VPN不通

中心站点MSR2600 Version 5.20, Release 2516P15 WAN口配置有公网IP，远端站点MSR830 使用拔号光纤可以使用ipsec vpn连接进来，但目前旧路由器 msr30-11 Version 5.20, Release 1809 现在无法连接进来，中心点和远程点的配置如下，请求指导。中心站点：dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 2516P15sysname nssyacl number 3011 rule 0 permit ip source 172.20.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255ike local-name nssyike proposal 111 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 111 pre-shared-key simple sknssy id-type name remote-name shekou local-name nssy nat traversalquitipsec transform-set nssy encapsulation-mode tunnel transform esp esp authentication-algorithm md5 esp encryption-algorithm desquitipsec policy nssy 11 isakmp security acl 3011 ike-peer shekou transform-set nssyquitinterface GigabitEthernet0/0 port link-mode route nat outbound  ip address 116.x.x.x 255.255.255.224 ipsec no-nat-process enable ipsec policy nssyquitip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 116.x.x.x远端站点：dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 1809sysname SheKou1acl number 3001 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255  rule 1 deny ipquitacl number 3100 rule 1 deny ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255  rule 100 permit ipquitike local-name shekouike proposal 101 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 101 pre-shared-key simple sknssy remote-address 116.x.x.x local-name shekou nat traversalquitipsec proposal shekou esp encryption-algorithm des esp authentication-algorithm md5 quitipsec policy shekou 1 isakmp  proposal shekou security acl 3001 ike-peer shekouquitint e0/1 port link-mode route ip add 10.1.121.250 255.255.255.0 nat outbound 3100 ipsec no-nat-process enable ipsec  policy shekouquitint e0/0  port link-mode route  ip add 192.168.1.1 255.255.255.0quit ip route-static 0.0.0.0 0.0.0.0 10.1.121.163

中心站点MSR2600 Version 5.20, Release 2516P15 WAN口配置有公网IP，远端站点MSR830 使用拔号光纤可以使用ipsec vpn连接进来，但目前旧路由器 msr30-11 Version 5.20, Release 1809 现在无法连接进来，中心点和远程点的配置如下，请求指导。中心站点：dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 2516P15sysname nssyacl number 3011 rule 0 permit ip source 172.20.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255ike local-name nssyike proposal 111 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 111 pre-shared-key simple sknssy id-type name remote-name shekou local-name nssy nat traversalquitipsec transform-set nssy encapsulation-mode tunnel transform esp esp authentication-algorithm md5 esp encryption-algorithm desquitipsec policy nssy 11 isakmp security acl 3011 ike-peer shekou transform-set nssyquitinterface GigabitEthernet0/0 port link-mode route nat outbound  ip address 116.x.x.x 255.255.255.224 ipsec no-nat-process enable ipsec policy nssyquitip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 116.x.x.x远端站点：dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 1809sysname SheKou1acl number 3001 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255  rule 1 deny ipquitacl number 3100 rule 1 deny ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255  rule 100 permit ipquitike local-name shekouike proposal 101 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 101 pre-shared-key simple sknssy remote-address 116.x.x.x local-name shekou nat traversalquitipsec proposal shekou esp encryption-algorithm des esp authentication-algorithm md5 quitipsec policy shekou 1 isakmp  proposal shekou security acl 3001 ike-peer shekouquitint e0/1 port link-mode route ip add 10.1.121.250 255.255.255.0 nat outbound 3100 ipsec no-nat-process enable ipsec  policy shekouquitint e0/0  port link-mode route  ip add 192.168.1.1 255.255.255.0quit ip route-static 0.0.0.0 0.0.0.0 10.1.121.163