No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Eudemon1000E active establishes IPSEC tunnel fails

Publication Date:  2012-11-20 Views:  46 Downloads:  0
Issue Description
Eudemon1000E and USG3000 configure IPSEC VPN, uses the IKE way realize IPSEC encrypts the transmission message.
PC1--------Eudemon1000E--------Internet----------USG3000-------PC2
From USG3000 side can actively launch IPSEC tunnel and can ping, but from Eudemon1000E side can't active establish IPSEC tunnel and cannot PING
Alarm Information
None.
Handling Process
1, input the command “ike peer peer_name” under system view to enter “Ike peer” view, “peer_name” is the name of the peer which is introduced by policy.
2, in “Ike peer” view, input command “undo version 2”.
Root Cause
1, the strategy of the party which can’t active launch is template way. For this kind of situation, it is normal phenomenon, need not to process.
2, one end default supports IKEv1, the other end, default supports IKEv2.
Supporting IKEv2 is an important characteristic of Eudemon1000E, which improved the performance of the equipment. Eudemon1000E equipment can adaptive to support IKEv1 and IKEv2, by default uses IKEv2; And USG3000 equipment only supports IKEv1.
If USG3000 equipment launches IKE consultation firstly, uses IKEv1, because Eudemon1000E equipment can be adaptive to response IKEv1 or IKEv2 negotiation, it can set up consultation; And when Eudemon1000E equipment active lauches consultation, default uses IKEv2, therefore launches IKEv2 negotiation, the peer end USG3000 equipment can't response IKEv2 negotiation, so tunnel can’t be established.
Suggestions
When using Eudemon1000E and other equipments do IKE consultation, need to pay attention to the used IKE version problem. If peer end does not support IKEv2, Eudemon1000E equipment active consults may fail; need to modify the configuration to use IKEv1.

END