Comware V7防火墙作为LNS设备,局域网内有多台PC,PC与防火墙中间有NAT设备,PC通过自带的客户端无法同时与防火墙建立L2TP over IPSec隧道。
Windows自带的客户端IPSec使用的是传输模式,前面有NAT设备,保护的数据流一样。
Windows*2(192.168.1.0/24)---------------NAT(PAT方式 1.1.1.2)----------------(1.1.1.1)FW
-------------------------------
Interface: GigabitEthernet1/0/0
-------------------------------
-----------------------------
IPsec policy: 1
Sequence number: 1
Mode: Template
-----------------------------
Tunnel id: 1
Encapsulation mode: transport
Perfect Forward Secrecy:
Inside VPN:
Extended Sequence Numbers enable: N
Traffic Flow Confidentiality enable: N
Path MTU: 1440
Tunnel:
local address: 1.1.1.1
remote address: 1.1.1.2
Flow:
sour addr: 1.1.1.1/255.255.255.255 port: 1701 protocol: udp
dest addr: 1.1.1.2/255.255.255.255 port: 1701 protocol: udp
[Inbound ESP SAs]
SPI: 3578415966 (0xd54a4b5e)
Connection ID: 219043332098
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 250000/3600
SA remaining duration (kilobytes/sec): 249789/3145
Max received sequence-number: 1901
Anti-replay check enable: Y
Anti-replay window size: 64
UDP encapsulation used for NAT traversal: Y
Status: Active
[Outbound ESP SAs]
SPI: 1413542712 (0x5440f338)
Connection ID: 210453397507
Transform set: ESP-ENCRYPT-AES-CBC-128 ESP-AUTH-SHA1
SA duration (kilobytes/sec): 250000/3600
SA remaining duration (kilobytes/sec): 249997/3145
Max sent sequence-number: 65
UDP encapsulation used for NAT traversal: Y
Status: Active
PC使用iNode,修改为隧道模式。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作