Scribd Logo
Upload

Welcome to Scribd!

  • Dial Out

    Uploaded by

    thangnm
    38 views10 pages
    The document describes how to configure a VPN tunnel between a Vigor 3300V router at headquarters and a V2900V router at a branch office to allow employees at the branch to securely access databases at headquarters. It provides step-by-step instructions for configuring the VPN settings on each router, including the WAN/LAN IP addresses, encryption method, pre-shared key, and initiating the connection from the 3300V. Testing shows ping responses between the internal networks, indicating successful establishment of the encrypted VPN tunnel.

    Original Description:

    Draytek, Dial_Out

    Original Title

    Dial_Out

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes how to configure a VPN tunnel between a Vigor 3300V router at headquarters and a V2900V router at a branch office to allow employees at the branch to securely access databases at headquarters. It provides step-by-step instructions for configuring the VPN settings on each router, including the WAN/LAN IP addresses, encryption method, pre-shared key, and initiating the connection from the 3300V. Testing shows ping responses between the internal networks, indicating successful establishment of the encrypted VPN tunnel.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    38 views10 pages

    Dial Out

    Uploaded by

    thangnm
    The document describes how to configure a VPN tunnel between a Vigor 3300V router at headquarters and a V2900V router at a branch office to allow employees at the branch to securely access databases at headquarters. It provides step-by-step instructions for configuring the VPN settings on each router, including the WAN/LAN IP addresses, encryption method, pre-shared key, and initiating the connection from the 3300V. Testing shows ping responses between the internal networks, indicating successful establishment of the encrypted VPN tunnel.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    11.

    VPN Dial-out Function


    Suppose the Headquarters in Taipei use a Vigor 3300V, while the branch office in Shanghai uses a V2900V. The network administrator requires the employees in branch office to access the database in the headquarters through the encrypted VPN tunnel. The purpose is to avoid leakage of confidential information.

    Figure 11-1. A scenario architecture graph Both sites have a fixed IP address and the connection is initiated from Vigor 3300V (Dial-Out) to V2900V (Dial-In). Below is a configuration table between Vigor 3300V and V2900V. Settings WAN IP LAN IP Internal Network Encryption Method Preshared Key 3300V Headquarters 220.135.240.207 PPPoE, fixed IP 192.168.33.1 192.168.33.X DES-SHA1 3300 2900V Branch Office 61.31.167.135 PPPoE, fixed IP 192.168.29.1 192.168.29.X

    Vigor3300 Series Application Note V2.2

    47

    11.1 Examples and Web Configurations


    11.1.1 Configurations in Vigor2900V
    1. Enter V2900V'sthe web page of Vigor2900V, click the VPN and Remote Access Setup link.

    Figure 11-2. 2900V web configuration 2. Click the LAN-to-LAN Profile Setup link.

    Figure 11-3. LAN-to-LAN profile setup

    48

    Vigor3300 Series Application Note V2.2

    3.

    Click Index 1 and enter relevant settings for the VPN tunnel to Vigor 3300V. Please refer to Figure 11-4.

    Figure 11-4. Enter relevant VPN setup 4. On this page there are four sections for relevant VPN setup as below. In the web page, please set Common Setting first. Profile Name - Specify a name to this profile. To facilitate easy management and differentiation, please type 3300V. Call Direction - Specify the call direction to this profile. In this example the connection is initiated from V3300V to V2900V, so please select Dial-In. Idle Timeout - By default, it is 300 seconds. If the profile connection is idle over the threshold of the timer, the router will drop the connection. Please refer to Figure 12-5.

    Figure 11-5. Common settings in Vigor2900V Dial-Out Settings - It deals with relevant settings of Dial-Out connection. In this example, we do not need to configure this part.

    Vigor3300 Series Application Note V2.2

    49

    Figure 11-6. Dial-Out settings in Vigor2900V Dial-In Settings - It deals with relevant settings of Dial-In connection, including encryption method, preshared key and the WAN IP of remote site. Select IPSec Tunnel and enter the WAN IP 220.135.240.207 of Vigor2900V. Press the IKE Pre-Shared Key button, and then a window will pop up. Type 3300 (It must be identical with 3300V's). Press the Confirm button to finish the configuration of IKE Pre-Shared Key. Please refer to Figure 12-7.

    Figure 11-7. Dial-In settings in Vigor2900V TCP/IP Network Settings - It deals with the internal network of the remote site, etc. In the Network IP and Mask fields, enter 192.168.33.0 and 255.255.255.0 respectively, and then press OK to finish the configuration. Please refer to Figure 12-8.

    50

    Vigor3300 Series Application Note V2.2

    Figure 11-8. VPN setup- TCP/IP network settings 5. After configuration, the router will automatically switch to the LAN-to-LAN Profiles Setup page. Confirm if the settings are correct. Now the configuration of V2900V is completed. Please refer to Figure 11-9.

    Figure 11-9. Table of LAN-to-LAN settings in Vigor2900V

    11.1.2 Configurations in Vigor 3300V


    1. Suppose the internal network inside Vigor 3300V is 192.168.33.X, for detailed setup instructions please refer to the LAN Setup chapter. Enter VPN \IPSec\Policy Table, and click 1. Then press Edit. Please refer to Figure 12-10.

    Figure 11-10. IPSec policy table


    Vigor3300 Series Application Note V2.2 51

    2.

    First you should configure the Default page. In Basic settings, there are three parts users need to configure.

    Figure 11-11. Default page setup In Basic field: Name - You can specify a name to this profile. To facilitate easy management and differentiation, please type 2900V. Preshared Key - Type 3300 (It must be identical with 2900V's). Admin Status - Use the default settings (Enable). In Local Gateway field: WAN Interface - Vigor 3300V has 4 WAN ports. In this example, we choose WAN1 to establish the VPN tunnel. Network IP / Subnet Mask - It is the internal network of Vigor 3300V. Please enter 192.168.33.0 /24 (/24 = Mask 255.255.255.0) In Remote Gateway field: Security Gateway - The WAN IP of Vigor2900V. Please enter 61.31.167.135. Network IP / Subnet Mask - The internal network of Vigor2900V. Please enter 192.168.29.0 /24 (/24 = Mask 255.255.255.0). 3. Access into Advanced page. By default, Vigor 3300V allows des-md5, des-sha1, 3des-md5 and 3des-sha1. Change the sequence of des-md5 and des-sha1 so that des-sha1 is in first place. Press Apply to finish the configuration.

    52

    Vigor3300 Series Application Note V2.2

    Figure 11-12. Advanced page setup 4. After configuration, the router will switch to the VPN - IPSec - Policy Table page. Click Initiate.

    Figure 11-13. IPSec policy table 5. A window for this Dial-Out connection will pop up. Press OK to initiate this tunnel.

    Figure 11-14. The confirmation window 6. Please wait for 30~60 seconds, and then enter the VPN - IPSec Status page of Vigor 3300V. You will find that this VPN tunnel has been established.

    Vigor3300 Series Application Note V2.2

    53

    Figure 12-15. VPN - IPSec - Status page 7. Please enter the CLI and ping 192.168.29.1(2900V) to see if there is any response.

    Figure 11-16. Command prompt 8. If the numbers of Packet In & Packet Out increase, it means there is traffic through the VPN tunnel.

    Figure 11-17. The numbers of packet in & packet out 9. Please enter the main page of Vigor2900V and click VPN Connection Management. And then you will find this VPN tunnel has been established.

    Figure 11-18. VPN connection management

    54

    Vigor3300 Series Application Note V2.2

    10. Enter the CLI and ping 192.168.33.1(3300V) to see if there is any response.

    Figure 11-19. Command prompt

    11. If the numbers of Tx Pkts & Rx Pkts increase, it means there is traffic through the VPN tunnel.

    Figure 11-20. The numbers of Tx Pkts & Rx Pkts Now the VPN tunnel has been successfully established. If you want to keep a permanent connection, please refer to the step 2 the configuration of Vigor 3300V and change Admin Status from Enable to Always-On. Before the connection is established Vigor 3300V will continuously attempt to initiate VPN tunnel every 20 seconds.

    Figure 11-21. The admin status

    Vigor3300 Series Application Note V2.2

    55

    56

    Vigor3300 Series Application Note V2.2

    You might also like