G100-S-G5

这个为总部设备，与分支的MER3220做IPSECvpn,现在遇到的问题是ike可以协商起来，IPSec不行，我抓了个诊断，这个是路由器的 ： 

 *Dec 2 06:27:17:270 2022 H3C IPSEC/7/EVENT: IPsec Ike Acquire Sa, tcp enable:0, port:4500, sp index:1. *Dec 2 06:27:17:270 2022 H3C IPSEC/7/EVENT: Got SA time-based soft lifetime settings when filling Sp data. Configured soft lifetime buffer : 0 seconds. Configured global soft lifetime buffer : 0 seconds. *Dec 2 06:27:17:289 2022 H3C IPSEC/7/EVENT: Sent delete SA message to all nodes, message type is 0x16. *Dec 2 06:27:17:289 2022 H3C IPSEC/7/EVENT: The SA doesn't exist in kernel. *Dec 2 06:27:17:289 2022 H3C IPSEC/7/EVENT: Remote address no need to change, SP index=1. *Dec 2 06:27:21:284 2022 H3C IPSEC/7/EVENT: Can't find block-flow node. *Dec 2 06:27:21:284 2022 H3C IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 1, SP Convert-Seq = 4294901760. *Dec 2 06:27:21:284 2022 H3C IPSEC/7/ERROR: The reason of dropping packet is no available IPsec tunnel. *Dec 2 06:27:21:284 2022 H3C IPSEC/7/EVENT: Sent SA-Acquire message : SP ID = 1 *Dec 2 06:27:21:284 2022 H3C IPSEC/7/EVENT: Received negotiate SA message from IPsec kernel. *Dec 2 06:27:21:284 2022 H3C IPSEC/7/EVENT: IPsec Ike Acquire Sa, tcp enable:0, port:4500, sp index:1. *Dec 2 06:27:21:285 2022 H3C IPSEC/7/EVENT: Got SA time-based soft lifetime settings when filling Sp data. Configured soft lifetime buffer : 0 seconds. Configured global soft lifetime buffer : 0 seconds. *Dec 2 06:27:21:301 2022 H3C IPSEC/7/EVENT: Sent delete SA message to all nodes, message type is 0x16. *Dec 2 06:27:21:301 2022 H3C IPSEC/7/EVENT: The SA doesn't exist in kernel. *Dec 2 06:27:21:302 2022 H3C IPSEC/7/EVENT: Remote address no need to change, SP index=1. *Dec 2 06:27:29:287 2022 H3C IPSEC/7/EVENT: Can't find block-flow node. *Dec 2 06:27:29:287 2022 H3C IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 1, SP Convert-Seq = 4294901760. *Dec 2 06:27:29:287 2022 H3C IPSEC/7/ERROR: The reason of dropping packet is no available IPsec tunnel. *Dec 2 06:27:29:287 2022 H3C IPSEC/7/EVENT: Sent SA-Acquire message : SP ID = 1 *Dec 2 06:27:29:287 2022 H3C IPSEC/7/EVENT: Received negotiate SA message from IPsec kernel. *Dec 2 06:27:29:288 2022 H3C IPSEC/7/EVENT: IPsec Ike Acquire Sa, tcp enable:0, port:4500, sp index:1. *Dec 2 06:27:29:288 2022 H3C IPSEC/7/EVENT: Got SA time-based soft lifetime settings when filling Sp data. Configured soft lifetime buffer : 0 seconds. Configured global soft lifetime buffer : 0 seconds. *Dec 2 06:27:29:304 2022 H3C IPSEC/7/EVENT: Sent delete SA message to all nodes, message type is 0x16. *Dec 2 06:27:29:305 2022 H3C IPSEC/7/EVENT: The SA doesn't exist in kernel. *Dec 2 06:27:29:305 2022 H3C IPSEC/7/EVENT: Remote address no need to change, SP index=1. 

 这个是防火墙的： 

 <FW>*Dec 2 14:11:53:862 2022 FW IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 0, SP Convert-Seq = 65537. *Dec 2 14:11:53:862 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:53:900 2022 FW IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 0, SP Convert-Seq = 65537. *Dec 2 14:11:53:900 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:53:910 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:53:942 2022 FW IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 0, SP Convert-Seq = 65537. *Dec 2 14:11:53:942 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:53:952 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:53:986 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:54:039 2022 FW IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 0, SP Convert-Seq = 65537. *Dec 2 14:11:54:039 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:54:042 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. <FW>*Dec 2 14:11:54:149 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. <FW>*Dec 2 14:11:54:258 2022 FW IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 0, SP Convert-Seq = 65537. *Dec 2 14:11:54:258 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:54:264 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:54:533 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. undo debugging all *Dec 2 14:11:54:713 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. *Dec 2 14:11:54:713 2022 FW IPSEC/7/PACKET: Failed to find SA by SP, SP Index = 0, SP Convert-Seq = 65537. *Dec 2 14:11:54:713 2022 FW IPSEC/7/PACKET: Alloc IPsec cache: Global fs seq : 0, Private index : 0, Private seq : 0. All possible debugging has been turned off.

两台出口设备，两端都是拨号，但是防火墙这里播出来的是固定地址，做的VPN