No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Because configure security acl in the policy-template SVN3000 lead to the ipsec service failure

Publication Date:  2012-10-17 Views:  694 Downloads:  0

Issue Description

SVN3000 (headquarters) establish ipsec VPN with multiple USG2100 (branch), branch devices are all use PPPOE dial-up to get to the network. After the configuration has been completed, in the SVN can see all of the tunnel can establish normally, but only one tunnel intranet interworking with customer, the rest of the branch can not interworking

Alarm Information


Handling Process

1 check ACL configuration, interested flow configuration is correct
2 interface fast-forwarding also have closed (usg2100 v1r5 version interface have no port fast-forwarding)
3 through respectively check session table from SVN to branch each branch find that the SVN packets on the VPN are all back to one of the branch by SVN, so lead to other VPN is impassable.
4 delete security acl in ipsec policy-template of the SVN, the problem solved.

Root Cause

1. The user ACL configuration is not correct, it is the interested flow configuration has problem.
2. User do not close port fast-forwarding in the intranet interface


When part of the USG devices such as USG3000, SVN3000 used the policy-template to establish ipsec, all can not configure the security acl.