Problem and solution when the IPSec tunnel cannot be established between the USG6300 and Windows 8 system


The IPSec tunnel established using the Windows 8 dial-up software on the USG6000 is interrupted at a certain interval.
You can use other VPN tunnels, such as L2TP.

Other related questions:
Method used to establish an IPSec tunnel between the AR and PC
An IPSec tunnel is established between the AR and PC. This example applies to all AR models of V200R002C00 and later versions. For details about the configuration, see "Example for Configuring an IPSec Tunnel for Remote Dial-Up Users to Connect to the Headquarters" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

L2TP tunnels fail to be established between the AR and the PC running Windows 8
The possible cause is that the PC uses Windows 8. You must add \ before the user name when inputting a user name. The correct input mode is \vpn. Otherwise, a domain name is automatically added before the user name. As a result, login authentication fails. When inputting a user name on PCI, add \ before the user name, for example, \vpn. Then PC1 dialup succeeds.

Problem and solution when BGP peer cannot be established
The BGP peer establishment on the firewall needs to use port 179 to establish TCP sessions and requires that OPEN messages be properly exchanged. Perform as follows to rectify the issue: 1. Check whether the AS number and IP address among peers are correct by using the display bgp peer command. 2. Check whether the router IDs configured on both BGP peers are conflicting by using the display bgp peer command. 3. If the loopback interface is used, check whether the peer connect-interface command is configured to specify the loopback interface as the source interface for sending BGP packets. 4. If EBGP neighbors are not directly connected to the physical layer, check whether the peer ebgp-max-hop command is configured. 5. Check whether there are available routes to the peer in the routing table. 6. Check whether there are reachable routes to the specified connect-interface by using the ping -a source-ip-address host-address command. 7. Check whether the ACL that is used to disable TCP port 179 is configured.

Problem and solution when an IPSec tunnel can be successfully established whereas service access fails
The NAT service is configured on the interface where the IPSec tunnel is established. As a result, the traffic is abnormal. For details about how to solve the problem, see :IPSec session have been established but service is abnormal

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top