Route internet traffic through head office Firewall for IPSEC LAN to LAN VPN tunnel
I configured LAN-to-LAN IPsec VPN onER605 Router (main office LAN and branch office LAN).
I need all internet traffic from the branch office to be routed to the main office to pass through the main office firewall.
At this moment, the Internet traffic from the branch office goes out to the Internet directly through the Router from the branch office.
Can this be configured on TP-Link equipment?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Yes you can do that, but you will need to use L2TP VPN.
Main office router set up as VPN server; then on the branch office side configure router as VPN client.
On branch office site router, configure Policy Routing. Source IP: All LAN; Destination IP: Any; WAN choose the VPN tunnel name.
- Copy Link
- Report Inappropriate Content
ipsec is a perfect vpn type for site to site but it is not for routing traffic like what you described. if you simply want to do site to site vpn, use the ipsec, it won't let you down.
try out what Somnus said.
- Copy Link
- Report Inappropriate Content
@Somnus L2TP Client-to-LAN require Working Mode NAT for client, so the router will act as a proxy and the firewall does not see every computer that accesses the Internet from branch office.
To be a effective firewall, the IP address of each computer at the branch office should be visible on the firewall at the headquarters - the router should be in ROUTER mode, not NAT mode.
Does L2TP allow the client to be in ROUTER mode?
- Copy Link
- Report Inappropriate Content
No, I don't think so. Your requirement can't be done via one VPN tunnel.
If you have two WAN modems on both side, you can try to build two VPN connections. One is IPSec for site-to-site; another one is L2TP/PPTP for porxy Intenret only
- Copy Link
- Report Inappropriate Content
@Somnus I made the following progress: at the main office I installed a pfsense that has a lot of firewall options and at the branch office I used TP-LINK ER605 routers.
I made the connection on L2TP over IPSEC. Everything goes well if the L2TP client on the ER605 is in NAT mode (computers in the branch office can access the LAN from the main office.).
If the L2TP client on the ER605 is in Routing mode, the packets from the branch office do not reach the LAN from the main office.
The L2TP client on the ER605 in NAT mode does not allow me to see on the Firewall every computer from the branch office, only the traffic on the VPN connection to the branch office.
Some ideas - why doesn't the L2TP client on the ER605 don't work in Routing mode?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1338
Replies: 5
Voters 0
No one has voted for it yet.