USG2210 (v100r005)-USG2130 (V100R003)
The ipsec tunnel has been built,and has no problem, but intranet Ping each other unsuccessful.
1. Check 2130, close fast forward, exclude the reason that fastforward hasn’t closed.
2. Check the configuration, did not find problems.
3. View previous cases to see whether V100R005 interconnects with V100ROO3 will has these problems, but before the docking, have no such problems.
4. Firstly, use the USG2130 end internal network port address Ping2210 inside and outside port addresses, opened Debug ICMP in USG2210, find the following information:
* 0.82100470 USG2200 IP/7/debug_icmp:
ICMP Receive: communication-filter-forbidden (Type = 3, Code = 13), Src =
184.108.40.206, Dst = 220.127.116.11; Original IP header: Pro = 50, Src =
18.104.22.168, Dst = 22.214.171.124, First 8 bytes = AA7A60DF 00000003
This information can be seen, the public network, has a 126.96.36.199 return information, Pro 50 (ESP protocol number) has been prohibited, it means the operators this device has filtered the ESP packet. So you can determine the problem is happen in operators
1. Fast forward issue.
2. Configuration problem.
3. Software version issue.
4. Carrier problem.
Such problem, you can also look at whether operators prohibited VPN. Not necessarily every time the local device configuration issues.