No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ADSL dynamic address IPSEC

Publication Date:  2012-09-18 Views:  60 Downloads:  0
Issue Description
FAQ: If the two sides are ADSL dialing , can it support IPSEC VPN ?
Alarm Information
None.
Handling Process
None.
Root Cause
 USG2100 and USG2200 V100R003 don’t support that the two sides are dynamic address in the early , but the edition after V100R005 can appoint remote-domain in the IKE PEER ,it can construct IPSEC VPN by the way of two sides being dynamic address and that V100R005 can also support DDNS .
  Refer to configuration as follows :
  USGA:
0acl number 3001
rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
#
ike proposal 1
#
ike peer 1
exchange-mode aggressive
pre-shared-key abcde
ike-proposal 1                         
undo version 2
local-id-type name
remote-name client
nat traversal
#
ipsec proposal 1
#
ipsec policy-template map 1
security acl 3001
ike-peer 1
proposal 1
#
ipsec policy temp 1 isakmp template map
#
interface Dialer0
link-protocol ppp
ppp chap user a
ppp chap password simple a
ppp pap local-user a password simple a
ppp ipcp dns admit-any
ip address ppp-negotiate               
dialer user a
dialer bundle 1
ipsec policy temp
ddns apply policy abc
#
ddns policy abc
ddns username xxx password xxx    
ddns client xxx.3322.org
ddns server www.3322.org
ddns apply policy Dialer0

USGB:

ike local-name client
#
acl number 3001
rule 5 permit ip source 192.168.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
ike proposal 1
#
ike peer 1                              
exchange-mode aggressive
pre-shared-key abcde
ike-proposal 1
undo version 2
local-id-type name
remote-name server
remote-domain xxx.3322.org
nat traversal
#
ipsec proposal 1
#
ipsec policy map 1 isakmp
security acl 3001
ike-peer 1
proposal 1
#
interface Dialer0
link-protocol ppp
ppp chap user a
ppp chap password simple CMPREOAK
ppp pap local-user a password simple a
ppp ipcp dns admit-any                 
ip address ppp-negotiate
dialer user a
dialer bundle 1
ipsec policy map

Suggestions
None.

END