AR2240 V200R003C01SPC300
Topology :
The IPSec Down fault occurred on the AR2240. The IPSec connection failed with the Cisco device IPSec at the xxx office. As a result, about 1000 xxx services were interrupted.
The network link is unreachable.
1. Remotely log in to the AR device and check the IPSec session. The SA negotiation fails. The device is configured with the tunnel peer address of 172.x.x.2.
2. According to the debug information analysis, the AR continuously initiates IPSec negotiation with the peer device at the address of 172.x.x.2, but does not receive the peer response packet from the debug analysis. The debugging information is as follows:
The AR sends a negotiation packet.
AR retransmission negotiation packet
The AR retransmits the negotiation packet again.
3. Initially suspected that there is a problem with the link and the AR device attempts to ping the peer address for testing. The test results show that the link between the AR and the address is unreachable. Therefore, the first line and the customer are required to solve the network link problem. The test Ping 172.x.x.2 results are as follows:
Modify the configuration tunnel to connect successfully.
1. After the customer solves the network link problem, the AR and the CISCO IPSec tunnel still negotiate failure:
2. After the client finally confirms that the cisco device interface address is changed to 192.168.104.10, the non-AR currently configured negotiation address is 172.x.x.2, Cisco interface configuration information:
3. After the AR is modified, the tunnel is successfully established after the peer address is 192.168.104.10.
Customer business recovery
After the tunnel address is changed to 192.168.104.10, the IPSec negotiation succeeds. The customer feedback monitoring platform displays that there is no tunnel alarm information, and the ATM service is restored.
Root Cause:
The IP address of the IPSec service is interrupted. The IPSec service is interrupted. The IPSec service is interrupted. After the IPSec configuration on the AR is modified, services are restored.
Solution :
After the IPSec tunnel is successfully configured, the IPSec tunnel is successfully restored.
Modify the IPSec tunnel configuration of the AR device:
Modified AR device IPSec tunnel configuration:
NOTE: The configuration of the IPSec tunnel link state is detected when the IPSec link is faulty.