What Can I Do If VPN Connection Setup Fails?
- Check the IKE and IPsec policies to see whether the negotiation modes and encryption algorithms at both ends of the VPN connection are the same.
- If the IKE policy has been set up during phase one and the IPsec policy has not been enabled in phase two, the IPsec policies at both ends of the VPN connection may be inconsistent.
- If you use a Cisco physical device in your on-premises data center, it is recommended that you use MD5, and set Authentication Mode to MD5 when configuring the IPsec policy for the VPN connection on the cloud.
- Check whether the ACL rules are correct.
If the subnets of your on-premises data center are 192.168.3.0/24 and 192.168.4.0/24, and the VPC subnets are 192.168.1.0/24 and 192.168.2.0/24, configure the ACL rules for each on-premises subnet to allow the communication with the VPC subnets. The following provides an example of ACL configurations:
rule 1 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 2 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule 3 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 rule 4 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
- Check whether the VPN connection is normal by pinging the local end from the remote end and pinging the remote end from the local end.
Connection or Ping Failure FAQs
- Why Is the VPN Connection Always in the Not Connected State Even After Its Configuration Is Complete?
- How Can I Prevent VPN Disconnections?
- How Do I Quickly Restore an Interrupted IPsec VPN Connection?
- What Happens If the Bandwidth of a VPN Gateway Exceeds the Size I Specified When I Create the Gateway?
- Will an IPsec VPN Connection Be Established Automatically?
- Why ECSs at Both Ends of a Normal Cross-Region VPN Connection Cannot Access Each Other?
- Why Subnets at Both Ends of a Normal VPN Connection Cannot Access Each Other?
- What Do I Do If a VPN Connection In Use Is Interrupted and a Message Is Displayed Indicating That Traffic from IP Addresses Not Whitelisted Generates?
- What Do I Do If a VPN Connection Is Interrupted and a Message Is Displayed Indicating That the DPD Times Out?
- Why the Status of a VPN Connection Is Not Connected on the Management Console When It Is Already Available?
- Will I Be Notified If a VPN Connection Is Interrupted?
- What Can I Do If VPN Connection Setup Fails?
- What Should I Do If I Cannot Access the ECSs on the Cloud from My On-premises Data Center or LAN After the VPN Connection Has Been Set Up?
- Why Is Not Connected Displayed as the Status for a Successfully Created VPN Connection?
- Do Huawei Cloud VPNs Have the DPD Mechanism Enabled?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore