IKEv2 VPN Passthrough

#1

Our office just had our residential grade router replaced with a Peplink Balance 30 Pro. Most of the other topics I’ve found related to this have involved a VPN server inside the Peplink.

From our workstations, we have to connect to several customer sites via IKEv2 VPNs. Prior to the switch to Peplink, we had no issues. Subsequent to the transition to Peplink, I cannot connect from my PC to the customer’s VPN server. This is a problem on our side, because I can connect to this VPN from other networks.

IPsec NAT-T is Enabled, and nothing changed when I enabled Route IPsec Site-to-Site VPN. Packet capture from the WAN port via the support.cgi page doesn’t show any traffic from the VPN server directed at ports other than 4500 or 500. Looking at the Windows Event viewer, I get a log for successfully establishing the link, and then an error 809. Tried changing the windows 7 regkey for UDPEncapsulation… to 2, rebooted, no success.

Tried disabling remote access via L2TP/IPSec on the Peplink, no dice.

Anyone have any ideas? Manual port forwarding is virtually a non-starter, there are multiple client PCs, and although we don’t connect concurrently, having the change the router configuration every time a different person needs to connect is a bad solution.

0 Likes

#2

@tmullen

This is more to deployment and configuration need to be done for the B30 Pro. May i know who help you to deploy the device ? They should able to advice the requires settings for this. I would suggest you to contact your purchase point and they should able to help you to review the configuration.

Base on the description given, we may need to review the device configuration together perform some packet capture to confirm whether the IPSEC traffics is forwarded accordingly. This is not easy to be done via public forum. Would you please contact your purchase point or open a support ticket for this ? Support team can actually link you with the purchase point to work on the problem.

1 Like