Site2Site VPN
Hi everybody,
I am trying to create a Site2Site VPN using two ER605 routers connected to an Omada controller.
This is a description of my network
Site A: Controller + ER605 with Public IP
<Internet>
Site B: ER605 with Private IP
Is there a way to create a Site2Site VPN? Or do I need both sites to have a public IP?
Thank you for your help
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Remote gateway is your public wan ip on remote site.
if i guess you have a home router that you want to connect to work router.
so in your home network you probably have a router fom network provider, this wan ip should you use. (you find your public ip with whatip,net in your browser)
if you have dynamic ip on WAN you also need to use No-Ip or other supported ddns services.
I use for the most iniator on both site. in your case you can use home network as iniator.
if you don't have ddns aviable is the easiest to use L2TP site to site. (as I described earlier) then you only need public ip on one site.
- Copy Link
- Report Inappropriate Content
No problem, but you have to use Local ID Type and Remote ID Type in IPsec configuration.
e.g. Local ID Type=Site-A and Remote ID Type=Site-B and opposit in the other site.
You can also use L2TP site to site (RoutingMode) then you have to create a VPN user with Network Extension Mode
L2TP server is on site with public ip, L2TP client on site with privat ip.
More information on Page 127 in VPN Section
Or Page 112 on Router User Guide
- Copy Link
- Report Inappropriate Content
Hi @shberge ,
Thanks a lot for your help.
I have been able to configure the VPN using L2TP.
But I am curious to understand what I am doing wrong with IPSec site2site.
I am sorry but I am not so familiar with this type of VPN.
Can you please clarify what should I put as Remote Gateway on both sides?
I assume one side will have the public IP of the other network?
What about the gateway of the network with the private IP?
Should only one side be the initiator?
Thank you
- Copy Link
- Report Inappropriate Content
Remote gateway is your public wan ip on remote site.
if i guess you have a home router that you want to connect to work router.
so in your home network you probably have a router fom network provider, this wan ip should you use. (you find your public ip with whatip,net in your browser)
if you have dynamic ip on WAN you also need to use No-Ip or other supported ddns services.
I use for the most iniator on both site. in your case you can use home network as iniator.
if you don't have ddns aviable is the easiest to use L2TP site to site. (as I described earlier) then you only need public ip on one site.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 553
Replies: 3
Voters 0
No one has voted for it yet.