Viewing Article

No StarNo StarNo StarNo StarNo Star | Jan 7 2011, 2:14 AM |
Configuring Draytek VPNs to work with Sharedband

Setting up a Draytek Vigor LAN to LAN IPSec Tunnel

With Sharedband

 

16-Draytek-VPN-1.png

Step 1
Get the Draytek setup and working behind Sharedband.  Make sure that PCs behind the Draytek can access the internet. We need to now ensure the MTU values are correct. To do this, please refer to article (http://support.sharedband.com/kb/kb8)
Next we need to forward all ports and protocols to the Draytek. To do this we need to create a host allocation and point it at the “WAN” IP of the Draytek.
If you need help creating the host allocation please refer to our port mapping guide (http://support.sharedband.com/kb/kb15)

a. At office A log into the Vigor2830
Browse to VPN and Remote Access
Select LAN to LAN and choose a profile
1. Common Settings:
   a. Enter a Profile Name.
   b. Select "Enable this Profile".
   c. Select Dial-In and set the Idle Timeout as "0" to keep this tunnel open until terminated by remote site.
3. Dial-in Settings:
   a. Tick "IPSec tunnel".
   b. Tick "Specify Remote VPN Gateway".
   c. Enter the Peer VPN Server External IP.
   d. Enter the IKE Pre-shared Key. (Choose a password 6-8 characters long)
   e. Select IPSec Security Method High ( ESP ) and choose 3DES.
***NB: You MUST choose High (ESP) as Medium (AH) DOES NOT work with a NAT'd external IP***

4. TCP/IP Network Settings:
   Enter Remote Network IP and Remote Network Mask.

16-Draytek-VPN-2.png


 

Step 2
At office B (Vigor2830):

1. Common Settings:
   a. Enter a Profile Name.
   b. Select "Enable this Profile".
   c. Select "Dial-Out" and choose Always on to keep this tunnel open until terminated by the remote site.
  d: choose Sharedband WAN connection only

If Always On is selected, select "Enable PING to keep alive" and type a remote network IP in "PING to the IP", and Vigor will try to reconnect to this remote IP if the tunnel is broken.

2. Dial-Out Settings:
   a. Select "IPSec Tunnel".
   b. Enter the External IP address of the head office.
   c. Enter the IKE Pre-shared Key. (the same as set on the head office router)
   d. Select IPSec Security Method High (ESP). 3DES with Authentication

***NB: You MUST choose High (ESP) as Medium (AH) DOES NOT work with a NAT'd external IP***

5. TCP/IP Network Settings:
   Enter Remote Network IP and Remote Network Mask.

 

16-Draytek-VPN-4.png

 

From Main menu, select System Management --› VPN Connection Management, and check the connection status for a dial-out connection ( to the head office ).

 

 

16-Draytek-VPN-5.png


 

At Office A

From Main menu, select System Management --› VPN Connection Management, and check the connection status for a dial-in connection (from office B).

16-Draytek-VPN-3.png