RT-MSR2600-15-X1+IPSCE

现在有个设备，配置的IPSEC  但是在第一阶段IKE的Flag状态是Unknown 这个一般设么原因？

[RT3]display  ike sa 

    Connection-ID  Local               Remote              Flag     DOI    

------------------------------------------------------------------------------------

    568047         10.211.128.200      10.211.48.97/500    Unknown  IPsec  

    568045         10.211.128.200      10.211.48.41/500    Unknown  IPsec  

Flags:

RD--READY RL--REPLACED FD-FADING RK-REKEY

[RT3]

interface GigabitEthernet0/0

 port link-mode route

 description Single_Line1

 ip address 10.211.128.200 255.255.255.0

 ipv6 address FD00:1234:5678:2::2/64

 ipsec apply policy WAN0(GE0)

 ipsec no-nat-process enable

acl advanced name WAN0(GE0)@guihuayuan

 rule 0 permit ip source 183.2.41.0 0.0.0.255 destination 192.163.128.0 0.0.127.255

#

acl advanced name WAN0(GE0)@guotuyun

 rule 0 permit ip source 183.2.41.0 0.0.0.255 destination 192.163.0.0 0.0.127.255

#

ipsec transform-set WAN0(GE0)@guihuayuan

 esp encryption-algorithm 3des-cbc 

 esp authentication-algorithm md5 

#

ipsec transform-set WAN0(GE0)@guotuyun

 esp encryption-algorithm 3des-cbc 

 esp authentication-algorithm md5 

#

ipsec policy WAN0(GE0) 19890 isakmp

 transform-set WAN0(GE0)@guotuyun 

 security acl name WAN0(GE0)@guotuyun 

 remote-address 10.211.48.41

 description WAN0(GE0)@guotuyun

 ike-profile WAN0(GE0)@guotuyun

 sa trigger-mode auto

 sa duration time-based 28800

 sa duration traffic-based 1843200

#

ipsec policy WAN0(GE0) 23711 isakmp

 transform-set WAN0(GE0)@guihuayuan 

 security acl name WAN0(GE0)@guihuayuan 

 remote-address 10.211.48.97

 description WAN0(GE0)@guihuayuan

 ike-profile WAN0(GE0)@guihuayuan

 sa trigger-mode auto

 sa duration time-based 28800

 sa duration traffic-based 1843200

#

ike profile WAN0(GE0)@guihuayuan

 keychain WAN0(GE0)@guihuayuan

 match remote identity address 10.211.48.97 255.255.255.255

 proposal 23711 

#

ike profile WAN0(GE0)@guotuyun

 keychain WAN0(GE0)@guotuyun

 match remote identity address 10.211.48.41 255.255.255.255

 proposal 19890 

 priority 99

#

ike proposal 19890

 encryption-algorithm 3des-cbc

 dh group2

 authentication-algorithm md5

 sa duration 3600

#

ike proposal 23711

 encryption-algorithm 3des-cbc

 dh group2

 authentication-algorithm md5

 sa duration 3600

#

ike keychain WAN0(GE0)@guihuayuan

 pre-shared-key address 10.211.48.97 255.255.255.255 key cipher $c$3$Ec5/Qg19FV9WcVptSvvz7Vnj426g9BQrzXpF

#

ike keychain WAN0(GE0)@guotuyun

 pre-shared-key address 10.211.48.41 255.255.255.255 key cipher $c$3$RB2n61s4hPONvpjmTX8p2eyNVHiQk/QqY5ir

 priority 99

#