The following guide is provided by our Service Support Engineers to help you configure your Draytek-to-Smoothwall VPN. However if you are unsure of how to configure your Draytek router, we recommend you contact your Draytek Support service.
You are having problems configuring a working Draytek-to-Smoothwall VPN.
- From your router's interface, go to VPN-remote access control.
- Ensure IPSec VPN is selected but the other options are not.
- VPN-LAN to LAN should now be selected.
- You will need to configure a profile with the IP or FQDN of the domain your Smoothwall is on. Make sure this profile is enabled and dial-out is always on:
- Dial-out settings should be set to IPSec tunnel
- IKE authentication method should be pre-shared key. Type in an agreed pre-shared key. This must then be entered on the Smoothwall as well. Check advanced has IKE phase1 and phase2 are set to AES128_MD5_G2
- Set IPSec security method to high – AES with authentication. Also, add server IP/hostname..
- On your Smoothwall interface:
- Browse to Network > VPN > IPSec subnets.
- Click Advanced.
- On the Draytek Router:
- In the case of this test example, in LAN-to-LAN under section 4, remote network IP would be 172.16.0.0 and remote network mask would be 255.240.0.0
- Local network IP (in this case) is 172.18.55.1 with mask of 255.255.255.0. These will obviously be different when configuring your own settings.
- Now go to System Maintenance > Management and make sure under Allow management from the internet only that HTTPS Server is selected. Also, clear the selection for Disable ping from internet.
- Under management port setup change the user defined ports as follows:
- Telnet –
In this example case the external IP is 220.127.116.11 and the internal IP is 172.18.55.1
This will obviously be different in each case but your Smoothwall set-up should look like this: