GRE OVER IPSEC
- 0关注
- 1收藏,1767浏览
问题描述:
做gre over IPSec
现在ike sa 能起来,gre能和对面通信
但是IPSEC SA 起不来,是什么问题呢?
报错如下:
The current terminal is enabled to display logs.
<FW>%Sep 3 19:05:23:927 2021 FW IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA.
Reason: The policy contains incorrect ACL or IKE profile configuration..
SA information:
Role: responder.
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: 192.168.161.0/255.255.255.0 Port: 0 Protocol: IP
Dest addr: 0.0.0.0/0.0.0.0 Port: 0 Protocol: IP
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
ACL number: 0
%Sep 3 19:05:23:927 2021 FW IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA.
Reason: The policy contains incorrect ACL or IKE profile configuration..
SA information:
Role: responder.
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: 192.168.163.0/255.255.255.0 Port: 0 Protocol: IP
Dest addr: 0.0.0.0/0.0.0.0 Port: 0 Protocol: IP
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
ACL number: 0
%Sep 3 19:05:23:928 2021 FW IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA.
Reason: The policy contains incorrect ACL or IKE profile configuration..
SA information:
Role: responder.
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: 192.168.166.0/255.255.255.0 Port: 0 Protocol: IP
Dest addr: 0.0.0.0/0.0.0.0 Port: 0 Protocol: IP
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
ACL number: 0
%Sep 3 19:05:23:928 2021 FW IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA.
Reason: The policy contains incorrect ACL or IKE profile configuration..
SA information:
Role: responder.
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: 192.168.164.0/255.255.255.0 Port: 0 Protocol: IP
Dest addr: 0.0.0.0/0.0.0.0 Port: 0 Protocol: IP
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
ACL number: 0
%Sep 3 19:05:23:929 2021 FW IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA in IKE_P2_STATE_GETSP state.
Reason: Failed to get IPsec policy as phase 2 responder.
SA information:
Role: responder
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: / Port: 0 Protocol:
Dest addr: / Port: 0 Protocol:
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
Initiator COOKIE: 7a9821b299055388
Responder COOKIE: e89fc4b60bf04945
Message ID: 0xb5b40ec0
Connection ID: 1696
Tunnel ID: 1
%Sep 3 19:05:23:929 2021 FW IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA in IKE_P2_STATE_GETSP state.
Reason: Failed to get IPsec policy as phase 2 responder.
SA information:
Role: responder
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: / Port: 0 Protocol:
Dest addr: / Port: 0 Protocol:
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
Initiator COOKIE: 7a9821b299055388
Responder COOKIE: e89fc4b60bf04945
Message ID: 0xa153b496
Connection ID: 1697
Tunnel ID: 1
%Sep 3 19:05:23:930 2021 FW IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA in IKE_P2_STATE_GETSP state.
Reason: Failed to get IPsec policy as phase 2 responder.
SA information:
Role: responder
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: / Port: 0 Protocol:
Dest addr: / Port: 0 Protocol:
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
Initiator COOKIE: 7a9821b299055388
Responder COOKIE: e89fc4b60bf04945
Message ID: 0xfc087988
Connection ID: 1698
Tunnel ID: 1
%Sep 3 19:05:23:931 2021 FW IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA in IKE_P2_STATE_GETSP state.
Reason: Failed to get IPsec policy as phase 2 responder.
SA information:
Role: responder
Local address: 101.207.133.198
Remote address: 119.6.84.100
Sour addr: / Port: 0 Protocol:
Dest addr: / Port: 0 Protocol:
Inside VPN instance:
Outside VPN instance:
Inbound AH SPI: 0
Outbound AH SPI: 0
Inbound ESP SPI: 0
Outbound ESP SPI: 0
Initiator COOKIE: 7a9821b299055388
Responder COOKIE: e89fc4b60bf04945
Message ID: 0xfaf617c7
Connection ID: 1699
Tunnel ID: 1
组网及组网描述:
- 2021-09-03提问
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论