D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: hodhod26 on June 20, 2010, 01:41:18 AM

Title: VPN site to site problem
Post by: hodhod26 on June 20, 2010, 01:41:18 AM

Dear ALL,
kindly be note that i need to configure VPN site to site on dfl 800 my problem is my lannet shoould be real  IP not virual IP.
there is the configuration i should work with :-
VPN Peer IP Address:        196.46..x.y

VPN Peer IP Address(Client):        196.219..x.y

VPN Concentrator Vendor(Zain):        Cisco

VPN Concentrator Vendor(Client):        D Link

VPN concentrator model      :         Cisco 3800 Router

VPN concentrator model(Client):        DFL 800

VPN Host IP address(es)      :          196.46..x.y, 196.46.x.y

VPN Host IP address(es) (Client):         196.219..x.y

some pepole say i should used transparent mode >:(. but really i don't how to use this so can any one help me plz.
Regards.

Title: Re: VPN site to site problem
Post by: danilovav on June 20, 2010, 08:20:14 AM

If Cisco allows you to have just one IP address, you will should use NAT. It means, your LAN will be masked by 196.219.x.y, you can access remote address (196.46.x.y), but your LAN net will be invisible. It seems like typical remote access solution.

Set 196.219.x.y as local network on DFL and 196.46.x.y as remote. Make rule NAT lan/lannet ipsec_tunnel/remote_net all_services (NAT: new source = 196.219.x.y)

Title: Re: VPN site to site problem
Post by: frankijskes on June 21, 2010, 12:33:47 AM

I do not totally understand what you are trying to accomplish.

If you need to connect your dink to a remote cisco device, and you want your local (clients) to access the remote network (behind the cisco), than it is a standard vpn-setup.

You can choose to create a site-2-site vpn setup, where you create a vpn-tunnel, and route all the traffic across.

Please explain what you try to accomplish.

Title: Re: VPN site to site problem
Post by: hodhod26 on June 21, 2010, 10:59:48 AM

My problem is how to configure my dlink with these confgiuration. i am new with DFL 800  i try but i fail to do this configuration.
the vpn is up but i can't telnet or ping any server from the other side.
they told me that the traffic reach them side is from dlink 196.219.x.1 not from the lannet 196.219.x.2.
when i open show my ip addrees on the server it is 196.219.x.2 but the traffic from vpn isn't.
sorry for my bad language.

Regards.

Title: Re: VPN site to site problem
Post by: danilovav on June 21, 2010, 11:45:50 AM

Find out networks behond ends of IPsec - your and remote. Previously you said you have just two IP addresses as networks - it's situation with remote access (IP-to-IP). But, you want LAN-to-LAN and to get it work, you should specify networks correctly.

Title: Re: VPN site to site problem
Post by: hodhod26 on June 22, 2010, 10:29:03 AM

do i need any route config as frankijskes  say.

Title: Re: VPN site to site problem
Post by: danilovav on June 22, 2010, 12:26:58 PM

I think, first you should find out networks (remote and local) what you should specify. By default, all routing will be maked by automatically.