Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

IPSEC VPN Reply

Levy

Level 1

IPSEC VPN
8390 1 2018-6-21 14:20:19
Original
IPSEC VPN tunnel cannot bring up

0 2018-6-21 14:20:59 View all replies
•        Ensure that the pre-shared keys match exactly
•        Ensure that both ends use the same P1 and P2 proposal settings
•        Ensure that you have allowed inbound and outbound traffic for all necessary network services, especially if services such as DNS or DHCP are having problems.
•        Check that a static route has been configured properly to allow routing of VPN traffic.
•        Ensure that your unit is in NAT/Route mode, rather than Transparent.
•        Check your NAT settings, enabling NAT traversal in the Phase 1 configuration while disabling NAT in the security policy. You might need to pin the PAT/NAT session table, or use some of kind of NAT-T keepalive to avoid the expiration of your PAT/NAT translation.
•        Ensure that both ends of the VPN tunnel are using Main mode, unless multiple dial-up tunnels are being used.
•        If you have multiple dial-up IPsec VPNs, ensure that the Peer ID is configured properly
•        and that clients have specified the correct Local ID.
•        If you are using Perfect Forward Secrecy (PFS), ensure that it is used on both peers. You can use the diagnose vpn tunnel list command to troubleshoot this.
•        Ensure that the Quick Mode selectors are correctly configured. If part of the setup currently uses firewall addresses or address groups, try changing it to either specify the IP addresses or use an expanded address range.
•        If XAUTH is enabled, ensure that the settings are the same for both ends, and that the firewall unit is set to Enable as Server.
•        Check IPsec VPN Maximum Transmission Unit (MTU) size. A 1500 byte MTU is going to exceed the overhead of the ESP-header, including the additional ip_header,etc. You can use the diagnose vpn tunnel list command to troubleshoot this.
•        If your unit is behind a NAT device, such as a router, configure port forwarding for UDP ports 500 and 4500.
•        Remove any Phase 1 or Phase 2 configurations that are not in use. If a duplicate instance of the VPN tunnel appears on the IPsec Monitor, reboot your unit to try and clear the entry.

If you are still unable to connect to the VPN tunnel, run the following diagnostic command in the CLI and send to Ruijie support.
Troubleshooting
RG-WALL#diagnose debug enable                  
RG-WALL#diagnose debug application ike -1  

Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd