Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[AF] New architecture 8051 successfully connected to Alibaba Cloud IPSEC VPN, but mutual access failed

Posted
Updated
Byadmin
Views3

Problem Description

Version 8.0.51 can connect to Alibaba Cloud through IPSEC VPN, but data cannot be accessed

Effective troubleshooting steps

  1. Check whether the device configuration Info is correct
  2. Capture packets from VPNTUN and external network ports to see if any data is sent out.

    Ping a data packet from the other end, VPNTUN port keeps capturing packets and finds a bunch of packets. The reply packet we send back to the other end is always on the VPNTUN port, and the TTL value decreases by one hop by hop until the TTL is consumed to 0 and the device discards it.

Root cause

Alibaba Cloud is configured with bidirectional Layer 3, which causes our return packets to be always on the VPNTUN port until the TTL value reaches 0 and is discarded

solution

Contact the other end to delete a route to AF to solve the problem

Operation Impact Scope

VPN Tunnel affected

Original Link

https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=1610&isOpen=true