Installation guide
24
The second example is to configure 2 LAN to LAN VPN Tunnels. So that all three
routers' internal networks can connect to each other through one of the router. In this
example, since only one site (Vigor 3300V) has a fixed IP address, to maintain stable
connections the other two routers (Vigor 2900V and Vigor 2200V) using dynamic IP
addresses must enable “Always On”. Vigor 3300V is set as the central site accepting
incoming VPN connections from the other two routers. The VPN traffic between Vigor
2900V and Vigor 2200V are all passed through the Vigor 3300V. These 3 sites' internal
networks must be within the same subnet (192.168.X.X). The subnet of the VPN's
configuration of Vigor 3300V must fall into 192.168.0.0/16.
Suppose the headquarters in Taipei uses Vigor 3300V, while the branch office in
Shanghai uses a Vigor 2900V. The teleworkers in Beijing use a Vigor 2200V. The
network administrator requires 3 sites to communicate with each other through the
encrypted VPN tunnel. The purpose is to avoid leakage of confidential information.
Since only the headquarters have confidential fixed IP address, teleworkers have to access
the resources in the branch office through the headquarters. All the VPN traffic from
Vigor 2900V and Vigor 2200V is firstly directed to the headquarters. To avoid overload
of the lines, Vigor 3300V uses WAN1 to establish the VPN tunnel with the branch offices
and uses WAN2 to establish the VPN tunnel with teleworkers.
Figure 2-40. Setup 2 LAN to LAN VPN tunnels