Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

The Branch Router Accesses the HQ Router at a Static IP Address in Dialup Mode Reply

GTAC-Sophia

Level 5

Ruijie Staff

The Branch Router Accesses the HQ Router at a Static IP Address in Dialup Mode
3115 0 2022-12-5 10:13:11
Original
IPsec VPN
1.The Branch Router Accesses the HQ Router at a Static IP Address in Dialup Mode
Networking Requirements
The HQ and branch routers use static IP addresses. The HQ router needs to verify the IP address of the branch router.
Network Topology

Configuration Key Points
1. Configure router A in the HQ as the IPsec server.
2. Configure router B in the branch as the IPsec client.
3. Keep parameter settings at both ends consistent. The parameter settings in this case are as follows:
Authentication mode: preshared key, with the key set to Ruijie.
IKE algorithm: 3DES-MD5, DH2
IPsec negotiation scheme: ESP(3DES-MD5)
Configuration Steps
1. Configure router B in the branch.
(1) Complete wizard-based setup to meet basic Internet access requirements of users in the HQ and branch. If the users can access the Internet, check whether the next hop address is configured for the WAN interface.

(2) Configure IPsec for router B in the branch.
Choose Network > VPN and click Configure. Select Branch, Choose Network >VPN andclick Configure. Select Branch and click Next.

Configure basic branch information.




Note: Only interfaces configured with the nexthop x.x.x.x command are displayed in the interface list (after the wizard-based setup is completed on the Web page, this command is configured on the WAN interface of the CLI by default).
The dialer interface can be configured on the Web page.
IKE algorithm: 3DES-MD5, DH2
IPsec negotiation scheme: ESP(3DES-MD5)
2. Configure router A in the HQ.
(1) Complete wizard-based setup to implement basic Internet access service of the HQ router.
(2) Configure IPsec for router A in the HQ.
Choose Network > VPN and click Configure. Select Headquarter, and click Next.

Select Branch and click Next.



Select IPsec and click Next.




Configure the IPsec VPN and click Next.




The IPsec VPN configuration is complete.




Configuration Verification
Choose Network > VPN and click the Topo tab to view the configuration.
Configuration of the HQ router:

Configuration of the branch router:


Check whether the routers in the HQ and branch can access each other.
Notes
1. When the Internet access service is configured via wizard-based setup on the Web of the EG device, IPsec VPN can be configured only after the next hop address is configured on the interface configuration page in the wizard-based setup. If no next hop address is configured for an interface, the interface cannot be selected during VPN configuration.
2. After a VPN is configured, the device automatically delivers AAA configuration (the system prompts you to enter the username and password during device login, and the telnet password needs to be reconfigured).
3. Close the browser after clearing the VPN configuration for the clearing operation to take effect. Otherwise, the system retains the previous VPN configuration.
4. When a WAN port receives an IPsec request but no traffic of interest is configured on the device, the error "Failed to find map" may occur. This error is generated because packets from IPsec port 500 are sent to the CPU when the IPsec map does not exist, and this does not affect network data forwarding and management, but instead is beneficial to network management. An ACL can be configured to filter out requests from undesired IPsec-compliant device that is connected to the EG device.
5. Some Web modules use specific ACLs. For example, the VPN module uses ACL 110 and ACL 199, the ARP guard module uses ACL 197 and ACL 2397, and the VWAN module uses ACL 198. Therefore, do not use these ACLs on the CLI, especially ACL 199, which prohibits policy configuration on the CLI. Otherwise, ACEs required by the VPN module fail to be configured on the Web page.
RG-EG2100-P v2

Configuration IPsec VPN Router
There are no replies.
Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd