It is common that a company has a head quarter and few branches locate at different places. Network administrator can establish VPN tunnel between hear quarter and each branch, so the employees on branch site can access the service and resource in head quarter. Network administrator can also establish the VPN tunnel between the branch sites, so the employee can access to each others on the different branches. However, this is only an easy job for network administrator when there are only few branches.
Let do some simple calculations, how many VPN tunnels should network administrator constructs, in order to let the employees to access to each sites service and resource? If there are three sites, network administrator will need to construct three tunnels; if there are four sites, will need six tunnels. Five sites, ten tunnels. If we have n sites, then we will need Ʃ(n-1) tunnels. It will become not an easy job for network administrator to handle this amount of VPN tunnels.
To make the task easier, network administrator can construct the VPN tunnels between each branch and head quarter, then let the head quarter to forward the traffic from one branch to another. So, network administrator will only need to construct and maintain lesser VPN tunnels which the amount is as same as the branch offices.
This article introduces how to create a LAN to LAN multiple VPN clients using IPSec, and to let the branch offices communicate to each other through Following is the scenario.
Vigor Router in head quarter will be the VPN server (dial-in site), both Vigor Routers in branch office will be the VPN clients (dial-out sites).
Go to VPN and Remote Access >> IPsec General Setup, and enter the PSK (PreShared Key)
Go to VPN and Remote Access >> LAN to LAN, and click an available index
In Common Settings:
In Dial-In Settings:
3. Select the IPSec Tunnel service.
In TCP/IP Network Settings:
4. Enter the LAN IP and Subnet Mask of the remote side in Remote Network IP and Mask.
Similar to configuration for branch_2960, only need to change remote network to LAN of Vigor2860.
Go to VPN and Remote Access >> VPN Profiles.
In Dial-Out Settings:
Once the IPSec tunnel is established between all three devices, you can check the tunnel status under Connection Management of each device. You can also use the Ping Tool under Diagnostics to check if you can ping the remote site.
Now the branch offices should be able to reach mutually through the Vigor router in head quarter. Ping from Branch_2960 to Branch_2860
Ping from Branch_2860 to Branch_2960:
The scope of application of privacy protection policy
Personal data collection, processing and use
When you visit this website or use the functional services provided on this website, we will ask your necessary personal information and use it within that specific purpose; without your agreement in writing this website will not use your personal data for any other purpose.
When you use interactive features such as mailboxes and surveys, this site will retain your name, e-mail address, contact information and usage time.
In normal browsing, the server will record the relevant actions, including the IP address of the device you are using, the time of use, the browser you are using, the browsing and data logging, etc., as a reference for our website services. This record for internal applications will not be announced.
Statistics and analysis of collected questionnaires, statistics or descriptive text of the results will be provided for accurate service. In addition to internal research, statistical data and descriptive text will be published if it is necessary. The information published excludes information on specific individuals.
The protection of information
The website hosts are equipped with firewall, anti-virus system and other related information security equipment and the necessary security measures to protect the site and your personal information with strict protection measures. Only authorized personnel can access your Personal data. The relevant processing personnel are signed confidentiality contract, if there is breach of confidentiality obligations, will be subject to the relevant legal punishment.
In the event that it is necessary to entrust other units to provide services for business purposes, the Site will strictly require compliance with the confidentiality obligations and take the necessary inspection procedures to ensure that it will comply.
External links to the site
The policy of sharing personal information with the third party
This website will not provide, exchange, rent or sell any of your personal information to other individuals, groups, private enterprises or public agencies. However the legal basis or contractual obligations are excluded.
The foregoing proviso includes, but not limited to:
The use of Cookie
Please read this Term of Use Agreement ("Terms") carefully before you register to get the Firmware and Technical article Update Notice.
Acceptance of Terms
Privacy and Protection of Personal Information
Third Party Sites
The service may contain links to other Internet websites or online and mobile services provided by independent third parties.
These Terms shall be governed and construed in accordance with the laws of Taiwan, without regard to its conflict of law provisions.
If you have any questions about these Terms, please contact us.