IPsec site-to-site VPN MSR 900

christosloizou · ‎03-22-2012

Note that this is just for troubleshooting

christosloizou · ‎03-28-2012

Tested and worked.

acl number 3140
rule 0 permit ip source 192.168.236.0 0.0.0.255 destination 192.168.221.0 0.0.0.255
rule 1 permit ip source 192.168.236.0 0.0.0.255 destination 10.0.0.0 0.0.0.255

acl number 3150
rule 0 deny ip source any destination 192.168.221.0 0.0.0.255
rule 1 deny ip source any destination 10.0.0.0 0.0.0.255
rule 2 permit ip source 192.168.236.0 0.0.0.255

interface Ethernet0/0
port link-mode route
nat outbound 3150
ip address Y.Y.Y.Y 255.255.255.252
ipsec policy mlszs2s
dns server Y.Y.Y.X

ipsec policy mlszs2s 1 isakmp
connection-name mlsz_center
security acl 3140
ike-peer mlsz_center
proposal mlsz_globall

AlexGrigorescu · ‎03-31-2012

Hello

You can also try this:

Upgrade the firmware to the latest version (R2209) because it contains all the fixes and software updates from the previous versions and the command "ipsec no-nat-process enable" has been implemented again in version R2207P45.

I upgraded last night and the command is there.

Tell me if it works.

Regards,

Alex

maguanglongMike · ‎07-08-2015

need to deal with acl very carefully. otherwise our device or network maybe under attack.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

IPsec site-to-site VPN MSR 900

Re: IPsec site-to-site VPN MSR 900

Re: IPsec site-to-site VPN MSR 900

Re: IPsec site-to-site VPN MSR 900

Re: IPsec site-to-site VPN MSR 900