Troubleshooting Ipsec; Failure To Negotiate Ipsec Sas Through Ike; Symptom; Solution - H3C MSR Series Troubleshooting Manual

[H3C-probe]dis hardware internal
slot-number/port-number(:sub-channel-number) ?
boardinfo
diag_info
intinfo
intinfo_priv
rx_queue
rxbd
statistic
tx_queue
txbd

Troubleshooting IPsec

This section provides troubleshooting information for common problems with IPsec.

Failure to negotiate IPsec SAs through IKE

Symptom

Network diagram:
168.201.0.0
------------------------------MSR G1-----------------------------------------MSR G2--------------------
MSR G1 and MSR G2 establish an IPsec tunnel through IKE aggressive negotiation. MSR G1 is the
initiator and MSR G2 is the receiver. IKE SA negotiation succeeded but IPsec SA negotiation failed.
<Router>display ike sa
Connection-ID
------------------------------------------------------------------
2
Flags:
RD--READY RL--REPLACED FD-FADING
<Router>display ipsec sa
<Router>

Solution

The aggressive mode exchange is as follows:
show board info
Cellular diagnosis information
Base information
Private information
show receive queue
show receive BD
show state
show transmit queue
show transmit BD
10.1.1.1 10.1.1.2
Remote
10.1.1.1
physical Serial
168.68.2.200
Flag DOI
RD IPSEC
20