Filter
Top Products
Troubleshooting IPSec 585
Do the following:
■ Display the plugging conditions of the crypto card to check whether the crypto
card was plugged in correctly. Under normal condition, the “run” indicator of
the crypto card will blink normally (one second on, one second off).
■ Use the display encrypt-card version command to check the crypto card
status. It shall display the card and version condition of the crypto card under
normal conditions. If nothing displayed, it means that the host does not detect
the crypto card. The crypto card may be enabled (“run” indicator blinks
quickly). If 5 seconds later the crypto card is still enabled, the router may be
restarted (it must be noted that the configuration of the router must be saved
first).
Routers cannot ping through each other after IPSec configuration
Do the following:
■ Check whether security policy was applied on the interface. Use the display
current-configuration interface
command to check whether it is
configured policy on the interface. It shall display configuration policy under
normal condition. If no policy is configured, map shall be configured under
interface view.
■ Check the matching of the security policy. If the security policy map was
established manually, the local and remote address of the security association
must be correct and the parameters of security association must be identified.
After changing the parameters of security association, it is necessary to delete
the security policy map and then to re-apply security policy map.
■ Check the identity of the security protocol. For security policy established
manually, the security protocol selected by the IPSec proposal of the both ends
of the router shall be the same.
■ Check Access Control List. If no problem was found through above check
procedure, or the problem is not eliminated after correcting the above
checkup, the access control list may be checked. Check whether the access
control list allows both interconnection parties to pass.
■ Check the hardware link. If the problem cannot be eliminated through above
methods, please check whether the hardware link is normal or not.