No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to solve an connection issue when using IPsec VPN

Publication Date:  2013-07-30 Views:  97 Downloads:  0
Issue Description
XX Customer find that business traffic can't pass via IPSEC vpn tunnel when IPSEC tunnel is established.
Alarm Information
None
Handling Process
When customer using 'display ike sa' and 'display ipsec sa'.  It is found out that IPSEC VPN is correct established.

But traffic data is still can't pass

Then we find out that customer set a very strict policy on fiewall:

#
policy interzone vpn-instance testksensio local untrust inbound
policy 0
  action permit
  policy logging
  policy service service-set udp_4500
  policy service service-set l2tp
  policy service service-set udp_500
#

Custormer didn't open the AH and ESP traffic pass, so when we add two policy, issue is solved:

#
policy interzone vpn-instance testksensio local untrust inbound
policy 0
  action permit
  policy logging
  policy service service-set udp_4500
  policy service service-set l2tp
  policy service service-set udp_500
  policy  service  service-set  esp
  policy  service  service-set  ah
#
Root Cause
1. VPN is not correct established

2. The traffic data flow is denied by firewall policy
Suggestions
When we use strict policy, we need check it very carefully

END