Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Draytek Config

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 4

VPN and Remote Access >> Remote Access Control Setup

Remote Access Control Setup




Enable PPTP VPN Service


Enable IPSec VPN Service


Enable L2TP VPN Service





Note: If you intend running a VPN server inside your LAN, you should uncheck the appropriate protocol
above to allow pass-through, as well as the appropriate NAT settings.

VPN and Remote Access >> PPP General Setup


PPP General Setup
PPP/MP Protocol
Dial-In PPP
Authentication
PAP or CHAP

Dial-In PPP
Encryption(MPPE)
Optional MPPE

Mutual Authentication (PAP) Yes No
Username

Password


IP Address Assignment for Dial-In Users
(When DHCP Disable set)

Assigned IP start
LAN 1
192.168.1.200


LAN 2
192.168.2.200


LAN 3
192.168.3.200


LAN 4
192.168.4.200


VPN and Remote Access >> IPSec General Setup


VPN IKE/IPSec General Setup
Dial-in Set up for Remote Dial-in users and Dynamic IP Client (LAN to LAN).
IKE Authentication Method
Pre-Shared Key

Confirm Pre-Shared Key

IPSec Security Method

Medium (AH)

Data will be authentic, but will not be encrypted.
High (ESP) DES 3DES AES
Data will be encrypted and authentic.







VPN and Remote Access >> IPSec Peer Identity

1230

Profile Index : 1
Profile Name
CSL

Enable this account

Accept Any Peer ID

Accept Subject Alternative Name
Type
IP Address

IP
1.1.1.1


Accept Subject Name
Country (C)

State (ST)

Location (L)

Orginization (O)

Orginization Unit (OU)

Common Name (CN)

Email (E)




VPN and Remote Access >> Remote Dial-in User


Index No. 1
User account and Authentication
Enable this account
Idle Timeout
300
second(s)

Allowed Dial-In Type

PPTP
IPSec Tunnel
L2TP with IPSec Policy
None


Specify Remote Node
Remote Client IP or Peer ISDN Number
1.1.1.1

or Peer ID
Netbios Naming Packet
Pass Block
Username
???

Password

Enable Mobile One-Time Passwords(mOTP)
PIN Code

Secret


IKE Authentication Method
Pre-Shared Key

********

Digital Signature(X.509)
None


IPSec Security Method
Medium(AH)
Multicast via VPN
Pass Block
(for some IGMP,IP-Camera,DHCP Relay..etc.)

Subnet
LAN 1

Assign Static IP Address
0.0.0.0


High(ESP) DES 3DES AES
Local ID (optional)




VPN and Remote Access >> LAN to LAN



Profile Index : 1
1. Common Settings
Profile Name
CSL

Enable this profile

VPN Dial-Out Through
WAN1 Only

Netbios Naming Packet Pass Block
Multicast via VPN Pass Block
(for some IGMP,IP-Camera,DHCP Relay..etc.)
Call Direction Both Dial-Out Dial-in
Always on
Idle Timeout
0
second(s)
Enable PING to keep alive
PING to the IP
172.16.16.254


2. Dial-Out Settings
Type of Server I am calling
PPTP
IPSec Tunnel
L2TP with IPSec Policy
None



Server IP/Host Name for VPN.
(such as draytek.com or 123.45.67.89)
1.1.1.1


Username

Password

PPP Authentication
PAP/CHAP

VJ Compression
On Off

IKE Authentication Method
Pre-Shared Key

**********

Digital Signature(X.509)
Peer ID
None

Local ID
Alternative Subject Name First
Subject Name First

IPSec Security Method
Medium(AH)
High(ESP)
AES with Authentication


Index(1-15) in Schedule Setup:
, , ,
3. Dial-In Settings
Allowed Dial-In Type
PPTP
IPSec Tunnel
L2TP with IPSec Policy
None



Specify Remote VPN Gateway

Peer VPN Server IP

1.1.1.1

or Peer ID

Username
???

Password

VJ Compression
On Off

IKE Authentication Method
Pre-Shared Key

*********

Digital Signature(X.509)
None

Local ID
Alternative Subject Name First
Subject Name First

IPSec Security Method
Medium(AH)
High(ESP) DES 3DES AES
Enable IPSec Dial-Out function GRE over IPSec
Logical Traffic My GRE IP Peer GRE IP
4. TCP/IP Network Settings
My WAN IP
2.2.2.2

Remote Gateway IP
1.1.1.1

Remote Network IP
172.16.16.0

Remote Network Mask
255.255.240.0

Local Network IP
192.168.1.1

Local Network Mask
255.255.255.0


RIP Direction
Disable

From first subnet to remote network, you have to do

Route


Change default route to this VPN tunnel ( Only
single WAN supports this )

You might also like