P-661H-D Series Support Notes
Secure Gateway Address
is the remote secure gateway,
Prestige A’s WAN
IP
,
202.132.154.1
in the example.
(3)
Local ID Type /Content
should be the same as
Prestige A’s Peer ID
Type/Content
,
IP/0.0.0.1
in the example.
Peer ID Type
/
Content
should be the same as
Prestige A’s Local ID Type/
Content
,
IP/0.0.0.0
in the example.
Step 3: Verify if the VPN Tunnel has been established successfully
If the connection between PC 1 and PC 2 is ok, we know the tunnel works.
Please try to ping from PC 1 to PC 2 (or PC 2 to PC 1). If PC 1 and PC 2 can
ping to each other ( ping
192.168.2.33
or
192.168.1.33
in the example ), it
means that the IPSec tunnel has been established successfully. If the ping fail,
there are two methods to troubleshoot IPSec in Prestige:
(1) Check the VPN Monitor
On P-661H-D Web Configurator,
Security -> VPN -> Monitor,
you can check
every active IPSec connections. The VPN Name, Encapsulation, and IPSec
Algorithm will be shown in the Monitor Table.If you can't see the name of your
IPSec rule, it means that the SA establishment fails. You need to go to the
VPN Setup Page to check your settings.
•
Use CI command
'ipsec debug on'
If the Monitor shows that the VPN tunnel has been established successfully,
but the PC1 and PC 2 can’t reach each other. We can invoke command '
ipsec
debug 1
' in CLI for trouble shooting. There should be lots of detailed
messages printed out to show how negotiations are taken place. If IPSec
connection fails, please dump 'ipsec debug 1' and send the dump information
to Support Engineer for a solution. The following shows an example of dumped
messages. (You can refer to Support Tool -> 1 WAN/ LAN Packet Trace ->
Capture the detailed logs by Hyper Terminal to do it).
92
All contents copyright © 2006 ZyXEL Communications Corporation.