Setup AWS Site to Site Connection with TPLink ER706-4G

Setup AWS Site to Site Connection with TPLink ER706-4G

Setup AWS Site to Site Connection with TPLink ER706-4G
Setup AWS Site to Site Connection with TPLink ER706-4G
2024-07-11 07:08:17
Model: ER706W-4G  
Hardware Version: V1
Firmware Version:

Hi,

 

I am having issue to establish my AWS Site To Site Connection with my TPLink ER706-4G

 

In AWS end, I have set

  1. TPLink WAN IP address as the Customer Gateway
  2. TPLink LAN Network IP address as part of the Static Routes
  3. Local IPv4 and Remote IPv4 network CIDR as 0.0.0.0/0
  4. Downloaded the Generic configuration which has the IPsec configuration instructions in it

 

In TPLink website, I have used the downloaded generic configuration file which has the IPsec configuration to configure the VPN => IPsec => IPsec policy as follow

 

- Policy Name: <anything>

- Mode: Lan-to-lan

- Remote gateway: Outside IP Addresses' Virtual Private Gateway

- WAN: LTE

- Local subnet: LAN network IP Address 192.*.*.*/24

- Remote subnet: IP address of a Subnet in the VPC 10.*.*.*/20 (I am using the subnet IP Address and CIDR instead of the VPC IP address and CIDR)

- Pre-Shared key: Given by the AWS generated Generic configuration file

 

In the advanced settings:

 

Phase 1 Settings:

- Proposal: sha1-aes128-dh2

- (other proposals empty)

- Exchange Mode: Main Mode

- Negotiation Mode: Initiator mode

- Local ID type: IP address

- Remote ID type: IP address

- AS lifetime: 28800

- DPD: enable

- DPD interval: 10 (this should match the DPD interval in the AWS config)

 

Phase 2 Settings:

- Encapsulation Mode: Tunnel

- Proposal: esp-sha1-aes128

- (other proposals empty)

- PFS: dh2 (should match the Perfect Forward Secrecy group in the AWS config)

- S Lifetime: 3600

 

And IPsec policy Status is set to "Enabled"

 

But somehow in the VPN IPsec => IPsec SA does not show anything at all.

 

My AWS Site-to-Site connection status is stated "Available".

 

I does not set the UDP or any Static Routing in my TPLink 4G router.

 

So I would like to seek everyone helps to enlighten me which portion I am missing, or where I did wrong that cause the router IPsec SA to be empty.

 

 

  0      
  0      
#1
Options
1 Reply
Re:Setup AWS Site to Site Connection with TPLink ER706-4G
2024-07-12 01:49:51 - last edited 2024-07-12 01:53:36

Hi @Jack83sg 

Thanks for posting in our business forum.

Put the bad news first. If the encryption is not supported, or cannot match with the AWS, this cannot be done.

Can you post screenshots of the configs of the IPsec for the connection? Both sites. To verify the parameters are matching.

AWS, cloud computing, have you opened the ports for the IPsec connection? They usually have an elastic IP address.

WAN interface IP for both sites. The reading from the router or the AWS server.

 

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 263

Replies: 1

Related Articles