netscreen 25防火墙的vpn连接有关问题(分不够绝对一直加)
日期:2014-05-17 浏览次数:21273 次
【求助】netscreen 25防火墙的vpn连接问题(分不够绝对一直加)
我做了一个25的VPN,目的是想从外部的上网用户可以通过25 的VPN安全的联入到公司的网络。
我按照找到的配置例子配置了ns25,配置的选项有:
interface、policy->untrust--trunst、vpn->atuokey ike、vpn->atuokey advanced gateway、user->local、user->group
客户端软件使用的是:netscreen remote
也安装配置例子进行了相应的配置
结果是:
vpn建立不起来,在ns25的log文件里发现如下错误提示:
Rejected an IKE packet on ethernet3 from 172.28.118.13:500 to 172.28.118.52:500 with cookies cc7b69737cd23735 and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway.
请教各位高手,这是什么原因?如何解决?
我是按照下面连接中的例子进行配置的:
http://bits2005.bokee.com/5280919.html
我的拨号用户的IP为192.168.1.0的网段,公司内部网络也是192.168.1.0的网段,配置完后,Netscreen Romote的拨号客户机连外部网都上不了,更别提连到公司的网络了,Romote日志显示为以下内容:
18:50:58.906
18:50:58.906 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:50:58.921 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:51:14.578 My Connections\dialup - message not received! Retransmitting!
18:51:14.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:22.734
18:51:29.578 My Connections\dialup - message not received! Retransmitting!
18:51:29.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:44.578 My Connections\dialup - message not received! Retransmitting!
18:51:44.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:44.734
18:51:59.578 My Connections\dialup - Exceeded 3 IKE SA negotiation attempts
18:51:59.734
18:51:59.750 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:51:59.781 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:52:15.578 My Connections\dialup - message not received! Retransmitting!
18:52:15.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:52:22.750
18:52:30.593 My Connections\dialup - message not received! Retransmitting!
18:52:30.593 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:52:44.750
18:52:45.593 My Connections\dialup - message not received! Retransmitting!
18:52:45.593 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:58:34.718
18:58:34.734 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:58:34.781 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:58:50.640 My Connections\dialup - message not received! Retransmitting!
18:58:50.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:00.625
18:59:05.640 My Connections\dialup - message not received! Retransmitting!
18:59:05.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:20.640 My Connections\dialup - message not received! Retransmitting!
18:59:20.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:23.937
18:59:35.640 My Connections\dialup - Exceeded 3 IKE SA negotiation attempts
19:00:31.515
19:00:31.531 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
19:00:31.546 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
19:00:46.640 My Connections\dialup - message not received! Retransmitting!
19:00:46.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
19:07:32.328
19:07:32.343 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
19:07:32.390 My Connections\dialup - SENDING
我做了一个25的VPN,目的是想从外部的上网用户可以通过25 的VPN安全的联入到公司的网络。
我按照找到的配置例子配置了ns25,配置的选项有:
interface、policy->untrust--trunst、vpn->atuokey ike、vpn->atuokey advanced gateway、user->local、user->group
客户端软件使用的是:netscreen remote
也安装配置例子进行了相应的配置
结果是:
vpn建立不起来,在ns25的log文件里发现如下错误提示:
Rejected an IKE packet on ethernet3 from 172.28.118.13:500 to 172.28.118.52:500 with cookies cc7b69737cd23735 and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway.
请教各位高手,这是什么原因?如何解决?
我是按照下面连接中的例子进行配置的:
http://bits2005.bokee.com/5280919.html
我的拨号用户的IP为192.168.1.0的网段,公司内部网络也是192.168.1.0的网段,配置完后,Netscreen Romote的拨号客户机连外部网都上不了,更别提连到公司的网络了,Romote日志显示为以下内容:
18:50:58.906
18:50:58.906 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:50:58.921 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:51:14.578 My Connections\dialup - message not received! Retransmitting!
18:51:14.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:22.734
18:51:29.578 My Connections\dialup - message not received! Retransmitting!
18:51:29.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:44.578 My Connections\dialup - message not received! Retransmitting!
18:51:44.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:44.734
18:51:59.578 My Connections\dialup - Exceeded 3 IKE SA negotiation attempts
18:51:59.734
18:51:59.750 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:51:59.781 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:52:15.578 My Connections\dialup - message not received! Retransmitting!
18:52:15.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:52:22.750
18:52:30.593 My Connections\dialup - message not received! Retransmitting!
18:52:30.593 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:52:44.750
18:52:45.593 My Connections\dialup - message not received! Retransmitting!
18:52:45.593 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:58:34.718
18:58:34.734 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:58:34.781 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:58:50.640 My Connections\dialup - message not received! Retransmitting!
18:58:50.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:00.625
18:59:05.640 My Connections\dialup - message not received! Retransmitting!
18:59:05.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:20.640 My Connections\dialup - message not received! Retransmitting!
18:59:20.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:23.937
18:59:35.640 My Connections\dialup - Exceeded 3 IKE SA negotiation attempts
19:00:31.515
19:00:31.531 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
19:00:31.546 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
19:00:46.640 My Connections\dialup - message not received! Retransmitting!
19:00:46.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
19:07:32.328
19:07:32.343 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
19:07:32.390 My Connections\dialup - SENDING
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
