Hi all,

I have been trying to get this working for a few days now. I replaced my 2820 with a 2910 as I needed two ethernet WAN ports. I can;t seem to get my 2820 at home to connect to my 2910 in the office. I have the latest firmwares on both units, I have tried many settings but no go. Does anyone have these two devices talking?

Thanks

Graham

I have serveral tunnels between these devices, and, I can confirm it works for me.

Please, write down all settings, anonymize all public ip-addresses, PSK and local IDs, but not the used private IP Addresses.
then post here your settings.

Thanks for the reply, it'll be great to get to the bottom of this! Details below:

2910 - Office Network

1. Common Settings
Enabled = ticked!
Dial-In
Idle Timeout = 0
Netbios = Pass
Multicast = Pass
Dial Out through WAN1 First (WAN1 is only one currently in use)

2. Dial-Out Settings

N/A

3. Dial-In Settings

Allowed Dialin = IPSEC Tunnel
Specify ISDN CLID or Remote VPN Gateway Peer ISDN Number or Peer VPN Server IP = Public IP of my home connection
User / Password blank
VJ Compression = on
Pre Shared Key = ticked have applied the pre shared key by clicking on the "IKE PRESHARED KEY" button and typing in twice using both IE9 and Chrome
Digital Signature not ticked
Nothing else selected in this section.

IPSec Security Method = Currently High DES but have had all ticked to no avail.

4. GRE over IPSec Settings

All unticked

5. TCP/IP Network Settings

My WAN IP =
Remote Gateway IP =
Remote Network IP = 192.168.250.0
Remote Network Mask = 255.255.255.0
Local Network IP = 192.168.254.0
Local Network Mask = 255.255.255.0

None
Route


2820 - Home Network

1. Common Settings

Enable this profile = Ticked
VPN Dial-Out Through WAN1 (This is the only one used on my router)
Netbios Naming Packet = Pass
Multicast via VPN = Pass
Call Direction = Dial-Out
Always on = ticked
Enable PING to keep alive = enabled
PING to the IP = 192.168.254.10 (Server in my office LAN)

2. Dial-Out Settings

Type of server calling = IPSEC
Server IP/Host Name for VPN =
Pre Shared Key = ticked have applied the pre shared key by clicking on the "IKE PRESHARED KEY" button and typing in twice using both IE9 and Chrome
IP Security Method = High DES with Authentication
Advanced:

IKE phase 1 mode Main mode
IKE phase 1 proposal DES_MD5_G1
IKE phase 2 proposal DES_SHA1/DES_MD5
IKE phase 1 key lifetime 28800
IKE phase 2 key lifetime 3600
Perfect Forward Secret Disable
Local ID Blank

3. Dial-In Settings

Blanked out everything

4. TCP/IP Network Settings

My WAN IP - <>
Remote Gateway IP =
Remote Network IP = 192.168.254.0
Remote Network Mask = 255.255.255.0

RIP Direction None
From first subnet to remote network, you have to do = Route

under the TCP Network settings:
My Wan IP: here goes the PRIVATE IP of the router, not the Public wan ip.
this is possibly wrong in both the 2820 and the 2910 profile.
Remote Gateway IP: her goes the PRIVATE IP of the router at the other side.
in short, none of the TCP Network settings should contain a public IP Address.

Do you have a static IP at home ?
If yes, then the rest seems ok.
if not, you have to replace the WAN IP address with a radom string as identifier, and on the dial-out profile in the 2820 activate aggressive mode and enter the same string as the localID

since both routers have a hardware acceleration for DES/3DES, you can choose high security + 3DES as the encryption. But this setting is not relevant for establishing a VPN connection.

Hi,

Hmmm, how did I miss that. I'll give it a go tomorrow morning! Thanks for taking the time to help.

Graham

All working! Thanks again for your help.

Graham