site to site VPN info required
Posted on 2014-03-26
I wonder if someone can point me to the right direction.
I am tasked to setup a Lan to Lan VPN setup for a client and I have came across some niggly bits.
Here are the details:
Local Network is
I need to dial out to a network where the other device is not a draytek (possibly a cisco) and the IT guys over there have provided the following info.
IKE Preshard Key = i have this
Protocol = IPSec
Security Method= High (ESP) without Authentication
IKE Phase1 = AES_SHA1_G2 <<<< is that right
Remote Network IP= 172.17.123.40/29
now when I have got most of it configured but when I go to IKE Advanced settings so that I can change IKE Phase 1 Proposal to AES_SHA1_G2, its not there. It surely doesn't work on Auto.
if I keep it on Auto >>> i am getting this in the log
NAT-Traversal: Using draft-ietf-ipsec-nat-t-ike-02/03, no NAT detected
and when I spoke to their IT people, this is what they have said.
To achieve this, typically can be solved with source NAT, natting your real LAN to that subnet before the encryption process.
am I missing something
and when I change it to some manually select IKE phase 1 proposal then I just get this
Initiating IKE Main Mode to IP address