Help Center/
Virtual Private Network/
FAQs/
FAQs - S2C Classic VPN/
VPN Negotiation and Interconnection/
What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
Updated on 2024-12-04 GMT+08:00
What Should I Do If My Firewall Cannot Receive Response Packets from a VPN Subnet?
- Check the routes, security policies, NAT configuration, interesting traffic, and negotiation policies for phase 2 negotiation on the on-premises gateway device.
- Route configurations: Route the data for accessing cloud subnets to tunnels.
- Security policies: Allow traffic from on-premises subnets to cloud subnets.
- NAT policies: Do not perform NAT when on-premises subnets access cloud subnets.
- Interesting traffic: The interesting traffic configurations at both ends of a VPN connection are reversed. The address object name cannot be used for the interesting traffic configured using IKEv2.
- Negotiation policies: Ensure the negotiations policies, especially PFS, at both ends are the same.
- After confirming that both phase 1 and phase 2 negotiations are normal, ensure that the security group rules on the cloud allow the on-premises subnets to access the cloud subnets using ICMP.
Parent topic: VPN Negotiation and Interconnection
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
