Why cannot the two ends of a tunnel communicate when the ACLs are correctly configured
and the security proposals are matched?
This problem occurs because the device on one end restarts after the SA
is established. Run the display ike sa command to check whether the ISAKMP SA of phase 1 has been set up on both
devices. Run the display ipsec sa policy policy-name command to check
whether an IPSec SA has been established for the specified security policy. If
the SA information on both ends does not match, run the reset ipsec sa and reset
ike sa commands to clear the established SA and re-initiate the