DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

IPSEC VPN between 2910 & 2820

  • themonk
  • Topic Author
  • User
  • User
More
16 Jan 2010 14:41 #1 by themonk
IPSEC VPN between 2910 & 2820 was created by themonk
Hello,
I'm having big issues getting traffic over a IPSEC VPN between a 2910vg and 2820. I've followed the user guides to setup the VPN and the connection works fine, it's that no traffic ever gets sent over the VPN.

The remote router (2820) has IP range 192.168.0.x and my local router (2910vg) has IP range 192.168.2.x, both have subnet 255.255.255.0
The local has staic IP, the remote has dynamic so I'm using 'aggessive mode'.

Under VPN Connection Status, I get:
Type: IPSec Tunnel, 3DES-SHA1 Auth, (KL=192bits)
Virtual Network: 192.168.1.0/24

If I try and ping the remote router 192.168.1.1 or try and access the web configurator then I get nothing. It seems that the VPN is not passing any traffic.

Do I need to set and firewalls to pass traffic to and from the VPN? I thought that the VPN, once connected would pass traffic itself?

Thanks.

Please Log in or Create an account to join the conversation.

More
17 Jan 2010 00:45 #2 by voodle
Replied by voodle on topic IPSEC VPN between 2910 & 2820
Does it work with PPTP? If so, the problem should be fixed by updating the 2820 to the latest 3.3.3 firmware - if the tunnel shows as being connected but there is no tx or rx on the 2820's end then it's the firmware problem.

You don't need to set up the firewall on either of the two routers for traffic to be able to pass through.

Please Log in or Create an account to join the conversation.

  • themonk
  • Topic Author
  • User
  • User
More
17 Jan 2010 01:06 #3 by themonk
Replied by themonk on topic IPSEC VPN between 2910 & 2820
Thanks for your reply, no it doesn't work with PPTP as well.
The 2820 is at work so I'm not able to update the firmware, can I roll back the 2910 to a previous version?

Thanks

Please Log in or Create an account to join the conversation.

  • themonk
  • Topic Author
  • User
  • User
More
17 Jan 2010 10:27 #4 by themonk
Replied by themonk on topic IPSEC VPN between 2910 & 2820
If I ping the 2820 from the 2910 then then 2910 shows tx but no rx at the 2820 and vice versa so data is getting sent.

The 2910 has firmware 3.2.3.1
The 2820 has formware 3.3.1.2

Plan B would be to get a second 2910, disable IPSEC in the 2820 to allow passthrough and run the VPN on the 2910. Would I have to do any forwarding or such like on the 2820 to tell the router where to pass IPSEC to or does it forward it everywhere?

Thanks.

Please Log in or Create an account to join the conversation.

  • themonk
  • Topic Author
  • User
  • User
More
18 Jan 2010 10:23 #5 by themonk
Replied by themonk on topic IPSEC VPN between 2910 & 2820
Ok, making progress with this...
I've managed to get traffic working from the 2910 to the 2820 by setting 'vpn 2ndsubnet on' from Telnet. Now I see Tx packets from the 2910 and Rx packets to the 2820. I also see Tx packets from the 2820 but no Rx on the 2910...
Do I need to tell the 2820 that I'm expecting VPN traffic back on the 2nd Subnet similar to the way that I've had to set the VPN to look at the 2nd Subnet for receiving traffic?

Thanks.

Please Log in or Create an account to join the conversation.