Hi, I have an issue I'm hoping to get some clarification on and hope the community can help me understand what's going on. I'm not expecting a solution, just some insights to help me process this.

We will have 14 2degrees business connections (all fibre) and are deploying IPSec VPN tunnels across them. The first 4 sites were successfully set up, but we were unable to establish the IPSec VPN for the next 4 sites, (only 8 have been setup yet so far). We are using Grandstream devices as the hardware, and each site is allocated a static IP address by 2Degrees. Our main site, 10.10.1.1, is the destination address that sites need to reach to establish an IPSec VPN (not the real IP address of course).

After a lot of digging we have found, (not the real IP addresses/ranges)

• The first 4 sites were allocated an IP address in the 10.10.1 range
• The second 4 sites, were allocated an IP in the range 11.11.2 range
• Any device on the 10.10.1 range can establish an IPSec VPN connection to any other device on the 10.10.1 range, Any device on the 11.11.2. range can establish an IPSec VPN connection to any other device on the 11.11.2 range, BUT NO IPSec VPN can be established between devices on the 10.10.1 and the 11.11.2 ranges
• A device on 10.10.1 can ping a device on 11.11.2, but 11.11.2 cannot ping a device on 10.10.1
• If we do a whatsmyip from any device, we get a different IP address from the static IP that 2Degress has assigned.
• If we do whatsmyip from our 10.10.1.1 site and then use that IP Address as the destination IP Address on a 11.11.2 assigned device, the IPSec VPN works.

We logged a ticket with 2D business support saying we think there is routing issues between the 2 IP ranges, and the first solution was to reassign static IP's in the same range, (i.e. replace the 11.11.2 addresses with 10.10.1 addresses, but they quickly advised that their system doesn't allow selecting a static IP address).  They then said the solution was to "move" all our connections to a different platform so that all the IP Address would be in the same range, (and this will take some weeks to complete).  I've requested they continue to look at the original issue further, e.g. why 10.10.1 and 11.11.2 can't talk to each other.

This is all well above my head, so hoping that someone can help explain what's going on, and especially why when we do the whatsmyip, we get a different IP to the static IP that 2D have assigned the site, (clearly the easiest fix for us is to the just use the IP address we get when we do the whatsmyip on our main site, but we have no idea if this itself is static, or could change).   To be clear, the 2D support desk has been very supportive and helpful, and I've no issues there.

Cheers Nic.