environment:
Branch device:
AF8.0.48
lenovo notebook
Headquarters equipment:
SSL V Grant V7.0
AF8.0.75
RUIJIE NBS5710-24GT4SFP-E
Problem Description:
Headquarters V grants no traffic to the branch, but only receives branch traffic. The branch cannot access the internal network resources of the headquarters. This tunnel is newly built, and the tunnel status is connected. The branch AF is connected to the headquarters SSL. Business address test failed
solution:
1. Look at the packet capture on the SSL device at the headquarters. During the ping test of the firewall, the IP of the V-buntun port is used as the source for access. The SSL has been forwarded from the LAN port to the intranet, but no return packet is received. It is inferred that the intranet did not target the branch. The return packet route of vpntun port IP points to SSL
2. Add the subnet route under the branch on the core switch of the headquarters, and write the SSL of the headquarters as the address of the grant interface for the next hop. The
SSL of the headquarters is in single-arm mode
3. The branch computer test pinged the business address of the headquarters successfully (solved)