We have set up an IPSec LAN to LAN VPN according to doc and KB (see below) but we found that devices can only access the other site's first network which belongs to ER6120 VPN router.
We followed the KB below for our setup:
How to configure IPSec LAN to LAN VPN for multiple subnets using the new GUI (Site A and B)
How to build up a multi-nets network via Multi-Nets NAT feature on TP-Link router with L2+/L3 switches? (Site A)
- 192.168.2.0 (ER6120 router's subnet)
- 192.168.7.0 (TL2600 L3 subnet)
- 192.168.51.0 (TL2600 L3 subnet)
Device within these 3 subnets can access each other and access Internet without problems.
Site B: (only single subnet)
- 192.168.6 0 (ER6120 router's subnet)
Device access Internet without problems.
- Device at 192.168.2.0 and 192.168.6.0 can access each other without problems.
- Site B device (i.e. 192.168.6.0) can only access devices at site A in 192.168.2.x, but not 7.x and 51.x
- Since Site B has one subnet only, we can't test if .2.x can access site B other than .6.x
One very strange finding at site A TL2600
- TL2600 at Site A itself cannot access subnet other than 2.x, 7.x and 51.x, we test via its web GUI
- But TL2600 has default gateway setup, and devices in Site A can access Internet without problem
- So TL2600 is able to route traffic to default gateway (ER6120 at site A), but not traffic from itself?
We are not sure if the strange finding is the root cause of the problem, we have tried to add static route at both ER6120 but no help. Any ideas? Any additional information required? Thank a lot all in advance!
UPDATE: after look at the configuration, finally we figure out that we didn't setup the IPSec VPN for the 7.x 51.x subnet to 6.x subnet respectively. After setup the IPSec VPN to and from these subnet, everything works! (Yet TL2600 still cannot ping anything outside its local network - 2.x, 7.x 51.x)