Site to site VPN - Double OC200/ER605
Hello,
I have two ER605 in two offices, each office has his own OC200 controller.
There is a way to configure a site to site IPsec VPN between the two sites? I cannot do it automatically on the controller settings menu, because the two sites are registered on the two different controllers.
thank you in advance
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Update after a while: it is working better than expected! I will sum it up, because it might be helpful to someone else.
The situation is two different locations, with dynamic public DNS and a NAT before the ER605 routers. In both location I have a running controller (OC200).
In the NAT behind the ER605s, I opened the ports UDP 500 and 4500 (for IPSec).
In the two ER605s I set up the dyndns service and with those resolved name I set up the manual VPN as mentioned above
Satisfied customer here!
- Copy Link
- Report Inappropriate Content
Yes but you have to do manuel IPsec tunnel.
this is pretty simple to do in controller. Auto IPsec dont work very good anywhy . I have never get it to work.
- Copy Link
- Report Inappropriate Content
Thank you @shberge, that is what I am trying to do.
At both locations, I have a NAT before the ER605s, but I set the rules for IPsec (ports UTP 500 and 4500) on them. Moreover, both locations have dynamic public IP addresses, so I have a ddns service running on both VPN routers
what I cannot understand from the advanced settings is:
1- Negotioation mode should be set as responder at one of the two locations?
2- What should I write in local ID and remote ID?
thank you in advance
- Copy Link
- Report Inappropriate Content
NAT on both router do it more complicated. but try to set LOCAL id type to Site1 and remote ID to Site2, then opposit in remote site.
Negotioation mode can you set to Initiator Mode in both site.
somthing like that
- Copy Link
- Report Inappropriate Content
Update after a while: it is working better than expected! I will sum it up, because it might be helpful to someone else.
The situation is two different locations, with dynamic public DNS and a NAT before the ER605 routers. In both location I have a running controller (OC200).
In the NAT behind the ER605s, I opened the ports UDP 500 and 4500 (for IPSec).
In the two ER605s I set up the dyndns service and with those resolved name I set up the manual VPN as mentioned above
Satisfied customer here!
- Copy Link
- Report Inappropriate Content
@riccardodv In our case, we have 1 OC200 and ER605 in main office, and only ER605 in the remote branch, is it possible to make them see each other via VPN? Thanks
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1375
Replies: 5
Voters 0
No one has voted for it yet.