关于VPN的DEBUG信息

本人在测试VPN的DEBUG时，发现一个问题，隧道已经成功建立，但是不能ping到对端的内网ip。debug隧道建立过程时候发现第四个包与正常建立连接不同：
! g7 u$ v! |3 xAug 25 07:13:22.699: ISAKMP (0): received packet from 58.*.*.*dport 500 sport 500 Global (I) MM_SA_SETUP
3 A- q- E  t2 V' a+ Z# ?! tAug 25 07:13:22.699: ISAKMP0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
4 L) P* Y: o7 xAug 25 07:13:22.699: ISAKMP0):Old State = IKE_I_MM3 New State = IKE_I_MM4
" X, m. y' C6 {: m. tAug 25 07:13:22.699: ISAKMP0): processing KE payload. message ID = 0
Aug 25 07:13:22.727: ISAKMP0): processing NONCE payload. message ID = 0
+ s* W! Q4 U. \3 ~' ^8 |  K0 HAug 25 07:13:22.731: ISAKMP0):found peer pre-shared key matching 58.*.*.*
% X3 b3 k4 y' V" t6 P8 T; ]; \Aug 25 07:13:22.731: ISAKMP2002): processing vendor id payload
Aug 25 07:13:22.731: ISAKMP2002): vendor ID is Unity
Aug 25 07:13:22.731: ISAKMP2002): processing vendor id payload
$ J: x( n( |" v5 h) C( P. \4 XAug 25 07:13:22.731: ISAKMP2002): vendor ID is DPD
Aug 25 07:13:22.731: ISAKMP2002): processing vendor id payload
3 x# n5 l- T6 EAug 25 07:13:22.731: ISAKMP2002): speaking to another IOS box!
Aug 25 07:13:22.731: ISAKMP:received payload type 20
Aug 25 07:13:22.731: ISAKMP (2002): His hash no match - this node outside NAT
Aug 25 07:13:22.731: ISAKMP:received payload type 20
Aug 25 07:13:22.731: ISAKMP (2002): No NAT Found for self or peer
( ^# R& y9 p5 g. rAug 25 07:13:22.731: ISAKMP2002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Aug 25 07:13:22.731: ISAKMP2002):Old State = IKE_I_MM4 New State = IKE_I_MM4
' y( g( V' b8 U. F; e( KAug 25 07:13:22.731: ISAKMP2002):Send initial contact
- d/ V; U" D3 yAug 25 07:13:22.731: ISAKMP2002):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Aug 25 07:13:22.731: ISAKMP (2002): ID payload
, n6 o* c$ c8 ]8 s, e* R 又于是公司内网所以屏蔽了IP，在这里面显示了Aug 25 07:13:22.731: ISAKMP (2002): His hash no match - this node outside NAT和Aug 25 07:13:22.731: ISAKMP (2002): No NAT Found for self or peer。
* D* V8 ?) o7 z' S 请高手答疑下，我这个配置是什么题。外带一句，HASH算法我已经对过了，两端都是一样的。

希望大家帮忙顶下啊，别沉了。。这个问题感觉比较少见。。

HASH no match
this node outside nat
) w) w% Y3 c5 a
你怎么配的,关给这个ERROR MESSAGE ,我看不太明白,你只做了IPSEC吗,那你两端的ACL呢,有没有放行呀!

sunlyc 发表于 2013-8-27 14:13
3 c) j& H( r/ D8 X. A& E7 aHASH no match
this node outside nat

' Y9 o( \: ^& I2 m9 C: Ncrypto isakmp enable
8 b2 z' X* k% S, b+ |. Icrypto isakmp policy 100
$ r) l0 d& Y* ^0 xauthentication pre-share
encryption 3des
group 2
% I. n; r* c. [1 Thash md5
lifetime 86400

crypto isakmp nat keepalive 20

& U9 g2 q4 L$ ^$ Kip access-list extended CScore_VPN
5 permit ip 10.23.54.32 0.0.0.3 10.0.0.0 0.0.255.255
10 permit ip 10.23.54.32 0.0.0.3 10.1.0.0 0.0.255.255
! H+ L1 c; r! P+ w7 I# O/ c15 permit ip 10.23.54.32 0.0.0.3 10.36.0.0 0.0.255.255
+ O  J0 q: G5 [9 D20 permit ip 10.23.54.32 0.0.0.3 10.37.0.0 0.0.255.255
) C3 O+ D$ |- z5 g* Y# d- c: Q25 permit ip 10.23.54.32 0.0.0.3 10.76.0.0 0.0.255.255
30 permit ip 10.23.54.32 0.0.0.3 10.34.132.0 0.0.3.255
( g9 Q+ L. x$ X& f; x4 H35 permit ip 10.23.54.32 0.0.0.3 10.23.8.0 0.0.7.255
& P  c7 |$ V3 V40 permit ip 10.23.54.32 0.0.0.3 10.23.16.0 0.0.3.255
, ?4 j7 X, X0 `; e45 permit ip 10.23.54.32 0.0.0.3 10.23.48.0 0.0.128.255
5 v. F& t! j5 h' f
$ G. M6 u/ w8 @, R. Q( m1 Scrypto isakmp key 没问题的加密秘钥 address 对端IP
crypto ipsec transform-set VPN esp-des  esp-md5-hmac
mode tunnel
$ _2 E- S% ?( P2 m+ F4 }ex
& @; t* T5 U: e( g& Qcrypto ipsec security-association lifetime seconds 86400
, K) F! ^4 i, K" Y: y

* _3 j; l! f2 f- Q4 _, M9 Tcrypto map CS_VPN 100 ipsec-isakmp
match address CScore_VPN
, o; q# X6 n! Z; w6 Nset peer  对端IP
set transform-set VPN
set security-association lifetime seconds 86400
, M8 X$ d2 A9 y2 ~/ Eset pfs group2
7 _9 y" F% d, `  Q  x1 g1 yreverse-route

& k1 d6 j. l7 }7 M. y+ n! L; `interface dia10
) C& N1 o. Z, v5 D% W. u! Fcrypto map CS_VPN

补充下DEBUG信息：
Aug 27 11:42:37.475:         inbound SA from 58.*.*.*to 118.*.*.* (f/i)  0/ 0
- _1 f" v7 V# J# c+ w  C        (proxy 10.23.8.0 to 10.23.54.32)
Aug 27 11:42:37.475:         has spi 0xCC7B952A and conn_id 0
Aug 27 11:42:37.475:         lifetime of 86400 seconds
  P* g) K4 x8 s# O6 y7 {7 t, iAug 27 11:42:37.475:         lifetime of 4608000 kilobytes
Aug 27 11:42:37.475:         outbound SA from 118.*.*.* to 58.*.*.*(f/i) 0/0
' A& D# w( ]" s" W/ e8 q, S: h        (proxy 10.23.54.32 to 10.23.8.0)
Aug 27 11:42:37.475:         has spi  0x4BB72C8F and conn_id 0
Aug 27 11:42:37.475:         lifetime of 86400 seconds
; B" ~; p& w  m9 `3 P7 c2 gAug 27 11:42:37.475:         lifetime of 4608000 kilobytes
Aug 27 11:42:37.475: ISAKMP2001): sending packet to 58.*.*.*my_port 500 peer_port 500 (I) QM_IDLE      
( `! ^/ J* F& P3 L# wAug 27 11:42:37.475: ISAKMP2001):Sending an IKE IPv4 Packet.
- g5 C! }/ ~4 E0 P3 jAug 27 11:42:37.475: ISAKMP2001):deleting node 1853074095 error FALSE reason "No Error"
$ m0 m) A) F: iAug 27 11:42:37.475: ISAKMP2001):Node 1853074095, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
" m6 z* r' a. e+ JAug 27 11:42:37.475: ISAKMP2001):Old State = IKE_QM_I_QM1  New State = IKE_QM_PHASE2_COMPLETE
Aug 27 11:42:37.475: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Aug 27 11:42:37.475: Crypto mapdb : proxy_match
        src addr     : 10.23.54.32
        dst addr     : 10.23.8.0
* L) n9 d1 a. a        protocol     : 0
/ u( s, q1 t- Z# s7 ^9 I/ ^1 m  V        src port     : 0
        dst port     : 0
Aug 27 11:42:37.475: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 58.20.43.227
$ D# G3 q7 C% \- Y7 d  SAug 27 11:42:37.475: IPSEC(rte_mgr): VPN Route Event create SA based on crypto ACL in real time for 58.20.43.227
Aug 27 11:42:37.475:  IPSEC(rte_mgr): Route add Peer 58.*.*.*, Destination 10.23.8.0, Nexthop 0.0.0.0, RT type 1
Aug 27 11:42:37.475: IPSEC(rte_mgr): VPN Route Refcount 1 Dialer10
7 e: A& T4 k% d9 ^1 t. WAug 27 11:42:37.479: IPSEC(rte_mgr): VPN Route Added 10.23.8.0 255.255.248.0 via 58.*.*.*in IP DEFAULT TABLE with tag 0 distance 1
- ^% ^  D8 |" fAug 27 11:42:37.479: IPSEC(policy_db_add_ident): src 10.23.54.32, dest 10.23.8.0, dest_port 0

. n9 l' d0 n3 j" }* e4 }Aug 27 11:42:37.479: IPSEC(create_sa): sa created,
  P1 ]8 B' L% F+ n4 `+ e- ^! u  (sa) sa_dest= 118.*.*.*, sa_proto= 50,
    sa_spi= 0xCC7B952A(3430651178),
. W+ [. l* Y+ h: n5 e. ]    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 1
    sa_lifetime(k/sec)= (4434691/86400)
0 X+ D. G! i$ N8 mAug 27 11:42:37.479: IPSEC(create_sa): sa created,
  (sa) sa_dest= 58.20.43.227, sa_proto= 50,
% Y! j2 S4 J: u% S1 ^- V5 Y    sa_spi= 0x4BB72C8F(1270295695),
    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2
    sa_lifetime(k/sec)= (4434691/86400)
  G$ D4 |# x. E: l$ p6 [! tAug 27 11:42:37.479: IPSEC(update_current_outbound_sa): get enable SA peer 58.*.*.*current outbound sa to SPI 4BB72C8F
' c) S+ ?# j2 b( \( Q5 lAug 27 11:42:37.479: IPSEC(update_current_outbound_sa): updated peer 58.*.*.*current outbound sa to SPI 4BB72C8F
  u" [0 P5 k) K: w' nAug 27 11:42:38.799: ISAKMP2001): retransmitting phase 2 QM_IDLE       475159008 ...
Aug 27 11:42:38.799: ISAKMP (2001): incrementing error counter on node, attempt 1 of 5: retransmit phase 2
/ X8 r& x! J8 F8 CAug 27 11:42:38.799: ISAKMP (2001): incrementing error counter on sa, attempt 1 of 5: retransmit phase 2
2 z8 g* ]; \. j" R3 T/ {Aug 27 11:42:38.799: ISAKMP2001): retransmitting phase 2 475159008 QM_IDLE      
Aug 27 11:42:38.799: ISAKMP2001): sending packet to 58.*.*.*my_port 500 peer_port 500 (I) QM_IDLE      
Aug 27 11:42:38.799: ISAKMP2001):Sending an IKE IPv4 Packet.
/ ^" ?% R$ B- d0 L; H  eAug 27 11:42:39.483: ISAKMP (2001): received packet from 58.*.*.*dport 500 sport 500 Global (I) QM_IDLE      
Aug 27 11:42:39.487: ISAKMP2001): processing HASH payload. message ID = 475159008
4 K! V1 ]+ B- K* a& V0 |7 V) AAug 27 11:42:39.487: ISAKMP2001): processing SA payload. message ID = 475159008
9 F4 i. ?# }) e1 l& f# R3 nAug 27 11:42:39.487: ISAKMP2001):Checking IPSec proposal 1
' t$ }, d- Y7 q3 G9 p1 nAug 27 11:42:39.487: ISAKMP: transform 1, ESP_DES
Aug 27 11:42:39.487: ISAKMP:   attributes in transform:
# M6 {/ T5 C/ u/ P$ R: q& Q8 oAug 27 11:42:39.487: ISAKMP:      encaps is 1 (Tunnel)
Aug 27 11:42:39.487: ISAKMP:      SA life type in seconds
Aug 27 11:42:39.487: ISAKMP:      SA life duration (VPI) of  0x0 0x1 0x51 0x80
Aug 27 11:42:39.487: ISAKMP:      SA life type in kilobytes
Aug 27 11:42:39.487: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
Aug 27 11:42:39.487: ISAKMP:      authenticator is HMAC-MD5
Aug 27 11:42:39.487: ISAKMP:      group is 2
Aug 27 11:42:39.487: ISAKMP2001):atts are acceptable.
Aug 27 11:42:39.487: IPSEC(validate_proposal_request): proposal part #1
2 V% A1 |, Q# m1 o. ^3 YAug 27 11:42:39.487: IPSEC(validate_proposal_request): proposal part #1,
! r; B: b' O9 S4 x% T# Q' T' |! Z  (key eng. msg.) INBOUND local= 118.*.*.*:0, remote= 58.20.43.227:0,
    local_proxy= 10.23.54.32/255.255.255.252/0/0 (type=4),
0 _! H  b, i6 G    remote_proxy= 10.23.8.0/255.255.248.0/0/0 (type=4),
& w0 y4 s  V0 _, ]8 P4 o2 l. y$ F1 H    protocol= ESP, transform= NONE  (Tunnel),
! I$ A; V0 W( _0 ^  j    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Aug 27 11:42:39.487: Crypto mapdb : proxy_match
        src addr     : 10.23.54.32
        dst addr     : 10.23.8.0
8 s0 m9 |0 f8 @" E& C7 K        protocol     : 0
! D2 D0 U! c! z        src port     : 0
        dst port     : 0
Aug 27 11:42:39.487: ISAKMP2001): processing NONCE payload. message ID = 475159008
3 A. R3 q3 D# O6 N% Y3 ~Aug 27 11:42:39.487: ISAKMP2001): processing KE payload. message ID = 475159008
9 A, n+ W/ I6 @7 o8 K: qAug 27 11:42:39.515: ISAKMP2001): processing ID payload. message ID = 475159008
Aug 27 11:42:39.515: ISAKMP2001): processing ID payload. message ID = 475159008
Aug 27 11:42:39.515: ISAKMP2001): Creating IPSec SAs
Aug 27 11:42:39.515:         inbound SA from 58.*.*.*to 118.*.*.* (f/i)  0/ 0
' z( a7 E6 ]5 F% \- z+ l  p: `2 u        (proxy 10.23.8.0 to 10.23.54.32)
Aug 27 11:42:39.515:         has spi 0xBABB1470 and conn_id 0
8 e' D  z# j$ L9 a% V9 V9 oAug 27 11:42:39.515:         lifetime of 86400 seconds
Aug 27 11:42:39.515:         lifetime of 4608000 kilobytes
, d* Z6 X3 g9 ?Aug 27 11:42:39.515:         outbound SA from 118.*.*.* to 58.*.*.*(f/i) 0/0
0 t6 S& P, m# S3 F8 ~/ [3 Q' V9 [        (proxy 10.23.54.32 to 10.23.8.0)
Aug 27 11:42:39.515:         has spi  0xB6B88103 and conn_id 0
! W2 z- K3 p1 u: TAug 27 11:42:39.515:         lifetime of 86400 seconds
Aug 27 11:42:39.515:         lifetime of 4608000 kilobytes
Aug 27 11:42:39.515: ISAKMP2001): sending packet to 58.*.*.*my_port 500 peer_port 500 (I) QM_IDLE      
Aug 27 11:42:39.519: ISAKMP2001):Sending an IKE IPv4 Packet.
! `  }# b) e6 q& a" fAug 27 11:42:39.519: ISAKMP2001):deleting node 475159008 error FALSE reason "No Error"
7 u( _+ b& w; f' H& o5 ?& W  hAug 27 11:42:39.519: ISAKMP2001):Node 475159008, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Aug 27 11:42:39.519: ISAKMP2001):Old State = IKE_QM_I_QM1  New State = IKE_QM_PHASE2_COMPLETE
Aug 27 11:42:39.519: IPSEC(key_engine): got a queue event with 1 KMI message(s)
- ~8 P+ M1 G3 G7 z* E" t! bAug 27 11:42:39.519: Crypto mapdb : proxy_match
7 Q) s. A$ K& \& ?        src addr     : 10.23.54.32
. S' B/ Z4 d+ l1 {        dst addr     : 10.23.8.0
        protocol     : 0
        src port     : 0
        dst port     : 0
- E8 S9 C' v* X% CAug 27 11:42:39.519: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 58.20.43.227
Aug 27 11:42:39.519: IPSEC(rte_mgr): VPN Route Event create SA based on crypto ACL in real time for 58.20.43.227
Aug 27 11:42:39.519:  IPSEC(rte_mgr): Route add Peer 58.*.*.*, Destination 10.23.8.0, Nexthop 0.0.0.0, RT type 1
Aug 27 11:42:39.519: IPSEC(rte_mgr):Search route found ID 1
# p7 j% V- ]  E, U4 g4 N' zAug 27 11:42:39.519: IPSEC(rte_mgr): VPN Route Refcount 2 58.*.*.*on Dialer10
! T" t+ p$ @5 O% QAug 27 11:42:39.519: IPSEC(create_sa): sa created,
9 O, w; q; h- e7 |/ Y$ {  (sa) sa_dest= 118.*.*.*, sa_proto= 50,
    sa_spi= 0xBABB1470(3132822640),
5 k5 _  W$ U5 _+ Q    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 3
    sa_lifetime(k/sec)= (4558678/86400)
6 A; P5 D% C( D% j( Q: PAug 27 11:42:39.519: IPSEC(create_sa): sa created,
4 V3 p: G; T# c  (sa) sa_dest= 58.20.43.227, sa_proto= 50,
    sa_spi= 0xB6B88103(3065544963),
/ X. e2 b+ n- G: f- F* A    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 4
8 o8 ]( A' a  I$ \1 j# Q' b, q    sa_lifetime(k/sec)= (4558678/86400)
Aug 27 11:42:39.519: IPSEC(update_current_outbound_sa): get enable SA peer 58.*.*.*current outbound sa to SPI B6B88103
4 r$ j& {2 |7 @2 U7 hAug 27 11:42:39.519: IPSEC(update_current_outbound_sa): updated peer 58.*.*.*current outbound sa to SPI B6B88103
  {, s5 C0 Y8 v" EAug 27 11:42:39.519: IPSEC(check_delete_duplicate_sa_bundle): found duplicated fresh SA bundle, aging it out. min_spi=4BB72C8F
3 Z* w) _, e5 o+ CAug 27 11:42:39.519: IPSEC(early_age_out_sibling): sibling outbound SPI 4BB72C8F expiring in 30 seconds due to it's a duplicate SA bundle.
; B1 m- O5 W; A; G1 Z( z) gRouter(config-if)#
Aug 27 11:43:02.435: ISAKMP (2001): received packet from 58.*.*.*dport 500 sport 500 Global (I) QM_IDLE      
# j: P4 L: z7 w4 F/ e* J0 LAug 27 11:43:02.435: ISAKMP: set new node -917327660 to QM_IDLE      
Aug 27 11:43:02.435: ISAKMP2001): processing HASH payload. message ID = 3377639636
2 b& k: T( x+ FAug 27 11:43:02.435: ISAKMP2001): processing DELETE payload. message ID = 3377639636
: r* Y4 F7 S+ b" p7 i! XAug 27 11:43:02.435: ISAKMP2001):peer does not do paranoid keepalives.

0 _* B* t* s4 u1 a- ^( m7 aAug 27 11:43:02.435: ISAKMP2001):deleting node -917327660 error FALSE reason "Informational (in) state 1"
Aug 27 11:43:02.435: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Aug 27 11:43:02.435: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
9 G4 ]4 G. m, C2 _3 fAug 27 11:43:04.519: ISAKMP: set new node 804935725 to QM_IDLE      
0 c' m0 |. M6 \) m( GAug 27 11:43:04.519: ISAKMP2001): sending packet to 58.*.*.*my_port 500 peer_port 500 (I) QM_IDLE      
  c! V: X8 h. {Aug 27 11:43:04.519: ISAKMP2001):Sending an IKE IPv4 Packet.
( l, Z8 Y0 v& n! W2 Z  H! UAug 27 11:43:04.519: ISAKMP2001):purging node 804935725
Aug 27 11:43:04.519: ISAKMP2001):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL
Aug 27 11:43:04.519: ISAKMP2001):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
0 G( W& L- d* ?: \) e2 H
Aug 27 11:43:07.435: ISAKMP (2001): received packet from 58.*.*.*dport 500 sport 500 Global (I) QM_IDLE      
Aug 27 11:43:07.435: ISAKMP: set new node -492395739 to QM_IDLE      
Aug 27 11:43:07.435: ISAKMP2001): processing HASH payload. message ID = 3802571557
1 a2 c3 }* N3 Y5 U& U, v; R, wAug 27 11:43:07.435: ISAKMP2001): processing DELETE payload. message ID = 3802571557
0 m9 q# `- V. ~* Q! ^" F8 y. t9 wAug 27 11:43:07.435: ISAKMP2001):peer does not do paranoid keepalives.
' V+ B4 i! H4 C/ G+ z$ F2 L
Aug 27 11:43:07.435: ISAKMP2001):deleting node -492395739 error FALSE reason "Informational (in) state 1"
; \* E$ K, r) d# s. u- iAug 27 11:43:07.439: IPSEC(key_engine): got a queue event with 1 KMI message(s)
, W/ a. \0 R6 d  N: g( dAug 27 11:43:07.439: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Aug 27 11:43:07.439: IPSEC(key_engine_delete_sas): delete SA with spi 0x4BB72C8F proto 50 for 58.20.43.227
Aug 27 11:43:07.439: IPSEC(delete_sa): deleting SA,
; u8 \- l7 a* X* o( i0 \  (sa) sa_dest= 118.*.*.*, sa_proto= 50,
% h3 C: E1 D8 h    sa_spi= 0xCC7B952A(3430651178),
) F9 M# G  l4 J1 o+ z4 i    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 1
    sa_lifetime(k/sec)= (4434691/86400),
2 B# \4 A6 ?8 E  [  q" S  (identity) local= 118.*.*.*:0, remote= 58.20.43.227:0,
    local_proxy= 10.23.54.32/255.255.255.252/0/0 (type=4),
    remote_proxy= 10.23.8.0/255.255.248.0/0/0 (type=4)
+ ?3 B/ P+ V( qAug 27 11:43:07.439: IPSEC(delete_sa): deleting SA,
9 y/ _; t5 }# D$ ^, k/ O  (sa) sa_dest= 58.20.43.227, sa_proto= 50,
7 [8 r2 v7 R& S0 X    sa_spi= 0x4BB72C8F(1270295695),
3 y1 X' G3 `6 B4 b    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2
    sa_lifetime(k/sec)= (4434691/86400),
  (identity) local= 118.*.*.*:0, remote= 58.20.43.227:0,
    local_proxy= 10.23.54.32/255.255.255.252/0/0 (type=4),
    remote_proxy= 10.23.8.0/255.255.248.0/0/0 (type=4)
Aug 27 11:43:07.439:  IPSEC(rte_mgr): Delete Route found ID 1
1 _: w; t5 o6 k. x8 O7 C0 TAug 27 11:43:07.439: IPSEC(rte_mgr): VPN Route Refcount 1 Dialer10
Router(config-if)#
8 M6 [) E! r# j2 F) t/ BAug 27 11:43:27.475: ISAKMP2001):purging node 1853074095
6 Y: Q1 C4 ?" a5 g" B* VAug 27 11:43:29.519: ISAKMP2001):purging node 475159008
Aug 27 11:43:52.435: ISAKMP2001):purging node -917327660
3 u9 t1 L6 r' X0 z1 T3 F; d: P5 w. b8 \Aug 27 11:43:57.435: ISAKMP2001):purging node -492395739

是什么问题引起的，兄弟说下，我最近也正好在玩这个

odeson 发表于 2013-8-30 15:29
* G8 t* o& N2 g是什么问题引起的，兄弟说下，我最近也正好在玩这个

建议你看一本书，这个里面的写VPN写的非常好非常详细，特别是关于IPSEC VPN的（至少我目前只看了这部分）。 这个是网页版的。

没看完~~~~~~ 先顶，好同志

找到好贴不容易，我顶你了，谢了

不知该说些什么。。。。。。就是谢谢