• May 10, 2024, 01:58:04 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-330 site to site with DI-804HV  (Read 4889 times)

teknocat

  • Level 1 Member
  • *
  • Posts: 7
DIR-330 site to site with DI-804HV
« on: October 07, 2009, 11:24:50 PM »
I have been running a DI-804HV behind a dlink DI-604 rev E, (latest  firmware for both). Works beautifully with the D link vpn client. (DS-601). The Wan side of the DI-804 is not  DMZ'd, but i get stable ipsec tunnels. .  I have been trying to establish a site to site with a DIR-330. 1.12 firmware, (standard install , not behind another router) using the instructions from the DIR-330 faq (which seem to be in need of revision..) My issue seems to be that the DIR- 330 seems to not like the tunnel endpoint..It expects the tunnel to start at the gateway, not a private ip behind it. If I can get an ipsec connection with the VPN client software, shouldn't the DIR-330 be able to do it as well.?? 
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DIR-330 site to site with DI-804HV
« Reply #1 on: October 08, 2009, 10:23:38 AM »
Yes, this should work if you can get it to work with an endpoint.  Make very sure you have all the right information entered.  NAT-T and DPD/Keep Alive are both common mismatches in this kind of scenario.
Logged
non progredi est regredi

teknocat

  • Level 1 Member
  • *
  • Posts: 7
Re: DIR-330 site to site with DI-804HV
« Reply #2 on: October 08, 2009, 04:44:58 PM »
I think dead peer connection might be the problem..In the instructions for the site to site connections, there is no setting for Dead Peer Detection....The instructions mention use the Encapsulation mode, which the 1.12 firmware doesn't have. Like I said, the instructions need revision. Can you tell me the correct Dead Peer Detection setting?? ...And by the way, I want to confirm - PFS off??  It seems strange to me that the DCS-601 connection requires PFS on, yet site to site requires PFS off...

Thanks for all the help

Teknocat. 
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DIR-330 site to site with DI-804HV
« Reply #3 on: October 09, 2009, 08:23:05 AM »
If the DS-601 software has a setting match it exactly.

The biggest problem here is that all of the different FAQs we have may have been written against a different (assumed) goal or different configuration of the other devices in the test.  There is no universal statement that PFS should be on or off, if there was it wouldn't be an option, it would just be a fact.

DPD is the opposite of keep alive, it kills stagnant tunnels to preserve bandwidth while keep alive maintains them.  Just make sure that you are only using 1 of those 2 features or your tunnels will do some weird things.
Logged
non progredi est regredi