请求帮助:思科ASA 5520和华为eudemon 300建立L2L vpn不通。( J( U. S" c! [4 M
4 i( X! q# Z9 ~: G: G
用sh crypto iskmp sa,能看到隧道已经建立。用sh cryp ipsec sa,只能看到加密的数据包,不能看到解密的包。为什么?请高手解答。; `. f3 a2 b1 D' d" s
; {. c& L+ m$ H2 J( c/ d& QFW-02# sh cryp isak sa detail
$ c; @! B0 n: \& m& E f5 O7 _9 _- j8 H IKE Peer: 60.12.194.149 U1 r( L- W- q, P% l; y0 j
Type : L2L Role : initiator
' z7 s+ U# G: O0 t; E Rekey : no State : MM_ACTIVE
# y' f) Y. L$ }& X% n2 h8 J/ Q1 Z' P( L C1 i
FW-02# sh cryp isak sa detail
$ q+ a* ~ M" GIKE Peer: 60.12.194.14
8 s1 x% Y9 \+ z/ ~ Type : L2L Role : initiator
+ |; M8 W4 D% X- x( o! V Rekey : no State : MM_ACTIVE , m' S5 p$ I6 D+ A8 w* R+ u7 O
Encrypt : des Hash : SHA , m- s; |" h. ]9 b) N' s" S
Auth : preshared Lifetime: 86400: W4 J/ H( g$ q6 d/ v
Lifetime Remaining: 85677
2 p5 S" z) D, j, y: Z- {3 K5 c# ^& m! X2 ~, |! A: Q, s: {
FW-02# sh crypt ipsec sa
+ `6 f# K, E( [9 n
* l: N/ E8 \$ c1 Ainterface: outside' Q- @, P3 c& Q# U6 I
Crypto map tag: mymap, seq num: 20, local addr: 119.57.5.5
7 A% Z2 \- G) _9 x; y7 d. a
+ @9 K& n! c/ j+ j- S7 N access-list outside_20_cryptomap permit ip host 10.0.1.17 172.16.12.0 255.255.255.0
; ]2 O$ M& z; u local ident (addr/mask/prot/port): (10.0.1.17/255.255.255.255/0/0)* }2 m# O3 `" j" a: p5 n5 G
remote ident (addr/mask/prot/port): (172.16.12.0/255.255.255.0/0/0)
) V9 w2 n0 j4 F2 t3 g9 @ current_peer: 60.12.194.14; g8 B0 Y, D4 Z: \- V$ K: T: E
, D2 v+ x* f b+ x: g0 B
#pkts encaps: 435, #pkts encrypt: 435, #pkts digest: 435# y9 m3 K) ]5 k7 d8 R
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0; q' a( n+ L0 o3 @; _! Z/ S/ h) q1 h6 E
#pkts compressed: 0, #pkts decompressed: 0, o" m: J, |' M3 r2 M# p
#pkts not compressed: 435, #pkts comp failed: 0, #pkts decomp failed: 0
0 |! l; F- K" L, ^" s1 Z #send errors: 0, #recv errors: 0; j* V, m$ k+ K j
2 f% E; G) y. y# T1 d% M
local crypto endpt.: 119.57.5.5, remote crypto endpt.: 60.12.194.14& O) m. u* j3 F7 d. [! U
- b+ E# |* R4 n; V) L path mtu 1500, ipsec overhead 58, media mtu 1500 {( o/ q$ E+ l4 W
current outbound spi: 3ECC31B0
+ h; m5 b3 M/ H9 U% R
0 Z& Y' z9 _. j% h w) K inbound esp sas:
; N, \5 l2 b" x* f spi: 0x11CAA980 (298494336)& A, V: y( x, R+ l2 k3 y ?" U
transform: esp-des esp-md5-hmac none
0 p/ _7 M. J0 E9 }! G in use settings ={L2L, Tunnel, PFS Group 2, }1 v; E% H4 k& f0 i
slot: 0, conn_id: 316, crypto-map: mymap' v5 Z$ x1 c- H' N. x& h' ]. y/ }
sa timing: remaining key lifetime (kB/sec): (1710000/2815)/ Q: m/ `" ?8 y( f( b
IV size: 8 bytes
$ }4 H8 W! |" Y replay detection support: Y9 p5 f7 A0 o8 \
outbound esp sas:
2 Z) k4 F4 k8 g, |8 b) U spi: 0x3ECC31B0 (1053569456)
' D9 X9 ?- L; x! ^% u& q transform: esp-des esp-md5-hmac none
" [ g, Q7 U0 B+ I in use settings ={L2L, Tunnel, PFS Group 2, }
( d8 a: _# j' { slot: 0, conn_id: 316, crypto-map: mymap8 ?- M- k6 l0 T. _
sa timing: remaining key lifetime (kB/sec): (1709960/2767)
* j( l5 [1 l- C1 X' v IV size: 8 bytes0 N# @6 \0 x% y# F
replay detection support: Y |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
