What Can I Do If VPN Connection Setup Fails?
- Check the IKE and IPsec policies to see whether the negotiation modes and encryption algorithms at both ends of the VPN connection are the same.
- If the IKE policy has been set up during phase one and the IPsec policy has not been enabled in phase two, the IPsec policies at both ends of the VPN connection may be inconsistent.
- If you use a Cisco physical device in your on-premises data center, it is recommended that you use MD5, and set Authentication Mode to MD5 when configuring the IPsec policy for the VPN connection on the cloud.
- Check whether the ACL rules are correct.
If the subnets of your on-premises data center are 192.168.3.0/24 and 192.168.4.0/24, and the VPC subnets are 192.168.1.0/24 and 192.168.2.0/24, configure the ACL rules for each on-premises subnet to allow the communication with the VPC subnets. The following provides an example of ACL configurations:
rule 1 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 2 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 3 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 4 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
- Check whether the VPN connection is normal by pinging the local end from the remote end and pinging the remote end from the local end.
Product Consultation FAQs
- What Are the Typical Scenarios of IPsec VPN?
- What Are a VPC, a VPN Gateway, and a VPN Connection?
- What Are the Relationships Between a VPC, a VPN Gateway, and a VPN Connection?
- What Is a VPN Connection? How Do I Set the Number of VPN Connections When Buying a VPN Gateway?
- What Is a Remote Gateway and Remote Subnet in a VPN Connection?
- How Do I Plan the CIDR Block of a VPC Accessed over a VPN Connection?
- Will an IPsec VPN Connection Be Established Automatically?
- What Are VPN Negotiation Parameters? What Are Their Default Values?
- What Devices Can Be Connected to Huawei Cloud Through a VPN?
- Are a Username and Password Required for Creating an IPsec VPN Connection?
- How Do I Allow Specific Servers to Access a VPC Subnet Through a Created VPN Connection?
- Which VPN Resources Can Be Monitored?
- Can an EIP Be Used as a VPN Gateway IP Address?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Are SSL VPNs Supported?
- How Long Does It Take for Delivered VPN Configurations to Take Effect?
- What Should I Do If I Cannot Create Connections for a VPN Gateway That Has No Bandwidth Information?
- Does Huawei Cloud VPN Support IPv6 Addresses?
- How Do I Determine My VPN Bandwidth Size?
- Does a VPN Connection Support Chinese Encryption Algorithms?
- Which IKE Version Should I Select When I Create a VPN Connection?
- What Are the Bits of the DH Groups Used by Huawei Cloud VPN?
- Can I Visit Websites Across International Borders Using a VPN?
- Can I Deploy Applications on the Cloud, Databases in an On-premises Data Center, and Then Connect Them Through a VPN?
- What Are the Differences Between the Application Scenarios and Connection Modes of IPsec and SSL VPNs?
- What Will I Be Charged for Creating a VPN? Will I Be Charged for VPN Gateway IP Addresses?
- What Is the Difference Between Billing a VPN Gateway by Bandwidth and by Traffic?
- Can a VPN Billed by Traffic Use a Shared Data Package?
- Can a VPN Gateway IP Address Be Retained After the VPN Gateway Is Deleted?
- Do I Need to Purchase EIPs for Servers That Communicate with Each Other Through a VPN?
- Where Can I Add Routes on the VPN Console to Reach the Remote Subnets?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- Which Direction of the Bandwidth Is Limited and What Is the Unit of the Bandwidth?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore