• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

MSR3610 配置 L2TP OVER ipsec 移动终端接入 IPsec 协商不起来

2022-01-10提问
  • 0关注
  • 1收藏,1532浏览
粉丝:0人 关注:1人

问题描述:

对齐方式

  • 靠左
  • 居中
  • 靠右

MSR3610 配置 L2TP OVER ipsec 移动终端接入 IPsec 协商不起来  ;L2TP 能正常接入。IKE debug  

哪位大神能帮忙分析下,客户端是安卓11手机

感谢!!!!


组网及组网描述:

设置列表

  • 有序列表
  • 无序列表

对齐方式

  • 靠左
  • 居中
  • 靠右

<MSR3610>*Jan 10 21:24:08:060 2022 MSR3610 IKE/7/EVENT: Sent config set message.
<MSR3610>
*Jan 10 21:24:21:830 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received packet from 171.218.1.34 source port 23548 destination port 500.
*Jan 10 21:24:21:830 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 0000000000000000
  next payload: SA
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags:  
  message ID: 0
  length: 724
*Jan 10 21:24:21:830 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:21:830 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:21:830 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Begin a new phase 1 negotiation as responder.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Responder created an SA for peer 171.218.1.34, local port 500, remote port 23548.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Set IKE SA state to IKE_P1_STATE_INIT.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Security Association Payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Vendor ID Payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Vendor ID Payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Vendor ID Payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Vendor ID Payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Vendor ID Payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Vendor ID Payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Process vendor ID payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: Vendor ID DPD is matched.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/EVENT: Vendor ID NAT-T rfc3947 is matched.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Process SA payload.
*Jan 10 21:24:21:831 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Check ISAKMP transform 1.
*Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Lifetime type is 1.
*Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Life duration is 28800.
*Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Encryption algorithm is AES-CBC.
*Jan 10 21:24:21:832 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Key length is 256 bytes.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Authentication method is Pre-shared key.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  HASH algorithm is HMAC-SHA2_384.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  DH group is 2.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Check ISAKMP transform 2.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Lifetime type is 1.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Life duration is 28800.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Encryption algorithm is AES-CBC.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Key length is 256 bytes.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Authentication method is Pre-shared key.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  HASH algorithm is HMAC-SHA2_256.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  DH group is 2.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Check ISAKMP transform 3.
*Jan 10 21:24:21:833 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Lifetime type is 1.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Life duration is 28800.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Encryption algorithm is AES-CBC.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Key length is 256 bytes.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Authentication method is Pre-shared key.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  HASH algorithm is HMAC-SHA2_512.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  DH group is 2.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Check ISAKMP transform 4.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Lifetime type is 1.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Life duration is 28800.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Encryption algorithm is AES-CBC.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Key length is 256 bytes.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  Authentication method is Pre-shared key.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  HASH algorithm is HMAC-SHA1.
*Jan 10 21:24:21:834 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  DH group is 2.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Found pre-shared key that matches address 171.218.1.34 in keychain 1.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Attributes is acceptable.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: Oakley transform 4 is acceptable.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Constructed SA payload
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct NAT-T rfc3947 vendor ID payload.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct XAUTH Cisco Unity 1.0 vendor ID payload.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct XAUTH draft6 vendor ID payload.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
IKE SA state changed from IKE_P1_STATE_INIT to IKE_P1_STATE_SEND2.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Sending packet to 171.218.1.34 remote port 23548, local port 500.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: SA
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags:  
  message ID: 0
  length: 136
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Sending an IPv4 packet.
*Jan 10 21:24:21:835 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Sent data to socket successfully.
*Jan 10 21:24:21:868 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received packet from 171.218.1.34 source port 23548 destination port 500.
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: KE
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags:  
  message ID: 0
  length: 228
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Key Exchange Payload.
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Nonce Payload.
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP NAT-D Payload.
*Jan 10 21:24:21:869 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP NAT-D Payload.
*Jan 10 21:24:21:870 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Process KE payload.
*Jan 10 21:24:21:870 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Process NONCE payload.
*Jan 10 21:24:21:870 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received 2 NAT-D payload.
*Jan 10 21:24:21:870 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Peer is behind NAT.
*Jan 10 21:24:21:873 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct KE payload.
*Jan 10 21:24:21:873 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct NONCE payload.
*Jan 10 21:24:21:873 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct NAT-D payload.
*Jan 10 21:24:21:874 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct DPD vendor ID payload.
*Jan 10 21:24:21:876 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
IKE SA state changed from IKE_P1_STATE_SEND2 to IKE_P1_STATE_SEND4.
*Jan 10 21:24:21:877 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Sending packet to 171.218.1.34 remote port 23548, local port 500.
*Jan 10 21:24:21:877 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: KE
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags:  
  message ID: 0
  length: 248
*Jan 10 21:24:21:877 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Sending an IPv4 packet.
*Jan 10 21:24:21:877 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Sent data to socket successfully.
*Jan 10 21:24:21:903 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:21:903 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:21:903 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:21:903 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:21:908 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:21:908 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Decrypt the packet.
*Jan 10 21:24:21:909 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Identification Payload.
*Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: 2th byte of the structure ISAKMP Identification Payload must be 0.
*Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Failed to parse phase 1 packet. Reason INVALID_PAYLOAD_TYPE.
*Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Encrypt the packet.
*Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct notification packet: INVALID_PAYLOAD_TYPE.
*Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Sending packet to 171.218.1.34 remote port 23549, local port 4500.
*Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: HASH
  version: ISAKMP Version 1.0
  exchange mode: Info
  flags: ENCRYPT
  message ID: 1bca5a9e
  length: 92
*Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Sending an IPv4 packet.
*Jan 10 21:24:21:915 2022 MSR3610 IKE/7/EVENT: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Sent data to socket successfully.
*Jan 10 21:24:21:915 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Failed to negotiate IKE SA.
*Jan 10 21:24:24:951 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:24:951 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:24:951 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:24:951 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:24:951 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:24:951 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:27:953 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:27:953 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:27:953 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:27:953 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:27:953 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:27:953 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:31:001 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:31:001 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:31:001 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:31:001 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:31:001 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:31:001 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:33:965 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:33:965 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:33:965 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:33:965 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:33:966 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:33:966 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:37:035 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:37:035 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:37:035 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:37:036 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:37:036 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:37:036 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:39:987 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:39:987 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:39:987 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:39:987 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:39:987 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:39:987 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:41:995 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:41:995 2022 MSR3610 IKE/7/EVENT: Ignore NAT keepalive packet.
*Jan 10 21:24:42:995 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:42:995 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:42:995 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:42:996 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:42:996 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:42:996 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:46:036 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:46:036 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:46:036 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:46:036 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:46:036 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:46:036 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
*Jan 10 21:24:49:075 2022 MSR3610 IKE/7/EVENT: Received packet successfully.
*Jan 10 21:24:49:076 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Received packet from 171.218.1.34 source port 23549 destination port 4500.
*Jan 10 21:24:49:076 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
  I-COOKIE: dae4f81a95f7447d
  R-COOKIE: 2780ff8ba7934b66
  next payload: ID
  version: ISAKMP Version 1.0
  exchange mode: Main
  flags: ENCRYPT
  message ID: 0
  length: 92
*Jan 10 21:24:49:076 2022 MSR3610 IKE/7/EVENT: IKE thread 1099169456816 processes a job.
*Jan 10 21:24:49:076 2022 MSR3610 IKE/7/EVENT: Phase1 process started.
*Jan 10 21:24:49:076 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Can't find IKE SA.
<MSR3610>
<MSR3610>


最佳答案

已采纳
粉丝:17人 关注:0人

*Jan 10 21:24:21:909 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Received ISAKMP Identification Payload.
*Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: 2th byte of the structure ISAKMP Identification Payload must be 0.
*Jan 10 21:24:21:912 2022 MSR3610 IKE/7/ERROR: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Failed to parse phase 1 packet. Reason INVALID_PAYLOAD_TYPE.
*Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Encrypt the packet.
*Jan 10 21:24:21:913 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23548
Construct notification packet: INVALID_PAYLOAD_TYPE.
*Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
Sending packet to 171.218.1.34 remote port 23549, local port 4500.
*Jan 10 21:24:21:914 2022 MSR3610 IKE/7/PACKET: vrf = 0, local = 222.21.45.14, remote = 171.218.1.34/23549
I-COOKIE: dae4f81a95f7447d
R-COOKIE: 2780ff8ba7934b66
next payload: HASH
version: ISAKMP Version 1.0
exchange mode: Info
flags: ENCRYPT
message ID: 1bca5a9e
length: 92

ike的第56条报文交互出错,此阶段要么是由于密钥配置不一致,要么是ike profile配置不对称。 2th byte of the structure ISAKMP Identification Payload must be 0.这个肯定是配置了不对称的密钥,解密失败后,导致协商报文的载荷内容检查失败,就会报如上错误。


暂无评论

2 个回答
粉丝:4人 关注:0人

可以对照下案例的配置:

https://zhiliao.h3c.com/Theme/details/187179


另外可以使用inode试下是否正常,是只有安卓11拨不了,还是所有都拨不了

暂无评论

一只小兔子 知了小白
粉丝:0人 关注:1人

就是照着案例配置的,目前测试了苹果手机,安卓,win10都不行

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明