Home/Support/Support Forum/WR21 cannot negotiate IPSec on PPP1
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

WR21 cannot negotiate IPSec on PPP1

0 votes
Hello:

WR21 setup according to AN41.
Here is the problem.
Telco Fiber optic router plugged into Eth0. Its not working so the router switches to PPP1, the PPP1 link comes up. I can ping my VPN res-ponder via the "executing command".
The Cisco debug shows ZERO traffic from the Digi....but the Digi is convinced that it has negotiated an IKE SA but IPSec never comes up. NEVER. It times out and tries again and round-round it goes.

The SOLUTION is to unplug the Fiber optic router Ethernet cable.
As long as the Fiber router is NOT plugged in, when the Digi puts the Eth0 default route out of service, the IPSec comes up on PPP1 no problem.

If that Fiber router Ethernet is connected, even if the route gets put OOS eventually, it WILL not negotiate an IPSec tunnel.

So, WHAT is going on here? Its not supposed to work like that.

Ideas?

Is this a FW bug?

Cheers,
john
asked Dec 12, 2020 in Digi TransPort Cellular by jserink Community Contributor (74 points)

Please log in or register to answer this question.

1 Answer

0 votes
Hi John,

thanks for your request.
It's a bit hard to give some advice without seeing configurations and logs/ike trace in different cases.

My suggestion would be to please send an email to tech.support@digi.com with all the details, as:

-IMEI of the WR21
- debug.txt (https://www.digi.com/support/knowledge-base/how-to-extract-the-debug-txt-file-from-a-digi-tran) and IKE trace (https://ftp1.digi.com/support/documentation/QN_045_How_To_setup_analyser_To_Get_IKE_IPsec_trace.pdf) in all test cases (cable unplugged, cable plugged but fiber router not working, cable plugged and fiber router working).

With this email, a case will be opened and we can do a sanity check on the config and have a look at logs, but please also review our support options, as VPN troubleshooting is limited on Base level and would require an Expert contract if deep troubleshooting is needed.

Thanks,

Anny
Digi Technical Support
answered Dec 16, 2020 by annydigi Community Contributor (96 points)
Hi Anny:

Thank you for the response. We are investigating as to whether it has something to do with floating grounds at the site. We tested this in the work shop before deployment with an ADSL router and it worked fine, with Fiber in the field at several sites we're getting what I described above. I have seen situation before where the Ethernet does strange and even damaging things if there is not a common ground between two equipment chassis so we're going to follow that up.

Cheers,
john
...