IPsec VPN between a DrayOS router and a Vigor3900/Vigor2960

This article demonstrates LAN-to-LAN IPsec VPN between a DrayOS router and Vigor3900/2960. The network topology is shown below. We separate this article into two parts, to demonstrate how to establish the IPsec VPN connection between a DrayOS Router and Vigor3900/2960 when using one of them as VPN server respectively.

Part A: Take DrayOS Router as the VPN server

DrayOS Dial-In settings

1. Make sure the IPsec service is enabled in VPN and Remote Access >> Remote Access Control page.

a screenshot of DrayOS Remote Access Control setup

2. Go to VPN and Remote Access Control >> IPsec General Setup, enter Pre-Shared Key. Then, click OK to save.

a screenshot of DrayOS IPsec general setup

3. Go to VPN and Remote Access Control >> LAN to LAN and click an available index. In Common Settings:

  1. Give a Profile Name
  2. Enable this profile
  3. Select "Dial-in" for Call Direction
a screenshot of DrayOS LAN-to-LAN VPN profile

4. In Dial-In Settings, allow IPsec dial-in

a screenshot of DrayOS LAN-to-LAN VPN profile

5. In TCP/IP Network Settings, enter Vigor3900's LAN in Remote Network IP/Mask. Then, click OK to save.

a screenshot of DrayOS LAN-to-LAN VPN profile
Vigor3900 Dial-out Settings

6. Go to VPN and Remote Access >> VPN Profiles, and click Add in the IPsec tab

  1. Give Profile name and Enable the profile
  2. Select the WAN interface used to dial out
  3. Enter Vigor3900's LAN in Local IP/Subnet Mask
  4. Enter the DrayOS router's WAN IP or domain name in Server IP/Host Name
  5. Enter the DrayOS Router's LAN in Remote IP/Subnet Mask
  6. Enter Preshared Key as the same as the one set in step 2.
  7. Click Apply
a screenshot of Vigor3900 IPsec VPN profile

Now we can go to VPN and Remote Access >> Connection Management to dial the VPN.

a screenshot of Vigor3900 VPN Connection Management

After VPN is connected successfully, we can see the status below.

a screenshot of Vigor3900 VPN Online Status

Part B: Take Vigor3900 as VPN server

Vigor3900 Dial-in Settings

1. Make sure the IPsec service is enabled in VPN and Remote Access >> Remote Access Control page.

a screenshot of Vigor3900 VPN Remote Access Control

2. Go to VPN and Remote Access >> IPsec General Setup, enter Preshared key and click Apply.

a screenshot of Vigor3900 IPsec General Setup

3. Go to VPN and Remote Access >> VPN Profiles, and click Add in the IPsec tab,

  1. Give Profile Name and Enable the profile
  2. Enter the Vigor3900's LAN in Local IP/Subnet Mask
  3. Enter the DrayOS Router's LAN in Remote IP/Subnet Mask
  4. Click Apply
a screenshot of Vigor3900 IPsec VPN proflle
DrayOS Router Dial-Out Settings

4. Go to VPN and Remote Access Control >> LAN to LAN and click an available index

  1. In Common Settings, give a Profile Name
  2. Enable this profile
  3. Select Dial-out for Call Direction
  4. In Dial-Out settings, select IPsec as dial-out type
  5. Enter Vigor3900's WAN IP or domain name in Server IP/Host Name
  6. Enter Pre-Shared Key as the same as in step 2.
  7. Select ESP(High), AES with Authentication for IPSec Security Method
a screenshot of DrayOS LAN-to-LAN VPN profile

5. In TCP/IP Network Settings, enter Vigor3900's LAN in Remote Network IP/Mask. Then click OK to save

a screenshot of DrayOS LAN-to-LAN VPN profile

Now we can go to VPN and Remote Access >> Connection Management to dial the VPN.

a screenshot of DrayOS Connection Management

After VPN is connected successfully, we can see the status below.

a screenshot of DrayOS VPN Online Status

Published On: Jun 06, 2017 

Was this helpful?     


Related Articles