DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Vigor 2820 L2L IPSec WatchGuard XTM5
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
10 Aug 2011 15:12 #68982
by gvjosh
Replied by gvjosh on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
@nealuk:
Mine is, obviously, different. However, I found the gateway doesn't have a setting other than 8 hours and the tunnel has both settings. I had already set expiration to nothing as shown here:
I appreciate your help. Any other thoughts?
Mine is, obviously, different. However, I found the gateway doesn't have a setting other than 8 hours and the tunnel has both settings. I had already set expiration to nothing as shown here:
I appreciate your help. Any other thoughts?
Please Log in or Create an account to join the conversation.
- nealuk
- Offline
- Member
Less
More
- Posts: 465
- Thank you received: 0
10 Aug 2011 15:40 #68983
by nealuk
Replied by nealuk on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
I am struggling for ideas. But what about setting the Phase 2 proposal Force key expiration to 8 hours - and then you know that is matches the Draytek Vigor?
Can you look over again the WatchGuard Phase 1 details? Are there any time or byte limits there?
You mentioned that you'd used the Draytek's Syslog for additional helpful information. Is there something similar on the WatchGuard XTM5 which might give us some clues?
Sometimes, when I can't get things to work, I swich to a different security protocol. You could try 3DES ? MD5_G2 has given me good interoperability between different manufacturers equipment.
Can you look over again the WatchGuard Phase 1 details? Are there any time or byte limits there?
You mentioned that you'd used the Draytek's Syslog for additional helpful information. Is there something similar on the WatchGuard XTM5 which might give us some clues?
Sometimes, when I can't get things to work, I swich to a different security protocol. You could try 3DES ? MD5_G2 has given me good interoperability between different manufacturers equipment.
Please Log in or Create an account to join the conversation.
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
10 Aug 2011 15:53 #68984
by gvjosh
Replied by gvjosh on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
Here is a screenshot of the Gateway setup:
See anything else that I could change?
See anything else that I could change?
Please Log in or Create an account to join the conversation.
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
10 Aug 2011 16:00 #68985
by gvjosh
Replied by gvjosh on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
Here are some pics of my Vigor L2L config:
Please Log in or Create an account to join the conversation.
- nealuk
- Offline
- Member
Less
More
- Posts: 465
- Thank you received: 0
10 Aug 2011 16:15 #68986
by nealuk
Replied by nealuk on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
Thanks for taking the time on the screen shots - very helpful.
I think
Perfect Forward Secret should be "Disable" because it should only be Enabled if you have some data in the field Local ID.
Vigor Section 3. Dial In - untick Medium AH
Also, I have loooked at six of my VPN's and on each of them I leave My WAN IP as 0.0.0.0 - since you have set Dial Out Through WAN1 First, then if the Vigor uses WAN2 this will have an IP address which is not the same. So I think it is safest to put My WAN IP back to 0.0.0.0
I think
Perfect Forward Secret should be "Disable" because it should only be Enabled if you have some data in the field Local ID.
Vigor Section 3. Dial In - untick Medium AH
Also, I have loooked at six of my VPN's and on each of them I leave My WAN IP as 0.0.0.0 - since you have set Dial Out Through WAN1 First, then if the Vigor uses WAN2 this will have an IP address which is not the same. So I think it is safest to put My WAN IP back to 0.0.0.0
Please Log in or Create an account to join the conversation.
- gvjosh
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
10 Aug 2011 16:26 #68987
by gvjosh
Replied by gvjosh on topic Re: Vigor 2820 L2L IPSec WatchGuard XTM5
OK, I will make these changes later today when that office closes. I've turned up the logging level of the WG XTM5 for the VPN section to hopefully catch some good data in more detail. Thanks for your help nealuk.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek