DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

IPsec VPN connected but cannot ping the remote site Vig 2930

More
14 Jun 2011 09:37 #68235 by ni.co
Hey Guys,

Just configured an IPsec VPN to do LAN to LAN tunnelling with a service provider.
I am using a Vigor 2930 at the moment to test the VPN connection locally before setting it up on site, on a Vigor 2820.

I have configured the VPN and it connects but when I try to ping the remote IP I get the standard Request timed out message.

I know that the remote side responds to ping's from what the SP engineer said.

I have wondered about the Remote Network IP and Remote Network mask, maybe I got these wrong.
The network I am connecting to is on network 172.31.27.128/25
This means my RN IP should be 172.31.27.128 and the RN Mash should be 255.255.255.128 right?
Even if I am only connecting to a single remote address on the remote site...?

The IP I ping to test is the remote server which sits on 172.31.27.196.

On the router's connection manager it shows I am connected but there are packets been transmitted, albeit about 10 after an hour but it indicates to me that I may
be missing one little setting to allow the router to route traffic down WAN2 over the tunnel correctly.

Anyone had much experience dealing with LAN to LAN and dealing with a hosting/service provider? :?

Please Log in or Create an account to join the conversation.

More
14 Jun 2011 10:09 #68236 by nobody
If the connection is up I think you have done most things right, regarding the harder part (the IPSec setup).

If you look under (5.) "TCP/IP Network settings" in the Lan2Lan Profile, it should look like this:
My WAN IP: (empty, unless you know better)
Remote Gateway IP: (empty unless you know better)
Remote Network IP: 172.31.27.128
Remote Network Mask: 255.255.255.128
Local Network IP: (the LAN IP Address of your 2930)
Local Network Mask: (the network Mask of your local network)

What I dont know is, if the other side knows the correct Lan adress of your network. If your network is for example 192.168.10/24 and the remote side expects it to be 192.168.20/24 or whatever, a connection maybe will established, but, no data will flow. Then you have the behaviour you currently experience.

Please Log in or Create an account to join the conversation.

More
14 Jun 2011 10:47 #68237 by ni.co
Thanks nobody,

I checked with the Service Provider and they have my external WAN IP and Local network details correct.

I have triple checked the settings and nothing appears to be out of place.

Are there any other obvious places which normally cause issues with VPN or IPsec in general?

Please Log in or Create an account to join the conversation.

More
14 Jun 2011 10:59 #68238 by nobody
Please post here the settings you have under (5) in the Lan2Lan profile.
You dont have to post any public wan addresses, because otherwise the connection would not be established

Please Log in or Create an account to join the conversation.

More
14 Jun 2011 11:05 #68239 by ni.co
VPN TEST
Enabled
Dial Out - Always On
Ping to keep alive - (remote ip)

Dial Out
IPSec Tunnel
(Remote WAN IP)
IKE PreShared = xyzxyz
IPsec Security Method - 3DES with Auth

TCP IP Network Settings
My WAN IP 0.0.0.0
Remote GW IP 0/0/0/0
Remote Network IP 172.31.27.128
Remote Net Mask 255.255.255.128

RIP - Disbaled
Route not NAT

I think that's it all :)

Please Log in or Create an account to join the conversation.

More
14 Jun 2011 11:11 #68240 by nobody
And:
Local network IP: ?
Local network Mask ?

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami