whether can design the class A ip address in the ipsec vpn Internal network with USG6000 series of device

15

No restrictions on private network IP address

Other related questions:
Whether the USG6000 series supports planning Class A IP addresses for the IPSec VPN intranet
There are no restrictions on private IP addresses.

whether USG2000 series devices support both ends are dynamic IP to build IPSec VPN
Only supports at least one end of the fixed IP connection establishment,do not support both ends are dynamic IP way to establish a connection

Whether the USG6000 and USG2000 support establishing IPSec VPN
The IPSec VPN tunnel can be established as long as the IP addresses of the two ends are reachable.

Whether SSL VPN of the USG6000 can use the virtual IP address of a VRRP group as the gateway
SSL VPN supports using the virtual IP address of the VRRP group as the gateway.

Rate limiting for IPSec VPN tunnels of the USG6000 series
On the USG6000 series, rate limiting can be implemented for IPSec VPN tunnels by using two methods. Method 1: If multiple tunnels are established on the USG, traffic conflicts occur in the case of heavy data traffic. In this case, run speed-limit to limit the traffic in each IPSec tunnel. Excess packets are discarded. This ensures that all packets in each tunnel are transmitted properly. If the traffic coming through a tunnel to a local port is heavy, run inbound to limit the traffic coming from this IPSec tunnel to the local port. If the traffic forwarded by the local port is heavy, run outbound to limit the traffic forwarded by the local port to the IPSec tunnel. After a security policy is applied on an interface, you cannot run speed-limit to modify the limited rate in the security policy. If an IPSec security policy is configured in any of the following modes, you can run speed-limit { inbound | outbound } speed-limit to limit the traffic rate of the IPSec tunnel. �?Manual mode �?Template mode �?Internet Key Exchange (IKE) non-policy template mode Method 2: After traffic policies are configured, if the actual address before VPN encapsulation or after decapsulation is matched, the traffic rate of the IPSec VPN can be limited. Assume that the actual address before VPN encapsulation is 10.1.1.1. The configuration method is as follows: [sysname] traffic-policy [sysname-policy-traffic] rule name 1 [sysname-policy-traffic-rule-1] source-address 10.1.1.1 32

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top