2 x DIR-330's - Help with SIte-to-Site IPSEC VPN

Posted on 2009-07-05
Last Modified: 2013-12-25
Have two sites : (site.a-server & 6 workstations with dir-330)(site.b-2 workstations with dir-330)I am setting up a site to site VPN connection *hopefully with IPEC enabled and functionality with no quams.  Any advice for an IPSEC configuration with security options and reliability.   Also - should I remove the DHCP role off the Small business server2k3? - Let me know if you need more info.
Question by:btsconsultant
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 10

Accepted Solution

PlusIT earned 250 total points
ID: 24784749

i would not disable DHCP on the server side site, disable it on the DIR.  You will need to use the DHCP on the other side if you don't have a server there.

Make sure both networks are in different ip ranges.
Make sure firmware's are up to date on both DIRs

Then configure the vpn as follows:
Site to Site vpn
enable IPsec
Put local and remote lan ranges in
Use Pre-shared key and makes it very long and hard to crack!
You can add Xauth also and add a username and password for added sec (test with preshared key only first if you want to do this!)
Give local and remote ID (chosee freely)
Use main mode
Enable nat-t if their are routers in front of the firewall (ie if there's natting between)

Rest can be left alone, do the same for the second but switch lan ranges and local/remote id's :)


Author Comment

ID: 24815631

Follow up question;
info: site a:
IP Address :  
Subnet Mask :  
DHCP Server :   Disabled  
VPN Settings on site A (server site):
IPSEC enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask :
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
info: site b:
IP Address :  
Subnet Mask :  
DHCP Server :   Enabled  
VPN settings on site b (2 workstations):
IPSEC Enabled
Local net/mask : 192.168.0/24
Site to site   : ISP IP
Remote local LAN net/mask :
Preshared key  : testingkey123456
NAT disabled
Keep alive
cipher 1-4 3des and all hashes MD5
I have input all the local net/mask, remote IP.  
But I am somewhat confused as to what i should put
for the Remote local Lan Net/mask.  Is this the
Address of the router at site a?  Or is this the IP
address of the ISP?  -  I put it in basic mode like
you said with the preshared key. Am I missing
Thanks again!

Author Comment

ID: 24816473
I have established a connection between the two sites successfully with the above settings - ((minus putting NAT enabled on site B (workstation side))  - However, I am not getting local access.  Any ideas?
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.


Author Closing Comment

ID: 31599921
Great help!  I really appreciate it.  Took no time at all!  By the time I was back at my office, the site-to-site was connected!  Just need a  little help with the local part now.
LVL 10

Expert Comment

ID: 24821776
firewalling ?  Have you allowed the two subnets ?

Author Comment

ID: 24823513
I have changed the two subnets but you are correct.  I have to wait til this afternoon to do the work, but I will get back to you.  Thanks again.

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question