Allow Remote Users access to a site-to-site IPSec VPN

Hello, all!
We have a PepLink Balance One Core (Firmware 8.1.0 build 4943) (192.168.15.1/24).
We have a site-to-site IPSec VPN to a vendor for a database they host (x.x.x.x/32).
We have Remote User Access setup to allow user to work from home (10.10.10.x/24).

I would like for users working remotely to have access to the database hosted across the IPSec VPN. I’m hoping someone on the forum can explain how to configure that on our router because I’m clueless and out of coffee.

Thanx!

Hello @lanehicks,

I think you need to explain a little more what you wish to do. In essence you need to understand that a VPN tunnel (whatever encryption) is a private path between 2 points.
So if you wish for another party to use that tunnel, that party needs to connect to one of the end points to then go via the tunnel to the other end point.

So assuming you have your VPN setup to make the remote database visible on a local LAN, you will then have your remote user also connect to that local LAN to then get access to the remote database.
This connection from the remote user to the local LAN, I assume you would also like to be private, as such you will have to create a separate individual VPN from the remote user to the local LAN, and then (the remote user being part of the local LAN) they can reach the remote database (via the established database VPN).

So in effect you will need to manage multiple VPNs (for multiple end-users), if I understand from your post as to what you wish to do. As such you need to look at you Balance router becoming a VPN server for remote users.

Assuming from 10.10.10.x/24 → to x.x.x.x/32 works, but from x.x.x.x/32 → to 10.10.10.x/24 does not. Maybe try Virtual network address… under the Lan…static route… blue ? mark. It might be that x.x.x.x/32 does not have a route back to 10.10.10.x/24. I haven’t done it… just a thought!!