1 / 56

DrayTek VPN Solution

DrayTek VPN Solution. Outline. What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application CVM (Central VPN Management) Trouble Shooting. What is VPN.

kioko
Download Presentation

DrayTek VPN Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DrayTek VPN Solution

  2. Outline • What is VPN • What does VPN Do • Supported VPN Protocol • How Many Tunnels does Vigor Support • VPN Application • Special VPN Application • CVM (Central VPN Management) • Trouble Shooting

  3. What is VPN • A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. http://en.wikipedia.org/wiki/Virtual_private_network

  4. What is VPN http://en.wikipedia.org/wiki/Virtual_private_network

  5. What does VPN Do • Host to LAN allow employees to securely access their company's intranet while traveling outside the office. • Similarly, VPNs securely and cost-effectively connect geographically disparate offices of an organization, creating one cohesive virtual network. We call it as LAN to LAN. http://en.wikipedia.org/wiki/Virtual_private_network

  6. Supported VPN Protocol • PPTP (TCP 1723) • L2TP (UDP 1701) • IPsec (UDP 500) • L2TP over IPsec • SSL VPN (TCP 443) • mOTP

  7. How Many VPN Tunnel does Vigor Support

  8. How Many VPN Tunnel does Vigor Support

  9. VPN Application • LAN to LAN • Host to LAN • PPTP/L2TP/IPsec/L2TP over IPsec • SSL VPN • mOTP • VPN Trunk

  10. LAN to LAN 192.168.1.0/24 172.17.1.0/24

  11. Host to LAN • Client site OS could be • Windows (may use Smart VPN client) • Mac OS/iOS • Android • Ubuntu

  12. SSL VPN • SSL Tunnel • TCP port 443 • SSL Application • SSL Proxy http://www.draytek.com.tw/index.php?option=com_k2&view=itemlist&task=category&id=129:ssl-vpn&Itemid=293&lang=en

  13. SSL VPN

  14. SSL VPN

  15. mOTP: Mobile One Time Password

  16. VPN Trunk-Load Balance

  17. VPN Trunk-Backup

  18. Special VPN Application • Change default route to this VPN tunnel • Apply VPN Tunnel as Interface for L/B Policy • VPN backup when specified WAN drops • Packets trigger to establish the VPN tunnel • Add more network into Phase 2 SA

  19. Change Default Route to VPN tunnel • Enable VPN default route • Go via VPN tunnel for local service

  20. Apply VPN Tunnel as Interface for L/B Policy • How to Use Load-Balance/Route Policyhttp://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5181&Itemid=293&lang=en

  21. VPN Backup when Specified WAN Down

  22. Add More Network into Phase2 SA

  23. CVM

  24. CVM • How to Use Central VPN Managementhttp://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5293&Itemid=293&lang=en

  25. Trouble Shooting VPN is up but Traffic cannot pass to remote network?

  26. What to Do? • Check Routing Table • Use ping to diagnose • Use trace route to diagnose • Check Firewall Rule

  27. Check Routing Table • Check Dial-Out Vigor's Routing table • Check Dial-In Vigor's Routing table • If the route to remote VPN network doesn't exist, check TCP/IP Network Setting in VPN LAN to LAN profile. • If the route to remote VPN network exists, check if the host can respond ping.

  28. PPTP Dial Out

  29. PPTP Dial In

  30. IPsec Dial Out

  31. IPsec Dial In

  32. Use Ping to Diagnose • Ping to host from its Local Router • If Local Router cannot get ping response from the host, check the firewall setting on the host. • Find a host that can respond ping from its Local Router, and then ping the host from Remote Router.

  33. Ping Diagnostic

  34. Check ARP Table

  35. Use Trace Route to Diagnose • Use command “tracert -d destination IP” to check if the packet is sending through the right gateway.

  36. Check Firewall Rule • Check Firewall Rule and see if the packet to remote VPN network is blocked by firewall rule.

  37. Case Study

  38. Case Study • Router A has two networks connected, which are 192.168.1.0/24 and 192.168.2.0/24. • Router B has one network connected, which is 192.168.139.0/24. • Computer with IP 192.168.139.10 can ping IP 192.168.1.10, but cannot ping IP 192.168.2.10. • What could we do?

  39. Step1: • Use Trace Route on Computer with IP 192.168.139.10 to destination IP 192.168.2.10. • Result: The packet is routed to the Internet?!

  40. Next Step: • Check Router B's Routing Table. • Result: There is no Route to 192.168.2.0/24 on Router B.

  41. Next Step: • Add Route 192.168.2.0/24 via More option in VPN LAN to LAN Profile. • Then disconnect and reconnect VPN. • Result: Router B has route to network 192.168.2.0/24 now.

  42. Next Step: • Use Trace Route on Computer with IP 192.168.139.10 to destination IP 192.168.2.10 again. • Result: The packet is stopped at IP 192.168.1.1.

More Related