• October 21, 2020, 09:46:04 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DSR-250 VPN non standard config  (Read 2515 times)

mswensen

  • Level 1 Member
  • *
  • Posts: 2
DSR-250 VPN non standard config
« on: January 06, 2016, 08:14:04 PM »

He everyone, I have a two part question about what is apparently a non standard config because I cant seem to find a way to do it.
The Setup
DSR-250 on each end.  static ips

QUESTION 1
site a
192.168.10.0/24 vlan2
192.168.12.0/24 vlan3
site b
192.168.11.0/24 vlan1

I am trying to figure out how to add more than one remote ip range to an IPsec vpn Policy  I have a tunnel established between site b's .11 lan and site a's .10 lan but I also need site b's .11 lan to talk to site a's .12 lan.  While configuring the IPsec policy it only allows you to enter a single subnet

Question 2 
I have a number of static ip addresses 1.1.1.1 is assigned to my wan interface of my router. how can I assign 1.1.1.2 to an host on the inside of my network.  this is usually called a one-to one nat but I don't see any reference to that in the docs or config pages.

Thanks
Logged

mswensen

  • Level 1 Member
  • *
  • Posts: 2
Re: DSR-250 VPN non standard config
« Reply #1 on: January 08, 2016, 07:17:11 AM »

Any Help anyone?  I'm about ready to box these two routers up  and return them. 
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49275
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250 VPN non standard config
« Reply #2 on: January 25, 2016, 01:45:01 PM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?


Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 435
Re: DSR-250 VPN non standard config
« Reply #3 on: January 25, 2016, 02:53:33 PM »

Hi,

Question 1:

I don't know about the capabilites of your DSR-250 with respect to IPsec traffic selectors that encompass several disjunct networks. But if it doesn't allow for that, you could trick it by renumbering network 192.168.10.0/24 vlan2 to 192.168.13.0/24 vlan2 and then aggregate both networks

192.168.12.0/24 vlan3
192.168.13.0/24 vlan2

to the single IP range 192.168.12.0/23.

Question 2:

Can you describe in more detail what the scenario behind this shall be? Using IP address 1.1.1.2/(unknown mask) for an inside host within inside networks out of the range 192.168.0.0/16 does not make sense to me, even more if it stems from an IP range 1.1.1.0/30 (or shorter prefix length), that is already in use for the router's wan interface.

PT
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49275
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DSR-250 VPN non standard config
« Reply #4 on: May 31, 2016, 07:22:17 AM »

Any status on this?  ???

He everyone, I have a two part question about what is apparently a non standard config because I cant seem to find a way to do it.
The Setup
DSR-250 on each end.  static ips

QUESTION 1
site a
192.168.10.0/24 vlan2
192.168.12.0/24 vlan3
site b
192.168.11.0/24 vlan1

I am trying to figure out how to add more than one remote ip range to an IPsec vpn Policy  I have a tunnel established between site b's .11 lan and site a's .10 lan but I also need site b's .11 lan to talk to site a's .12 lan.  While configuring the IPsec policy it only allows you to enter a single subnet

Question 2 
I have a number of static ip addresses 1.1.1.1 is assigned to my wan interface of my router. how can I assign 1.1.1.2 to an host on the inside of my network.  this is usually called a one-to one nat but I don't see any reference to that in the docs or config pages.

Thanks
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!