DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
3300V+ Multiple IPSec LAN to LAN Connections
- jonbennell
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 14
- Thank you received: 0
16 Mar 2011 01:24 #66824
by jonbennell
3300V+ Multiple IPSec LAN to LAN Connections was created by jonbennell
Hi,
After going a little insane over the last few weeks, I've finally got to the bottom of the situation that I'm about to describe. First of all, here's my setup:
Head Office
Draytek 3300V+
Firmware: 2.6.3 (EN)
10.0.10.0/24
Remote Worker 1
Draytek 2800
10.0.0.0/24
Remote Worker 2
Draytek 2820
172.30.2.0/24
Both remote workers have IPsec LAN to LAN profile setup within their respective Draytek routers, both dialing in to the Head Office Draytek 3300V+. Both connections work perfectly fine if the other policy profile is disabled within the 3300V+. However, if I have both policy profiles enabled and want both remote workers connected at the same time, which ever connection dials last, fails with the following errors with the log file:
Line 15 which give unknown values seem to vary randomly.
Can anybody give me a clue as to what I'm doing wrong?
Kind regards,
Jon Bennell
After going a little insane over the last few weeks, I've finally got to the bottom of the situation that I'm about to describe. First of all, here's my setup:
Head Office
Draytek 3300V+
Firmware: 2.6.3 (EN)
10.0.10.0/24
Remote Worker 1
Draytek 2800
10.0.0.0/24
Remote Worker 2
Draytek 2820
172.30.2.0/24
Both remote workers have IPsec LAN to LAN profile setup within their respective Draytek routers, both dialing in to the Head Office Draytek 3300V+. Both connections work perfectly fine if the other policy profile is disabled within the 3300V+. However, if I have both policy profiles enabled and want both remote workers connected at the same time, which ever connection dials last, fails with the following errors with the log file:
Code:
14 01:16:54 03/16 probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
15 01:16:54 03/16 next payload type of ISAKMP Identification Payload has an unknown value: 175
16 01:16:54 03/16 receive ISAKMP packet: src:{82.69.213.158}, dst:{86.188.176.114}, MsgID:{0x00000000}, Ci:{2E 6A 09 D9 41 76 11 5F}, Cr:{BA 32 43 B6 7F 74 7C 9F}
Line 15 which give unknown values seem to vary randomly.
Can anybody give me a clue as to what I'm doing wrong?
Kind regards,
Jon Bennell
Please Log in or Create an account to join the conversation.
- jonbennell
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 14
- Thank you received: 0
17 Mar 2011 14:10 #66845
by jonbennell
Replied by jonbennell on topic Re: 3300V+ Multiple IPSec LAN to LAN Connections
I had an answer from Draytrek yesterday afternoon. Basically you must use the same IPSec preshared key for any dynamic clients (those with dynamic IP addresses). This wasn't stated in any documentation I could find but I feel a lot less stupid now.
Thank you to Adam at Draytek for giving me this answer. I hope now to find out what 40 characters are permitted within the preshared key within the 3300V+.
Thank you to Adam at Draytek for giving me this answer. I hope now to find out what 40 characters are permitted within the preshared key within the 3300V+.
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
17 Mar 2011 22:37 #66855
by voodle
Replied by voodle on topic Re: 3300V+ Multiple IPSec LAN to LAN Connections
I'd use aggressive mode if both are connecting with dynamic IPs, that will let you set a pre-shared key for each LAN to LAN connection.
Please Log in or Create an account to join the conversation.
- jonbennell
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 14
- Thank you received: 0
21 Mar 2011 16:32 #66900
by jonbennell
Thank you Voodle, I'll bear that in mind with any future links.
Kind regards,
Jon Bennell
Replied by jonbennell on topic Re: 3300V+ Multiple IPSec LAN to LAN Connections
I'd use aggressive mode if both are connecting with dynamic IPs, that will let you set a pre-shared key for each LAN to LAN connection.Voodle wrote:
Thank you Voodle, I'll bear that in mind with any future links.
Kind regards,
Jon Bennell
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek