Ruijie Community

Title: The Branch Router Accesses the HQ Router on the LAN in Dialup Mode [Print this page]

Author: GTAC-Sophia Time: 2022-12-5 10:35
Title: The Branch Router Accesses the HQ Router on the LAN in Dialup Mode
Networking Requirements
The HQ router is deployed on the LAN, mapping is configured on the egress of the LAN, and users in the branch access the HQ router in dialup mode.
Network Topology

Configuration Key Points

1. Configure the LAN gateway router A in the HQ as the IPsec server.

2. Configure router B in the branch as the IPsec client.

3. Keep parameter settings at both ends consistent. The parameter settings in this case are as follows:

Authentication mode: preshared key, with the key set to ruijie.

IKE algorithm: 3DES-MD5, DH2
IPsec negotiation scheme: ESP(3DES-MD5)

4. Configure NAT mapping on the outermost egress of the HQ and establish an IPsec connection on the LAN gateway.

Configuration Steps

1. Ensure that basic configuration on the EG device and routers in both the HQ and branch are normal, and LANs users at both ends can access the WAN.

2. Configure router B in the branch.

Choose Network > VPN and click Configure. Select Branch and click Next.

Configure an IPsec policy, set the public IP address of the HQ router to the IP address obtained after NAT, and click Next.

(5) Click Finish.

4. IPsec uses UDP ports 500 and 4500. Map UDP ports 500 and 4500 on the egress of the HQ respectively to UDP ports 500 and 4500 of the LAN EG device.
(1) Map UDP port 500.
ip nat inside source static udp 10.0.0.1 500 1.1.1.1 500
(2) Map UDP port 4500.
ip nat inside source static udp 10.0.0.1 4500 1.1.1.1 4500
Configuration Verification
Choose Network > VPN and click the Topo tab to view the configuration.
Configuration of the HQ router:

Configuration of the branch router:

Check whether the HQ router and branch router can access each other.

Welcome to Ruijie Community (https://community.ruijienetworks.com/)