PC1 ---- USG2130 ------- SRG20-20 ----- PC2
1, USG2130 can ping PC2, USG2130 with the source address (PC1 gateway) is also able to ping PC2, PC1 can not ping PC2
2. Display ipsec sa and the display ike sa tunnel to establish normal.
1, Check the equipment on the ipsec configuration carefully , that is no problem
2. View PC1 that gateway was really on the the USG2130 internal netowrk
3, It found that PC1 message is not encrypted by normal way, but it directly forwarded. through the command debug ipsec all
Turn off the fast-forward function on internal network interface by undo ip fast-forwarding qff command, problem solving.
1, USG2130 and SRG about IPSEC VPN configuration problems.
2, PC1 did not configure network management, or PC1 network management was not in USG2130.
3, USG2130 internal network interface did not shut down the fast-forward
The low-end devices are off as much as possible to do ipsec vpn interface fast forward function
undo ip fast-forwarding qff