TP-Link TL-ER6020 TL-ER6020 v1 User Guide - Page 94

Mode: Local Subnet: Remote Subnet: WAN: Remote Gateway: Policy Mode:  IKE Mode IKE Policy: IPsec Proposal: PFS: Select the network mode for IPsec policy. Options include:  LAN-to-LAN: Select this option when the client is a network.  Client-to-LAN: Select this option when the client is a host. Specify IP address range on your local LAN to identify which PCs on your LAN are covered by this policy. It's formed by IP address and subnet mask. Specify IP address range on your remote network to identify which PCs on the remote network are covered by this policy. It's formed by IP address and subnet mask. Specify the local WAN port for this Policy. The "Remote Gateway" of the remote peer should be set to the IP address of this WAN port. Enter the Remote Gateway. It can be IP address or Domain name. Select the negotiation mode for the policy.  IKE: The parameters for the VPN tunnel are generated automatically via IKE negotiations.  Manual: All settings (including the keys) for the VPN tunnel are manually inputted and no key negotiation is needed. It is available when IKE is selected as the negotiation mode. Specify the IKE policy. If there is no policy selection, add new policy on VPN→IKE→IKE Policy page. Select IPsec Proposal on IKE mode. Up to four IPsec Proposals can be selected on IKE mode. Select the PFS (Perfect Forward Security) for IKE mode to enhance security. This setting should match the remote peer. With PFS feature, IKE negotiates to create a new key in -89-