A successful ping indicates that the tunnel is activated. Check if the status of the VPN tunnel is “Connected”. If so, the problem is solved.
In case of a ping failure, please directly go to Step 2.
2. Log i
n to the VPN device
on the IDC side and use the ping command to test the network connectivity of the VPN gateway public IP on the Tencent Cloud side (suppose the VPN gateway public IP is 220.127.116.11) to see if the ping is successful or not.
If not, please modify the security policy and make the VPN gateway IP on the Tencent Cloud side and the corresponding SPD policy open to Internet. Then, check whether the VPN tunnel is connected. If so, the problem is solved. If not, please go to Step 5.
k whether the ne
gotiation parameters (including IKE and IPsec configurations) and negotiation modes (main/aggressive mode) of the VPN gateway on the Tencent Cloud side and the VPN device in the customer IDC are consistent.
Inconsistency in any parameter can cause the failure to create a VPN tunnel.
The default VPN configuration varies by devices and public cloud service providers.
Go to the VPN tunnel console. Click the instance ID to enter the details page, and check the consistency on the “Advanced Configuration” tab.
Device configuration parameters on the IDC side can be obtained through the following command. Take Huawei Firewall as an example here.
display current-configuration configuration ike profile
display current-configuration configuration ipsec policy