Business Community > Controllers > VPN ikev2 with more than one LANs doesn't work
< Controllers

VPN ikev2 with more than one LANs doesn't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

VPN ikev2 with more than one LANs doesn't work

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN ikev2 with more than one LANs doesn't work
VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:11:01 - last edited 2021-05-20 08:37:09

Hello I have the following network topology

 

On building A exists a omada hardware controller wherewith I can manage network devices on building A and building B through port forwarding configuring on SDN Router (TL-R605) and ISP modem (ISP Modem 1) both. I want to connect this two buildings (networks) to communicate each other. The only way to achieve this is VPN. I have the following configurations:

Configuration VPN of Building A:

 

Configuration VPN of Building B:

 

The IKEv2 is taken automatically on both building.

And after that configuration VPN is not working.

I want your help, dear colleagues. If I find the solution first, I will post here it.

Thanks in advance

Network Engineer 1.0
  0      
 
  0      
 
#1
Options
2 Accepted Solutions
Re:VPN ikev2 with more than one LANs doesn't work-Solution
2021-05-20 08:36:52 - last edited 2021-05-20 08:53:47

@xperiments 

I finally succeeded. I created a 2nd VPN Policy in Building A by setting LAN2 as the remote subnet, ie the LAN of the 2nd floor of Building B (192.168.103.0/24). The 1st VPN Policy has the LAN of the 1st floor of Building B (192.168.102.0/24). Similarly for Building B I created a 2nd VPN Policy by setting Local Networks LAN2. The 1st VPN Policy has LAN1.

Those configurations have done with IKEv1. Also I have to mention that in case of doing on LAN on both building IKEv2 still not working
Thank you very much for your time

Network Engineer 1.0
Recommended Solution
  0  
  0  
#18
Options
Re:VPN ikev2 with more than one LANs doesn't work-Solution
2021-05-25 11:14:53 - last edited 2021-05-27 05:43:10

@xperiments 

Or if you want to use IKEv2, VPN connecion should work like this:

Building A configuration

Building B Configuration

Network Engineer 1.0
Recommended Solution
  0  
  0  
#19
Options
18 Reply
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:34:15

@xperiments 

Have you adopted both R605 on the Controller?

 

This is a new instruction from TP-Link and hope this one can help you.

Auto mode: How to set up site-to-site Auto IPsec VPN Tunnels on Omada Gateway in Controller Mode?

Manually:    How to Set up Site-to-Site Manual IPsec VPN Tunnels on Omada Gateway in Controller Mode?

  0  
  0  
#2
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:45:50

@Virgo 

Also, the WAN IP of your R605s is a private IP, please make sure your modem can pass through IPsec VPN data, otherwise, it's better to change the modem to bridge modem mode.

  0  
  0  
#3
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 07:51:43 - last edited 2021-05-19 07:52:53

@xperiments Thanks fot the response. I forgot to mention that with IKEV1 (with one LAN on both buildings) vpn is working fine. Also I have adopted router TL-R605 (on both buildings) on omada hardware controller

Network Engineer 1.0
  0  
  0  
#4
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 10:21:33

@xperiments 

All remote subnet is wrong. you have to use 

192.168.101.0/24

192.168.102.0/24

192.168.103.0/24

 

/shberge

 

  0  
  0  
#5
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 10:47:35

@shberge I use this format and nothing works. So, the problem arise from something else

Network Engineer 1.0
  0  
  0  
#6
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 10:55:47
OK, I have same solution and configuration between two ER605 and i work fine. but you can try to take out power on both ER605 and se. Provisioning dont alway work and a restart dont heltp. There is a lot of bug in ER605 and ER7206 but I hope nex update fix some of the issue. You can also try to disable DPD, I have som VPN to Cisco firewals ans they dont work with DPD on.
  0  
  0  
#7
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:03:10 - last edited 2021-05-19 11:12:49

@xperiments 

 

This is my config between two ER605, semilar config in both site. exept remote subnet and wan ip :-)

 

 

 

 

  0  
  0  
#8
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:47:33 - last edited 2021-05-19 11:48:22

with wan ip doesnt work because Omada gateway is behind a NAT device.@shberge 

Network Engineer 1.0
  0  
  0  
#9
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:56:08

@xperiments 

 

Do you have som ACL roule on gateway, Switch or EAP that block?

 

You can also enable alert on ipsec to get alert when connect or disconnect

 

 

 

 

 

  0  
  0  
#10
Options
Re:VPN ikev2 with more than one LANs doesn't work
2021-05-19 11:59:54

@xperiments 

 

Ok, but IKev1 work behind NAT? that strange. 

 

Ok then you have to nat ipsec port to your ER605 to get it to work.

 

I think that is UDP port 500 and 4500

 

 

  0  
  0  
#11
Options
12

Information

Helpful: 0

Views: 34

Replies: 0

About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.