IPsec VPN tunnel backup.
Hi,
I would like to ask about site to site IPsec VPN tunnel backup. Now ER605 cannot setup 2 tunnels with same IP adresses. I try to find some reliable solution. Now I use ER605 and W9960 at one side of VPN tunnel and ER605 and W9980 on the other side ( W9960 and W9980 only for wifi purpose, but both of them can also make VPN tunnels if needed ). Can somebody help me with this please ?
Many thanks.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hey!
If I'm not guess mistaken, you want to set up two VPNs on both ER605s at the same time, one of them as a backup?
I don't think it will work because you are setting up two VPNs with the same WAN IP, LAN IP on both ends, so it is actually enough to set up one successfully, because as far as I know the VPN channel will automatically detect a reconnection if it is disconnected.
And setting up a VPN on the W9960-W9980 probably won't work either, because the data exit at both ends is still the ER605 on the front end, same reasoning as above, in my opinion.
- Copy Link
- Report Inappropriate Content
And what about this solution:
I create multiple Vlans at both ends. Then setup VPN tunnels between them. For example at one side I create 192.168.1.0 and 192.168.2.0 and on the other side 192.168.10.0 and 192.168.20.0. Then tunnel will be 192.168.1.0==192.168.10.0 and 192.168.2.0==192.168.20.0 . Then I assign 2 IP adresess to my PCs at both ends. ...Do you think it will work ?
Thanks
- Copy Link
- Report Inappropriate Content
Yes, I want to create 2 VPN tunnels, but between different ISP. If first failed ( lack of connection) then the second VPN tunnel will be used automatically.
- Copy Link
- Report Inappropriate Content
If you enable DPD, it will automatically detect disconnection and reconnection.
Hydros wrote
And what about this solution:
I create multiple Vlans at both ends. Then setup VPN tunnels between them. For example at one side I create 192.168.1.0 and 192.168.2.0 and on the other side 192.168.10.0 and 192.168.20.0. Then tunnel will be 192.168.1.0==192.168.10.0 and 192.168.2.0==192.168.20.0 . Then I assign 2 IP adresess to my PCs at both ends. ...Do you think it will work ?
Thanks
In fact, to be honest, I think it is also meaningless, because when one of the disconnected (such as 192.168.1.0 == 192.168.10.0 disconnected), then the two ends of the device in this LAN is still no way to communicate, only 192.168.2.0 == 192.168.20.0 this section of the two LAN devices can still communicate normally but already, then this case is not what you call VPN backup.
I think that DPD is very useful for you. It's got the similar features you're looking for.
- Copy Link
- Report Inappropriate Content
I find some solution how to make VPN backup. It is not automatic, but lets call it "semiautomatic" :). Here is my setup:
1.END -HQ
Router R605, DHCP on, 192.168.1.1.
Router W9960, DHCP off, 192.168.3.1.
Both routers are connected to one switch.
Server has two IP adresses: 192.168.1.2 and 192.168.3.2. Default gateways 192.168.1.1 and 192.168.0.1. Primary DNS 192.168.1.1, secondary DNS 192.168.3.1.
2. END-subsidiary
Router R605, DHCP on, 192.168.2.1
VPN tunnel 1
192.168.1.0/24==192.168.2.0/24
VPN tunnel 2
192.168.3.0/24==192.168.2.0/24
PCs in subsidiary connect to HQ server via RDP.
If remote desktop 192.168.1.2 cannot connect ( lack of internet connection) , then we could connect to remote desktop 192.168.3.2.
This works for me good right now but maybe TP link makes some update to R605 firmware and it can be done automatically....
Have a nice day
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 807
Replies: 5
Voters 0
No one has voted for it yet.