Step 10 Collect the following information and contact Huawei technical support personnel.
l Results of the preceding troubleshooting procedure
l Configuration files, log files, and alarm files of the Router
----End
Relevant Alarms and Logs
Relevant Alarms
None.
Relevant Logs
None.
12.2.6 Troubleshooting Cases
Only One End of the Manually Configured IPSec Tunnel Can Encrypt and Decrypt
Data Packets Because the ACL Is Configured Incorrectly
Fault Symptom
As shown in Figure 12-18, GE1/0/0 on Router A and GE1/0/0 on Router B are the two ends of
the IPSec tunnel. IPSec services are deployed on GE1/0/0 and GE1/0/0 so that the IPSec tunnel
can protect the traffic between PC A and PC B.
Figure 12-18 Only one end of the manually configured IPSec tunnel can encrypt and decrypt
data packets because the ACL is configured incorrectly
RouterBRouterA
Internet
PC A
PC B
GE1/0/0 GE1/0/0
10.1.1.1/24
10.1.2.1/24
12.12.12.1/24
18.18.18.1/24
Fault Analysis
1. Run the display ipsec statistics ah/esp command on Router A and Router B to check the
statistics on IPSec packets. On Router A, there are only the statistics on incoming
decapsulated packets, but there are no statistics on outgoing packets. On Router B, there
are only the statistics on outgoing encapsulated packets, but there are no statistics on
Huawei AR2200-S Series Enterprise Routers
Troubleshooting 12 VPN
Issue 01 (2012-01-06) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
379
To Next Page
Loading...
