问

F1000-AI 75 SSL VPN拨入问题

SSL VPN

2022-05-22提问

0关注
1收藏，1047浏览

zhiliao_b6rbTz

zhiliao_b6rbTz 二段

粉丝：0人关注：0人

问题描述：

路由器-防火墙-行为管理-核心交换机；在防火墙上做三层，启了SSL VPN功能，配置完成后通过iNODE拨入显示连接失败，检查VPN网关通信是否正常。路由器到防火墙的映射，防火墙上策略都检查过，没有问题。debugging后提示：

*May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: before SSL initialization. *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Receive: TLS 1.0Handshake [length 00c2]. *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 16 03 01 00 c2 *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: before SSL initialization. *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Receive: TLS 1.0 [length 00c2], message type: ClientHello. *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 01 00 00 be 03 01 69 c4 d9 8b f4 17 8e ba 2b 35 6d 66 66 ae 3b bd 59 ad e6 14 1d bb 13 bf 2b 5d 57 8d a3 c0 13 55 00 00 64 c0 14 c0 0a 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 0f c0 05 00 35 00 84 c0 13 c0 09 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 01 00 00 31 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 23 00 00 00 0f 00 01 01 *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Send: TLS 1.0Alert [length 0002]. *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 15 03 01 00 02 *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Send: TLS 1.0Alert [length 0002], level: fatal, reason: protocol_version. *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 02 46 *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL3 alert write, level: fatal, reason: protocol version. *May 22 21:16:27:880 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: error in error. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: before SSL initialization. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Receive: TLS 1.0Handshake [length 00c2]. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 16 03 01 00 c2 *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: before SSL initialization. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Receive: TLS 1.0 [length 00c2], message type: ClientHello. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 01 00 00 be 03 01 82 b7 e3 1a 02 51 33 76 5a 29 60 0e 9c 96 0f df e4 b9 eb 1a 04 95 81 d0 0d d3 af 90 98 c7 2d 58 00 00 64 c0 14 c0 0a 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 0f c0 05 00 35 00 84 c0 13 c0 09 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 01 00 00 31 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 23 00 00 00 0f 00 01 01 *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Send: TLS 1.0Alert [length 0002]. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 15 03 01 00 02 *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Send: TLS 1.0Alert [length 0002], level: fatal, reason: protocol_version. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 02 46 *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL3 alert write, level: fatal, reason: protocol version. *May 22 21:16:27:975 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: error in error. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: before SSL initialization. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Receive: TLS 1.0Handshake [length 00c2]. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 16 03 01 00 c2 *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: before SSL initialization. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Receive: TLS 1.0 [length 00c2], message type: ClientHello. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 01 00 00 be 03 01 05 d1 33 6a 58 9d 55 b0 da 2a a3 ef 56 00 99 5c 0d 1d d4 21 6a 9d be 34 90 2d 32 e3 29 da d7 33 00 00 64 c0 14 c0 0a 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 0f c0 05 00 35 00 84 c0 13 c0 09 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 01 00 00 31 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 23 00 00 00 0f 00 01 01 *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Send: TLS 1.0Alert [length 0002]. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 15 03 01 00 02 *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_HANDSHAKE: -COntext=1; Send: TLS 1.0Alert [length 0002], level: fatal, reason: protocol_version. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_KSSL_PACKET: -COntext=1; 02 46 *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL3 alert write, level: fatal, reason: protocol version. *May 22 21:16:28:081 2022 C198-FW1000 SSLVPNK/7/SSLVPN_DEBUG_KSSL_INFO: -COntext=1; SSL_accept: error in error. *May 22 21:16:31:462 2022 C198-FW1000 SSLVPN/7/SSLVPN_TIMER: -COntext=1; IPAC: Packet drop statistics timer expired, cOntextID=1. *May 22 21:16:39:533 2022 C198-FW1000 SSLVPNK/7/SSLVPN_TIMER: -COntext=1; COOKIE aging timer expired.