BT Infinity - DrayTek Vigor 2820 - Connection Drop...

Similar Messages

• Draytek vigor 2750 - connection seems to hold now...

  so i posted last week about the draytek 2750n that kept disconnecting  over the weekend i pluged in the HH3 / OR modem as i was away so my line could hold steady and raise the IP profile..
  wed morning and draytek support emailed me back regarding the issue  asking for some screen shots  so i plugged the draytek back in and sent the screen shots and decided to leave it plugged in.
  its now been connected for 18 hours and no drop  so im gonna leave it and see how it performs..
  here a screen shot of line stats..  can someone explain to me the SNR and how it works and how my line looks. 
  and maybe explain some of the other "relevant " stats and what they mean

  Thanks again ironman.
  Initially, I was on 1.5.3 as I had been previously (maybe 3-4 months) but no luck. Reverted to 1.5.2 which I'd used for about a year. No luck. Even tried the beta of 1.5.2 which I still had. Nope
  Sync'd up the time using the browser. Nothing. During the all too brief connections the time also syncs with the nntp server (see the log above). Again, inevitable termination regardless.
  Have tried using the config file I saved before I updated to 1.5.3. Have tried resetting to factory defaults.
  All to no avail.
  I can't help but think its something purely on the BT end. Everything is right on my side, everything has worked before now. But suddenly I can't stay connected.

• Draytek Vigor 2750n Connection Issues

  Guys,
  After searching the forums I chose to purchase a Draytek 2750n from BB for a replacement for my BT Infinity kit, however for the life of me I cant get the Draytek to connect to Infinity; I've followed the below guide and have had no luck;
  http://www.draytek.co.uk/support/kb/kb_vigor_v2750_setup.html
  I've tried all username conventions, my BT Yahoo email and password, [email protected], with a "space" as a password, [email protected] with a "space" as a password with no luck.  I can see the initial VDSL2 sync and with a profile of 17a however the Draytek constantly shows Idle > Handshake > Training.
  I did notice that the Draytek time was set to 1970!! could this be the issue?
  Infinity was recently placed live in my area with one of the smaller slimline cabs, is there anyway that the cab can only be accepting connections from the Openreach Modem? Can any BT forum guys advise?
  Can anyone share any experiences they've had, I'm at a loss and dont want to return the modem
  Cheers,

  Cleric wrote:
  toekneem wrote:
  Mine is set up with [email protected]  Space for a password details are all you need, and it definitely works with the 1.5.1 firmware
  The details are the same as page 19 of the BT Infinity user guide and troubleshooting booklet.
  One always gives way to one's elders and betters! :
  Belt and braces you have two options here both of which are known to work so if at first you don't succeed - try the other one!
  err!!! 3 options......go back to the OR Modem and HH
  [edit] It must show that you may be able to put what you want in, as long as the telephone number authenticates
  toekneem
  http://www.no2nuisancecalls.net
  (EASBF)

• Question about Draytek Vigor 2850vn max sync

  Hi all, Accidentally lost the first message I had finished typing, didn't post successfully. Anyway, Infinity is near (one of those new green fibre cab's just appeared next to the PCP I should be connected to) and I wanted to ask if anyone knew whether the Draytek Vigor 2850vn is limited to 50mbit sync on VDSL/Infinity? Some places I found on Google mentioned that but I am uncertain if it's true. If it's not true then I'll be ordering it on dabs hopefully before the cut-off time, as I can use it to temporarily replace my Draytek Vigor 2820 router and use it on ADSL until Infinity is ready for my postcode. Many thanks.
  Solved!
  Go to Solution.

  Not sure if this helps but I emailed Draytek a while back about this - they replied Jan 19th so things may have changed:
  "I am thinking of replacing the modem supplied with my BT Infinity connection and was wondering whether the 2850n/vn would be suitable.
  In the description you state that "The Vigor 2850 is a variant of our Vigor 2830 series with the addition of a built-in interface which supports both ADSL/ADSL2+ and also VDSL lines (such as the BT Infinity™ service) for connectivity up to 50Mb/s"
  My question is about the "connectivity up to 50Mb/s" part. Currently BT infinity is an "up to 40Mb/s" connection but there will soon be an upgrade to "up to 80Mb/s".
  Would the 2850n be able to support this speed or is 50Mb/s the maximum it will support? In fact what is the maximum VDSL speed that the 2850n and 2750n support?"
  The reply was:
  "Both the 2750 and 2850 support these VDSL profiles: 8a, 8b, 8c, 8d, 12a, 12b, 17a, 30a 
  The units can connect at high speed profiles however it just hasn't been tested
  on those. The actual internal maximum possible rating does exceed 50Mb/s
  but right now we're using a conservative official maximum speed."
  I didn't buy one in the end!

• Connections Drop

  This may seem a simple query, but it's giving us grief!
  We have Infinity and our broadband connection drops now on a regular basis.
  When this happens the DSL light remains on on the Open Reach modem, yet the Home Hub (3 I think) Broadband light shows as orange. Consequently the various internet connections drop.
  Is this likely to a fault with the Home Hub or something else!
  Robert

  I'm having same issue - all lights stay on, but connection drops briefly - enough to kick me out of online game.  Its been happening for about 2 weeks now.  Driving me insane!! 

• Draytek Vigor 120 - PPPoA / PPPoE Settings - MTU a...

  Hi there,
  I currently use a Home Hub but am trying to set up a Draytek Vigor 3300 connected to a Draytek Vigor 120 ADSL Modem.
  The settings I took from the Homehub have the username [email protected] with no password.
  When I plugin my Vigor Modem out of the box it connects fine to the line in that it finds out the speed details and the ADSL light is illuminated. The issue seems to be when I plug it into the Vigor 3300 and use the PPPoE part.
  I can't put in a blank password so I tried [email protected] with a SPACE for a password. I left the MTU as default and the mechanism as PAP.
  For some reason it doesn't connect.
  What details should I put in, does the password matter, does BT use PAP or CHAP and what MTU.
  M

  Hm! well the user name is the same as the HH [email protected] and the password is blank, if it insists on a password then use password but it shouldn't.
  Can't say if pap or chap as my old vigor didnt give an option, if you have an option then try them in turn....leave the mtu.
  Dont know if this is any good... http://www.draytek.co.uk/support/kb_vigor100_setup.html
  Now according to the spec the modem does ppoa/ppoe bridging, which implies this is automatic...as most adsl uses ppoa.

• Wireless drop outs: draytek vigor 2600: macbook pro: channel 6

  Hi all
  Thought I'd drop this is, as it may help others??
  I've been having real problems with unstable wireless drop outs, it's been driving me barmy!
  I've been using a draytek vigor 2600 plus, when connected via ethernet, it's brilliant, use wireless and it *****, with drop outs every minute or so, and when it does connect the strength is shocking even though my router is above me, about 6 foot!
  I used www.istumbler.net/ and found that my next door neighbour has his router on channel 6... same as mine, since this I've changed to channel 12 and now signal strength is full (on the airport logo) and haven't had a drop out for hours...
  I'll post again if the status changes, but give it a try if you are having problems similar...
  hope this helps.
  Az

  I have been having the same issue for the last two weeks. No real indication as to why it ever began other than I had turned off my router and Airport Extreme Base Station off for a weekend while I was away from my place.
  iPad, iPhone, iPod Touch, all have no issues at all with my Airport Extreme Base Station. Can stay connected throughout my living room, bathroom, bedroom, no issues whatsoever.
  My 5 month old MacBook Pro 2.66 GHz Core i7 Airport is sometimes perfect, able to connect, DHCP, and browse without issue. Then, for no reason, I won't be able to join my wireless network, or when I can join, I can't pick up an IP address. And then it will connect, pick up and IP, and then it won't browse. No real rhyme or reason to when this will happen, or when it works.
  I thought that it was an issue with my MacBook Pro, but then my sister visited with her brand new MacBook Pro 2.26 Intel Core 2 Duo, and while a month ago she was able to connect, DHCP, and browse without issue, this weekend she had all of the same issues I was having.
  My XBOX 360 and MacBook Pro have absolutely no issues with the wired connection. Only my WAN seems to have this issue.
  Did you ever find anything more to this?

• BT Infinity Connection Dropping but BT refuse to a...

  Hi,
  So in September we got BT Infinity. It was a hassle and handled terribly by BT customer service but we eventually got it. It's been working fine for around five months but within the last few weeks we have been having connection issues.
  Over Easter I have spent over 10 hours on the phone to BT via my landline and mobile trying to get a solution, but all I have got is a repeated denial of my problems.
  On the 27th March I called BT to report that our connection had been repeatedly dropping over the past few weeks and a fault was opened. I was told I would be updated but no-one called back despite promises they would do.
  I called BT on the 28th March to follow up my issues but was met with an advisor who lacked knowledge in the issue and simply told me to continue monitoring my connection.
  I called BT on the 3rd April as there had been no improvement in my connection, which is dropping multiple times per day, and on this day 7 times. After going through the same repetitive questioning session about how I connect to the internet, a deep line test was run, and it was decisively concluded that there was a fault with the line within BT's retail servers. I was told this would be followed up and promised a call back on the 4th April.
  After I had not received a call back on the 4th April within the time allocated to me, I called BT where I was met with an awfully rude woman who had no interest in helping me and went on to suggest what I was saying was an outright lie and she categorically stated there had been no call back booked despite me having the text in front of me which confirmed it.
  After being told to 'continue monitoring my line', a slightly repetitive phrase favoured by BT Customer Service, I called back as instructed on the 8th April. Again, I went through a repetitive process before finally making some sort of progress and being sent a new home hub.
  My new home hub arrived on the 11th April and made no difference to my problem. I therefore called BT and spoke to an advisor who told me he could only assume the Home Hub was sent in error, as he was absolutely adamant it would make absolutely no difference to my situation. I was told to 'continue monitoring my connection' over the next few days but before he ended the call I asked him a number of questions, none of which were adequately answered.
  Why is our connection dropping? Rather than giving me an explanation as to why it is dropping, he told me that we are lucky it only drops a few times a day! He said 'everyone in the world suffers from a connection which drops multiple times per day' and that 'there is absolutely nothing we can do because there is no problem'. He told me about rate-adaptive lines, which according to him 'are used by every household in the world' and that these lines 'inevitably drop out up to five times a day, which is normal and acceptable'.
  So how many times can it drop before it's considered a fault? The basic answer I received is that there is no limit! It doesn't matter how many times it drops, it absolutely normal! Only if it drops '20-30+ times per day' is it considered a problem worth solving to BT.
  Why do you never call back (in particular, why did no-one call back on the 4th April, and why did an advisor accuse me of lying about the call back)? They said that when the issue is escalated from Level 1 to Level 2, it is impossible to see any contact between the customer and Level 1, so when the call back wasn't arranged as it should've been, there was no way BT could've known. He apologised for this and the way I was treated by his colleague.
  Why was a fault reported on the 3rd April? Why have I not been updated since? Simple answer from BT. There probably was no fault, that was probably also incorrectly opened. Note the key word probably. The advisor I talked to said he had no idea what happened in any of my previous calls and that there was no way he could find out why the fault was opened, or listen to the call (despite all calls being recorded). He said it was impossible for Level 2 to hear the content of any calls made with Level 1 and that it was 'impossible for an advisor to take notes for a call lasting more than half an hour'.
  I recieved a call back today on my mobile where I was told just to continue monitoring the fault. However I was also told, again, quite categorically, that there is nothing wrong and that he would happily send an engineer in three days but that 'he would be able to do absolutely nothing. It would be a waste of time'. The advisor also refused to give any details on how much this would cost and was desperate to end the call saying 'goodbye' despite me being mid sentence multiple times.
  I have now been told to 'continue monitoring my connection' and await another call back on Friday, by which point I will have wasted many more hours on the phone to BT.
  Your customer service is disgusting. Your lack of compassion and understanding is disgusting. The way you totally mislead customers is disgusting.
  And now for my top BT Operator quotes (or near quotes, as obviously no-one has any idea what was said in these calls, not even BT!):
  "If your temperature raised to 100 degrees celcius but then went back to normal, there would be no problem, it's the same with broadband"
  "Everyone in the world has a rate-adaptive line and everyone in the world should expect their line to drop"
  "If your line only drops 5 or 6 times a day there is no problem, you obviously should've known this before you signed up for Infinity"
  "There definitely is a fault.... there definitely isn't a fault" - the trademark conclusiveness of BT
  "We can limit the speed on the phone line, but it would have to be to 1mb" - this is despite absolutely contradictory help published by BT
  But despite these humorous moments, I have wasted a huge amount of time on the phone to BT.
  I have one simple demand. Stop the broadband from dropping multiple times per day. If you cannot do this, let us leave, as you are not meeting your contractual obligations and therefore we shouldn't have to either.
  And please... don't apologise for your colleague not calling back in the first minute of the phone call and then not call back.

  Hi Bryan,
  Like yourself and many, many other people who come to these forums - I have been experiencing the same problems. Constant disconnections, and recently, speed dropping to 4Mb in the Evenings (I'm supposed to be getting 74Mb).
  It's ridiculous with how many people are experiencing these problems and BT are blatently ignoring it. To add insult to injury, this was posted in February. A statement from BT basically saying "Well you're all gonna be having problems, but it's on you."
  Don't fret though, the moderators, and other people from the community can be fantastic help.
  Purchasing an Openreach modem, suggested by ray_dorset, I'll still be awaiting for the Huawei 612, V3b modem to arrive and hoping this will fix the drops in speed. I currently have an ECI modem fitted in, which has stopped the disconnects, but have not stopped the speed drops.
  For anyone reading this who is unfamiliar with modems as I was:
  As far as I know, there's currently two types of Openreach Modems. Every exchange is built with a certain "chipset" which will work best with these modems (explaining in simplistic terms and I could be very wrong, so I am happy to be corrected.)
  The Two Openreach Modems:
  Huawei 614
  ECI
  From the advice I have been given by the moderators, if you're new to BT Infinity, then your exchange may have only recently been built, which is then most likely to have a chipset which will work better with Huawei modems. I'm about to find out this by next week.
  If, in some horrible scenario it doesn't work and the speed is still constantly dropping, then you may need to fork out and purchase a new router (BUT KEEP THE MODEM). Many people have said their internet has been fixed by doing this.
  One of the things I did find pretty hillarious however, is that I did call up BT the other night due to having terrible connections. He told me to take out my modem and just use the home hub 5. He then kept telling me to change a few settings on the HH5 and run a speedtest. Every, single, time we changed something - the speed would get lower and lower, followed by an "Uhhh, monitor your speed over the course of this week and then we'll call you back."
  I'm sorry, but BT customer service have no idea how to fix this, so don't waste your time ringing them. I genuinely feel bad for them too, they have to put up with our **bleep** while the engineers at BT who work on the firmware for the HH5 can't be arsed to try and fix it any further.
  Seriously, mate - just try the steps above, come to the forums if you need help because you're more than likely to get a better answer. I know it sucks not being able to call up BT because they're just going to give you a bunch of BS, but if everyone who had a complaint on this forum worked for BT tech support, maybe there'd be more satisfied customers.

• Infinity Connection Drops - Told to live with it.

  Hi
  This will be my first post. We have had BT Infinity oin since November 2013. Since install we have had random connection drops maybe 5-6 times a day even when the connection is not in use. The light goes orange and takes aprox 1min to reconnect. Very innoying especially when usung the on demand on the youview box. I am getting the estimated speeds of around 15 mb/sec.
  Ive been on the phone since then with BT (mst be 8 times at least) and been through the standard checks multipal times now.
  The box has been replaced
  We have had an engeneer out who verified our internal wiring is sound. He also said the exchange is almost saturated but i cant see how that would be a prob.
  My neighbours that have BT infinity have no problems. 
  Ive just been off the phone there with BT and after explaining the issue again was put on hold for checks. Thats cool, the guy comes back and says the system is showing a 'cooper line fault.' and was put on hold again.
  After a few minutes I was taken off hold and told that the problem is that my line is over 1km from the exchange and that drop outs should be expected. I was told thatEVERYONE with lines over 1km experience drop outs and this is normal. He would not comment on the fact that my neighbours have no problems.
  When I asked why wassnt i explained this when taking out the connection I was told that we dont tell customers this because we want to make sales!!!! Seriously!?!?
  His only solution was for me to just live with it because 'most of the time you have no problems' or downgrade to 1mb/sec ADSL ...
  Unbelieveable customer service. Is this really the best I can expect?

  Firmware version:
  Software version 4.7.5.1.83.8.173.1.6 (Type A) Last updated 04/01/14
  4. Board version:
  BT Hub 5A
  5. VDSL uptime:
  0 days, 03:25:20
  6. Data rate:
  2631 / 16737
  7. Maximum data rate:
  2590 / 16882
  8. Noise margin:
  6.3 / 6.0
  9. Line attenuation:
  0.0 / 30.2
  10. Signal attenuation:
  0.0 / 24.8
  11. Data sent/received:
  1.7 GB / 1.5 GB
  There you go.
  I really dont want to have to leave BT I just want them to fix it. I use BTSport regularly and love youview. I just think its a bit much to be told that its perfectly normal to drop out 5-6 times a day and we dont tell customers this in order to make sales.

• Infinity connection drops every time I use the lan...

  So I've discussed this on here before with no joy (https://community.bt.com/t5/BT-Infinity-Speed-Connection/connection-drops-every-time-I-get-a-call-on... and I've tried swapping out all the equipment with no success. It is driving us mad now....we have to unplug the landline if we're going to use the Internet for a protracted period, just in case!
  Advice please: where do I go from here? When I use the broadband section to report a fault I end up in a dead-end of self-help docs.
  Do I report it as a phone line problem (and pay for an engineer to visiit) even though the phone line tests out OK?
  Solved!
  Go to Solution.

  Well, that will teach me to be so optimistic..
  So I'm now £129 lighter and using a new line...and the broadband doesn't drop out everytime the phone rings..
  BUT it drops out periodically all the time now.. AND the speed is much less than before (I get 30 Mbps on a good day..15 Mbps is typical ,and it was less than 10 Mbps today before it dropped out completely). This may sound churlish to some but I work from home sometimes and the drop in speed, coupled with the frequent disconnections, is making it unworkable...
  So I've reported the fault and despite the very nice Indian woman telling me that '15 Mbps is typical for wireless' after going through a very lengthy script, I am not happy. Wireless/Wired = makes no difference..I've tried...
  Since its worse than before I've asked whether than can switch me back to my old line..the call raised on the 11th was marked as resolved today although I've still no resolution even though I was promised an answer within 24 hours..and have been promised that again today...and nobody rings me on my contact number that I give them (and is in my MyBT profile) but spurious 'we tried to contact you' messages are left on my home answerphone while I'm at work...
  Resolved
  Broadband fault VOL011-***********
  *sigh* according to the official checker I should be getting better....
  (edited to remove the actual fault code since it is deemed a security risk)

• Issues with multiple subnets - ASA5510 to Vigor 2820 VPN

  Hi there,
  I am hoping someone here can help.  I have been struggling for some time to sort out issues in a VPN we have between our main London office and the Edinburgh branch office.  We have an ASA 5510  in London, talking to a Vigor 2820 in Edinburgh. 
  The London office has a 192.168.0.0/24 subnet, with the default gateway as a Cisco Catalyst at 192.168.0.254, and the Cisco ASA at 192.168.0.254 as the firewall. 
  The Edinburgh office has the subnet 192.168.2.0/24, with the Vigor running on 192.168.2.1, providing routing, DHCP and firewall services there. 
  I have the VPN working fine, correctly routing traffic between those two subnets over the IPsec tunnel.  However, I have had much trouble adding additional subnets for our VLANs in London.
  What I want to happen is traffic from 192.168.2.0/24 to be able to get to and from 192.168.50.0/24 and several similar networks.
  Upon tracing it using the Cisco packet tracer, I can see that the packets for the 192.168.50.0/24 subnet are not making it over the tunnel, having being stopped by the VPN: subtype: encrypt rules.  Looking at these rules though, I can't spot the problem.  Multiple changes of order of the rules, and reloads have not sorted out the problem.  When I run a packet trace on the main subnet it works fine.  I have attached some of the configuration (below) as well as the output from the packet tracer, and the config of the Vigor router.
  I apologise in advance for the length of the post, but I have tried to include all relevant information to see if anyone can help.
  Firstly, here's the ASA config that seemed relevant.  I tried to remove some since we have quite a few site-to-site tunnels set up, and these are probably not relevant (and are all working correctly).
  access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip any 192.168.0.192 255.255.255.192 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.7.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.7.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.2.0 255.255.255.0 192.168.7.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0 nat (inside) 0 access-list insideOutboundNonatAclnat (inside) 9 access-list vpnNatAclnat (inside) 10 192.168.30.5 255.255.255.255nat (inside) 10 192.168.0.0 255.255.255.0nat (inside) 10 192.168.20.0 255.255.255.0nat (inside) 10 192.168.30.0 255.255.255.0nat (inside) 10 192.168.50.0 255.255.255.0access-list inside_in extended permit ip 192.168.0.0 255.255.255.0 any access-list inside_in extended permit tcp host 192.168.5.2 host 192.168.0.2 eq domain access-list inside_in extended permit ip 192.168.20.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.20.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.50.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.30.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.30.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.40.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.40.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.10.0 255.255.255.0 any access-list inside_in extended permit ip host 192.168.2.1 192.168.30.0 255.255.255.0 inactive access-list inside_in extended permit ip 192.168.2.0 255.255.255.0 192.168.50.0 255.255.255.0 access-list inside_in extended permit ip 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0 access-group inside_in in interface insideaccess-list outside_2_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 route inside 192.168.20.0 255.255.255.0 192.168.0.254 1route inside 192.168.50.0 255.255.255.0 192.168.0.254 1route inside 192.168.30.0 255.255.255.0 192.168.0.254 1route inside 192.168.40.0 255.255.255.0 192.168.0.254 1crypto ipsec transform-set ESP_DES_MD5 esp-des esp-md5-hmac crypto ipsec transform-set TRANS_VPN_SET esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_VPN_SET mode transportcrypto ipsec transform-set TRANS_VPN_SET_2 esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_VPN_SET_2 mode transportcrypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec df-bit clear-df outsidecrypto dynamic-map core_vpn_dyn_map 20 set transform-set ESP_3DES_MD5 ESP_DES_MD5 TRANS_VPN_SET TRANS_VPN_SET_2crypto dynamic-map core_vpn_dyn_map 40 set pfs crypto dynamic-map core_vpn_dyn_map 40 set transform-set ESP_3DES_SHA ESP_DES_MD5crypto map outside_map 2 match address outside_2_cryptomapcrypto map outside_map 2 set pfs crypto map outside_map 2 set peer [branch peer ip]crypto map outside_map 2 set transform-set ESP_3DES_MD5crypto isakmp identity address crypto isakmp identity address crypto isakmp policy 25 authentication pre-share encryption 3des hash md5     group 1      lifetime 28800crypto isakmp nat-traversal  30crypto isakmp disconnect-notifygroup-policy DfltGrpPolicy attributes banner none  wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 100 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn password-storage disable ip-comp disable re-xauth enable group-lock none pfs disable  ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable  backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable  nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none smartcard-removal-disconnect enable client-firewall none client-access-rule nonetunnel-group [branch peer ip] type ipsec-l2ltunnel-group [branch peer ip] ipsec-attributes pre-shared-key *
  Note: [branch peer ip] replaces any instances of the branch office outside IP address
  I appreciate there may be some duplicated/redundant rules here - I have been playing with config to try to fix the problem.  I'd really appreciate any suggestions on how to track this down. 
  Here's the vigor config:
  So it looks to match ok to me at both ends, unless there is something I missed.  The vigor routing table shows:
  Key: C - connected, S - static, R - RIP, * - default, ~ - private*             0.0.0.0/         0.0.0.0 via [ISP gateway server],   WAN1S         [branch peer ip]/ 255.255.255.255 via [branch peer ip],   WAN1S~       192.168.40.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.50.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.10.0/   255.255.255.0 via [London office ip],    VPNS~        192.168.0.0/   255.255.255.0 via [London office ip],    VPNC~        192.168.2.0/   255.255.255.0 is directly connected,    LANS~        192.168.7.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.30.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.20.0/   255.255.255.0 via [London office ip],    VPN*     [ISP dns server]/ 255.255.255.255 via [ISP gateway server],   WAN1
  I have replaced IPs here as is shown.  You can see the vigor seems to want to route the appropriate traffic over the VPN.
  Finally, here is the packet trace output:
  ciscoasa# packet-trace input outside tcp 192.168.2.1 echo 192.168.50.10 echo d$Phase: 1Type: FLOW-LOOKUPSubtype: Result: ALLOWConfig:Additional Information:Found no matching flow, creating a new flowPhase: 2Type: ROUTE-LOOKUPSubtype: inputResult: ALLOWConfig:Additional Information:in   192.168.50.0    255.255.255.0   insidePhase: 3Type: ACCESS-LISTSubtype: logResult: ALLOWConfig:access-group outsideInAcl in interface outsideaccess-list outsideInAcl extended permit ip 192.168.2.0 255.255.255.0 any Additional Information: Forward Flow based lookup yields rule: in  id=0x4529e48, priority=12, domain=permit, deny=false        hits=362922, user_data=0x4529e08, cs_id=0x0, flags=0x0, protocol=0        src ip=192.168.2.0, mask=255.255.255.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 4      Type: IP-OPTIONSSubtype:      Result: ALLOW Config:       Additional Information: Forward Flow based lookup yields rule: in  id=0x44057f0, priority=0, domain=permit-ip-option, deny=true        hits=2693939, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0        src ip=0.0.0.0, mask=0.0.0.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 5      Type: NAT-EXEMPTSubtype: rpf-checkResult: ALLOW Config:       Additional Information: Forward Flow based lookup yields rule: in  id=0x44fe9a0, priority=6, domain=nat-exempt-reverse, deny=false        hits=12, user_data=0x44fe800, cs_id=0x0, use_real_addr, flags=0x0, protocol=0        src ip=192.168.2.0, mask=255.255.255.0, port=0        dst ip=192.168.50.0, mask=255.255.255.0, port=0Phase: 6      Type: NAT     Subtype: rpf-checkResult: ALLOW Config:       nat (inside) 10 192.168.50.0 255.255.255.0  match ip inside 192.168.50.0 255.255.255.0 outside any    dynamic translation to pool 10 (external [Interface PAT])    translate_hits = 2250, untranslate_hits = 17Additional Information: Forward Flow based lookup yields rule: out id=0x4b80e80, priority=1, domain=nat-reverse, deny=false hits=32, user_data=0x4b80ce0, cs_id=0x0, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=192.168.50.0, mask=255.255.255.0, port=0Phase: 7Type: NATSubtype: host-limitsResult: ALLOWConfig:nat (inside) 10 192.168.50.0 255.255.255.0  match ip inside 192.168.50.0 255.255.255.0 outside any    dynamic translation to pool 10 (external [Interface PAT])    translate_hits = 2250, untranslate_hits = 17Additional Information: Reverse Flow based lookup yields rule: in  id=0x4b80fa0, priority=1, domain=host, deny=false hits=2811, user_data=0x4b80ce0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=192.168.50.0, mask=255.255.255.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 8Type: IP-OPTIONSSubtype:      Result: ALLOW Config:       Additional Information: Reverse Flow based lookup yields rule: in  id=0x4469ef8, priority=0, domain=permit-ip-option, deny=true        hits=2010804, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0        src ip=0.0.0.0, mask=0.0.0.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 9      Type: VPN     Subtype: encryptResult: DROP  Config:       Additional Information: Reverse Flow based lookup yields rule: out id=0x4887aa8, priority=70, domain=encrypt, deny=false        hits=10, user_data=0x0, cs_id=0x44b18f8, reverse, flags=0x0, protocol=0        src ip=192.168.50.0, mask=255.255.255.0, port=0        dst ip=192.168.2.0, mask=255.255.255.0, port=0Result:       input-interface: outsideinput-status: upinput-line-status: upoutput-interface: insideoutput-status: upoutput-line-status: upAction: drop  Drop-reason: (acl-drop) Flow is denied by configured rule
  So it seems to find the rule, which it ought to match, but then returns DENY.  What's going on here?  Perhaps this is misleading and the issue is elsewhere, but it isn't clear from the output here.
  For further information, this is output for the WORKING subnet - I have just taken a small part here though:
  Phase: 10     Type: VPN     Subtype: encryptResult: ALLOW Config:       Additional Information: Reverse Flow based lookup yields rule: out id=0x4b86418, priority=70, domain=encrypt, deny=false        hits=332214, user_data=0x7da5c, cs_id=0x44b18f8, reverse, flags=0x0, protocol=0        src ip=192.168.0.0, mask=255.255.255.0, port=0        dst ip=192.168.2.0, mask=255.255.255.0, port=0
  Thanks very much in advance for any help you can provide - I've been really stuck on this one!
  Chris

  Hi,
  Can you issue the packet-tracer with the direction beeing your London office -> Remote office?
  Also issue the command twice.
  Personally I've used packet-tracer with some L2L VPNs to test if the remote end has the configurations correct. Also I've noticed that the first packet-tracer test never goes through. So issue that command twice and show how it goes.
  Though I imagine you have tried to connect through the L2L VPN with real host machines and not just the firewalls packet-tracer?
  Also I imagine the original info has a typo. You say your ASAs LAN gateway IP and the local L3 switches IP address is the same, 192.168.0.254.
  Basically the hardest part regarding L2L VPNs should be the initial setup of the VPN connection. Even though it should be simple people still tend to mess up PSKs or Phase1/2 parameters. But as your L2L VPN is already in working order and you are just adding networks to it, it should be pretty simple.
  When you add network and dont require any special NAT configurations, your NAT0 and Encryption domain access-list should look pretty much the same.
  And looking at your configurations, it should be like this
  access-list outside_2_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
  Btw what is the network 192.168.7.0/24? It seems to have a VPN rule at the remote site but not at the HO site. Though there is a NAT0 rule for that traffic on the HO site.
  EDIT: I imagine the VPN network rules should be an exact mirror image of eachother. Though it seems this doesnt stop devices from negotiating the VPN up but who knows if some other device type is picky about that one. Only thing in your situation that I see is the network 192.168.7.0/24 that is not included in the other ends configurations.
  EDIT2: Also the reason your test for the already existing rule might be going through without a problem might be because the tunnel is up and working for the networks in question.
  EDIT3: Does your Vigor device also have NAT0 rules configured for the new networks?
  - Jouni

• Just setup new Draytek vigor 2750N...... + resetti...

  HI all
  i mentioned on another thread http://community.bt.com/t5/BT-Infinity/New-draytek-sync/td-p/517941/page/2
  that i was getting a  Draytek vigor 2750N. I got it from ebay for about £100.
  As it was used off ebay i took some advise and factory reset it 1st.  was quite easy to setup. and is now up and running.  just a couple of Qs
  username/password  should this be my @btinternet.com email address /password   or home@bthomehub thiny (cant remember it exactly) and leave p/w blank? 
  also on the stats page is there somewhere that tell me what each is   e.g 1Day CV, Total FEC etc.?
  next question is simple but bit lengthy..
  As as previously mentioned in another thread.  after having a few engineer visits and disconnections on my line, my profile dropped from btspeedchecker ( was about 32mb)  dropped down to a low of about 27ish.  
  Now i have read mixed advise about if people should actually disconnect (reboot) the modem(and ot routers) to give the line profile a kick/push  or just to leave it to naturally increase (with DLM).. as some warn that it may reduce it even more so with the disconnections. (as DLM thinking line is unstable and lowers speed accordingly)
  From my finding i found that...   if i did keep disconnecting the BT OR modem that it would keep dropping the line profile by a meg or so each time..  however what i did was after a reset and seeing it drop i  kept downloading large files (50gb - 100gb) at a time at full speed  to show the line was capable to handing downloads at the max speed) i did this for a day or two   however the profile wouldnt "naturally increase" after doing another btspeedcheck.   so after a day or so of heavy downloading  i would then give the modem a quick blip (usually at off peak times like  late night or v eary morning   this did actually raise the profile.. 
  and kept following the same process.upto  2 nights ago i was working late till about 2am  profile was at 31.51mb so rebooted modem (had to wait an hour for another test) and it increased to  33.62mb (highest i seen since 1st of may from when i had work done)  which its been at since now  (installing draytek)
  now i installed the draytek 2pm today.  line profile decreased to 32.77  was disconnected for about 5 mins as had to input settings etc.  so im hoping after a day or 2 of downloading again this will raise up..  
  However with the draytek router/modem  will i need to give the unit a reboot to see the profile increase(or decrease)   like the BT OR modem or will this naturally increase(or decrease) itself??
  if someone can tell me how i will paste a image of my stats from the draytek so you can take a look and see what you think??
  thanks
  Grant 

  If you use the power on/of switch you will lose your settings.
  The best way is in the admin section,as that has a choice of a factory reset or a warm reset.
  If you do any resets though it is a good idea to save your settings first from the admin section.
  Another good move if you have not done it is to change the PW [system PW] in the admin section as all drayteks use admin/admin,you need to use admin/xxxxxx,but don`t forget the new PW or you will not get in.
  But personally I think that a reboot will only make your profile worse as with the draytek you are rebooting the modem and the router sections.If you leave it on it should get stable again,but the choice is yours.

• DrayTek Vigor 120 and Leopard Server VPN

  Does anyone successfully use the DrayTek Vigor 120 (UK) with Leopard Server's VPN? Can't find any explicit support of VPN pass-through.

  Hello, I got this VPN working with a 2820 draytek.. Where the draytek is allowing pass though to a mac os server. FYI, sometimes the first connect fails (timeout) but the second connect always works and the first usually does but...
  Here are some screen shots for you to download as it is easier to see what to allow for firewall configuration than describing it... This link has a series of screenshots that make it very clear..
  http://www.getdropbox.com/gallery/617466/1/Apple%20Discussion%20Links?h=208a6f
  or
  http://tinyurl.com/mhph27
  Message was edited by: ColoradoMan

• How do i configure the usb port on a draytek vigor 2820n router for use with my imac

  i have an imac connected to the internet through a draytek vigor 2820n router. this router has a USB port with a HP Deskjet 5560 printer attached (for use as a network printer for other machines on the network). How do I configure this printer on the iMAC?

  I checked on the HP web site. Your aswer is on the HP website under your printer type. Update your drivers and follow the instructions given by HP and the printer will work as you have it connected.
  Good Luck

• Internet Connection Drop Outs when remote administ...

  I did not want to trouble anyone here if I thought it unnecessary but now I feel that I do need some assistance so this warrants opening a new thread.
  BT Infinity Option 2 customer with BT HH 4 and its separate modem - not hacked so cannot read any useful information or login to see what is going on and both BT and the manufacturer long ago removed the open source code of the modem.
  I am quite confident now that these disconnections happen when a remote server/attacker attempts to gain access to my network. These can be from China, Iran and other places too. Sometimes Ministry of Defence? I don't know why I get these connection attempts and most of the time I see BT HH 4 does block these so why I get disconnected I have no idea?
  I made a post in an old thread before opening this thread and said it was due to firmware upgrade but I misread the date! It was not updated since the 8th of May I think. These disconnections have been happening only this past 4-7 days with the most 4 days with intensity greater than the 3 before. I am not 100% certain it is caused by the remote administration that is blocked.
  What happens when this takes place is the BT servers are then unreachable sometimes and I cannot regain a connection for up to 3 hours at a time, usually it is 5-10 mins max though. Without looking at my event log, any ideas?
  I want to get different gear now and never wanted to use BT equipment anyway because I want greater control and options to configure. I would like to go with DD-WRT or OpenWRT Router with Integrated VDSL v2 modem. Anyone here that may suggest one that supports either of these open firmwares? Not so much the concern to prevent any security holes or backdoors but just as much if not more for versatility and configuration and just having control over my network. being able to do upgrades when I want and not when my ISP decides needs doing. And before you say BT do not have backdoors then why would they admit they can remote login to devices and storage contents with their pwerline adapters even. I remember reading a news article quoting BT as admiting this. Anyway, that is not my main concern here, as much as privacy and security is not a crime it is rather rare online. First I need to get to the root cause of this.
  BT HH 4 is not reporting any DDOS attacks and even if it were I would not expect to experience any disconnection. I used to get tons of floods from DDOS attacks years ago when using Netgear routers and never exeprienced any downtime, but that was with another ISP. I don't detect any malware or anything like that and rarely download anything on this machine, I know web browsing can infect a system but I don't think that is it.
  I want to go back to how I used to do things. Any help with this is appreciated. I will need to get my router login details because I was never given those when I singed up with BT Infinity Option 2. I don't even know what my BT email is but do believe there is a way to recover that under my account. **In the past we have had intermittent connection drops and loss of sync but this is not the same right now.
  Edit:
  ** Just to clarify that was before we upgraded to BT Infinity Opt 2. This is the first time any probs with this service since upgrade and that must be about 6 months or more now.

  When running BT HH diagnostic it printed out that the username for login had changed and needed resetting or for me to enter my own in that I was NOT given! Anyway, when going to select manual reset it had not changed from default at all so I think this is just some default BT diagnostic that is false. I realise that other BT customers are affected by this with the BT HH5 but mine is HH4...my posting probably isn't as clear right now as I have not slept as much past few nights trying to figure this out. This is happening at different times of the day but more often during early hours.
  So I am getting these WGET TLS error(s)
  How do I enter in log excerpt from BT HH? Forums says my post exceeds 20K chars...