No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Since the VLAN Encapsulation is not Configured on the Subinterface, the IPSec Service is Interrupted

Publication Date:  2012-07-24 Views:  88 Downloads:  0

Issue Description

Network: USG2110-------Internet-------USG2130
The USG2110 is the branch, and the USG2130 is the headquarters. The IPSec is configured at both ends. IKE phases 1 and 2 are normal, and the IPSec SA is successfully established. According to the user, the intranet gateway address of the USG2130 cannot be pinged through from that of the USG2110. The IPSec SA is established, but the service is interrupted. 

Alarm Information


Handling Process

1. Confirm that the ACL configuration is correct and the express port forwarding is disabled.
2. Debug the USG2110. The debugging result shows that the data is not encapsulated with a tab, so the firewall discards the data.
Handling Procedure: The intranet IP addresses of the firewalls on both ends of the tunnel can be pinged through after the IP address is encapsulated with VLAN. The problem is solved after the subinterface of the USG2110 is encapsulated with VLAN.

Root Cause

1. The ACL configuration is incorrect.
2. The express port forwarding is enabled.