Can't Establish a VPN connection between 2 D-Link DFL 300 Routers.

I have been trying unsuccessfully for months to establish a VPN connection between 2 D-Link DFL 300 routers.  Ideally, I would be able to establish a router to router tunnel, but I would be willing to create a tunnel using the Windows XP Client to the DFL-300 router (Home to the Office) and then setting up a second tunnel going the other way from the Office's Windows XP client machine to the Home DFL-300 if I can get this to work.  I have not had success setting up a VPN with either IPSec or PPTP.  The documentation with this router is abysmal, only covers setting up a static IP to static IP tunnel, and this router has been discontinued by D-Link and is no longer supported.  PPTP wasn't even in the original firmware and was added as an afterthought, with no documentation.

My Setup (at the office).
-DFL 300 is configured for an Internal Interface (LAN) and DMZ.  Internal Interface is, and DMZ is  Both have as netmask.  NAT is enabled on both (the D-Link faq didn't say anything about turning off NAT when connecting 2 routers with a VPN).  
-One server running Win2k Server with the service pack updates, and 3 NICs.  We have 6 REAL IPs provided by our ISP.  We have one domain and our server is the only domain controller.

-NIC1) Has 2 IPs assigned to it, the first,, is used as our mail server.  The second,, is used for our website.   This subnet goes to our DMZ.  
Within the DFL 300, we have 2 virtual servers assigned, Mapping External IP #1 to (mail), and Mapping External IP #2 to the website.  Our router is configured so that its external IP address is the same as the websites (External IP #2, which is mapped to internally).
-NIC2) Has 1 IP assigned to it, which is on a different subnet (192.168.1.X).  All of the computers on the local LAN point to this IP for DNS.  This 192.168.1 subnet makes up our lan.
-NIC3) We're not really using at this point.

Virtual Server 1 - Maps External IP #1 to the DMZ address of the Mailserver
Virtual Server 2 - Maps External IP #2 to the DMZ address of the Webserver
Virtual Server 3 - Maps External IP #3 to the Internal (LAN) address of our Server.  This was only mapped to attempt  to allow an Incoming Policy for access to the LAN from the Home.

External to DMZ:  permits services from Outside to Virtual Server 1 and Virtual Server 2.
Incoming:  permits services from Outside to Virtual Server 3.

My Home setup is simple, on a cable modem with DHCP enabled (the router is the same brand, DFL 300).

The home local IP is set up as (different subnet than the office).  While I can easily get a connection through the IPSec VPN option by using a preshared key (this must be initiated from the home, since it is DHCP), I am *usually* unable to ping a computer behind the office LAN.  I have this home computer added to the external group within the router.  I've even added it into the internal group as well.  Sometimes I am able to get a ping response from the home computer to a computer on the LAN, after resetting both routers, and/or making changes that I can't pinpoint--it seems random.  Occasionally, I can even ping the home computer on the ip from within the LAN.  However, this is rare.  

I have tried to set up a WindowsXP client IPSec VPN from the home into the office DFL 300, with no success.  I get a negotiating IP security message when I try to ping the office LAN from the home--even when the home router is removed and I am plugged directly in to the Cable Modem.  

When I do a portscan on the IPSec 1701 port from behind the office firewall on the LAN, it comes back closed.  I believe IKE does the same, and have had similar problems with PPTP.  I don't know if my whole issue is related to closed ports, crappy router firmware, or this author's limited IT skillset.  

I keep thinking that this could be a port issue, or an issue because our router's external IP is being forwarded to the DMZ while we are trying to use this same IP to connect to the internal LAN of the office from home.  The home router is using the External IP address #2 as the external gateway (this is the Office router's IP).  I think I have my subnets correctly... the home router points to, and the office router points to  

I'm outta ideas.  Can anyone point me in the right direction?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bmoneylessAuthor Commented:
Found an answer... seems the home computer had a software firewall installed that I was not informed of.  Though the hardware vpn was allowed, and the routers were connecting, I could not ping a machine behind each subnet.  Now that the software firewall has been removed, I am able to create the vpn tunnel and get access, going both ways.
Because you have presented a solution to your own problem which may be helpful to future searches, this question is now PAQed and your points have been refunded.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.