Firewall version is E1000EV100R002C01B020, in uBro solutions, use E1000E establish IPsec tunnel with AP equipment to realize the security of AP remote access. When the AP equipment directly connects firewall, they can establishe IPSec tunnel successfully. But when the AP equipment from Internet remote connects firewall, it will fail to establish IPSec tunnel.
E1000E prompts “[ERR]:receive invalid AAA message”.
1, check the AP configuration, make sure the AP equipment is normal.
2, check the firewall configuration, make sure the firewall has no problem.
3, check the AAA server’s configuration, make sure AAA configuration has no problem.
4, when checking the AHR server’s configuration, found the segw address which is configured by AHR is private address. After changed it to public address, the tunnel establishes successfully.
In uBro project, firewall and AP establish IPSec tunnel, firewall needs to communicate with AAA server, and the AAA server needs to communicate with AHR server, can check the communicating process step by step to solve the problem.