No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG and TOPSEC firewall interconnect IPSEC VPN unsuccessful

Publication Date:  2012-09-10 Views:  1258 Downloads:  0

Issue Description

Our company firewall establishes IPSEC with TOPSEC firewall. After configuring display ike sa, first stage cannot been established
USG2130 reference the parameter configuration of TOPSEC, as follows:
acl number 3004
rule 0 permit ip source 1.1.1.1 0 destination 2.2.2.2 0
#
ike proposal 4
encryption-algorithm 3des-cbc
authentication-algorithm md5
#
ike peer a
pre-shared-key 123456
ike-proposal 4
undo version 2
remote-address X.X.X.X
#
ipsec proposal 4
esp encryption-algorithm 3des
#
ipsec policy yujiacl 4 isakmp
security acl 3004
ike-peer a
proposal 4
sa duration traffic-based 86400

TOPSEC first stage configuration:

Alarm Information

None

Handling Process

First.  Check configuration, the negotiation parameters configuration of each stage are consistent.
Second.  Check the first stage consultation, only TOPSEC configuration the peer identities and local identity. When USG2130 use main mode ,it doesn’t consultation identity. Throw off TOPSEC firewall identity ,tunnel normal established.

Root Cause

TOPSEC firewall configuration the peer identities and local identity. But our device is not configured. The first stage consultation, USG2130 use IP address as an identifier, but TOPSEC configured for other identification, negotiation fails. 

Suggestions

None

END