Difference between revisions of "Overlapping subnets with IPsec solution"
From Teltonika Networks Wiki
PauliusRug (talk | contribs) |
m (Karolist moved page Overlapping subnets solution using NETMAP to Draft:Overlapping subnets solution using NETMAP) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 10: | Line 10: | ||
'''Configuration scheme''': | '''Configuration scheme''': | ||
− | [[File:Configuration_examples_ipsec_subnet_overlapping.png | + | [[File:Configuration_examples_ipsec_subnet_overlapping.png]] |
==Router configuration== | ==Router configuration== | ||
Line 19: | Line 19: | ||
First of, lets configure a simple connection between two IPsec instances, i.e., RUT1 and RUT2. | First of, lets configure a simple connection between two IPsec instances, i.e., RUT1 and RUT2. | ||
− | + | ===RUT1 configuration=== | |
---- | ---- | ||
− | [[File:IPsec1 config.png | + | [[File:IPsec1 config.png]] |
− | [[File:Ipsec2_config.png | + | [[File:Ipsec2_config.png]] |
− | # | + | #Enable - Enables IPsec instance |
− | # | + | #Remote endpoint - IP address or hostname of remote IPsec instance, only one side of IPsec needs to have it configured |
− | # | + | #Pre-shared key - Shared password used for authentication between the peers. The value of this field must match the other instance |
− | # | + | #Type - select tunnel |
− | # | + | #Local subnet - Virtual local IP address used to install IPsec tunnel |
− | # | + | #Remote subnet - Virtual remote IP address used to install IPsec tunnel |
− | + | ===RUT2 configuration=== | |
---- | ---- | ||
− | [[File:Ipsec3 config Overlapping subnets solution example .png | + | [[File:Ipsec3 config Overlapping subnets solution example .png]] |
− | [[File:Ipsec4 config Overlapping subnets solution example .png | + | [[File:Ipsec4 config Overlapping subnets solution example .png]] |
− | # | + | #Enable - Enables IPsec instance |
− | # | + | #Remote endpoint - IP address or hostname of remote IPsec instance, only one side of IPsec needs to have it configured |
− | # | + | #Pre-shared key - Shared password used for authentication between the peers. The value of this field must match the other instance |
− | # | + | #Type - select tunnel |
− | # | + | #Local subnet - Virtual local IP address used to install IPsec tunnel |
− | # | + | #Remote subnet - Virtual remote IP address used to install IPsec tunnel |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 16:04, 5 January 2022
Main Page > General Information > Configuration Examples > VPN > Overlapping subnets with IPsec solutionIntroduction
This article provides an extensive configuration example with details on how to solve overlapping subnets when using IPsec.
Configuration overview and prerequisites
Prerequisites:
- Two RUTxxx routers of any type (excluding RUT850)
- A SIM card with a Public Static or Public Dynamic IP address for the IPsec server
- An end device (PC, Laptop, Tablet, Smartphone) to configure the routers
Configuration scheme:
Router configuration
If you have familiarized yourself with the configuration scheme and have all of the devices in order, we can start configuring the routers using instructions provided in this section.
Basic tunnel
First of, lets configure a simple connection between two IPsec instances, i.e., RUT1 and RUT2.
RUT1 configuration
- Enable - Enables IPsec instance
- Remote endpoint - IP address or hostname of remote IPsec instance, only one side of IPsec needs to have it configured
- Pre-shared key - Shared password used for authentication between the peers. The value of this field must match the other instance
- Type - select tunnel
- Local subnet - Virtual local IP address used to install IPsec tunnel
- Remote subnet - Virtual remote IP address used to install IPsec tunnel
RUT2 configuration
- Enable - Enables IPsec instance
- Remote endpoint - IP address or hostname of remote IPsec instance, only one side of IPsec needs to have it configured
- Pre-shared key - Shared password used for authentication between the peers. The value of this field must match the other instance
- Type - select tunnel
- Local subnet - Virtual local IP address used to install IPsec tunnel
- Remote subnet - Virtual remote IP address used to install IPsec tunnel