DrayTek Vigor3900 Router

To configure the tunnel in the DrayTek Vigor3900 Management Portal:

1. Log in to the DrayTek Vigor3900 Management Portal with the Administrator account.

2. From the left panel, go to VPN and Remote Access.

3. Click VPN Profiles and click Add.

   

4. In the Basic tab:

   

   

   Field	Enter
   Auto Dial-Out	Enable; Always Dial-Out
   Dial-Out Through	Your WAN interface; Default WAN IP
   Failover	Blank
   Local IP / Subnet Mask	Your router external IP address and subnets.
   Remote Host	Public IP address of the Harmony SASE gateway.
   Remote IP / Subnet Mask	Default is 10.255.0.0 and 255.255.0.0/16. If you modified these in the Harmony SASE Administrator Portal, enter the modified values.
   IKE Protocol	IKEv1
   IKE Phase 1	Main Mode
   Auth Type	PSK
   Pre-shared Key	Secret key specified in the Harmony SASE Administrator Portal.
   Security Protocol	ESP

5. In the Advanced tab:

   

   

   Field	Enter
   Phase 1 Key Lifetime	28800 seconds
   Phase 2 Key Lifetime	3600 seconds
   Perfect Forward Secrecy Status	Enable
   DPD Status	Enable
   DPD Delay	30 seconds
   DPD Timeout	60 seconds
   Ping to Keep Alive	Disable
   Route/NAT Mode	Route
   Source IP	Auto-detect
   Apply NAT Policy	Disable
   Set VPN Default Gateway	Disable
   Netbios Naming Packet	Disable
   Multicast via VPN	Disable
   RIP via Triggered	Enable
   Packet Triggered	Enable
   Force UDP Encapsulation	Disable

6. In the GRE tab:

   

   Field	Enter
   Enable GRE Function	Disable
   Auto Generate GRE Key	Enable

7. In the Proposal tab:

   Field	Enter
   IKE Phase 1 Proposal	AES 256 G2
   IKE Phase 1 Authentication	SHA1
   IKE Phase 2 Proposal	AES 256 with auth
   IKE Phase 2 Authentication	SHA1
   Accepted Proposal	Accept

8. Click Apply.

9. To verify if the tunnel is up, from the left pane, click Connection Management and check if the profile is listed and highlighted in Green.