苹果ipad l2tp over ipsec 问题
- 0关注
- 0收藏,87浏览
问题描述:
苹果ipad 版本18.2.1 防火墙1242 version 7.1.064, Release 9660P55 配置l2tp over ipsec VPN后,PC安装inode可以正常连接,IPAD自带的VPN连接不成功,一阶段可以协商成功能看到IKE SA,但ipsec 协商不成功,试过各种验证和加密组合都失败。有做成功的朋友贴个配置参考下,
这是我的配置,策略端口都已经放通
version 7.1.064, Release 9660P55
#
s security-zone intra-zone default permit
#
ip pool l2tp 172.20.255.2 172.20.255.200
#
interface Virtual-Template1
ppp authentication-mode chap pap
remote address pool l2tp
ip address 172.20.255.1 255.255.255.0
#
interface GigabitEthernet1/0/14
port link-mode route
ip address 公网地址
nat outbound 3602
ipsec apply policy l2tp
#
acl advanced 3602
rule 9 deny udp source-port eq 1701
rule 10 deny ip source 172.20.255.0 0.0.0.255
rule 11 deny ip destination 172.20.255.0 0.0.0.255
rule 200 permit ip
#
acl advanced 3603
rule 10 permit udp source-port eq 1701
rule 200 permit ip source 172.20.255.0 0.0.0.255
rule 201 permit ip destination 172.20.255.0 0.0.0.255
#
session statistics enable
#
ipsec logging negotiation enable
#
ipsec transform-set 1
encapsulation-mode transport
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec transform-set 2
encapsulation-mode transport
esp encryption-algorithm aes-cbc-128
esp authentication-algorithm sha1
#
ipsec transform-set 3
encapsulation-mode transport
esp encryption-algorithm aes-cbc-256
esp authentication-algorithm sha1
#
ipsec transform-set 4
encapsulation-mode transport
esp encryption-algorithm des-cbc
esp authentication-algorithm sha1
#
ipsec transform-set 5
encapsulation-mode transport
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ipsec transform-set 6
encapsulation-mode transport
esp encryption-algorithm aes-cbc-128
esp authentication-algorithm sha256
#
ipsec transform-set 7
esp encryption-algorithm aes-cbc-128
esp authentication-algorithm sha256
#
ipsec transform-set 22
#
ipsec transform-set 123
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ipsec policy-template l2tp 10
transform-set 1 2 3 4 5 6
security acl 3603
ike-profile cc
#
ipsec policy l2tp 10 isakmp template l2tp
#
l2tp-group 1 mode lns
allow l2tp virtual-template 1
undo tunnel authentication
#
l2tp enable
#
ike identity user-fqdn zongbu
ike logging negotiation enable
#
ike profile cc
keychain 10
match remote identity address 0.0.0.0 0.0.0.0
proposal 1 2 3 4 5 6
#
ike proposal 1
encryption-algorithm aes-cbc-128
dh group2
authentication-algorithm md5
#
ike proposal 2
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
#
ike proposal 3
encryption-algorithm 3des-cbc
dh group2
#
ike proposal 4
encryption-algorithm aes-cbc-256
dh group2
#
ike proposal 5
dh group2
#
ike proposal 6
encryption-algorithm aes-cbc-192
dh group2
#
ike keychain 10
pre-shared-key address 0.0.0.0 255.255.255.255 key cipher $c$3$pCesm5wZph+8Oi8KneMSMFLnAuZBRg==
- 配置移动办公用户的iPhone。
“密码”填写FW上配置的用户“vpdnuser”对应的密码“Hello123”。“密钥”填写FW上配置的IPSec预共享密钥“Admin@123”
但是我看zhiliao上有做成功的案例呀
有确切文档没,我给用户有个交代
https://support.apple.com/zh-cn/101510?caller=baiduansbx&cid=baiduansbx
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
https://support.apple.com/zh-cn/101510?caller=baiduansbx&cid=baiduansbx