VPN Device behind router/firewall – Valuable Tech Notes

ROUTER A: Peplink 310 serving as the gateway/router/firewall at one location.

ROUTER B: Linksys RV082 serving as the gateway/router/firewall at another location.

I want to VPN these two locations together.

The Peplink has a PPTP server and has proprietary site-to-site vpn if you had another peplink device.

The Linksys has an IPsec vpn server.

VPN A: I also have another spare linksys rv082.

I'm trying to setup the other rv082 (VPN A) behind the peplink (ROUTER A) and get VPN A to talk to ROUTER B.

I setup VPN A with a lan ip address and plugged one of it's LAN ports into the LAN. I was able to get to it's web interface fine.

On ROUTER A I one-to-one nat mapped one of our public ip's to the LAN IP for VPN A. I opened TCP 50-51 and UDP 500 to VPN A.

I configured the VPN settings on VPN A to connect to ROUTER B. I did the opposite for ROUTER B.

But the vpn doesn't connect.

Then I tried pluging VPN A's wan port into the lan, and gave it another LAN IP. I thought perhaps VPN A didn't want to send VPN traffic out over the LAN and wanted do send it over it's WAN.

The vpn still doesn't connect.

Is what I'm trying to do even possible?

Best Answer

I did something similar recently, where I set up a VPN originating from a Linksys RV082 from behind a NAT router, so it's definitely possible.

Here are a few suggestions to consider:

Ensure that NAT traversal (NAT-T) is enabled on the Peplink device
If the Peplink devices supports IPsec, consider using that instead of the RV082
Check that one VPN endpoint has keepalive enabled, or try sending traffic down the tunnel to bring up the security association
You probably need to use the WAN port on VPN A to connect it to the LAN behind Router A. Normally, these devices will only listen establish VPN connections using their outside interface.
If NAT-T is working properly, you don't need to do any port forwarding or NAT mapping on Router A. Try turning off your one-to-one mapping.
You can get away with only one side of an IPsec security association being configured with a remote peer address. Try setting up VPN a with the remote address for Router B, then configure the security association on Router B to use 0.0.0.0 as the remote peer. It will just listen for a connection that way.

If it still doesn't work, check your logs on both sides, and verify that the Phase 1 and Phase 2 proposals are all using identical parameters.

Best Answer

Related Solutions

Cisco – Is it necessary to create a client to gateway VPN tunnel for QuickVPN users on the RV082

Cisco – Why doesn’t QuickVPN on the RV082 work anymore

Solution

Background/Analysis

RV082 #2 Successful Configuration

RV082 #1 (Failed Unit) Unsuccessful Configuration

RV082 #3 (Replaced RV082 #1) Successful Configuration

Related Topic