E220 routers come with support for IPsec VPNs. In this example, we will set up an IPsec tunnel between two E220 routers that will allow us to get access to communicate the devices of each local network of each router.
Both routers are connected via WAN to a main router operating in the network 192.168.11.0. The IP address of each router is:
- Router #1: 192.168.11.20
- Router #2: 192.168.11.30
But each router has a different LAN network:
- Router #1 => IP: 192.168.2.1, network: 192.168.2.0/24
- Router #2 => IP: 192.168.3.1, network: 192.168.3.0/24
Configure the tunnel
- Go to Services > VPN > IPSec and select Gateway to Gateway mode:
- These are the settings for Router #1:
- The Profile Name can be anything.
- Enable has to be ticked
- Remote IPSEC Gateway is the IP address of Router #2
- Remote address is the LAN of Router #2
- Remote ID is the identification assigned to Router #2
- Method is kept as Static
- Route in this case is WAN
- Local Address is the LAN of Router #1
- Local ID is the identification assigned to Router #1
- Preshared-Key is the password to be used when authenticating the connection (has to be the same on both ends).
- These are the settings for Router #2 (local and remote fields are crossed in comparison to the settings of Router #1):
- The tunnel between both routers will be established after saving the settings:
Router #1 Status
Router #2 Status
Test the tunnel
In order to test the tunnel, we need to connect at least one device to the LAN of each router. In this case, a smartphone Android is connected via Wi-Fi to Router #2 and is assigned IP address 192.168.3.248. A laptop is connected via LAN to Router #1 and is assigned IP address 192.168.2.137.
From the smartphone, it is possible to ping the laptop connected to the other router using its local IP address (so pinging from 192.168.3.248 to 192.168.2.137):
From the smartphone, it is also possible to access the web interface of Router #1 (for this to work, you need to enable the rule AcceptWebAccessWanP from Network > Firewall > Traffic rules):
There is also available for download a PDF document showing the setup process of IPsec between E220 and a Cisco router: