2 x DIR-330's - Help with SIte-to-Site IPSEC VPN

Posted on 2009-07-05
Last Modified: 2013-12-25
Have two sites : (site.a-server & 6 workstations with dir-330)(site.b-2 workstations with dir-330)I am setting up a site to site VPN connection *hopefully with IPEC enabled and functionality with no quams.  Any advice for an IPSEC configuration with security options and reliability.   Also - should I remove the DHCP role off the Small business server2k3? - Let me know if you need more info.
Question by:btsconsultant
  • 4
  • 2
LVL 10

Accepted Solution

PlusIT earned 250 total points
ID: 24784749

i would not disable DHCP on the server side site, disable it on the DIR.  You will need to use the DHCP on the other side if you don't have a server there.

Make sure both networks are in different ip ranges.
Make sure firmware's are up to date on both DIRs

Then configure the vpn as follows:
Site to Site vpn
enable IPsec
Put local and remote lan ranges in
Use Pre-shared key and makes it very long and hard to crack!
You can add Xauth also and add a username and password for added sec (test with preshared key only first if you want to do this!)
Give local and remote ID (chosee freely)
Use main mode
Enable nat-t if their are routers in front of the firewall (ie if there's natting between)

Rest can be left alone, do the same for the second but switch lan ranges and local/remote id's :)


Author Comment

ID: 24815631

Follow up question;
info: site a:
IP Address :  
Subnet Mask :  
DHCP Server :   Disabled  
VPN Settings on site A (server site):
IPSEC enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask :
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
info: site b:
IP Address :  
Subnet Mask :  
DHCP Server :   Enabled  
VPN settings on site b (2 workstations):
IPSEC Enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask :
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
I have input all the local net/mask, remote IP.  
But I am somewhat confused as to what i should put
for the Remote local Lan Net/mask.  Is this the
Address of the router at site a?  Or is this the IP
address of the ISP?  -  I put it in basic mode like
you said with the preshared key. Am I missing
Thanks again!

Author Comment

ID: 24816473
I have established a connection between the two sites successfully with the above settings - ((minus putting NAT enabled on site B (workstation side))  - However, I am not getting local access.  Any ideas?
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Closing Comment

ID: 31599921
Great help!  I really appreciate it.  Took no time at all!  By the time I was back at my office, the site-to-site was connected!  Just need a  little help with the local part now.
LVL 10

Expert Comment

ID: 24821776
firewalling ?  Have you allowed the two subnets ?

Author Comment

ID: 24823513
I have changed the two subnets but you are correct.  I have to wait til this afternoon to do the work, but I will get back to you.  Thanks again.

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trouble enabling network for Hyper-V client 10 44
How to read network slash info 7 44
Manage ASA using outside IP 14 62
how to determine subnet mask? 11 40
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question