Dear @WideVisions ,

WideVisions wrote

My situation:

I have multiple small sites connected by VPNs to our central office, in a classic star topology, with the main office router acting as a small VPN concentrator (there are only 4 branches).

Each site has a router, one or more switches and APs, and a local hardware controller.

Everything seems to work, VPNs are up and running and the whole system seems reliable.

Unfortunately I can connect to each of the branches from our main office, and the way around, but I can't connect the branches between each other, even if I supposedly configured the whole network routing correctly.

I set up static routes from each subnet (each branch has its own subnet) to the others, with the IP of the main office gateway as first hop.

The same way around, I configured static routes from the main gateway to the branches, even if I guess the path should be automatic, because it's a local link.

I also set up an ACL policy in the main router to allow traffic between the branches, but unfortunately it doesn' t work.

If you use the PPTP/L2TP VPN LAN-to-LAN network, then wish these information can help you as below:

1. Configure PPTP/L2TP VPN LAN-to-LAN network, make sure VPN Server has built the connections with each Clients

2. Configure static routing based on VPN interface, and the Destination IP is configured as LAN IP address of other Clients, the Next Hop is configured as Local IP Address of VPN Server or 0.0.0.0.

3. Each Client connect with Server via individual VPN link, generally in different subnet.

Normally this scenarios is not recommended to adopt in the network, since many secure configurations such as ACL would not take effect for PPTP-L2TP VPN, thus may affect the security of your network.

Best Regards!