Please select To the mobile version | Continue to access the desktop computer version
 Forgot password?
 Register now


Router

View: 4257|Reply: 1

IPsec SA negotiation fails at the second stage of IPsec VPN implementation.

[Copy link]

19

Digests

1015

Posts

1173

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
1173
Post time 2017-5-4 20:09:26 | Show all posts |Read mode
IPsec SA negotiation fails at the second stage of IPsec VPN implementation.
Reply

Use magic Report

19

Digests

1015

Posts

1173

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
1173
 Author| Post time 2017-5-4 20:10:00 | Show all posts
1. Check whether IKE SA is successfully established at the first stage of IPsec VPN implementation.

2. Check whether the local end and peer end have consistent transform-set configuration.

3. Check whether the local end and peer end have consistent configuration of IPsec encrypted traffic. (If a dynamic diagram is used at the local end, IPsec interesting traffic does not need to be configured manually.)

4. If the problem persists, run the following commands at the local end and peer end respectively, and submit a case on Ruijie Service Portal to seek for help.
sh version
show run

Run the following commands to enable debugging, trigger IPsec negotiation, and collect debugging information:
debug crypto iskamp
debug crypto ipsec

After negotiation, run the following commands to display the SA information at the first and second stages of IPsec VPN implementation:
show crypto iskamp sa
show crypto ipsec sa

Reply Support Not support

Use magic Report

You have to log in before you can reply Login | Register now