We have a tricky VPN question.

We have two sites. HQ and Office1. Office1 has a 2930 and the HQ has a watchguard. Both are VPN'd and working well.

We now have a 3rd office, Office2 which only has VPN access to the HQ site. Users in Office2 also need to access Office1. So...

Office1 <-> HQ <-> Office2

The watchguard supports this as does Office2. However I'm told that the 2930 only supports this if the other nodes are also Drayteks. You can view the VPN properties in the 2930 and click the MORE button under the remote network IP settings and add more IPs however they don't kick in unless speaking to other 2930s.

Is that correct? Anyone got this working?

Olly

We have, for example:

Small Office England <-> Head Office England <-> Europe Office

The Draytek in the Small Office, under Advanced VPN, knows that the Europe Office IP Range is reachable through the VPN to the Head Office.

So I think you should be able to get your Draytek working too, since, in this example, the Head OFfice and Europe office are using different manufacturers equipment (non-Draytek).

Regards, Neal

Hi Neil,

And can you confirm, on the draytek, have you just added the Europe Office IP range to the MORE section of the remote network IP section in the VPN settings?

Olly

Hi Olly, yes that is exactly it.

However, there may be need to be some settings on the next Firewall to allow throughput (in my example the Head Office).

Is there something in your watchguards to do this? (this kind of thing is beyond my current understanding, sorry)

Do you get any clues as to how far things are getting by using Draytek syslog and watchguard syslog, with some pings?