USG5300 and USG3000 configure IPSEC VPN, use the IKE to realize IPSEC to encrypt transmission message.
Can actively launch IPSEC tunnel from USG3000, and PING pass
But can't active establish IPSEC tunnel from USG5300, and cannot PING pass
1, in the system view input the command Ike peer peer_name, enter Ike peer view, peer_name is the peer name referred by policy.
2, in Ike peer view, input command undo version 2.
1, the policy from one side cannot active launch is template way. For this kind of situation, belongs to the normal phenomenon, do not need process.
2, one end support IKEv1 by default, and the other end support IKEv2 by default.
Supporting IKEv2 Eudemon1000E is an important characteristic, and improve the performance of the equipment. USG5300 can auto-negotiate to support IKEv1 and IKEv2, use IKEv2 by default; And USG3000 equipment only support IKEv1.
If USG3000 launch IKE negotiation first, using IKEv1, because USG5300 can auto-negotiate to response IKEv1 and IKEv2 negotiation, so can set up negotiation; And when USG5300 equipment actively launch negotiation, use IKEv2 by default, so start IKEv2 negotiation. The peer end USG3000 can't response IKEv2 negotiation, so cannot establish tunnel.
When use USG5300 and other equipment to make IKE negotiation, need pay attention to the IKE version problem. If the peer end does not support IKEv2, USG5300 equipment active negotiation maybe fail, need to modify IKEv1configuration.