我司MSR2600-10 设备替换锐捷网点设备,配置完成后ipsec建立成功,但是无法ping通对端,路由正常;查看ipsec 统计发现加密失败,debug也显示加密失败;
[Router]disp ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------------
26 198.168.250.253 RD|ST 1 IPSEC
36 198.168.250.253 RD|ST 2 IPSEC
[Router]disp ipsec statistics tunnel-id 1
------------------------------------------------
Connection ID : 1
------------------------------------------------
the security packet statistics:
input/output security packets: 0/0
input/output security bytes: 0/0
input/output dropped security packets: 0/289
dropped security packet detail:
not enough memory: 0
queue is full: 0
authentication has failed: 0
wrong length: 0
replay packet: 0
packet too long: 0
wrong SA: 0
decrypt/encrypt failed: 289
ACL check failure: 0
*Jan 1 01:02:23:860 2013 Router IPSEC/7/DBG: IPsec_ERROR: Outbound ESP algorithm processing: Asynchronous of encryption failed, error:1, SPI:1429279065(0x55311159).
*Jan 1 01:02:23:860 2013 Router IPSEC/7/DBG: IPsec_ERROR: IPsec task outbound: failed to send packet.o
*Jan 1 01:02:28:852 2013 Router IPSEC/7/DBG: IPsec get session: Match IPsec session, vrf index: 0, tunnel id: 1
国密卡加密失败,此时我们通过display version查看国密卡状态:
Slot 1
Status: Normal
Type: SIC-CNDE
Hardware: 2.0
Driver: 1.1
CPLD: 2.0
SubHard: 2.0
Firmware:
CNDE-PCB: 0.0
发现无法查看到国密卡的硬件信息;SIC-CNDE插卡,上面需要插映翰通的国密加密小卡才能使用,加密卡一般由代理商提供;
查看SIC插卡如下:
如上如我们可以清楚的看到该SIC查看上无国密卡,那么国密卡长什么样呢?看下图:
联系购买国密加密小卡。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作