In this document we will introduce how to create a LAN to LAN IPSec VPN between Vigor2130 and a Vigor2820 using Aggressive mode. We will use the following scenario.

Case 1: VPN direction from Vigor2130 to Vigor2820

VPN configuration on Vigor2130

1. Create a LAN-to-LAN profile.

2. Enable it and give it a name. In this example the profile name is “Demo”.

3. Enter Vigor2820’s WAN IP address in the Remote IP field.

4. Select Aggressive Mode as IKE phase 1 mode.

5. Setup a pre-shared key, which must be the same as in Vigor2820.

6. Setup the Local Identity and Remote Identity, which are for Vigor2130 and Vigor2820 respectively. During IPSec Aggressive mode negotiation, the VPN client must send its identity to the VPN server for verification. The VPN client may also verify the identity of the VPN server, which is optional. In this example we setup ‘vigor2130’ as the identity of Vigor2130, and ‘vigor2820’ as the identity of Vigor2820.

7. Enter Vigor2130’s private network in the Local Network / Mask field. Enter Vigor2820’s private network in the Remote Network / Mask field.

8. Use default value “Automatic” for IKE phase 1 and phase 2 proposals.

9. Click OK.

10. Accessing the VPN network of Vigor2820 from a PC behind Vigor2130 to initiate the VPNconnection, for example, ping 192.168.1.x from a PC (192.168.30.x). Vigor2130 will be triggered to dial the IPSec VPN to Vigor2820. After the VPN is connected, you can monitor the status.

 

VPN configuration on Vigor2820

1. Create a LAN-to-LAN profile.

2. Enable it and give it a name. In this example the profile name is “test”.

3. Select Dial-in as Call Direction.

4. In Dial-Out Settings part, select IPSec Tunnel and press the Advanced button.

5. In the pop-up window please enter vigor2820 in the Local ID field. Click OK to return to the profile setting page.

6. In Dial-In Settings part, please enable Specify Remote VPN Gateway and enter vigor2130 in the Peer ID field.

7. Setup a pre-shared key, which must be the same as in Vigor2130.

8. Enter Vigor 2130’s private network in the Remote Network IP / Mask field.

9. Click OK.

Note: Vigor2130 supports the following proposals by default.

Case 2: VPN direction from Vigor 2820 to Vigor 2130

VPN configuration on Vigor 2130

1. Create a LAN-to-LAN profile.

2. Enable it and give it a name. In this example the profile name is “Demo”.

3. Enter 0.0.0.0 in the Remote IP field.

4. Select Aggressive Mode as IKE phase 1 mode.

5. Setup a pre-shared key, which must be the same as in Vigor2820.

6. Setup the Local Identity and Remote Identity, which are for Vigor2130 and Vigor2820 respectively. During IPSec Aggressive mode negotiation, the VPN client must send its identity to the VPN server for verification. The VPN client may also verify the identity of the VPN server,which is optional. As VPN client Vigor2820 don’t verify the identity of VPN server. So in this example we just setup ‘vigor2820’ as the identity of Vigor2820.

7. Enter Vigor2130’s private network in the Local Network / Mask field.

8. Enter Vigor2820’s private network in the Remote Network / Mask field.

9. Use default value “Automatic” for IKE phase 1 and phase 2 proposals.

10. After the VPN is connected, you can monitor the status.

 

VPN configuration on Vigor2820

1. Create a LAN-to-LAN profile.

2. Enable it and give it a name. In this example the profile name is “test”.

3. Select Dial-Out as Call Direction and enable Always on.

4. Select IPSec Tunnel and enter Vigor2130’s WAN IP address in the Server IP/Host Name for VPN field.

5. Setup a pre-shared key, which must be the same as in Vigor2130.

6. Select ESP (High) and 3DES with Authentication.

7. Press the Advanced button.

8. In the pop-up window, please select Aggressive mode and select “DES_MD5_G2/DES_SHA1_G2/3DES_MD5_G2/3DES_SHA1_G2” as IKE phase 1 proposal. Enter vigor2820 in the Local ID field. Click OK to return to the profile setting page.

9. Enter Vigor2130’s private network in the Remote Network IP / Mask field.

10. Click OK.