Good morning all,
I am trying to get a remote site connected to our main office
Remote site 192.168.1.0/24 (router is 192.168.1.1)
Main office 10.10.10.0/23 (router is 10.10.10.1)

Each Draytek 2920n *can* ping the router at the other side of the VPN, but hosts at both sites cannot ping anything over the VPN connection. The hosts are configured so that their local router is the default route.

When reading two Draytek support docs, I noticed a contradiction which I think may be part of my problem:

Document #1: http://www.draytek.co.uk/support/guides/vpn-setup
Document #2: http://www.draytek.com/index.php?option=com_k2&view=item&id=1987&Itemid=293&lang=en

Document #1 explicitly says that the Remote Network IP should be a network address and *not* the specific IP address of the remote router. But Document #2 says that the "Remote Network IP" should be the IP address of the remote router......

Any help greatly appreciated.....

Michael

Here are the routing tables if this is helpful (these are from the Draytek's Diagnostics->Routing table function):

Main office router

Code:

Key: C - connected, S - static, R - RIP, * - default, ~ - private * 0.0.0.0/ 0.0.0.0 via 62.3.83.10 WAN1 C~ 10.10.10.101/ 255.255.255.255 directly connected VPN-1 C~ 10.10.10.0/ 255.255.254.0 directly connected LAN1 * 62.3.83.10/ 255.255.255.255 via 62.3.83.10 WAN1 S 88.97.244.225/ 255.255.255.255 via 88.97.244.225 WAN1 S~ 192.168.1.0/ 255.255.255.0 via 10.10.10.101 VPN-1

Remote office router

Code:

Key: C - connected, S - static, R - RIP, * - default, ~ - private * 0.0.0.0/ 0.0.0.0 via 62.3.83.10 WAN1 C~ 10.10.10.101/ 255.255.255.255 directly connected VPN-1 C~ 10.10.10.0/ 255.255.254.0 directly connected LAN1 * 62.3.83.10/ 255.255.255.255 via 62.3.83.10 WAN1 S 88.97.244.225/ 255.255.255.255 via 88.97.244.225 WAN1 S~ 192.168.1.0/ 255.255.255.0 via 10.10.10.101 VPN-1

And I am now able to ping the main office router from a PC on the remote office LAN but I cannot ping main office hosts from the same remote office PC

It was the firewall config....

Actually.... not solved

Correcting the firewall rules on the main office to allow incoming traffic solved 99% of the problem -- for example, hosts on both sides can ping, telnet, HTTP each other with no problems. However, VoIP remains elusive. A phone (Aastra 480i) on the remote LAN can call a phone on the main office network (and vice versa) -- the phone receiving the call rings but when answered there is no audio received from the remote location.... in other words,

Brian at the remote location calls Michael at the main office -- Brian can hear Michael but Michael can't hear Brian. This is the behaviour regardless of who originates the call....

Any thoughts?

Michael.

isn't that to do with the UDP ports if voice is only 1 way although the VPN should pass all services ports.
Is there any QOS set up on the UDP voip ports?

Hi
it turned out to be that the LAN-to-LAN VPN profile needed to be set to "NAT" in the "From first subnet to remote network" -- it was previously set to "route"

Thanks
Michael