No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

FAQ-An IPSec Tunnel Is Negotiated but the Matching Count of the ACL Referenced in the IPSec Policy Does Not Increase or Remains 0

Publication Date:  2015-07-02 Views:  330 Downloads:  0
Issue Description
An IPSec tunnel is negotiated but the matching count of the ACL referenced in the IPSec policy does not increase or remains 0.
Solution
The ACL referenced in the IPSec policy is used only to trigger the negotiation. The matching count of the ACL increases only when packets match the ACL to trigger IKE negotiation. After a tunnel is negotiated, service packets no longer match the ACL. Therefore, its matching count does not increase. In addition, if the IPSec policy configured on the interface carries the auto-neg parameter, the device will automatically trigger negotiation. In this case, the matching count of the ACL does not increase as well.

END