Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 140 views
  • Users 0 members are here
Options
Suggested

IPSEC site to site VPN, initiator behind router

GaryBrown

We are wanting to connect our remote office, which is in a managed/shared office space building, to our head office.
We have no control over the shared office netowrk.

We have a XGS in the managed office space.

The internet connection is supplied by the office space network, so the WAN on the shared office XGS is a local IP provided by the shared office router
Users are able to browse the internet without issue.

I need to get them access to our head office resources.

The head office has a XGS which is directly connected to the internet.

I am not able to get the Site to Site VPN to connect

So our network looks like

Settings at the remote site

Settings at Head Office

Seeking your advice on how to get this to connect



Edited TAGs
[edited by: Erick Jan at 4:12 AM (GMT -7) on 9 Oct 2024]
Parents
  • 0

    Hi  , 

    * are you able to ping head office wan ip (118.xyz)  from branch office XGS?

    * please check this: since the intervening device is a router, it should be having one subnet towards branch office (initiator) and another subnet towards head office.

    * with this, branch office xgs should have remote gw (in Ipsec config) set to ip address of router interface pointing to branch office

    * I am assuming ip address 150.xxx is on the router interface towards Internet (towards Head office XGS) as I see remote gw on Head office is set to this ip.

    * Try with this 1st option:

    On Head office: remote id type: IP address, Remote id: 150.xxx

    No need to use local id and do not use local/remote id on Branch office.

    2nd option:

    On Branch office : Under Local gateway -->  Select Local ID type: DNS, Local ID: test

    On Head office: Under Remote gateway -->  Select Remote ID type: DNS, Remote ID: test

    Try these things and see if the connection comes up, also check the /log/charon.log on both Branch office and Head office while bringing up tunnel.

    If this is not solving the issue, please share the access id of Branch and Head office to me on sreenivasulu.naidu@shophos.com, will take a look at the setup.

Reply
  • 0

    Hi  , 

    * are you able to ping head office wan ip (118.xyz)  from branch office XGS?

    * please check this: since the intervening device is a router, it should be having one subnet towards branch office (initiator) and another subnet towards head office.

    * with this, branch office xgs should have remote gw (in Ipsec config) set to ip address of router interface pointing to branch office

    * I am assuming ip address 150.xxx is on the router interface towards Internet (towards Head office XGS) as I see remote gw on Head office is set to this ip.

    * Try with this 1st option:

    On Head office: remote id type: IP address, Remote id: 150.xxx

    No need to use local id and do not use local/remote id on Branch office.

    2nd option:

    On Branch office : Under Local gateway -->  Select Local ID type: DNS, Local ID: test

    On Head office: Under Remote gateway -->  Select Remote ID type: DNS, Remote ID: test

    Try these things and see if the connection comes up, also check the /log/charon.log on both Branch office and Head office while bringing up tunnel.

    If this is not solving the issue, please share the access id of Branch and Head office to me on sreenivasulu.naidu@shophos.com, will take a look at the setup.

Children
No Data
Unfiltered HTML