USG2110-A-GW-W ipsec problem

Publication Date:  2013-08-02 Views:  363 Downloads:  0
Issue Description
[Moscow, USG2110-A-GW-W, Ltd. Modern Complex Thermal Communications] Traffic does not go in the tunnel, the counters do not change when you try to generate traffic (the same ping) 
Alarm Information
acl number 3000                          
rule 5 permit ip destination 192.168.70.0 0.0.0.255
#                                        
acl number 3001                          
#                                        
ike proposal 1                           
#                                        
ike peer ike23783551415                  
pre-shared-key %$%$<7dOA'C7GApM(3=LU*65+XOF%$%$
ike-proposal 1                          
undo version 2                          
remote-address xx.xx.xx.xx           
#                                        
ipsec proposal prop23783551415           
#                                        
ipsec policy ipsec2378355141 1 isakmp    
security acl 3000                       
ike-peer ike23783551415                 
proposal prop23783551415                
local-address xx.xx.xx.xx        
#                                        
interface Vlanif1                        
alias LAN                               
ip address 192.168.17.1 255.255.255.0   
#                                        
interface Cellular5/0/0                  
link-protocol ppp                       
#                                        
interface Ethernet0/0/0                  
alias WAN                               
ip address xx.xx.xx.xx   255.255.255.248
ipsec policy ipsec2378355141 auto-neg   
service-manage enable                   
service-manage ping permit              
nat enable                              
detect ftp                     
Handling Process
undo nat enable     

or use the acl rule modify the nat
Root Cause
interface Ethernet0/0/0                 
alias WAN                              
ip address xx.xx.xx.xx  255.255.255.248
ipsec policy ipsec2378355141 auto-neg  
service-manage enable                  
service-manage ping permit             
nat enable                             
detect ftp           

nat  enalbe affect the ipsec
Suggestions
ipsec can often be affected by the wrong nat config.

END