Knowledgebase: VPN and Remote Access
LAN to LAN IPSec VPN between Vigor2130 and Vigor2820 using Aggressive mode
Posted by on 14 February 2012 05:18 PM

In this document we will introduce how to create a LAN to LAN IPSec VPN between Vigor2130and a Vigor2820 using Aggressive mode. We use the following scenario.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_71.JPG

Case 1: VPN direction from Vigor2130 to Vigor2820

VPN configuration on Vigor2130

1. Create a LAN-to-LAN profile.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_72.JPG

2. Enable it and give it a name. In this example the profile name is “Demo”.

3. Enter Vigor2820’s WAN IP address in the Remote IP field.

4. Select Aggressive Mode as IKE phase 1 mode.

5. Setup a pre-shared key, which must be the same as in Vigor2820.

6. Setup the Local Identity and Remote Identity, which are for Vigor2130 and Vigor2820respectively.During IPSec Aggressive mode negotiation, the VPN client must send its identity to theVPN server for verification. The VPN client may also verify the identity of the VPN server,which is optional. In this example we setup ‘vigor2130’ as the identity of Vigor2130, and‘vigor2820’ as the identity of Vigor2820.

7. Enter Vigor2130’s private network in the Local Network / Mask field. Enter Vigor2820’sprivate network in the Remote Network / Mask field.

8. Use default value “Automatic” for IKE phase 1 and phase 2 proposals.

9. Click OK.

10. Accessing the VPN network of Vigor2820 from a PC behind Vigor2130 to initiate the VPNconnection, for example, ping 192.168.1.x from a PC (192.168.30.x). Vigor2130 will betriggered to dial the IPSec VPN to Vigor2820. After the VPN is connected, you can monitorthe status.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_73.JPG

 

 

 

VPN configuration on Vigor2820

1. Create a LAN-to-LAN profile.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_74.JPG

 

2. Enable it and give it a name. In this example the profile name is “test”.

3. Select Dial-in as Call Direction.

4. In Dial-Out Settings part, select IPSec Tunnel and press the Advanced button.

5. In the pop-up window please enter vigor2820 in the Local ID field. Click OK to return tothe profile setting page.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_75.JPG

6. In Dial-In Settings part, please enable Specify Remote VPN Gateway and entervigor2130 in the Peer ID field.

7. Setup a pre-shared key, which must be the same as in Vigor2130.

8. Enter Vigor 2130’s private network in the Remote Network IP / Mask field.

9. Click OK.

Note: Vigor2130 supports the following proposals by default.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_76.JPG

Case 2: VPN direction from Vigor 2820 to Vigor 2130

VPN configuration on Vigor 2130

1. Create a LAN-to-LAN profile.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_76.JPGhttp://www.draycare.com.au/dfaq/image/VPN/20/vpn_77.JPG


2. Enable it and give it a name. In this example the profile name is “Demo”.

3. Enter 0.0.0.0 in the Remote IP field.

4. Select Aggressive Mode as IKE phase 1 mode.

5. Setup a pre-shared key, which must be the same as in Vigor2820.

6. Setup the Local Identity and Remote Identity, which are for Vigor2130 and Vigor2820respectively.During IPSec Aggressive mode negotiation, the VPN client must send its identity to theVPN server for verification. The VPN client may also verify the identity of the VPN server,which is optional. As VPN client Vigor2820 don’t verify the identity of VPN server. So inthis example we just setup ‘vigor2820’ as the identity of Vigor2820.

7. Enter Vigor2130’s private network in the Local Network / Mask field.

8. Enter Vigor2820’s private network in the Remote Network / Mask field.

9. Use default value “Automatic” for IKE phase 1 and phase 2 proposals.

10. After the VPN is connected, you can monitor the status.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_78.JPG

 

 

VPN configuration on Vigor2820

1. Create a LAN-to-LAN profile.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_79.JPG

2. Enable it and give it a name. In this example the profile name is “test”.

3. Select Dial-Out as Call Direction and enable Always on.

4. Select IPSec Tunnel and enter Vigor2130’s WAN IP address in the Server IP/Host Namefor VPN field.

5. Setup a pre-shared key, which must be the same as in Vigor2130.

6. Select ESP (High) and 3DES with Authentication.

7. Press the Advanced button.

http://www.draycare.com.au/dfaq/image/VPN/20/vpn_80.JPG

8. In the pop-up window, please select Aggressive mode and select “DES_MD5_G2/DES_SHA1_G2/3DES_MD5_G2/3DES_SHA1_G2” as IKE phase 1 proposal. Entervigor2820 in the Local ID field. Click OK to return to the profile setting page.

9. Enter Vigor2130’s private network in the Remote Network IP / Mask field.

10. Click OK.

(1 vote(s))
Helpful
Not helpful

Comments (0)