[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

2 x DIR-330's - Help with SIte-to-Site IPSEC VPN

Posted on 2009-07-05
6
Medium Priority
?
715 Views
Last Modified: 2013-12-25
Have two sites : (site.a-server & 6 workstations with dir-330)(site.b-2 workstations with dir-330)I am setting up a site to site VPN connection *hopefully with IPEC enabled and functionality with no quams.  Any advice for an IPSEC configuration with security options and reliability.   Also - should I remove the DHCP role off the Small business server2k3? - Let me know if you need more info.
0
Comment
Question by:btsconsultant
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
PlusIT earned 1000 total points
ID: 24784749
hi,

i would not disable DHCP on the server side site, disable it on the DIR.  You will need to use the DHCP on the other side if you don't have a server there.

Make sure both networks are in different ip ranges.
Make sure firmware's are up to date on both DIRs

Then configure the vpn as follows:
Site to Site vpn
enable IPsec
Put local and remote lan ranges in
Use Pre-shared key and makes it very long and hard to crack!
You can add Xauth also and add a username and password for added sec (test with preshared key only first if you want to do this!)
Give local and remote ID (chosee freely)
Use main mode
Enable nat-t if their are routers in front of the firewall (ie if there's natting between)

Rest can be left alone, do the same for the second but switch lan ranges and local/remote id's :)



0
 

Author Comment

by:btsconsultant
ID: 24815631

Follow up question;
SERVER SIDE
info: site a:
IP Address :   192.168.1.1  
Subnet Mask :   255.255.255.0  
DHCP Server :   Disabled  
VPN Settings on site A (server site):
IPSEC enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask : 192.168.1.0/24
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
WORKSTATION SIDE
info: site b:
IP Address :   192.168.2.2  
Subnet Mask :   255.255.255.0  
DHCP Server :   Enabled  
VPN settings on site b (2 workstations):
IPSEC Enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask : 192.168.2.0/24
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
LET ME KNOW IF YOU NEED MORE INFO
I have input all the local net/mask, remote IP.  
But I am somewhat confused as to what i should put
for the Remote local Lan Net/mask.  Is this the
Address of the router at site a?  Or is this the IP
address of the ISP?  -  I put it in basic mode like
you said with the preshared key. Am I missing
something?
Thanks again!
0
 

Author Comment

by:btsconsultant
ID: 24816473
Well,
I have established a connection between the two sites successfully with the above settings - ((minus putting NAT enabled on site B (workstation side))  - However, I am not getting local access.  Any ideas?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 

Author Closing Comment

by:btsconsultant
ID: 31599921
Great help!  I really appreciate it.  Took no time at all!  By the time I was back at my office, the site-to-site was connected!  Just need a  little help with the local part now.
0
 
LVL 10

Expert Comment

by:PlusIT
ID: 24821776
firewalling ?  Have you allowed the two subnets ?
0
 

Author Comment

by:btsconsultant
ID: 24823513
I have changed the two subnets but you are correct.  I have to wait til this afternoon to do the work, but I will get back to you.  Thanks again.
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question