No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

After Configuring IPSec, The Tunnel didn't work normal in USG 6300

Publication Date:  2014-12-25 Views:  109 Downloads:  0
Issue Description
After Configuring IPSec, The Tunnel didn’t work normal, I found this error  







Handling Process
1.   After troubleshooting and deleting the NAT policy which was configured for Lan Users
****************************************************************************************************************

nat-policy

rule name trafficnonat
  egress-interface GigabitEthernet0/0/4
  source-address 192.168.1.0 24
  destination-address 10.1.1.0 24
  action no-nat

rule name nonat
  source-zone local
  egress-interface GigabitEthernet0/0/4
  action no-nat

2.   Now the IPSec is working fine and the Tunnel is UP
*******************************************************************

<USG6300-HH> display ipsec sa
17:19:18  2014/12/01
===============================
Interface: GigabitEthernet0/0/4
    path MTU: 1500
===============================

  -----------------------------
  IPSec policy name: "ipsec1121125372"
  sequence number: 10000
  mode: template
  vpn: public
  -----------------------------
    connection id: 110
    rule number: 4294967295
    encapsulation mode: tunnel
    holding time: 0d 1h 43m 50s
    tunnel local : 94.200.247.210    tunnel remote: 217.165.23.135
    flow      source: 10.1.1.0/255.255.255.0 0/0
    flow destination: 192.168.1.0/255.255.255.0 0/0

    [inbound ESP SAs]
      spi: 3589308667 (0xd5f080fb)
      vpn: public  said: 2  cpuid: 0x0000
      proposal: ESP-ENCRYPT-AES ESP-AUTH-SHA2-256
      sa remaining key duration (kilobytes/sec): 1843199/608
      max received sequence-number: 23   
      udp encapsulation used for nat traversal: Y
                                         
    [outbound ESP SAs]
      spi: 1692700192 (0x64e48e20)
      vpn: public  said: 3  cpuid: 0x0000
      proposal: ESP-ENCRYPT-AES ESP-AUTH-SHA2-256
      sa remaining key duration (kilobytes/sec): 1843186/608
      max sent sequence-number: 243
      udp encapsulation used for nat traversal: Y

<USG6300-HH> display ike sa
17:19:26  2014/12/01
current ike sa number: 2
-----------------------------------------------------------------------------
conn-id    peer                                    flag          phase vpn
-----------------------------------------------------------------------------
110        217.165.23.135:4500                     RD|A          v1:2  public
108        217.165.23.135:4500                     RD|D|A        v1:1  public

  flag meaning
  RD--READY      ST--STAYALIVE     RL--REPLACED    FD--FADING    TO--TIMEOUT
  TD--DELETING   NEG--NEGOTIATING  D--DPD          M--ACTIVE     S--STANDBY
  A--ALONE
<USG6300-HH>

END