Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
0
Replies

IPSec Tunnel from Concentrator to Hillstone in China

jkrysinski
Level 1
Level 1

‎05-06-2011 03:05 PM - edited ‎02-21-2020 05:19 PM

Hi,

I am trying to establish an IPSec tunnel to our new location in China.  In the US I have a 3005 Concentrator and in China there is a Hillstone SA2001.  I have configured both ends with the same encryption, hash, and DH Group.  Both ends are set to use NAT transversal. 

If I iniate traffic from the China network the tunnel appears to pass phase 1 but not phase 2.  Attached is the log from the concentrator when traffic sent from the China network.  If I send traffic from the US phase 1 does not complete.  The concentrator tries to connect but seems to be retrying.

I have scanned the China end point with NMAP and it shows UDP ports 500 and 4500 are open.

Does anybody have any thoughts why Phase 1 would complete going from China to the US and why Phase 1 won't complete going from the US to China.

Then why doesn't Phase 2 complete.  Looking at the Concentrator logs I think there is something on the China end that is blocking the concentrator.

Any suggestions would be greatly appreciated.

The Concentator is working and has successful tunnels connected across the world.  My only issue is with connecting to this Hillstone device in China.

Thank you,

James Krysinski

Labels:
85927-from china.txt.zip
85926-from us.txt.zip
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents