F5F Stay Refreshed Power Users Networks Configure the network connection for secure site-to-site VPN.

Configure the network connection for secure site-to-site VPN.

Configure the network connection for secure site-to-site VPN.

J
jpurdy123
Member
Find
56
07-24-2022, 03:06 PM
#1
I recently purchased a favorable offer on two Ubiquiti UCG MAX units and am attempting to configure a site-to-site VPN so that devices at location B can connect to resources at location A. I have limited networking knowledge, so any guidance would be greatly appreciated. Currently, I’ve established a site-to-site VPN through the Site Manager and connected the two sites via bridging, but resource sharing remains unavailable. My belief is that the UCG MAXs are operating behind a NAT setup, given the physical arrangement (ISP router → UCG Max → devices). What should be my next action?
Reply
Reply
J
jpurdy123
07-24-2022, 03:06 PM #1

I recently purchased a favorable offer on two Ubiquiti UCG MAX units and am attempting to configure a site-to-site VPN so that devices at location B can connect to resources at location A. I have limited networking knowledge, so any guidance would be greatly appreciated. Currently, I’ve established a site-to-site VPN through the Site Manager and connected the two sites via bridging, but resource sharing remains unavailable. My belief is that the UCG MAXs are operating behind a NAT setup, given the physical arrangement (ISP router → UCG Max → devices). What should be my next action?

Reply
Reply
S
scorps5121
Member
Find
151
07-24-2022, 04:04 PM
#2
Check if the devices function as ISP routers rather than ISP gateways. Try switching them to bridge or gateway settings so the UCG Maxes manage internet traffic routing.
Reply
Reply
S
scorps5121
07-24-2022, 04:04 PM #2

Check if the devices function as ISP routers rather than ISP gateways. Try switching them to bridge or gateway settings so the UCG Maxes manage internet traffic routing.

Reply
Reply
S
SkillZ_Got_Hax
Member
Find
184
07-24-2022, 04:42 PM
#3
Additionally, if your ISP router supports bridge mode, look for DMZ in the settings. The router will assign the UCG a local IP address just like before, but it will open all incoming traffic to your public IP address (if your provider isn’t CG-NATing, you can discover your IP via ipinfo.io or similar services).
Reply
Reply
S
SkillZ_Got_Hax
07-24-2022, 04:42 PM #3

Additionally, if your ISP router supports bridge mode, look for DMZ in the settings. The router will assign the UCG a local IP address just like before, but it will open all incoming traffic to your public IP address (if your provider isn’t CG-NATing, you can discover your IP via ipinfo.io or similar services).

Reply
Reply
A
AlexZBeast
Member
Find
119
07-24-2022, 05:12 PM
#4
Thank you for your patience. It seems both ISP routers are operating in bridge mode. In my Site-Manager, both locations appear linked, yet communication between them isn’t working. As a beginner in networking, it’s possible I’m making clear mistakes without realizing it. Currently, site 1 (192.168.1.xxx) connects to site 2 (192.168.2.xxx), but devices can’t interact. The aim is to enable straightforward RDP connections across sites, which isn’t functioning at the moment.
Reply
Reply
A
AlexZBeast
07-24-2022, 05:12 PM #4

Thank you for your patience. It seems both ISP routers are operating in bridge mode. In my Site-Manager, both locations appear linked, yet communication between them isn’t working. As a beginner in networking, it’s possible I’m making clear mistakes without realizing it. Currently, site 1 (192.168.1.xxx) connects to site 2 (192.168.2.xxx), but devices can’t interact. The aim is to enable straightforward RDP connections across sites, which isn’t functioning at the moment.

Reply
Reply
W
wtp2000
Junior Member
Find
16
07-24-2022, 05:28 PM
#5
Review your firewall settings. I'm new to Ubiquiti's firewall and site-to-site VPNs, but first, consider upgrading to the new zone-based firewall in the Unifi Network console if you haven't already. On a site I manage, the default is to allow all VPN traffic to both LAN and LAN to VPN. Verify this applies across both UCG locations. If your only requirement is RDP between Site 1 (192.168.1.0) and Site 2 (192.168.2.0), restrict the traffic to just port 3389 for more precise control. Should those rules exist and the VPN appear connected, test connectivity by pinging a device on the opposite network. For example, from PC 1 at Site 1 (192.168.1.69) to PC 2 at Site 2 (192.168.2.69), if it responds, confirm RDP is enabled on the target machine. I've encountered this issue multiple times... Also, ensure the Windows user you're attempting to access via RDP has permission for RDP on the host.
Reply
Reply
W
wtp2000
07-24-2022, 05:28 PM #5

Review your firewall settings. I'm new to Ubiquiti's firewall and site-to-site VPNs, but first, consider upgrading to the new zone-based firewall in the Unifi Network console if you haven't already. On a site I manage, the default is to allow all VPN traffic to both LAN and LAN to VPN. Verify this applies across both UCG locations. If your only requirement is RDP between Site 1 (192.168.1.0) and Site 2 (192.168.2.0), restrict the traffic to just port 3389 for more precise control. Should those rules exist and the VPN appear connected, test connectivity by pinging a device on the opposite network. For example, from PC 1 at Site 1 (192.168.1.69) to PC 2 at Site 2 (192.168.2.69), if it responds, confirm RDP is enabled on the target machine. I've encountered this issue multiple times... Also, ensure the Windows user you're attempting to access via RDP has permission for RDP on the host.

Reply
Reply