DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Configuring 2900

More
24 May 2011 09:13 #67896 by ttmt
Replied by ttmt on topic Re: Configuring 2900
Thanks for the reply.
At this point I'd still prefer to use the main router for the internet connection as I know this is stable and give a good speed etc.

Can you advise how I should configure the subnets etc ?

Thanks

Please Log in or Create an account to join the conversation.

More
24 May 2011 09:26 #67897 by rothers
Replied by rothers on topic Re: Configuring 2900

TtmT wrote: Thanks for the reply.
At this point I'd still prefer to use the main router for the internet connection as I know this is stable and give a good speed etc.



Those attributes are dependant on the router's modem which you'll still be using.

Please Log in or Create an account to join the conversation.

More
24 May 2011 09:47 #67898 by ttmt
Replied by ttmt on topic Re: Configuring 2900
Thanks..

I take it if I do this, then all the port forwarding, filtering and fire-walling etc is done by the 2900 not the 'other router' ?

The other router is a thomson 525 v7, is the 2900 a better option ?
Thanks

Please Log in or Create an account to join the conversation.

More
24 May 2011 18:38 #67904 by nobody
Replied by nobody on topic Re: Configuring 2900
For a start, set the IP LAN (the internal network) of the 2900 to 192.168.10.1
Change the DHCP range to something that matches the changes.

Try if you now have a stable internet connection.

I dont know the thomson 525.
The 2900 is not a bad router at all, but a little outdated. WAN throughput about 16Mbit.
It has hardware-accelerated VPN, the usual draytek Firewall, QoS, max TCP sessions: 7500

But i think you wont have success using it for an IPSec VPN behind another NAT router - but of course its worth a try.

Please Log in or Create an account to join the conversation.

More
25 May 2011 09:33 #67907 by nealuk
Replied by nealuk on topic Re: Configuring 2900

nobody wrote: ...i think you wont have success using it for an IPSec VPN behind another NAT router - but of course its worth a try...



This is quite a challenge, but I have done this between a 2950 and 2820. To help get around the NAT:

+ use aggressive mode
+ G2 instead of G1
+ perfect forward secret Enable
+ a phrase / local ID used for checking the header data of the packets negates the otherwise incorrect IP info from the other Nat device and gets it 'trusted'
+ general perseverance and luck, doing it with a clear head and no presuure from the management ;)

Regards,

Neal

Please Log in or Create an account to join the conversation.

More
25 May 2011 19:01 #67914 by ttmt
Replied by ttmt on topic Re: Configuring 2900
OK. This is what I've tried.

Statically setting the LAN on the 2900 to fit in with 192.168.1.x
Then forwarding PPTP from my Router to the 2900's static IP Address.... FAILED
( router logs show it routes, but no connection to 2900. I assume 2900 does support VPN termination on LAN ports )


Statically setting the LAN on the 2900 to 192.168.10.1
Statically setting the WAN on the 2900 to 192.168.1.250
Then forwarding PPTP from my Router to the 2900's static WAN IP Address.... FAILED

Any other ideas ?? or is bridging my router to the 2900 the only option ?
If I do that, does that mean all port forwarding etc is don't by the 2900, or my router ??

Thanks

Please Log in or Create an account to join the conversation.

Moderators: Sami