This article introduces how to set up an IPsec Tunnel in Main Mode between two Vigor Routers when the VPN client uses a dynamic public IP address. When VPN client which is behind NAT, please use IPsec VPN in Aggressive mode instead.
1. Go to VPN and Remote Access >>IPsec General Setup page and configure the General IPsec Pre-Shared Key. The Pre-Shared Key configured here will be used for authenticating all IPsec Main mode VPN clients which use dynamic IP addresses.
2. Create a VPN LAN to LAN profile for the peer VPN client router via VPN and Remote Access >> LAN to LAN, click on an available index to add a new profile.
3. Edit the profile as follows:
1. Similarly, create a profile at VPN and Remote Access >> LAN to LAN
After finishing the above configurations, VPN Client shall dial up the IPsec tunnel automatically. We can check the VPN status via VPN and Remote Access >> Connection Management page.
1. Go to VPN and Remote Access >> IPsec General Setup page, enter the Preshared Key and select the WAN Profile that the VPN client will dial in from. The Preshared Key configured here will be used for authenticating all the IPsec main mode clients which use dynamic IP addresses. In other words, when there are more than one VPN clients, they need to use the same IPsec Preshared Key as what VPN server configured here.
2. Go to VPN and Remote Access >> VPN Profile >> IPsec click Add to add a new profile:
1. Go to VPN and Remote Access >> VPN Profile >> IPsec click Add to add a new profile:
After finishing the above configurations, VPN Client shall dial up the IPsec tunnel automatically. We may check the VPN status via VPN and Remote Access >> Connection Management page.
Published On: 2016-05-18
Was this helpful?