Recommend:
To the knowledge base

Accessing multiple IP networks behind a FRITZ!Box over an IPSec VPN between two FRITZ!Box networks

IPSec allows you to connect two FRITZ!Box networks at different locations over a secure, encrypted VPN connection (LAN-LAN linkup).

If there is another network router in the network of one of the two FRITZ!Boxes that connects the IP network of this FRITZ!Box with a second IP network, you must configure additional settings to be able to access network devices in the second IP network over the VPN connection.

Example values used in this guide

In this guide we show you how to configure access from the network of "FRITZ!Box A" in a branch to another IP network behind "FRITZ!Box B" in the headquarters. When adjusting the connection settings, replace the values used in this example with your actual values.

  • IP network of FRITZ!Box A (branch):
    192.168.20.0 (subnet mask: 255.255.255.0)
  • IP network of FRITZ!Box B (headquarters):
    192.168.10.0 (subnet mask: 255.255.255.0)
  • IP network of the network router connected to FRITZ!Box B:
    192.168.11.0 (subnet mask: 255.255.255.0)
  • IP addresses of the network router in FRITZ!Box B's network:
    192.168.10.2 and 192.168.11.1

Requirements / Restrictions

  • The Configure FRITZ!Box VPN Connection software was used to configure the VPN connection.

    Note:The Configure FRITZ!Box VPN Connection software is available for Windows 10 / 8 / 7 on the VPN service portal.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.

1 Adjusting VPN settings of FRITZ!Box A (branch)

  1. Start the Configure FRITZ!Box VPN Connection software.
  2. In the "Existing Configurations" window, select the MyFRITZ! address of FRITZ!Box A (pi80ewgfi72d2os42.myfritz.net) and click on "Explorer".
  3. Open the file named "fritzbox_[...].cfg" with a text editor, for example WordPad.
  4. Look for the entry "accesslist" and add the IP network of the network router connected to FRITZ!Box B to this entry:
    • accesslist =
    • "permit ip any 192.168.10.0 255.255.255.0",
    • "permit ip any 192.168.11.0 255.255.255.0";

      Important:The entries for the IP networks must be separated by a comma and the value for "accesslist" must end with a semicolon.

  5. Save the changes and import the edited file "fritzbox_[...].cfg" to FRITZ!Box A.

2 Configuring a static IP route in FRITZ!Box B (headquarters)

You must configure a static IP route in FRITZ!Box B (headquarters) to allow devices to access the network router's IP network (192.168.11.0) over FRITZ!Box B:

  1. Click "Home Network" in the user interface of FRITZ!Box B (headquarters).
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "WAN setting" or "LAN Settings" to display all of the settings.
  5. Click "IPv4 Routes".
  6. Click "New IPv4 Route".
  7. Enter the IP network of the network router connected to FRITZ!Box B (192.168.11.0) as the "IPv4 network".
  8. Enter the subnet mask of the other IP network (255.255.255.0) in the "Subnet mask" field.
  9. For the "Gateway", enter the IP address of the network router in FRITZ!Box B's network (192.168.10.2) that connects the two IP networks.
  10. Enable the option "IPv4 route active".
  11. Click "Apply" to save the settings.

3 Adjusting additional IP settings for the VPN connection

Configuring the IP route in the network router

  1. Configure the network router so that it routes between the IP network of FRITZ!Box B (192.168.10.0) and its own IP network (192.168.11.0). Refer to the router's manufacturer for information on how to set it up.

    Note:If a Windows computer with several network adapters is used as the network router, "IP routing" must be enabled in Windows. Refer to Microsoft for information on configuring IP routing.

Configuring devices in the network router's IP network

  1. Either: On the devices, configure the IP address of the network router from its own IP network (192.168.11.1) as the default gateway.
    • Or: On the devices, configure a static IP route to the IP network of FRITZ!Box B (192.168.10.0) that uses the network router as the gateway (192.168.11.1).