Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
L2TP/IPSec Remote Access ...

L2TP/IPSec Remote Access Server (RAS) AR2240C router

Created: Jul 10, 2019 12:10:38Latest reply: Jul 17, 2019 10:11:16 1188 9 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi i setting up RAS (L2TP/IPSec) on AR2240C router

L2TP only works correct, but when i try to use IPSec it doesn't work.

Logbuffer says "Jul 10 2019 15:00:45+03:00 DST EDGE-R02-ILK %%01INFO/4/SUPPRESS_LOG(l)[0]:Last message repeated 2 times.(InfoID=1887440902, ModuleName=IKE, InfoAlias=IKE_NEGO_FAIL)"

Hedex has many inaccuracies

I checked IKE settings many times but it's no purpose.

Here it is my config:



interface Eth-Trunk1.3900
dot1q termination vid 3900
ip address X.X.X.X X.X.X.
nat outbound 3100 vrrp 1
ipsec policy -=RAS_POLICY=-


ipsec proposal 1
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal 5
encryption-algorithm aes-256
dh group5
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer -=RAS=-
exchange-mode aggressive
pre-shared-key simple xxxxxxxxxxxxxxxx
ike-proposal 5
local-id-type fqdn
#
ipsec policy-template -=RAS_TMPLT=- 2
ike-peer -=RAS=-
proposal 1
#
ipsec policy -=RAS_POLICY=- 1 isakmp template -=RAS_TMPLT=-



195920vzvughgugt41lggh.jpg?RAS.jpg

200558aqzs2zmlx2tnqd6l.jpg?RAS1.jpg

Like (0) Dislike (0) Favorite(0) Share Report
Previous: s6720 stp problem
Next: Why Is a MAC Address Learned on Multiple VLANs?
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Jul 12, 2019 07:38:10

Posted by andrbor at 2019-07-11 13:12Maybe do you have some working config?Actually i need to realize this scheme:

Are you searching for the L2TP over IPSec example?
View more
  • x
  • convention:
All Answers
(0) (0)
2#
yogijain
yogijain HCIE Created Jul 10, 2019 12:47:31

Hi
As I  am observing
Please configure below part and confirm

1) ike peer -=RAS=-
remote-address x.x.x.x need tp be configured


2) ike proposal 5
sa Duration >>>


3) ipsec Policy 
   Sequrity Acl  abc 

4) ACL abc 
rule 30 permit ip source lan ip / subnet mask  destination remote ip / mask 

Regards
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Jul 10, 2019 12:56:39

@andrbor Hi,
could you please check the corresponding information about the ike sa( display ike sa)
View more
  • x
  • convention:
(0) (0)
4#
andrbor
andrbor Created Jul 11, 2019 13:07:00

Posted by yogijain at 2019-07-10 12:47 HiAs I  am observing Please configure below part and confirm 1) ike peer -=RAS=-remote-address x.x ...


1) ike peer -=RAS=-
remote-address x.x.x.x need tp be configured

Error: The ike peer applied on the policy-template should not config a remote-address. ((



2) ike proposal 5
sa Duration >>>

i've entered the command, but it steel has  default meaning 86400

3) ipsec Policy
   Security Acl  abc

there is no oportunity to enter this command  ((

4) ACL abc
rule 30 permit ip source lan ip / subnet mask  destination remote ip / mask
View more
  • x
  • convention:
(0) (0)
5#
andrbor
andrbor Created Jul 11, 2019 13:12:05

Maybe do you have some working config?

Actually i need to realize this scheme:


RAS
View more

This article contains more resources

You need to log in to download or view. No account? Register

x
  • x
  • convention:
(0) (0)
6#
yogijain
yogijain HCIE Created Jul 11, 2019 14:54:04

Posted by andrbor at 2019-07-11 10:12 Maybe do you have some working config?Actually i need to realize this scheme:
Yes you are right my friend
Thanks for your feedback.. I will work out further in this.,if possible .
View more
  • x
  • convention:
(0) (0)
7#
chenhui
chenhui Admin Created Jul 12, 2019 07:38:10

Posted by andrbor at 2019-07-11 13:12Maybe do you have some working config?Actually i need to realize this scheme:

Are you searching for the L2TP over IPSec example?
View more
  • x
  • convention:
(0) (0)
8#
andrbor
andrbor Created Jul 15, 2019 08:53:37

That example from firewall "USG6000" Are you shure is that fits ?
I ment some config from working device.
View more
  • x
  • convention:
(0) (0)
9#
andrbor
andrbor Created Jul 17, 2019 10:08:56

Posted by chenhui at 2019-07-12 07:38 Posted by andrbor at 2019-07-12 07:38Maybe do you have some working config?Actually i need to realize ...
Im not shure this is unapplicable
View more
  • x
  • convention:
(0) (0)
10#
chenhui
chenhui Admin Created Jul 17, 2019 10:11:16

Posted by andrbor at 2019-07-17 10:08 Im not shure this is unapplicable
the example just provides a thought of configuring.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.