After configuring E1000E IPSec VPN, there are a large number of error packets, resulting in service exception.
1: This problem is due to the normal use of the phone dial, so basically positioning l2tp ipsec configuration and there is no problem
2: Because this business you need to build l2tp tunnel, so let users dial found no l2tp session, no doubt packets to the firewall or firewall to discard
3: firewall packet statistics, found l2tp session packet loss statistics, statistics are as follows:
[Eudemon1000E-diagnose] display firewall statistic acl
Current Show sessions count: 1
Protocol(UDP) SourceIp(2x.2x.1x5.2x) DestinationIp(1x0.2x.2x.1x3)
SourcePort(1701) DestinationPort(1701) VpnIndex(public)
Receive Forward Discard
Obverse : 4 pkt(s) 0 pkt(s) 4 pkt(s)
Reverse : 0 pkt(s) 0 pkt(s) 0 pkt(s)
Discard detail information:
DP_Input_Eth :exit 3: 4
DP_L3Fwd_ProcessIpv4 :exit 2: 4
DP_L3Fwd_DataProcess :exit 7: 4
IPSec_Input :exit 1: 4
DP_L3Fwd_FirstPktProc :exit 4: 4
From the "display firewall statistic acl" information we can see port 1701 l2tp information, that means basically confirmed that the session was not drop by firewall.
Closing ipsec pre-check on this side of the firewall, the test is normal, the problem is solved. Command is "Undo ipsec pre-check".
The two ends of ipsec pre-check must be kept the same, or may appear business impact.