After IPSec VPN is Used, the Connection to the Public Network Becomes Abnormal

Publication Date:  2012-07-16 Views:  110 Downloads:  0
Issue Description
The VPN is deployed in a point-to-point mode. After the IPSec negotiation is triggered, packets are lost when PCs on the VPN access the public network. Thirty seconds later, the connection to the public network is broken, but the packets in tunnels are normal.  
Alarm Information

None.

Handling Process
Check and adjust the configuration. Check the ACL configuration first. The ACL does not encrypts all packets.
Check the versions of both ends of the connection. The two devices are of the same model and the same version.
Check the link status by running the dis int gig 0/0/0 command. There are not much CRC error packets.
Check the sequence preserving function of the USG5300 V100R002SPC007. The function is enabled. This causes the problem.
Two solutions are available:
1.          In global mode, run the undo firewall fifo enable command to disable the sequence preserving function.
2.      Upgrade the devices to the V100R002SPC008 or later.
Root Cause
On USG5300 V100R002SPC007, the sequence preserving function is enabled by default. If this function is enabled, packets on the public network connection are lost after the IPSec tunnels are negotiated.
Suggestions
When you try to resolve such a problem, check the configuration first. If the configuration is correct, check the version information.  

END