F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
136
[Router-Dialer0] quit
# Configure a static route to the headquarters LAN.
[Router] ip route-static 172.16.0.0 255.255.255.0 dialer 0
# Configure interface GigabitEthernet 0/1.
[Router] interface gigabitethernet 0/1
[Router-GigabitEthernet0/1] tcp mss 1450
[Router-GigabitEthernet0/1] ip address 192.168.0.1 255.255.255.0
[Router-GigabitEthernet0/1] quit
# Create a virtual Ethernet interface, and create a PPPoE session that uses dialer bundle 1 on the
interface.
[Router] interface virtual-ethernet 0
[Router-Virtual-Ethernet0] pppoe-client dial-bundle-number 1
[Router-Virtual-Ethernet0] mac-address 0011-0022-0012
# Map the virtual Ethernet interface to a PVC on interface ATM 1/0.
[Router] interface atm 1/0
[Router-Atm1/0] pvc 0/100
[Router-atm-pvc-Atm1/0-0/100] map bridge virtual-ethernet 0
[FirewallB-atm-pvc-Atm1/0-0/100] quit
39B
Troubleshooting IKE
When you configure parameters to establish an IPsec tunnel, enable IKE error debugging to locate
configuration problems:
<Firewall> debugging ike error
186BInvalid user ID
410BSymptom
Invalid user ID.
411BAnalysis
In IPsec, user IDs identify IPsec tunnels for different data flows. In the HP implementation of IPsec, a user
ID comprises an IP address and a username.
The following is the debugging information:
got NOTIFY of type INVALID_ID_INFORMATION
Or
drop message from A.B.C.D due to notification type INVALID_ID_INFORMATION
412BSolution
Verify that the ACLs in the IPsec policies configured on the interfaces at both ends are correct and mirror
each other. For more information about ACL configuration, see "Configuring IPsec."
187BProposal mismatch
413BSymptom
The proposals mismatch.