1

I've got two Ubiquiti EdgeRouters set up in different locations. I need to setup a Site-to-Site VPN so that everyone has access to the server on one location.

This is the network topology: https://i.stack.imgur.com/7WmhA.png

On the two ISP routers, i have UDP ports 4500 and 500 forwarded directly to the EdgeRouters on each site.

This is the EdgeRouter configurations: https://i.stack.imgur.com/bZTBT.png

(Couldnt post pictures instead)

Yet both sites are down.

Is it because of the ISP routers? Could really use some help.

Please feel free to ask any questions

Thomsen1707
  • 21
  • 4
  • Aren't there any additional configs like NAT traversal etc.? What's in the logs? Can you even ping the remote public IPs? Try not using _any_ as IP, but the specific public IP. Depending on your router, you may have to DNAT the packets, not only port-forward them. – Lenniey Aug 02 '17 at 07:44
  • I have not configured anything else. I will try and find the logs. I can ping the public IPs. I will try with the specific IP. I will do a search on DNAT, but right now i have port-forwarded some things that goes from Router1 -> EdgeRouter1 -> Server 1, and that works fine. – Thomsen1707 Aug 02 '17 at 08:00
  • Some routers can't really "forward" ESP packets. What's the router model? Do you have firewalling enabled in your EdgeRouter as well? – Lenniey Aug 02 '17 at 08:02
  • One of them is a Cisco EPC3925. The other is a Sagemcom, that they brand as they're own. I do have firewalling enabled on both EdgeRouters. But a box over the configuration of the peers, it has a box checked that states "Firewall: | x | Automatically open firewall and exclude from NAT". – Thomsen1707 Aug 02 '17 at 08:38
  • You need to sniff the packets or analyze the logs, otherwise we're fishing in muddy waters. – Lenniey Aug 03 '17 at 12:18

0 Answers0