Lan-Lan IPsec tunnel with two ER605, each behind ISP routers
Hello
I have two ER605 v2.0, both running firmware 2.2.2 Build 20231017 Rel.68869 which are each behind ISP routers.
The two ISP routers are of different models, but each has UDP ports 500 and 4500 forwarded to the ER605
Each ER605's IPSec is configured in LAN-to-LAN mode with the same pre-shared key
But for reasons unknown to me, the connection isn't establishing.
Any help would be greatly appreciated
Thanx
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @sswloski
Thanks for posting in our business forum.
Can you double-check your Advanced Settings? If possible, please post both sites, and will take a look.
Also, you should check if UDP 500 and 4500 are open on your WAN or not.
Check your WAN IP on both modem routers. Please paste a screenshot from the web GUI of the modem routers that display the WAN IP. Mosaic the parts of the IP address. Just need to make sure you get the public IP address.
- Copy Link
- Report Inappropriate Content
@MR.S
Thank you for your reply
I tried setting the Local and Remote IDs to 'Name' and then assigned GedraGrove1 & CedarGrove2 (swapping local and remote names on the second router), but it still hasn't managed to form a connection
- Copy Link
- Report Inappropriate Content
Hi @sswloski
Thanks for posting in our business forum.
sswloski wrote
@MR.S
Thank you for your reply
I tried setting the Local and Remote IDs to 'Name' and then assigned GedraGrove1 & CedarGrove2 (swapping local and remote names on the second router), but it still hasn't managed to form a connection
Is your WAN IP public? Screenshot your modem router's WAN status and mosaic the last two parts. Need both sites.
- Copy Link
- Report Inappropriate Content
@Clive_A
Hello and thank you for your reply
For the advanced settings, One router had more fields set than the other, so I set them to match, with the exception of the Initiator / Responder option
The blanked out IPs of the remote sites are set to those of the ISP routers WAN IPs
The UDP 500 and 4500 port forwarding on the ISP routers are both set between the internal IP of the ER605 and the WAN port
- Copy Link
- Report Inappropriate Content
Hi @sswloski
Thanks for posting in our business forum.
sswloski wrote
@Clive_A
Hello and thank you for your reply
For the advanced settings, One router had more fields set than the other, so I set them to match, with the exception of the Initiator / Responder option
The blanked out IPs of the remote sites are set to those of the ISP routers WAN IPs
The UDP 500 and 4500 port forwarding on the ISP routers are both set between the internal IP of the ER605 and the WAN port
Would appreciate it if you could read my previous reply. I need to confirm that you are getting the public IP on the modem router.
I don't have any other options. You can try to Wireshark on the WAN and see if the UDP 500 and 4500 were used. Or use the filter isakmp.
A proper IPsec negotiation would look like this. So you try to port mirroring a computer to your modem router's WAN and Wireshark. IP used should be the public IP address.
Example:
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 626
Replies: 6
Voters 0
No one has voted for it yet.