Can't Establish a VPN connection between 2 D-Link DFL 300 Routers.

Posted on 2006-04-19
Last Modified: 2010-04-12
I have been trying unsuccessfully for months to establish a VPN connection between 2 D-Link DFL 300 routers.  Ideally, I would be able to establish a router to router tunnel, but I would be willing to create a tunnel using the Windows XP Client to the DFL-300 router (Home to the Office) and then setting up a second tunnel going the other way from the Office's Windows XP client machine to the Home DFL-300 if I can get this to work.  I have not had success setting up a VPN with either IPSec or PPTP.  The documentation with this router is abysmal, only covers setting up a static IP to static IP tunnel, and this router has been discontinued by D-Link and is no longer supported.  PPTP wasn't even in the original firmware and was added as an afterthought, with no documentation.

My Setup (at the office).
-DFL 300 is configured for an Internal Interface (LAN) and DMZ.  Internal Interface is, and DMZ is  Both have as netmask.  NAT is enabled on both (the D-Link faq didn't say anything about turning off NAT when connecting 2 routers with a VPN).  
-One server running Win2k Server with the service pack updates, and 3 NICs.  We have 6 REAL IPs provided by our ISP.  We have one domain and our server is the only domain controller.

-NIC1) Has 2 IPs assigned to it, the first,, is used as our mail server.  The second,, is used for our website.   This subnet goes to our DMZ.  
Within the DFL 300, we have 2 virtual servers assigned, Mapping External IP #1 to (mail), and Mapping External IP #2 to the website.  Our router is configured so that its external IP address is the same as the websites (External IP #2, which is mapped to internally).
-NIC2) Has 1 IP assigned to it, which is on a different subnet (192.168.1.X).  All of the computers on the local LAN point to this IP for DNS.  This 192.168.1 subnet makes up our lan.
-NIC3) We're not really using at this point.

Virtual Server 1 - Maps External IP #1 to the DMZ address of the Mailserver
Virtual Server 2 - Maps External IP #2 to the DMZ address of the Webserver
Virtual Server 3 - Maps External IP #3 to the Internal (LAN) address of our Server.  This was only mapped to attempt  to allow an Incoming Policy for access to the LAN from the Home.

External to DMZ:  permits services from Outside to Virtual Server 1 and Virtual Server 2.
Incoming:  permits services from Outside to Virtual Server 3.

My Home setup is simple, on a cable modem with DHCP enabled (the router is the same brand, DFL 300).

The home local IP is set up as (different subnet than the office).  While I can easily get a connection through the IPSec VPN option by using a preshared key (this must be initiated from the home, since it is DHCP), I am *usually* unable to ping a computer behind the office LAN.  I have this home computer added to the external group within the router.  I've even added it into the internal group as well.  Sometimes I am able to get a ping response from the home computer to a computer on the LAN, after resetting both routers, and/or making changes that I can't pinpoint--it seems random.  Occasionally, I can even ping the home computer on the ip from within the LAN.  However, this is rare.  

I have tried to set up a WindowsXP client IPSec VPN from the home into the office DFL 300, with no success.  I get a negotiating IP security message when I try to ping the office LAN from the home--even when the home router is removed and I am plugged directly in to the Cable Modem.  

When I do a portscan on the IPSec 1701 port from behind the office firewall on the LAN, it comes back closed.  I believe IKE does the same, and have had similar problems with PPTP.  I don't know if my whole issue is related to closed ports, crappy router firmware, or this author's limited IT skillset.  

I keep thinking that this could be a port issue, or an issue because our router's external IP is being forwarded to the DMZ while we are trying to use this same IP to connect to the internal LAN of the office from home.  The home router is using the External IP address #2 as the external gateway (this is the Office router's IP).  I think I have my subnets correctly... the home router points to, and the office router points to  

I'm outta ideas.  Can anyone point me in the right direction?

Question by:bmoneyless

    Author Comment

    Found an answer... seems the home computer had a software firewall installed that I was not informed of.  Though the hardware vpn was allowed, and the routers were connecting, I could not ping a machine behind each subnet.  Now that the software firewall has been removed, I am able to create the vpn tunnel and get access, going both ways.

    Accepted Solution

    Because you have presented a solution to your own problem which may be helpful to future searches, this question is now PAQed and your points have been refunded.


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Suggested Solutions

    Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
    If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now