ike sa 建立不成功,求解答
FW:
acl number 3101
rule 5 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
ipsec proposal 1
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal 1
encryption-algorithm aes-256
dh group14
authentication-algorithm md5
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-md5
#
ike peer r1
undo version 2
pre-shared-key %^%#V0me/{}_KIp"R&3gKRZ5WI_eP@C7[DG;u!T@&X*4%^%#
ike-proposal 1
remote-address 1.1.1.1
#
ipsec policy map1 10 isakmp
security acl 3101
ike-peer r1
proposal 1
#
router:
acl number 3101
rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
#
ipsec proposal 1
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal 1
encryption-algorithm aes-cbc-256
dh group14
authentication-algorithm md5
prf hmac-md5
#
ike peer fw1 v1
pre-shared-key cipher %$%$r]IKQ#tzY,wo6`U#eo\2,.2n%$%$
ike-proposal 1
remote-address 2.1.1.1
#
ipsec policy map1 10 isakmp
security acl 3101
ike-peer fw1
proposal 1
(0)
建议联系华为技术支持团队沟通确认
或在仔细检查下配置、ike sa、ipsec sa以及日志信息进一步定位下
(0)
配置看着没问题啊,抓包看一下数据的路径是走到哪的
(0)
ike第一阶段协商不了
ike第一阶段协商不了
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
我看不懂