设置列表 有序列表 无序列表对齐方式 靠左 居中 靠右 一个分支挂在拨号路由器下面,突然发现VPN不通了,确认配置没有改变
麻烦大神帮忙看看可能是什么原因,或者指导一下继续排查的步骤,谢谢!
图片和附件发不出来,文字描述一下:
<fenzhi>dis ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------------
7465 218.12.13.14 RD|ST 1 IPSEC
7466 <unnamed> NONE 2 IPSEC
debugging ike all感觉有异常的地方
*Jul 23 07:23:41:222 2020 fenzhi IKE/7/DEBUG: check message duplicate
*Jul 23 07:23:41:223 2020 fenzhi IKE/7/DEBUG: check message duplicate: dropping dup
debugging ipsec all
感觉有异常的地方
*Jul 23 07:24:07:501 2020 fenzhi IPSEC/7/DBG:
Entering IPsec NAT bypass pross.
*Jul 23 07:24:07:502 2020 fenzhi IPSEC/7/DBG: ipsec nat bypass is not enable.
总部一台F1000防火墙,分支是MSR830路由 ,分支使用GRE over IPSEC VPN连接总部。分支有的是自己拨号,有的是挂在拨号路由器下面的,总部分支配置都没有问题(已经大规模部署,配置成熟)。
(0)
最佳答案
您好,请知:
关于IPSEC VPN无法建立的故障,可参考如下要点进行排查:
1、请确认本端和对端的路由可达,且可以PING通。
2、请确认本端和对端的IPSEC VPN的加密算法,认证算法、密钥都一致。
3、如果是IPSEC IKE野蛮模式,固定IP地址端要正确指向对端的fqdn,另外非固定IP地址端需要正确指向对端的IP地址。
4、另外需确认本端和对端的感兴趣数据流都在ACL内进行了覆盖。
5、另外看下MSR830和F1000的软件版本是否是最新的,可考虑升级版本到最新看下。
6、有一端是F1000防火墙,需要检查下安全策略是否有变动。
7、以下是MSR830的用户手册链接,请参考:
https://www.h3c.com/cn/Service/Document_Software/Document_Center/Routers/Catalog/MSR/MSR_830/
8、以下是F1000的用户手册链接,请参考:
https://www.h3c.com/cn/Service/Document_Software/Document_Center/Routers/Catalog/MSR/MSR_830/
(0)
debug ike all即可,看下调试内容
(0)
*Jul 23 07:22:47:113 2020 fenzhi IKE/7/DEBUG: received message: *Jul 23 07:22:47:114 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0xdcf4ee736ca0ec91 *Jul 23 07:22:47:116 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x124dd6e0ceb9239b *Jul 23 07:22:47:117 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: SA *Jul 23 07:22:47:118 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:22:47:119 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:22:47:120 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ] *Jul 23 07:22:47:121 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:22:47:122 2020 fenzhi IKE/7/DEBUG: LENGTH: 328 *Jul 23 07:22:47:124 2020 fenzhi IKE/7/DEBUG: check message duplicate *Jul 23 07:22:47:125 2020 fenzhi IKE/7/DEBUG: check message duplicate: dropping dup *Jul 23 07:22:47:126 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:22:47:127 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0xdcf4ee736ca0ec91 *Jul 23 07:22:47:128 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x124dd6e0ceb9239b *Jul 23 07:22:47:129 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:22:47:131 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:22:47:132 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:22:47:133 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:22:47:134 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:22:47:135 2020 fenzhi IKE/7/DEBUG: LENGTH: 100 Info: Current terminal debugging is on. <fenzhi>res *Jul 23 07:22:52:282 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:22:52:283 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0xdcf4ee736ca0ec91 *Jul 23 07:22:52:285 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x124dd6e0ceb9239b *Jul 23 07:22:52:286 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:22:52:287 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:22:52:288 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: QUICK_MODE *Jul 23 07:22:52:289 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:22:52:290 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0xf739d89b *Jul 23 07:22:52:291 2020 fenzhi IKE/7/DEBUG: LENGTH: 164et ike sa <fenzhi> *Jul 23 07:22:55:399 2020 fenzhi IKE/7/DEBUG: exchange setup(I): 968f160 *Jul 23 07:22:55:400 2020 fenzhi IKE/7/DEBUG: add payload to message: HASH *Jul 23 07:22:55:401 2020 fenzhi IKE/7/DEBUG: send info message : delete isakmp sa *Jul 23 07:22:55:402 2020 fenzhi IKE/7/DEBUG: add payload to message: DELETE *Jul 23 07:22:55:403 2020 fenzhi IKE/7/DEBUG: DOI: IPSEC *Jul 23 07:22:55:405 2020 fenzhi IKE/7/DEBUG: PROTO: ISAKMP *Jul 23 07:22:55:406 2020 fenzhi IKE/7/DEBUG: SPI_SZ: 16 *Jul 23 07:22:55:407 2020 fenzhi IKE/7/DEBUG: NSPIS: 1 *Jul 23 07:22:55:408 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required INFO *Jul 23 07:22:55:409 2020 fenzhi IKE/7/DEBUG: initialized IV: *Jul 23 07:22:55:410 2020 fenzhi IKE/7/DEBUG: 7989eb57 d8d235d4 *Jul 23 07:22:55:411 2020 fenzhi IKE/7/DEBUG: DO encrypt: before encryption: *Jul 23 07:22:55:413 2020 fenzhi IKE/7/DEBUG: 0c000018 c1b708fe 12923589 9ed42fff *Jul 23 07:22:55:414 2020 fenzhi IKE/7/DEBUG: 3367a881 33cf1d89 0000001c 00000001 *Jul 23 07:22:55:415 2020 fenzhi IKE/7/DEBUG: 01100001 dcf4ee73 6ca0ec91 124dd6e0 *Jul 23 07:22:55:416 2020 fenzhi IKE/7/DEBUG: ceb9239b 00000000 *Jul 23 07:22:55:417 2020 fenzhi IKE/7/DEBUG: CryptoEngine_BlockEncrypt: op type = 0x00001003. *Jul 23 07:22:55:418 2020 fenzhi IKE/7/DEBUG: enc_key: *Jul 23 07:22:55:419 2020 fenzhi IKE/7/DEBUG: 3b624fa4 bcc1f1c7 *Jul 23 07:22:55:420 2020 fenzhi IKE/7/DEBUG: iv: *Jul 23 07:22:55:421 2020 fenzhi IKE/7/DEBUG: 7989eb57 d8d235d4 *Jul 23 07:22:55:422 2020 fenzhi IKE/7/DEBUG: DO encrypt: using soft crypto engine. *Jul 23 07:22:55:423 2020 fenzhi IKE/7/DEBUG: DO encrypt: after encryption: *Jul 23 07:22:55:424 2020 fenzhi IKE/7/DEBUG: c909e269 0083c87b fea6ca6b 6b4f7d57 *Jul 23 07:22:55:425 2020 fenzhi IKE/7/DEBUG: 5baf8178 ec4766cd 1bf2ed8a bd27a8b4 *Jul 23 07:22:55:426 2020 fenzhi IKE/7/DEBUG: 7a95fe8a f59dc268 06d55b3d 23a0a39f *Jul 23 07:22:55:427 2020 fenzhi IKE/7/DEBUG: d8457720 0a075e79 *Jul 23 07:22:55:427 2020 fenzhi IKE/7/DEBUG: updated IV: *Jul 23 07:22:55:428 2020 fenzhi IKE/7/DEBUG: d8457720 0a075e79 *Jul 23 07:22:55:429 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:22:55:430 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0xdcf4ee736ca0ec91 *Jul 23 07:22:55:431 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x124dd6e0ceb9239b *Jul 23 07:22:55:432 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:22:55:433 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:22:55:434 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: INFO *Jul 23 07:22:55:435 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:22:55:436 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x58563888 *Jul 23 07:22:55:436 2020 fenzhi IKE/7/DEBUG: LENGTH: 84 *Jul 23 07:22:55:437 2020 fenzhi IKE/7/DEBUG: exchange state machine(I): finished step 0, advancing... *Jul 23 07:22:55:438 2020 fenzhi IKE/7/DEBUG: IKE_DPD: isakmp sa name : 192.168.1.99,218.12.13.14,4500,,0 *Jul 23 07:22:55:439 2020 fenzhi IKE/7/DEBUG: IKE_DPD: PF_KEY notify ipsec to update dpd recv_time. *Jul 23 07:22:55:440 2020 fenzhi IKE/7/DEBUG: IKE_DPD: release ike dpd structure *Jul 23 07:22:55:441 2020 fenzhi IKE/7/DEBUG: exchange release: freeing exchange 94dcb80 *Jul 23 07:22:55:442 2020 fenzhi IKE/7/DEBUG: exchange release: freeing exchange 968fc00 *Jul 23 07:22:55:443 2020 fenzhi IKE/7/DEBUG: exchange release: freeing exchange 968f160 <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi> *Jul 23 07:23:04:115 2020 fenzhi IKE/7/DEBUG: received message: *Jul 23 07:23:04:116 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0xdcf4ee736ca0ec91 *Jul 23 07:23:04:118 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x124dd6e0ceb9239b *Jul 23 07:23:04:119 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: SA *Jul 23 07:23:04:120 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:04:121 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:04:122 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ] *Jul 23 07:23:04:123 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:04:124 2020 fenzhi IKE/7/DEBUG: LENGTH: 328 *Jul 23 07:23:04:126 2020 fenzhi IKE/7/DEBUG: received message: invalid COOKIE(s) dcf4ee736ca0ec91 124dd6e0ceb9239b <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi>dis ike sa *Jul 23 07:23:18:180 2020 fenzhi IKE/7/DEBUG: received message: *Jul 23 07:23:18:181 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0xdcf4ee736ca0ec91 *Jul 23 07:23:18:183 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x124dd6e0ceb9239b *Jul 23 07:23:18:184 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: SA *Jul 23 07:23:18:185 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:18:186 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:18:187 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ] *Jul 23 07:23:18:188 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:18:189 2020 fenzhi IKE/7/DEBUG: LENGTH: 328 *Jul 23 07:23:18:191 2020 fenzhi IKE/7/DEBUG: received message: invalid COOKIE(s) dcf4ee736ca0ec91 124dd6e0ceb9239b total phase-1 SAs: 0 connection-id peer flag phase doi ---------------------------------------------------------------- flag meaning RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT RK--REKEY <fenzhi> <fenzhi> <fenzhi> <fenzhi>dis ike sa total phase-1 SAs: 0 connection-id peer flag phase doi ---------------------------------------------------------------- flag meaning RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT RK--REKEY <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi> *Jul 23 07:23:30:211 2020 fenzhi IKE/7/DEBUG: IKE receive acquire SA request, IKE peer name:test. *Jul 23 07:23:30:212 2020 fenzhi IKE/7/DEBUG: Connection name is 192.168.1.99,218.12.13.14,500,,0,1,1 *Jul 23 07:23:30:213 2020 fenzhi IKE/7/DEBUG: Check connection: SA for 192.168.1.99,218.12.13.14,500,,0,1,1 missing *Jul 23 07:23:30:214 2020 fenzhi IKE/7/DEBUG: exchange lookup :name = 192.168.1.99,218.12.13.14,500,,0,1,1 phase = 2 *Jul 23 07:23:30:215 2020 fenzhi IKE/7/DEBUG: exchange lookup :name = 192.168.1.99,218.12.13.14,500,,0,0,0 phase = 1 *Jul 23 07:23:30:216 2020 fenzhi IKE/7/DEBUG: exchange setup(I): 968f380 *Jul 23 07:23:30:217 2020 fenzhi IKE/7/DEBUG: create udp resource:name = 192.168.1.99,218.12.13.14,500,,0,0,0. *Jul 23 07:23:30:219 2020 fenzhi IKE/7/DEBUG: add payload to message: SA *Jul 23 07:23:30:220 2020 fenzhi IKE/7/DEBUG: DOI: 1 *Jul 23 07:23:30:221 2020 fenzhi IKE/7/DEBUG: add payload to message: PROPOSAL *Jul 23 07:23:30:222 2020 fenzhi IKE/7/DEBUG: NO: 1 *Jul 23 07:23:30:223 2020 fenzhi IKE/7/DEBUG: PROTO: ISAKMP *Jul 23 07:23:30:224 2020 fenzhi IKE/7/DEBUG: SPI_SZ: 0 *Jul 23 07:23:30:225 2020 fenzhi IKE/7/DEBUG: NTRANSFORMS: 1 *Jul 23 07:23:30:227 2020 fenzhi IKE/7/DEBUG: add payload to message: TRANSFORM *Jul 23 07:23:30:228 2020 fenzhi IKE/7/DEBUG: NO: 0 *Jul 23 07:23:30:229 2020 fenzhi IKE/7/DEBUG: ID: 1 *Jul 23 07:23:30:230 2020 fenzhi IKE/7/DEBUG: Transform 0's attributes *Jul 23 07:23:30:230 2020 fenzhi IKE/7/DEBUG: Attribute ENCRYPTION_ALGORITHM : DES_CBC *Jul 23 07:23:30:231 2020 fenzhi IKE/7/DEBUG: Attribute HASH_ALGORITHM : SHA *Jul 23 07:23:30:232 2020 fenzhi IKE/7/DEBUG: Attribute AUTHENTICATION_METHOD : PRE_SHARED *Jul 23 07:23:30:232 2020 fenzhi IKE/7/DEBUG: Attribute GROUP_DESCRIPTION : MODP_768 *Jul 23 07:23:30:233 2020 fenzhi IKE/7/DEBUG: Attribute LIFE_TYPE : SECONDS *Jul 23 07:23:30:233 2020 fenzhi IKE/7/DEBUG: Attribute LIFE_DURATION : 86400 *Jul 23 07:23:30:234 2020 fenzhi IKE/7/DEBUG: P1 initiator send SA message. *Jul 23 07:23:30:235 2020 fenzhi IKE/7/DEBUG: add payload to message: KEY_EXCH *Jul 23 07:23:30:235 2020 fenzhi IKE/7/DEBUG: Group ID: 1 *Jul 23 07:23:30:236 2020 fenzhi IKE/7/DEBUG: add payload to message: NONCE *Jul 23 07:23:30:237 2020 fenzhi IKE/7/DEBUG: add payload to message: VENDOR *Jul 23 07:23:30:237 2020 fenzhi IKE/7/DEBUG: IKE_DPD: send VID : afcad713 68a1f1c9 6b8696fc 77570100 (DPD) *Jul 23 07:23:30:238 2020 fenzhi IKE/7/DEBUG: add payload to message: ID *Jul 23 07:23:30:238 2020 fenzhi IKE/7/DEBUG: TYPE: 2 *Jul 23 07:23:30:239 2020 fenzhi IKE/7/DEBUG: DOI_DATA: 0x000000 *Jul 23 07:23:30:240 2020 fenzhi IKE/7/DEBUG: add payload to message: VENDOR *Jul 23 07:23:30:240 2020 fenzhi IKE/7/DEBUG: send rfc3947 VID *Jul 23 07:23:30:241 2020 fenzhi IKE/7/DEBUG: add payload to message: VENDOR *Jul 23 07:23:30:241 2020 fenzhi IKE/7/DEBUG: send draft-ietf-ipsec-nat-t-ike-06 VID *Jul 23 07:23:30:242 2020 fenzhi IKE/7/DEBUG: add payload to message: VENDOR *Jul 23 07:23:30:243 2020 fenzhi IKE/7/DEBUG: send draft-ietf-ipsec-nat-t-ike-03 VID *Jul 23 07:23:30:243 2020 fenzhi IKE/7/DEBUG: add payload to message: VENDOR *Jul 23 07:23:30:244 2020 fenzhi IKE/7/DEBUG: send draft-ietf-ipsec-nat-t-ike-02 VID *Jul 23 07:23:30:245 2020 fenzhi IKE/7/DEBUG: add payload to message: VENDOR *Jul 23 07:23:30:245 2020 fenzhi IKE/7/DEBUG: send draft-ietf-ipsec-nat-t-ike-01 VID *Jul 23 07:23:30:246 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required SA *Jul 23 07:23:30:247 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required KEY_EXCH *Jul 23 07:23:30:247 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required NONCE *Jul 23 07:23:30:248 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required ID *Jul 23 07:23:30:248 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:23:30:249 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:30:250 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x0000000000000000 *Jul 23 07:23:30:250 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: SA *Jul 23 07:23:30:251 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:30:252 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:30:252 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ] *Jul 23 07:23:30:253 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:30:253 2020 fenzhi IKE/7/DEBUG: LENGTH: 336 *Jul 23 07:23:30:254 2020 fenzhi IKE/7/DEBUG: exchange state machine(I): finished step 0, advancing... *Jul 23 07:23:30:376 2020 fenzhi IKE/7/DEBUG: received message: *Jul 23 07:23:30:377 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:30:378 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:30:380 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: SA *Jul 23 07:23:30:381 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:30:382 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:30:383 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ] *Jul 23 07:23:30:384 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:30:385 2020 fenzhi IKE/7/DEBUG: LENGTH: 328 *Jul 23 07:23:30:386 2020 fenzhi IKE/7/DEBUG: check message duplicate *Jul 23 07:23:30:388 2020 fenzhi IKE/7/DEBUG: parse payloads: payload SA *Jul 23 07:23:30:389 2020 fenzhi IKE/7/DEBUG: parse payloads: payload KEY_EXCH *Jul 23 07:23:30:390 2020 fenzhi IKE/7/DEBUG: parse payloads: payload NONCE *Jul 23 07:23:30:391 2020 fenzhi IKE/7/DEBUG: parse payloads: payload VENDOR *Jul 23 07:23:30:392 2020 fenzhi IKE/7/DEBUG: parse payloads: payload ID *Jul 23 07:23:30:393 2020 fenzhi IKE/7/DEBUG: parse payloads: payload VENDOR *Jul 23 07:23:30:394 2020 fenzhi IKE/7/DEBUG: parse payloads: payload NAT_D *Jul 23 07:23:30:396 2020 fenzhi IKE/7/DEBUG: parse payloads: payload NAT_D *Jul 23 07:23:30:397 2020 fenzhi IKE/7/DEBUG: parse payloads: payload HASH *Jul 23 07:23:30:398 2020 fenzhi IKE/7/DEBUG: validate payload SA *Jul 23 07:23:30:399 2020 fenzhi IKE/7/DEBUG: DOI: 1 *Jul 23 07:23:30:400 2020 fenzhi IKE/7/DEBUG: parse payloads: payload PROPOSAL *Jul 23 07:23:30:401 2020 fenzhi IKE/7/DEBUG: parse payloads: payload TRANSFORM *Jul 23 07:23:30:403 2020 fenzhi IKE/7/DEBUG: validate payload PROPOSAL *Jul 23 07:23:30:404 2020 fenzhi IKE/7/DEBUG: NO: 1 *Jul 23 07:23:30:405 2020 fenzhi IKE/7/DEBUG: PROTO: ISAKMP *Jul 23 07:23:30:406 2020 fenzhi IKE/7/DEBUG: SPI_SZ: 0 *Jul 23 07:23:30:407 2020 fenzhi IKE/7/DEBUG: NTRANSFORMS: 1 *Jul 23 07:23:30:408 2020 fenzhi IKE/7/DEBUG: validate payload TRANSFORM *Jul 23 07:23:30:409 2020 fenzhi IKE/7/DEBUG: NO: 0 *Jul 23 07:23:30:411 2020 fenzhi IKE/7/DEBUG: ID: 1 *Jul 23 07:23:30:412 2020 fenzhi IKE/7/DEBUG: Transform 0's attributes *Jul 23 07:23:30:413 2020 fenzhi IKE/7/DEBUG: Attribute ENCRYPTION_ALGORITHM : DES_CBC *Jul 23 07:23:30:414 2020 fenzhi IKE/7/DEBUG: Attribute HASH_ALGORITHM : SHA *Jul 23 07:23:30:415 2020 fenzhi IKE/7/DEBUG: Attribute AUTHENTICATION_METHOD : PRE_SHARED *Jul 23 07:23:30:416 2020 fenzhi IKE/7/DEBUG: Attribute GROUP_DESCRIPTION : MODP_768 *Jul 23 07:23:30:417 2020 fenzhi IKE/7/DEBUG: Attribute LIFE_TYPE : SECONDS *Jul 23 07:23:30:419 2020 fenzhi IKE/7/DEBUG: Attribute LIFE_DURATION : 86400 *Jul 23 07:23:30:420 2020 fenzhi IKE/7/DEBUG: validate payload KEY_EXCH *Jul 23 07:23:30:421 2020 fenzhi IKE/7/DEBUG: validate payload ID *Jul 23 07:23:30:422 2020 fenzhi IKE/7/DEBUG: TYPE: 2 *Jul 23 07:23:30:423 2020 fenzhi IKE/7/DEBUG: DOI_DATA: 0x000000 *Jul 23 07:23:30:424 2020 fenzhi IKE/7/DEBUG: id information: type 2 proto 0 port 0 *Jul 23 07:23:30:426 2020 fenzhi IKE/7/DEBUG: validate payload HASH *Jul 23 07:23:30:427 2020 fenzhi IKE/7/DEBUG: validate payload NONCE *Jul 23 07:23:30:428 2020 fenzhi IKE/7/DEBUG: validate payload VENDOR *Jul 23 07:23:30:429 2020 fenzhi IKE/7/DEBUG: vendor ID seen *Jul 23 07:23:30:430 2020 fenzhi IKE/7/DEBUG: validate payload VENDOR *Jul 23 07:23:30:431 2020 fenzhi IKE/7/DEBUG: vendor ID seen *Jul 23 07:23:30:433 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required SA *Jul 23 07:23:30:434 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required KEY_EXCH *Jul 23 07:23:30:435 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required NONCE *Jul 23 07:23:30:436 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required ID *Jul 23 07:23:30:437 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required AUTH *Jul 23 07:23:30:438 2020 fenzhi IKE/7/DEBUG: receive DPD Protocol Vendor ID *Jul 23 07:23:30:440 2020 fenzhi IKE/7/DEBUG: receive rfc3947 Protocol Vendor ID *Jul 23 07:23:30:441 2020 fenzhi IKE/7/DEBUG: P1 initiator receive SA message. *Jul 23 07:23:30:442 2020 fenzhi IKE/7/DEBUG: initialized IV: *Jul 23 07:23:30:443 2020 fenzhi IKE/7/DEBUG: c5171010 1d885e80 *Jul 23 07:23:30:444 2020 fenzhi IKE/7/DEBUG: select rfc3947 Protocol for NAT Traversal *Jul 23 07:23:30:446 2020 fenzhi IKE/7/DEBUG: exchange state machine(I): finished step 1, advancing... *Jul 23 07:23:30:447 2020 fenzhi IKE/7/DEBUG: add payload to message: HASH *Jul 23 07:23:30:448 2020 fenzhi IKE/7/DEBUG: add payload to message: NAT_D *Jul 23 07:23:30:449 2020 fenzhi IKE/7/DEBUG: add payload to message: NAT_D *Jul 23 07:23:30:450 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required AUTH *Jul 23 07:23:30:451 2020 fenzhi IKE/7/DEBUG: DO encrypt: before encryption: *Jul 23 07:23:30:453 2020 fenzhi IKE/7/DEBUG: 14000018 dedb916a db3caa13 ea0a46ad *Jul 23 07:23:30:454 2020 fenzhi IKE/7/DEBUG: 4ecf53cd 12f39338 14000018 60204f6e *Jul 23 07:23:30:455 2020 fenzhi IKE/7/DEBUG: 4b27d26d ebfd9dcc c3209ddf c919d8ce *Jul 23 07:23:30:456 2020 fenzhi IKE/7/DEBUG: 00000018 739ca092 296b9df4 5f46ff4b *Jul 23 07:23:30:457 2020 fenzhi IKE/7/DEBUG: 7b828004 850ecbb0 *Jul 23 07:23:30:458 2020 fenzhi IKE/7/DEBUG: CryptoEngine_BlockEncrypt: op type = 0x00001003. *Jul 23 07:23:30:460 2020 fenzhi IKE/7/DEBUG: enc_key: *Jul 23 07:23:30:461 2020 fenzhi IKE/7/DEBUG: e07070e0 80bf8cc1 *Jul 23 07:23:30:462 2020 fenzhi IKE/7/DEBUG: iv: *Jul 23 07:23:30:463 2020 fenzhi IKE/7/DEBUG: c5171010 1d885e80 *Jul 23 07:23:30:464 2020 fenzhi IKE/7/DEBUG: DO encrypt: using soft crypto engine. *Jul 23 07:23:30:466 2020 fenzhi IKE/7/DEBUG: DO encrypt: after encryption: *Jul 23 07:23:30:467 2020 fenzhi IKE/7/DEBUG: 58540202 e59a8171 a4165c1e df4eae6b *Jul 23 07:23:30:468 2020 fenzhi IKE/7/DEBUG: e3484233 d2095710 9a205c04 bde3c5ab *Jul 23 07:23:30:469 2020 fenzhi IKE/7/DEBUG: 7589e121 439088e1 162ae481 b6d28c1a *Jul 23 07:23:30:470 2020 fenzhi IKE/7/DEBUG: 71e24057 d50d0821 b3133927 0a469c51 *Jul 23 07:23:30:472 2020 fenzhi IKE/7/DEBUG: a821ae56 e991e61b *Jul 23 07:23:30:473 2020 fenzhi IKE/7/DEBUG: updated IV: *Jul 23 07:23:30:474 2020 fenzhi IKE/7/DEBUG: a821ae56 e991e61b *Jul 23 07:23:30:475 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:23:30:476 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:30:477 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:30:479 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:23:30:480 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:30:481 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:30:482 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:23:30:483 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:30:484 2020 fenzhi IKE/7/DEBUG: LENGTH: 100 *Jul 23 07:23:30:486 2020 fenzhi IKE/7/DEBUG: exchange state machine(I): finished step 2, advancing... *Jul 23 07:23:30:487 2020 fenzhi IKE/7/DEBUG: IKE_DPD: PF_KEY notify ipsec to update dpd recv_time. *Jul 23 07:23:30:488 2020 fenzhi IKE/7/DEBUG: exchange setup(I): 94e2ee0 *Jul 23 07:23:30:489 2020 fenzhi IKE/7/DEBUG: add payload to message: HASH *Jul 23 07:23:30:490 2020 fenzhi IKE/7/DEBUG: add payload to message: SA *Jul 23 07:23:30:492 2020 fenzhi IKE/7/DEBUG: DOI: 1 *Jul 23 07:23:30:520 2020 fenzhi IKE/7/DEBUG: add payload to message: PROPOSAL *Jul 23 07:23:30:521 2020 fenzhi IKE/7/DEBUG: NO: 1 *Jul 23 07:23:30:522 2020 fenzhi IKE/7/DEBUG: PROTO: IPSEC_ESP *Jul 23 07:23:30:523 2020 fenzhi IKE/7/DEBUG: SPI_SZ: 4 *Jul 23 07:23:30:524 2020 fenzhi IKE/7/DEBUG: NTRANSFORMS: 1 *Jul 23 07:23:30:525 2020 fenzhi IKE/7/DEBUG: add payload to message: TRANSFORM *Jul 23 07:23:30:527 2020 fenzhi IKE/7/DEBUG: NO: 1 *Jul 23 07:23:30:528 2020 fenzhi IKE/7/DEBUG: ID: 3 *Jul 23 07:23:30:529 2020 fenzhi IKE/7/DEBUG: Transform 1's attributes *Jul 23 07:23:30:530 2020 fenzhi IKE/7/DEBUG: Attribute SA_LIFE_TYPE : SECONDS *Jul 23 07:23:30:531 2020 fenzhi IKE/7/DEBUG: Attribute SA_LIFE_DURATION : 3600 *Jul 23 07:23:30:532 2020 fenzhi IKE/7/DEBUG: Attribute SA_LIFE_TYPE : KILOBYTES *Jul 23 07:23:30:533 2020 fenzhi IKE/7/DEBUG: Attribute SA_LIFE_DURATION : 1843200 *Jul 23 07:23:30:535 2020 fenzhi IKE/7/DEBUG: Attribute ENCAPSULATION_MODE : TUNNEL_UDP_ENCASULATE *Jul 23 07:23:30:536 2020 fenzhi IKE/7/DEBUG: Attribute AUTHENTICATION_ALGORITHM : HMAC_SHA *Jul 23 07:23:30:537 2020 fenzhi IKE/7/DEBUG: add payload to message: NONCE *Jul 23 07:23:30:538 2020 fenzhi IKE/7/DEBUG: add payload to message: ID *Jul 23 07:23:30:539 2020 fenzhi IKE/7/DEBUG: TYPE: 1 *Jul 23 07:23:30:540 2020 fenzhi IKE/7/DEBUG: DOI_DATA: 0x2f0000 *Jul 23 07:23:30:541 2020 fenzhi IKE/7/DEBUG: add payload to message: ID *Jul 23 07:23:30:543 2020 fenzhi IKE/7/DEBUG: TYPE: 1 *Jul 23 07:23:30:544 2020 fenzhi IKE/7/DEBUG: DOI_DATA: 0x2f0000 *Jul 23 07:23:30:545 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required HASH *Jul 23 07:23:30:546 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required SA *Jul 23 07:23:30:547 2020 fenzhi IKE/7/DEBUG: exchange check: checking for required NONCE *Jul 23 07:23:30:548 2020 fenzhi IKE/7/DEBUG: initialized IV: *Jul 23 07:23:30:550 2020 fenzhi IKE/7/DEBUG: 4b2a9267 a995406a *Jul 23 07:23:30:551 2020 fenzhi IKE/7/DEBUG: DO encrypt: before encryption: *Jul 23 07:23:30:552 2020 fenzhi IKE/7/DEBUG: 01000018 da2623d7 7427d0cb e6d11087 *Jul 23 07:23:30:553 2020 fenzhi IKE/7/DEBUG: b91c1d38 52761ce5 0a000040 00000001 *Jul 23 07:23:30:554 2020 fenzhi IKE/7/DEBUG: 00000001 00000034 01030401 2e206992 *Jul 23 07:23:30:555 2020 fenzhi IKE/7/DEBUG: 00000028 01030000 80010001 00020004 *Jul 23 07:23:30:557 2020 fenzhi IKE/7/DEBUG: 00000e10 80010002 00020004 001c2000 *Jul 23 07:23:30:558 2020 fenzhi IKE/7/DEBUG: 80040003 80050002 05000014 c407929f *Jul 23 07:23:30:559 2020 fenzhi IKE/7/DEBUG: 661c3e18 363ea8cd 12a348a5 0500000c *Jul 23 07:23:30:560 2020 fenzhi IKE/7/DEBUG: 012f0000 ac00005c 0000000c 012f0000 *Jul 23 07:23:30:561 2020 fenzhi IKE/7/DEBUG: ac0000fe 00000000 *Jul 23 07:23:30:562 2020 fenzhi IKE/7/DEBUG: CryptoEngine_BlockEncrypt: op type = 0x00001003. *Jul 23 07:23:30:563 2020 fenzhi IKE/7/DEBUG: enc_key: *Jul 23 07:23:30:565 2020 fenzhi IKE/7/DEBUG: e07070e0 80bf8cc1 *Jul 23 07:23:30:566 2020 fenzhi IKE/7/DEBUG: iv: *Jul 23 07:23:30:567 2020 fenzhi IKE/7/DEBUG: 4b2a9267 a995406a *Jul 23 07:23:30:568 2020 fenzhi IKE/7/DEBUG: DO encrypt: using soft crypto engine. *Jul 23 07:23:30:569 2020 fenzhi IKE/7/DEBUG: DO encrypt: after encryption: *Jul 23 07:23:30:570 2020 fenzhi IKE/7/DEBUG: 7660f4bf df65c04d 48f8efb5 3ab73b7b *Jul 23 07:23:30:572 2020 fenzhi IKE/7/DEBUG: b55ab2f1 6c457ee1 65f9dcca 39e95396 *Jul 23 07:23:30:573 2020 fenzhi IKE/7/DEBUG: 94aee525 fee3baa6 5b4385b5 62da04a7 *Jul 23 07:23:30:574 2020 fenzhi IKE/7/DEBUG: 17b6ed3f a0522440 42f5ce73 2414e2e1 *Jul 23 07:23:30:575 2020 fenzhi IKE/7/DEBUG: 1ace577d 43eda3d3 e4706384 11af92df *Jul 23 07:23:30:576 2020 fenzhi IKE/7/DEBUG: f64d0ae3 a2454d26 4154f7a4 a0d6e91f *Jul 23 07:23:30:577 2020 fenzhi IKE/7/DEBUG: 018bd7c6 194397c4 bff26838 9eeabdce *Jul 23 07:23:30:579 2020 fenzhi IKE/7/DEBUG: 2288e144 43e27a7f cbbd11e6 4030b88a *Jul 23 07:23:30:580 2020 fenzhi IKE/7/DEBUG: 02b9a694 d11fdbdd *Jul 23 07:23:30:581 2020 fenzhi IKE/7/DEBUG: updated IV: *Jul 23 07:23:30:582 2020 fenzhi IKE/7/DEBUG: 02b9a694 d11fdbdd *Jul 23 07:23:30:583 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:23:30:584 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:30:586 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:30:587 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:23:30:588 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:30:589 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: QUICK_MODE *Jul 23 07:23:30:590 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:23:30:591 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0xce824282 *Jul 23 07:23:30:593 2020 fenzhi IKE/7/DEBUG: LENGTH: 164 *Jul 23 07:23:30:594 2020 fenzhi IKE/7/DEBUG: exchange state machine(I): finished step 0, advancing... *Jul 23 07:23:36:260 2020 fenzhi IKE/7/DEBUG: send nat keepalive message *Jul 23 07:23:41:212 2020 fenzhi IKE/7/DEBUG: received message: *Jul 23 07:23:41:213 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:41:214 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:41:215 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: SA *Jul 23 07:23:41:216 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:41:218 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:41:219 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ] *Jul 23 07:23:41:220 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:41:221 2020 fenzhi IKE/7/DEBUG: LENGTH: 328 *Jul 23 07:23:41:222 2020 fenzhi IKE/7/DEBUG: check message duplicate *Jul 23 07:23:41:223 2020 fenzhi IKE/7/DEBUG: check message duplicate: dropping dup *Jul 23 07:23:41:224 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:23:41:226 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:41:227 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:41:228 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:23:41:229 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:41:230 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:41:231 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:23:41:232 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:41:234 2020 fenzhi IKE/7/DEBUG: LENGTH: 100 *Jul 23 07:23:43:426 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:23:43:427 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:43:428 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:43:429 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:23:43:430 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:43:431 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: QUICK_MODE *Jul 23 07:23:43:432 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:23:43:434 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0xce824282 *Jul 23 07:23:43:435 2020 fenzhi IKE/7/DEBUG: LENGTH: 164 <fenzhi> <fenzhi> <fenzhi> <fenzhi>dis ike sa total phase-1 SAs: 1 connection-id peer flag phase doi ---------------------------------------------------------------- 7465 218.12.13.14 RD|ST 1 IPSEC 7466 <unnamed> NONE 2 IPSEC flag meaning RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT RK--REKEY <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi> <fenzhi>dis ipse *Jul 23 07:23:56:309 2020 fenzhi IKE/7/DEBUG: send nat keepalive messagec <fenzhi>dis ipsec *Jul 23 07:23:58:288 2020 fenzhi IKE/7/DEBUG: received message: *Jul 23 07:23:58:289 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:58:290 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:58:291 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: SA *Jul 23 07:23:58:292 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:58:293 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:58:295 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ] *Jul 23 07:23:58:296 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:58:297 2020 fenzhi IKE/7/DEBUG: LENGTH: 328 *Jul 23 07:23:58:298 2020 fenzhi IKE/7/DEBUG: check message duplicate *Jul 23 07:23:58:299 2020 fenzhi IKE/7/DEBUG: check message duplicate: dropping dup *Jul 23 07:23:58:300 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:23:58:301 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:58:303 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:58:304 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:23:58:305 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:58:306 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: AGGRESSIVE *Jul 23 07:23:58:307 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:23:58:308 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0x00000000 *Jul 23 07:23:58:309 2020 fenzhi IKE/7/DEBUG: LENGTH: 100 *Jul 23 07:23:59:409 2020 fenzhi IKE/7/DEBUG: send message: *Jul 23 07:23:59:410 2020 fenzhi IKE/7/DEBUG: ICOOKIE: 0x00c233b7d7b20107 *Jul 23 07:23:59:411 2020 fenzhi IKE/7/DEBUG: RCOOKIE: 0x2395439c1669b14a *Jul 23 07:23:59:413 2020 fenzhi IKE/7/DEBUG: NEXT_PAYLOAD: HASH *Jul 23 07:23:59:414 2020 fenzhi IKE/7/DEBUG: VERSION: 16 *Jul 23 07:23:59:415 2020 fenzhi IKE/7/DEBUG: EXCH_TYPE: QUICK_MODE *Jul 23 07:23:59:416 2020 fenzhi IKE/7/DEBUG: FLAGS: [ ENC ] *Jul 23 07:23:59:417 2020 fenzhi IKE/7/DEBUG: MESSAGE_ID: 0xce824282 *Jul 23 07:23:59:418 2020 fenzhi IKE/7/DEBUG: LENGTH: 164
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明