No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

IKEv1 between AR1200 and peer vendor device cannot associate

Publication Date:  2012-09-26  |   Views:  3  |   Downloads:  0  |   Author:  c00222574  |   Document ID:  EKB1000016177

Contents

Issue Description

Version: V200R001C00SPC500
topology:(PPPoE dial-up,IP unfixed)AR2200--------X factory router(here is core node)
AR1200 and X peer vendor adopt IKEv1 aggressive mode, IKE associated unsuccessfully. It cannot associate on NO.1 phase.


other side WEB configuration:

Alarm Information

NULL

Handling Process


1. Check whether the public route can reach, two side ping each other, it can be ping.
2. Check local side IKE configuration as follows:
ike peer spub v1
exchange-mode aggressive
pre-shared-key bhd654321
ike-proposal 1
remote-address 121.15.168.58

AR as sub node, there are 2 configuration ways:
1. Configure remote-address in IKE only(for instance can connect with USGXXXX device of HS factory)
2. Add configuration of remote-name and local-id-type in ike peer, other side adopts IP+name way, in this case, first adopt NO.1 way, not successful, consider NO.2 way.

X peer vendor router adjust as follows:

Add follows configuration on local side of AR1200
ike peer spub v1
exchange-mode aggressive
pre-shared-key bhd654321
ike-proposal 1
remote-address 121.15.168.58
local-id-type name
remote-name www.3322.org

after adjust the configuration, problem is solved.

hawei-ar1220-Dialer1]dis ike sa
    Conn-ID  Peer            VPN   Flag(s)                Phase
  ---------------------------------------------------------------
     2361    121.15.168.58   0     RD|ST                  2   
     2351    121.15.168.58   0     RD|ST                  1   

  Flag Description:
  RD--READY   ST--STAYALIVE   RL--REPLACED   FD--FADING   TO--TIMEOUT
  HRT--HEARTBEAT   LKG--LAST KNOWN GOOD SEQ NO.   BCK--BACKED UP


Root Cause

1. Public network route cannot reach.
2. IKE configuration failure.
3. Other side configuration failure

Suggestions

In ike association, core node and sub node, both side either using ip asscciation or IP+name way, one side uses IP other side uses IP+name is not permited.