IPV6 ADVPN

 

 

做IPV6的ADVPN实验，Spoke查看VAM client Current state为DUMB，debug提示 VAM服务器和ADVPN源接口的地址族不同。我查看了配置没有看出来有那里不对。有没有高手帮看下。

debug报错 如下：

<Spoke1>*May 10 11:43:21:843 2024 Spoke1 VAMC/7/EVENT: 4001::2[0]: FSM status changed from DUMB to OFFLINE.

*May 10 11:43:21:843 2024 Spoke1 VAMC/7/ERROR: 4001::2[0]: The address family of VAM server and ADVPN source interface are different.

*May 10 11:43:21:843 2024 Spoke1 VAMC/7/EVENT: 4001::2[0]: Deleted all hubs.

*May 10 11:43:21:843 2024 Spoke1 VAMC/7/EVENT: 4001::2[0]: FSM status changed from OFFLINE to DUMB.

*May 10 11:43:21:843 2024 Spoke1 VAMC/7/EVENT: 4001::2[0]: The dumb interval was 120 seconds.

设备配置见附件

HUB：

 

 sysname Hub

#

ospf 1

 area 0.0.0.0

  network 192.168.0.0 0.0.0.255

  network 192.168.1.0 0.0.0.255

#

ospfv3 1

 area 0.0.0.0

#

 

interface NULL0

#

interface GigabitEthernet0/0

 port link-mode route

 combo enable copper

 ip address 1.0.0.1 255.255.255.252

 ipv6 address 1::1/126

#

 

#

interface Tunnel0 mode advpn udp

 ip address 192.168.0.1 255.255.255.0

 ospfv3 1 area 0.0.0.0

 source GigabitEthernet0/0

 ipv6 address 4001::1/64

 tunnel protection ipsec profile advpn

 vam client hub

 vam ipv6 client hubv6

#

interface Tunnel2 mode advpn udp

 source GigabitEthernet0/0

#

 ip route-static 0.0.0.0 0 1.0.0.2

 ipv6 route-static :: 0 1::2

#

domain advpn

 authentication advpn local

#

domain system

#

 domain default enable advpn

#

r

#

local-user hub class network

 password cipher $c$3$UHghD0CZwNrj77o1UfiaqWsfZYccWg==

 service-type advpn

 authorization-attribute user-role network-operator

#

local-user hubv6 class network

 password cipher $c$3$3WVWFeJJNeS/7uliPfrwrIcpd7oGPm3w

 service-type advpn

 authorization-attribute user-role network-operator

#              

local-user spoke1 class network

 password cipher $c$3$GRR1dyAcGwKAQgz6ttgKhDkaToIRJFJWHQ==

 service-type advpn

 authorization-attribute user-role network-operator

#

local-user spoke1v6 class network

 password cipher $c$3$eY6SKfj6M3dkqMjY0AME4BuOQi55ALnhcqKT

 service-type advpn

 authorization-attribute user-role network-operator

#

ipsec transform-set advpn

 esp encryption-algorithm des-cbc 

 esp authentication-algorithm sha1 

#

ipsec profile advpn isakmp

 transform-set advpn 

 ike-profile advpn

#

ike profile advpn

 keychain advpn

#

ike keychain advpn

 pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$QVB/1rF1eSK1GnNV87h5hwz1nyUbMy4AOTn/OOg=

 pre-shared-key address ipv6 :: 0 key cipher $c$3$hx9hk9YJ6ob83d9/gRUj+lzAC9e8fgM43u0QqF0=

#

vam client name hub

 advpn-domain advpn

 server primary ip-address 1.0.0.1

 pre-shared-key cipher $c$3$+14mD8wfX+c9VlAJ/2ISCYWkJFhGSB7C

 user hub password cipher $c$3$e4kTudLVZQF05UozVMu+K6FUHA9sVw==

 client enable

#

vam client name hubv6

 advpn-domain advpnv6

 server primary ipv6-address 1::1

 pre-shared-key cipher $c$3$IfwvV0YqBU06mFgod6ZzPzq01JNKWHqyoj9MNFw=

 user hubv6 password cipher $c$3$mZvg2zeyVegSW2pAdKYIRQzSxIDftVIq

 client enable

#

vam server advpn-domain advpn id 1

 pre-shared-key cipher $c$3$RT69GMYemYtP7Dh1IeANRMfHDJ2e1FPu

 authentication-method none

 server enable

 hub-group hub

  hub private-address 192.168.0.1

  spoke private-address range 192.168.0.1 192.168.0.254

#

vam server advpn-domain advpnv6 id 2

 pre-shared-key cipher $c$3$pevar+24D5/bLUeJC0tg59OhptMUII6nz/8ji5E=

 authentication-method none

 server enable

 hub-group hub

  hub ipv6 private-address 1::1

  spoke ipv6 private-address range 4001::1 4001::2

  spoke ipv6 private-address range 4001::1 4001::F

#

return

<Hub>           

Spoke1:

<Spoke1>

<Spoke1>dis

<Spoke1>display cu

#

 version 7.1.064, Release 0427P22

#

 sysname Spoke1

#

ospf 1

 area 0.0.0.0

  network 8.8.8.8 0.0.0.0

  network 192.168.0.0 0.0.0.255

  network 192.168.1.0 0.0.0.255

#

ospfv3 1

 area 0.0.0.0

#

 

 

#

i

#

interface LoopBack10

 ip address 8.8.8.8 255.255.255.0

#

interface Vlan-interface10

#

interface GigabitEthernet0/0

 port link-mode route

 combo enable copper

 ip address 1.0.0.10 255.255.255.252

 ipv6 address 2::1/126

#

 

#              

interface Tunnel1 mode advpn udp

 ip address 192.168.0.2 255.255.255.0

 ospfv3 1 area 0.0.0.0

 source GigabitEthernet0/0

 ipv6 address 4001::2/64

 tunnel protection ipsec profile advpn

 vam client spoke1

 vam ipv6 client spoke1v6

t

#

 ip route-static 0.0.0.0 0 1.0.0.9

 ipv6 route-static :: 0 2::2

#

 

#

ipsec transform-set advpn

 esp encryption-algorithm des-cbc 

 esp authentication-algorithm sha1 

#

ipsec profile advpn isakmp

 transform-set advpn 

 ike-profile advpn

#

ike profile advpn

 keychain advpn

#

ike keychain advpn

 pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$BFn4G+HkxF2gYRtXAvjhsBWAj/rD6NrbczPHVYg=

 pre-shared-key address ipv6 :: 128 key cipher $c$3$xoMYbCExdR0kJusUcie1F0hYzMoE12EP5R8mLkg=

#

vam client name spoke1

 advpn-domain advpn

 server primary ip-address 1.0.0.1

 pre-shared-key cipher $c$3$ICITAMN4R+9SZlx3bNYR8lOPdivJ7W5Q

 user spoke1 password cipher $c$3$QgSO8bcX97E4qIyMLMtgb+N70RjwYlwj8Q==

 client enable

#

vam client name spoke1v6

 advpn-domain advpnv6

 server primary ipv6-address 1::1

 pre-shared-key cipher $c$3$f1kj2V7bDY3xHvK5Y59R1VhgyyKnoaY03yhck1c=

 user spoke1v6 password cipher $c$3$/f7EQlnXnuyFtfc/E8kEhsAuHDXfVa5dcRD5

 client enable

#              

return

<Spoke1>