Site-to-Site VPN issue

yevpro · May 29, 2017, 11:21am

Hello!

We have 1 main office and 3 additional. I need to set up site-to-site vpn. I have created L2TP server in main office, L2TP clients in branch offices, added static routes both in main and branch offices. Now i can ping servers of main office from branch office PCs and vice versa. But I cannot reach resources of branch office 1 from branch office 2. I suppose i need to add some additional routes or allow traffic to go through the main router. What should i do to allow traffic flow from branch office to branch office?

Thanks!

Revelation · May 29, 2017, 1:21pm

Easiest thing is to setup dynamic routing between them and then FW rules to permit the traffic.

For instance:
HQ: 10.0.0.0/24
B1: 10.0.1.0/24
B2: 10.0.2.0/24
B3: 10.0.3.0/24

FW rules accepting 10.0.0.0/22 to 10.0.0.0/22

yevpro · May 29, 2017, 1:48pm

Thanks!
And how to setup dynamic routing?

Revelation · May 29, 2017, 7:00pm

You need to use a dynamic routing protocol, such as OSPF.