Home

Forums

Stories

Knowledge Base

Business Community > Gateways > Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?

< Gateways

Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?

Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?

Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?

a week ago - last edited Friday

Posts: 8

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2021-11-09

Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?

a week ago - last edited Friday

Model: ER7206 (TL-ER7206)

Hardware Version: V2

Firmware Version: 2.2.3

Hi,

We are replacing the Palo Alto firewall at one of our sites with a TPLink Router.

The firewall is overkill cost wise as the site should make very little use of local breakout (guest WiFi only) and everything else should come across the VPN.

Across this VPN they should be able to reach both the core of our network and any other of our branch offices.

The only way we have been able to achieve this at other sites is by entering a long list of VPN policies which are identical with the exception of the remote subnets.

The remote end of all of these VPNs is a single firewall in Head Office.

Is it possible to configure a VPN policy with a single remote subnet ?

Possibly 0.0.0.0/0 - ie ALL traffic would pass over the VPN ?

or 192.168.0.0/16 - all traffic to other internal sites would pass over the VPN ?

If the latter would it matter than the local LAN was also in this range ?

Thanks

Andy

0

0

#1

1 Accepted Solution

LV5

a week ago - last edited Friday

Posts: 2977

Helpful: 1059

Solutions: 426

Stories: 0

Registered: 2018-08-17

Re:Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?-Solution

a week ago - last edited Friday

yes you can use 192.168.0.0/16 but it cannot overlap with the local network.

and you cannot use 0.0.0.0/0

Recommended Solution

0

0

#2

3 Reply

LV5

a week ago - last edited Friday

Posts: 2977

Helpful: 1059

Solutions: 426

Stories: 0

Registered: 2018-08-17

Re:Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?-Solution

a week ago - last edited Friday

yes you can use 192.168.0.0/16 but it cannot overlap with the local network.

and you cannot use 0.0.0.0/0

Recommended Solution

0

0

#2

LV4

a week ago

Posts: 650

Helpful: 312

Solutions: 43

Stories: 0

Registered: 2022-07-05

Re:Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?

a week ago

You may want to look into configuring a SD WAN on your routers. Matters on your model/version/firmware. I would suggest ER8411 for the core and medium size office and ER7206 for the smaller ones. Just to make sure you have the horsepower to make the bandwdith needs of your users.

I can not teach anyone anything - I can only make them think - Socrates

0

0

#3

LV4

a week ago

Posts: 650

Helpful: 312

Solutions: 43

Stories: 0

Registered: 2022-07-05

Re:Single VPN Tunnel for Router at Branch Office connection to corporate network CORE ?

a week ago

From what I can remember... @Clive_A can confirm. You can not PBR traffic into the VPN tunnel.

internal data flows across the VPN and internet flows out the remote gateways wan port.

I can not teach anyone anything - I can only make them think - Socrates

0

0

#4