- 2 Minutes to read
Setting up site-to-site on Asus BRT-AC828
- 2 Minutes to read
Note: As Asus BRT-AC828 does not allow establishing a Site-to-Site connection on wider subnets than /24, you will only be able to access your remote resources while connected specifically with the IKEv2 VPN protocol chosen in the NordLayer application settings.
Verify the settings needed for the IPSec tunnel on the router
- After accessing the management page of ASUS BRT-AC828 you will see the WAN and LAN IP addresses of your router setup.
Configuring the tunnel
On the management webpage, click on the VPN tab that can be found on the left side of the webpage. Then press on the VPN Client tab.
Create a new tunnel profile by pressing the add profile button in the VPN client tab.
Click on the IPSec tab.
On the Basic Config tab, enter the VPN profile name (whatever you like), and select the Static IP Address option near the Remote Gateway type section.
Type in the IP address of the dedicated server used in your private gateway near the Remote Gateway section.
Near the Pre-Shared Key section enter the password key that you would like to use in the VPN profile configuration.
Fill in your local network subnet (the default subnet for ASUS BRT-AC828 is 192.168.1.0/24) near the Local Private Subnet section.
Near the Remote Private Subnet fill in the subnet of the dedicated server which is 10.6.0.0/24.
Navigate to the Advanced settings of the configuration by selecting the said value in the dropdown list that can be found near the VPN details section.
- In the Advanced settings category, please copy the exact values that are provided in the picture below:
Press Save in order to save the configuration made. Afterwards, press the Activate button found in the VPN tab in order to establish the connection from your side.
Re-start your router. The VPN tunnels should be up afterwards.
In order to finalize the site-to-site setup on our end, please provide these values via Site-to-site request from in the NordLayer Control Panel:
- Pre-shared key - you can generate it or we can provide it
- Encryption details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support IKEv2)
- Remote gateway/router public IP (must be reachable while connected to the dedicated server)
- Remote subnet and mask (the subnet is used in your local network)
Note: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our 24/7 customer support team.