DrayTek Vigor 2862
  • 17 May 2024
  • 2 Minutes to read
  • Contributors

    DrayTek Vigor 2862


      Article summary

      Introduction

      This guide will assist you in establishing a Site-to-Site VPN tunnel between your Harmony SASE network and your DrayTek Vigor 2862 environment.

      Breakdown of topics

      1. Pre-requisites
      2. Configuration Steps
      3. Verifying the Setup
      4. Troubleshooting
      5. Support Contacts

      Pre-requisites

      To successfully follow this guide, ensure that:

      1. An active Harmony SASE account and a configured network.
      2. The Harmony SASE application is installed on your designated devices.
      3. An up-and-running DrayTek Vigor 2862 setup with the necessary administrative credentials.

      Configuration Steps

      Configuring the tunnel in the Management Platform

      1. Go to the Gateway in your network from which you want to create the tunnel to DrayTek. Select the three-dotted menu (...) and select Add Tunnel.
        360010932540ScreenShot2019-08-27at140615.png

      2. Select IPSec Site-2-Site Tunnel and select Continue.

      3. In the General Settings section fill in the following information:

      • Name: Choose whatever name you find suitable for the tunnel.
      • Shared Secret: Enter a string of your own or use Generate.
      • Public IP: Enter the public IP of the DrayTek device.
      • Remote ID: Enter a name that will be also used as the name of the VPN profile on the DrayTek device.
      • Harmony SASE Gateway Proposal Subnets: Choose the specified subnet. By default, this should be set to 10.255.0.0/16.
      • Remote Gateway Proposal Subnets: Select Specified Subnets and specify according to your local LAN Subnets.

      360010935919ScreenShot2020-03-31at154525.png

      1. In the Advanced Settings section fill in the following:
      • IKE Version: V2
      • Encryption (Phase 1): AES256
      • Encryption (Phase 2): AES256
      • Integrity (Phase 1): SHA1 (Please set it higher if the router allows it)
      • Integrity (Phase 2): SHA1 (Please set it higher if the router allows it)
      • Diffie-Hellman Groups (Phase 1): 2 (Please set it higher if the router allows it)
      • Diffie-Hellman Groups (Phase 2): 2 (Please set it higher if the router allows it)
      • DPD delay: 30s
      • DPD timeout: 60s

      5. Leave the rest of the fields with the default values (as shown in the attached image) and click on Add Tunnel.

      Configuring the tunnel in the DrayTek Management Interface

      1. Open the DrayTek management interface.
      2. In the left panel, select VPN and Remote Access, then select LAN to LAN, create a new VPN profile

      3. Under the Common Settings tab, fill in the following information:

      • Profile Name: Harmony SASE
      • Enable this profile checkbox: Checked
      • VPN Dial-Out through: Your WAN interface; Default WAN IP
      • Call Direction: Dial-in
      • Idle Timeout: 0 second

      Leave the Dial-Out settings blank

      Under Dial-In Settings,fill in the following information:

      • Allowed Dial-In Type: Check "IPsec Tunnel"
      • Specify Remote VPN Gateway: Enter the Harmony SASE gateway IP
      • Pre-shared Key: Check the box and click on the "IKE Pre-Shared Key" button

      A pop-up will appear:

      Enter the same shared secret you choose while configuring the tunnel at the Harmony SASE portal and click "OK"

      Under TCP/IP Network Settings, fill in the following:

      • MY WAN IP:Your WAN interface; Default WAN IP
      • Remote Gateway IP: Enter the Harmony SASE gateway IP
      • Remote Network IP: Enter your Harmony SASE Network subnet
      • Local Network IP: Enter your LAN subnet

      Verifying the Setup

      After following the above steps, your tunnel should be active.
      To verify, go to your Harmony SASE dashboard, locate the tunnel you just created, and check the tunnel status.
      It should indicate that the tunnel is "Up", signifying a successful connection.
      Next, connect to your network using the Harmony SASE agent and attempt to access one of the resources in your environment.

      Troubleshooting

      If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

      Support Contacts

      If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.


      Was this article helpful?