Hi,
I am having an issue seting up a IPSEC Lan to Lan VPN from a Draytek 2820 to Watchguard firewall. I have started to troubleshoot this and have enable syslog on the draytek. Could someone explain this message?

02-24-2010 12:21:59 Local1.Notice 172.168.5.1 Feb 24 12:21:48 Vigor: NAT-Traversal: Using draft-ietf-ipsec-nat-t-ike-02/03, no NAT detected

The VPN connection but passes no traffic.

Many Thanks

Jonno232

Can I ask, did you get this sorted? I have exactly the same issue and got very excited when I saw your post subject, only to deflate somewhat when I saw no responses.

Hope you did solve the problem and can share your findings.
Many thanks in advance

I managed to get a Draytek 2820 VPN going between a Watchguard X750e and an X20e.

Let me know if you need me to post the settings.

Cheers
Glyn

albionuk - Do you have the setting for the LAN to LAN VPN??

I have got a WatchGuard x750e running XTM v11.3 and a Vigor 2820 and I cannot get this working.

Many thanks

Done in a rush but let me know if this helps.




LAN to LAN on the Draytek
Open your VPN Profile
1 Common Settings
Call Direction (Dial-Out)
Tick Always on if required (I have)

2 Dial Out Settings
IPSec Tunnel (Selected)
Server IP/Host Name for VPN (EXTERNAL IP of Watchgurad)

IKE Authentication Method (Pre-Shared Key)
Click on IKE Pre-Shared Key Button and set desired Key

IPSec Security Method
High(ESP) = 3DES with Authentication
Click on Advanced
IKE phase 1 mode = Main Mode
IKE phase 1 proposal = 3DES_SHA1_G1
IKE phase 2 proposal = 3DES_SHA1
IKE phase 1 Key lifetime = 3600
IKE phase 2 key lifetime = 3600
Perfect Forward Secret = Disable

3. Dial In settings
Check IPSec Tunnel
Check Specify Remote VPN Gateway
Enter in Peer VPN Server IP (Watchguards firewall IP)
IKE Authentication Method
Pre-Shared Key
Click IKE Pre-Shared Key and enter same key as before
IPSec Security Method
Only Check - High(ESP) 3DES

4 TCP/IP Network Settings
My WAN IP (Draytek External IP)
Remote Gateway (Watchguards External IP)
Remote Network IP (Internal network range eg. 192.168.3.0)
Remote Network Mask (eg. 255.255.255.0)
Rip Direction = TX/RX Both
From first subnet to remote = Route
Draytek Settings complete.




Open Watchguards Policy Manager

Go to VPN
B O Gateway
Add
GENERAL SETTINGS
Credential Method
Use Pre-Shared Key = Same key as used in draytek

Gateway Endpoints
Add
Local Gateway
By IP Address = (Watchguards External IP)
Remote Gateway
Static IP Address = (Draytek External IP)
By IP Address = (Draytek External IP)
Click OK
PHASE 1 SETTINGS
Mode = Main
NAT Traversal = Ticked and set to 20
IKE Keep-alive = Unchecked
Dead Peer Detection = Traffic idle timeout 20 and Max retries 5.
Nicola Merritt
Transform Settings
Authentication = SHA1
Encryption = 3DES
SA Life = 8 Hour
Key Group = Diffie-Hellman Group1

Create a new tunnel and here are the settings
Gateway = (Tunnel you just created)
Addresses
Local = Local Network address for watchguard e.g. 192.168.6.0/24
Remote = Remote Network Address for Draytek e.g. 192.168.3.0/24
Phase 2 Settings
PFS = Unchecked
IPSec Proposals
ESP-3DES-SHA1
Ok and apply the settings to the firewall and test the vpn…