Knowledgebase
How to Setup IPsec VPN Tunnel to Allow Branch Office Networks to See Each Other
Posted by on 23 January 2015 11:42 AM

This document guides through how to create LAN to LAN IPsec tunnels for multiple sites/offices and let the branch offices communicate with each other via Head Office router.

Picture-1

Note: *WAN IP’s are sample ones; actual WAN IP will be public IPs

 

Head Office VPN configuration for Branch Office A

1). Go to VPN and Remote Access >> LAN to LAN

Picture-2

2). Enter the profile name and Enable this profile

3). Select Call direction as Dial-in (server)

4). Under Dial-In Settings, select only IPsec Tunnel

5). Enter Remote VPN Gateway = IP address of WAN interface of Branch office A router

Picture-3

6). Input the Pre-shared Key. This must be same at both ends of the VPN tunnel.

Picture-4

7). In TCP/IP Network Settings, Enter LAN IP of remote site under “Remote Network IP”

 

Head Office VPN configuration for Branch Office B

Steps are similar to the setting of Branch Office A. Please ensure to put correct parameters.

 

VPN configuration on Branch Office A Router:

1). Go to VPN and Remote Access >> LAN to LAN

2). Enter the profile name and Enable this profile

3). Select Call direction as Dial-Out (client)

4). Under Dial-Out Settings, select only IPsec Tunnel

5). Enter Server IP = IP address of WAN interface of Head office router

Picture-5

6). Input the Pre-shared Key. This must be same as you entered in Head office router.

7). In TCP/IP Network Settings, Enter LAN IP of remote site under “Remote Network IP”

Picture-6

8). “More” option allows more connections with other branch offices through the Vigor2925. To activate it, please click “More” and follow the setting below:

      > Put the network IP with netmask

      > Click on Add

Picture-7

 

VPN configuration on Branch Office B Router:

Steps are similar to the setting of Branch Office A. Please ensure to put correct parameters like WAN IP, LAN IP, Preshared Key and Network IP under more option

In TCP/IP Network Settings, Enter LAN IP of remote site under “Remote Network IP”

Picture-18

While configuring “More” option in Branch Office B, you need to add network IP of Branch A. Follow the setting below:

     > Put the network IP with netmask

     > Click on Add

Picture-19

Checking the connectivity

Once all three routers are configured for VPN, you can check the tunnel status under Connection 
Management and can use PING tool to check reachability to the remote site.

Connection management option is available under VPN and Remote Access.

 

Connection Management in Head Office Router:

Picture-8

Connection Management in Brach Office A Router:

Picture-9

Connection Management in Brach Office B Router:

Picture-10

Ping Tool in Head Office to Branch A and Branch B

Picture-11

Ping Tool in Branch A for Head Office

Picture-12

Ping Tool in Branch B for Head Office

Picture-13

Now Branch A and Branch B would be able to communicate with each other

From Branch A to B

Picture-14

From Branch B to A

Picture-15

Additional testing can be done by using Ping tool from laptops connected on each Branch Office

Ping response to Client B from Client A connected to Branch Office A Router

Picture-16

Ping response to Client A from Client B connected to Branch Office B Router

Picture-17

 

(3 vote(s))
Helpful
Not helpful

Comments (0)