Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
GRE over IPsec between US...

GRE over IPsec between USG6510E and USG6630E

Created: Jul 21, 2021 15:23:11Latest reply: Jul 30, 2021 06:34:18 223 9 1 0 0
  Rewarded HiCoins: 1 (problem resolved)
View the author 1#

Hellow, 

We have a  usg6510E in out branch and usg6630e as FireWall in our headquarter . 

And we already have some GRE tunnel over IPsec with Mikrotiks and its works stable whit USG6630

Parametrs of IPsec Mkt and usg6630e in attachment. 

But when we try configurate tunnel between usg6510 and usg6630 its doesn't work.

We want to deploy 6510 in all our branches instead of Mkt, but with this problem it looks unreal. 

Will be appreciative for any help or advice.

Thank you


Attachment: You need to log in to download or view. No account? Register
GRE over IPsecUSG6630eUSG6510E-acUSG6630E

Like (1) Dislike (0) Favorite(0) Share Report
Previous: unused File
Next: IPv4 packet switching performances
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Jul 22, 2021 10:00:00

If the error shows "flow or peer mismatch", please check the ACL configuration on both ends, the mismatch ACL would affect the IPSec tunnel establishing.
View more
  • x
  • convention:
All Answers
(0) (0)
2#
ariase88
ariase88 Admin Created Jul 21, 2021 15:31:42

Thanks for contacting the Huawei community!

We are checking your question and will provide an answer to you shortly.
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Jul 22, 2021 03:28:31

Hi,
Can you please check the status that the IPSec tunnel is stucked in?
View more
  • x
  • convention:

user_4283387
user_4283387 Created Jul 22, 2021 06:55:06 (0) (0)
We have status "flow or peer mismatch", but we certainly have same IKE param on both device  
chenhui
chenhui Reply user_4283387  Created Jul 22, 2021 09:59:13 (0) (0)
Please check the ACL configuration on both ends, the mismatch ACL would affect the IPSec tunnel establishing.  
(0) (0)
4#
DDSN
DDSN Admin Created Jul 22, 2021 03:29:58

Hi user_4283387,
When configuring an IPSec proposal, ensure that the parameters, such as the security protocol, authentication algorithm, encryption algorithm, and packet encapsulation mode, are the same on both ends of the IPSec tunnel. Otherwise, tunnel negotiation fails. If the PFS algorithm is configured on both ends, ensure that the PFS algorithm configured on both ends is the same. Otherwise, tunnel negotiation fails. Check whether the parameters on the USG6510E are consistent with those on the USG6630E.
The following link describes the troubleshooting procedure for an IPSec tunnel establishment failure, you can refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1000179233&id=EN-US_TOPIC_0115283187&lang=en
https://support.huawei.com/hedex/hdx.do?docid=EDOC1000179233&id=EN-US_TOPIC_0115283189&lang=en
View more
  • x
  • convention:
(0) (0)
5#
chenhui
chenhui Admin Created Jul 22, 2021 10:00:00

If the error shows "flow or peer mismatch", please check the ACL configuration on both ends, the mismatch ACL would affect the IPSec tunnel establishing.
View more
  • x
  • convention:
(0) (0)
6#
user_4283387
user_4283387 Created Jul 22, 2021 11:33:37

We have found a solution of our problem. We re-create IPsec policies on 6630 and 6510 with default parameters and it working.


We checked ACL on both device and its looks similar to each other


Thank you for your answers!


View more
  • x
  • convention:
(0) (0)
7#
andersoncf1
andersoncf1 MVE Author Created Jul 22, 2021 22:35:02

Good answer. GRE over IPsec between USG6510E and USG6630E-4046811-1
View more
  • x
  • convention:
(0) (0)
8#
Unicef
Unicef MVE Created Jul 30, 2021 06:34:18

NICE
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.