i want to make a vpn between RB2011UAS-2HnD-IN and 6 locations using RB951-2n
each satellite locations has a ip range that is different or same. some are 192.168.2.0/24 or 192.168.3.0/24 or 192.168.1.0/24
the office network is 192.168.2.0/24 and 192.168.1.0.24
i need to make an encrypted vpn connecting each location to the office ( they don’t see eachother only the office )
i made an iptunnel
i made it ipsec.
one branch can ping office and office can ping branch.
problem is the computers behind them. if tunnel is ipsec’ed do i need to encrypt computer to the 951 ?
what would be best approach ? i tried EOIP but doesnt work
i would like the vpn to be in the 10.0.1.0/24 range
so each locations would have a 10.x ip as well as theyr 192.168.x ip and the 10.x route would go to the office vpn lan.
Router A can ping Route B and vice versa (although sometimes i need to reverse ping to get the connection up for some reason)
but Client AA behind Router A cannot ping Client BB behind router B
nor
can Router A ping client BB behind router B
IP TUNNEL: tunnelfrank bettween public ip of ROUTER A and ROUTER B
ROUTER A : port 1 (ether1) upstream public internet, port 2 ether2 is going to the client 10.0.0.3
ROUTER A (server with 2011uas) :
address: 10.0.0.1/24 network 10.0.0.0 interface tunnelfrank
routes 10.0.0.0/24 interface tunnelfrank reachable
CLIENT AA: 10.0.0.3
ROUTER B ( remote with RB951-2n) :
address: 10.0.0.8/24 network 10.0.0.0 interface tunnelfrank
routes: 10.0.0.0/24 tunnelfrank reachable
FROM ROUTER A;
i can ping 10.0.0.8
if i ping 10.0.0.3 then i get reply size 78 ttl 64 status:redirect host 100% packetloss