No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fast Forward of internal network interface was not closed caused ipsec services are unavailable

Publication Date:  2012-11-28 Views:  1978 Downloads:  0

Issue Description

PC1 ---- USG2130 ------- SRG20-20 ----- PC2

1, USG2130 can ping PC2, USG2130 with the source address (PC1 gateway) is also able to ping PC2, PC1 can not ping PC2

2. Display ipsec sa and the display ike sa tunnel to establish normal.

Alarm Information


Handling Process

1, Check the equipment on the ipsec configuration carefully , that is no problem

2. View PC1 that gateway was really on the the USG2130 internal netowrk

3, It found that PC1 message is not encrypted by normal way, but it directly forwarded. through the command debug ipsec all

Turn off the fast-forward function on internal network interface by undo ip fast-forwarding qff command, problem solving.

Root Cause

1, USG2130 and SRG about IPSEC VPN configuration problems.

2, PC1 did not configure network management, or PC1 network management was not in USG2130.

3, USG2130 internal network interface did not shut down the fast-forward


The low-end devices are off as much as possible to do ipsec vpn interface fast forward function

undo ip fast-forwarding qff