I had a 2860 VPNed to a 2830, works not fine.

I replaced the 2830 with a 2860 today, doing a backup and restore.

The VPN connects, if I use diagnostics on the router, I can ping the remote devices IPs, but no computers etc can ping the remote IPs or access anything.

I do use block all rules on both, allowing just a range of machines access to the WAN, but even with this disabled it's not working?

Any idea where to look? Ta.

Umm.

Seems the load balancing page has changed? I am sure in there I had settings to route all web traffic to WAN1 over WAN2, using WAN2 only on fail over.
The settings in there were routing all the subnet traffic to the WAN, not VPN. Turning this off and the VPN works.

How can I make sure traffic routes to the WAN1 (infinity) over the ADSL WAN2 backup?

thanks.

To get that working, set up a Load Balance / Route Policy rule with a lower index number (higher priority) than the rule that puts traffic through WAN1 / WAN2.
This rule would have the source IP of the local subnet, the destination IP of the remote subnet and it should then be possible to select the VPN tunnel.
Once that is set up, your VPN routing and failover setup should work correctly.

Thought I tried that, had a rule local subnet to any routing to WAN with failover, then a second rule, lower number, local IP subnet to remote subnet, route to vpn profile. Still wouldn't work.

Will try again.

Should I have an all to all rule for WAN to force all traffic to fibre line? Using the other as backup only?

I think the trouble starts when BOTH ends use these rules? If one end uses them, it works fine, but if both ends use them (set accordingly each end), the packets don't get through?

If I disable the rules at just one end (either), it works. With both enabled, it fails.

This is one end, similarly at the other end, but with with reversed IPs.

With your configuration, if both ends have Policy Route rules configured to put traffic through the WAN, it will be necessary to enter the remote subnet > VPN policy route.
This is because Policy Route controls all outbound traffic.

It looks like your firmware has the Metric / Priority option which mostly resolves this because the default is for rules to have a Priority of 200, which is lower priority than the routing table.
In this case, because the priority is higher than the routing table, it is necessary to enter these rules.