DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2920-->2920 LAN-2-LAN VPN - conflicting instructions
- tracefirst
- Topic Author
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
17 Dec 2013 10:40 #78528
by tracefirst
2920-->2920 LAN-2-LAN VPN - conflicting instructions was created by tracefirst
Good morning all,
I am trying to get a remote site connected to our main office
Remote site 192.168.1.0/24 (router is 192.168.1.1)
Main office 10.10.10.0/23 (router is 10.10.10.1)
Each Draytek 2920n *can* ping the router at the other side of the VPN, but hosts at both sites cannot ping anything over the VPN connection. The hosts are configured so that their local router is the default route.
When reading two Draytek support docs, I noticed a contradiction which I think may be part of my problem:
Document #1:http://www.draytek.co.uk/support/guides/vpn-setup
Document #2:http://www.draytek.com/index.php?option=com_k2&view=item&id=1987&Itemid=293&lang=en
Document #1 explicitly says that the Remote Network IP should be a network address and *not* the specific IP address of the remote router. But Document #2 says that the "Remote Network IP" should be the IP address of the remote router......
Any help greatly appreciated.....
Michael
I am trying to get a remote site connected to our main office
Remote site 192.168.1.0/24 (router is 192.168.1.1)
Main office 10.10.10.0/23 (router is 10.10.10.1)
Each Draytek 2920n *can* ping the router at the other side of the VPN, but hosts at both sites cannot ping anything over the VPN connection. The hosts are configured so that their local router is the default route.
When reading two Draytek support docs, I noticed a contradiction which I think may be part of my problem:
Document #1:
Document #2:
Document #1 explicitly says that the Remote Network IP should be a network address and *not* the specific IP address of the remote router. But Document #2 says that the "Remote Network IP" should be the IP address of the remote router......
Any help greatly appreciated.....
Michael
Please Log in or Create an account to join the conversation.
- tracefirst
- Topic Author
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
17 Dec 2013 10:55 #78529
by tracefirst
Replied by tracefirst on topic Re: 2920-->2920 LAN-2-LAN VPN - conflicting instructions
Here are the routing tables if this is helpful (these are from the Draytek's Diagnostics->Routing table function):
Main office router
Remote office router
And I am now able to ping the main office router from a PC on the remote office LAN but I cannot ping main office hosts from the same remote office PC
Main office router
Code:
Key: C - connected, S - static, R - RIP, * - default, ~ - private
* 0.0.0.0/ 0.0.0.0 via 62.3.83.10 WAN1
C~ 10.10.10.101/ 255.255.255.255 directly connected VPN-1
C~ 10.10.10.0/ 255.255.254.0 directly connected LAN1
* 62.3.83.10/ 255.255.255.255 via 62.3.83.10 WAN1
S 88.97.244.225/ 255.255.255.255 via 88.97.244.225 WAN1
S~ 192.168.1.0/ 255.255.255.0 via 10.10.10.101 VPN-1
Remote office router
Code:
Key: C - connected, S - static, R - RIP, * - default, ~ - private
* 0.0.0.0/ 0.0.0.0 via 62.3.83.10 WAN1
C~ 10.10.10.101/ 255.255.255.255 directly connected VPN-1
C~ 10.10.10.0/ 255.255.254.0 directly connected LAN1
* 62.3.83.10/ 255.255.255.255 via 62.3.83.10 WAN1
S 88.97.244.225/ 255.255.255.255 via 88.97.244.225 WAN1
S~ 192.168.1.0/ 255.255.255.0 via 10.10.10.101 VPN-1
And I am now able to ping the main office router from a PC on the remote office LAN but I cannot ping main office hosts from the same remote office PC
Please Log in or Create an account to join the conversation.
- tracefirst
- Topic Author
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
17 Dec 2013 12:05 #78531
by tracefirst
Replied by tracefirst on topic [SOLVED]Re: 2920-->2920 LAN-2-LAN VPN - conflicting instruct
It was the firewall config....
Please Log in or Create an account to join the conversation.
- tracefirst
- Topic Author
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
20 Dec 2013 11:26 #78555
by tracefirst
Replied by tracefirst on topic Re: 2920-->2920 LAN-2-LAN VPN - conflicting instructions
Actually.... not solved
Correcting the firewall rules on the main office to allow incoming traffic solved 99% of the problem -- for example, hosts on both sides can ping, telnet, HTTP each other with no problems. However, VoIP remains elusive. A phone (Aastra 480i) on the remote LAN can call a phone on the main office network (and vice versa) -- the phone receiving the call rings but when answered there is no audio received from the remote location.... in other words,
Brian at the remote location calls Michael at the main office -- Brian can hear Michael but Michael can't hear Brian. This is the behaviour regardless of who originates the call....
Any thoughts?
Michael.
Correcting the firewall rules on the main office to allow incoming traffic solved 99% of the problem -- for example, hosts on both sides can ping, telnet, HTTP each other with no problems. However, VoIP remains elusive. A phone (Aastra 480i) on the remote LAN can call a phone on the main office network (and vice versa) -- the phone receiving the call rings but when answered there is no audio received from the remote location.... in other words,
Brian at the remote location calls Michael at the main office -- Brian can hear Michael but Michael can't hear Brian. This is the behaviour regardless of who originates the call....
Any thoughts?
Michael.
Please Log in or Create an account to join the conversation.
- sicon
- Offline
- Contributor
Less
More
- Posts: 642
- Thank you received: 0
20 Dec 2013 16:12 #78562
by sicon
Replied by sicon on topic Re: 2920-->2920 LAN-2-LAN VPN - conflicting instructions
isn't that to do with the UDP ports if voice is only 1 way although the VPN should pass all services ports.
Is there any QOS set up on the UDP voip ports?
Is there any QOS set up on the UDP voip ports?
Please Log in or Create an account to join the conversation.
- tracefirst
- Topic Author
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
06 Jan 2014 18:46 #78664
by tracefirst
Replied by tracefirst on topic Re: 2920-->2920 LAN-2-LAN VPN - conflicting instructions
Hi
it turned out to be that the LAN-to-LAN VPN profile needed to be set to "NAT" in the "From first subnet to remote network" -- it was previously set to "route"
Thanks
Michael
it turned out to be that the LAN-to-LAN VPN profile needed to be set to "NAT" in the "From first subnet to remote network" -- it was previously set to "route"
Thanks
Michael
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek