No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Private Network Communication Fails After IPSec Is Configured. What Are the Causes?

Private Network Communication Fails After IPSec Is Configured. What Are the Causes?

Private networks fail to communicate with each other after IPSec is configured. The possible causes are as follows:
  • The public addresses of two IPSec-enabled devices cannot ping each other.
  • The data flow defined for IPSec encapsulation is the same as that defined for NAT. You can run the display acl all command to view the matching ACL rule. In this case, use either of the following methods to prevent the data flow overlapping:

    • Ensure that the destination IP address in the ACL rule referenced by IPSec is denied in the ACL rule referenced by NAT. By doing so, the device does not perform NAT on the data flow protected by IPSec.
    • The ACL rule referenced by IPSec matches NAT-translated IP address.
  • The device incorrectly learns private routes. The outbound interface to the destination private network is not the public network interface with IPSec enabled.
  • When the authentication algorithm used in an IPSec proposal is SHA2, the encryption and decryption methods on both ends are inconsistent.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 145212

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next