No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


When interconnecting with the equipment which uses template model, the tunnel renegotiating

Publication Date:  2012-11-22 Views:  100 Downloads:  0

Issue Description

Use the IPSEC function of USG equipment, peer end uses the template model, when the USG product restarted and gained new IP, began a period of time, it is difficult to negotiate up, must after a long period of time, the negotiation just can be up.

Alarm Information


Handling Process

Both ends equipment all needs to configure DPD function, USG configuration is as follows:
ike dpd interval 20 2
At the same time, can configure automatic establish tunnel function in the external network interface
ipsec policy vpnlink auto-neg 10
Then check whether the DPD function negotiated successfully, the following explains DPD negotiated successfully
<USG>display ike sa
connection-id peer flag phase doi
1288 RD|ST|D 1 IPSEC
1298 RD|ST 2 IPSEC

Root Cause

It is because the old tunnel doesn’t overtime, the new tunnel can’t be negotiated up, leading to IPSEC tunnel impassability.


When enables IPSEC function and uses the template mode interconnect, must configure DPD function, or it will appear the problem that tunnel can’t be established.