Business Community > Routers > IPSec LAN-LAN Full Tunnel
< Routers

IPSec LAN-LAN Full Tunnel

IPSec LAN-LAN Full Tunnel

IPSec LAN-LAN Full Tunnel
IPSec LAN-LAN Full Tunnel
a week ago - last edited a week ago
Tags: #VPN #Network Connectivity #Routing
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.5

I have an IPSec IKEv2 LAN-LAN VPN configured on my ER605 (initiator). It functions as expected, and I'm able to bi-directionally access devices on each side of the VPN.

 

On my Initiator side, I'd like to route all traffic through the VPN tunnel. By default, it routes all public-bound traffic through the Initiator's WAN, but I need it to go through the VPN to the Responder's WAN and out through there.

 

I have tried the following:

  • My IPSec IKEv2 VPN doesn't appear as an option under Policy Routing, so I can't use that
  • I tried a static route for 0.0.0.0 (mask 0.0.0.0) with next hop as the Responder router's IP, and tried with both LAN and WAN interface, but it says "Invalid Parameters".
  • I tried setting my Responder router's IP as the "Default Gateway" for my Initiator's DHCP settings, but that kills all connectivity outside of the LAN.

 

What am I missing here? How can I achieve this? I can't imagine that a business VPN router wouldn't have a way to route all traffic through the VPN, as that's an important feature for any business network.

  0      
 
  0      
 
#1
Options
5 Reply
Re:IPSec LAN-LAN Full Tunnel
a week ago

  @SomeNetEngineer 

what you want is not possible with IPsec site to site.
That's probably why it's called site to site ;-)

 

  0  
  0  
#2
Options
Re:IPSec LAN-LAN Full Tunnel
a week ago

  @MR.S "Site-to-Site" just means that it's connecting two sites, not a client to a site. It has nothing to do with how traffic is routed. There are plenty of corporate Site-to-Site VPNs that run all traffic from a remote site through the headquarters site.

 

What I'm confused about is why I can't get it to work with routing rules. I should be able to create a static route directing all traffic through the VPN, but it just doesn't work. Perhaps I also need a static route on the responder side?

  0  
  0  
#3
Options
Re:IPSec LAN-LAN Full Tunnel
a week ago

  @SomeNetEngineer 

 

do you have any examples of who can do what you want with IPsec site to site, I am very interested in that.

 

you can proxy out on the remote site with L2TP/IPsec but not IPsec site to Site. 

 

but give me an example of who can proxy out on the remote site with IPsec site to site. 

 

 

 

  0  
  0  
#4
Options
Re:IPSec LAN-LAN Full Tunnel
a week ago

  @SomeNetEngineer 

 

Find "full tunnel" on this page. It's a site-to-site IKEv2 (IPSec) full tunnel where all traffic can be directed over it.

  0  
  0  
#5
Options
Re:IPSec LAN-LAN Full Tunnel
a week ago

  @SomeNetEngineer 

 

Cisco has probably built in a slightly different technology than standard IPsec site to site in this solution. with Omada and most other solutions this is not possible, But mybe it may come together with SD-WAN which is notified in version 5.15.20 of Omada. 

 

 

 

 

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 92

Replies: 5

Tags

VPN Network Connectivity Routing
Related Articles
 Lan-Lan IPsec tunnel with two ER605, each behind ISP routers
533 0
Tunnel IPSec vs Fortigate
1042 0
 Route internet traffic through head office Firewall for IPSEC LAN to LAN VPN tunnel
1277 0
L2TP LAN-LAN VPN in "Route" Working Mode
133 0
VPN LAN-LAN and LAN-USER at same time
472 0
 Extremely slooooow LAN-to-LAN IPSec download
485 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.