ipsec主机能挂在主路由后面吗？

 I-COOKIE: 19093c627101f260
R-COOKIE: bd987a6071b774cb
next payload: HASH
version: ISAKMP Version 1.0
exchange mode: Quick
flags: ENCRYPT
message ID: 64c3c542
length: 52
*Jan 1 14:57:14:150 2011 h3c IKE/7/EVENT: IKE thread 1115862304 processes a job.
*Jan 1 14:57:14:150 2011 h3c IKE/7/EVENT: Phase2 process started.
*Jan 1 14:57:14:150 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Decrypt the packet.
*Jan 1 14:57:14:151 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received ISAKMP Hash Payload.
*Jan 1 14:57:14:151 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Process HASH payload.
*Jan 1 14:57:14:152 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Validated HASH(3) successfully.
*Jan 1 14:57:14:153 2011 h3c IPSEC/7/EVENT:
Updated outbound SA of IPsec tunnel(SA index = 0, SPI = 0xebc6eaad).
*Jan 1 14:57:14:152 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
IPsec SA state changed from IKE_P2_STATE_SEND2 to IKE_P2_STATE_ESTABLISHED.
*Jan 1 14:57:14:152 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Got time-based lifetime settings for IKE P2 SA:
Role : Respondor.
Configured soft lifetime buffer : 0 seconds.
Hard lifetime after negotiation : 3600 seconds.
Default soft lifetime : 3580 seconds.
Actual soft lifetime : 3580 seconds.
*Jan 1 14:57:14:154 2011 h3c IPSEC/7/EVENT:
Sent switch SA message to Slot:0 Cpu:0, message type is 0x1a.
*Jan 1 14:57:14:156 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Add P2 SA to triple successfully.
*Jan 1 14:57:14:157 2011 h3c IPSEC/7/EVENT:
Sent update SP message to Slot:0 Cpu:0, message type is 0xe.
*Jan 1 14:57:14:158 2011 h3c IPSEC/7/EVENT:
Switched SA successfully.
*Jan 1 14:57:14:158 2011 h3c IKE/7/EVENT: Received message from ipsec, message type is 15.

卡住20几秒

*Jan 1 14:57:45:990 2011 h3c IKE/7/EVENT: Received packet successfully.
*Jan 1 14:57:45:990 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received packet from 122.225.86.210 source port 500 destination port 500.
*Jan 1 14:57:45:990 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500

I-COOKIE: 19093c627101f260
R-COOKIE: bd987a6071b774cb
next payload: HASH
version: ISAKMP Version 1.0
exchange mode: Info
flags: ENCRYPT
message ID: 2df13082
length: 68
*Jan 1 14:57:45:991 2011 h3c IKE/7/EVENT: IKE thread 1115862304 processes a job.
*Jan 1 14:57:45:991 2011 h3c IKE/7/EVENT: Info packet process started.
*Jan 1 14:57:45:991 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Decrypt the packet.
*Jan 1 14:57:45:991 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received ISAKMP Hash Payload.
*Jan 1 14:57:45:991 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received ISAKMP Delete Payload.
*Jan 1 14:57:45:992 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Parse informational exchange packet successfully.
*Jan 1 14:57:45:992 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Process delete payload.
*Jan 1 14:57:45:992 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received phase 2 SA delete packet.
*Jan 1 14:57:45:992 2011 h3c IKE/7/EVENT: Delete IPsec SA.
*Jan 1 14:57:45:994 2011 h3c IPSEC/7/EVENT:
SA successfully deleted in kernel.
*Jan 1 14:57:45:994 2011 h3c IPSEC/7/EVENT:
Deleted outbound SA from IPsec tunnel(SA index = 0, SPI = 0xebc6eaad).
*Jan 1 14:57:45:994 2011 h3c IPSEC/7/EVENT:
SA successfully deleted in kernel.
*Jan 1 14:57:45:994 2011 h3c IPSEC/7/EVENT:
IPsec tunnel successfully deleted in kernel.
*Jan 1 14:57:45:992 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Send delete SA to IPsec, the reason is receive delete packet.
*Jan 1 14:57:45:993 2011 h3c IKE/7/EVENT: Received packet successfully.
*Jan 1 14:57:45:993 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received packet from 122.225.86.210 source port 500 destination port 500.
*Jan 1 14:57:45:994 2011 h3c IPSEC/7/EVENT:
Sent delete SA message to Slot:0 Cpu:0, message type is 0x16.
*Jan 1 14:57:45:994 2011 h3c IPSEC/7/EVENT:
Sent delete tunnel message to Slot:0 Cpu:0, message type is 0x14.
*Jan 1 14:57:45:996 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500

I-COOKIE: 19093c627101f260
R-COOKIE: bd987a6071b774cb
next payload: HASH
version: ISAKMP Version 1.0
exchange mode: Info
flags: ENCRYPT
message ID: 353ca069
length: 84
*Jan 1 14:57:45:996 2011 h3c IKE/7/EVENT: IKE thread 1115862304 processes a job.
*Jan 1 14:57:45:996 2011 h3c IKE/7/EVENT: Info packet process started.
*Jan 1 14:57:45:996 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Decrypt the packet.
*Jan 1 14:57:45:997 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received ISAKMP Hash Payload.
*Jan 1 14:57:45:997 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Received ISAKMP Delete Payload.
*Jan 1 14:57:45:998 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Parse informational exchange packet successfully.
*Jan 1 14:57:45:998 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Process delete payload.
*Jan 1 14:57:45:998 2011 h3c IKE/7/PACKET: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
The phase 1 delete packet is received.
*Jan 1 14:57:45:999 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Delete IKE SA with connection ID 202.
*Jan 1 14:57:46:000 2011 h3c IKE/7/EVENT: vrf = 0, local = 192.168.100.45, remote = 122.225.86.210/500
Delete tunnel, reference count is [0], tunnel [1] has been freed.