This document guides through how to create LAN to LAN IPsec tunnels for multiple sites/offices and let the branch offices communicate with each other via Head Office router.

Note: *WAN IP’s are sample ones; actual WAN IP will be public IPs

 

Head Office VPN configuration for Branch Office A

1). Go to VPN and Remote Access >> LAN to LAN

2). Enter the profile name and Enable this profile

3). Select Call direction as Dial-in (server)

4). Under Dial-In Settings, select only IPsec Tunnel

5). Enter Remote VPN Gateway = IP address of WAN interface of Branch office A router

6). Input the Pre-shared Key. This must be same at both ends of the VPN tunnel.

7). In TCP/IP Network Settings, Enter LAN IP of remote site under “Remote Network IP”

 

Head Office VPN configuration for Branch Office B

Steps are similar to the setting of Branch Office A. Please ensure to put correct parameters.

 

VPN configuration on Branch Office A Router:

1). Go to VPN and Remote Access >> LAN to LAN

2). Enter the profile name and Enable this profile

3). Select Call direction as Dial-Out (client)

4). Under Dial-Out Settings, select only IPsec Tunnel

5). Enter Server IP = IP address of WAN interface of Head office router

6). Input the Pre-shared Key. This must be same as you entered in Head office router.

7). In TCP/IP Network Settings, Enter LAN IP of remote site under “Remote Network IP”

8). “More” option allows more connections with other branch offices through the Vigor2925. To activate it, please click “More” and follow the setting below:

> Put the network IP with netmask

> Click on Add

 

VPN configuration on Branch Office B Router:

Steps are similar to the setting of Branch Office A. Please ensure to put correct parameters like WAN IP, LAN IP, Preshared Key and Network IP under more option

In TCP/IP Network Settings, Enter LAN IP of remote site under “Remote Network IP”

While configuring “More” option in Branch Office B, you need to add network IP of Branch A. Follow the setting below:

> Put the network IP with netmask

> Click on Add

Checking the connectivity

Once all three routers are configured for VPN, you can check the tunnel status under Connection
Management and can use PING tool to check reachability to the remote site.

Connection management option is available under VPN and Remote Access.

 

Connection Management in Head Office Router:

Connection Management in Branch Office A Router:

Connection Management in Branch Office B Router:

Ping Tool in Head Office to Branch A and Branch B

Ping Tool in Branch A for Head Office

Ping Tool in Branch B for Head Office

Now Branch A and Branch B would be able to communicate with each other

From Branch A to B

From Branch B to A

Additional testing can be done by using Ping tool from laptops connected on each Branch Office

Ping response to Client B from Client A connected to Branch Office A Router

Ping response to Client A from Client B connected to Branch Office B Router