No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

the public IP couldn't communicate after IPSec configuration

Publication Date:  2016-04-15  |   Views:  949  |   Downloads:  0  |   Author:  SU1001299054  |   Document ID:  EKB1000114675


Issue Description

customer hope to create a IPSec tunnel between Sonicwall and AR129( and
Before the IPSec configuration, the ping of public IP Address communicate normally.( to
After finish IPSec configuraiton, customer found that the IP Ping fail.( to


After checking the configuration of this site. we found customer permit all IP traffic in ACL 3999 which used for ipsec policy

acl name p_Ethernet0/0/0_1 3998 
rule 5 permit ip
ipsec proposal p_to_p_vpn1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm sha1
prf hmac-sha2-256
ike peer p_to_p_vpn1 v1
pre-shared-key cipher %^%#XeyNW1QmUWl}t\1ttQ4)D]nS%Zs8.$Av:wUPEO67%^%#
ike-proposal 1
local-id-type name
nat traversal
ipsec policy p_to_p_vpn 1 isakmp
security acl 3998
ike-peer p_to_p_vpn1
proposal p_to_p_vpn1
interface Vlanif1
ip address
dhcp select interface
dhcp server dns-list
interface Ethernet0/0/0
undo portswitch
tcp adjust-mss 1460
ip address
ipsec policy p_to_p_vpn
nat outbound 2999


After set the fixed ACL according custoemr environment, then this issue solved. Since the orginal setting contained flow that from to10.1.10.25, so the ping was affected by orignal setting.


acl number 3998   

rule 5 permit ip source destination