Manualshelf

Installation guide

ManualsBrandsDraytek ManualsComputer equipmentVIGOR 3300
41424344454647484950
42
$
$
%
%
&
&
'
'
(
(
)
)
%
%
*
*
&
&
+
+
%
%
2
2
.
.
4
4
.
.
1
1
I
I
n
n
t
t
r
r
o
o
d
d
u
u
c
c
e
e
Vigor 3300 series router supports two kinds of VPN type – PPTP & IPSec.
It supports only Host-to-LAN and a maximum of 16 tunnels in all for PPTP connection;
while it supports both Host-to-LAN & LAN-to-LAN VPN, and a maximum of 200
tunnels for IPSec.
Hence, when deploying a large-scale network, the IPSec tunnel is recommended.
However, there is a limitation for IPSec tunnel:
For traditional IPSec VPN, the dial-in side cannot obtain a private IP address from the
peer side, which is different from PPTP VPN (for PPTP, there will be a PPP virtual
interface for the remote dial-in side.). So there is only a one-way access for the tunnel –
“dial-in sidecentral server side”, while the backward is not available.
Nevertheless, we DrayTek have built a unique technique – “DHCP over IPSec” to
overcome such limitation.
To implement this feature, we’ll add a virtual NIC on the PC, thus, while connecting to
the server via IPSec tunnel, PC will obtain an IP address from the remote side through
DHCP protocol, which is quite similar with PPTP.
The following document describes the detailed configuration steps for this application.
2
2
.
.
4
4
.
.
2
2
C
C
o
o
n
n
f
f
i
i
g
g
u
u
r
r
a
a
t
t
i
i
o
o
n
n
o
o
n
n
S
S
e
e
r
r
v
v
e
e
r
r
Which is different to the Vigor2x00 series router, Vigor 3300 does not distinguish the
Remote Teleworker and LAN-to-LAN Setup. That is, the settings in policy table operates
on both Host-to-LAN & LAN-to-LAN tunnel.
Note:
Vigor 3300 does not require the remote dial-in user should own a fixed IP, a
dynamic IP address can also be OK.
The remote dial-in user can be directly on the Internet (public IP), but also can be
behind the NAT.
However, if the user is behind the NAT, that NAT router should support IPSec
VPN pass-through.
If the remote user is behind the NAT, then other hosts within the same subnet
cannot connect to the VPN server. That is, only one host can dial IPSec to the
VPN server at the same time if behind the NAT.
1. In VPN - IPSec - Policy Table page, select certain index and press Edit