|
DRAYTEK configuration
model vigor2600 annex A
firmware version : v2.5_UK
- MAIN MODE ONLY (cannot be configured)
- DH2 only (cannot be configured)
- MD5 hash function only (cannot be configured)
- phase 2 key live is per default 3600 sec (cannot be configured)
- no nat traversal compliant
- no DPD compliant
FortiGate-60 MR7 build 212 configuration:
set system interface wan2 mode static ip 80.176.126.251 255.255.255.248
set system route number 0 dst 80.176.169.213 255.255.255.255 gw1 80.176.126.249 dev1 wan2
set system route number 1 dst 172.17.0.0 255.255.0.0 gw1 80.176.126.249 dev1 wan2
set system route number 3 dst 0.0.0.0 0.0.0.0 gw1 80.176.116.33 dev1 wan1 gw2 80.176.126.249 dev2 wan2
set firewall address wan2 Homecall subnet 172.17.0.0 255.255.0.0
set firewall address internal local-private-lan subnet 172.16.0.0 255.255.0.0
# set vpn ipsec phase1
set vpn ipsec phase1 Homecall type static gw 80.176.169.213 proposal 3des-md5 keylife 28800 dhgrp 2 authmethod PSK 'xxxxxxx' keepalive 5 dpd disable peertype any xauthtype disable
# set vpn ipsec phase2
set vpn ipsec phase2 Homecall phase1name Homecall proposal 3des-md5 keylifeseconds 3600 dhgrp 1 replay enable concentrator none
set vpn ipsec phase2 Homecall bindtoif wan2
# set firewall policy
set firewall policy srcintf internal dstintf wan2 policyid 3 srcaddr local-private-lan dstaddr Homecall schedule Always service ANY action encrypt vpntunnel Homecall inbound allow outbound allow
Network diagram
172.16.0.0/16 .30 int *********** wan2 .251 80.176.126.248/28 .249 **********
----------------------------* FGT-60 *----------------* router *-->
*********** **********
172.17.0.0/16 .5 *********** 80.176.169.213
----------------------------* DRAYTEK *----------> DSL
***********
|
