Knowledgebase: Vigor3900
Configuring IPsec LAN-to-LAN VPN Tunnel between Vigor 2860 and Vigor 3900 Routers using Aggressive Mode
Posted by Paul Ang on 24 June 2016 04:23 PM

In this document, we will show you how to create an IPsec LAN to LAN VPN tunnel between a Vigor2860 and a Vigor3900 using Aggressive Mode. We will use the following network topology.

Configuring Vigor 2860

     1. Connect to the router.

         a. Use your internet browser to login to the router web interface.

         b. The default IP address for the router is 192.168.21.1

         c. Default username and password are:

                 Username: admin

                 Password: admin

      2. Check that the router connected to the internet by looking at the router dashboard page.

      3. Go to VPN and Remote Access>>LAN to LAN configuration menu.

      4. Select the first available index to start the configuration.

      5. Create your IPsec VPN Profile.

          a. Enter a profile name.

          b. Select (Enable this profile) and Dial-in.

          c. Under Dial-in settings, select IPsec Tunnel and Specify Remote VPN Gateway.

          d. Select IKE Pre-Shared Key and then enter your chosen Pre-share Key then click OK.

          e. Enter your chosen Peer ID.

          f. Enter the Remote Network IP (IP address xxxx), which is the local LAN IP address of the Vigor 3900 router.

          g. Click OK to save your settings.

Configuring Vigor 3900

     1. Connect to the router

         a. Use your internet browser to login to the router web interface.

         b. The default IP address of the router is 192.168.1.1

         c. Default username and password are:

               Username: admin

               Password: admin

      2. Verify that the WAN or Internet connection is up.

      3. Go to VPN and Remote Access>>VPN Profiles.

      4. Create your IPsec VPN Profile.

          a. In the VPN Profiles page, select IPsec tab and click (Add).

          b. Enter a Profile name and select enable.

          c. Enable Auto dial-out and select Always dial-out.

          d. Select the interface the VPN tunnel is going to use (e.g. WAN2).

          e. Enter Local IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 3900 router.

          f. Enter Local Next Hop; this is the local IP address of your Vigor 2860.

          g. Enter Remote Host; this is your WAN/Public IP address of your Vigor 2860.

          h. Enter Remote IP/Subnet Mask; this is the local IP address/Subnet Mask of your Vigor 2860 router.       

          i. Select (Aggressive mode) under IKE Phase 1, (PSK) for Auth Type, and enter the same Pre-share key that you used for Vigor 2860 router.

          j. Enter Local ID that is the same as the Peer ID of Vigor 2860 and for Security Protocol select (ESP).

          k. Click (Apply)

Test that the LAN-to-LAN connection has been established

Check that the VPN tunnel between the two routers has been established:

     1. In the Vigor 3900 router go to VPN and Remote Access >>Connection Management menu. The VPN connection status will indicate that

         you are now connected.

     2. Perform the same check in the Vigor 2860.

     3. Use PING command to test VPN connection.

 

(5 vote(s))
Helpful
Not helpful

Comments (0)