Synopsis: as the picture shows, the right is the company HQ and the left have two branched. Build the IPSEC VPN tunnel that the branch node to the HQ, and the communication between branches controlled and forwarded by the HQ node. Use the SA subpolicy to build the IPSec tunnel.
The fault symptom: (1) IKE have built, but the IPSec tunnel can’t build normally; (2) IPSec tunnel build successfully, but the branch can’t access the other branch.
(1)build the ACL again, and define the currect policy, applied for the IPSec tunner building later.
(2)add the new ACL by hand again, creat the new IPSec IKE peer.
(1)Using dis acl all find that ACL not matched, and check the configuration find that policy has a problem.
(2)being a carefully think and many attempts, find that the ACL have not realize the access of the branch 1 and branch 2, finally.
We should know well about the configuration theory and related configuration step. Not only understand the building of IPSec VPN tunnel from branch to HQ, but know how to realize the IPSec VPN from a branch to another. When faced with the fault symptom like that, we need keep calm. According the fault symptom find the reason, using the easiest method to solve to problem