No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

IPSEC tunnel has been built, but intranet Ping each other unsuccessful.

Publication Date:  2012-10-09 Views:  43 Downloads:  0
Issue Description
USG2210 (v100r005)-USG2130 (V100R003)
116.228.21.50 180.168.81.66
The ipsec tunnel has been built,and has no problem, but intranet Ping each other unsuccessful.
Alarm Information
None
Handling Process
1. Check 2130, close fast forward, exclude the reason that fastforward hasn’t closed.
2. Check the configuration, did not find problems.
3. View previous cases to see whether V100R005 interconnects with V100ROO3 will has these problems, but before the docking, have no such problems.
4. Firstly, use the USG2130 end internal network port address Ping2210 inside and outside port addresses, opened Debug ICMP in USG2210, find the following information:
* 0.82100470 USG2200 IP/7/debug_icmp:
ICMP Receive: communication-filter-forbidden (Type = 3, Code = 13), Src =
218.1.16.166, Dst = 116.228.21.50; Original IP header: Pro = 50, Src =
116.228.21.50, Dst = 180.168.81.66, First 8 bytes = AA7A60DF 00000003
This information can be seen, the public network, has a 218.1.16.166 return information, Pro 50 (ESP protocol number) has been prohibited, it means the operators this device has filtered the ESP packet. So you can determine the problem is happen in operators
Providers.
Root Cause
1. Fast forward issue.
2. Configuration problem.
3. Software version issue.
4. Carrier problem.
Suggestions
Such problem, you can also look at whether operators prohibited VPN. Not necessarily every time the local device configuration issues.

END