Troubleshooting ike, Invalid user id information, Symptom – H3C Technologies H3C SecPath F1000-E User Manual

16

[DeviceB-Dialer0] dialer-group 1

[DeviceB-Dialer0] dialer bundle 1

[DeviceB-Dialer0] ipsec policy policy

[DeviceB-Dialer0] mtu 1492

[DeviceB-Dialer0] quit

# Configure a static route to the headquarters LAN.

[DeviceB] ip route-static 172.16.0.0 255.255.255.0 dialer 0

# Configure interface GigabitEthernet 0/1.

[DeviceB] interface gigabitethernet 0/1

[DeviceB-GigabitEthernet0/1] tcp mss 1450

[DeviceB-GigabitEthernet0/1] ip address 192.168.0.1 255.255.255.0

[DeviceB-GigabitEthernet0/1] quit

# Configure the ATM interface on the ADSL card.

[DeviceB] interface atm 1/0

[DeviceB-Atm1/0] pvc 0/100

[DeviceB-atm-pvc-Atm1/0-0/100] map bridge virtual-ethernet 0

[DeviceB-atm-pvc-Atm1/0-0/100] quit

# Configure the VE interface.

[DeviceB] interface virtual-ethernet 0

[DeviceB-Virtual-Ethernet0] pppoe-client dial-bundle-number 1

[DeviceB-Virtual-Ethernet0] mac-address 0011-0022-0012

Troubleshooting IKE

When configuring parameters to establish an IPsec tunnel, enable IKE error debugging to help find

configuration problems:

debugging ike error

Invalid User ID Information

Symptom

Invalid user ID information

Analysis

User ID is the data used to identify the user initiating IPsec communication. In real applications, you can

make use of user ID to set up different IPsec tunnels for various types of data traffic for protection sake.

Today, IP address and user name are used to identify a user.
Following is the debugging information:

got NOTIFY of type INVALID_ID_INFORMATION

Or

drop message from A.B.C.D due to notification type INVALID_ID_INFORMATION

Solution

Check whether the ACLs of the IPsec policies configured on the interfaces at both ends are compatible.
It is recommended to configure the ACLs to mirror each other.