DrayTek Vigor2860Vn-plus Router Manual PDF (Setup & Configuration Guide)

Page 301 / 794 Scroll up to view Page 296 - 300

Vigor2860 Series User’s Guide

287

VPN connection becomes one pure L2TP

connection.



Must -

Specify the IPsec policy to be definitely

applied on the L2TP connection.

SSL Tunnel –

Allow the remote dial-in user to make an

SSL VPN connection through Internet.

Specify Remote Node -

You can specify the IP address of

the remote dial-in user, ISDN number or peer ID (used in

IKE aggressive mode).

Uncheck the checkbox

means the connection type you

select above will apply the authentication methods and

security methods in the

general settings

.

Netbios Naming Packet -



Pass

– Click it to have an inquiry for data

transmission between the hosts located on both sides

of VPN Tunnel while connecting.



Block

– When there is conflict occurred between the

hosts on both sides of VPN Tunnel in connecting,

such function can block data transmission of Netbios

Naming Packet inside the tunnel.

Multicast via VPN

- Some programs might send multicast

packets via VPN connection.



Pass

– Click this button to let multicast packets pass

through the router.



Block

– This is default setting. Click this button to let

multicast packets be blocked by the router.

User Name

- This field is applicable when you select PPTP

or L2TP with or without IPsec policy above. The length of

the name is limited to 23 characters.

Password

- This field is applicable when you select PPTP

or L2TP with or without IPsec policy above. The length of

the password is limited to 19 characters.

Enable Mobile One-Time Passwords (mOTP) -

Check

this box to make the authentication with mOTP function.

PIN Code

– Type the code for authentication (e.g, 1234).

Secret

– Use the 32 digit-secret number generated by

mOTP in the mobile phone (e.g., e759bb6f0e94c7ab4fe6).

Subnet

Chose one of the subnet selections for such VPN profile.

Assign Static IP Address –

Please type a static IP address

for the subnet you specified.

IKE Authentication

Method

This group of fields is applicable for IPsec Tunnels and

L2TP with IPsec Policy when you specify the IP address of

the remote node. The only exception is Digital Signature

(X.509) can be set when you select IPsec tunnel either with

or without specifying the IP address of the remote node.

Pre-Shared Key -

Check the box of Pre-Shared Key to

invoke this function and type in the required characters

(1-63) as the pre-shared key.

Page 302 / 794

Vigor2860 Series User’s Guide

288

Digital Signature (X.509) –

Check the box of Digital

Signature to invoke this function and Select one predefined

Profiles set in the

VPN and

Remote Access >>IPsec Peer

Identity.

IPsec Security Method

This group of fields is a must for IPsec Tunnels and L2TP

with IPsec Policy when you specify the remote node. Check

the Medium, DES, 3DES or AES box as the security

method.

Medium-Authentication Header (AH)

means data will be

authenticated, but not be encrypted. By default, this option

is invoked. You can uncheck it to disable it.

High-Encapsulating Security Payload (ESP)

means

payload (data) will be encrypted and authenticated. You

may select encryption algorithm from Data Encryption

Standard (DES), Triple DES (3DES), and AES.

Local ID (Optional)-

Specify a local ID to be used for

Dial-in setting in the LAN-to-LAN Profile setup. This item

is optional and can be used only in IKE aggressive mode.

After finishing all the settings here, please click

OK

to save the configuration.

3.11.6 LAN to LAN

Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles.

You may set parameters including specified connection direction (dial-in or dial-out),

connection peer ID, connection type (VPN connection - including PPTP, IPsec Tunnel, and

L2TP by itself or over IPsec) and corresponding security methods, etc.

The router supports up to 32 VPN tunnels simultaneously. The following figure shows the

summary table.

The following figure shows the summary table according to the item (All/Trunk) selected for

View

.

Page 303 / 794

Vigor2860 Series User’s Guide

289

The following shows profiles joined into VPN Load Balance and VPN Backup mechanism.

If there is no profile joined yet, this page will be shown as follows:

Page 304 / 794

Vigor2860 Series User’s Guide

290

Available settings are explained as follows:

Item

Description

View

All –

Click it to display the LAN to LAN profiles.

Trunk –

Click it to display the Trunk profiles.

Set to Factory Default

Click to clear all indexes.

Name

Indicate the name of the LAN-to-LAN profile. The

symbol

???

represents that the profile is empty.

Active

V – means the profile has been enabled.

X – means the profile has not been enabled.

Status

Indicate the status of individual profiles. The symbol V and

X represent the profile to be active and inactive,

respectively.

To edit each profile:

1.

Click each index to edit each profile and you will get the following page. Each

LAN-to-LAN profile includes 4 subgroups. If the fields gray out, it means you may leave

it untouched. The following explanations will guide you to fill all the necessary fields.

For the web page is too long, we divide the page into several sections for explanation.

Page 305 / 794

Vigor2860 Series User’s Guide

291

Available settings are explained as follows:

Item

Description

Common Settings

Profile Name –

Specify a name for the profile of the

LAN-to-LAN connection.

Enable this profile -

Check here to activate this profile.

VPN Dial-Out Through -

Use the drop down menu to

choose a proper WAN interface for this profile. This setting

is useful for dial-out only.



WAN1 First/ WAN2 First/ WAN3 First /WAN4

First

- While connecting, the router will use

WAN1/WAN2/WAN3/WAN4 as the first channel for

VPN connection. If WAN1/WAN2/WAN3/WAN4

fails, the router will use another WAN interface

instead.

WAN1 Only /WAN2 Only/WAN 3 Only/WAN 4

Only

- While connecting, the router will use

WAN1/WAN2/WAN3/WAN4 as the only channel for

VPN connection.

WAN1 Only: Only establish VPN if WAN2 down

-

If WAN2 failed, the router will use WAN1 for VPN

connection.

WAN2 Only: Only establish VPN if WAN1 down

-

If WAN1 failed, the router will use WAN2 for VPN

connection.

Netbios Naming Packet



Pass

– click it to have an inquiry for data transmission

between the hosts located on both sides of VPN

Tunnel while connecting.



Block

– When there is conflict occurred between the

hosts on both sides of VPN Tunnel in connecting,

such function can block data transmission of Netbios

Naming Packet inside the tunnel.

Multicast via VPN -

Some programs might send multicast

packets via VPN connection.



Pass

– Click this button to let multicast packets pass

through the router.



Block

– This is default setting. Click this button to let

multicast packets be blocked by the router.

Call Direction -

Specify the allowed call direction of this

LAN-to-LAN profile.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share