总部F1000-AK160系统升级后与分支F1030建立IPSEC VPN中断(只有阶段1存在)、与其他分支VPN建立正常,在总部查看debu信息如下:
*Apr 30 16:26:46:455 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Received packet from 202.99.252.211 source port 500 destination port 500. *Apr 30 16:26:46:455 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 I-COOKIE: a4169bd793148df3 R-COOKIE: f2ff68f7eaf9cd3d next payload: HASH version: ISAKMP Version 1.0 exchange mode: Quick flags: ENCRYPT message ID: ddb9fc81 length: 156 *Apr 30 16:26:46:455 2019 Center_Out_FW IKE/7/EVENT: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Set IPsec SA state to IKE_P2_STATE_INIT. *Apr 30 16:26:46:455 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Decrypt the packet. *Apr 30 16:26:46:455 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Received ISAKMP Hash Payload. *Apr 30 16:26:46:455 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Received ISAKMP Security Association Payload. *Apr 30 16:26:46:455 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Received ISAKMP Nonce Payload. *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Received ISAKMP Identification Payload (IPsec DOI). *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Received ISAKMP Identification Payload (IPsec DOI). *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Process HASH payload. *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/EVENT: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Validated HASH(1) successfully. *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Process IPsec ID payload. *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Process IPsec ID payload. *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/EVENT: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Set inside vrf to Nego flow info. *Apr 30 16:26:46:456 2019 Center_Out_FW IKE/7/EVENT: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 IPsec SA state changed from IKE_P2_STATE_INIT to IKE_P2_STATE_GETSP. *Apr 30 16:26:46:457 2019 Center_Out_FW IKE/7/ERROR: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Failed to get IPsec policy for phase 2 responder. Delete IPsec SA. *Apr 30 16:26:46:457 2019 Center_Out_FW IKE/7/ERROR: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Failed to negotiate IPsec SA. *Apr 30 16:26:46:457 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Encrypt the packet. *Apr 30 16:26:46:469 2019 Center_Out_FW IKE/7/PACKET: -COntext=1; vrf = 0, local = 218.28.61.122, remote = 202.99.252.211/500 Construct notification packet: INVALID_ID_INFORMATION.
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论