Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

2 x DIR-330's - Help with SIte-to-Site IPSEC VPN

Posted on 2009-07-05
6
Medium Priority
?
705 Views
Last Modified: 2013-12-25
Have two sites : (site.a-server & 6 workstations with dir-330)(site.b-2 workstations with dir-330)I am setting up a site to site VPN connection *hopefully with IPEC enabled and functionality with no quams.  Any advice for an IPSEC configuration with security options and reliability.   Also - should I remove the DHCP role off the Small business server2k3? - Let me know if you need more info.
0
Comment
Question by:btsconsultant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
PlusIT earned 1000 total points
ID: 24784749
hi,

i would not disable DHCP on the server side site, disable it on the DIR.  You will need to use the DHCP on the other side if you don't have a server there.

Make sure both networks are in different ip ranges.
Make sure firmware's are up to date on both DIRs

Then configure the vpn as follows:
Site to Site vpn
enable IPsec
Put local and remote lan ranges in
Use Pre-shared key and makes it very long and hard to crack!
You can add Xauth also and add a username and password for added sec (test with preshared key only first if you want to do this!)
Give local and remote ID (chosee freely)
Use main mode
Enable nat-t if their are routers in front of the firewall (ie if there's natting between)

Rest can be left alone, do the same for the second but switch lan ranges and local/remote id's :)



0
 

Author Comment

by:btsconsultant
ID: 24815631

Follow up question;
SERVER SIDE
info: site a:
IP Address :   192.168.1.1  
Subnet Mask :   255.255.255.0  
DHCP Server :   Disabled  
VPN Settings on site A (server site):
IPSEC enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask : 192.168.1.0/24
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
WORKSTATION SIDE
info: site b:
IP Address :   192.168.2.2  
Subnet Mask :   255.255.255.0  
DHCP Server :   Enabled  
VPN settings on site b (2 workstations):
IPSEC Enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask : 192.168.2.0/24
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
LET ME KNOW IF YOU NEED MORE INFO
I have input all the local net/mask, remote IP.  
But I am somewhat confused as to what i should put
for the Remote local Lan Net/mask.  Is this the
Address of the router at site a?  Or is this the IP
address of the ISP?  -  I put it in basic mode like
you said with the preshared key. Am I missing
something?
Thanks again!
0
 

Author Comment

by:btsconsultant
ID: 24816473
Well,
I have established a connection between the two sites successfully with the above settings - ((minus putting NAT enabled on site B (workstation side))  - However, I am not getting local access.  Any ideas?
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 

Author Closing Comment

by:btsconsultant
ID: 31599921
Great help!  I really appreciate it.  Took no time at all!  By the time I was back at my office, the site-to-site was connected!  Just need a  little help with the local part now.
0
 
LVL 10

Expert Comment

by:PlusIT
ID: 24821776
firewalling ?  Have you allowed the two subnets ?
0
 

Author Comment

by:btsconsultant
ID: 24823513
I have changed the two subnets but you are correct.  I have to wait til this afternoon to do the work, but I will get back to you.  Thanks again.
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question