I have an EdgeRouter X with working IPSec VPN to a Cisco RV320 in one office in Asia that I set from the CLI following this example that I found here:
VPN
set vpn ipsec auto-firewall-nat-exclude enable
set vpn ipsec esp-group FOO0 compression disable
set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 mode tunnel
set vpn ipsec esp-group FOO0 pfs disable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes128
set vpn ipsec esp-group FOO0 proposal 1 hash sha1
set vpn ipsec ike-group FOO0 lifetime 28800
set vpn ipsec ike-group FOO0 proposal 1 dh-group 5
set vpn ipsec ike-group FOO0 proposal 1 encryption aes128
set vpn ipsec ike-group FOO0 proposal 1 hash sha1
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD authentication mode pre-shared-secret
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD authentication pre-shared-secret XXXXXXKEYXXXXXXX
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD connection-type initiate
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD ike-group FOO0
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD local-address XXX.YYY.ZZZ.AAA
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD tunnel 1 allow-nat-networks disable
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD tunnel 1 allow-public-networks disable
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD tunnel 1 esp-group FOO0
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD tunnel 1 local prefix 192.168.7.0/24
set vpn ipsec site-to-site peer AAA.BBB.CCC.DDD tunnel 1 remote prefix 192.168.1.0/24
Firewall
set firewall name WAN_IN rule 21 action accept
set firewall name WAN_IN rule 21 description 'Allow VPN Traffic from 192.168.1.0'
set firewall name WAN_IN rule 21 log disable
set firewall name WAN_IN rule 21 protocol all
set firewall name WAN_IN rule 21 source address 192.168.1.0/24
set firewall name WAN_IN rule 21 state established disable
set firewall name WAN_IN rule 21 state invalid disable
set firewall name WAN_IN rule 21 state new enable
set firewall name WAN_IN rule 21 state related disable
I now need to add a second tunnel from the same ER-X to connect a different Cisco RV320 in another office on the planet.
I have modfied the above CLI but each time I run it, it overwrites the existing settings! Obviously I am missing a line that specfies setting a second tunnel in the ER-X.
Can someone tell me how to modify the above to set a second tunnel.
I tried using the VPN setting GUI in 1.9.0 to add a second tunne but it fails to work—not enough setting panels it seems.
Thanks.