Lancasters IT Solutions Provider
*0871 464 0841 | 01524 889158

Technical Documents

  • JUL
    15

    DrayTek LAN-to-LAN IPsec VPN Configuration Guide

    Author: Technical Support
    Server room from hell

    This example shows the setup of an IPsec Main Mode VPN connection between the London router which will be set up with a Dial-In connection and the Liverpool router which will be set up with a Dial-Out connection, these are the details of the two networks:

      London Liverpool
    LAN Address 192.168.1.0 10.1.1.0
    LAN Subnet Mask 255.255.255.0 255.255.255.0
    Router's Address 192.168.1.1 10.1.1.1
    Public IP Address 213.120.81.12 194.153.12.17
    VPN Profile Name Liverpool London
    Call Direction Incoming Outgoing
    Protocols IPsec only IPsec only
    Pre-Shared Key xf1YMWdu06VWbG3 xf1YMWdu06VWbG3

    Dial In VPN - London Router:
    This needs to be configured as a Dial-In VPN connection to accept the connection attempt from the Liverpool router. Go to [VPN and Remote Access] – [LAN to LAN] and select the first un-used profile.
    On that page, configure the Common Settings like so:

    http://www.draytek.co.uk/images/guides/ipsecvpn1.png
    It needs to be Enabled, configured as a Dial-In connection and the Idle Timeout should be set to 0 seconds, so that it does not disconnect when idle.

    The next step is to configure the Dial-In Settings of the VPN profile:

    http://www.draytek.co.uk/images/guides/ipsecvpn2.png

    1. Set the Allowed Dial-In Type to IPsec Tunnel
    2. Tick the Specify Remote VPN Gateway option and enter the Peer VPN Server IP as the IP address of the remote router (Liverpool is 198.51.100.17 in this example)
    3. Leave the Username and Password fields blank
    4. Tick the Pre-Shared Key option and click the IPsec Pre-Shared Key button, this will pop-up a window where the Pre-Shared key needs to be entered twice to confirm that the key is correct, click OK on that window to close it. The Pre-Shared Key field should then show the Pre-Shared key in starred-out form
    5. Under the IPsec Security Method section, untick any IPsec security types that aren’t needed

    The IP address details for the VPN need to be configured, those are under TCP/IP Network Settings:

    http://www.draytek.co.uk/images/guides/ipsecvpn3.png

    1. The My WAN IP and Remote Gateway IP fields should be left blank
    2. Specify the Network Address of the remote network under Remote Network IP and configure the subnet if required
    3. Ensure that the Local Network IP details are correct, these are pre-set and should not need changing generally but if the local router has multiple subnets, this could be changed to the subnet that will be used for the VPN tunnel

    Click OK on that VPN profile to save and apply it.


    Dial-Out VPN – Liverpool Router:
    This needs to be configured as a Dial-Out VPN connection to initiate the connection with the London router. Go to [VPN and Remote Access] – [LAN to LAN] and select the first un-used profile.
    On that page, configure the Common Settings like so:

    http://www.draytek.co.uk/images/guides/ipsecvpn4.png
    This needs to be Enabled, configured as a Dial-Out VPN and the Always on tickbox will need to be ticked so that the VPN is always active.

    The next step is to configure the Dial-Out Settings of the VPN tunnel:

    http://www.draytek.co.uk/images/guides/ipsecvpn5.png

    1. Set the Type of VPN to IPsec Tunnel
    2. Set the Server IP/Host Name for VPN to the address of the VPN server, in this example, London is 203.0.113.12
    3. Set the Pre-Shared Key to the key required for the VPN tunnel, this can be entered directly or by clicking the IKE Pre-Shared Key button to enter it twice so that it can be validated
    4. Set the IPsec Security Method to High(ESP) and select 3DES with Authentication from the drop-down list

    The IP address details for the VPN then need to be configured under TCP/IP Network Settings:

    http://www.draytek.co.uk/images/guides/ipsecvpn6.png

    1. The My WAN IP and Remote Gateway IP fields should be left blank
    2. Specify the Network Address of the remote network under Remote Network IP and configure the subnet if required
    3. Ensure that the Local Network IP details are correct, these are pre-set and should not need changing generally but if the local router has multiple subnets, this could be changed to the subnet that will be used for the VPN tunnel

    Click OK on that VPN profile to save and apply it.


    Once both sides of the VPN have been configured, if all of the details are correct and the routers are able to contact each other without issue, the VPN should establish, this can be checked from [VPN and Remote Access] – [Connection Management], which will show the VPN listed in the status window:

    http://www.draytek.co.uk/images/guides/ipsecvpn7.gif


  • Contact us on 01524 889158

community tweets