D-Link Forums

D-Link VPN Router => DSR-250 => Topic started by: mswensen on January 06, 2016, 08:14:04 PM

Title: DSR-250 VPN non standard config
Post by: mswensen on January 06, 2016, 08:14:04 PM

He everyone, I have a two part question about what is apparently a non standard config because I cant seem to find a way to do it.
The Setup
DSR-250 on each end.  static ips

QUESTION 1
site a
192.168.10.0/24 vlan2
192.168.12.0/24 vlan3
site b
192.168.11.0/24 vlan1

I am trying to figure out how to add more than one remote ip range to an IPsec vpn Policy  I have a tunnel established between site b's .11 lan and site a's .10 lan but I also need site b's .11 lan to talk to site a's .12 lan.  While configuring the IPsec policy it only allows you to enter a single subnet

Question 2 
I have a number of static ip addresses 1.1.1.1 is assigned to my wan interface of my router. how can I assign 1.1.1.2 to an host on the inside of my network.  this is usually called a one-to one nat but I don't see any reference to that in the docs or config pages.

Thanks

Title: Re: DSR-250 VPN non standard config
Post by: mswensen on January 08, 2016, 07:17:11 AM

Any Help anyone?  I'm about ready to box these two routers up  and return them. 

Title: Re: DSR-250 VPN non standard config
Post by: FurryNutz on January 25, 2016, 01:45:01 PM

Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)

• What Hardware version is your router? Look at sticker under the router case.
• Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
• What region are you located?

Internet Service Provider and Modem Configurations

• What ISP Service do you have? Cable or DSL?
• What ISP Modem Mfr. and model # do you have?

Title: Re: DSR-250 VPN non standard config
Post by: PacketTracer on January 25, 2016, 02:53:33 PM

Hi,

Question 1:

I don't know about the capabilites of your DSR-250 with respect to IPsec traffic selectors that encompass several disjunct networks. But if it doesn't allow for that, you could trick it by renumbering network 192.168.10.0/24 vlan2 to 192.168.13.0/24 vlan2 and then aggregate both networks

192.168.12.0/24 vlan3
192.168.13.0/24 vlan2

to the single IP range 192.168.12.0/23.

Question 2:

Can you describe in more detail what the scenario behind this shall be? Using IP address 1.1.1.2/(unknown mask) for an inside host within inside networks out of the range 192.168.0.0/16 does not make sense to me, even more if it stems from an IP range 1.1.1.0/30 (or shorter prefix length), that is already in use for the router's wan interface.

PT

Title: Re: DSR-250 VPN non standard config
Post by: FurryNutz on May 31, 2016, 07:22:17 AM

Any status on this?  ???

Quote from: mswensen on January 06, 2016, 08:14:04 PM

He everyone, I have a two part question about what is apparently a non standard config because I cant seem to find a way to do it.
The Setup
DSR-250 on each end.  static ips

QUESTION 1
site a
192.168.10.0/24 vlan2
192.168.12.0/24 vlan3
site b
192.168.11.0/24 vlan1

I am trying to figure out how to add more than one remote ip range to an IPsec vpn Policy  I have a tunnel established between site b's .11 lan and site a's .10 lan but I also need site b's .11 lan to talk to site a's .12 lan.  While configuring the IPsec policy it only allows you to enter a single subnet

Question 2 
I have a number of static ip addresses 1.1.1.1 is assigned to my wan interface of my router. how can I assign 1.1.1.2 to an host on the inside of my network.  this is usually called a one-to one nat but I don't see any reference to that in the docs or config pages.

Thanks