This note is going to demonstrate how to establish an IPsec VPN between a Netgear router and a DrayTek Vigor Router. In this example, the Netgear router will be the VPN initiator (VPN Client), and Vigor Router will act as a VPN server.
Configuring Netgear as VPN client (Dial-out)
1. Go to VPN >> IPsec VPN, create an IKE Policy as follows:
- In the General box, set Direction / Type to "Initiator" and select "Main" for Exchange mode
- In the Local box, set Identifier Type to "Local WAN IP"
- In the Remote box, set Identifier to "Remote WAN IP"
- Use "Pre-shared key" for Authentication Method, and enter a pre-shared key
- Click Apply to save.
2. In VPN >> IPsec VPN, create a VPN Policy as follows:
- Set Remote Endpoint to IP Address, and enter the WAN IP of Vigor Router
- In Traffic Selection, specify the Local network (Netgear's LAN) and the Remote Network (Vigor Router's LAN)
- In Auto Policy parameters, Select IKE Policy as the one created in the previous step.
- Apply the settings.
Configuring Vigor Router as VPN server
1. On Vigor Router, go to VPN and Remote Access >> LAN to LAN, click on an available index number, and edit the profile as follows. In Common Settings,
- Give it a profile name
- Check Enable this profile
- Set Call Direction to "Dial-Out"
2. In Dial-In Settings,
- Enable "IPsec Tunnel" for Allowed Dial-in Type
- Enable Specify Remote VPN Gateway, and enter the Netgear's WAN IP in Peer VPN Server IP
- Use "Pre-shared key" for IKE Authentication Method, and enter the same pre-shared key as which configured on Netgear
3. In TCP/IP Network Settings, enter the Remote Network IP and Remote Network Mask according to Netgear's LAN settings. Then, click OK to finish the settings.
4. Now, the Vigor Router is ready for VPN connections from the Netgear router. Network Administrator may check the connection status from VPN and Remote Access >> Connection Management.