现在有个设备,配置的IPSEC 但是在第一阶段IKE的Flag状态是Unknown 这个一般设么原因?
[RT3]display ike sa
Connection-ID Local Remote Flag DOI
------------------------------------------------------------------------------------
568047 10.211.128.200 10.211.48.97/500 Unknown IPsec
568045 10.211.128.200 10.211.48.41/500 Unknown IPsec
Flags:
RD--READY RL--REPLACED FD-FADING RK-REKEY
[RT3]
interface GigabitEthernet0/0
port link-mode route
description Single_Line1
ip address 10.211.128.200 255.255.255.0
ipv6 address FD00:1234:5678:2::2/64
ipsec apply policy WAN0(GE0)
ipsec no-nat-process enable
acl advanced name WAN0(GE0)@guihuayuan
rule 0 permit ip source 183.2.41.0 0.0.0.255 destination 192.163.128.0 0.0.127.255
#
acl advanced name WAN0(GE0)@guotuyun
rule 0 permit ip source 183.2.41.0 0.0.0.255 destination 192.163.0.0 0.0.127.255
#
ipsec transform-set WAN0(GE0)@guihuayuan
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec transform-set WAN0(GE0)@guotuyun
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec policy WAN0(GE0) 19890 isakmp
transform-set WAN0(GE0)@guotuyun
security acl name WAN0(GE0)@guotuyun
remote-address 10.211.48.41
description WAN0(GE0)@guotuyun
ike-profile WAN0(GE0)@guotuyun
sa trigger-mode auto
sa duration time-based 28800
sa duration traffic-based 1843200
#
ipsec policy WAN0(GE0) 23711 isakmp
transform-set WAN0(GE0)@guihuayuan
security acl name WAN0(GE0)@guihuayuan
remote-address 10.211.48.97
description WAN0(GE0)@guihuayuan
ike-profile WAN0(GE0)@guihuayuan
sa trigger-mode auto
sa duration time-based 28800
sa duration traffic-based 1843200
#
ike profile WAN0(GE0)@guihuayuan
keychain WAN0(GE0)@guihuayuan
match remote identity address 10.211.48.97 255.255.255.255
proposal 23711
#
ike profile WAN0(GE0)@guotuyun
keychain WAN0(GE0)@guotuyun
match remote identity address 10.211.48.41 255.255.255.255
proposal 19890
priority 99
#
ike proposal 19890
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
sa duration 3600
#
ike proposal 23711
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
sa duration 3600
#
ike keychain WAN0(GE0)@guihuayuan
pre-shared-key address 10.211.48.97 255.255.255.255 key cipher $c$3$Ec5/Qg19FV9WcVptSvvz7Vnj426g9BQrzXpF
#
ike keychain WAN0(GE0)@guotuyun
pre-shared-key address 10.211.48.41 255.255.255.255 key cipher $c$3$RB2n61s4hPONvpjmTX8p2eyNVHiQk/QqY5ir
priority 99
#
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论