In Firewall V100R002C01B020, use the Eudemon 1000E to establish the IPSec tunnel with the remote AP to ensure the security of the AP remote access in the uBro solution. Fail to establish the IPSec tunnel after configuring IPSec.
The debugging information of the Eudemon 1000E is as follows:
AAA ERROR:CID = 1099,
UserName = firstname.lastname@example.org RDS Send Fail
1. Check the routing table. The routes are normal.
2. Check the firewall interzone policy. The firewall requires port 1812 to communicate with the AAA server. The policy of permitting port 1812 for the DMZ-Local interzone of the firewall is not configured.
3. Configure the policy of permitting port 1812 for the DMZ-Local interzone and the problem is solved. .
This indicates that the Eudemon 1000E does not send the authentication packets of the AAA server or receive the response packets from the AAA server.
In the uBro solution, to establish the IPSec tunnel with the AP, the firewall needs to communicate with the AAA server, which needs to communicate with the AHR server. You can check the communication process step by step to rectify the fault.