No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FAQ-Why Cannot the Two Ends of a Tunnel Communicate When the ACLs Are Correctly Configured and the Security Proposals Are Matched?

Publication Date:  2019-01-25 Views:  387 Downloads:  0

Issue Description

Why cannot the two ends of a tunnel communicate when the ACLs are correctly configured and the security proposals are matched?


This problem occurs because the device on one end restarts after the SA is established. Run the display ike sa command to check whether the ISAKMP SA of phase 1 has been set up on both devices. Run the display ipsec sa policy policy-name command to check whether an IPSec SA has been established for the specified security policy. If the SA information on both ends does not match, run the reset ipsec sa and reset ike sa commands to clear the established SA and re-initiate the negotiation.