Hi

I am following this guide https://www.draytek.com/support/knowledge-base/5428

I have two Vigor DrayTek routers (2860 n plus) and have setup a LAN to LAN connection. However when I cannot seem to access additional subnet addresses even though I have added to them the TCP/IP More option.

Using the latest firmware on both. Anyone else experienced the same issue or can advise on how to get this working ? I have a feeling its a bug in the firmware but may completely wrong......

Thanks,
Aekash

That guide says:-

When connecting to another Vigor Router with multiple subnets, multiple IPsec SA is not required, we should use the "More" Remote Subnet feature to add additional routes over the same tunnel

The wording of that is slightly ambiguous - since you use the "More" option in both cases - just don't tick the "Create Phase2 SA for each subnet.(IPsec)" option, when they're both Vigors. (I have a 2860 <-->2830 VPN that has multiple subnets at each end, though I use L2TP/IPSec).

Something else to note:

In (all) their examples, Draytek use the IP address of a particular machine, rather than the actual Network address. (They have 192.168.13.1 instead of 192.168.13.0 etc). I can only assume that they 'get away with it', because it knows from the subnet mask, what they really mean :wink: Have a look in "Diagnostics >> View Routing Table" to confirm...

Also of note - make sure your client machines have sufficient Routing information. In a domestic or SME environment, there's probably only one Router (the Default Gateway), so it all hangs together. This isn't necessarily the case though; use 'Traceroute/tracert' to confirm that traffic is taking the path you expect.

Hi

Thanks for your reply back....

Are you using the more option to add in the different subnets in your environment ? If you are then the only difference between my setup is I am using IPsec and have different routers (which make me believe it might be a firmware bug)

Oh man I really want to get this working

aekash wrote:
Are you using the more option to add in the different subnets in your environment ?

Yes. But I definitely do not have the "Create Phase2 SA for each subnet.(IPsec)" option ticked, which is the technique the linked guide was describing.

This guide: https://www.draytek.com/support/knowledge-base/4811 is for Vigor-to-Vigor - although again, for some peculiar reason, they've used ".1" for the network address, instead of ".0". (They've used ".0" in the final description though)