Viewing Article
| Jan 7 2011, 2:14 AM |
Draytek 2820/2910
Introduction
This guide aims to help you convert an existing site to site VPN between two Drayteks, one of which is behind Sharedband.
The setup is the same if both your sites are using Sharedband, Just complete the below steps on one draytek and then repeat on the other.
While this guide is intended for the 2820s and 2910s, the bigger rack mount Drayteks (3300s, etc) have very similar functionality and menu structure so you should be able to use this guide for them too.
If you have not already, we recommend you setup your configuration similar to the attached diagram. You can use any private IPs for the DMZ and LAN IPs but the LAN IPs on either side of the VPN must be on different subnets (for routing purposes) and it’s recommended that the DMZ IP’s are different because it makes troubleshooting easier.
Preliminary Setup
Get the Draytek setup and working behind Sharedband. Make sure that PCs behind the Draytek can access the internet.
Now we need to forward all ports and protocols to the Draytek. To do this we need to create a host allocation and point it at the “WAN” IP of the Draytek.
If you need help creating the host allocation please refer to this port mapping guide:
Configuring the Draytek (Site A)
Log into the Draytek and edit your existing site to site VPN.
Scroll to section 4 at the bottom of the page.
In the “My WAN IP” field enter your Sharedband public IP.
Click “OK” at the bottom of the page.
Configuring the Draytek (Site B)
Log into the Draytek and edit your existing site to site VPN
Scroll to section 2 (dial out settings) .
Change the public IP under “Server
Click “OK” at the bottom of the page.
Your VPN should now come up and pass traffic. If it doesn’t please make sure you have completed the host allocation as detailed in the preliminary setup. If your VPN still doesn’t work then please raise a ticket
Attachments:
Draytek_Diagram_-_Public_IPs.pdf