IPsec Policy with two remote subnets
I would like to add a second remote subnet to my running IPsec tunnel (LAN-to-LAN, same WAN interface, same remote gateway). Unfortunately, in the router GUI it doesn't seem to be an option to create a policy with more than one remote subnet. Also adding a second policy with the same configuration but a different remote subnet fails. I would appreciate anyone sharing ideas or experiences on this.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
you need to create a new VPN policy exactly the same as the one you have, but with the new remote subnet.
One VPN profiles for each remote subnet.
If you use IKEv2 you can add several remote subnets but this I have never been able to work against Cisco only with another ER7206 or ER605
So I have to do the same with IKEv2 between ERxxx and Cisco Firewals, other brand have I not tested with Site to Site VPN.
And you have very old firmware on your router, try to upgrade then you have more VPN option,
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks @shberge! IKEv2 is def necessary for multiple subnets. But even after firmware upgrade I was not able to establish connection. But I am working against a Fortigate 1500 D, maybe that's the issue.
- Copy Link
- Report Inappropriate Content
Thank you @Hank21 - With Omada Controller I was able to add multiple subnets.
- Copy Link
- Report Inappropriate Content
it is probably the same as I struggled with against Cisco firewall,
I have to create a VPN profile for each subnet to make it work, so if you have two remote subnets you need two VPN profiles on ER7206
it is the same on IKEv1 and IKEv2, although you can define several subnets on IKEv2 it does not work against Cisco.
On Cisco Firewall, I only need one VPN profile
There are a lot of VPN bugs on TP-Link but it works if you do it this way, at least against the Cisco firewall.
I have not tested against anything else so I do not know if it is the same on your firewall
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1095
Replies: 8
Voters 0
No one has voted for it yet.