Re: VPN between USG and ERL won't stand up due to INVALID_MESSAGE_ID
Hi , have you got any suggestions that might help me ?Cheers, Nick
View ArticleRe: EdgeRouter X dual WAN and 1 LAN with load balancing
I used commands with LB and then I deleted group G.. Is it ok now? (i potest configuration in the previois reply, few minutes ago)
View ArticleRe: EdgeRouter X dual WAN and 1 LAN with load balancing
If you deleted LB group G, change this: modify balance { rule 1 { action modify modify {lb-group G } } } to read like this: modify balance { rule 1 { action modify modify {lb-group LB } } }so that...
View ArticleLAN can see IP's on WAN side
Hi, I'm new to Edgemax Routers and need a little help. I'm trying to setup a Edge Router lite inside a network to seperate an office with a different subnet.I've configured Eth0 as static WAN with...
View ArticleSubnet Isolation with zone policy
Hello, I am running into a odd problem I am not sure how to solve when isolating subnets using zone policies on my ER-X. I have created 3 vlans, a main network, a management network and a guest...
View ArticleRe: LAN can see IP's on WAN side
the edgerouter is doing its job and is routing data like it's supposed to. if you do not want to pass traffic to the other subnet, you must put in a firewall rule to prevent it from happening. also...
View ArticleRe: Routing newbie, see if I have this sorted out
Funny, that is very similar to what I'm doing. I like the write up, I will read it all when I get some time. Looking at my work in progress revised plans to configure eth1-4 as a "trunk switch",...
View ArticlePortforwarding Issues with EdgeRouter X
Hey all, I am having issues with my Edgerouter X and online matchmaking for Battlefield 1. For some reason, whenever my computer is connected to the router, I cannot connect to any game whatsoever. I...
View ArticleRe: Firewall Secure?
Alright thanks. I am getting it to work nicely. However, there is one thing I cannot get to work. Uploading to an FTP server, using passive mode. Is there something special I have to do?
View ArticleRe: VPN between USG and ERL won't stand up due to INVALID_MESSAGE_ID
Delete the tunnel mode config on the ERL. "delete vpn ipsec site-to-site peer WAN_IP-USG tunnel 1" and add the VTI lines like shown in the USG's config. Also check the other VTI-related config on the...
View ArticleRe: How to block traffic in/out to a specific device
Thank you for the pointer. It helped.. a little..but it doesnt explain in any sort of way how to actually set up the different rules. If that picture is supposed to make it clear to anyone that sees it...
View ArticleRe: VLAN offload
Hi Jordan, Thank you for your reply. I ended up just using eth0 for the WAN and running all 3 VLANs into eth1. Problem solved! Now I can use the offload, and the CPU utilization when pulling 400mbit...
View ArticleRe: How to block traffic in/out to a specific device
I suggest you block by MAC address as the IP address can change.Cant use groups for that.If you insist on using IP - block by a single IP first -- get that working then switch to the group. I do this...
View ArticleRe: Firewall Secure?
These are all the current rules: And I'm using SNAT. I tried allowing port 21 in the W/LAN-in ruleset. The app I use to upload has a "test connection" button and the connection is succesful, but when...
View Articleradvd restarts on IPv6 address/prefix renewal
I found a few other posts which looked to be asking similar questions, but none with satisfactory answers. I noticed that after the update to Nougat my Nexus 5x has been disconnecting from wifi...
View ArticleRe: How to block traffic in/out to a specific device
Thank you for the details. I actually mapped them to static.. which maps their mac addresses to static IPs I believe..so they should be ok to use the ips in that regard. That said I do agree wtih you,...
View ArticleRe: How to block traffic in/out to a specific device
You can use IP addresses - but any kid knows how to change their IP address. Using the MAC is slightly better in that regard.
View ArticleRe: How to block traffic in/out to a specific device
Again I agree with you.. per se.. I assumed that by using the mac address in the static ip mappping, it ensured the IP given to the device is always the static one. I assume you are indicating a person...
View ArticleRe: How to block traffic in/out to a specific device
On most devices it is easy to switch to a static address. The Router mapping is only for DHCP assignment - when a device asks for a lease andthe router provides it. But the device can do anything it...
View Article