Why data packets do not pass the IPSec tunnel

Service packets fail to be transmitted after an IPSec tunnel is successfully established. To troubleshoot this fault, perform the following operations:
1. Check whether data packets match any ACL rule.
2. If NAT is configured on an interface, the matching ACL rule must deny data flows protected by IPSec. After confirming that the ACL rule is correctly configured, enable IPSec.
3. If SHA2 authentication is used, configure the ipsec authentication sha2 compatible enable command.
4. Check that the route configuration is correct.
5. Check that data packets can reach the AR router.

Scroll to top