Troubleshooting ike, Invalid user id information, Symptom – H3C Technologies H3C SecPath F1000-E User Manual
Page 180: Analysis, Solution

16
[DeviceB-Dialer0] dialer-group 1
[DeviceB-Dialer0] dialer bundle 1
[DeviceB-Dialer0] ipsec policy policy
[DeviceB-Dialer0] mtu 1492
[DeviceB-Dialer0] quit
# Configure a static route to the headquarters LAN.
[DeviceB] ip route-static 172.16.0.0 255.255.255.0 dialer 0
# Configure interface GigabitEthernet 0/1.
[DeviceB] interface gigabitethernet 0/1
[DeviceB-GigabitEthernet0/1] tcp mss 1450
[DeviceB-GigabitEthernet0/1] ip address 192.168.0.1 255.255.255.0
[DeviceB-GigabitEthernet0/1] quit
# Configure the ATM interface on the ADSL card.
[DeviceB] interface atm 1/0
[DeviceB-Atm1/0] pvc 0/100
[DeviceB-atm-pvc-Atm1/0-0/100] map bridge virtual-ethernet 0
[DeviceB-atm-pvc-Atm1/0-0/100] quit
# Configure the VE interface.
[DeviceB] interface virtual-ethernet 0
[DeviceB-Virtual-Ethernet0] pppoe-client dial-bundle-number 1
[DeviceB-Virtual-Ethernet0] mac-address 0011-0022-0012
Troubleshooting IKE
When configuring parameters to establish an IPsec tunnel, enable IKE error debugging to help find
configuration problems:
Invalid User ID Information
Symptom
Invalid user ID information
Analysis
User ID is the data used to identify the user initiating IPsec communication. In real applications, you can
make use of user ID to set up different IPsec tunnels for various types of data traffic for protection sake.
Today, IP address and user name are used to identify a user.
Following is the debugging information:
got NOTIFY of type INVALID_ID_INFORMATION
Or
drop message from A.B.C.D due to notification type INVALID_ID_INFORMATION
Solution
Check whether the ACLs of the IPsec policies configured on the interfaces at both ends are compatible.
It is recommended to configure the ACLs to mirror each other.