No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

E1000E ipsec pre-check mis-configuration caused abnormal operations

Publication Date:  2014-12-30 Views:  86 Downloads:  0
Issue Description
After configuring E1000E IPSec VPN, there are a large number of error packets, resulting in service exception.
Handling Process
1: This problem is due to the normal use of the phone dial, so basically positioning l2tp ipsec configuration and there is no problem
2: Because this business you need to build l2tp tunnel, so let users dial found no l2tp session, no doubt packets to the firewall or firewall to discard
3: firewall packet statistics, found l2tp session packet loss statistics, statistics are as follows:
[Eudemon1000E-diagnose] display firewall statistic acl
16:54:10  2014/12/19

Current Show sessions count: 1
 
Protocol(UDP) SourceIp(2x.2x.1x5.2x) DestinationIp(1x0.2x.2x.1x3) 
SourcePort(1701) DestinationPort(1701) VpnIndex(public) 
           Receive           Forward           Discard 
Obverse : 4          pkt(s) 0          pkt(s) 4          pkt(s) 
Reverse : 0          pkt(s) 0          pkt(s) 0          pkt(s)
 
Discard detail information:
  DP_Input_Eth                  :exit 3:     4
  DP_L3Fwd_ProcessIpv4          :exit 2:     4
  DP_L3Fwd_DataProcess          :exit 7:     4
  IPSec_Input                   :exit 1:     4
  DP_L3Fwd_FirstPktProc         :exit 4:     4
Root Cause
From the "display firewall statistic acl" information we can see port 1701 l2tp information, that means basically confirmed that the session was not drop by firewall.
Solution
Closing ipsec pre-check on this side of the firewall, the test is normal, the problem is solved. Command is "Undo ipsec pre-check".
Suggestions
The two ends of ipsec pre-check must be kept the same, or may appear business impact.

END