LAn To LAN VPN Tunnel using Draytek 2800 (Router Server) 2830 (Router Client)

Posted on 2011-10-16
Last Modified: 2012-06-22
It maybe a simple answer? I have set up a VPN tunnel between two different offices in two different cities via LAn to LAN VPN Tunnel using an existing older Draytek 2800 on the server end & a newer Draytek 2830 on the Client office using ipsec. it works to my supprise but it asks for a username & password when the client pier to pier computers connect to the remote sbs server, is there a way to do it so they dont need to imput a username & password? can the router send it?
Question by:Robbills
    1 Comment
    LVL 1

    Accepted Solution

    Unless I don't understand your setup correctly, the user name and password being requested is nothing to do with the VPN connection itself.

    I would imagine that the two different offices have completely separate AD setups ?

    This being the case the full user credentials of the computer in CITY1 is completely unknown to the server in CITY2.

    The user is presumably authenticated on his PC with a full username of CITY1\jbloggs.

    When he attempts to connect to the SBS server the server will look to see if knows anyone by that name and as it doesn't will ask the user to authenticate.

    Users in CITY2 will be logged onto their PCs as CITY2\jdoe - when they login to the SBS server ( also on the CITY2 domain), the SBS server will see that they are already authenticated so let them straight on.

    Now you have a fully working site to site VPN establishing a permanent link between CITY1 and CITY2, my recommendation would be to consider merging both sites onto a single AD database.

    Whether that becomes two domains in a common forest or simply one common domain will really depend on the size of the userbase and any security/politics issues between the two entities.

    As networking has enabled many of our offices that used to be "standalone" to be pulled into one WAN with some VPN links, we've found that a single AD and a common domain for all offices makes everything so much simpler to support.

    A horrible temporary workaround that works only in SOME CASES is to ensure that the 'end bit' of username and password used on the local PC are the same as the domain user name and password on the SBS server. (e.g. If logging onto PC as CITY2\jbloggs make the password for CITY1\jbloggs the same as the CITY2\bloggs password)

    Good Luck !



    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
    Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now