HomeHome ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Request New ArticleRequest New Article
RSS Feeds
DrillDown Icon Table of Contents Back
 . . . . . . . . . . . . .
DrillDown Icon Version 9.x
DrillDown Icon How To
DrillDown Icon Anti Spam
DrillDown Icon Anti Virus
DrillDown Icon Authentication
DrillDown Icon Blocking
DrillDown Icon Clients
DrillDown Icon Content filtering
DrillDown Icon Firewall
DrillDown Icon IPS
DrillDown Icon Logs & Reports
DrillDown Icon SNMP
DrillDown Icon System
DrillDown Icon Registration
DrillDown Icon User
DrillDown Icon VPN
DrillDown Icon Configure SSL VPN in Cyberoam
DrillDown Icon Configure MS Windows Vista Client for PPTP connection
DrillDown Icon VPN Interoperability
DrillDown Icon Establish IPSec VPN using Vigor Draytek ADSL
DrillDown Icon Establish Net-to-Net IPSec VPN Connection between Cyberoam and Cisco Router using Preshared key
DrillDown Icon Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
DrillDown Icon Establish VPN Tunnel between Cyberoam and Checkpoint using Preshared key
DrillDown Icon Cyberoam to D Link (DI 808HV) IPSec VPN using preshared key
DrillDown Icon Cyberoam to Firebox (WatchGuard) IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Sonicwall IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Cisco PIX IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Sonicwall IPSec VPN using Certificate
DrillDown Icon VPN Failover
DrillDown Icon Check VPN connection routes
DrillDown Icon Configure L2TP
DrillDown Icon Cyberoam to Cyberoam (Net-to-Net) IPSec VPN using Preshared key
DrillDown Icon Cyberoam to Cyberoam (Net-to-Net) IPSec VPN using Certificate
DrillDown Icon Cyberoam to Cyberoam (Net-to-Net) IPSec VPN when peers have Dynamic IP address
DrillDown Icon Cyberoam VPN Client to Cyberoam IPSec VPN for the remote access using preshared key
DrillDown Icon Cyberoam VPN Client to Cyberoam IPSec VPN for remote access using Digital Certificates
DrillDown Icon Configure MS Windows XP VPN Client for L2TP connection
DrillDown Icon Configure Cyberoam as a PPTP server
DrillDown Icon Configure Cyberoam to establish PPTP connection using MS Windows XP VPN Client
DrillDown Icon Configure MS Windows 2000 Client for PPTP connection
DrillDown Icon Create Hub and Spoke IPSec VPN Network
DrillDown Icon Intimation Regarding US New Daylight Saving Time Support
DrillDown Icon Verify the integrity check of Cyberoam Upgrade file using MD5 checksum
DrillDown Icon Troubleshooting
DrillDown Icon FAQ
DrillDown Icon Tech Notes
  Subscribe Print PreviewPrint Current Article and All Sub-Articles
 
Establish IPSec VPN using Vigor Draytek ADSL

This article describes a detailed configuration example that demonstrates how to set up a net-to-net IPSec VPN connection between Cyberoam and Vigor Draytek ADSL using preshared key to authenticate VPN peers.

Throughout the article we will use the network parameters as shown in the diagram below.

 


Configuration Parameters

Site1 (Gateway-A)

Site2 (Gateway-B)

IPSec Connection

Local Network details

Local Network details

Cyberoam WAN IP address – 14.15.16.17

Draytek WAN IP address – 22.23.24.25

Local Internal Network – 10.5.6.0/24

Local Internal Network – 172.23.0.24

Preshared Key - 0123456789

Preshared Key - 0123456789



Remote Network details

Remote Network details

Remote VPN server – IP address 22.23.24.25

Remote VPN server – IP address 14.15.16.17

Remote Internal Network – 172.23.9.0/24

Remote Internal Network – 10.5.6.0/24

 


















Note:
If same subnets are configured at Draytek and Cyberoam then connection will not be established
Step by Step Configuration Draytek ADSL

Step 1:

§         Go to  VPN and Remote Accessà Remote Access Control

§         To allow the VPN traffic through routers, enable services as per following screen: 

 

Step 2:

§         Go to VPN and Remote AccessàLAN to LAN

§         Choose an unused profile, e.g. 1. and click Next to continue.

§         The status of unused profile will be “x”



Step 3:

Section 1: Common Settings

  • Enter a Profile Name and enable the profile
  • As Draytek router will always initiate the VPN connection, for Call Direction click “Dial-Out” and click “Always on” to enable always on VPN tunnel.

Section 2: Dial- Out Settings

§         Under Type of Server I am calling, click “IPSec Tunnel” and enter WAN IP address of Cyberoam i.e. 14.15.16.17 as Server IP/Host Name

§         Under IKE Authentication Method, click “Pre-Shared Key” and enter Pre-Shared Key

§         Under IPSec Security Method, click “High (ESP)”

§         Click “Advanced” button


In Advanced settings enter parameters as follows:
    • IKE phase 1 mode: Main mode
    • IKE phase 1 proposal: 3DES_MD5_G2
    • IKE phase 2 proposal: 3DES_MD5
    • IKE phase 1 key lifetime: 28800
    • IKE phase 2 key lifetime: 3600
    • Perfect Forward Secret: Disable

Section 3: Dial- in Settings:

  • No configuration is required in this section

Section 4: TCP/ IP Network Settings

  • Enter following parameters
    • Remote Network IP – 10.5.6.0 (Cyberoam’s internal network IP)
    • Remote Network Mask - 255.255.255.0
  • Do not change the default setting of any other parameters.
  • Click “OK” button

Step by Step Configuration Cyberoam

Step 4: Create VPN Policy

  • Go to VPNàPolicyà Create Policy and create VPN Policy with following values:
    • Policy Name: Draytek
    • Using Template: None
    • Keying Method: Automatic
    • Allow Re-keying: Yes
    • Key Negotiation Tries: 3
    • Authentication Mode: Main Mode
    • Perfect Forward Secrecy (PFS): No

Phase 1

    • Encryption Algorithm: 3DES       Authentication Algorithm: MD5
    • DH Group (Key Group): 2 (DH1024)
    • Key life: 28800 sec

Phase 2

    • Encryption Algorithm: 3DES       Authentication Algorithm: MD5
    • DH Group (Key Group): 2 (DH1024)
    • Key life: 3600 sec

Step 5: Create VPN Connection

  • Go to VPN à IPSec Connection à Create Connection and specify parameters as follows:
    • Connection name: Draytek
    • Policy: Draytek
    • Action on restart: Active
    • Mode: Tunnel
    • Connection Type: Net to Net
    • Authentication Type – Preshared Key
    • Preshared Key: 0123456789
    • Local server IP address (WAN IP address) – 14.15.16.17
    • Local Internal Network – 10.5.6.0/24
    • Remote server IP address (WAN IP address) –22.23.24.25
    • Remote Internal Network –172.23.9.0/24
    • User Authentication Mode: Disabled
    • Protocol: All

Step 6:

  • At Draytek site select Connection Management from VPN and Remote Access menu.
  • Under Dial-out Tool, select Cyberoam’s public IP from the dropdown and click “Dial” button to initiate the connection.


Step 7:

  • At Cyberoam site,   under the Connection status indicates that the connection is successfully activated

                                                                                    Document version:1.0-19/02/2009

Attachments
Article ID: 1227