Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
AR device IPsec Tunnel ca...

AR device IPsec Tunnel cannot up normally Highlighted

Latest reply: Oct 31, 2018 01:25:27 1142 12 9 0 1
View the author 1#

AR2240    V200R003C01SPC300

 

Topology :

152122t4a3lavz3nvhfall.png

 

The IPSec Down fault occurred on the AR2240. The IPSec connection failed with the Cisco device IPSec at the xxx office. As a result, about 1000 xxx services were interrupted.

 

The network link is unreachable.

1. Remotely log in to the AR device and check the IPSec session. The SA negotiation fails. The device is configured with the tunnel peer address of 172.x.x.2.

2. According to the debug information analysis, the AR continuously initiates IPSec negotiation with the peer device at the address of 172.x.x.2, but does not receive the peer response packet from the debug analysis. The debugging information is as follows:

The AR sends a negotiation packet.

152123g8ullp77gl8xylx7.png

 

AR retransmission negotiation packet

152124clxgtda8ggoggdgw.png

 

The AR retransmits the negotiation packet again.

 

152125onrvhtq9lrhcvqqx.png

3. Initially suspected that there is a problem with the link and the AR device attempts to ping the peer address for testing. The test results show that the link between the AR and the address is unreachable. Therefore, the first line and the customer are required to solve the network link problem. The test Ping 172.x.x.2 results are as follows:

 

 

152125nby2f2of0qo2mk2w.png

 

Modify the configuration tunnel to connect successfully.

1. After the customer solves the network link problem, the AR and the CISCO IPSec tunnel still negotiate failure:

 

152126vfixfipdx30wxmno.png

2. After the client finally confirms that the cisco device interface address is changed to 192.168.104.10, the non-AR currently configured negotiation address is 172.x.x.2, Cisco interface configuration information:

 

152127cqxh7ywkt0hxcsc7.jpg

 

3. After the AR is modified, the tunnel is successfully established after the peer address is 192.168.104.10.

152128if02g3ygg7bfsh93.png

 

152128j27t7i6fvc42yyo3.png

 

Customer business recovery

After the tunnel address is changed to 192.168.104.10, the IPSec negotiation succeeds. The customer feedback monitoring platform displays that there is no tunnel alarm information, and the ATM service is restored.

 

Root Cause:

The IP address of the IPSec service is interrupted. The IPSec service is interrupted. The IPSec service is interrupted. After the IPSec configuration on the AR is modified, services are restored.

 

Solution :

After the IPSec tunnel is successfully configured, the IPSec tunnel is successfully restored.

Modify the IPSec tunnel configuration of the AR device:

152129khg5xpd0zwreq5ad.png

Modified AR device IPSec tunnel configuration:

152130mj4mjlm5e31lwt83.png

NOTE: The configuration of the IPSec tunnel link state is detected when the IPSec link is faulty.

 

Like (9) Dislike (0) Favorite(1) Share Report
Previous: How to implement remote ping on our devices through snmp network management ?
Next: AR 2200 the intranet users can’t connect to internet.
(0) (0)
11#
w1
Created Oct 30, 2018 03:19:17

Good case, but please pay more attention on the "Root Cause", seem like there are some redundant works
View more
  • x
  • convention:
(0) (0)
12#
limgsc
Created Oct 30, 2018 11:08:13

your document is work for me , i get the point , fix my issue by your doc thanks you very much ,
also hope you public more doc that levle like this .
would you please also mention where from the technical detail , i can found it from orignial part .
from orignial part i can found more correct parameter
View more
  • x
  • convention:
(0) (0)
13#
limgsc
Created Oct 31, 2018 01:25:27

your document is work for me , i get the point , fix my issue by your doc thanks you very much ,
also hope you public more doc that levle like this .
would you please also mention where from the technical detail , i can found it from orignial part .
from orignial part i can found more correct parameter
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.