DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

VPN to VPN on 2925

  • andymorton
  • Topic Author
  • Offline
  • New Member
  • New Member
More
08 Mar 2015 22:35 #82886 by andymorton
VPN to VPN on 2925 was created by andymorton
Hi.

Is it possible to connect to the router via a VPN, and then communicate to a LAN than is connected via the Lan2Lan connection?

For example, client A connects in, then client B connects via a Lan2Lan connection.

Can client A see machines on client B's network?

Is it just a matter of setting a route on client A's machine? Or does the router even support this?

Regards,
Andrew

Please Log in or Create an account to join the conversation.

More
09 Mar 2015 10:29 #82889 by admin
Replied by admin on topic Re: VPN to VPN on 2925
If you're dialling in as a teleworker, then yes, because your allocated IP address is on the host's subnet.

If it's two LAN-to-LANs then I think you can but settings are needed.



Forum Administrator

Please Log in or Create an account to join the conversation.

More
28 Apr 2015 16:30 #83288 by gerry bulger
Replied by gerry bulger on topic Re: VPN to VPN on 2925
What are those stings LAN to LAN!

Please Log in or Create an account to join the conversation.

More
29 Apr 2015 11:29 #83300 by oscar_alfonso
Replied by oscar_alfonso on topic Re: VPN to VPN on 2925
I have a 2960 as a dial in to remote dial in users. That 2960 has a lan2lan ipsec tunnel with a draytek 3200 (dial-out), and my remote dial-in users (they connect to 2960) can access to the lan of the 3200 without problems... my config:

2960 lan config:
network subnet: 192.168.1.0/24
draytek 2960 lan ip: 192.168.1.150/24

3200 lan config:
network subnet: 10.0.0.0/24
draytek 3200 lan ip: 10.0.0.100/24

You must set all vpn parameters (ike phase protocols and negotiations) with the same options at both drayteks... mine has:
ike phase 1: main mode
Preshared key: ***** (it must be the same of course)
Security protocol: esp
ike phase 2: 3DES with auth
Perfect forward secrecy status: disable
route/nat mode: route

You must set as remote host the public ip of the other draytek.
Don't use gre config. That's for vpn trunking.
Set your local ip/subnet with the right data and the same with the remote ip/subnet. In my case:
In 2960 (dial in) -> local ip/subnet 192.168.1.0/24 and remote ip/subnet 10.0.0.0/24
In 3200 (dial out) -> local ip/subnet 10.0.0.0/24 and remote ip/subnet 192.168.1.0/24

Voilá... you don't need to set static routes because the draytek's route table has the other lan subnet range.

Hope it helps.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami