1. Home
    2. /
  2. Manuals
    3. /
  3. DrayTek
    4. /
  4. Vigor2860Vn-plus
    5. /
  5. 63
Page 311 / 794 Scroll up to view Page 306 - 310
Vigor2860 Series User’s Guide
297
AES.
GRE over IPsec
Settings
Enable IPsec Dial-Out function GRE over IPsec
: Check
this box to verify data and transmit data in encryption with
GRE over IPsec packet after configuring IPsec Dial-Out
setting. Both ends must match for each other by setting
same virtual IP address for communication.
Logical Traffic
: Such technique comes from RFC2890.
Define logical traffic for data transmission between both
sides of VPN tunnel by using the characteristic of GRE.
Even hacker can decipher IPsec encryption, he/she still
cannot ask LAN site to do data transmission with any
information. Such function can ensure the data transmitted
on VPN tunnel is really sent out from both sides. This is an
optional function. However, if one side wants to use it, the
peer must enable it, too.
My GRE IP
: Type the virtual IP for router itself for
verified by peer.
Peer GRE IP
: Type the virtual IP of peer host for verified
by router.
TCP/IP Network
Settings
My WAN IP –
This field is only applicable when you select
PPTP or L2TP with or without IPsec policy above. The
default value is 0.0.0.0, which means the Vigor router will
get a PPP IP address from the remote router during the
IPCP negotiation phase. If the PPP IP address is fixed by
remote side, specify the fixed IP address here. Do not
change the default value if you do not select PPTP or L2TP.
Remote Gateway IP -
This field is only applicable when
you select PPTP or L2TP with or without IPsec policy
above. The default value is 0.0.0.0, which means the Vigor
router will get a remote Gateway PPP IP address from the
remote router during the IPCP negotiation phase. If the PPP
IP address is fixed by remote side, specify the fixed IP
address here. Do not change the default value if you do not
select PPTP or L2TP.
Remote Network IP/ Remote Network Mask -
Add a
static route to direct all traffic destined to this Remote
Network IP Address/Remote Network Mask through the
VPN connection. For IPsec, this is the destination clients
IDs of phase 2 quick mode.
Local Network IP / Local Network Mask -
Display the
local network IP and mask for TCP / IP configuration. You
can modify the settings if required.
More -
Add a static route to direct all traffic destined to
more Remote Network IP Addresses/ Remote Network
Masks through the VPN connection. This is usually used
when you find there are several subnets behind the remote
VPN router.
Page 312 / 794
Vigor2860 Series User’s Guide
298
RIP Direction -
The option specifies the direction of RIP
(Routing Information Protocol) packets. You can
enable/disable one of direction here. Herein, we provide
four options: TX/RX Both, TX Only, RX Only, and
Disable.
From first subnet to remote network, you have to
do -
If the remote network only allows you to dial in with
single IP, please choose
NAT
, otherwise choose
Route
.
Change default route to this VPN tunnel -
Check this box
to change the default route with this VPN tunnel.
IPSec VPN with the
Same subnet
For both ends (e.g., different sections in a company) are
within the same subnet, there is a function which allows
you to build Virtual IP mapping between two ends. Thus,
when VPN connection established, the router will change
the IP address according to the settings configured here and
block sessions which are not coming from the IP address
defined in the Virtual IP Mapping list.
After checking the box of
IPSec VPN with the Same
subnet
, the options under
TCP/IP Network Settings
will
be changed as shown below:
Remote Network IP/ Remote Network Mask -
Add a
static route to direct all traffic destined to this Remote
Network IP Address/Remote Network Mask through the
VPN connection. For IPSec, this is the destination clients
IDs of phase 2 quick mode.
Translated Local Network –
This function is enabled in
default. Use the drop down list to specify a LAN port as the
transferred direction. Then specify an IP address. Click
Advanced
to configure detailed settings if required.
Advanced
– Add a static route to direct all traffic destined
to more Remote Network IP Addresses/ Remote Network
Mask through the VPN connection. This is usually used
Page 313 / 794
Vigor2860 Series User’s Guide
299
when you find there are several subnets behind the remote
VPN router.
Translated Type –
There are two types for you to choose.
Whole Subnet
Specific IP Address
Virtual IP Mapping –
A pop up dialog will appear for you
to specify the local IP address and the mapping virtual IP
address.
2.
After finishing all the settings here, please click
OK
to save the configuration.
Page 314 / 794
Vigor2860 Series User’s Guide
300
3.11.7 VPN TRUNK Management
VPN trunk includes four features - VPN Backup, VPN load balance, GRE over IPsec, and
Binding tunnel policy.
Features of VPN TRUNK – VPN Backup Mechanism
VPN TRUNK Management is a backup mechanism which can set multiple VPN tunnels as
backup tunnel. It can assure the network connection not to be cut off due to network
environment blocked by any reason.
VPN TRUNK-VPN Backup mechanism can judge abnormal situation for the
environment of VPN server and correct it to complete the backup of VPN Tunnel in
real-time.
VPN TRUNK-VPN Backup mechanism is compliant with all WAN modes (single/multi)
Dial-out connection types contain IPsec, PPTP, L2TP, L2TP over IPsec and ISDN
(depends on hardware specification)
The web page is simple to understand and easy to configure
Fully compliant with VPN Server LAN Site Single/Multi Network
Mail Alert support, please refer to
System Maintenance >> SysLog / Mail Alert
for
detailed configuration
Syslog support, please refer to
System Maintenance >> SysLog / Mail Alert
for
detailed configuration
Specific ERD (Environment Recovery Detection) mechanism which can be operated by
using Telnet command
VPN TRUNK-VPN Backup mechanism profile will be activated when initial connection of
single VPN tunnel is off-line. Before setting VPN TRUNK -VPN Backup mechanism backup
profile, please configure at least two sets of LAN-to-LAN profiles (with fully configured
dial-out settings) first, otherwise you will not have selections for grouping Member1 and
Member2.
Features of VPN TRUNK – VPN Load Balance Mechanism
VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balance
tunnel. It can assist users to do effective load sharing for multiple VPN tunnels according to
real line bandwidth. Moreover, it offers three types of algorithms for load balancing and
binding tunnel policy mechanism to let the administrator manage the network more flexibly.
Three types of load sharing algorithm offered, Round Robin, Weighted Round Robin and
Fastest
Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or
specified service function in transmission and define specified VPN Tunnel for having
effective bandwidth management
Dial-out connection types contain IPsec, PPTP, L2TP, L2TP over IPsec and GRE over
IPsec
The web page is simple to understand and easy to configure
The TCP Session transmitted by using VPN TRUNK-VPN Load Balance mechanism
will not be lost due to one of VPN Tunnels disconnected. Users do not need to reconnect
with setting TCP/UDP Service Port again. The VPN Load Balance function can keep the
transmission for internal data on tunnel stably
Page 315 / 794
Vigor2860 Series User’s Guide
301
Available settings are explained as follows:
Item
Description
Backup Profile List
Set to Factory Default -
Click to clear all VPN
TRUNK-VPN Backup mechanism profile.
No –
The order of VPN TRUNK-VPN Backup mechanism
profile.
Status
- “v” means such profile is enabled; “x” means such
profile is disabled.
Name -
Display the name of VPN TRUNK-VPN Backup
mechanism profile.
Member1 -
Display the dial-out profile selected from the
Member1 drop down list below.
Active -
“Yes” means normal condition. “No” means the
state might be disabled or that profile currently is set with
Dial-in mode (for call direction) in LAN-to-LAN.
Type -
Display the connection type for that profile, such as
IPsec, PPTP, L2TP, L2TP over IPsec (NICE), L2TP over
IPsec(MUST) and so on.
Member2 -
Display the dial-out profile selected from the
Member2 drop down list below.

Rate

4.5 / 5 based on 2 votes.

Popular DrayTek Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top