Generally you should not have to bother with the encryption settings as the Vigors will negotiate the most secure option. I would suggest you disable the DES option s these days it is readily crackable.
In VPN and Remote Access >> Remote Access Control, make sure IPSec is enabled. Disable AH (medium) and DES. Assuming yu are using PSK's and not certificates, if you your remote Vigor has a dynamic IP, put your PSK here. If it has a fixed IP, put it in the LAN-LAN settings.
In LAN-LAN profile:
Common:
- Set one end to dial in, the other to dial out
- One end can have Always On checked, the other should have a timeout of 0. I cannot remember if it is the Dial In or Dial Out end which can have the always on set.
Dial Out settings for the dial out router:
- Check IPSec tunnel
- Server IP/Host Name... should be the WAN IP or FQDN of the router you are contacting.
- Preshared Key and enter it
- IPSec Security High and select something strong (3DES/AES) with authentication
- In Advanced, enable Perfect Forward Security
Dial In settings for the dial in router
- Check IPSec
- Specify Remote VPN gateway - only use this if the far router has a static WAN IP. If it does you also need to specify the PSK in the PSK section here.
- IPSec security method - disable AH and DES
TCP/IP Network Settings:
You only need to specify the far Lan range in the Remote Network Ip and Mask box. leave the other two boxes alone. You can probably turn off RIP.
Note if you have reset one of the boxes, make sure the LAN subnets are different at each end of the tunnel.
2900Gi/v2.5.6; 2900/v2.5.6
