DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
LAN To LAN VPN using Draytek 2820 and Draytek 2600
- matty-uk
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
20 Mar 2010 20:19 #61260
by matty-uk
LAN To LAN VPN using Draytek 2820 and Draytek 2600 was created by matty-uk
History
Original I had a Draytek 2600/2800 on a fixed public IP that connected to 2 Draytek 2600 that were both dynamic public IPS. The dynamic routers both have registered DNS names to enable them to be located. These where all L2TP IPSEC VPNS. I originaly had issues starting the vpns from the dynamic public IP side, but eventually resolved this by using Aggressive mode IKE and Peer ID's.
Problem
I've had to swap the 2600/2800 router for a 2820 as it died (old 2600 is held as backup). Now no matter what i try i cannot get the dynamic router to connect to the 2820 on the fixed public IP.
Has anyone experieced this problem and now how to resolve it?[/b]
Original I had a Draytek 2600/2800 on a fixed public IP that connected to 2 Draytek 2600 that were both dynamic public IPS. The dynamic routers both have registered DNS names to enable them to be located. These where all L2TP IPSEC VPNS. I originaly had issues starting the vpns from the dynamic public IP side, but eventually resolved this by using Aggressive mode IKE and Peer ID's.
Problem
I've had to swap the 2600/2800 router for a 2820 as it died (old 2600 is held as backup). Now no matter what i try i cannot get the dynamic router to connect to the 2820 on the fixed public IP.
Has anyone experieced this problem and now how to resolve it?[/b]
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
20 Mar 2010 22:42 #61263
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic LAN To LAN VPN using Draytek 2820 and Draytek 2600
You should not need aggressive mode or peer ID's to set it up. You will also find it easier to have the routers on dynamic IP's calling the router on the fixed IP. Re-connect times are quicker if the dynamic IP's change as you do not have to wait for DNS records to propagate through the DNS system.
Having said that, it is possibly a tad more secure to have the fixed IP end call the dynamic IP end.
Where are you putting the PSK in the 2820 for the dynamic end to make a connection. It should not go in the LAN-LAN profile, but in the IPSec General set up.
Having said that, it is possibly a tad more secure to have the fixed IP end call the dynamic IP end.
Where are you putting the PSK in the 2820 for the dynamic end to make a connection. It should not
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- matty-uk
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
21 Mar 2010 15:47 #61269
by matty-uk
Replied by matty-uk on topic LAN To LAN VPN using Draytek 2820 and Draytek 2600
Hi, VPNs are set to call direction "both". I'm entering the PSK in the LAN-LAN profile like did when i had a 2600/2800.
Don't i need to specify a peer id as i cannot specify the ip as its dynamic?
Don't i need to specify a peer id as i cannot specify the ip as its dynamic?
Please Log in or Create an account to join the conversation.
- matty-uk
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
21 Mar 2010 16:30 #61270
by matty-uk
Replied by matty-uk on topic LAN To LAN VPN using Draytek 2820 and Draytek 2600
Hi, i tried what you suggested but it did not work. I also tried using the current public IP (instead of using a peer id) of the dynamic end and was very surprised when it did not work. I then tried PPTP followed by IPSEC Tunnel both of which worked first time without any problems.
I don't understand why i cannot get L2TP with IPSec Policy working? I'm going to go and gather some logs next.
I don't understand why i cannot get L2TP with IPSec Policy working? I'm going to go and gather some logs next.
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
21 Mar 2010 17:18 #61273
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic LAN To LAN VPN using Draytek 2820 and Draytek 2600
I'm not sure what the benefits of L2TP/IPSec over IPSec with a strong PSK. I would (and do) just stick with IPSec. I do not use peer ID's - aren't they for aggressive mode? Peer VPN IP's don't work if the other end has a dynamic IP, but they should work if the other end has a static IP. If you do use them (and you can on your remote 2600's), then on the 2600's you put the PSK in the Dial-in settings and it can be different from the one in IPSec General Settings. You cannot use them on your 2820.
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- steve_bcs
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
09 May 2010 19:14 #61967
by steve_bcs
Replied by steve_bcs on topic LAN To LAN VPN using Draytek 2820 and Draytek 2600
Hi
same problem here.
two 2820's one on static IP one on Dynamic.
I can get a VPN up using PPTP or IPSEC : dialing in from dynamic to fixed.
But L2TP with IPSEC - just refuses to work.
any ideas anyone?
My IT dept assures me L2TP with IPSEC should work and cant undestand why it wont.
The Dynamic Router is in Canada - the static IP router in the UK
same problem here.
two 2820's one on static IP one on Dynamic.
I can get a VPN up using PPTP or IPSEC : dialing in from dynamic to fixed.
But L2TP with IPSEC - just refuses to work.
any ideas anyone?
My IT dept assures me L2TP with IPSEC should work and cant undestand why it wont.
The Dynamic Router is in Canada - the static IP router in the UK
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek