DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
LAN-LAN IPSEC VPN between 2820 and 2910
- gbrown100
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 47
- Thank you received: 0
26 Jul 2011 10:46 #68741
by gbrown100
LAN-LAN IPSEC VPN between 2820 and 2910 was created by gbrown100
Hi all,
I have been trying to get this working for a few days now. I replaced my 2820 with a 2910 as I needed two ethernet WAN ports. I can;t seem to get my 2820 at home to connect to my 2910 in the office. I have the latest firmwares on both units, I have tried many settings but no go. Does anyone have these two devices talking?
Thanks
Graham
I have been trying to get this working for a few days now. I replaced my 2820 with a 2910 as I needed two ethernet WAN ports. I can;t seem to get my 2820 at home to connect to my 2910 in the office. I have the latest firmwares on both units, I have tried many settings but no go. Does anyone have these two devices talking?
Thanks
Graham
Please Log in or Create an account to join the conversation.
- nobody
- Offline
- Member
Less
More
- Posts: 115
- Thank you received: 0
26 Jul 2011 11:33 #68742
by nobody
Replied by nobody on topic Re: LAN-LAN IPSEC VPN between 2820 and 2910
I have serveral tunnels between these devices, and, I can confirm it works for me.
Please, write down all settings, anonymize all public ip-addresses, PSK and local IDs, but not the used private IP Addresses.
then post here your settings.
Please, write down all settings, anonymize all public ip-addresses, PSK and local IDs, but not the used private IP Addresses.
then post here your settings.
Please Log in or Create an account to join the conversation.
- gbrown100
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 47
- Thank you received: 0
26 Jul 2011 13:44 #68744
by gbrown100
Replied by gbrown100 on topic Re: LAN-LAN IPSEC VPN between 2820 and 2910
Thanks for the reply, it'll be great to get to the bottom of this! Details below:
2910 - Office Network
1. Common Settings
Enabled = ticked!
Dial-In
Idle Timeout = 0
Netbios = Pass
Multicast = Pass
Dial Out through WAN1 First (WAN1 is only one currently in use)
2. Dial-Out Settings
N/A
3. Dial-In Settings
Allowed Dialin = IPSEC Tunnel
Specify ISDN CLID or Remote VPN Gateway Peer ISDN Number or Peer VPN Server IP = Public IP of my home connection
User / Password blank
VJ Compression = on
Pre Shared Key = ticked have applied the pre shared key by clicking on the "IKE PRESHARED KEY" button and typing in twice using both IE9 and Chrome
Digital Signature not ticked
Nothing else selected in this section.
IPSec Security Method = Currently High DES but have had all ticked to no avail.
4. GRE over IPSec Settings
All unticked
5. TCP/IP Network Settings
My WAN IP =
Remote Gateway IP =
Remote Network IP = 192.168.250.0
Remote Network Mask = 255.255.255.0
Local Network IP = 192.168.254.0
Local Network Mask = 255.255.255.0
None
Route
2820 - Home Network
1. Common Settings
Enable this profile = Ticked
VPN Dial-Out Through WAN1 (This is the only one used on my router)
Netbios Naming Packet = Pass
Multicast via VPN = Pass
Call Direction = Dial-Out
Always on = ticked
Enable PING to keep alive = enabled
PING to the IP = 192.168.254.10 (Server in my office LAN)
2. Dial-Out Settings
Type of server calling = IPSEC
Server IP/Host Name for VPN =
Pre Shared Key = ticked have applied the pre shared key by clicking on the "IKE PRESHARED KEY" button and typing in twice using both IE9 and Chrome
IP Security Method = High DES with Authentication
Advanced:
IKE phase 1 mode Main mode
IKE phase 1 proposal DES_MD5_G1
IKE phase 2 proposal DES_SHA1/DES_MD5
IKE phase 1 key lifetime 28800
IKE phase 2 key lifetime 3600
Perfect Forward Secret Disable
Local ID Blank
3. Dial-In Settings
Blanked out everything
4. TCP/IP Network Settings
My WAN IP - <>
Remote Gateway IP =
Remote Network IP = 192.168.254.0
Remote Network Mask = 255.255.255.0
RIP Direction None
From first subnet to remote network, you have to do = Route
2910 - Office Network
1. Common Settings
Enabled = ticked!
Dial-In
Idle Timeout = 0
Netbios = Pass
Multicast = Pass
Dial Out through WAN1 First (WAN1 is only one currently in use)
2. Dial-Out Settings
N/A
3. Dial-In Settings
Allowed Dialin = IPSEC Tunnel
Specify ISDN CLID or Remote VPN Gateway Peer ISDN Number or Peer VPN Server IP = Public IP of my home connection
User / Password blank
VJ Compression = on
Pre Shared Key = ticked have applied the pre shared key by clicking on the "IKE PRESHARED KEY" button and typing in twice using both IE9 and Chrome
Digital Signature not ticked
Nothing else selected in this section.
IPSec Security Method = Currently High DES but have had all ticked to no avail.
4. GRE over IPSec Settings
All unticked
5. TCP/IP Network Settings
My WAN IP =
Remote Gateway IP =
Remote Network IP = 192.168.250.0
Remote Network Mask = 255.255.255.0
Local Network IP = 192.168.254.0
Local Network Mask = 255.255.255.0
None
Route
2820 - Home Network
1. Common Settings
Enable this profile = Ticked
VPN Dial-Out Through WAN1 (This is the only one used on my router)
Netbios Naming Packet = Pass
Multicast via VPN = Pass
Call Direction = Dial-Out
Always on = ticked
Enable PING to keep alive = enabled
PING to the IP = 192.168.254.10 (Server in my office LAN)
2. Dial-Out Settings
Type of server calling = IPSEC
Server IP/Host Name for VPN =
Pre Shared Key = ticked have applied the pre shared key by clicking on the "IKE PRESHARED KEY" button and typing in twice using both IE9 and Chrome
IP Security Method = High DES with Authentication
Advanced:
IKE phase 1 mode Main mode
IKE phase 1 proposal DES_MD5_G1
IKE phase 2 proposal DES_SHA1/DES_MD5
IKE phase 1 key lifetime 28800
IKE phase 2 key lifetime 3600
Perfect Forward Secret Disable
Local ID Blank
3. Dial-In Settings
Blanked out everything
4. TCP/IP Network Settings
My WAN IP - <>
Remote Gateway IP =
Remote Network IP = 192.168.254.0
Remote Network Mask = 255.255.255.0
RIP Direction None
From first subnet to remote network, you have to do = Route
Please Log in or Create an account to join the conversation.
- nobody
- Offline
- Member
Less
More
- Posts: 115
- Thank you received: 0
26 Jul 2011 18:16 #68748
by nobody
Replied by nobody on topic Re: LAN-LAN IPSEC VPN between 2820 and 2910
under the TCP Network settings:
My Wan IP: here goes the PRIVATE IP of the router, not the Public wan ip.
this is possibly wrong in both the 2820 and the 2910 profile.
Remote Gateway IP: her goes the PRIVATE IP of the router at the other side.
in short, none of the TCP Network settings should contain a public IP Address.
Do you have a static IP at home ?
If yes, then the rest seems ok.
if not, you have to replace the WAN IP address with a radom string as identifier, and on the dial-out profile in the 2820 activate aggressive mode and enter the same string as the localID
since both routers have a hardware acceleration for DES/3DES, you can choose high security + 3DES as the encryption. But this setting is not relevant for establishing a VPN connection.
My Wan IP: here goes the PRIVATE IP of the router, not the Public wan ip.
this is possibly wrong in both the 2820 and the 2910 profile.
Remote Gateway IP: her goes the PRIVATE IP of the router at the other side.
in short, none of the TCP Network settings should contain a public IP Address.
Do you have a static IP at home ?
If yes, then the rest seems ok.
if not, you have to replace the WAN IP address with a radom string as identifier, and on the dial-out profile in the 2820 activate aggressive mode and enter the same string as the localID
since both routers have a hardware acceleration for DES/3DES, you can choose high security + 3DES as the encryption. But this setting is not relevant for establishing a VPN connection.
Please Log in or Create an account to join the conversation.
- gbrown100
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 47
- Thank you received: 0
26 Jul 2011 20:54 #68750
by gbrown100
Replied by gbrown100 on topic Re: LAN-LAN IPSEC VPN between 2820 and 2910
Hi,
Hmmm, how did I miss that. I'll give it a go tomorrow morning! Thanks for taking the time to help.
Graham
Hmmm, how did I miss that. I'll give it a go tomorrow morning! Thanks for taking the time to help.
Graham
Please Log in or Create an account to join the conversation.
- gbrown100
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 47
- Thank you received: 0
27 Jul 2011 20:56 #68790
by gbrown100
Replied by gbrown100 on topic Re: LAN-LAN IPSEC VPN between 2820 and 2910
All working! Thanks again for your help.
Graham
Graham
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek