Solved

2 x DIR-330's - Help with SIte-to-Site IPSEC VPN

Posted on 2009-07-05
6
677 Views
Last Modified: 2013-12-25
Have two sites : (site.a-server & 6 workstations with dir-330)(site.b-2 workstations with dir-330)I am setting up a site to site VPN connection *hopefully with IPEC enabled and functionality with no quams.  Any advice for an IPSEC configuration with security options and reliability.   Also - should I remove the DHCP role off the Small business server2k3? - Let me know if you need more info.
0
Comment
Question by:btsconsultant
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
PlusIT earned 250 total points
Comment Utility
hi,

i would not disable DHCP on the server side site, disable it on the DIR.  You will need to use the DHCP on the other side if you don't have a server there.

Make sure both networks are in different ip ranges.
Make sure firmware's are up to date on both DIRs

Then configure the vpn as follows:
Site to Site vpn
enable IPsec
Put local and remote lan ranges in
Use Pre-shared key and makes it very long and hard to crack!
You can add Xauth also and add a username and password for added sec (test with preshared key only first if you want to do this!)
Give local and remote ID (chosee freely)
Use main mode
Enable nat-t if their are routers in front of the firewall (ie if there's natting between)

Rest can be left alone, do the same for the second but switch lan ranges and local/remote id's :)



0
 

Author Comment

by:btsconsultant
Comment Utility

Follow up question;
SERVER SIDE
info: site a:
IP Address :   192.168.1.1  
Subnet Mask :   255.255.255.0  
DHCP Server :   Disabled  
VPN Settings on site A (server site):
IPSEC enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask : 192.168.1.0/24
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
WORKSTATION SIDE
info: site b:
IP Address :   192.168.2.2  
Subnet Mask :   255.255.255.0  
DHCP Server :   Enabled  
VPN settings on site b (2 workstations):
IPSEC Enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask : 192.168.2.0/24
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
LET ME KNOW IF YOU NEED MORE INFO
I have input all the local net/mask, remote IP.  
But I am somewhat confused as to what i should put
for the Remote local Lan Net/mask.  Is this the
Address of the router at site a?  Or is this the IP
address of the ISP?  -  I put it in basic mode like
you said with the preshared key. Am I missing
something?
Thanks again!
0
 

Author Comment

by:btsconsultant
Comment Utility
Well,
I have established a connection between the two sites successfully with the above settings - ((minus putting NAT enabled on site B (workstation side))  - However, I am not getting local access.  Any ideas?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Closing Comment

by:btsconsultant
Comment Utility
Great help!  I really appreciate it.  Took no time at all!  By the time I was back at my office, the site-to-site was connected!  Just need a  little help with the local part now.
0
 
LVL 10

Expert Comment

by:PlusIT
Comment Utility
firewalling ?  Have you allowed the two subnets ?
0
 

Author Comment

by:btsconsultant
Comment Utility
I have changed the two subnets but you are correct.  I have to wait til this afternoon to do the work, but I will get back to you.  Thanks again.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Learn about cloud computing and its benefits for small business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now