The solution for the System Log data of ER7206/ER605 not passing through the IPsec VPN tunnel to syslog server

資料庫
問題排查手冊
路由器
VPN
01-11-2022
8626

When the ER7206/ER605 establishes an IPSec VPN tunnel with other routers because the system log will select the route as its source IP when sending, the WAN port IP is selected on the ER7206/ER605, and the IPSEC tunnel has the source IP and destination IP. Strict restrictions, so it cannot hit the tunnel incoming to the opposite subnet. In this case, an additional VPN tunnel needs to be configured. The specific configuration process is as follows:

  1. Network Topology

For how to configure LAN-to-LAN IPsec VPN, please refer to FAQ2163.

Note: This article is only for ER7206/ER605 (Omada Gateway), ER6120 does not have this problem.

 

  1. Configuration Example of ER7206
  1. Configure the local subnet as 192.168.0.1/24 to the policy of the opposite subnet 192.168.1.1/24 (IPSec connection);
  2. Configure the local subnet as 10.10.10.10/32 (WAN port IP) to the policy of the opposite subnet 192.168.1.1/24. (new strategy for syslog server)

 

  1. Configuration Example of ER6120 (or other VPN Router)
  1. Configure the local subnet as 192.168.1.1/24 to the policy of the opposite subnet 192.168.0.1/24 (IPSec connection);
  2. Configure the policy that the local subnet is 192.168.1.1/24 to the remote WAN port IP 10.10.10.10/32. (new strategy for Syslog server)

At this point, the System Log of the ER7206 can be sent to the opposite subnet through the VPN tunnel.

請評價此文件

相關文件