apcsolution
asked on
Newbie to VPN and having problems - have (2) D-Link DFL-300 VPN/FW/Routers can't make connection both on cable modem...
Okay I'm new to VPN so excuse my lack of the correct terminology. But the situation is I've bought (2) D-Link DFL-300 VPN/FW/Routers (http://www.d-link.com/products/?pid=66) because I wanted to set up a VPN from my home to my office. My home is in Atlanta, GA and office is in Inman, SC. SC location has Charter high speed internet and GA location have Comcast high speed internet. One DFL-300 is in SC location and the other is in GA. LAN, firewall, routing, and connection is working fine on both locations just can not get VPN to connect, communicate, or work at all. I've followed the D-Link instructions on how to set up VPN between (2) DFL-300 on their website but I've had no luck (http://support.dlink.com/faq/view.asp?prod_id=1219&question=DFL-300%20/%20DFL-80) . Both the connections have dynamic IP's and I have spoken with both Broadband companies to verify if they block any ports to VPN or restrict any VPN. They both say they do not block VPN ports and have no restrictions. So back to the drawing boards now I am stumped on this one? Part of the reason is I'm new to VPN so I probably lack the knowledge. D-Link support site makes it sound so easy I knew their was more to it then what they had. Sounds to easy to be true you know. The support wasn't helpful period, when I mentioned to them about the DFL-300 they gathered all my information and said somebody will call me. Been almost 2 weeks and no call yet, I've left messages and sent e-mails. Okay any help would be appreciate greatly. I've searched high and low and still I can not get these 2 working together. Is it because both locations have Dynamic IP's? Please post reply or feel free to e-mail me at bob.lee@apcsolution.com. Thanks ahead.
ASKER
Well AshuraKnight I'm not sure how else to test it besides just following their instructions. They say after you get all the settings in then you should be able to ping internal IP's. I can't even get them to connect by clicking on the connect link after setup. I've got my public IP's in correctly I double check it again following your link. Appreciate your quick reponse, looking forward to hearing more from you. Thanks.
So when you're in DLink configuration
At VPN Page
What do you see from the vpn configuration table ?
Name : DFL300toDFL300 (ex)
Gateway IP : this is should be your IP address at home
dest subnet : IP of your work comp.
At VPN Page
What do you see from the vpn configuration table ?
Name : DFL300toDFL300 (ex)
Gateway IP : this is should be your IP address at home
dest subnet : IP of your work comp.
ASKER
Here is what I have. Hopefully this will help some. the preshared key is just an example but they are both the same on both ends.
- SC Location -
Name: apcs_sc
Gateway IP: 24.98.135.188
Destination Subnet: 192.168.10.0
PSK/RSA: psk
Status: Disconnect
Configure: Connect Modify Remove
* In Detail *
VPN Auto Keyed Tunnel
Name: apcs_sc
From Source: Internal
Subnet / Mask: 192.168.1.0 / 255.255.255.0
To Destination: Remote Gateway -- Fixed IP: 24.98.135.188
Subnet / Mask: 192.168.10.0 / 255.255.255.0
Authentication Method: Preshared
Preshared Key: 123456
Encapsulation: Data Encryption + Authentication
IPSec Lifetime: 28800 Seconds
Schedule: None
- GA Location -
Name: Name: apcs_ga
Gateway IP: 66.168.39.44
Destination Subnet: 192.168.1.0
PSK/RSA: psk
Status: Disconnect
Configure: Connect Modify Remove
* In Detail *
VPN Auto Keyed Tunnel
Name: apcs_ga
From Source: Internal
Subnet / Mask: 192.168.10.0 / 255.255.255.0
To Destination: Remote Gateway -- Fixed IP: 66.168.39.44
Subnet / Mask: 192.168.1.0 / 255.255.255.0
Authentication Method: Preshared
Preshared Key: 123456
Encapsulation: Data Encryption + Authentication
IPSec Lifetime: 28800 Seconds
Schedule: None
- SC Location -
Name: apcs_sc
Gateway IP: 24.98.135.188
Destination Subnet: 192.168.10.0
PSK/RSA: psk
Status: Disconnect
Configure: Connect Modify Remove
* In Detail *
VPN Auto Keyed Tunnel
Name: apcs_sc
From Source: Internal
Subnet / Mask: 192.168.1.0 / 255.255.255.0
To Destination: Remote Gateway -- Fixed IP: 24.98.135.188
Subnet / Mask: 192.168.10.0 / 255.255.255.0
Authentication Method: Preshared
Preshared Key: 123456
Encapsulation: Data Encryption + Authentication
IPSec Lifetime: 28800 Seconds
Schedule: None
- GA Location -
Name: Name: apcs_ga
Gateway IP: 66.168.39.44
Destination Subnet: 192.168.1.0
PSK/RSA: psk
Status: Disconnect
Configure: Connect Modify Remove
* In Detail *
VPN Auto Keyed Tunnel
Name: apcs_ga
From Source: Internal
Subnet / Mask: 192.168.10.0 / 255.255.255.0
To Destination: Remote Gateway -- Fixed IP: 66.168.39.44
Subnet / Mask: 192.168.1.0 / 255.255.255.0
Authentication Method: Preshared
Preshared Key: 123456
Encapsulation: Data Encryption + Authentication
IPSec Lifetime: 28800 Seconds
Schedule: None
As the tutorial said :
Step 8 Select either Remote Gateway--Fixed IP or Remote Gateway--Dynamic IP. Enter the WAN (external) IP address of DFL-300 #2, if Remote Gateway--Fixed IP is selected.
I see that you're using the same IP for the Ip of your SC connection.
and don't use fixed ip, because you're on dynamic ip
And i presume your sc internal ip address is 192.168.1.1
and your ga is 192.168.10.1
is that right ?
please use dynamic ip setting for the router
you can use dynamic ip service from dyndns.com if needed
Step 8 Select either Remote Gateway--Fixed IP or Remote Gateway--Dynamic IP. Enter the WAN (external) IP address of DFL-300 #2, if Remote Gateway--Fixed IP is selected.
I see that you're using the same IP for the Ip of your SC connection.
and don't use fixed ip, because you're on dynamic ip
And i presume your sc internal ip address is 192.168.1.1
and your ga is 192.168.10.1
is that right ?
please use dynamic ip setting for the router
you can use dynamic ip service from dyndns.com if needed
ASKER
Your reply:
"I see that you're using the same IP for the Ip of your SC connection."
I am trying to look at where I used the same IP and can't figure out where you saw that at. If you can point that out for me because I've double checked and can't figure where I used the same IP. Also I have tried the Remote Gateway--Dynamic IP but the only issue with that is it doesn't give you a choice on which DNS to look for. The only thing with that option you can put is the Subnet / Mask
"I see that you're using the same IP for the Ip of your SC connection."
I am trying to look at where I used the same IP and can't figure out where you saw that at. If you can point that out for me because I've double checked and can't figure where I used the same IP. Also I have tried the Remote Gateway--Dynamic IP but the only issue with that is it doesn't give you a choice on which DNS to look for. The only thing with that option you can put is the Subnet / Mask
Name: apcs_sc
From Source: Internal
Subnet / Mask: 192.168.1.0 / 255.255.255.0
To Destination: Remote Gateway -- Fixed IP: 24.98.135.188
there. On the fixed ip for sc comp you put the same IP with your gateway IP :)
And have you try to put your setting to dynamic ip ?
And one more thing, for static ip, the IP address of your connection is not the same with gateway IP (most of them)
usually gateway ip is the same with one of the dns ip.
From Source: Internal
Subnet / Mask: 192.168.1.0 / 255.255.255.0
To Destination: Remote Gateway -- Fixed IP: 24.98.135.188
there. On the fixed ip for sc comp you put the same IP with your gateway IP :)
And have you try to put your setting to dynamic ip ?
And one more thing, for static ip, the IP address of your connection is not the same with gateway IP (most of them)
usually gateway ip is the same with one of the dns ip.
"Also I have tried the Remote Gateway--Dynamic IP but the only issue with that is it doesn't give you a choice on which DNS to look for. The only thing with that option you can put is the Subnet / Mask"
I know that, ok just do it with fixed ip right now.
But at later time, you had to change it into dynamic ip because your ip will constantly changed. So if you keep using that IP as a gateway, you won't connect with it anymore.
Do you sure the ip in your work comp haven't changed ?
How do you access it ? Via RD (remote desktop) or something ?
I know that, ok just do it with fixed ip right now.
But at later time, you had to change it into dynamic ip because your ip will constantly changed. So if you keep using that IP as a gateway, you won't connect with it anymore.
Do you sure the ip in your work comp haven't changed ?
How do you access it ? Via RD (remote desktop) or something ?
ASKER
Yeah, I connect through DNS or IP. I have PCAnywhere on both ends so I can connect to office and here at home. I can remote manage my firewalls also. SC locations DNS name is http://aps.apcsolution.com/ and GA locations is http://apsga.dyndns.org/. In the "To Destination: Remote Gateway -- Fixed IP: " I've also tried using the DNS names of both of them and no luck also. If I leave it as fixed IP with the DNS as long as the DNS never changes things should be fine right? I've tried just IP and/or DNS bascially I get the same results. With the IP I'm just putting in the remote ip which is the IP for my modem at GA location and the other is the IP for my modem in SC location. Again I've tried putting IP and DNS. I'm really stumped on this one. I do appreciate you helping me like this. I'm just out of ideas to try now.
Sorry, I know that it's something matter with your configuration but I can't explain it without put my hands on it directyly :)
So i'll make another question referring to this question to let other expert (who knows d-link configuration better) give some advise.
So i'll make another question referring to this question to let other expert (who knows d-link configuration better) give some advise.
here's the link for my question : https://www.experts-exchange.com/questions/21085688/Help-with-this-question-http-www-experts-exchange-com-Networking-Q-21084428-html-11735847.html
:)
hope some1 will come and help you faster then me :P
:)
hope some1 will come and help you faster then me :P
ASKER
Thanks though. Any help is greatly appreicated.
- SC Location -
Name: apcs_sc
Gateway IP: 24.98.135.188 <--- this is GA's external IP address?
Destination Subnet: 192.168.10.0
- GA Location -
Name: Name: apcs_ga
Gateway IP: 66.168.39.44 <-- this is SC's external IP address??
Destination Subnet: 192.168.1.0
Name: apcs_sc
Gateway IP: 24.98.135.188 <--- this is GA's external IP address?
Destination Subnet: 192.168.10.0
- GA Location -
Name: Name: apcs_ga
Gateway IP: 66.168.39.44 <-- this is SC's external IP address??
Destination Subnet: 192.168.1.0
I believe the "remote gateway" should be the IP address of the other DLink router.
For Example...
- GA Location -
To Destination: Remote Gateway -- Fixed IP: 66.168.39.44
Subnet / Mask: 192.168.1.0 / 255.255.255.0
Should be
- GA Location -
To Destination: Remote Gateway -- Fixed IP: 24.98.135.188
Subnet / Mask: 192.168.1.0 / 255.255.255.0
you want the router in Georiga to know that any IPs on 192.168.1.0 should be forwarded to the router in SC. Make sure you reconfigure both routers. Then do a tracert on a 192.168.1.x address to find out how far along it gets...
ASKER
lrmoore, yeah those are the external IPs.
adamdrayer, I have tired what you recommended and I got no luck also. I even used the DNS names with out any luck. SC DNS is aps.apcsolution.com GA DNS is apsga.dyndns.org. Traced it and got unreachable host. Thanks for the suggestions.
adamdrayer, I have tired what you recommended and I got no luck also. I even used the DNS names with out any luck. SC DNS is aps.apcsolution.com GA DNS is apsga.dyndns.org. Traced it and got unreachable host. Thanks for the suggestions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
adamdrayer here is what i get below:
C:\WINDOWS\system32>tracer
Tracing route to 192.168.1.5 over a maximum of 30 hops
1 * * * Request timed out.
2 14 ms 11 ms 12 ms 10.238.224.1
3 12 ms 15 ms 15 ms 66.56.22.109
4 15 ms 12 ms 13 ms 66.56.22.169
5 12.124.58.41 reports: Destination host unreachable.
Trace complete.
C:\WINDOWS\system32>tracer
Tracing route to 192.168.1.5 over a maximum of 30 hops
1 * * * Request timed out.
2 14 ms 11 ms 12 ms 10.238.224.1
3 12 ms 15 ms 15 ms 66.56.22.109
4 15 ms 12 ms 13 ms 66.56.22.169
5 12.124.58.41 reports: Destination host unreachable.
Trace complete.
With your current IP address ?
Check your public ip again and test the connection then get back here :)
check here : http://checkip.dyndns.org/