Site to site VPN - Double OC200/ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Site to site VPN - Double OC200/ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Site to site VPN - Double OC200/ER605
Site to site VPN - Double OC200/ER605
2022-03-14 07:43:26 - last edited 2022-03-18 09:44:12
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0 Build 20220114 Rel.76871

Hello,

I have two ER605 in two offices, each office has his own OC200 controller. 

 

There is a way to configure a site to site IPsec VPN between the two sites? I cannot do it automatically on the controller settings menu, because the two sites are registered on the two different controllers.

 

thank you in advance

  0      
  0      
#1
Options
1 Accepted Solution
Re:Site to site VPN - Double OC200/ER605-Solution
2022-03-18 09:02:48 - last edited 2022-03-18 09:44:12

Update after a while: it is working better than expected! I will sum it up, because it might be helpful to someone else.

 

The situation is two different locations, with dynamic public DNS and a NAT before the ER605 routers. In both location I have a running controller (OC200).

 

In the NAT behind the ER605s, I opened the ports UDP 500 and 4500 (for IPSec).

 

In the two ER605s I set up the dyndns service and with those resolved name I set up the manual VPN as mentioned above

 

Satisfied customer here!

Recommended Solution
  4  
  4  
#5
Options
5 Reply
Re:Site to site VPN - Double OC200/ER605
2022-03-14 10:49:04

  @riccardodv 

 

Yes but you have to do manuel IPsec tunnel. 

 

this is pretty simple to do in controller. Auto IPsec dont work very good anywhy . I have never get it to work.

 

  0  
  0  
#2
Options
Re:Site to site VPN - Double OC200/ER605
2022-03-14 11:07:46

Thank you  @shberge, that is what I am trying to do.

 

At both locations, I have a NAT before the ER605s, but I set the rules for IPsec (ports UTP 500 and 4500) on them. Moreover, both locations have dynamic public IP addresses, so I have a ddns service running on both VPN routers

 

what I cannot understand from the advanced settings is:

 

 

1- Negotioation mode should be set as responder at one of the two locations?

 

2- What should I write in local ID and remote ID?

 

thank you in advance

  0  
  0  
#3
Options
Re:Site to site VPN - Double OC200/ER605
2022-03-14 11:41:52 - last edited 2022-03-14 11:47:00

  @riccardodv 

 

NAT on both router do it more complicated. but try to set LOCAL id type to Site1 and remote ID to Site2, then opposit in remote site.

 Negotioation mode can you set to Initiator Mode in both site.

 

somthing like that

 

 

 

 

  0  
  0  
#4
Options
Re:Site to site VPN - Double OC200/ER605-Solution
2022-03-18 09:02:48 - last edited 2022-03-18 09:44:12

Update after a while: it is working better than expected! I will sum it up, because it might be helpful to someone else.

 

The situation is two different locations, with dynamic public DNS and a NAT before the ER605 routers. In both location I have a running controller (OC200).

 

In the NAT behind the ER605s, I opened the ports UDP 500 and 4500 (for IPSec).

 

In the two ER605s I set up the dyndns service and with those resolved name I set up the manual VPN as mentioned above

 

Satisfied customer here!

Recommended Solution
  4  
  4  
#5
Options
Re:Site to site VPN - Double OC200/ER605
2022-06-17 06:37:39

  @riccardodv In our case, we have 1 OC200 and ER605 in main office, and only ER605 in the remote branch, is it possible to make them see each other via VPN? Thanks

  2  
  2  
#6
Options