We’ve set up a couple of routers and gotten basic functionality working. We managed to get IPSEC VPN working between two static IP sites. We also got IPSEC working between a Netgear FVS336Gv2 and a Mikrotik unit.
We’d like to add a dynamic site as well. As it stands, the IP address on our dynamic connection only changes every couple of months. When we were using Netgear routers, we’d just update the IP address whenever it went down. We set everything up same as the static sites, but we’re getting an odd issue - we can only ping through one direction. The static site is double-nat, and we don’t seem to be able to change that. At least, our ISP is telling us we can’t - the router won’t go into bridge mode.
So here’s the layout we’d like. Done a bunch of searching I haven’t had much luck on setup. Any ideas?
Once that’s working, there’s a follow-up: IPIP tunnels. We’ve already set up PCC load balancing, and based on reading the correct way to set up a load-balanced IPSEC VPN is to use IPIP tunnels. We’re having a similar problem - the tunnel isn’t connecting when we’re on a double-nat connection. Is the fix the same?
Thanks-
Mike