防火墙 SSLVPN

防火墙做了SSLVPN,分配了两个资源，停电后，又一个资源无法拨号，INODE显示查询SSLVPN网关参数失败。请大神指点

pki domain sslvpn

 public-key rsa general name sslvpn

 undo crl check enable

#

pki domain sslvpn1

 public-key rsa general name sslvpn1

 undo crl check enable

#

ssl server-policy ssl

 pki-domain sslvpn

 ciphersuite rsa_aes_128_cbc_sha

#

ssl server-policy ssl1

 pki-domain sslvpn1

 ciphersuite rsa_aes_128_cbc_sha

#

sslvpn ip address-pool ippool 172.16.100.1 172.16.100.100

sslvpn ip address-pool ippool1 172.16.101.1 172.16.101.100

#

sslvpn gateway gw

 ip address 192.168.10.2 port 60443

 ssl server-policy ssl

 service enable

#

sslvpn gateway gw1

 ip address 192.168.10.2 port 61443

 ssl server-policy ssl1

 service enable

#

sslvpn context ctx

 gateway gw domain sslvpn

 ip-tunnel interface SSLVPN-AC10

 ip-tunnel address-pool ippool mask 255.255.255.0

 login-message chinese  VPN

 ip-route-list iplist

  include 10.41.132.0 255.255.255.0

  include 192.168.10.2 255.255.255.255

  include 192.168.12.0 255.255.255.0

 policy-group pgroup

  filter ip-tunnel 3004

  ip-tunnel access-route ip-route-list iplist

 default-policy-group pgroup

 service enable

#

sslvpn context ctx1

 gateway gw1 domain sslvpn1

 ip-tunnel interface SSLVPN-AC11

 ip-tunnel address-pool ippool1 mask 255.255.255.0

 ip-route-list iplist1

  include 172.16.11.0 255.255.255.0

  include 172.16.12.0 255.255.255.0

  include 192.168.11.0 255.255.255.0

  include 192.168.12.0 255.255.255.0

 policy-group pgroup1

  filter ip-tunnel 3004

  ip-tunnel access-route ip-route-list iplist1

 default-policy-group pgroup1

 service enable

interface SSLVPN-AC10

 ip address 172.16.100.254 255.255.255.0

#             

interface SSLVPN-AC11

 ip address 172.16.101.254 255.255.255.0

security-zone name Trust

 import interface GigabitEthernet1/0/8

 import interface SSLVPN-AC10

 import interface SSLVPN-AC11

[H3C]dis pki certificate domain sslvpn loc

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            61:2d:14:96:00:00:00:00:00:08

        Signature Algorithm: sha1WithRSAEncryption

        Issuer: CN=Ca Server

        Validity

            Not Before: Apr  7 06:47:18 2008 GMT

            Not After : Apr  7 06:20:27 2018 GMT

        Subject: C=CN, ST=bj, L=bj, O=h3c, OU=h3c, CN=server/emailAddress=server@h3c.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (1024 bit)

                Modulus:

                    00:ce:b1:77:d6:63:ce:65:01:a7:a9:15:c5:7b:ff:

                    97:14:03:2e:03:bf:d3:dc:3c:e0:00:3e:eb:d2:e4:

                    57:95:26:cb:40:cf:16:63:6a:63:a3:3e:8e:3e:42:

                    76:24:a7:ff:db:e6:98:77:95:50:e5:9a:06:09:0a:

                    f0:f6:f7:46:2a:5b:ce:35:99:ea:b7:b0:90:97:6d:

                    17:f3:19:6b:3d:64:63:22:75:48:ab:65:23:89:66:

                    d9:b0:be:2d:d2:a5:3d:78:ac:f5:cc:85:6f:78:2d:

                    12:61:26:2a:63:7f:02:36:e4:c3:dd:a1:e8:56:21:

                    ae:ad:5d:e7:c9:da:65:6f:25

                Exponent: 65537 (0x10001)

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment

            S/MIME Capabilities:

......0...+....0050...*.H..

..*.H..

            X509v3 Subject Key Identifier:

                58:E4:C7:47:32:D3:E5:CA:04:5F:34:3C:3B:F5:9A:36:BB:78:3D:80

            X509v3 Extended Key Usage:

                TLS Web Server Authentication

            X509v3 Authority Key Identifier:

                keyid:9A:B3:B6:A7:CA:3B:6F:B0:F7:7A:3D:EF:81:E7:32:4D:59:B6:40:89

            X509v3 CRL Distribution Points:

                Full Name:

                  URI:http://h3c-b5m4qrkwcb2/CertEnroll/Ca%20Server.crl

                  URI:file://\\h3c-b5m4qrkwcb2\CertEnroll\Ca Server.crl

            Authority Information Access:

                CA Issuers - URI:http://h3c-b5m4qrkwcb2/CertEnroll/h3c-b5m4qrkwcb2_Ca%20Server.crt

                CA Issuers - URI:file://\\h3c-b5m4qrkwcb2\CertEnroll\h3c-b5m4qrkwcb2_Ca Server.crt

    Signature Algorithm: sha1WithRSAEncryption

        38:03:5d:d5:8d:bf:3a:e2:86:21:99:f8:59:5c:99:e9:cb:60:

        d1:e1:85:a4:67:a6:b6:c5:52:11:5a:66:4d:7c:cf:3b:5c:1f:

        b4:b5:92:ff:1e:a9:9b:77:b9:96:ce:2c:c8:c4:cf:c5:c0:bd:

        3e:c3:f1:dd:8f:65:12:9a:de:19:4c:52:f8:96:ee:2b:52:94:

        39:c7:88:af:dd:43:5a:1d:a3:e5:d4:c8:ac:b2:7e:8b:fe:04:

        a9:de:c2:a6:2c:ff:5b:c4:9d:c4:8e:d3:a2:78:ec:57:9d:8e:

        47:57:2f:ec:85:20:4e:36:9d:d5:8d:2f:93:bb:48:ba:18:f3:

        14:02:8a:ec:4d:be:60:19:47:24:e0:35:7f:b6:51:0f:cd:3a:

        92:fa:93:5f:56:72:85:cf:8b:7d:34:c0:ce:04:25:5f:61:e0:

        47:9d:1e:56:dd:b5:cf:43:1a:c8:2d:95:81:02:32:07:e9:6c:

        e7:30:d0:55:1f:85:c4:4e:e3:19:2d:8a:59:94:54:71:3c:57:

        6c:38:8b:d7:bb:e7:b8:14:af:2a:68:63:54:16:70:3a:70:89:

        d9:70:87:36:48:3f:c2:af:e2:2c:e5:65:53:ff:65:00:6d:3a:

        9b:3d:cb:cf:41:51:16:13:43:25:bd:09:1c:d1:76:12:e5:ac:

        d4:e5:75:ef

[H3C]dis pki certificate domain sslvpn1 loc

[H3C]