User`s guide
P-793H v2 Support Notes
Secure Gateway Address is the remote secure gateway, Prestige A‟s WAN
IP, 202.132.154.1 in the example.
(3) Local ID Type /Content should be the same as Prestige A‟s Peer ID
Type/Content, IP/0.0.0.1 in the example.
Peer ID Type /Content should be the same as Prestige A‟s Local ID Type/
Content, IP/0.0.0.0 in the example.
Step 3: Verify if the VPN Tunnel has been established successfully
If the connection between PC 1 and PC 2 is ok, we know the tunnel works.
Please try to ping from PC 1 to PC 2 (or PC 2 to PC 1). If PC 1 and PC 2 can
ping to each other (ping 192.168.2.33 or 192.168.1.33 in the example ), it
means that the IPSec tunnel has been established successfully. If the ping fails,
there are two methods to troubleshoot IPSec in Prestige:
(1) Check the VPN Monitor
On P-793H v2 Web Configurator, Security -> VPN -> Monitor, you can check
every active IPSec connections. The VPN Name, Encapsulation, and IPSec
Algorithm will be shown in the Monitor Table. If you can't see the name of your
IPSec rule, it means that the SA establishment fails. You need to go to the VPN
Setup Page to check your settings.
Use CI command 'ipsec debug on'
If the Monitor shows that the VPN tunnel has been established successfully,
but the PC1 and PC 2 can‟t reach each other. We can invoke command 'ipsec
debug 1' in CLI for trouble shooting. There should be lots of detailed messages
printed out to show how negotiations are taken place. If IPSec connection fails,
please dump 'ipsec debug 1' and send the dump information to Support
Engineer for a solution. The following shows an example of dumped messages.
(You can refer to Support Tool -> 1 WAN/ LAN Packet Trace -> Capture the
detailed logs by Hyper Terminal to do it).
91
All contents copy right © 2010 Zy XEL Communications Corporation.