No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG6300 IPSec VPN service data is not accessible

Publication Date:  2018-02-28 Views:  56 Downloads:  0
Issue Description

After two USG6300 series firewalls set up IPSec VPN, part of the data is not accessible , both of them are V500R001C30SPC100 version

Handling Process

1. check customer device configuration is no problem, both the security policy and the NAT policy are configured correctly

2. Look at the ispec stream of interest and find that the flow of interest that the data is not accessible is set as address-group

3. check the ike sa, found they create ipsec vpn by ikev1

4. check the ipsec sa, found the establishment of the tunnel without a response to a stream of interest

Root Cause

The two ends are butted with the IKEv1 protocol,  the IPSec interested flow cannot be used with address group. The firewall and the opposite end have not established the corresponding IPSec tunnel

Solution

Change the address set referenced in a stream of interest to the address segment,  then solve the problem

END