Problem with VPN IP-SEC

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Problem with VPN IP-SEC

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Problem with VPN IP-SEC
Problem with VPN IP-SEC
2024-03-05 19:02:08 - last edited 2024-03-06 02:43:49
Tags: #VPN
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.0 Build 20220106 Rel.56391

Hello,

 

I'm trying to establish an IP-SEC VPN between two sites, and I can't get it to work.

 

On the one hand, I have a TP-Link ER605 Router, and on the other hand a Router from another manufacturer (Cudy)
Yes, it is best that they are the same Router, but currently I cannot change it.

 

It seems that phase 1 does work, but phase 2 does not:

 

11 2024-03-05 19:40:26 IPsec NOTICE WAN: IKE negotiation began in initiator mode. (Mode=Main Mode, Peers=192.168.0.2<->83.X.X.X)
12 2024-03-05 19:40:17 IPsec NOTICE WAN: Phase 1 of IKE negotiation succeeded. (Peers=192.168.0.2<->83.X.X.X)
13 2024-03-05 19:40:13 IPsec NOTICE WAN: IKE negotiation began in responder mode. (Mode=Main Mode, Peers=192.168.0.2<->83.X.X.X)

 

This is the configuration I have on both sides:

 

House 1
ISP Router
WAN: 81.X.X.X
LAN: 192.168.0.1
DMZ: 192.168.0.2

 

TP-Link router
WAN: 192.168.0.2
LAN: 192.168.1.1

 

House 2
ISP Router
WAN: 83.X.X.X
LAN: 192.168.5.1
DMZ: 192.168.5.100

 

Cudy Router
WAN: 192.168.5.100
LAN: 10.0.0.1

 

And the VPN configuration is this:

 

TP-Link

 

Cudy

 

 

Could you help me or give me some advice on something that might help?

 

Thank you!

  0      
  0      
#1
Options
4 Reply
Re:Problem with VPN IP-SEC
2024-03-06 02:44:36

Hi @SergioCG 

Thanks for posting in our business forum.

Have you tried to port forward? I don't see any steps in this. Note that you are placing them behind a local network.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Problem with VPN IP-SEC
2024-03-06 05:51:47

  @Clive_A 

 

Well, i use the DMZ, so all traffic is redirect automatically.

  0  
  0  
#3
Options
Re:Problem with VPN IP-SEC
2024-03-06 06:14:50

Hi @SergioCG 

Thanks for posting in our business forum.

SergioCG wrote

  @Clive_A 

 

Well, i use the DMZ, so all traffic is redirect automatically.

Phase 2 failed, so have you compared the phase 2 encryption?

 

Wireshark if you can, provide the filter of isakmp screenshot.

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Problem with VPN IP-SEC
2024-03-07 18:37:27 - last edited 2024-03-07 18:38:41

Is possible that the problem is that?

 

11 2024-03-05 19:40:26 IPsec NOTICE WAN: IKE negotiation began in initiator mode. (Mode=Main Mode, Peers=192.168.0.2<->83.X.X.X)
12 2024-03-05 19:40:17 IPsec NOTICE WAN: Phase 1 of IKE negotiation succeeded. (Peers=192.168.0.2<->83.X.X.X)
13 2024-03-05 19:40:13 IPsec NOTICE WAN: IKE negotiation began in responder mode. (Mode=Main Mode, Peers=192.168.0.2<->83.X.X.X)

 

Shouldn't my public IP appear here (81.X.X.X.)? Instead of the lan ip?

 

I see another logs of people, and appear the ip public's, and not the lan's.

 

How can i change it?

 

Thank you.

  0  
  0  
#5
Options