No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


E1000E ipsec pre-check mis-configuration caused abnormal operations

Publication Date:  2014-12-30 Views:  204 Downloads:  0

Issue Description

After configuring E1000E IPSec VPN, there are a large number of error packets, resulting in service exception.

Handling Process

1: This problem is due to the normal use of the phone dial, so basically positioning l2tp ipsec configuration and there is no problem
2: Because this business you need to build l2tp tunnel, so let users dial found no l2tp session, no doubt packets to the firewall or firewall to discard
3: firewall packet statistics, found l2tp session packet loss statistics, statistics are as follows:
[Eudemon1000E-diagnose] display firewall statistic acl
16:54:10  2014/12/19

Current Show sessions count: 1
Protocol(UDP) SourceIp(2x.2x.1x5.2x) DestinationIp(1x0.2x.2x.1x3) 
SourcePort(1701) DestinationPort(1701) VpnIndex(public) 
           Receive           Forward           Discard 
Obverse : 4          pkt(s) 0          pkt(s) 4          pkt(s) 
Reverse : 0          pkt(s) 0          pkt(s) 0          pkt(s)
Discard detail information:
  DP_Input_Eth                  :exit 3:     4
  DP_L3Fwd_ProcessIpv4          :exit 2:     4
  DP_L3Fwd_DataProcess          :exit 7:     4
  IPSec_Input                   :exit 1:     4
  DP_L3Fwd_FirstPktProc         :exit 4:     4

Root Cause

From the "display firewall statistic acl" information we can see port 1701 l2tp information, that means basically confirmed that the session was not drop by firewall.


Closing ipsec pre-check on this side of the firewall, the test is normal, the problem is solved. Command is "Undo ipsec pre-check".


The two ends of ipsec pre-check must be kept the same, or may appear business impact.