Hi,
I've had a Draytek 2860 for months now, it's a brilliant bit of kit, but I'm using it purely and simply to get the public IP's on our VDSL (BT infinity) working.
So, I have a corporate CISCO router as our perimeter firewall, router, and VPN server. It handles all the NAT and connectivity for our corportate network to the outside world.
The draytek is setup with an IP ROUTED SUBNET to allow the outside world access through to our CISCO router. This allows us to utilise our public IP's to allow access to our various servers. This works great for NAT'ed Webservers and mailservers. No further setup was required.
The problem is, I now want to decommission our old Demon ADSL line (5Mbps) which allows the VPN client connectivity to our CISCO router. I want to run this facility over the BT Infinity line, along with the other web and mail servers. Obviously lots more bandwidth to our users.
But, the Draytek seems to be blocking VPN client connectivity. I think I've done all I can with the CISCO router, in terms of config, to allow VPN client to listen over the BT line, but it doesn't get that far.
I then found an article (https://www.draytek.co.uk/archive/kb_vigor_passthrough.html) which says disable all the VPN services on the Draytek. I thought that would be the solution, I disabled all the tickboxes, and then tried again. Still no luck.
Because I'm using the IP ROUTED SUBNET, the second part of the intructions on that page don't apply to me, as I'm not forwarding to a NAT'ed host.
Can anyone help me establish if the packets are definitely being blocked or dropped at the draytek? I am not sure how I monitor real time packets, or if it's possible? I need to see if the packets get past the draytek and to our CISCO box.
The CISCO VPN is setup using a wizard, it's the "CISCO easy vpn server" and I believe it utilizes IPSec/ESP Port500 for IKE setup.
Any tips really appreciated. Thanks in advance, Alan
