|
Vigor Router settings
Fill Profile Name and enable this profile. Name of profile
should match Security Association created on Router 1.
Set Call Direction to "Both".
Fill Username and Password for dial-in user and select dial-in
type "IPSec Tunnel" in Dial-in Setting. Again username
is the name of the Remote Gateway defined in Watchguard Firebox.
Configure TCP/IP Network Setting as followings:
My WAN IP 0.0.0.0 (Don't care at this point)
Remote Gateway IP 0.0.0.0 (Don't care at this point)
Remote Network IP 192.168.6.0
Remote Network Mask 255.255.255.0
Set "For NAT operation, treat remote sub-net as"
to "Private IP"
Set RIP direction to disabled.
Setup IKE/IPSec parameters in Advanced Set-up
-› IKE/IPSec Set-up page.
Select Allowed Security Method. Enable "High" and
select "3DES with Authentication" that means you
only allow ESP protocol (3DES encryption with MD5 or SHA1
authentication). Disable, don't select the Medium (AH) option.
Note: If you leave Pre-shared Key to blank in Dial-in set-up,
he dial-in function will be disabled. Also if all the security
methods (Medium and High) are not selected, the dial-in function
will be disable.
DrayTek Vigor Settings (Dial Out)
Fill Username and Password for dial-out. Once again Username
is the name of the Remote Gateway created on Watchguard Direbox.
Enter the Server IP address. This is the WAN IP address of
the Watchguard Firebox.
Select "IPSEC Tunnel" for dial-out type with IPSec
policy High (ESP) (3DES or DES with authentication)
Configure TCP/IP Network Setting as followings:
My WAN IP 0.0.0.0 (Don't care at this point)
Remote Gateway IP 0.0.0.0 (Don't care at this point)
Remote Network IP 192.168.6.0
Remote Network Mask 255.255.255.0
Set "For NAT operation, treat remote sub-net as"
to "Private IP"
Set RIP direction to disabled.
Fill in Pre-shared Key for IKE authentication in Dial-out
Set-up, for example "abc123".
Note: If you leave Pre-shared Key to blank in Dial-out set-up,
the dial-out function will be disabled.
Testing
Once all the above is configured. Use the PING command from
a PC at the local office or home connected to the Vigor network
to PING the local LAN IP address of the WG Firebox.
e.g. PING 192.168.6.252.
Pinging 192.168.6.252 with 32 bytes of data:
Reply from 192.168.6.252: bytes=32 time=1ms TTL=64
Reply from 192.168.6.252: bytes=32 time<10ms TTL=64
Reply from 192.168.6.252: bytes=32 time<10ms TTL=64
Reply from 192.168.6.252: bytes=32 time<10ms TTL=64
Ping statistics for 192.168.6.252:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
A normal response to PING should be received:
Checking the VPN status on the DrayTek route should display
something like this (Although IP address may vary).
Once these connection is active all local IP addresses on
the 192.168.1.xx network will be available from the 192.168.6.xx
network, file can be transfer or access. |
|
|
Page last modified : 13 October 2008 |