On Thu, 27 Nov 2003 03:30:33 -0800, Mark Anyon wrote:
> Hi, I have three sites connected to internet via pppoA adsl. I am using
> draytek 2600 vigor routers, but behind each of those is a watchguard soho
> 6tc which i need to connect all three via vpn. The external interface on
> the watchguard does not have a pppoA client much to my disapointment!
> I need to configure the draytek to pass thru ipsec traffic to the
> watchguard.
> I have followed the instructions on draytek support site:
>
> http://www.draytek.com.tw/applicatio..._1_b_ipsec.php
>
>
> But still no luck.
> Watchguard have remoted into my sohos and said the vpn config is fine but
> i should be using a public ip on the external interface.
>
> Any help greatly appreciated!!
What is actually happening is watchguard is on an internal network with an
internal ip address. It forwards this address to the distant watchguard
which tries to reply to it and gets nowhere.
There are a couple of possible solutions to this:
1. Get your ISP to allocate a block of ip addresses so the watchguard can
be allocated a 'real' ip address.
2. The watchguard broadcasts its internal address in an unencrypted UDP
packet (according to their own site). This would allow an intelligent
router to change this address to it's own external address as it passes
through it Can the Draytek 2600 do this?
A third option could be (although the watchguard site does not mention it)
is can the watchguard transmit your external address instead of it's own
internal address?
Hope this helps.
graham
Similar Threads
Linear Mode
