How to do if the IPsec VPN connection status is "exception"?
Fault Descriptionthe IPsec connection status is displayed as"exception"
data/attachment/forum/202404/26/113527h6h65rkd1kdyxg5x.png
Possible Causes:
1. EG can‘t access the network or HQ EG is deployed on layer-2 NAT environment.
2. The configurations of EG in branch and HQ are inconsistent, such as pre-share key, exchange version.
3. The traffic of VPN ports are disabled on uplink network.
Solution:
EG can’t access the network or HQ EG is deployed on layer-2 NAT environment.
(1) Please check that the HQ EG can be ping successfully by branch EG and both EGs can ping the external network IP (8.8.8.8).
data/attachment/forum/202404/26/114505ldrdr5orqnks6d69.png
Please make sure that the ping service is enabled on HQ EG.
data/attachment/forum/202404/26/114552wxw6wmry9zsmeeep.png
If the EGs fail to ping the external network, please check whether the WAN port configuration is meet the requirements of uplink network. For example, you can check the account and password of PPPOE are corrent or not? Whether it's need to configure VLAN TAC. Please contact ISP to check the network.
data/attachment/forum/202404/26/115135zio33lcetejctu7e.png
(2). If the HQ EG is deployed on Lay-2 NAT environment, map the UDP 500 and UDP4500 on the egress devices.(The map port is also 500 and 4500).
data/attachment/forum/202404/26/115425q3e3kpafp3fha8k3.png
2. The configurations of EG in branch and HQ are inconsistent, such as pre-share key, exchange version.
Check whether the configurations of EG in branch and HQ are inconsistent be refering the configuration guide 8.1.2:Configuring IPsec VPN server:
RG-EG Web-based Configuration Guide, Release ReyeeOS 1.216(V1.2) - Ruijie Networks expecially the configurations of pre-share key, exchange section, IKE version, interest flow.
3. The traffic of VPN ports are disabled on uplink network.
Draw a package on EG to check whether the EG normally sends and receives packets. If packets are sent but not received, you need to contact the ISP to check whether the uplink device releases the IPsec VPN UDP port 500 and UDP port 4500.
data/attachment/forum/202404/26/134013jebpsp3bmytddpkd.png
Pages:
[1]