Basic connectivity between peers must be checked before IPSec configuration
can begin.
The router ping command can be used to
test basic connectivity between IPSec peers
. While a
successful ICMP echo, or ping, will verify basic connectivity between peers, it
should be verified that the network works with any other protocols or ports
that are to be encrypted, such as Telnet or FTP, before beginning IPSec
configuration.
After IPSec is activated, basic connectivity troubleshooting can be
difficult because the security configuration may mask a more fundamental
networking problem. Previous security settings could result in no
connectivity.