Hi Guys
So we(Branch) recently purchased some Ubiquiti equipment and now I'm trying to set up VPN S2S to a Main location (HQ)
HQ LAN: 192.168.2.0/24
HQ WAN: A.B.C.D
Branch LAN: 192.168.69.0/24
Branch WAN: 1.2.3.4
I've tried most of what i know from Cisco CCNA, however theese unbiquiti devices seem to require alot more attention to detail so I'm looking for any insight or help for me to establish a connection from Branch to HQ using a different local IP (NAT) 172.17.66.0/24
I've been handed the information below:
IPsec
Site-to-site
Phase 1
Negotiation Mode: Main
Encryption: AES192
Authentication: SHA
Key Group: DH1
SA Life Time: 28800
Dead Peer Detection: yes
Pre-Shared Key: secret
Phase 2
Active Protocol: ESP
Encapsulation: Tunnel
Encryption: AES192
Authentication: SHA
SA Life Time: 28800
Perfect Forward Secrecy: none
Nailed Up: yes
Other notes: The reason I need to change my local address is that it conflicts with another VPN site on the HQ network. HQ has established the needed connection on their end with SHA128(instead of 192). They have opened a tunnel for the 172.17.66.0/24 network to connect with the public IP 1.2.3.4.
So how to set it up?
Should I not be able to mask my 192.168.69.0/24 address with a 172.17.66.0/24 address over VPN?
Any and all help is extremly appriciated.
Material I've looked at:
NR - EdgeMAX - Configure EdgeRouter to Cisco IPSEC VPN
ER-8 Configure IPSec VPN with NATed LAN
Cisco IPSec Site-to-Site VPN with a ERPro8
Setting UP IPSec Site-to-Site with Peers Behind SNAT and NAT
VPN NAT and Multiple IPsec Tunnels?
