Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

How to do if the IPsec VPN connection status is "exception"? Reply

GTAC-Sophia

Level 5

Ruijie Staff

How to do if the IPsec VPN connection status is "exception"?
1464 0 2024-4-26 13:40:40
Original
Fault Description
the IPsec connection status is displayed as"exception"


Possible Causes:
1. EG can‘t access the network or HQ EG is deployed on layer-2 NAT environment.
2. The configurations of EG in branch and HQ are inconsistent, such as pre-share key, exchange version.
3. The traffic of VPN ports are disabled on uplink network.
Solution:
EG can’t access the network or HQ EG is deployed on layer-2 NAT environment.

(1) Please check that the HQ EG can be ping successfully by branch EG and both EGs can ping the external network IP (8.8.8.8).


Please make sure that the ping service is enabled on HQ EG.


If the EGs fail to ping the external network, please check whether the WAN port configuration is meet the requirements of uplink network. For example, you can check the account and password of PPPOE are corrent or not? Whether it's need to configure VLAN TAC. Please contact ISP to check the network.

(2). If the HQ EG is deployed on Lay-2 NAT environment, map the UDP 500 and UDP4500 on the egress devices.(The map port is also 500 and 4500).

2. The configurations of EG in branch and HQ are inconsistent, such as pre-share key, exchange version.
Check whether the configurations of EG in branch and HQ are inconsistent be refering the configuration guide 8.1.2:Configuring IPsec VPN server:
RG-EG Web-based Configuration Guide, Release ReyeeOS 1.216(V1.2) - Ruijie Networks expecially the configurations of pre-share key, exchange section, IKE version, interest flow.
3. The traffic of VPN ports are disabled on uplink network.
Draw a package on EG to check whether the EG normally sends and receives packets. If packets are sent but not received, you need to contact the ISP to check whether the uplink device releases the IPsec VPN UDP port 500 and UDP port 4500.


RG-EG105GW

Configuration Router
There are no replies.
Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd