VPN ikev2 with more than one LANs doesn't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

VPN ikev2 with more than one LANs doesn't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN ikev2 with more than one LANs doesn't work
VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:11:01 - last edited 2021-05-20 08:37:09

Hello I have the following network topology

 

On building A exists a omada hardware controller wherewith I can manage network devices on building A and building B through port forwarding configuring on SDN Router (TL-R605) and ISP modem (ISP Modem 1) both. I want to connect this two buildings (networks) to communicate each other. The only way to achieve this is VPN. I have the following configurations:

Configuration VPN of Building A:

 

Configuration VPN of Building B:

 

The IKEv2 is taken automatically on both building.

And after that configuration VPN is not working.

I want your help, dear colleagues. If I find the solution first, I will post here it.

Thanks in advance

Network Engineer 1.0
  0      
  0      
#1
Options
2 Accepted Solutions
Re:VPN ikev2 with more than one LANs doesn't work-Solution
2021-05-20 08:36:52 - last edited 2021-05-20 08:53:47

@xperiments 

I finally succeeded. I created a 2nd VPN Policy in Building A by setting LAN2 as the remote subnet, ie the LAN of the 2nd floor of Building B (192.168.103.0/24). The 1st VPN Policy has the LAN of the 1st floor of Building B (192.168.102.0/24). Similarly for Building B I created a 2nd VPN Policy by setting Local Networks LAN2. The 1st VPN Policy has LAN1.

Those configurations have done with IKEv1. Also I have to mention that in case of doing on LAN on both building IKEv2 still not working
Thank you very much for your time

Network Engineer 1.0
Recommended Solution
  1  
  1  
#18
Options
Re:VPN ikev2 with more than one LANs doesn't work-Solution
2021-05-25 11:14:53 - last edited 2021-05-27 05:43:10

@xperiments 

Or if you want to use IKEv2, VPN connecion should work like this:

Building A configuration

Building B Configuration

Network Engineer 1.0
Recommended Solution
  0  
  0  
#19
Options
18 Reply
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:34:15

@xperiments 

Have you adopted both R605 on the Controller?

 

This is a new instruction from TP-Link and hope this one can help you.

Auto mode: How to set up site-to-site Auto IPsec VPN Tunnels on Omada Gateway in Controller Mode?

Manually:    How to Set up Site-to-Site Manual IPsec VPN Tunnels on Omada Gateway in Controller Mode?

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:45:50

@Virgo 

Also, the WAN IP of your R605s is a private IP, please make sure your modem can pass through IPsec VPN data, otherwise, it's better to change the modem to bridge modem mode.

Just striving to develop myself while helping others.
  0  
  0  
#3
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:51:43 - last edited 2021-05-19 07:52:53

@xperiments Thanks fot the response. I forgot to mention that with IKEV1 (with one LAN on both buildings) vpn is working fine. Also I have adopted router TL-R605 (on both buildings) on omada hardware controller

Network Engineer 1.0
  0  
  0  
#4
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 10:21:33

@xperiments 

All remote subnet is wrong. you have to use 

192.168.101.0/24

192.168.102.0/24

192.168.103.0/24

 

/shberge

 

  0  
  0  
#5
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 10:47:35

@shberge I use this format and nothing works. So, the problem arise from something else

Network Engineer 1.0
  0  
  0  
#6
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 10:55:47
OK, I have same solution and configuration between two ER605 and i work fine. but you can try to take out power on both ER605 and se. Provisioning dont alway work and a restart dont heltp. There is a lot of bug in ER605 and ER7206 but I hope nex update fix some of the issue. You can also try to disable DPD, I have som VPN to Cisco firewals ans they dont work with DPD on.
  0  
  0  
#7
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:03:10 - last edited 2021-05-19 11:12:49

@xperiments 

 

This is my config between two ER605, semilar config in both site. exept remote subnet and wan ip :-)

 

 

 

 

  0  
  0  
#8
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:47:33 - last edited 2021-05-19 11:48:22

with wan ip doesnt work because Omada gateway is behind a NAT device.@shberge 

Network Engineer 1.0
  0  
  0  
#9
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:56:08

@xperiments 

 

Do you have som ACL roule on gateway, Switch or EAP that block?

 

You can also enable alert on ipsec to get alert when connect or disconnect

 

 

 

 

 

  0  
  0  
#10
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:59:54

@xperiments 

 

Ok, but IKev1 work behind NAT? that strange. 

 

Ok then you have to nat ipsec port to your ER605 to get it to work.

 

I think that is UDP port 500 and 4500

 

 

  0  
  0  
#11
Options