Tip

This is the documentation for the 24.06 version. Looking for the documentation of the latest version? Have a look here.

TNSR Remote Office With Existing IPsec Hub

In this example, remote offices with a Netgate 5100 running TNSR will be configured for site-to-site VPN to an existing IPsec Head-End at a central headquarters location.

Workers at remote offices will need Direct Internet Access (DIA) and corporate intranet access from their location using IPSec IKEv2 with Pre-Shared Key and secured crypto methods (AES256/SHA256/DH2048). Direct Internet Access also needs to be made available to a guest network through distinct VLANs so that guest and staff devices can be isolated.

The TNSR Remote Office Deployment will be completed in the following high level steps:

• Step 1: Prepare for Deployment
• Step 2: Initial Setup Tasks
• Step 3: TNSR IP Configuration
• Step 4: Protect the WAN Interface with ACLs
• Step 5: Corporate VPN with IPsec Tunnel
• Step 6: Port Forwarding with NAT
• Step 7: SNMP Monitoring