Site to site IPSEC tunnel between 2 ER707-M2 routers only routes on one side

Site to site IPSEC tunnel between 2 ER707-M2 routers only routes on one side

Site to site IPSEC tunnel between 2 ER707-M2 routers only routes on one side
Site to site IPSEC tunnel between 2 ER707-M2 routers only routes on one side
3 weeks ago - last edited 3 weeks ago
Tags: #VPN
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.3 Build 20240822 Rel.52946

Hello,

 

I have 2 ER707-M2 routers that I am connecting via an IPSEC tunnel.  The VPN connects fine and and can see each router from the network of of the other router.

 

The routers are not the same hardware version.  The one that is not routing correctly is version 1.0 . The one that is is version 1.2.  Both are setup identically with all the defaults except DPD disabled.

 

I have tried switching which router is the initiator/responder but the one that does route stays the same.

 

The only log message that I ever see is:

Set up IPsec connection successfully. (Peers=xxx.xxx.xxx.xxx<->xxx.xxx.xxx.xxx)

 

I have Client-LAN L2TP VPN's setup on both routers and when connected to those everything works as expected.

 

Router 1:  (Hardware Version 1.0 FW: 1.2.3 Build 20240822 Rel.52946)

Policy Name: wi2fl

Mode: LAN-to-LAN

Remote Gateway: xxx.xxx.xxx.xxx (Router 1 IP on Router 2)

WAN: 2.5G WAN1

Local Network Type: Network

Local Networks: LAN

Remote Subnet: 192.168.2.0/24 (192.168.0.0/24 on Router 2)

Pre-shared Key: xxxxxxxxxxxxxxxxxxx

Status: Enable

 

Phase-1 Settings

IKE Protocol Version: IKEv2

Proposal: sha1 aes256 dh2

Proposal: sha1 3des dh2

Proposal: sha256 aes256 dh5

Proposal: sha256 aes256 dh14

Negotiation Mode: Initiator Mode (Responder Mode on Router 2 though I have tried swithcing these0

Local ID Type: IP Address

Remote ID Type:  IP Adddress

SA Lifetime: 2880

DPD: Disabled

 

Phase-2 Settings

Encapsulation Mod:  Tunnel Mode

Proposal: esp sha1 aes256

Proposal: esp sha1 3des

Proposal: esp sh256 eas256

Proposal: esp md5 3des

PFS: none

SA Lifetime: 28800

  0      
  0      
#1
Options
1 Accepted Solution
Re:Site to site IPSEC tunnel between 2 ER707-M2 routers only routes on one side-Solution
3 weeks ago - last edited 3 weeks ago

  @Clive_A It has started working.  I'm not sure what was wrong before but the above config appears to function as expected.

 

Thanks!

Recommended Solution
  1  
  1  
#3
Options
2 Reply
Re:Site to site IPSEC tunnel between 2 ER707-M2 routers only routes on one side
3 weeks ago

Hi @Bonfigleo 

Thanks for posting in our business forum.

Is this a complete config? I only see a S2S config posted. Or the rest of config is missing?

You mentioned that you have L2TP Client-to-Site.

I don't think I can review if there is a problem with your config.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:Site to site IPSEC tunnel between 2 ER707-M2 routers only routes on one side-Solution
3 weeks ago - last edited 3 weeks ago

  @Clive_A It has started working.  I'm not sure what was wrong before but the above config appears to function as expected.

 

Thanks!

Recommended Solution
  1  
  1  
#3
Options