the public IP couldn't communicate after IPSec configuration

Publication Date:  2016-04-15 Views:  440 Downloads:  0
Issue Description
customer hope to create a IPSec tunnel between Sonicwall and AR129( and
Before the IPSec configuration, the ping of public IP Address communicate normally.( to
After finish IPSec configuraiton, customer found that the IP Ping fail.( to

After checking the configuration of this site. we found customer permit all IP traffic in ACL 3999 which used for ipsec policy

acl name p_Ethernet0/0/0_1 3998 
rule 5 permit ip
ipsec proposal p_to_p_vpn1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm sha1
prf hmac-sha2-256
ike peer p_to_p_vpn1 v1
pre-shared-key cipher %^%#XeyNW1QmUWl}t\1ttQ4)D]nS%Zs8.$Av:wUPEO67%^%#
ike-proposal 1
local-id-type name
nat traversal
ipsec policy p_to_p_vpn 1 isakmp
security acl 3998
ike-peer p_to_p_vpn1
proposal p_to_p_vpn1
interface Vlanif1
ip address
dhcp select interface
dhcp server dns-list
interface Ethernet0/0/0
undo portswitch
tcp adjust-mss 1460
ip address
ipsec policy p_to_p_vpn
nat outbound 2999


After set the fixed ACL according custoemr environment, then this issue solved. Since the orginal setting contained flow that from to10.1.10.25, so the ping was affected by orignal setting.


acl number 3998   

rule 5 permit ip source destination