After configured the IPSCE, USG5320 loss packets serious when the internal network visit the external network.

Publication Date:  2012-09-13 Views:  203 Downloads:  0
Issue Description
Without configured IPSEC VPN in USG5320, network users can access the public network normally through NAT. After enable IPSEC VPN, it will be slowly to access the public network with the packet loss at about 20%. It will return to normal if the IPSEC has been cancelled.
Alarm Information
None.
Handling Process
1 check the configuration of IPSEC interested flow, no problem;
2 the user network traffic normal and the bandwidth is enough;
3 check equipment version is USG5300 V100R003C01SPC600, check if the renewal function of the IPSEC is on:
   [USG]disp current-configuration | include fifo
   Without any information, opened by default.
4 Close the renewal function
   [USG]undo firewall fifo enable
Again insure the renewal function is on:
  [USG]disp current-configuration | include fifo
   12:45:34  2011/10/10
   undo firewall fifo enable
   undo firewall fifo enable
   undo firewall fifo enable
   undo firewall fifo enable
   Test the internal network visit the external network, access normally without packet loss.
Root Cause
1 The data flow which IPSEC VPN interested is not configured properly;
2 network traffic anomaly;
3 version problem.
Suggestions
USG5300 products V100R003C01SPC600 version IPSec isotone lead to non IPSec business message delay or lost package. 

END