Account Settings ID Account Status Modity 123456 Enabled Modify Delete Add New Enable All Disable All Delete All Figure 4 45 gt Account Displays the PPTP Account gt Status Displays the status of the PPTP Server To add modify a PPTP Account rule Step 1 Click Add New Modify shown in Figure 4 45 you will see a new screen shown in Figure 4 46 Step 2 Enter the Account Password and select the status Add or Modify a PPTP Account Account Confirm Password rT Titi Status Enabled v Ena bled Figure 4 46 Step 3 Click the Save button Other configurations for the entries as shown in Figure 4 45 Click th
69. the number in minutes that you wish to have the Internet connecting last unless a new link is requested 2 Sometimes the connection cannot be disconnected although you specify a time to Max Idle Time This is because there may still be active applications in the background which may cause fee accounted by your ISP Click the Advanced button to set up the advanced option as shown in Figure 4 6 PPPoE Advanced Settings MTU Size in bytes 1480 The defaultis 1480 do not change unless necessary C Use IP address specified by ISP ISP Specified IP Address ooon Detect Online Interval lo Seconds 0 120 seconds the defaultis O O means not detecting C Use the following DNS Servers Secondary DNS loooo Optional Figure 4 6 gt MTU Size The default MTU size is 1480 bytes which is usually fine For some ISPs you need modify the MTU This should not be done unless you are sure it is necessary for your ISP gt Service Name AC Name The service name and AC Access Concentrator name should not be configured unless you are sure it is necessary for your ISP 19 4 TL R6OOVPN BEES UE MMH tle cc A US CTO ISP Specified IP Address If you know that your ISP does not automatically transmit your IP address to the router during login select Use IP Address specified by ISP and enter the IP address in dotted decimal notation which your ISP provided Detect Online Interval The default value is O you can input the va
70. tion change the default IP address to another IP address as desired c Note 1 To access the router you will type your router s WAN IP address into your browser s address in IE or Location in Navigator box followed by a colon and the custom port number For example if your Router s WAN address is 202 96 12 8 and the port number you use is 8080 please enter http 202 96 12 8 8080 in your browser Later you may be asked for the router s password After successfully entering the username and password you will be able to access the router s web based utility 2 Be sure to change the router s default password to a very secure password 4 14 10 Statistics Choose menu System Tools Statistics you can view the statistics of the Router This screen shown in Figure 4 75 displays the network traffic of each PC on LAN including total traffic and current traffic of the last Packets Statistic interval seconds Statistics Current Statistics Status Disabled Packets Statistics Interval 5 60 10 Seconds Auto retreshi Sorted Rules sorted by IP Address ho Reset All Delete All Total Current IP Address Modity MAC Address Packets Bytes Packets Bytes ICMP Tx UOP Tx SYN Tx The current listis empty entries per page Current Mo page Figure 4 75 gt Current Statistics Status Enable or Disable the statistics function The default status is disabled Click the Enable button to use the function Click the
71. ts D_ E mail Microsoft Office Outlook f is My Pictures h 2 Snaglt 7 EJ My Music Windows Media Player Explore Controlf Search for Computers w Microsoft Office Word 2003 Set Prog Map Network Drive PE My Computer Ay MSN Defaults y Disconnect Network Drive oS Printers 3 Windows Messenger A a shonnnDedtop Rename Y Paint Y Hep 9 ties yo Search All Programs gt 77 Run P Log Off o Turn OFF Computer Figure 3 1 Step 2 In the next screen right click Local Area Connection LAN and then select Properties TL R6OOVPN REA cc A US CTO Network Connections Fie Edit View Favorites Tools Advanced Help ae Ipa i PA EE CEE P pi A Search MES Folders Address A Network Connections E ud 50 la LAN or High Speed Internet Network Tasks Create a new d PERRA m ME x A connection Disable Set up a home or small Status office network Change Windows Firewall settings Bridge Connections Daj Disable this network ee ae device Create Shortcut EN Repair this connection Delete mi Rename this connection Rename view status of this connection Change settings of this connection Repair Properties Other Places G Control Panel ud My Network Places G My Documents W My Computer Figure 3 2 Step 3 In the next screen select General tab highlight Internet Protocol TCP IP and t
72. ude DES DES Data Encryption Standard encrypts a 64 bit block of plain text with a 56 bit key 3DES Triple DES encrypts a plain text with 168 bit key O AES128 Uses the AES algorithm and 128 bit key for encryption o AES192 Uses the AES algorithm and 192 bit key for encryption e AES256 Uses the AES algorithm and 256 bit key for encryption gt DH Group The DH Diffie Hellman group to be used in key negotiation phase 1 The DH Group sets the strength of the algorithm in bits Options include DH1 DH2 and DHB5 DH1 768 bits DH2 1024 bits 43 TL R6OOVPN REA cl rc A US CTO DH3 1536 bits gt Pre shared Key The Pre shared Key for IKE authentication and ensure both the two peers use the same key The key should consist of visible characters without blank space To add modify an IKE entry Step 1 Click Add New Modify shown in Figure 4 38 you will see a new screen shown in Figure 4 39 Step 2 Enter the Policy Name Pre Shared Key SA Lifetime and then select the Exchange Mode Authentication Algorithm Encryption Algorithm DH Group Then enable or disable the DPD IKE Policy Settings Policy Name Exchange Mode Main Aggressive Authentication Algorithm AUTO Encryption Algorithm ALTO DH Group DH l Pre shared Key SA Lifetime 28800 seconds 60 6048005 DPD O Enable Disable Figure 4 39 Step 3 Click the Save button Other configurations for t
73. unt of time in which a network user will be allowed connection to the router with their current dynamic IP address Enter the amount of time in minutes the range of the time is 1 2880 minutes The default value is 120 minutes gt Default Gateway Suggest inputting the IP address of the LAN port of the router default value is 192 168 0 1 Optional gt Default Domain Input the domain name of your network Optional gt Primary DNS Input the DNS IP address provided by your ISP You can consult your ISP for it Optional gt Secondary DNS Input the IP address of another DNS server if your ISP provides two DNS servers Optional c Note To use the DHCP server function of the router you must configure all computers on the LAN as Obtain an IP Address automatically mode This function will take effect until the router reboots 4 4 2 DHCP Clients List Choose menu DHCP DHCP Clients List you can view the information about the clients attached to the router in the next screen shown in Figure 4 14 Click the Refresh button to update the information DHCP Clients List D Chent Name MAC Address Assigned IP Lease Time ann 00 19 66 149 40 7F 192 168 0 100 01 59 59 Figure 4 14 gt Client Name This field displays the name of the DHCP client MAC Address This field displays the MAC address of the DHCP client gt Assigned IP This field displays the IP address that the router has allocated to the DHCP clie
74. ure 1720 as the Service Port and enter your IP address assuming 192 168 0 102 for an example then click select the status Enabled and click Save 73 TL R6OOVPN REA cl rc Ad US CTO Virtual Servers ID Service Port IP Address Protocol Status Modify 1 21 142165 0 100 TEP Enabled Modify Delete 2 ol 142168 0 101 TEP Enabled Modify Delete 3 120 142168 0 102 ALL Enabled Modify Delete Add New Enable All Disable All Delete All Figure 4 ce Note Your opposite side should call your WAN IP which is displayed on the Status page Method two Use DMZ Host Login to the router click the menu Forwarding DMZ On the DMZ screen select Enable and enter your IP address into the DMZ Host IP Address field using 192 168 0 102 as an example then to click the Save button Current DMZ Status Enabled Disabled DMZ Hest IP Address 192 168 0 102 Figure 5 7 want to build a WEB Server on the LAN what should I do Because the WEB Server port 80 will interfere with the WEB management port 80 on the router you must change the WEB management port number to avoid interference And then add a WEB Server on your LAN You can follow the steps below to proceed Step 1 To change the WEB management port number Login to the router click the menu System Tools Remote Management On the Remote Management screen enter a port number except 80 such as 88 into the Web Management Port field Click
75. ure the corresponding function The detailed explanations for each submenu are provided below 4 8 1 IKE Choose menu IPsec VPN IKE you can configure the related parameters for IKE negotiation and view the IKE policy in the next screen shown in Figure 4 38 42 TL R6OOVPN REA cc A US CTO List of IKE Policy ID Policy Name Exchange Mode Authentication Encryption DH Group Pre shared Key Modify 1 policy Main ALTO ALTO DH 12345678 hModif Delete Fage Current Mo Figure 4 38 gt Policy Name The unique name to the IKE policy for identification and management purposes gt Exchange Mode Displays the IKE Exchange Mode in phase 1 and the remote VPN peer uses the same mode Oo Main Main mode provides identity protection and exchanges more information which applies to the scenarios with higher requirement for identity protection Oo Aggressive Aggressive Mode establishes a faster connection but with lower security which applies to scenarios with lower requirement for identity protection gt Authentication The authentication algorithm for IKE negotiation Options include Oo MD5 MD5 Message Digest Algorithm takes a message of arbitrary length and generates a 128 bit message digest SHA1 SHA1 Secure Hash Algorithm takes a message less than 2 64 the 64th power of 2 in bits and generates a 160 bit message digest gt Encryption The encryption algorithm for IKE negotiation Options incl
76. us DONS not launching Lo Login save Figure 4 61 To set up for Comexe DDNS follow these instructions Step 1 Enter the domain name your dynamic DNS service provider offer Step 2 Type the User Name and Password for your DDNS account Step 3 Enable DDNS and click Save to save the current configuration Click Login to login the DDNS service Click Logout to logout the DDNS service The status of the DDNS service connection is displayed in the Connection Status field 4 13 4 No IP DDNS If your dynamic DNS Service Provider is www no ip com you can configure in the next screen shown in Figure 4 62 TL R600VPN REESE US Ce Service Provider Mo IP www no ip com Goto register User Name username Password Domain Hame Enable DONS Connection Status DONS not launching Save Figure 4 62 To set up for No IP DDNS follow these instructions Step 1 Type the User Name and Password for your DDNS account Step 2 Enter the Domain Name your dynamic DNS service provider offered Step 3 Enable DDNS and click Save to save the current configuration Click Login to login the DDNS service Click Logout to logout the DDNS service The status of the DDNS service connection is displayed in the Connection Status field 4 14 System Tools Choose menu System Tools and you can see the submenus under the main menu System Tools Diagnostic Firmware Upgrade Factory
77. us of the rule gt Modify Click Modify to edit the rule click Delete to delete the rule To add modify a Bandwidth Control rule Step 1 Click Add New Modify shown in Figure 4 52 you will see a new screen shown in Figure 4 53 Step 2 Enter the information like the screen shown below 53 TL R6OOVPN REA cl cl A sd TUS CTO Bandwidth Control Rule Settings Enable IP Range 192 168 0 100 1192 168 0 199 Protocol Min Bandwidtht Kbps Wax Bandwidthi Kbps Egress Bandwidth 1000 1000 Ingress Bandwidth Figure 4 53 Step 3 Click the Save button Other configurations for the entries as shown in Figure 4 52 Click the Delete All button to delete all the entries Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 12 IP amp MAC Binding Choose menu IP amp MAC Binding the next submenus are shown below IP amp MAC Binding ARP List Figure 4 54 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 4 12 1 Binding Setting Choose menu IP 8 MAC Binding Binding Setting you can view and add IP amp MAC binding entries in the next screen shown in Figure 4 55 Binding Settings ARP Binding Disable Enable ID MAC Address IP Address Bind Modify The listis empty Add Mew Enabl
78. y MAC Address 00 19 66 19 40 7 F Reserved IP Address 192 168 0 100 Status Enabled v Figure 4 16 Step 3 Click the Save button when finished c Note 1 If you want to add more than one reserved IP please go to step 1 to continue 2 The function won t take effect until the router reboots Other configurations for the entries as shown in Figure 4 15 Click the Delete button to delete the entry Click the Enable All button to enable all the entries Click the Disable All button to disable all the entries Click the Delete All button to delete all the entries TL R6OOVPN REA cc A US CTO Click the Previous button to view the information in the previous screen click the Next button to view the information in the next screen 4 5 Forwarding Choose menu Forwarding the next submenus are shown below Forwarding Port Triggering DMZ UPnP Figure 4 17 Click any of them and you will be able to configure the corresponding function The detailed explanations for each submenu are provided below 4 5 1 Virtual Servers Choose menu Forwarding Virtual Servers you can view and add virtual servers in the next screen shown in Figure 4 18 Virtual servers can be used for setting up public services on your LAN such as DNS Email and FTP A virtual server is defined as a service port and all requests from Internet to this service port will be redirected to the computer specified b
79. y the server IP Any PC that was configured as a virtual server must have a static or a reserved IP address because its IP address may change when using the DHCP function Virtual Servers ID Service Port IP Address Protocol Status Modify 21 192 168 0 700 TCP Enabled Modify Delete Figure 4 18 gt Service Port This field displays the numbers of External Ports It can be a service port or a range of service ports the format is XX YY or XX XX is Start port YY is End port gt IP Address This field displays the IP address of the PC running the service application gt Protocol This field displays the protocol used for this application either TCP UDP or All all protocols supported by the router gt Status This field displays the status of the virtual server entry Enabled means that the entry will take effect Disabled means that the entry will not take effect 29 TL R6OOVPN REA ec A US CTO To add modify a virtual server entry Step 1 Click Add New Modify shown in Figure 4 18 you will see a new screen shown in Figure 4 19 Step 2 Select the service you want from the Common Service Port then the port and protocol value will be added to the corresponding field automatically you only need to configure the IP address for the virtual server If the Common Service Port does not contain the service that you want please configure the Service Port IP Address and Protocol manually Add or Modify
80. your PC and the Router correct The LEDs of LAN port which you link to the device and the LEDs on your PC s adapter should be lit 2 Is the TCP IP configuration for your PC correct If the Router s IP address is 192 168 0 1 your PC s IP address must be within the range of 192 168 0 2 192 168 0 254 the gateway must be 192 168 0 1 3 2 Login Once your host PC is properly configured please proceed as follows to use the Web based Utility Start your web browser and type the private IP address of the Router in the URL field http 192 168 0 1 Address http 192 168 0 1 After that you will see the screen shown below enter the default User Name admin and the default Password admin and then click OK to access to the Quick Setup screen You can follow the steps below to complete the Quick Setup TL R6OOVPN REA cc A sd TUS CTO Connect to 192 168 0 1 TP LINE Gigabit Broadband VPN Router R6Q00wP User name admin w Remember my password Figure 3 7 ca Note If the above screen Figure 3 7 does not prompt it means that your web browser may be set to a proxy Choose Tools menu Internet Options Connections LAN Settings in the screen that appears cancel the Using Proxy checkbox and click OK to finish it Step 1 Select the Quick Setup tab on the left of the main menu and the Quick Setup screen will appear Click the Next button Quick Setup The quick setup will tell you how to confi
Download Pdf Manuals
Related Search