Cookbook Configuration
66
this is beneficial to network management. An ACL can be configured to filter out requests from undesired
IPsec-compliant device that is connected to the router.
Some web modules use specific ACLs. For example, the VPN module uses ACL 110 and ACL 199, the
ARP guard module uses ACL 197 and ACL 2397, and the VWAN module uses ACL 198. Therefore, do
not use these ACLs on the CLI, especially ACL 199, which prohibits policy configuration on the CLI.
Otherwise, ACEs required by the VPN module fail to be configured on the Web page.
3.8.2 The Branch Router Accesses the HQ Router Using a Dynamic IP Address in
Dialup Mode
Application Scenario
The HQ router uses a dynamic IP address and the branch router accesses the HQ router by using the domain
name in dialup mode.
Prerequisites
1. Configure router A in the HQ as the IPsec server.
2. Configure router B in the branch as the IPsec client.
3. Keep consistent parameter settings at both ends:
○ Authentication mode: pre-shared key, with the key set to ruijie
○ IKE algorithm: 3DES-MD5 and DH2
○ IPsec negotiation scheme: ESP (3DES-MD5)
Procedure
(1) Configure router B in the branch.
The web page does not support dynamic domain names. Therefore, complete configuration on the web page
and modify the configuration on the CLI.
a
Complete wizard-based setup to meet Internet access requirements of users in the HQ and branch. If
the users can access the Internet, check whether the next-hop address is configured for the WAN
interface.
To Next Page
Loading...
Need help?
General
