总店采用的是詹博的老设备,现在公司新增加分店,采用H3C的设备,搜索到案例库http://kms2.h3c.com/View.aspx?id=36342作为参考,按这个配置后,dis ike sa 和dis IPSec sa 参数如下,但分店ping总店内网IP仍然不通,请问这种情况如何解决,或是否有其他方案代替?
<YunJing-h3c>dis ike sa
Connection-ID Remote Flag DOI
------------------------------------------------------------------
930 1.1.1.1 RD IPsec
Flags:
RD--READY RL--REPLACED FD-FADING RK-REKEY
<YunJing-h3c>dis ipsec sa
-------------------------------
Interface: GigabitEthernet1/0/3
-------------------------------
-----------------------------
IPsec policy: GE1/0/3
Sequence number: 1
Mode: ISAKMP
-----------------------------
Tunnel id: 0
Encapsulation mode: tunnel
Perfect Forward Secrecy:
Inside VPN:
Extended Sequence Numbers enable: N
Traffic Flow Confidentiality enable: N
Path MTU: 1444
Tunnel:
local address: 2.2.2.2
remote address: 1.1.1.1
Flow:
sour addr: 10.135.80.0/255.255.255.0 port: 0 protocol: ip
dest addr: 10.135.136.0/255.255.255.0 port: 0 protocol: ip
[Inbound ESP SAs]
SPI: 287710258 (0x11261c32)
Connection ID: 3242700308480
Transform set: ESP-ENCRYPT-3DES-CBC ESP-AUTH-MD5
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843194/2474
Max received sequence-number: 113
Anti-replay check enable: Y
Anti-replay window size: 64
UDP encapsulation used for NAT traversal: N
Status: Active
[Outbound ESP SAs]
SPI: 752856467 (0x2cdfad93)
Connection ID: 115964116993
Transform set: ESP-ENCRYPT-3DES-CBC ESP-AUTH-MD5
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843200/2474
Max sent sequence-number: 0
UDP encapsulation used for NAT traversal: N
Status: Active
<YunJing-h3c>ping 10.135.136.1
Ping 10.135.136.1 (10.135.136.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 10.135.136.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
(0)
最佳答案
跟我之前遇到的问题一模一样啊这是,你把IPsec policy的里边的ACL后边AGG的命令,把感兴趣流聚合
(0)
您能再说详细下么?
您能再说详细下么?
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
错了,debug ike all