Thanks again for your resposne Thomas - I relaly appreciate it!

I figured maybe I had to go into Advanced VPN Setup and add new VPN Policies like this,

Local Router

Remote Router

But somehow, I don't think that's right.

I changed the VPN policy from 192.168.181.0 / 255.255.255.0 to Any on the remote router then did the same on the local router, changing it from 192.168.121.0 / 255.255.255.0 but the tunnel never etablished a connection.  Once I changed it back all was well.

What about doing something like 192.168.0.0 / 255.255.0.0?  (It would allow way more than I want but maybe it would then work?)

Julius, I'm not sure the router allows you to supernet the tunnel. I haven't tested it in a long time. There are obvious limitations when supernetting the tunnel such as the IP scheme has to be consecutive.  Which generally isn't a problem, it will only be a problem if you vary like 172.16.x.x with a 192.168.x.x then of course it wouldn't work.

The IKE policy should be intact and used for the auto policy. The VPN policy is what would need to be worked out.

Policy Name: VLAN13001

Auto Policy

Remote Endpoint -> Remote WAN INT

Local traffic selection

Subnet

Start IP 192.168.121.0 / 24

Remote traffic selection

Subnet

Start IP 192.168.131.0/24

Policy Name: VLAN14001

Auto Policy

Remote Endpoint -> Remote WAN INT

Local traffic selection

Subnet

Start IP 192.168.121.0 / 24

Remote traffic selection

Subnet

Start IP 192.168.141.0/24

Once again Thomas, thank you so much for your time, effort & expertise.

I'm still struggling with getting things working the way I'd like.  I'm happy to create multiple VPN policies but I'm not making much progress.  (Well, no progress really)  Maybe I've got the wrong equipment for this task or I need to rethink my strategy.

I've got a small farm of servers in a cluster at my local site.  I recently got another site setup so I'm moving some of these servers to the remote site.  Of course I need to get those servers at the remote site back into the cluster so I'm hoping to leverage VPN for that. (All of the IP's fall within the 192.168.0.0/16 range, mainly using .121, .131 and .141 for the clusters, and the remote router is .181; Nothing wild like 172.16.0.0 or 10.0.0.0)  Since both sites have roughly 50Mbps of available bandwitdh (on average) I wanted devices with as high VPN throughput as possible, without involving Alexander Hamilton.

I know the old addage: "You want Ferrari performance for the price of a Ford" - I'm really just looking for like the Scion FR-S or Subaru WRX STi or the Mitsubishi EVO of the router world, not a Maserati.

The RV220W clocks in at 90Mbps so I figured I'd get something closer to 30-40Mbps in the real world.  Fortunately I'm not talking about a significant amount of traffic via VPN - hardly/rarely anything above 5Mbps, but knowing I could go up to 30Mbps would give me comfort/peace of mind.

In an ideal world, *all* traffic from the remote site would route through the VPN to the local site.  So ideally regular Internet requests would go through VPN & use the local site's Internet connection and not the remote sites connection.  This is actually somewhat of a requirement as I plan to assign one of my static IP's to an asset at the remote site.  But if there's a way to make X, Y & Z networks/subnets to route via the VPN, especially the static IP, then I think I'm good with that.

If I cannot reasonly expect to accomplish everything with the RV220W, what will be missing?

With high VPN throughput in mind (or something around 20-40Mbps in the real world), and all that I'm hoping to accomplish, should I be looking at another device?  Any chance I could keep the price under $500-600 for both devices?

Help!

Julius, when I return to work on Monday, I will see if I can make any of our routers do an ESP wildcard forwarding for the IPSEC tunnel.

This should make for a very interesting lab.

Worked with this a bit more today.

Local Router VPN Policy Table

What's interesting here is that the last three have asterisks (*) after the policy name.

What do the astersks indicate?

When I go to IPsec VPN Connection Status, there are no 'connect' buttons for those last three polices.  Why?

Remote Router VPN Policy Table

Unlike the Local VPN Policy table, those last three polices do not have asterisks next to them.  (Why?)  And when I check the IPsec VPN Connection Status page, I have connect buttons, but they never estbalish a connection.

As an aside, on page 117 of the Adminisration guide, it says:

"In the Local Traffic Selection and Remote Traffic Section, enter these settings:

Local/Remote IP—Select the type of identifier that you want to provide for

the endpoint:

Any—Specifies that the policy is for traffic from the given end point (local

or remote). Note that selecting Any for both local and remote end points

is not valid"

Why is it not valid - why wouldn't Any/Any work?

Julis, I would like to send you a couple config files. This is for the intervlan routing. Please send me PM with your email if you'd like the sample configs I made.

As far as the full tunnel/ESP wildcard forwarding, the router does not support this. With the IPsec tunnel, we are stuck with the split tunnel.

Hi there, I would like to know if u guys had got any conclusion, am also stuck on full tunnel over IPSec