It is common that a company has a headquarter and few branches locate at different places. The network administrator can establish a VPN tunnel between hear quarter and each branch, so the employees on the branch site can access the service and resource in headquarter. The network administrator can also establish the VPN tunnel between the branch sites, so the employee can access to each other on the different branches. However, this is only an easy job for network administrator when there are only a few branches.
Let do some simple calculations, how many VPN tunnels should network administrator constructs, in order to let the employees access each site's service and resource? If there are three sites, the network administrator will need to construct three tunnels; if there are four sites, they will need six tunnels. Five sites, ten tunnels. If we have n sites, then we will need Ʃ(n-1) tunnels. It will become not an easy job for the network administrator to handle this amount of VPN tunnels.
To make the task easier, the network administrator can construct the VPN tunnels between each branch and headquarter, then let the headquarter forward the traffic from one branch to another. So, the network administrator will only need to construct and maintain lesser VPN tunnels which the amount is as same as the branch offices.
This article introduces how to create a LAN to LAN multiple VPN clients using IPSec, and to let the branch offices communicate with each other through Following is the scenario.
Vigor Router in headquarter will be the VPN server (dial-in site), both Vigor Routers in the branch office will be the VPN clients (dial-out sites).
Go to VPN and Remote Access >> IPsec General Setup, and enter the PSK (PreShared Key)
Go to VPN and Remote Access >> LAN to LAN, and click an available index
In Common Settings:
In Dial-In Settings:
3. Select the IPSec Tunnel service.
In TCP/IP Network Settings:
4. Enter the LAN IP and Subnet Mask of the remote side in Remote Network IP and Mask.
Similar to configuration for branch_2960, only need to change remote network to LAN of Vigor2860.
Go to VPN and Remote Access >> VPN Profiles.
Go to VPN and Remote Access >> LAN to LAN, and click an available index
In Common Settings:
In Dial-Out Settings:
In TCP/IP Network Settings:
Once the IPSec tunnel is established between all three devices, you can check the tunnel status under Connection Management of each device. You can also use the Ping Tool under Diagnostics to check if you can ping the remote site.
Now the branch offices should be able to reach mutually through the Vigor router in head quarter.
Ping from Branch_2960 to Branch_2860
Ping from Branch_2860 to Branch_2960:
Published On:2017-05-09
Was this helpful?