问题描述:
对齐方式
- 靠左
- 居中
- 靠右
MSR3610 配置 L2TP OVER ipsec 移动终端接入 IPsec 协商不起来 ;L2TP 能正常接入。IKE debug
哪位大神能帮忙分析下,客户端是安卓11手机
感谢!!!!
组网及组网描述:
设置列表
- 有序列表
- 无序列表
对齐方式
- 靠左
- 居中
- 靠右
| <MSR3610>*Jan 10 21:24:08:060 2022 MSR3610 IKE/7/EVENT: Sent config set message. |
| <MSR3610> |
| *Jan 10 21:24:21:830 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received packet from 171.218.1.34 source port 23548 destination port 500. |
| *Jan 10 21:24:21:830 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 0000000000000000 |
| next payload: SA |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: |
| message ID: 0 |
| length: 724 |
| *Jan 10 21:24:21:830 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:21:830 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:21:830 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Begin a new phase 1 negotiation as responder. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Responder created an SA for peer 171.218.1.34, local port 500, remote port 23548. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Set IKE SA state to IKE_P1_STATE_INIT. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Security Association Payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Vendor ID Payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Vendor ID Payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Vendor ID Payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Vendor ID Payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Vendor ID Payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Vendor ID Payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Process vendor ID payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: Vendor ID DPD is matched. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: Vendor ID NAT-T rfc3947 is matched. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Process SA payload. |
| *Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Check ISAKMP transform 1. |
| *Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Lifetime type is 1. |
| *Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Life duration is 28800. |
| *Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Encryption algorithm is AES-CBC. |
| *Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Key length is 256 bytes. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Authentication method is Pre-shared key. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| HASH algorithm is HMAC-SHA2_384. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| DH group is 2. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Check ISAKMP transform 2. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Lifetime type is 1. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Life duration is 28800. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Encryption algorithm is AES-CBC. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Key length is 256 bytes. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Authentication method is Pre-shared key. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| HASH algorithm is HMAC-SHA2_256. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| DH group is 2. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Check ISAKMP transform 3. |
| *Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Lifetime type is 1. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Life duration is 28800. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Encryption algorithm is AES-CBC. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Key length is 256 bytes. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Authentication method is Pre-shared key. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| HASH algorithm is HMAC-SHA2_512. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| DH group is 2. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Check ISAKMP transform 4. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Lifetime type is 1. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Life duration is 28800. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Encryption algorithm is AES-CBC. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Key length is 256 bytes. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Authentication method is Pre-shared key. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| HASH algorithm is HMAC-SHA1. |
| *Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| DH group is 2. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Found pre-shared key that matches address 171.218.1.34 in keychain 1. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Attributes is acceptable. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: Oakley transform 4 is acceptable. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Constructed SA payload |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct NAT-T rfc3947 vendor ID payload. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct XAUTH Cisco Unity 1.0 vendor ID payload. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct XAUTH draft6 vendor ID payload. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| IKE SA state changed from IKE_P1_STATE_INIT to IKE_P1_STATE_SEND2. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Sending packet to 171.218.1.34 remote port 23548, local port 500. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: SA |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: |
| message ID: 0 |
| length: 136 |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Sending an IPv4 packet. |
| *Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Sent data to socket successfully. |
| *Jan 10 21:24:21:868 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received packet from 171.218.1.34 source port 23548 destination port 500. |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: KE |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: |
| message ID: 0 |
| length: 228 |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Key Exchange Payload. |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Nonce Payload. |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP NAT-D Payload. |
| *Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP NAT-D Payload. |
| *Jan 10 21:24:21:870 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Process KE payload. |
| *Jan 10 21:24:21:870 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Process NONCE payload. |
| *Jan 10 21:24:21:870 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received 2 NAT-D payload. |
| *Jan 10 21:24:21:870 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Peer is behind NAT. |
| *Jan 10 21:24:21:873 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct KE payload. |
| *Jan 10 21:24:21:873 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct NONCE payload. |
| *Jan 10 21:24:21:873 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct NAT-D payload. |
| *Jan 10 21:24:21:874 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct DPD vendor ID payload. |
| *Jan 10 21:24:21:876 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| IKE SA state changed from IKE_P1_STATE_SEND2 to IKE_P1_STATE_SEND4. |
| *Jan 10 21:24:21:877 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Sending packet to 171.218.1.34 remote port 23548, local port 500. |
| *Jan 10 21:24:21:877 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: KE |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: |
| message ID: 0 |
| length: 248 |
| *Jan 10 21:24:21:877 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Sending an IPv4 packet. |
| *Jan 10 21:24:21:877 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Sent data to socket successfully. |
| *Jan 10 21:24:21:903 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:21:903 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:21:903 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:21:903 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:21:908 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:21:908 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Decrypt the packet. |
| *Jan 10 21:24:21:909 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Received ISAKMP Identification Payload. |
| *Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: 2th byte of the structure ISAKMP Identification Payload must be 0. |
| *Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Failed to parse phase 1 packet. Reason INVALID_PAYLOAD_TYPE. |
| *Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Encrypt the packet. |
| *Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Construct notification packet: INVALID_PAYLOAD_TYPE. |
| *Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Sending packet to 171.218.1.34 remote port 23549, local port 4500. |
| *Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: HASH |
| version: ISAKMP Version 1.0 |
| exchange mode: Info |
| flags: ENCRYPT |
| message ID: 1bca5a9e |
| length: 92 |
| *Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Sending an IPv4 packet. |
| *Jan 10 21:24:21:915 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Sent data to socket successfully. |
| *Jan 10 21:24:21:915 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548 |
| Failed to negotiate IKE SA. |
| *Jan 10 21:24:24:951 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:24:951 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:24:951 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:24:951 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:24:951 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:24:951 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:27:953 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:27:953 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:27:953 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:27:953 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:27:953 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:27:953 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:31:001 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:31:001 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:31:001 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:31:001 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:31:001 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:31:001 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:33:965 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:33:965 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:33:965 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:33:965 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:33:966 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:33:966 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:37:035 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:37:035 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:37:035 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:37:036 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:37:036 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:37:036 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:39:987 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:39:987 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:39:987 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:39:987 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:39:987 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:39:987 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:41:995 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:41:995 2022 MSR3610 IKE/7/EVENT: Ignore NAT keepalive packet. |
| *Jan 10 21:24:42:995 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:42:995 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:42:995 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:42:996 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:42:996 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:42:996 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:46:036 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:46:036 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:46:036 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:46:036 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:46:036 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:46:036 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| *Jan 10 21:24:49:075 2022 MSR3610 IKE/7/EVENT: Received packet successfully. |
| *Jan 10 21:24:49:076 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Received packet from 171.218.1.34 source port 23549 destination port 4500. |
| *Jan 10 21:24:49:076 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| I-COOKIE: dae4f81a95f7447d |
| R-COOKIE: 2780ff8ba7934b66 |
| next payload: ID |
| version: ISAKMP Version 1.0 |
| exchange mode: Main |
| flags: ENCRYPT |
| message ID: 0 |
| length: 92 |
| *Jan 10 21:24:49:076 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job. |
| *Jan 10 21:24:49:076 2022 MSR3610 IKE/7/EVENT: Phase1 process started. |
| *Jan 10 21:24:49:076 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549 |
| Can't find IKE SA. |
| <MSR3610> |
| <MSR3610> |
- 2022-01-10提问
- 举报
-
(0)
最佳答案
已采纳
TSkokoking
七段
*Jan 10 21:24:21:909 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Identification Payload.
*Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: 2th byte of the structure ISAKMP Identification Payload must be 0.
*Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Failed to parse phase 1 packet. Reason INVALID_PAYLOAD_TYPE.
*Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Encrypt the packet.
*Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct notification packet: INVALID_PAYLOAD_TYPE.
*Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Sending packet to 171.218.1.34 remote port 23549, local port 4500.
*Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
I-COOKIE: dae4f81a95f7447d
R-COOKIE: 2780ff8ba7934b66
next payload: HASH
version: ISAKMP Version 1.0
exchange mode: Info
flags: ENCRYPT
message ID: 1bca5a9e
length: 92
ike的第5、6条报文交互出错,此阶段要么是由于密钥配置不一致,要么是ike profile配置不对称。 2th byte of the structure ISAKMP Identification Payload must be 0.这个肯定是配置了不对称的密钥,解密失败后,导致协商报文的载荷内容检查失败,就会报如上错误。
- 2022-01-10回答
- 评论(0)
- 举报
-
(0)
可以对照下案例的配置:
https://zhiliao.h3c.com/Theme/details/187179
另外可以使用inode试下是否正常,是只有安卓11拨不了,还是所有都拨不了
- 2022-01-10回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
➤
✖
亲~登录后才可以操作哦!
确定
✖
✖
你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
✖
举报
×
侵犯我的权益
>
对根叔社区有害的内容
>
辱骂、歧视、挑衅等(不友善)
侵犯我的权益
×
侵犯了我企业的权益
>
抄袭了我的内容
>
诽谤我
>
辱骂、歧视、挑衅等(不友善)
骚扰我
侵犯了我企业的权益
×
您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
抄袭了我的内容
×
原文链接或出处
诽谤我
×
您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
对根叔社区有害的内容
×
垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载
>
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票
不规范转载
×
举报说明
暂无评论