IPSec tunnel implemented between the Branch office and HQ. After configuring, the ping traffic is enabled to trigger the tunnel establishing, but failed.
1. Check the IKE and IPSec SA state, neither IKE nor IPSec negotiated successfully.
2. Check the configuration on both Branch and HQ firewalls, all is normal.
3. Ping the remote firewall to check if there is connection problem. The ping result is normal.
4. Check the session table to exam detailed traffic flow.
The result indicates that the traffic is encapsulated into the tunnel correctly.
5. Check the IKE error information.
The result indicates that error occurred during the authentication, it should be caused by the mismatch password.
6. Modify the password on both firewalls, problem resolved.
Mismatch password causing the IPSec tunnel establishment failure.