D-Link VPN Router > DSR-250N



I have two PC and two DSR-250N. Each PC is connecter to its DSR-250N by the LAN port. While DSR-250N are connectet with the WAN port.
How can I configure my IPSEC Policy to connect PC1 to PC2?
Do I have to enable L2TP Server and Client?



* What Hardware version is your router? Look at sticker under the router case.
* Link>What Firmware version is currently loaded? Found on the routers web page under status.
* What region are you located?
Internet Service Provider and Modem Configurations

* What ISP Service do you have? Cable or DSL?
* What ISP Modem Mfr. and model # do you have?
Is there information in the user manual regarding IPSEC configurations on the DSR routers?


--- Quote ---While DSR-250N are connectet with the WAN port
--- End quote ---

The WAN ports are not connected to the Internet but are attached to each other 'back to back'? Hence it is a test setup for VPN?

This is a simple model for a typical site-to-site IPsec-VPN, where both boxes operate as IPsec gateways for IPsec in tunnel mode in order to interconnect both LAN networks behind the boxes. Hence not only the two PCs but any PC at the one site can talk to any PC at the other site, as if they were connected by a single router. They aren't even aware of the VPN between them and no extra configuration (such like L2TP) is needed at the PCs beyond what is needed without the VPN.

To make this work you have to make sure that the LAN networks at both sites use different network addresses such like and In the boxes you have to specify plain IPsec with ESP in tunnel mode without L2TP and without NAT traversal. The peer address for one box is the WAN address of the other box respectvely. For any box you have to specify the remote LAN network behind the other box. Use IKEv1 with Main Mode authenticated via preshared key. Specify the same set of DH groups and security algorithms at both sites.

Later, if you connect the WAN interfaces to the Internet, the public addresses used should be static, hence they can be specified as peer addresses to each other. If one site doesn't have a static public address you need a dynamic DNS service (e.g. Dyn or Freedns) that resolves a fixed DNS name to the present public IP address.  In this case in the other box you would specifiy the peer addresse of type FQDN using that DNS name.



[0] Message Index

Go to full version