Loading...

Hướng dẫn cấu hình site to site VPN giữa Draytek và Mikrotik

Các bạn cấu hình từng bước theo guide dưới đây

Configuring the Mikrotik Router
1. Create a new IPsec proposal: Go to IPsec >> Proposal, and add a new one.
  1. Enter Name
  2. Select Auth. Algorithms as md5
  3. Select Encr. Algorithms as 3des.
  4. Click OK to save the configuration.

  

2. Peer configuration: Go to IPsec>> Peer, and add a new one.
 
  1. Enter Address as Draytek's WAN IP.
  2. Select Auth. Method as pre shared key, and enter Secret.
  3. Select Hash Algorithm as md5, Encryption Algorithm as 3ces.
  4. Click OK to save the configuration.

      

3. Policy configuration: Go to IPsec >> Policy, and add a new one. In General Tab:
 
  1. Enter Src. Address as Mikrotik's LAN IP.
  2. Enter Dst. Address as DrayTek's LAN IP.

          

 
In Action Tab:
 
  1. Enable Tunnel.
  2. Set SA Src. Address as Mikrotik's WAN IP.
  3. Set SA Dst. Address as Draytek's WAN IP.
  4. As for Proposal, select the Proposal we just created.
  5. Click OK to save the configuration.

4. NAT configuration: Go to Firewall >> NAT, and add a new rule. (Note: This rule must be the first rule in NAT Rules) In General Tab,
 
  1. Select Chain as srcnat.
  2. Set Dst. Address as the range of your destination network.
  3. Select Out. Interface as a WAN interface, here we use ether1.

 
In Action Tab:
 
  1. Select Action as accept.
  2. Click OK to save the configuration.

Configuring the Vigor Router
1. Create a LAN-to-LAN profile: Go to Advanced >> VPN and Remote Access >> LAN to LAN. Click on an Index number to add a new profile.
 
  1. Enter Profile Name and Enable this profile.
  2. Select Call Direction as Dial-out.

In Dial-Out Settings:
 
  1. Select Type of Sever I am calling as IPsec Tunnel.
  2. Enter Mikrotik's Server IP or Host Name.
  3. For IKE Authentication Method, choose Pre-Shared Key and enter the key.
  4. For IPSEC Security Method, choose High(ESP), and select 3DES with Authentication.
  5. Click on Advanced for advanced setting.

In IKE advances setttings: Select IKE phase 2 proposal as 3DES_MD5, and click OK

 
In TCP/IP Network Settings:
 
  1. Enter Remote Network IP as Mikrotik's LAN IP.
  2. Click OK to save the configuration.

2. To check VPN connection status, Go to Advanced >> VPN and Remote Access >> Connection Management

(Theo draytek)

 

Comments

No posts found

New post


Liên hệThỏa thuận sử dụng | Chính sách bảo mật