Cookbook Configuration
74
Check whether the HQ router and branch router can access each other.
Note
On the web page, IPsec supports only peer IP addresses and does not support domain names. IPsec
using domain names needs to be configured on the CLI.
When a WAN port receives an IPsec request but no traffic is configured on the device, the error "Failed to
find map" may occur. This error is generated because packets from IPsec port 500 are sent to the CPU
when the IPsec map does not exist. The error does not affect network data forwarding and management.
Instead, this is beneficial to network management. An ACL can be configured to filter out requests from
the undesired IPsec-compliant device that is connected to the router.
Some web modules use specific ACLs. For example, the VPN module uses ACL 110 and ACL 199, the
ARP guard module uses the ACL 197 and ACL 2397, and the VWAN module uses ACL 198. Therefore,
do not use these ACLs on the CLI, especially ACL 199, which prohibits policy configuration on the CLI.
Otherwise, ACEs required by the VPN module fail to be configured on the web page.
3.8.3 The Branch Router Accesses the HQ Router on the LAN in Dialup Mode
Application Scenario
The HQ router is deployed on the LAN, mapping is configured on the egress of the LAN, and users in the branch
access the HQ router in dialup mode.
To Next Page
Loading...
Need help?
General
