IPSEC_1.3.6.1.4.1.2011.5.25.224.2.1.32 hwIPSecPkiWhitelistNegotiationFail

Trap Buffer Description

IPSec negotiation failed due to pki whitelist.(Peer=[PeerIP], CN=[CommonNameValue], Vrf=[VrfName], Port=[PortNumber])

IPsec negotiation failed due to the whitelist function.

In VS mode, this trap is supported only by the admin VS.

Trap Attributes

Trap Attribute Description

Alarm or Event

Event

Trap Severity

 Critical

Mnemonic Code

IKE_WL_NEGO_FAIL

Trap OID

1.3.6.1.4.1.2011.5.25.224.2.1.32

MIB

HUAWEI-IPSEC-MIB

Alarm ID

This is an event trap and does not involve alarm ID.

Alarm Name

This is an event trap and does not involve alarm name.

Alarm Type

This is an event trap and does not involve alarm type.

Raise or Clear

This is an event trap and does not involve alarm generation or clearance.

Match trap

-

Trap Buffer Parameters

Parameter Description

PeerIP

Peer Ip address.

CommonNameValue

Common name value.

VrfName

Vrf instance name.

PortNumber

UDP port number.

VB Parameters

VB OID VB Name VB Index

1.3.6.1.4.1.2011.5.25.224.1.19.19

hwIPSecPkiIkeFailedIP

-

1.3.6.1.4.1.2011.5.25.224.1.19.20

hwIPSecPkiIkeFailedCN

-

1.3.6.1.4.1.2011.5.25.224.1.19.23

hwIPSecPkiIkeFailedVrfName

-

1.3.6.1.4.1.2011.5.25.224.1.19.24

hwIPSecPkiIkeFailedPort

-

Impact on the System

The IPsec tunnel fails to be established, causing service interruptions.

Possible Causes

IPsec negotiation failed because of a whitelist mismatch.

Procedure

Check whether the peer certificate is valid. If the peer certificate is invalid, obtain a valid one.

Check whether the local whitelist data is correct. If the data is incorrect, update it.

Parent Topic: IPSEC
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >