draytek_site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
draytek_site [2021/11/16 15:27]
joe 		draytek_site [2021/11/16 17:10] (current)
rafi
Line 1: Line 1:
-his article describes how to configure a VPN tunnel on a DrayTek Vigor 3900 device.+This article describes how to configure a VPN tunnel on a DrayTek Vigor 3900 device.
  
-  * Unordered List ItemConfiguring the tunnel on the Management Platform+  * Configuring the tunnel on the Management Platform
   * Configuring the tunnel on the DrayTek Management Interface   * Configuring the tunnel on the DrayTek Management Interface
  
 Please follow the steps below: Please follow the steps below:
  
-** ====== Configuring the tunnel in the Management Platform ====== **+==== Configuring the tunnel in the DrayTek Management Interface ====
  
-1. Go to the Gateway in your network from which you want to create the tunnel to DrayTek. Select the three-dotted menu (...) and select Add Tunnel.+1. Open the DrayTek management interface.
  
-2. Select IPSec Site-2-Site Tunnel and select Continue.+2. In the left panel, select VPN and Remote Access, then select VPN Profiles. Select the add to create a new profile.
  
-3. In the General Settings section fill in the following information: 
  
-**Name:** Choose whatever name you find suitable for the tunnel. +----
-**Shared Secret:** Enter a string of your own or use Generate. +
-**Public IP:** Enter the public IP of the DrayTek device. +
-**Remote ID:** Enter a name that will be also used as the name of the VPN profile on the DrayTek device. +
-**Perimeter 81 Gateway Proposal Subnets:** Choose the specified subnet. By default, this should be set to 10.255.0.0/16. +
-**Remote Gateway Proposal Subnets:** Select Specified Subnets and specify according to your local LAN Subnets.+
  
-4. In the Advanced Settings section fill in the following: +{{::360010935959screenshot2020-04-13at112605.png?nolink&200 }}
-**IKE Version:** v1 +
-**Encryption (Phase 1):** AES256 +
-**Encryption (Phase 2):** AES256 +
-**Integrity (Phase 1):** SHA1 +
-**Integrity (Phase 2):** SHA1 +
-**Diffie-Hellman Groups (Phase 1):** 2 +
-**Diffie-Hellman Groups (Phase 2):** 2 +
-**DPD delay:** 30s +
-**DPD timeout:** 120s +
-5. Leave the rest of the fields with the default values (as shown in the attached image) and click on Add Tunnel.+
  
-======**Configuring the tunnel in the DrayTek Management Interface**======+----
  
-1. Open the DrayTek management interface. 
-2. In the left panel, select VPN and Remote Access, then select VPN Profiles. Select the add to create a new profile. 
- 
-{{ :360010935959screenshot2020-04-13at112605.png?nolink&200 |}} 
  
 3. Under the Basic tab, fill in the following information: 3. Under the Basic tab, fill in the following information:
  
-{{ :3600110728791-1copy.jpg?nolink&200 |}}+ 
 +{{3600110728791-1copy.jpg?nolink&200 |}}
  
 **Auto Dial-Out: Enable;** Always Dial-Out **Auto Dial-Out: Enable;** Always Dial-Out
 +
 **Dial-Out through: Your WAN interface;** Default WAN IP **Dial-Out through: Your WAN interface;** Default WAN IP
 +
 **Failover:** Should remain with the null value. **Failover:** Should remain with the null value.
 +
 **Local IP/Subnet Mask:** Insert your FW external address and specify the correlating subnets. **Local IP/Subnet Mask:** Insert your FW external address and specify the correlating subnets.
-**Remote Host:** Insert you Perimeter 81 Gateway IP 
-**Remote ID/Subnet Mask:** By default, upon network creation at the Perimeter 81 Portal 10.255.0.0 and 255.255.255.0/16 are assign. If customized, please make sure to insert the appropriate values. 
  
-{{ ::360010932560screenshot2020-04-13at112754.png?nolink&200 |}}+**Remote Host:** Insert you Privatise public gateway IP (you can get this under ROC On Demand in the managed company portal). 
 + 
 +**Remote ID/Subnet Mask:** Please reach out to Privatise support for this. 
 + 
 +{{::360010932560screenshot2020-04-13at112754.png?nolink&200 |}} 
  
 **IKE Protocol:** IKEv1 **IKE Protocol:** IKEv1
 +
 **IKE Phase 1:** Main Mode **IKE Phase 1:** Main Mode
 +
 **Auth Type:** PSK **Auth Type:** PSK
-**Pre-shared Key:** Insert the same shared secret you choose while configuring the tunnel at the Perimeter 81 portal.+ 
 +**Pre-shared Key:** Please reach out to Privatise support for this. 
 **Security Protocol:** ESP **Security Protocol:** ESP
  
 4. Fill in the following information in the Advanced section: 4. Fill in the following information in the Advanced section:
  
-{{ ::360010932580screenshot2020-04-13at112834.png?nolink&200 |}}+{{::360010932580screenshot2020-04-13at112834.png?nolink&200 |}}
  
-{{ ::360010936039screenshot2020-04-13at113129.png?nolink&200 |}} 
  
-**Phase 1 Key Lifetime:** 28800 seconds +{{::360010936039screenshot2020-04-13at113129.png?nolink&200 |}} 
-**Phase 2 Key Lifetime:** 3600 seconds+ 
 + 
 +**Phase 1 Key Lifetime:** 86400 seconds 
 + 
 +**Phase 2 Key Lifetime:** 86400 seconds 
 **Perfect Forward Secrecy Status:** Enable **Perfect Forward Secrecy Status:** Enable
 +
 **DPD Status:** Enable **DPD Status:** Enable
 +
 **DPD Delay:** 30 seconds **DPD Delay:** 30 seconds
 +
 **DPD Timeout:** 120 seconds **DPD Timeout:** 120 seconds
 +
 **Ping to Keep Alive:** Disable **Ping to Keep Alive:** Disable
 +
 **Route/NAT Mode:** Route **Route/NAT Mode:** Route
 +
 **Source IP:** Auto-detect **Source IP:** Auto-detect
 +
 **Apply NAT Policy:** Disable **Apply NAT Policy:** Disable
 +
 **Set VPN Default Gateway:** Disable **Set VPN Default Gateway:** Disable
 +
 **Netbios Naming Packet:** Disable **Netbios Naming Packet:** Disable
 +
 **Multicast via VPN:** Disable **Multicast via VPN:** Disable
 +
 **Rip via VPN:** Disable **Rip via VPN:** Disable
 +
 **Packet Triggered:** Enable **Packet Triggered:** Enable
 +
 **Force UDP Encapsulation:** Disable **Force UDP Encapsulation:** Disable
  
Line 85: Line 93:
 5. Fill in the following information in the GRE section: 5. Fill in the following information in the GRE section:
  
-{{ ::360010936059screenshot2020-04-13at113213.png?nolink&200 |}}+ 
 +{{::360010936059screenshot2020-04-13at113213.png?nolink&200 |}} 
  
 **Enable GRE Function:** Disable **Enable GRE Function:** Disable
 +
 **Auto Generate GRE Key:** Enable **Auto Generate GRE Key:** Enable
  
 6.Fill in with the following information in the Proposal section: 6.Fill in with the following information in the Proposal section:
  
-{{ ::image-1607873566327.png?nolink&200 |}}+ 
 +{{::image-1607873566327.png?nolink&200 |}} 
  
 **IKE Phase 1 Proposal:** AES 256 **IKE Phase 1 Proposal:** AES 256
 +
 **IKE Phase 1 Authentication:** SHA1 **IKE Phase 1 Authentication:** SHA1
-**IKE Phase 2 Proposal:** AWS 256 with auth+ 
 +**IKE Phase 2 Proposal:** AES 256 with auth 
 **IKE Phase 2 Authentication:** SHA1 **IKE Phase 2 Authentication:** SHA1
 +
 **Accepted Proposal:** Accept **Accepted Proposal:** Accept
  
 7. Leave the checkbox unmarked in the Multiple SAs section. Make sure to enable the profile and click Apply. 7. Leave the checkbox unmarked in the Multiple SAs section. Make sure to enable the profile and click Apply.
  
-{{ ::360010936079screenshot2020-04-13at113512.png?nolink&200 |}}+ 
 +{{::360010936079screenshot2020-04-13at113512.png?nolink&200 |}} 
  
 8. If the tunnel is up, the profile will be green in the Connection Management tab: 8. If the tunnel is up, the profile will be green in the Connection Management tab:
  
-{{ ::360010936219screenshot2020-04-13at113958.png?nolink&200 |}}+ 
 +{{360010936219screenshot2020-04-13at113958.png?nolink&200 |}} 
  • draytek_site.1637076459.txt.gz
  • Last modified: 2021/11/16 15:27
  • by joe