No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


Security ACL is not hit when the USG L2TP Over IPsec VPN establish success

Publication Date:  2013-12-24 Views:  1103 Downloads:  0
Issue Description
USG V300R001

when the VPN client connect success, there is no any Security ACL hit:
<LNS> display acl 3000
Rule 5 permit udp source-port eq 1701   (0 times matched)

Alarm Information
Handling Process
1、 check IPsec and L2TP VPN status:
<LNS> display l2tp tunnel
Total tunnel = 1
LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
1        1        65480   1      

<LNS> display l2tp session
Total session = 1
LocalSID  RemoteSID  LocalTID
1         1          1

<LNS> display ike sa
current ike sa number: 2                                                      
  conn-id    peer                    flag          phase vpn                    
  2          RD            v1:2  public                 
  1          RD            v1:1  public           

  flag meaning

<LNS> display ipsec sa brief

current ipsec sa number: 2
current ipsec tunnel number: 1
Src Address     Dst Address     SPI         Protocol  Algorithm
-------------------------------------------------------------------        142427840   ESP       E:DES;A:HMAC-MD5-96;       52885424    ESP       E:DES;A:HMAC-MD5-96;

2、 check VPN client connection is success or not:
C:\Documents and Settings\Administrator> ipconfig
Windows IP Configuration
Ethernet adapter {1D873B6A-BAC3-4A99-A567-9F809EA3CE69}:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :

3、so the IPsec and L2TP VPN  working fine.

4、after confirm with R&D, the Security ACL  only hit when the the traffic trigger the ipsec establish the tunnel.
after the ipsec tunnel established, all the traffice will pass by tunnel, will not hit the Security ACL again. it's   LNS worki principle.

Root Cause
1、 IPsec or L2TP has problem.
2、 VPN Client configure has problem.
3、 other problem.
when in the case L2TP Over IPsec, Security ACL  not hit is normal.