Vigor Router to Mikrotik – IPsec

公司是用一般住家當辦公司兩間辦公室距離遠拉專線又浪費錢,只好自已架IPsec VPN, 原面就有Vigor 2925n,買一台Mikrotik RouterOS 450G就可以將兩間辦公室串在一起共用資源,設定如下(很簡單,不難有問題可以問我):


一、Configuring the Mikrotik Router

1.  Create a new IPsec proposal: Go to IPsec


3、Proposal, and

4、add a new one.

5、Enter Name

6、 Select Auth. Algorithms as md5

7、 Select Encr. Algorithms as 3des.

8、 Click OK to save the configuration.


9、 Peer

10、 and add a new one.

11、 Enter Address as Draytek’s WAN IP.

12、 Select Auth. Method as pre shared key

13、 enter Secret. àmykey

14、 Hash Algorithm à md5

15、 Encryption Algorithm à 3ces.

16、 OK

17、 Policy configuration: Go to IPsec >> Policies,

18、 add a new one.

19、 In General Tab

20、 Enter Src. Address as Mikrotik’s LAN IP.

21、 Enter Dst. Address as DrayTek’s LAN IP.


22、 In Action Tab

23、 Enable Tunnel.

24、 Set SA Src. Address as Mikrotik’s WAN IP.

25、 Set SA Dst. Address as Draytek’s WAN IP.

26、 As for Proposal, select the Proposal we just created.

27、 Click OK to save the configuration.


NAT configuration:

28、 Go to IP

29、 Firewall


30、 NAT Table

31、 add a new rule. (Note: This rule must be the first rule in NAT Rules)

32、 In General Tab,

33、 Select Chain as srcnat.

34、 Set Dst. Address as the range of your destination network.

35、 Select Out. Interface as a WAN interface, here we use ether1.


36、In Action Tab:

37、Select Action as accept.

38、Click OK to save the configuration.


二、Configuring the Vigor Router

Create a LAN-to-LAN profile:

1、 VPN and Remote Access

2、 LAN to LAN.

3、 Click on an Index number to add a new profile.


4、 Enter Profile Name and Enable this profile.

5、 Select Call Direction as Dial-out.

6、 Always on


In Dial-Out Settings:

7、 Select Type of Sever I am calling as IPsec Tunnel.

8、 Enter Mikrotik’s Server IP or Host Name.

9、 For IKE Authentication Method, choose Pre-Shared Key and enter the key.

10、 For IPSEC Security Method, choose High(ESP), and select 3DES with Authentication.

11、 Click on Advanced for advanced setting.


12、 In IKE advances setttings: Select IKE phase 2 proposal as 3DES_MD5,

13、 click OK.


In TCP/IP Network Settings:

14、 Enter Remote Network IP as Mikrotik’s LAN IP.

15、 Click OK to save the configuration.


To check VPN connection status, Go to Advanced >> VPN and Remote Access >> Connection Management.




