Contents

Introduction

Requirements

Configuration

Conclusion

QA

Introduction

IPsec Site-to-Site VPN can connect geographically isolated networks. It is mainly used in large enterprises to establish VPN channels between branches and the headquarter. IPsec VPN connection is established between branch routers through the public network to transmit private network data.

Omada gateways support two types of Site-to-Site IPsec VPN, Auto IPsec and Manual IPsec. The article introduces how to configure Manual IPsec via Omada controller using Omada APP.

Requirements

• Omada Gateways
• Omada Software Controller/Hardware Controller/Cloud Based Controller
• Omada APP

Configuration

For example, two gateways (gateway A and gateway B) are deployed at two sites respectively. Follow the steps below to configure Manual IPsec to establish a private tunnel between the two gateways.

Step.1 Create VPN Entry

In Site View > Settings > VPN, tap “+”

Step.2 Configure Manual IPsec VPN in all Sites.

Firstly, choose Site-to-Site VPN, and Manual IPsec VPN type.

Then configure parameters accordingly.

Status: Check the box to enable the VPN tunnel.

Remote Gateway: Enter the WAN IP addres of remote Gateway.

Note: At least one gateway needs to have a Public IP. If the remote Gateway doesn’t have a public IP, fill in with 0.0.0.0.

You can find gateway WAN IP address in Site Device > WAN > IP address.

Remote Subnets: Enter the IP address range of the LAN in the remote sites. You could go to the remote site Settings > LAN Settings > VLAN to find desired subnets configuration.

Local Network types: Choose between “Network” and “Custom IP”. Local networks are Local IP addresses that are allowed for remote site to access. ”Network" allows you to choose from LAN network configured in this site in Omada controller, while “Custom IP” allows you to use IP/MASK format to configure up to 5 IP range for remote clients to access.

Local Networks: Select the networks in the HQ and STA sites, and the VPN policy will be applied to the selected networks.

Note: Please avoid overlapping IP ranges between VPN endpoints, for which may cause routing issues in networks.

Pre-Shared Key: Enter the Pre-Shared Key (PSK) that serves as the authentication key. The gateways must use the same PSK for successful authentication.

WAN: Select the WAN port on which the VPN tunnel will be established.

Conclusion

After correctly configured, devices in configured Local Networks could communicate across sites.

For more advanced configuration, please use Omada controller and refer to https://support.omadanetworks.com/document/13297/

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

QA

Q1: What should I do if fail to connect to the internet. [Bold]

A1: Check if the cable is properly connected.