AnsweredAssumed Answered

IPsec VPN - Gateway not responding

Question asked by johan95ee1c6b-18b6-43a6-b083-16898efd0436 on Sep 16, 2018
Latest reply on Sep 16, 2018 by Danny Jung

Created a site to site VPN between CP 3200 appliance and a CP 4800 cluster, according to this guide:

site to site VPN guide R80.10

 

 

Gateways on both ends of the VPN tunnel are separately managed.

CP 3200 is running Gaia R80.10.

On the 3200, the IPsec VPN status for the tunnel is green / Okay, but the tunnel establishment negotiation only shows failures.

The smart monitor shows similar results, VPN OK, Tunnel Active but no encrypted nor decrypted traffic on it.

And "gateway not responding" message in the community view.

 

What can be the issue here ?

 

[Expert@xxxxxxxxx:0]# tcpdump -i eth1 -n host GatewayB
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:26:16.178879 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 ? ident[E]
11:27:04.084385 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident
11:27:04.120881 IP GatewayB.isakmp > GatewayA.isakmp: isakmp: phase 1 R ident
11:27:04.124996 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident
11:27:04.159882 IP GatewayB.isakmp > GatewayA.isakmp: isakmp: phase 1 R ident
11:27:04.166849 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident[E]
11:27:04.205134 IP GatewayB.isakmp > GatewayA.isakmp: isakmp: phase 2/others R inf
11:27:06.167621 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident[E]
11:27:08.168573 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident[E]
11:27:10.169526 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident[E]
11:27:12.170603 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident[E]
11:27:14.171568 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident[E]
11:27:16.172649 IP GatewayA.isakmp > GatewayB.isakmp: isakmp: phase 1 I ident[E]

 

Outcomes