DrayTek Vigor 2862

Introduction

This guide will assist you in establishing a Site-to-Site VPN tunnel between your Harmony SASE network and your DrayTek Vigor 2862 environment.

Breakdown of topics

1. Pre-requisites
2. Configuration Steps
3. Verifying the Setup
4. Troubleshooting
5. Support Contacts

Pre-requisites

To successfully follow this guide, ensure that:

1. An active Harmony SASE account and a configured network.
2. The Harmony SASE application is installed on your designated devices.
3. An up-and-running DrayTek Vigor 2862 setup with the necessary administrative credentials.

Configuration Steps

Configuring the tunnel in the Management Platform

1. Go to the Gateway in your network from which you want to create the tunnel to DrayTek. Select the three-dotted menu (...) and select Add Tunnel.
   

2. Select IPSec Site-2-Site Tunnel and select Continue.

3. In the General Settings section fill in the following information:

• Name: Choose whatever name you find suitable for the tunnel.
• Shared Secret: Enter a string of your own or use Generate.
• Public IP: Enter the public IP of the DrayTek device.
• Remote ID: Enter a name that will be also used as the name of the VPN profile on the DrayTek device.
• Harmony SASE Gateway Proposal Subnets: Choose the specified subnet. By default, this should be set to 10.255.0.0/16.
• Remote Gateway Proposal Subnets: Select Specified Subnets and specify according to your local LAN Subnets.

4. In the Advanced Settings section fill in the following:

• IKE Version: V2
• Encryption (Phase 1): AES256
• Encryption (Phase 2): AES256
• Integrity (Phase 1): SHA1 (Please set it higher if the router allows it)
• Integrity (Phase 2): SHA1 (Please set it higher if the router allows it)
• Diffie-Hellman Groups (Phase 1): 2 (Please set it higher if the router allows it)
• Diffie-Hellman Groups (Phase 2): 2 (Please set it higher if the router allows it)
• DPD delay: 30s
• DPD timeout: 60s

5. Leave the rest of the fields with the default values (as shown in the attached image) and click on Add Tunnel.

Configuring the tunnel in the DrayTek Management Interface

1. Open the DrayTek management interface.
2. In the left panel, select VPN and Remote Access, then select LAN to LAN, create a new VPN profile
   

3. Under the Common Settings tab, fill in the following information:

• Profile Name: P81 or Perimeter81
• Enable this profile checkbox: Checked
• VPN Dial-Out through: Your WAN interface; Default WAN IP
• Call Direction: Dial-in
• Idle Timeout: 0 second

Leave the Dial-Out settings blank

Under Dial-In Settings,fill in the following information:

• Allowed Dial-In Type: Check "IPsec Tunnel"
• Specify Remote VPN Gateway: Insert the Perimeter81 gateway IP
• Pre-shared Key: Check the box and click on the "IKE Pre-Shared Key" button

A pop-up will appear:

Insert the same shared secret you choose while configuring the tunnel at the Harmony SASE portal and click "OK"

Under TCP/IP Network Settings, fill in the following:

• MY WAN IP:Your WAN interface; Default WAN IP
• Remote Gateway IP:Insert the Perimeter81 gateway IP
• Remote Network IP: Insert your Perimeter81 Network subnet
• Local Network IP: Insert your LAN subnet

Verifying the Setup

After following the above steps, your tunnel should be active.
To verify, go to your Harmony SASE dashboard, locate the tunnel you just created, and check the tunnel status.
It should indicate that the tunnel is "Up", signifying a successful connection.
Next, connect to your network using the Harmony SASE agent and attempt to access one of the resources in your environment.

Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

Support Contacts

If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at support@perimeter81.com. We're here to assist you and ensure your VPN tunnel setup is a success.