The solution for the System Log data of ER7206/ER605 not passing through the IPsec VPN tunnel to syslog server
When the ER7206/ER605 establishes an IPSec VPN tunnel with other routers because the system log will select the route as its source IP when sending, the WAN port IP is selected on the ER7206/ER605, and the IPSEC tunnel has the source IP and destination IP. Strict restrictions, so it cannot hit the tunnel incoming to the opposite subnet. In this case, an additional VPN tunnel needs to be configured. The specific configuration process is as follows:
- Network Topology
For how to configure LAN-to-LAN IPsec VPN, please refer to FAQ2163.
Note: This article is only for ER7206/ER605 (Omada Gateway), ER6120 does not have this problem.
- Configuration Example of ER7206
- Configure the local subnet as 192.168.0.1/24 to the policy of the opposite subnet 192.168.1.1/24 (IPSec connection);
- Configure the local subnet as 10.10.10.10/32 (WAN port IP) to the policy of the opposite subnet 192.168.1.1/24. (new strategy for syslog server)
- Configuration Example of ER6120 (or other VPN Router)
- Configure the local subnet as 192.168.1.1/24 to the policy of the opposite subnet 192.168.0.1/24 (IPSec connection);
- Configure the policy that the local subnet is 192.168.1.1/24 to the remote WAN port IP 10.10.10.10/32. (new strategy for Syslog server)
At this point, the System Log of the ER7206 can be sent to the opposite subnet through the VPN tunnel.
A fost util acest FAQ?
Părerea ta ne ajută să îmbunătățim acest site.