I am using 2 2820n's to create a VPN between two sites.

Site 1 has a static IP address, Site 2 is Dynamic.

Site 1 is on 192.168.2.0, site 2 is on 192.168.1.0

I have set up Site 2 to dial out to site 1.

If I am on site two I can ping and connect to machines on site 1.

However machines on site 1 cannot connect back to site 2.

If I look at the connection management section on Site 2 it has the correct virtual network for site 1 listed (192.168.2.0). However if I take a look at site 1 the listed virtual network is wrong (192.168.2.13!) even though I have told the router at site one the correct details.

Any thoughts?

Check in the section 4 part of the VPN profile, both ends need to be set to "route" rather than NAT, otherwise you'll get one way traffic like you're seeing. Alternatively re-make the profiles because if that's not the problem then the issue is probably being caused by a corrupted vpn profile.

Thanks Voodle. I'll give that a try.

You are right I have NAT selected at the dial out end though it seemed that with route selected the tunnel didn't work (Though maybe I was being impatient).

I solved it by setting up another VPN tunnel with NAT originating from the other end. Again I only got 1 way traffic but with both 1 way tunnels set up I got 2 way traffic.

Is this acceptible?

Well that works too but it is a strange way of doing it. NAT is specifically for when you want the VPN to be one way only, it's probably worth looking through the application notes for VPN such as this one if it might be a configuration problem: http://draytek.com/user/SupportAppnotesDetail.php?ID=154

I tried using the 'route' setting but I couldn't get communication either way.

The only way to get it working was with NAT at each end and with 2 tunnels.

Might this be to do with the fact I have a static IP from bt at the dial I'm end but I set the router to dynamic in the setup wizard?

Any help is appreciated to understand the problem. As I said I have a work around but just trying to get to the bottom of why.

enhanceco wrote: Might this be to do with the fact I have a static IP from bt at the dial I'm end but I set the router to dynamic in the setup wizard?

Dont think so. Most ISP's like Zen / BT will assign your router the correct external static IP even when you've got it set to dynamic.

Double check the 2nd Subnet under LAN -> General Setup tho.. if the 2nd Subnet is set to 192.168.2.1 (which it was by default once upon a time) I guess it could potentially be causing some routing issues. (it shouldn't tho)

If the 2nd subnet was set to 192.168.2.1, change it to something else (192.168.100.1.. whatever!) and then change your site-to-site lan profiles to ROUTE instead of NAT again.