DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Infuriating IPSEC 2820 ---> 2800
- tbis
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 10
- Thank you received: 0
30 Nov 2010 15:58 #65084
by tbis
Infuriating IPSEC 2820 ---> 2800 was created by tbis
Hi,
Any advice would be appreciated on this - been driving me mad for a while !
I recently had to reset a 2820 router back to defaults and decided to upgrade the firmware before I manually reprogrammed the settings back in from the file notes I keep. It wasn't a complicated setup and therefore wouldn't take long.
The routers main function was to act as the connecting gateway for several other LANs around the country, however, try as I might, I cannot get it to reconnect to the branch routers using IPSEC as it was setup prior to the reset. I can connect immediately without problems using PPTP, and am begining to suspect some sort of fault or firmware issue on the 2820.
All the branches use a 2800 router on an ADSL connection.
2820 Firmware 3.3.4_232201
2800 Firmware 2.8.2
Dial Out VPN Settings (2820)
RemoteAccess Control - PPTP/IPSEC/L2TP Enabled
IPSEC General Setup - PSK has been entered, Medium(AH), DES, 3DES and AES all selected
Profile is enabled, dial out is always on.
Type of server - IPSEC Tunnel
Correct External IP address of router is entered.
IKE Authentication - IKE PSK entered
IPSec Security - Medium (AH)
WAN IP 0.0.0.0
Remote Gateway 0.0.0.0
Remote network - correctly entered
Subnet Mask 255.255.255.0
RIP Disabled
From First Subnet - ROUTE
Dial In VPN Settings (2800)
RemoteAccess Control - PPTP/IPSEC/L2TP Enabled
IPSEC General Setup - PSK has been entered, Medium(AH), DES, 3DES and AES all selected
Profile is enabled, dial in, timeout 300 seconds.
Allowed Dial in Type - IPSEC Tunnel
Remote Gateway - correct IP address of initiating gateway
IKE Authentication - IKE PSK entered
IPSec Security - Medium (AH)
WAN IP 0.0.0.0
Remote Gateway 0.0.0.0
Remote network - correctly entered
Subnet Mask 255.255.255.0
RIP Disabled
For NAT operation Treat Remote Subnet as - Private IP
Using the syslog I can see the 2820 initiating the call to the remote site (Dialing node 4 : IPAddress, then Initiating IKE Aggressive Mode), and at the remote site I can see the call coming in, but the connection is never made. It doesn't seem to matter whether I use Medium or High encryption, and even if I specify the types of encryption for Main and Aggressive mode, the connection is still never made.
I've never had this issue before when using Drayteks for the past 10 years or so, hence why I suspect the 2820 is at fault, anyone have any ideas or (sensible) suggestions ?
Cheers
Any advice would be appreciated on this - been driving me mad for a while !
I recently had to reset a 2820 router back to defaults and decided to upgrade the firmware before I manually reprogrammed the settings back in from the file notes I keep. It wasn't a complicated setup and therefore wouldn't take long.
The routers main function was to act as the connecting gateway for several other LANs around the country, however, try as I might, I cannot get it to reconnect to the branch routers using IPSEC as it was setup prior to the reset. I can connect immediately without problems using PPTP, and am begining to suspect some sort of fault or firmware issue on the 2820.
All the branches use a 2800 router on an ADSL connection.
2820 Firmware 3.3.4_232201
2800 Firmware 2.8.2
Dial Out VPN Settings (2820)
RemoteAccess Control - PPTP/IPSEC/L2TP Enabled
IPSEC General Setup - PSK has been entered, Medium(AH), DES, 3DES and AES all selected
Profile is enabled, dial out is always on.
Type of server - IPSEC Tunnel
Correct External IP address of router is entered.
IKE Authentication - IKE PSK entered
IPSec Security - Medium (AH)
WAN IP 0.0.0.0
Remote Gateway 0.0.0.0
Remote network - correctly entered
Subnet Mask 255.255.255.0
RIP Disabled
From First Subnet - ROUTE
Dial In VPN Settings (2800)
RemoteAccess Control - PPTP/IPSEC/L2TP Enabled
IPSEC General Setup - PSK has been entered, Medium(AH), DES, 3DES and AES all selected
Profile is enabled, dial in, timeout 300 seconds.
Allowed Dial in Type - IPSEC Tunnel
Remote Gateway - correct IP address of initiating gateway
IKE Authentication - IKE PSK entered
IPSec Security - Medium (AH)
WAN IP 0.0.0.0
Remote Gateway 0.0.0.0
Remote network - correctly entered
Subnet Mask 255.255.255.0
RIP Disabled
For NAT operation Treat Remote Subnet as - Private IP
Using the syslog I can see the 2820 initiating the call to the remote site (Dialing node 4 : IPAddress, then Initiating IKE Aggressive Mode), and at the remote site I can see the call coming in, but the connection is never made. It doesn't seem to matter whether I use Medium or High encryption, and even if I specify the types of encryption for Main and Aggressive mode, the connection is still never made.
I've never had this issue before when using Drayteks for the past 10 years or so, hence why I suspect the 2820 is at fault, anyone have any ideas or (sensible) suggestions ?
Cheers
Please Log in or Create an account to join the conversation.
- tbis
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 10
- Thank you received: 0
30 Nov 2010 19:13 #65088
by tbis
Replied by tbis on topic Infuriating IPSEC 2820 ---> 2800
Further information on this - I've tried setting the VPN up as Branch to Main (2800 - 2820) using IPSEC and still no joy.
Think I'm going to take out the 2820 tomorrow and replace it with a 2910 to see if it will work with a different model.
PPTP works immediately still ......... ho hum.
Think I'm going to take out the 2820 tomorrow and replace it with a 2910 to see if it will work with a different model.
PPTP works immediately still ......... ho hum.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek