|
Cause Analysis: 1. Check whether devices from both ends have obtained the public ip address (If the IP address is a public address, you can ping the management IP address of the device even if you do not access the device locally. However, it is not ruled out that ISPs will prohibit ping)  2. Check whether the device from branch and HQ can ping with each other And if they can ping the ip address 8.8.8.8too(we can use the Network Tools on the device)  Note: Need to check whether device disable ping on both ends  3. Check if the IPsec VPN configuration iscorrect on the device You can refer to this guide to check the configuration on page:269: Ruijie Reyee RG-EG Series Routers Web-based Configuration Guide, Release ReyeeOS 2.248 (V1.0) - Ruijie Networks  4. Check if the upstream network has released relevant port traffic The transmission of packets by EG can be verified through packet capture to determine if they are being sent normally, as well as to confirm if packets are being received as expected. If packet transmission appears normal, yet reception is not occurring as intended, it will be necessary for the customer to get in touch with their service provider or examine whether the uplink device permits IPsec VPN traffic through UDP port 500 and UDP port 4500. Root Cause:
1. If a device can not access the network: Check the WAN port configuration, whether the device has obtained the public ip address( PPPoE/DHCP/Static), whether the VLAN tag needs to be configured. If a device can not access the network,we need to confirm with ISP side to make sure there is no network issue  2. If a device works in the secondary NAT environment, not obtain the public ip address For example, when a device only acquires a private IP address, it is essentialto configure port mapping on the upstream device to forward the VPN port of the downstream device. Additionally: you may need to set upa DMZ on the upstream device to forward all ports to the downstream devices. Port mapping:This configuration is configured on the upstream device, not on the device that has obtained the private network address The following is the port mapping configuration, which is similar to the port mapping configuration of other manufacturers  Compare and revise the relevant configuration according to the following configuration: You can focus on the following error-prone content: 1) The Pre-Shared key needs to match 2) Conversion set to be configured 3) IKE version should match(IKV1/LEV2) 4) The stream configuration of interest shouldmatch 4. Revision and matching of local ID configurations on both sides. 5. The customer needs to contact the operator to release the relevant port traffic |
This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.
More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.
©2000-2023 Ruijie Networks Co,Ltd
Level 5
