VPN ikev2 with more than one LANs doesn't work
VPN ikev2 with more than one LANs doesn't work
Hello I have the following network topology
On building A exists a omada hardware controller wherewith I can manage network devices on building A and building B through port forwarding configuring on SDN Router (TL-R605) and ISP modem (ISP Modem 1) both. I want to connect this two buildings (networks) to communicate each other. The only way to achieve this is VPN. I have the following configurations:
Configuration VPN of Building A:
Configuration VPN of Building B:
The IKEv2 is taken automatically on both building.
And after that configuration VPN is not working.
I want your help, dear colleagues. If I find the solution first, I will post here it.
Thanks in advance
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@shberge I configure it on both networks
Building A
Building B
But nothing works.
Another configuration of port forwarding is that on destination IP I set the public IP of each building respectively and VPN on remote gateway I set the public IP of another site with the specific port like public_IP:500 or public_IP:4500 (I try both of them) but nothing works. I believe that there is a bug in IKEv2 for tp-link
- Copy Link
- Report Inappropriate Content
you have to do it on your router with public wan ip.
not on ER605 if it behind a nated router.
- Copy Link
- Report Inappropriate Content
@xperiments Thanks for the response. I open the ports 500 and 4500 on ISP modem and doesnt work
- Copy Link
- Report Inappropriate Content
@xperiments then I do not know, I think you need to consult with tp-link support about this, maybe they have a solution.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@xperiments I don't know what type of internet do you have but in many case I completely remove ISP router and connect firewall directly to internet, maybe you can do the same, then your ER605 receive a wan ip direct without NAT on Internet providers router.
many internet routers can also be put in bridge mode if you cannot connect the ER605 directly to the internet.
Check with your internet service provider about how to do this if necessary.
- Copy Link
- Report Inappropriate Content
I finally succeeded. I created a 2nd VPN Policy in Building A by setting LAN2 as the remote subnet, ie the LAN of the 2nd floor of Building B (192.168.103.0/24). The 1st VPN Policy has the LAN of the 1st floor of Building B (192.168.102.0/24). Similarly for Building B I created a 2nd VPN Policy by setting Local Networks LAN2. The 1st VPN Policy has LAN1.
Those configurations have done with IKEv1. Also I have to mention that in case of doing on LAN on both building IKEv2 still not working
Thank you very much for your time
- Copy Link
- Report Inappropriate Content
Or if you want to use IKEv2, VPN connecion should work like this:
Building A configuration
Building B Configuration
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2747
Replies: 18
Voters 0
No one has voted for it yet.