setting up er7206 with ipsec vpn and access control
trying to set up ipsec tunnel and configure the firewall on an ER7206. Manual configuration. The IPSEC tunnels are working properly; however, when I put a deny rule in access control the router does not allow any traffic to pass through the tunnel (although the tunnel remains UP). I've tried adding the IP addresses of the remote endpoints to the access rules but this doesn't work - as soon as I change the "deny" rule to BLOCK it shuts down the software on the remote endpoints. Any ideas? I've also set up access control rules to allow the ipsec ports to pass through but no luck.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
you have to set it up like this, here is a rule I use to allow some remote lan, first I block all private nets rfc1918 then I open for those who should have access.
WAN in to block remote lan, LAN->WAN to block lan out.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
you have to set it up like this, here is a rule I use to allow some remote lan, first I block all private nets rfc1918 then I open for those who should have access.
WAN in to block remote lan, LAN->WAN to block lan out.
- Copy Link
- Report Inappropriate Content
I'm not sure this would work for me. Block just the rfc1918 addresses would not prevent all of the public IP's that currently have access.
How are you setting up the Remote_LAN IP Group?
- Copy Link
- Report Inappropriate Content
it suddenly became a bit unclear to me what kind of vpn tunnel you have, you say ipsec vpn so I assumed it was site-to-site ipsec vpn. maybe you can explain in more detail what kind of ipsec vpn you have.
- Copy Link
- Report Inappropriate Content
it is a site to site IPSEC VPN tunnel. The ER7206 is the host site, and another vendor's routers are on the remote ends of the tunnel. So, two different site to site tunnels with the ER7206 being the host site.
- Copy Link
- Report Inappropriate Content
Ok, so you want to block WAN public ip for everyone exept for those who are going to VPN or do you want to block traffic that is inside the VPN tunnel?
it would be easier if you could show a screenshot of your configuration
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 510
Replies: 10
Voters 0
No one has voted for it yet.