Ipsec site to site vpn behind isp gateway router
Hi I'm having a problem finding a solution in setting up a VPN between two sites using two tl-r600vpn routers.
I've read through multiple Forum Post in Google searches at this point. what I would like to do is connect a remote site to the main site and allow users at the remote site to access the resources like Windows File shares and printers on the main site and vice versa.
The problem is I can't set the router given by the ISP to be a bridge as it's set up as a DHCP server and gives out IP addresses. These offices are setup this way for years and trying to force such a change would require too much disruption to the business. The ISP modem also acts as the Wi-Fi AP at each site. both sites have identical internet service through Comcast and the modem / router / internet is provided by Comcast.
What I've done so far is hooked up both tp-link's to the local network at each site. And connected them via the WAN1 port on the tp-link router. I then go into the web admin console and I set the WAN1 port to a local static IP address and set the connection to be static.
At each site I log into the Comcast modem and then set the port forwarding for ports 4500 and 500 UDP to go to the tp-link router's WAN1 local static IP address.
I then go back to the console in the tp-link and set up the site-to-site VPN using identical settings with the reverse subnets at each site. At site B I set the destination to be the public internet IP of the main site (which is a static IP address provided by the ISP) and the main site a's subnet as local subnet. Then at the main site I set up an identical connection in reverse, this time pointing to the static public IP & subnet of remote site B.
I enable the connection at both sites and I'm able to see that there's a working vpn connection when I go to the tab that allows you to view the connection between the two sites in tplink admin console
The problem I have is that computers at site B can't ping any of the computers at site a and vice versa, computers at A can't ping any of the IP addresses at site B. I've tried setting up static routing but I'm not sure if I need to do this on the Comcast router or if I need to set up the static routes on the tp-link router? and if I do need to set it up on the tp-link routers, I don't know which IPs to put in which fields. I've tried every IP combination I can think of and none of them will let me ping IPs across the two sites.
The last thing I'm unsure about is how I'm supposed to hook the tp-link routers into the switches at the sites? Do I connect them like I have them already with a single cable coming from the switch to the wan1 port on the tp-link, or do I connect from the switch to one of the lan ports on the tp-link's?