Failure of the Establishment of the IPSec Tunnel

Publication Date:  2013-08-26 Views:  277 Downloads:  0
Issue Description
In Firewall V100R002C01B020, use the Eudemon 1000E to establish the IPSec tunnel with the remote AP to ensure the security of the AP remote access in the uBro solution. Fail to establish the IPSec tunnel after configuring IPSec.
Alarm Information
The debugging information of the Eudemon 1000E is as follows:
AAA ERROR:CID = 1099,
UserName = 0460011111111112@wlan.mnc001.mcc460.3gppnetwork.org RDS Send Fail 
Handling Process
1. Check the routing table. The routes are normal.
2. Check the firewall interzone policy. The firewall requires port 1812 to communicate with the AAA server. The policy of permitting port 1812 for the DMZ-Local interzone of the firewall is not configured.
3. Configure the policy of permitting port 1812 for the DMZ-Local interzone and the problem is solved. . 
Root Cause
This indicates that the Eudemon 1000E does not send the authentication packets of the AAA server or receive the response packets from the AAA server.
Suggestions
 In the uBro solution, to establish the IPSec tunnel with the AP, the firewall needs to communicate with the AAA server, which needs to communicate with the AHR server. You can check the communication process step by step to rectify the fault. 

END