Business Community > Routers > setting up er7206 with ipsec vpn and access control
< Routers

setting up er7206 with ipsec vpn and access control

setting up er7206 with ipsec vpn and access control

setting up er7206 with ipsec vpn and access control
setting up er7206 with ipsec vpn and access control
Yesterday
Model: ER7206 (TL-ER7206)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20240324 Rel.46738

trying to set up ipsec tunnel and configure the firewall on an ER7206.  Manual configuration.  The IPSEC tunnels are working properly; however, when I put a deny rule in access control the router does not allow any traffic to pass through the tunnel (although the tunnel remains UP).  I've tried adding the IP addresses of the remote endpoints to the access rules but this doesn't work - as soon as I change the "deny" rule to BLOCK it shuts down the software on the remote endpoints.  Any ideas?  I've also set up access control rules to allow the ipsec ports to pass through but no luck.

 

 

  0      
 
  0      
 
#1
Options
5 Reply
Re:setting up er7206 with ipsec vpn and access control
Yesterday

  @sambamcunningha 

 

you have to set it up like this, here is a rule I use to allow some remote lan, first I block all private nets rfc1918 then I open for those who should have access.

 

 

WAN in to block remote lan, LAN->WAN to block lan out.

  0  
  0  
#2
Options
Re:setting up er7206 with ipsec vpn and access control
13 hours ago

  @MR.S 

 

I'm not sure this would work for me.  Block just the rfc1918 addresses would not prevent all of the public IP's that currently have access.

 

How are you setting up the Remote_LAN IP Group?

  0  
  0  
#3
Options
Re:setting up er7206 with ipsec vpn and access control
6 hours ago

  @sambamcunningha 

 

it suddenly became a bit unclear to me what kind of vpn tunnel you have, you say ipsec vpn so I assumed it was site-to-site ipsec vpn. maybe you can explain in more detail what kind of ipsec vpn you have.

 

  0  
  0  
#4
Options
Re:setting up er7206 with ipsec vpn and access control
6 hours ago

  @MR.S

it is a site to site IPSEC VPN tunnel.  The ER7206 is the host site, and another vendor's routers are on the remote ends of the tunnel.  So, two different site to site tunnels with the ER7206 being the host site.

 

  0  
  0  
#5
Options
Re:setting up er7206 with ipsec vpn and access control
5 hours ago

  @sambamcunningha 

 

Ok, so you want to block WAN public ip for everyone exept for those who are going to VPN or do you want to block traffic that is inside the VPN tunnel?

it would be easier if you could show a screenshot of your configuration

 

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 77

Replies: 5

Related Articles
Setting up ER7206 as a wiregaurd client
444 0
ER7206 IPSEC Site-to-Site - no incoming traffic
365 0
How can i quit a vpn user on my ER7206?
299 0
Wireguard VPN - ER7206 Omada SDN
2105 0
ER7206, Guest SSID to WAN VPN
427 0
Router software 1.2.0 on ER7206 IPsec site to site is very slow
1522 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.