Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

Clive_A

2023-11-13 01:46:38

Posts: 5078

Helpful: 2357

Solutions: 1120

Stories: 0

Registered: 2023-06-09

Re:Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

2023-11-13 01:46:38

Hi @sswloski

Thanks for posting in our business forum.

Can you double-check your Advanced Settings? If possible, please post both sites, and will take a look.

Also, you should check if UDP 500 and 4500 are open on your WAN or not.

Check your WAN IP on both modem routers. Please paste a screenshot from the web GUI of the modem routers that display the WAN IP. Mosaic the parts of the IP address. Just need to make sure you get the public IP address.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

#3

sswloski

LV1

2023-11-15 00:42:32

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-10-20

Re:Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

2023-11-15 00:42:32

@MR.S
Thank you for your reply
I tried setting the Local and Remote IDs to 'Name' and then assigned GedraGrove1 & CedarGrove2 (swapping local and remote names on the second router), but it still hasn't managed to form a connection

0

#4

Clive_A

2023-11-15 01:17:33

Posts: 5078

Helpful: 2357

Solutions: 1120

Stories: 0

Registered: 2023-06-09

Re:Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

2023-11-15 01:17:33

Hi @sswloski

Thanks for posting in our business forum.

sswloski wrote

@MR.S
Thank you for your reply
I tried setting the Local and Remote IDs to 'Name' and then assigned GedraGrove1 & CedarGrove2 (swapping local and remote names on the second router), but it still hasn't managed to form a connection

Is your WAN IP public? Screenshot your modem router's WAN status and mosaic the last two parts. Need both sites.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

#5

sswloski

LV1

2023-11-15 01:27:55

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-10-20

Re:Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

2023-11-15 01:27:55

@Clive_A
Hello and thank you for your reply

For the advanced settings, One router had more fields set than the other, so I set them to match, with the exception of the Initiator / Responder option
The blanked out IPs of the remote sites are set to those of the ISP routers WAN IPs
The UDP 500 and 4500 port forwarding on the ISP routers are both set between the internal IP of the ER605 and the WAN port

0

#6

Clive_A

2023-11-15 02:05:00

Posts: 5078

Helpful: 2357

Solutions: 1120

Stories: 0

Registered: 2023-06-09

Re:Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

2023-11-15 02:05:00

Hi @sswloski

Thanks for posting in our business forum.

sswloski wrote

@Clive_A
Hello and thank you for your reply

For the advanced settings, One router had more fields set than the other, so I set them to match, with the exception of the Initiator / Responder option
The blanked out IPs of the remote sites are set to those of the ISP routers WAN IPs
The UDP 500 and 4500 port forwarding on the ISP routers are both set between the internal IP of the ER605 and the WAN port

Would appreciate it if you could read my previous reply. I need to confirm that you are getting the public IP on the modem router.

I don't have any other options. You can try to Wireshark on the WAN and see if the UDP 500 and 4500 were used. Or use the filter isakmp.

A proper IPsec negotiation would look like this. So you try to port mirroring a computer to your modem router's WAN and Wireshark. IP used should be the public IP address.

Example:

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. Don't be a lazy asker. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

#7

sswloski

LV1

2023-11-15 02:35:50

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-10-20

Re:Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

2023-11-15 02:35:50

Sorry, I forgot to confirm that the IP of each remote host is set to that of the remote ISP modem's IP I have rather minimal experience with wireshark, but do believe that you are correct that this is what it'll take to find where the blockage is. I'll need to work on my port snooping skills

0

#8

Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

Lan-Lan IPsec tunnel with two ER605, each behind ISP routers

Information

Voters 0

Tags