ipsec穿越nat ike协商错误
ipsec穿越nat, 拓扑=r1------nat----------------r2.r1的ike两个阶段都成功,r2的ike第二阶段失败。求助!!r2 debugging ipsec sa信息如下
Jan8 2014 16:46:19.871.1-05:13 Huawei IPSEC/7/IPSEC_Debug Info:
FileID 9, Line 2402:Received GetCryptomap request from IKE.
< Huawei>
Jan8 2014 16:46:19.871.2-05:13 Huawei IPSEC/7/IPSEC_Debug Info:
FileID 5, Line 3451:Get dynamic policy:fy1-1
< Huawei>
Jan8 2014 16:46:19.871.3-05:13 Huawei IPSEC/7/IPSEC_Debug Info:
FileID 5, Line 3523:Dynamic policy:fy1-1 configuration doesn't match.
< Huawei>
Jan8 2014 16:46:19.871.4-05:13 Huawei IPSEC/7/IPSEC_Debug Info:
FileID 5, Line 3532:IPSEC_FindCryptoMapForIke :Fail
##############################################
##############################################
r2的配置
#
ike peer zong-1 v1
exchange-mode aggressive
pre-shared-key simple honliv
ike-proposal 10
local-id-type name
remote-name fenyuan1
nat traversal
#
ipsec policy-template fy1 1
security acl 3000
ike-peer zong-1
proposal zongyuan
#
ipsec policy zy 2 isakmp template fy1
############################################
############################################
r1的配置
ike peer fen1 v1
exchange-mode aggressive
pre-shared-key simple honliv
ike-proposal 10
local-id-type name
remote-name zongyuan
nat traversal
remote-address 33.33.33.2
#
ipsec policy fen1 1 isakmp
security acl 3000
ike-peer fen1
proposal fenyuan1
#
页:
[1]