No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

l2tp over ipsec can't working with android device

Publication Date:  2018-01-31 Views:  76 Downloads:  0
Issue Description

customer feedback that he try to connect 3G tablet to USG6600 over L2TP/IPSec tunnel but it could not connect, and customer already have 40 Samsung tablets connected before but when he try to configure Huawei tablet it could not working the USG6600 version is V100R001C30SPC600.

Alarm Information

None.

Handling Process
Because the others tablet connect normally so we think it’s a parameter issue with ipsec or l2tp so we debug and change the ipsec parameter to test.Then we found it is terminal compatibility issues, some android device can’t working with sha2 algorithm.
Root Cause

Some android device can’t working with sha2 algorithm.

Solution
Change the ipsec algorithm.

Change before:

Change after

ike proposal 1

authentication-algorithm sha2-256

integrity-algorithm aes-xcbc-96 hmac-sha2-256

#

ike peer /qa

#

ike peer /qa

exchange-mode aggressive

#

ike peer ike16322812552

exchange-mode auto

pre-shared key %$%$c6M3B;U6{=_hf(I/yvT+[I@7%$%$

ike negotiate compatible

ike-proposal 1

remote-id-type none

#

ipsec proposal prop16322812552

encapsulation-mode auto

esp authentication-algorithm sha2-256

ike proposal 1

 encryption-algorithm aes-256 aes-192 aes-128 3des des

 dh group2 group1

 authentication-algorithm sha1 md5

 integrity-algorithm aes-xcbc-96 hmac-sha1-96 hmac-md5-96

#

ike peer /qa

#

ike peer /qa

 exchange-mode aggressive

#

ike peer ike16322812552

 exchange-mode auto

 pre-shared-key %$%$c6M3B;U6{=_hf(I/yvT+[I@7%$%$

 ike-proposal 1

 remote-id-type none

#

ipsec proposal prop16322812552

 encapsulation-mode auto

 esp authentication-algorithm sha1 md5

 esp encryption-algorithm aes-256  aes-192  aes-128  3des des

#

Suggestions

Some android device can’t compatible the sha2 algorithm.when configuration ipsec suggest use the sha1.

END