No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FAQ-An IPSec Tunnel Is Negotiated but the Matching Count of the ACL Referenced in the IPSec Policy Does Not Increase or Remains 0

Publication Date:  2015-07-02 Views:  620 Downloads:  0

Issue Description

An IPSec tunnel is negotiated but the matching count of the ACL referenced in the IPSec policy does not increase or remains 0.


The ACL referenced in the IPSec policy is used only to trigger the negotiation. The matching count of the ACL increases only when packets match the ACL to trigger IKE negotiation. After a tunnel is negotiated, service packets no longer match the ACL. Therefore, its matching count does not increase. In addition, if the IPSec policy configured on the interface carries the auto-neg parameter, the device will automatically trigger negotiation. In this case, the matching count of the ACL does not increase as well.