Ruijie Community

Title: IPsec SA negotiation fails at the second stage of IPsec VPN implementation. [Print this page]

Author: admin Time: 2017-5-4 20:09
Title: IPsec SA negotiation fails at the second stage of IPsec VPN implementation.
IPsec SA negotiation fails at the second stage of IPsec VPN implementation.

Author: admin Time: 2017-5-4 20:10

1. Check whether IKE SA is successfully established at the first stage of IPsec VPN implementation.

2. Check whether the local end and peer end have consistent transform-set configuration.

3. Check whether the local end and peer end have consistent configuration of IPsec encrypted traffic. (If a dynamic diagram is used at the local end, IPsec interesting traffic does not need to be configured manually.)

4. If the problem persists, run the following commands at the local end and peer end respectively, and submit a case on Ruijie Service Portal to seek for help.

sh version

show run

Run the following commands to enable debugging, trigger IPsec negotiation, and collect debugging information:

debug crypto iskamp

debug crypto ipsec

After negotiation, run the following commands to display the SA information at the first and second stages of IPsec VPN implementation:

show crypto iskamp sa

show crypto ipsec sa

Welcome to Ruijie Community (https://community.ruijienetworks.com/)