No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-Why Does the Creation of a Security Tunnel or Communication over a Security Tunnel Fail on Unstable Networks When ACLs Are Correctly Configured at Both Ends and Matched IPSec Proposals Exist

Publication Date:  2015-07-02 Views:  378 Downloads:  0
Issue Description
Why Does the Creation of a Security Tunnel or Communication over a Security Tunnel Fail on Unstable Networks When ACLs Are Correctly Configured at Both Ends and Matched IPSec Proposals Exist?
Solution
After a security tunnel is set up, the firewall at one end may be restarted. Run the display ike sa command to check whether IPSec SAs at phase 1 are already set up at both ends. Run the display ipsec sa policy command to check whether IPSec SAs are already applied to the interface. According to the results, if the SA at one end does not exist, run the reset ipsec sa and reset ike sa commands to clear incorrect SAs and re-launch the negotiation.

END