在第三方防火墙上点击“隧道拆除”,ike dpd没有效果,有两种可能性:
(1)我司MSR设备没有回包给第三方防火墙;
(2)回包了,但是对端没有收到。
模拟器的实验效果Ike dpd是可以生效的:
ipsec隧道能够正常建立,两端私网也能通,并且能够看到dpd报文的交互:
看debug结果,能够发现ike dpd就是RTA与RTB两端互相发送 R_U_THERE和R_U_THERE_ACK报文,相互交互的过程。
*Jan 19 13:29:08:073 2020 RTA IKE/7/EVENT: vrf = 0, src = 1.1.1.1, dst = 2.2.2.2/500Notification R_U_THERE is received.
*Jan 19 13:29:08:073 2020 RTA IKE/7/DPD: vrf = 0, src = 1.1.1.1, dst = 2.2.2.2/500DPD packet with sequence number 15775 is received.
*Jan 19 13:29:08:073 2020 RTA IKE/7/EVENT: Sending DPD packet of type R_U_THERE_ACK with sequence number 15775.
*Jan 19 13:29:08:073 2020 RTA IKE/7/PACKET: vrf = 0, src = 1.1.1.1, dst = 2.2.2.2/500Encrypt the packet.
*Jan 19 13:29:08:073 2020 RTA IKE/7/PACKET: vrf = 0, src = 1.1.1.1, dst = 2.2.2.2/500Construct notification packet: R_U_THERE_ACK.
*Jan 19 13:29:08:073 2020 RTA IKE/7/PACKET: vrf = 0, src = 1.1.1.1, dst = 2.2.2.2/500Sending packet to 2.2.2.2 remote port 500, local port 500.
*Jan 19 13:29:08:073 2020 RTA IKE/7/PACKET: vrf = 0, src = 1.1.1.1, dst = 2.2.2.2/500