No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

When interconnecting with the equipment which uses template model, the tunnel renegotiating

Publication Date:  2012-11-22 Views:  35 Downloads:  0
Issue Description
Use the IPSEC function of USG equipment, peer end uses the template model, when the USG product restarted and gained new IP, began a period of time, it is difficult to negotiate up, must after a long period of time, the negotiation just can be up.
Alarm Information
None.
Handling Process
Both ends equipment all needs to configure DPD function, USG configuration is as follows:
ike dpd interval 20 2
At the same time, can configure automatic establish tunnel function in the external network interface
ipsec policy vpnlink auto-neg 10
Then check whether the DPD function negotiated successfully, the following explains DPD negotiated successfully
<USG>display ike sa
connection-id peer flag phase doi
-------------------------------------------------------------------------------------------
1288 211.100.28.14 RD|ST|D 1 IPSEC
1298 211.100.28.14 RD|ST 2 IPSEC
Root Cause
It is because the old tunnel doesn’t overtime, the new tunnel can’t be negotiated up, leading to IPSEC tunnel impassability.
Suggestions
When enables IPSEC function and uses the template mode interconnect, must configure DPD function, or it will appear the problem that tunnel can’t be established.

END