Omada Pro Logo official website Vigi Logo official website
Contact Us
United States / English
Store
Get a Demo

How to configure LAN-to-LAN IPsec VPN on TP-Link Router using the new GUI

Configuration Guide
Updated 06-27-2022 06:30:17 AM Number of views for this article286690
This Article Applies to: 

With LAN to LAN VPN function, different private networks can be connected together via the internet. Take the following topology as an example, we will learn how to configure the LAN to LAN IPsec VPN.

Step1 Verify the settings needed for IPsec VPN on router

Check the VPN Router A.

Choose the menu Status > System Status and Network > LAN.

Check the VPN Router B.

Choose the menu Status > System Status and Network > LAN.

Step 2 Configure IPsec VPN setting on Router B

(1) Choose the menu VPN > IPSec > IPSec Policy and click Add to load the following page on the VPN router. Configure the basic parameters for the IPsec policy.

· Specify the mode as LAN-to-LAN.

· Specify the Remote Gateway as 10.10.10.20.

· Specify the WAN as WAN1.

· Specify local subnet as 192.168.0.0/24 and remote subnet as 192.168.10.0/24.

· Specify the Pre-shared Key as you like. Here we enter 123456.

(2) Click Advanced Settings to load the following page. In the Phase-1 Settings section, configure the IKE phase-1 parameters.

· Select md5-des-dh1 as the proposal.

· Specify Exchange Mode as Main Mode.

· Specify Negotiation Mode as Responder Mode.

· Specify Local/Remote ID Type as NAME.

Once the router is behind a NAT device, we have to select Aggressive Mode as Exchange Mode and select NAME as Local/Remote ID Type, otherwise, the VPN tunnel can’t be established.

· Specify the local/remote ID as you like. Here we specify the local ID as 123 and remote ID as 321.

(3) In the Phase-2 Settings section, configure the IKE phase-2 parameters. Click OK.

· Specify Encapsulation Mode as Tunnel Mode.

· Select esp-md5-des as the proposal.

Once the router is behind a NAT device, the proposal cannot be specified as ah-md5 or as –sha1, otherwise, the VPN tunnel can’t be established.

Step 3 Configure IPsec VPN setting on Router A

The configuration of Router A is similar to Router B.

(1) Choose the menu VPN > IPSec > IPSec Policy and click Add to load the following page on the VPN router. Configure the basic parameters for the IPsec policy.

(2) Click Advanced Settings to load the following page. In the Phase-1 Settings section, configure the IKE phase-1 parameters.

(3) In the Phase-2 Settings section, configure the IKE phase-2 parameters. Click OK.

Step 4 Verify the connectivity of the IPsec VPN Tunnel.

Regardless of Router A and Router B, choose the menu VPN > IPsec > IPsec SA to load the following page. If the IPsec VPN tunnel is established successfully, it will be shown in the list.

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

As explained further in our website Privacy Policy, we allow certain advertising partners to collect information from our website through cookies and similar technologies to deliver ads which are more relevant to you, and assist us with advertising-related analytics (e.g., measuring ad performance, optimizing our ad campaigns). This may be considered "selling" or "sharing"/disclosure of personal data for "targeted advertising" as defined by certain U.S. state laws. To opt out of these activities, press "Opt Out" below. If the toggle below for "Targeted Advertising and 'Sale' Cookies" is to the left, you are already opted out and you can close these preferences.

Please note that your choice will apply only to your current device/browser. You must indicate your choice on each device and browser you use to access our website. If you clear your cookies or your browser is set to do so, you must opt out again.

Your Privacy Choices

As explained further in our website Privacy Policy, we allow certain advertising partners to collect information from our website through cookies and similar technologies to deliver ads which are more relevant to you, and assist us with advertising-related analytics (e.g., measuring ad performance, optimizing our ad campaigns). This may be considered "selling" or "sharing"/disclosure of personal data for "targeted advertising" as defined by certain U.S. state laws. To opt out of these activities, press "Opt Out" below. If the toggle below for "Targeted Advertising and 'Sale' Cookies" is to the left, you are already opted out and you can close these preferences.

Please note that your choice will apply only to your current device/browser. You must indicate your choice on each device and browser you use to access our website. If you clear your cookies or your browser is set to do so, you must opt out again.

Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off.

TP-Link

SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Zendesk

OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance

Targeted Advertising and "Sale" Cookies

These cookies allow targeted ads or the "sale" of personal data (toggle to the left to opt out).

Analytics cookies enable us to analyze your activities on our and other websites in order to improve and adapt the functionality of our website and our ad campaigns.

Advertising cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Meta Pixel

_fbp

Crazy Egg

cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or

Reddit

_rdt_uuid

Welcome to Our Website! If you stay on our site, we and our third-party partners use cookies, pixels, and other tracking technologies to better understand how you use our site, provide and improve our services, and personalize your experience and ads based on your interests. Learn more in your privacy choices.