No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

IPsec tunnel not being up between AR router and another vendor router

Publication Date:  2020-01-30  |   Views:  132  |   Downloads:  0  |   Author:  h84102332  |   Document ID:  EKB1100045171

Contents

Issue Description

IPsec tunnel not being up between AR router and other vendorrouter

Handling Process

1) I checked the IPsec configuration on both AR router and other vendor router , and at first Phase 1 wasn’t up and after matching all parameters on both sides , phase1 was UP but still tunnel is still down

697ec652d2ed49d78794392aec2cd195
2) We checked the “ display ike error-info”, error reason is phase2 proposal , PFS mismatch or flow mismatch but I checked all parameters are OK and matched

78335cd862414b7fa2a402e4f6348f93
3) i checked the phase2 parameters on both sides , it is matched .

4) in othervendor device ,interface tunnel 1 is by default on GRE mode ,after changing it from GRE mode  to IPsec  mode ,issue resolved


RouterB(config)#interface tunnel 1   

RouterB(config-if)#tunnel mode ipsec ipv4




Root Cause

peer configuration issue

Solution

issue resolved after changing the interface tunnel 1 from GRE mode to IPsec mode as below

  RouterB(config)#interface tunnel 1   

 RouterB(config-if)#tunnel mode ipsec ipv4

 

Reference from our documentation

full configuration example guide

https://support.huawei.com/enterprise/en/doc/EDOC1100034005/c6f443e1/example-for-establishing-an-ipsec-tunnel-between-a-branch-gateway-ar-and-headquarters-gateway-cisco-router-using-vt-interfaces