DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
IPSEC LAN-to-LAN
- squiretechnologies
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
29 Oct 2010 11:01 #64557
by squiretechnologies
IPSEC LAN-to-LAN was created by squiretechnologies
I'm trying to set up a LAN to LAN VPN.
On one end I have:
1. Common Settings
Netbios Naming Packet Pass
Call Direction Dial-Out
Idle Timeout 300 second(s)
2. Dial-Out Settings
Type of Server I am calling
IPSec Tunnel
Server IP/Host Name for VPN.
123.45.67.89
IKE Authentication Method
Pre-Shared Key
IPSec Security Method
Medium(AH)
4. TCP/IP Network Settings
Remote Network IP 192.168.2.0
Remote Network Mask 255.255.255.0
RIP Direction Disable
From first subnet to remote network, you have to do Route
On the other end, I have:
1. Common Settings
Netbios Naming Packet Pass
Call Direction Dial-In
Idle Timeout 300 second(s)
3. Dial-In Settings
Type of Server I am calling
IPSec Tunnel
4. TCP/IP Network Settings
Remote Network IP 192.168.0.0
Remote Network Mask 255.255.255.0
RIP Direction Disable
From first subnet to remote network, you have to do Route
Plus, all the settings match in the 'Remote Access Control' and 'IPSec General Setup' pages.
I can ping the public IP's both ways no problem, but the connection isn't being established, even if I click Dial.
Can anyone help?
On one end I have:
1. Common Settings
Netbios Naming Packet Pass
Call Direction Dial-Out
Idle Timeout 300 second(s)
2. Dial-Out Settings
Type of Server I am calling
IPSec Tunnel
Server IP/Host Name for VPN.
123.45.67.89
IKE Authentication Method
Pre-Shared Key
IPSec Security Method
Medium(AH)
4. TCP/IP Network Settings
Remote Network IP 192.168.2.0
Remote Network Mask 255.255.255.0
RIP Direction Disable
From first subnet to remote network, you have to do Route
On the other end, I have:
1. Common Settings
Netbios Naming Packet Pass
Call Direction Dial-In
Idle Timeout 300 second(s)
3. Dial-In Settings
Type of Server I am calling
IPSec Tunnel
4. TCP/IP Network Settings
Remote Network IP 192.168.0.0
Remote Network Mask 255.255.255.0
RIP Direction Disable
From first subnet to remote network, you have to do Route
Plus, all the settings match in the 'Remote Access Control' and 'IPSec General Setup' pages.
I can ping the public IP's both ways no problem, but the connection isn't being established, even if I click Dial.
Can anyone help?
Please Log in or Create an account to join the conversation.
- candl
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 0
29 Oct 2010 11:57 #64560
by candl
Replied by candl on topic IPSEC LAN-to-LAN
You need to specify the IP address of the other end in the 'Peer VPN Server IP' filed in the 'Dial In settings'
Please Log in or Create an account to join the conversation.
- squiretechnologies
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
29 Oct 2010 12:00 #64561
by squiretechnologies
Replied by squiretechnologies on topic IPSEC LAN-to-LAN
OK, I just did that, but it's still not being established.
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
29 Oct 2010 12:10 #64562
by njh
BTW you'd do better to go for IPSec Security Method ESP and in the advanced settings allow PFS, but there is no point doing that until the connection is working. I would also set the connection to be always on (but it may need a idle timeout of 0 and one end)
How can you ping both ways if you do not have a connection? Are you pinging the remote LAN or WAN IP?
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic IPSEC LAN-to-LAN
You don't need that if you have configured your PSK in IPSec General settings and you are dialling into that router.You need to specify the IP address of the other end in the 'Peer VPN Server IP' filed in the 'Dial In settings'candl wrote:
BTW you'd do better to go for IPSec Security Method ESP and in the advanced settings allow PFS, but there is no point doing that until the connection is working. I would also set the connection to be always on (but it may need a idle timeout of 0 and one end)
How can you ping both ways if you do not have a connection? Are you pinging the remote LAN or WAN IP?
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- squiretechnologies
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
29 Oct 2010 12:16 #64563
by squiretechnologies
OK, I'll undo that.
Yeah, I'll improve security once its working. I've set 'Always On' at one end and 0 timeout at the other.
Sorry, I realise that wasn't very clear. I meant WAN IP.
Replied by squiretechnologies on topic IPSEC LAN-to-LAN
NJH wrote:
You don't need that if you have configured your PSK in IPSec General settings and you are dialling into that router.You need to specify the IP address of the other end in the 'Peer VPN Server IP' filed in the 'Dial In settings'candl wrote:
OK, I'll undo that.
BTW you'd do better to go for IPSec Security Method ESP and in the advanced settings allow PFS, but there is no point doing that until the connection is working. I would also set the connection to be always on (but it may need a idle timeout of 0 and one end)NJH wrote:
Yeah, I'll improve security once its working. I've set 'Always On' at one end and 0 timeout at the other.
How can you ping both ways if you do not have a connection? Are you pinging the remote LAN or WAN IP?
Sorry, I realise that wasn't very clear. I meant WAN IP.
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
29 Oct 2010 16:07 #64567
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic IPSEC LAN-to-LAN
In the dial out settings, can you confirm that have you set the PSK there? If not, you need to. I think from you post you have.
Have you used syslog or another program to see what is happening?
Have you used syslog or another program to see what is happening?
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek