Business Community > All Threads > IPSEC Branch to Branch and Branch to Head
< All Threads

IPSEC Branch to Branch and Branch to Head

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPSEC Branch to Branch and Branch to Head

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPSEC Branch to Branch and Branch to Head
IPSEC Branch to Branch and Branch to Head
2023-06-05 09:49:46
Model: OC200  
Hardware Version: V2
Firmware Version: 5.9.32

Hello friends

 

I have a Head Office and two Branch Offices.

I have an IPSec tunnel created between each Branch Office through to the Head Office.

The IPSec tunnels both come up and work.

I can get traffic to/from each Branch Office through to the Head Office.

However, I cannot get traffic from either Branch office through to the other Branch Office.

 

May I know what I'm doing wrong please

  0      
 
  0      
 
#1
Options
5 Reply
Re:IPSEC Branch to Branch and Branch to Head
2023-06-05 16:31:19

  @VJY 

 

Did you include Branch2's subnet in the Branch1-HQ tunnel 'remote subnets'?  Basically if you want to get traffic between B1 and B2, they need to know that their respective subnets are via the tunnel to HQ.  Alternatively, create a 3rd tunnel from B1 to B2 and do it that way.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:IPSEC Branch to Branch and Branch to Head
2023-06-06 10:19:38

Dear @d0ugmac1 ,thank you kindly for your prompt response.

Below is what is setup at the moment and the Green tunnels are working fine.I added the remote subnets as per your suggestion and it does not make any difference, the Ipsec only shows the connections between the HEAD and the Two Branches.

when I'm creating a parallel tunnel, I have turned off the existing tunnels to the head office and  added B1 as Responder and B2 as Initiator and that doesn't seem to work either.

Also i have Turned the existing Tunnel on between Head Office and B1 ,B2 and it did not make any difference,I have checked the ACL and there is none blocking any traffic between B1 and B2

 

 

 

  0  
  0  
#3
Options
Re:IPSEC Branch to Branch and Branch to Head
2023-06-06 12:47:45

  @VJY 

 

Ok, try adding a static route at B1 and B2.  For instance

 

B1:  10.3.0.0/16 gw 10.1.1.1

B2:   10.2.0.0/16 gw 10.1.1.1

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#4
Options
Re:IPSEC Branch to Branch and Branch to Head
2023-06-12 11:40:08

  @d0ugmac1 yes. that's what's missing..also missing is the tunnel that must be used between b1 and b2 if head office goes down.

  0  
  0  
#5
Options
Re:IPSEC Branch to Branch and Branch to Head
2023-06-12 12:57:08

  @crrodriguez 

 

Only if B1 ever needs to talk to B2, if they were say suppliers to the business at HQ, they wouldn't necessarily want to be able to talk to each other :)

 

Routing gets a bit more complicated when you have multiple options, and ideally there's be a routing protocol in place to manage this.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 500

Replies: 5

Related Articles
Controlling AP devices in branch office from head office
153 0
Routing between “Branch” (VPN) sites.
212 0
Site Branch without Switch. Will it work?
435 0
Connect branch office using Omada Hardware controller
730 0
New branch site wont route vlans
473 0
Can Site to Site VPN work with 2xER605 but only main branch has public ip?
457 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.