An IPSec tunnel fails to be set up for a long time, and then can be established after the IPSec tunnel is reset


The same traffic of the branch is transmitted to the headquarters. The headquarters has an IPSec tunnel to protect traffic between the headquarters and branch. Because the same data flow is protected, the headquarters and branch cannot establish a new IPSec tunnel. After the IPSec tunnel of the headquarters is reset, the old IPSec tunnel is deleted and the new IPSec tunnel can be established.

In this case, you can run the ipsec remote traffic-identical
command to allow users with the same traffic rule as online users to access the IPSec tunnel. The established IPSec SAs are aged rapidly and an IPSec tunnel is reestablished.

Other related questions:
Why data packets do not pass the IPSec tunnel
Service packets fail to be transmitted after an IPSec tunnel is successfully established. To troubleshoot this fault, perform the following operations: 1. Check whether data packets match any ACL rule. 2. If NAT is configured on an interface, the matching ACL rule must deny data flows protected by IPSec. After confirming that the ACL rule is correctly configured, enable IPSec. 3. If SHA2 authentication is used, configure the ipsec authentication sha2 compatible enable command. 4. Check that the route configuration is correct. 5. Check that data packets can reach the AR router.

Configuring IPSec on an AC
ACs support IPSec, while Fat APs do not support this function. On the Internet, most data is transmitted on IP networks in plaintext mode. This transmission mode has many potential risks. For example, bank accounts and passwords may be intercepted, user identities may be forged, and networks are attacked. IPSec can protect transmitted data to reduce information leak risks. IPSec is a set of open network security protocols defined by the Internet Engineering Task Force (IETF). It ensures integrity and security of data transmitted on the Internet through data source authentication, data encryption, data integrity, and anti-replay at the IP layer. For more information about IPSec configuration on an AC, see: For V200R005: IPSec Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation. For V200R006: IPSec Configuration in AC6605&AC6005&ACU2(AC&FITAP) Product Documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top