View
51
Download
4
Category
Preview:
DESCRIPTION
How to - Establish IPSec VPN Using Vigor Draytek ADSL
Citation preview
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
This article describes a detailed configuration example that demonstrates how to set up a net-to-net IPSec VPN connection between Cyberoam and Vigor Draytek ADSL using preshared key to authenticate VPN peers. Throughout the article we will use the network parameters as shown in the diagram below.
Configuration Parameters Cyberoam Draytek
Local Network details Local Network details WAN IP address – 14.15.16.17 WAN IP address – 22.23.24.25 Local Internal Network – 10.5.6.0/24
Local Internal Network – 172.23.0.24
Preshared Key - 0123456789 Preshared Key - 0123456789 Remote Network details Remote Network details Remote VPN server – IP address 22.23.24.25
Remote VPN server – IP address 14.15.16.17
IPSec Connection
Remote Internal Network – 172.23.9.0/24
Remote Internal Network – 10.5.6.0/24
Note: If same subnets are configured at Draytek and Cyberoam then connection will not be established
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
Step by Step Configuration Draytek ADSL Step 1:
Go to VPN and Remote Access Remote Access Control To allow the VPN traffic through routers, enable services as per following screen:
Step 2:
Go to VPN and Remote Access LAN to LAN Choose an unused profile, e.g. 1. and click Next to continue. The status of unused profile will be “x”
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
Step 3: Section 1: Common Settings
Enter a Profile Name and enable the profile As Draytek router will always initiate the VPN connection, for Call Direction click “Dial-
Out” and click “Always on” to enable always on VPN tunnel.
Section 2: Dial- Out Settings
Under Type of Server I am calling, click “IPSec Tunnel” and enter WAN IP address of Cyberoam i.e. 14.15.16.17 as Server IP/Host Name
Under IKE Authentication Method, click “Pre-Shared Key” and enter Pre-Shared Key Under IPSec Security Method, click “High (ESP)” Click “Advanced” button
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
In Advanced settings enter parameters as follows: o IKE phase 1 mode: Main mode o IKE phase 1 proposal: 3DES_MD5_G2 o IKE phase 2 proposal: 3DES_MD5 o IKE phase 1 key lifetime: 28800 o IKE phase 2 key lifetime: 3600 o Perfect Forward Secret: Disable
Section 3: Dial- in Settings:
No configuration is required in this section
Section 4: TCP/ IP Network Settings
Enter following parameters o Remote Network IP – 14.15.16.17 – Cyberoam’s internal network IP o Remote Network Mask - 255.255.255.0
Do not change the default setting of any other parameters. Click “OK” button
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
Step by Step Configuration Cyberoam Step 4: Create VPN Policy
Go to VPN Policy Create Policy and create VPN Policy with following values: o Policy Name: Draytek o Using Template: None o Keying Method: Automatic o Allow Re-keying: Yes o Key Negotiation Tries: 3 o Authentication Mode: Main Mode o Perfect Forward Secrecy (PFS): No
Phase 1 o Encryption Algorithm: 3DES Authentication Algorithm: MD5 o DH Group (Key Group): 2 (DH1024) o Key life: 28800 sec Phase 2 o Encryption Algorithm: 3DES Authentication Algorithm: MD5 o DH Group (Key Group): 2 (DH1024) o Key life: 3600 sec
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
Step 5: Create VPN Connection
Go to VPN IPSec Connection Create Connection and specify parameters as follows:
o Connection name: Draytek o Policy: Draytek o Action on restart: Active o Mode: Tunnel o Connection Type: Net to Net o Authentication Type – Preshared Key o Preshared Key: 0123456789 o Local server IP address (WAN IP address) – 14.15.16.17 o Local Internal Network – 10.5.6.0/24 o Remote server IP address (WAN IP address) –22.23.24.25 o Remote Internal Network –172.23.9.0/24 o User Authentication Mode: Disabled o Protocol: All
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
Step 6: At Draytek site select Connection Management from VPN and Remote Access menu. Under Dial-out Tool, select Cyberoam’s public IP from the dropdown and click “Dial”
button to initiate the connection.
How To – Establish IPSec VPN Connection between Cyberoam and Vigor Draytek ADSL
Step 7: At Cyberoam site, under the Connection status indicates that the connection is
successfully activated
Document version:1.0-19/02/2009
Recommended