Issue Description
IPsec tunnel not being up between AR router and other vendor router
Handling Process
1) I checked the IPsec configuration on both AR router and other vendor router , and at first Phase 1 wasn’t up and after matching all parameters on both sides , phase1 was UP but still tunnel is still down
2) We checked the “ display ike error-info”, error reason is phase2 proposal , PFS mismatch or flow mismatch but I checked all parameters are OK and matched
3) i checked the phase2 parameters on both sides , it is matched .
2) We checked the “ display ike error-info”, error reason is phase2 proposal , PFS mismatch or flow mismatch but I checked all parameters are OK and matched
3) i checked the phase2 parameters on both sides , it is matched .
4) in other vendor device , interface tunnel 1 is by default on GRE mode ,after changing it from GRE mode to IPsec mode ,issue resolved
RouterB(config)#interface tunnel 1
RouterB(config-if)#tunnel mode ipsec ipv4
Root Cause
peer configuration issue
Solution
issue resolved after changing the interface tunnel 1 from GRE mode to IPsec mode as below
RouterB(config)#interface tunnel 1
RouterB(config-if)#tunnel mode ipsec ipv4
RouterB(config)#interface tunnel 1
RouterB(config-if)#tunnel mode ipsec ipv4
Reference from our documentation
Leave a comment