Session 1 & 2 DrayTek Training at ABP Technology - Enabling IP Connectivity

Session 1 Enabling IP Connectivity

Henry&Lo&&Field&Application&Engineer

These&are&NOT&confidential&sessions&–&please&DO&consider&to&streaming,&blogging,&or&taking&pictures&

Multi-WANs LAN / VLAN

VPN Load-Balance/Route Policy



Outline

• Why&Need&Dual/Multi&WANs&• Multi&VLAN&Usage&• Supported&WAN&Interfaces&&• Internet&Access&Mode&• WAN&Budget&Limit&• Trouble&Shooting

Outline


Why Need Dual/Multi WANs

• Load&Balance&• Good&Backup&• Multi&Service&

– Internet&– IPTV&– Management&– VoIP


• Load!Balance

• 4&Mechanisms&for&WAN&Load&Balance&

-CAH,&cached&-BAL,&balanced&-DNS&-Policy


Why need Dual/Multi WANs

• Good&Backup

Outline


Multi VLAN Usage

Multi VLAN Usage

Multi VLAN Usage

Outline


Supported WAN Interfaces

• Ethernet&WAN&(10/100/1000BaseQTx,)&• xDSL&&

– ADSL,&ADSL2/2+&– VDSL2&

• USB&3G/4G&dongle&• Fiber

Outline


Internet Access Mode

• PPPoE/PPPoA&• MPoA&• Static&or&Dynamic&IP&• PPTP&or&L2TP&• 3G/4G&modem&PPP/DHCP&mode

Internet Access Mode

• IPv6&!

!

!

!

!

!

• How&to&Configure&WAN&for&IPv6&Service&– http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=1809&Itemid=293&lang=en

http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=1809&Itemid=293&lang=en

Outline


WAN Budget Limit

• Set&Budget&• Budge&Refresh&Time&• Action

• SMS/Mail&Alert&– Set&SMS/Mail&Object&and&Notification&Object

– Include&Notification&Object&into&SMS/Mail&Alert

WAN Budget Limit

Trouble Shooting

• Capture&online&status&page&• Capture&low&–wt&

– http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=2060&Itemid=296&lang=en&

• Capture&WAN&packet&– http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=2059&Itemid=296&lang=en&

• Capture&the&WAN&Setup&Page.





Outline

• Multi&LAN&Subnets/VLAN&- PortQBased&- TagQBased&- InterQLAN&Routing&

• LAN&Subnet&for&NAT/Routing&Usage&• Retrieve&DHCP&Lease&Periodically&• IP&Routed&Subnet

Outline


• LAN&Subnet&for&NAT/Routing&Usage&• Retrieve&DHCP&Lease&Periodically&• IP&Routed&Subnet

Multi LAN Subnets/VLAN

• The&initial&status


• PortQBased

• TagQBased


Multi LAN Subnets/VLAN• A&hybrid&example&- P1&in&LAN1&for&Administrator&management&

- P2,&P3,&P4&in&LAN2&for&3&Dept,&and&are&isolated&from&each&other&

- P5&in&LAN1&for&internal&server&

- P6&in&LAN3&for&Guest&usage


• Enable&LAN2,&LAN3

• Enable&InterQLAN&Routing

Outline


• LAN&Subnet&for&NAT/Routing&Usage&• Retrieve&DHCP&Lease&Periodically&• IP&Routed&Subnet&

NAT/Routing Usage

• Choose&NAT/Routing&for&LAN&Subnet&– LAN1&is&always&NATed&

Outline



Retrieve DHCP Lease Periodically

• Retrieve&IP&only&from&Inactive&Clients&&- Active&when&available&IP&less&than&30&&- Send&ARP&Request&every&60&seconds&- Retrieve&IP&if&no&ARP&Reply&

Outline



IP Routed Subnet

• LAN&PC&will&get&public&IP&Address&directly&&– No&NAT&will&be&applied

• Set&Start&IP/Pool&• Set&LAN&Port/Bind&MAC



Outline

• Supported&VPN&Protocol&• How&Many&Tunnels&does&Vigor&Support&• VPN&Application&• Special&VPN&Application&

Outline


Supported VPN Protocol

• PPTP&(TCP&1723)&• L2TP&(UDP&1701)&• IPsec&(UDP&500)&• L2TP&over&IPsec&• SSL&VPN&(TCP&443)&• mOTP&!

How Many VPN Tunnel does Vigor Support

Vigor!Model !IPsec/PPTP/L2TP SSL

Vigor2110 2 N/A

Vigor2130 2 N/A

Vigor2912 16 N/A

Vigor2920 32 N/A

Vigor2925 25 25

Vigor2930 100 30

Vigor2950 200 10

Vigor2960 200 20

&&&&&&&&&&&&Vigor3200&Series 64 10

&&&&&&&&&&&&Vigor3300&Series 200 NA

Vigor3900 500&(PPTP/L2TP&200) 20

How Many VPN Tunnel does Vigor Support

Vigor!Model IPsec/PPTP/L2TP SSL

Vigor2710 2 N/A

Vigor2760 2 N/A

Vigor2830 32 10

Vigor2850 32 10

Vigor2860 32 10

Outline


Outline• Supported&VPN&Protocol&

• How&Many&Tunnels&does&Vigor&Support&• VPN&Application&

- LAN&To&LAN&- Host&To&LAN&- SSL&VPN&- VPN&Trunk&

• Special&VPN&Application&





LAN to LAN

172.17.1.0/24 192.168.1.0/24

• Remote&Office&• Dial&Out&!

• Main&Office&• Dial&In&!

• Use&with&caution!Only&this&remote&IP&will&be&eligible!&

• Drop&the&rests&!





Host to LAN

• Client&site&OS&could&be&– Windows&(may&use&Smart&VPN&

client)&– Mac&OS/iOS&– Android&– Ubuntu&





VPN Trunk-Load Balance

VPN Trunk-Backup

Outline



• How&Many&Tunnels&does&Vigor&Support&

• VPN&Application&• Special&VPN&Application&

- Change&Default&Route&to&this&VPN&Tunnel&- Apply&VPN&Tunnel&into&L/B&Policy&- VPN&Backup&when&Specified&WAN&Drops&- Packets&Trigger&to&Establish&the&VPN&Tunnel&- Add&more&Network&into&Phase&2&SA&

Change Default Route to VPN tunnel

• Enable&VPN&default&route&• Go&via&VPN&tunnel&for&

localized&service

Apply VPN Tunnel as Interface for L/B Policy

• How&to&Use&LoadQBalance/Route&Policyhttp://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5181&Itemid=293&lang=en

VPN Backup when Specified WAN Down

Add More Network into Phase2 SA



Outline

• How&does&it&Work&– When&matching&criteria,&send&via&the&route&

• What&does&it&Do&– 2&real&usage&examples&

• Trouble&Shooting&– Ping&/&Trace&Route&

• Application&Note

Outline





How does it Work (1/3)

• Set&Criteria&- Protocol&- Source&IP&- Dest&IP&- Dest&Port&

• Set&the&Route&- Interface&- Gateway&- NAT&or&Routing


• Protocol&- TCP&- UDP&- ICMP&

• Source&IP&• Dest&IP&• Dest&Port

• Interface&- WAN/Virtual&WAN&- LAN&- VPN&

• Gateway&- Default&- Specified&

• Do&NAT&or&Routing&- NAT&is&not&applicable&for&LAN&and&VPN


Outline





What does it Do

• Choose&VPN&tunnel&for&certain&destinations(Jump)&– Surf&facebook&– Watch&Netflix&

• Choose&WAN&interface&for&certain&destinations&– WAN1&for&Public&VoIP&and&data,&NAT&– WAN5&for&Private&VoIP,&Routing

What does it Do



VPN to Remote Server

• Scenario&• Find&the&Destination&IP&Range&• Configuration&• Confirm&the&Routing

Scenario

• Go&via&VPN&tunnel&for&Netflix&and&facebook

Find the Destination IP Range

• ping&/&nslookup

• whois

Configuration

• Dest&IP&• Interface

Confirm the Routing

• Use&tracert&/&traceroute&to&confirm&routing

• First&Hop:&LAN&Gateway&• Second&Hop:&VPN&Gateway&

What does it Do



WAN5 for Private VoIP

• Scenario&• Rules&Overview&• Configuration&

– Public&server&via&WAN1&– DNS&via&WAN1&– Private&server&via&WAN5&

• Confirm&the&Routing

Scenario

INTERNET

Private

• LAN1&for&PC&

• LAN2&for&IP&Phones&

• Data&via&WAN1&

IP Phones

SIP / PPBX

10.20.10.1/24

PVC1

• VoIP&to&Public&Server&via&WAN1&- May&require&DNS&lookup

• VoIP&to&Private&Server&via&WAN5&

External SIP Server!iptel.org!

217.9.36.145!

Internal SIP Server!Vigor2820 IPPBX!

192.168.11.1!

PVC1, WAN1 : 111.248.121.156 Gateway: 168.95.98.254

PVC2, WAN5 : 192.168.11.13 Gateway: 192.168.11.1

LAN 1 / NAT!

PC 1A!192.168.1.1/24

PVC1

PVC2

Rules Overview

• VoIP&to&Public&Server&via&WAN1,&NAT

• DNS&lookup&via&WAN1,&NAT

• VoIP&to&Private&Server&via&WAN5,&Routing

• Unspecified&traffics&via&WAN1,&NAT

External Server via WAN1

• Source&IP&– IP&phones

• Dest&IP&– Iptel.org

• Interface&– WAN1

• Force&NAT

DNS via WAN1

• DNS&&– UDP&53

• Interface&&– WAN1

• Force&NAT

Private Server via WAN5

• Source&IP&– IP&phones

• Dest&IP&– Any&except&iptel

• Interface&– WAN5

• Routing

Confirm the Routing

• LAN1&PC&tracert&/&traceroute&to&8.8.8.8

• LAN2&IP&phone&tracert&/&traceroute&to&8.8.8.8&

• LAN2&IP&phone&traceroute&to&another&IP&phone&

Trouble Shooting

• Use&ping&/&tracert&to&confirm&the&routing&• Respect&the&first&matched&ruleIgnore&the&rests&

• Firewall&>&InterQLAN&routing&>&LoadQBalance/Route&Policy&>&Static&Route

Application Note

• How&to&use&LoadQBalance/Route&Policy?&– http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5181&Itemid=293&lang=en


Session 1 & 2 DrayTek Training at ABP Technology - Enabling IP Connectivity

Technology

multi vlan usage

dualmulti wans goodbackup

vpn tunnel

vpntrunk specialvpnapplication

vpn protocol

vigor support vigor

hosttolan sslvpn

internet access mode