Site To Site Auto or Manual IPSec not working
I have 1 ER7206 Routers. We are connecting 2 branch offices by VPN with very fast/high bandwidth connections at each.
Each branch office will connect to 1 main ER7206.
Each router is connected to the internet both router being BT Smarthub 2 and provides connections to the LAN normally.
We are using the omada hardware controller linked to ER7206 and linked to the Omada Cloud.
The routers are also connected and adopted and configured with the following subnets.
Main Branch 192.168.1.0/24
Remote site 192.168.3.0/24
We created an Auto IPsec connection for "Remote Site" using the omada interface, checked the connection was auto-created on both ends. No VPN Tunnels are active listed in the omada>insight>VPN Status menu. Even after we rebooted both routers.
We deleted the Auto IPSec entry and created a "Manual IPsec" VPN Tunnel.
We specified the remote gateways for both ends using the public IP as we have one static one and other is dynamic on each end
The manual ipsec tunnel used the following settings for each end:
Site to site VPN
Manual IPsec
Status - Enable
Remote gateway - Public IP
Remote Subnet - The subnet of each end i.e 192.168.0.1/24 - 192.168.3.0/24
Local Networks: all
Preshared Key: Same key on both ends.
WAN - WAN
Phase 1
Key Exchange Version - Have tried both IKEv1 and IKEv2
Proposal - SHA1-DES-DH5 on both
Negotiation Mode - Initiator on both
Negotiation Mode - When using IKEv1 we tried both Main and agressive on both
Local ID - Name: Each has unique ID or tried IP Adress
Remote ID - Name - Other ends ID that matches the Local ID or Set To IP Adress
SA Lifetime - 28800
DPD - Enable
DPD Interval - 10
Phase 2
Encasulation Mode: - Tunnel
Proposal - ESP-SHA1-AES256
PFS - None
SA Lifetime - 28800
not sure why it is not working but would love some advice on this? also rebooted the 2 routers with no success.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
but ive purchase a rj11 to rj45 converter i want to try connecting the ISP directly to the TP link router
I'm afraid its not as simple as that. I'm assuming you have a DSL connection to your ISP since you're using an RJ11. You will need a DSL modem to be able to connect the ER7206 directly to your ISP. The BT SMart Hub (unlike some routers) isnt able to be switched to bridge(modem) mode.
- Copy Link
- Report Inappropriate Content
@Stariaa has this been resolved? I can try to help as I'm using a site-to-site configuration already for 2 years. Homebase is using an ER605 with controller using public IP and ER605 at the remote site using dynamic IP.
- Copy Link
- Report Inappropriate Content
@bmall Hi not really still not working for me till this day have any ideas or alternative configuartion you can give ?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1919
Replies: 24
Voters 0
No one has voted for it yet.