请求帮助：思科ASA 5520和华为eudemon 300建立L2L vpn不通

如何确认ipsec sa建立起来了？

这是华为的配置：
#
acl number 2000
rule 0 permit source 172.16.14.1 0
rule 1 permit source 172.16.1.0 0.0.0.255
rule 3 permit source 172.16.2.1 0
rule 4 permit source 172.16.2.13 0
rule 5 permit source 172.16.10.0 0.0.0.255
" l' U$ A8 @! N2 ~$ e% { rule 6 permit source 172.16.16.2 0
rule 7 permit source 172.16.2.2 0
rule 8 permit source 172.16.14.50 0
rule 10 deny
acl number 2001
rule 0 permit source 172.16.12.51 0
rule 5 deny
5 B" N* K7 m/ e$ h9 Y; eacl number 2002
rule 0 permit source 172.16.12.61 0
/ d5 Z9 Y* [3 ?0 f rule 5 deny
' t& \; p& ?5 c7 ]& b7 eacl number 2003
rule 0 permit source 172.15.10.4 0
rule 5 deny
#
acl number 3000
description dmz-trust
5 q0 P3 l. ]2 k' i6 s; B1 ~ rule 0 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 4008
4 {9 L7 q' T$ U/ C# J$ p% y. _ rule 1 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8898
rule 2 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8868
6 a4 q4 E3 c& [$ S* I% Z: W rule 3 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8858
- H' W9 @+ b8 }' y rule 4 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 4008
rule 5 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8898
rule 6 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8868
) P/ |3 R: b8 u1 T rule 7 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8858
rule 8 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq 4003
2 l. \! a% R7 a( ~; O rule 9 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq ftp
0 ]# w# M: Y1 A* Q  S1 y7 Q rule 10 permit tcp source 172.16.12.61 0 destination 172.16.10.51 0 destination-port eq ftp
3 ^- ~* M* @) L4 O3 r5 X rule 11 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq ftp
& Q/ C9 B0 ?- g+ x( Y rule 12 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq ftp
: V! x: h% D5 i% f4 s& E0 B0 N rule 13 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq ftp
rule 14 permit tcp source 172.16.12.51 0 destination 172.16.10.51 0 destination-port eq ftp
rule 15 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq 4003
rule 16 permit ospf
( y  w7 o; Q2 S' w- l5 q rule 17 permit tcp source 172.16.12.51 0 destination 172.16.10.101 0 destination-port eq 8
rule 18 deny tcp
5 \' x' P( ?4 W# V. v! r; Oacl number 3001
+ `" D! @# @& ^' [* ~ description For Untrust-dmz
rule 0 permit tcp source 172.16.20.0 0.0.0.255 destination 172.16.12.51 0 destination-port eq 5000
1 ?4 W6 n# m6 ?6 I0 c rule 5 permit icmp
3 n$ L# d5 {; ^8 i) W8 a* { rule 10 permit ospf                     
' D& t5 t( R$ ^& B0 l% M rule 15 deny tcp source 172.16.20.0 0.0.0.255
acl number 3002
7 N. C4 }1 Q5 e- P9 S- |8 ~ description To_Yinlian
8 @: j( L; ?- p7 p rule 0 permit ip source 9.234.21.63 0 destination 144.234.97.33 0
rule 5 permit ip source 9.234.21.64 0 destination 144.234.97.33 0
rule 10 permit ip source 9.234.21.66 0 destination 144.234.97.33 0
  P: i3 N6 G) Z4 T9 l; K$ y% F6 f rule 15 deny ip
% L. C3 c( l) p. Qacl number 3003
description for Untrust-Trust
rule 0 permit ip source 10.78.72.70 0 destination 172.15.10.4 0
rule 1 permit ip source 172.16.2.26 0 destination 172.16.10.111 0
rule 2 permit ip source 172.16.2.26 0 destination 172.16.14.1 0
rule 3 permit ip source 10.78.72.153 0 destination 172.15.10.4 0
+ r8 M4 q* L+ G8 ~ rule 4 permit ip source 10.78.72.157 0 destination 172.15.10.4 0
4 D2 x& l/ k, B2 a rule 5 permit ip source 192.168.100.43 0 destination 172.15.10.4 0
rule 6 permit ip source 10.16.2.7 0 destination 172.15.10.4 0
1 r- A2 n4 u  j! N2 z rule 7 permit ip source 10.16.2.5 0 destination 172.15.10.4 0
rule 8 permit ip source 10.16.2.6 0 destination 172.15.10.4 0
4 ^  c) e4 _* q- G rule 9 permit ip source 10.16.2.8 0 destination 172.15.10.4 0
rule 11 permit ip source 10.139.25.26 0 destination 172.15.10.4 0
" n9 M; {& Z$ J% H+ y" G rule 13 permit ip source 10.143.10.183 0 destination 172.15.10.4 0
6 g% k7 y1 s! q! j8 Q  C rule 50 deny ip
acl number 3004                           
rule 0 permit ip source 172.16.1.7 0 destination 172.16.10.111 0
. H7 k" N# {  V1 Xacl number 3005
6 |+ O5 H" W' d- r description TO_dudubao
2 Y/ ?' O" R' x; t rule 0 permit tcp destination 172.15.10.4 0 destination-port eq 6868
rule 1 permit tcp destination 172.15.10.4 0 destination-port eq ftp-data
3 e7 j* d9 P2 v6 L. m rule 2 permit tcp destination 172.15.10.4 0 destination-port eq ftp
% I& \$ S) C7 g& iacl number 3006
rule 0 permit ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
$ V# B' u1 a! }1 n+ G6 lacl number 3007
rule 0 deny ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
rule 1 permit ip source 172.16.12.0 0.0.0.255
#
+ ]: w& q# o2 L2 i sysname NB_Eudemon300-A
#
super password level 3 cipher '._1D9P1YCQ=^Q`MAF4<1!!
, z% L0 S# E* c1 ]1 E#
! r  p: P: R4 o# r info-center loghost 172.16.10.192
info-center loghost 172.16.10.111
#
hrp enable
hrp interface Ethernet2/0/7
) W+ _- x0 Q8 g#
# |5 z! \, ?& L5 Y( w router id 172.16.1.3                     
#
firewall packet-filter default permit interzone local trust direction inbound
. ~* q% P2 X1 H: i firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
( ^8 {! B- K' H* t0 O" i. ^2 u firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
2 `5 g( _% N+ f' s" k firewall packet-filter default permit interzone local hrp direction inbound
firewall packet-filter default permit interzone local hrp direction outbound
, S* T" D" C$ A' q2 |" T: S firewall packet-filter default permit interzone local gprs direction inbound
firewall packet-filter default permit interzone local gprs direction outbound
firewall packet-filter default permit interzone local dudubao direction inbound
firewall packet-filter default permit interzone local dudubao direction outbound
firewall packet-filter default permit interzone trust untrust direction outbound
! V6 v& a. ], ~! U: i1 o firewall packet-filter default permit interzone trust dmz direction inbound
. E2 t. w. V1 R! {1 I firewall packet-filter default permit interzone trust dmz direction outbound
' H! P. m1 h; j+ |" ]$ w firewall packet-filter default permit interzone trust gprs direction inbound
firewall packet-filter default permit interzone trust gprs direction outbound
) c% i7 Z* [/ `/ ^3 J6 g3 C8 M firewall packet-filter default permit interzone trust dudubao direction inbound
firewall packet-filter default permit interzone trust dudubao direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
& W# u, F. n0 Y2 l firewall packet-filter default permit interzone dmz untrust direction outbound
firewall packet-filter default permit interzone dmz gprs direction inbound
firewall packet-filter default permit interzone dmz gprs direction outbound
firewall packet-filter default permit interzone dmz dudubao direction inbound
% Y1 d4 |; c  L" `/ Y6 i  | firewall packet-filter default permit interzone dmz dudubao direction outbound
#
" R  x2 k3 W6 b! e# C* T nat address-group 3 145.234.97.33 145.234.97.33
nat address-group 5 144.234.97.33 144.234.97.33
* ^& e# s0 h' B: P; M- m nat server zone gprs  global 144.234.97.33 inside 172.16.12.61
#
5 C# n( I6 u( t1 ]' v bypass switch-back auto
. F" b; K/ w+ k) i#
firewall mode route
#
- S. j" K- ?8 o4 u  m firewall defend ip-spoofing enable
firewall defend land enable
firewall defend smurf enable
. D9 a, ]$ X6 J- ]  O4 W firewall defend fraggle enable
4 W, V# W# V4 T! h0 {2 e firewall defend winnuke enable
* X. F. R4 \; A' c9 r  H; X6 H, c  ] firewall defend syn-flood enable
firewall defend udp-flood enable
# ~* \( t6 ~; J3 H9 x3 @" Q, B firewall defend icmp-redirect enable
firewall defend icmp-unreachable enable
! @7 v1 f% J* t% d5 B9 d" V firewall defend ip-sweep enable         
- N5 z" O% |8 y( G firewall defend port-scan enable
# R9 N2 n2 ^& N4 @5 O" s firewall defend route-record enable
firewall defend ping-of-death enable
& o/ b+ w( S4 m8 Y0 E firewall defend teardrop enable
firewall defend tcp-flag enable
+ R1 Q" E8 G& {4 e* ]) e firewall defend large-icmp enable
# d& n) O  {9 h; @9 o) k. {#
firewall statistic system enable
# y/ i5 T  l3 B#
, I' o  f+ K7 H& h: H# p4 ]ike proposal 1
#
ike peer a
' o3 z& i- ~0 U* F pre-shared-key cnnbtk
  `0 N3 ^9 {+ X2 q2 l& y ike-proposal 1
! ]. o- L- [  Z6 a1 `: _2 |7 s8 w remote-address 119.57.5.5
0 M+ W! G) q* N! ^#
; V1 \: o7 f6 v" ~5 m; D' fipsec proposal tran1
; Z. n1 V% `; p" {: G, s8 J# |#
ipsec policy map1 1 isakmp
; L/ j: c) c2 Z8 Z security acl 3006
& _1 {, q4 w8 I; H pfs dh-group2
" a$ E) s/ x# O" | ike-peer a
0 L. |2 _0 ]3 v proposal tran1                           
8 }/ j# ^1 w2 ^; ]. f% R5 U6 U local-address 60.12.194.14
; d- @% t4 j- g0 I  f#
interface Aux0
' f# [/ S3 L9 p4 S& \ async mode flow
link-protocol ppp
#
3 B( K$ Q$ g9 z: ]' ~, |+ x9 c* h7 V- Kinterface Ethernet0/0/0
9 ?4 V, t9 u4 v$ v; `& x) |#
interface Ethernet0/0/1
#
interface Ethernet2/0/0
description To_S5624-A(1/0/24)
' W4 R$ }7 R# ?& O: _: u- N ip address 172.16.2.9 255.255.255.252
0 Q3 @+ `- O! k ospf cost 100
#
interface Ethernet2/0/1
description To_Yinlian
) i0 |+ z0 z  K ip address 145.234.132.154 255.255.255.252
/ @: }7 p- _( u3 P+ K6 h" T$ @0 Z#
interface Ethernet2/0/2
description To_S6506R_A(7/0/48)
; |2 N; Q  C& y: p: ^, K ip address 172.16.2.2 255.255.255.252
ospf cost 100                           
$ f) r8 Q# H' r, \. x% U#
interface Ethernet2/0/3
0 {5 u! V2 a) }0 T description To-dudubao
ip address 60.12.194.14 255.255.255.240
+ z  l$ o3 I8 Q, Q ipsec policy map1
#
+ _( `1 t! a! {. ]1 n5 Minterface Ethernet2/0/4
#
# e) u! c& s: X! J+ Xinterface Ethernet2/0/5
#
# ]7 I! W9 V0 }% v2 Minterface Ethernet2/0/6
4 P* X$ w3 ?! n  k5 D, p) m. t; V#
: _+ J$ a4 y2 t3 i% zinterface Ethernet2/0/7
description To_Eudemon300-B_E2/0/7
6 [  Y  [9 s. g! n ip address 172.16.2.201 255.255.255.248
: d8 s; ~* I9 b  v2 v vrrp vrid 1 virtual-ip 172.16.2.203
: e( Q) B8 c3 D  [! o8 O vrrp vrid 1 priority 150
! N( N( k1 P3 _! j; A# A% `' W. ^ vrrp vrid 1 preempt-mode timer delay 60
) c/ H" O4 f& \- h# j. @ vrrp vrid 2 virtual-ip 172.16.2.204
2 h2 m  |- q) n#
5 ?4 }6 R/ I$ N  U! u) \0 o! Pinterface GigabitEthernet1/0/0
! d$ s- p8 V& T shutdown                                 
#
interface GigabitEthernet1/0/1
) T" ?6 X6 L; v/ z# r; F# `7 i9 h description To_S5624-B(1/0/25)
9 a" Z$ U; G+ ^  p ip address 172.16.2.25 255.255.255.252
- J$ {5 C) O8 Y" @% C ospf cost 500
#
interface NULL0
1 Y4 m( b" ~9 v6 {6 A#
interface LoopBack0
ip address 172.16.1.3 255.255.255.255
#
* J, o. U# M) }# I$ Cfirewall zone local
set priority 100
#
, J% ]6 {5 ?, Tfirewall zone trust
set priority 85
* i7 @. s2 F0 O8 }* c" F0 e# u detect ftp
! F: y7 [& y* `3 o! i/ x4 p3 Y add interface Ethernet2/0/2
#
firewall zone untrust
set priority 5
6 @" e, l$ {. B4 C) j detect ftp                              
  Y: t( B8 m7 I+ M add interface GigabitEthernet1/0/1
#
* z" D+ q$ g+ B+ m; ~: kfirewall zone dmz
set priority 50
add interface Ethernet2/0/0
( C+ K0 x: }) X: z7 q/ x* H+ c#
firewall zone name hrp
set priority 40
add interface Ethernet2/0/7
$ U, [: T+ o/ E$ y2 u#
firewall zone name gprs
set priority 4
" P) n$ `. p2 B# u  b detect ftp
add interface Ethernet2/0/1
, `2 r& R+ B1 Y' S#
firewall zone name dudubao
set priority 3
detect ftp
1 L, Q# ]7 G* A) ]1 }6 J7 [) L add interface Ethernet2/0/3
1 N% e3 H( l6 e/ o) d#
firewall interzone local trust
  `! ~9 a7 {' g+ P#
firewall interzone local untrust         
/ k/ P% _" h- U4 d) P6 o) n3 c6 x#
firewall interzone local dmz
: `# O  O& {5 V! m+ s+ j: h# f#
$ d$ `- M% h* v$ o4 L1 Mfirewall interzone local hrp
( H5 }1 d5 j2 o6 u3 I#
, [0 e2 w' [$ T5 Ifirewall interzone local gprs
#
$ B- n; W1 s! d$ Ifirewall interzone local dudubao
1 Q- N/ H+ X9 e( h#
firewall interzone trust untrust
packet-filter 3003 inbound
detect ftp
#
firewall interzone trust dmz
) D. X; \) e- I6 C; o7 c( ]#
& V+ P$ H% r, ^0 {firewall interzone trust hrp
#
firewall interzone trust gprs
; ?  ~4 W. B3 Z nat outbound 2003 address-group 3
detect ftp
3 h* ]: W/ A3 f#
& p2 j" a; n) Z# E! g+ N* Sfirewall interzone trust dudubao
packet-filter 3005 inbound               
2 h0 L6 r% o* U1 ^# N' M detect ftp
#
firewall interzone dmz untrust
#
firewall interzone hrp untrust
2 m' w8 |* @* e! ?% D3 H/ p5 g#
firewall interzone untrust gprs
  i( Y8 P+ t0 X; q6 A, f) W9 T+ C9 X#
+ N: V) H, f* @6 Nfirewall interzone untrust dudubao
- b$ m+ J5 L1 U$ v: \#
, [: `. x" N$ k) j' g. U% Lfirewall interzone dmz hrp
8 m& [2 e+ e& E5 q( K3 o; n' }& `4 O#
firewall interzone dmz gprs
; p  |2 Z; O, Y( O# { packet-filter 3002 inbound
) I# }4 K$ {+ R: C( s& R nat outbound 2002 address-group 5
detect ftp
; u6 T5 h, {9 m3 C#
# X$ H$ j8 o9 U6 _+ h  u7 n+ D9 ufirewall interzone dmz dudubao
! u0 Y, O8 D1 m2 m9 w  t" n7 S packet-filter 3006 outbound
#
firewall interzone hrp gprs
#
" j& d5 _/ P* O) w8 V, Afirewall interzone hrp dudubao            
! }1 ~/ Z: _* q#
firewall interzone gprs dudubao
#
6 n+ H6 y5 C8 Mvrrp group 1
5 p% O  ~1 p, h7 J add interface Ethernet2/0/7 vrrp vrid 1 data
, P- t3 x/ R1 N' v" ^ vrrp-group enable
vrrp-group priority 105
* g# k1 ~  U* B( l vrrp-group preempt delay 60
, R, [" ^# {0 h8 u7 Q* N% `$ W& r undo vrrp-group group-send
+ P* E  n: N* X+ ~! q4 q0 ivrrp group 2
& H+ S" D- ~" a) c, q( d$ L add interface Ethernet2/0/7 vrrp vrid 2 data
vrrp-group enable
undo vrrp-group preempt
undo vrrp-group group-send
#
aaa
local-user huawei password cipher 1_`%CO&$8@7&quot;+C5`;6XL!!!
  K3 Q# v  A5 X local-user huawei service-type terminal telnet ssh
local-user huawei level 1
authentication-scheme default
#
7 J9 b5 v2 x' J0 C8 k* d7 Z( V, l authorization-scheme default
- F. M) A5 F2 y' q4 h" F#                                         
% }0 L& O- B' a5 c1 n accounting-scheme default
#
domain default
#
6 f, M, v6 O1 U' T#
ospf 1
import-route static
* x" O8 A. K& h$ b area 0.0.0.0
  network 172.16.1.3 0.0.0.0
  network 172.16.2.0 0.0.0.3
  network 172.16.2.8 0.0.0.3
  network 172.16.2.24 0.0.0.3
+ d5 w3 K( x1 s  g#
( l% g1 y' Z! d) }: ]8 }- ?% y ip route-static 9.234.21.0 255.255.255.0 145.234.132.153
# e3 b# T8 m, `. {" L4 w6 r ip route-static 10.0.1.0 255.255.255.0 60.12.194.129
# ~8 F" T0 q8 q; Q1 W ip route-static 61.14.10.218 255.255.255.255 60.12.194.129
4 `. B. L) z! W. s ip route-static 119.57.5.0 255.255.255.0 60.12.194.129
8 u( w: b% {. l% L: L' M+ ` ip route-static 172.15.10.4 255.255.255.255 172.16.2.1
7 s! T# x% J/ _! V7 ? ip route-static 221.136.75.25 255.255.255.255 60.12.194.129
9 G: [: a; c4 _7 K#
$ T! H$ w: z" P0 ?3 w8 M9 f: P7 ` snmp-agent
snmp-agent local-engineid 000007DB7F00000100001BEE
6 M( A/ G8 m9 c! s% t snmp-agent community read  nbcardro      
snmp-agent sys-info version all
  y& A. V! j! h& X#
ssh server timeout 30
* g/ A( c: I0 h9 H7 `5 t- m! Q4 ^ ssh server rekey-interval 24
ssh user huawei authentication-type password
#
" p3 x( T) o4 D+ r+ luser-interface con 0
authentication-mode aaa
# B! f7 @  j5 l0 T! [user-interface aux 0
, M) ]1 l  a% V6 M% [1 o0 Z authentication-mode none
user-interface vty 0 4
acl 2000 inbound
authentication-mode aaa
8 s! {( N( c8 x: P# P; _ idle-timeout 5 0
#
* b; ]4 ]4 Q3 o$ {* K$ m2 treturn

帮看看

帮看看172.16.12.71到达60.12.194.140的路由有什么问题？

sh crypto ipsec sa detail

6 `% Q; e$ h6 \, `) _' X4 G Crypto map tag: mymap, seq num: 20, local addr: 119.57.5.5
% `! ^3 b& n, q( J: X+ f8 c
. X. B' n( I; E+ J* @      access-list outside_20_cryptomap permit ip host 10.0.1.17 172.16.12.0 255.255.255.0
* }; U4 ?) n0 y4 t      local ident (addr/mask/prot/port): (10.0.1.17/255.255.255.255/0/0)
      remote ident (addr/mask/prot/port): (172.16.12.0/255.255.255.0/0/0)
      current_peer: 60.12.194.14
              
      #pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18
      #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 18, #pkts comp failed: 0, #pkts decomp failed: 0
      #pkts no sa (send): 0, #pkts invalid sa (rcv): 0
      #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0
      #pkts invalid prot (rcv): 0, #pkts verify failed: 0
$ i, T+ k8 b. K  g3 V/ F1 N      #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0
. f: E6 \+ N6 `8 B      #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0
: Y0 n; ~, }+ a- f7 P  A      #pkts replay failed (rcv): 0
9 p3 m6 i. L  F5 R! ?9 Z3 ?      #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0
  {; m0 `  n2 d      #pkts internal err (send): 0, #pkts internal err (rcv): 0

      local crypto endpt.: 119.57.5.5, remote crypto endpt.: 60.12.194.14

. M- n" L! ~4 m0 L+ I      path mtu 1500, ipsec overhead 58, media mtu 1500
      current outbound spi: ED424D37

! T/ O. Y4 Z6 e4 J0 b5 H+ l; f; B    inbound esp sas:
      spi: 0xFE26B574 (4263949684)
  v; O+ U9 K) Z4 n6 `! @         transform: esp-des esp-md5-hmac none
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 26, crypto-map: mymap
         sa timing: remaining key lifetime (kB/sec): (1710000/3582)
         IV size: 8 bytes
, I* E7 f, z" ^         replay detection support: Y
* V- ~8 A4 s# C  n    outbound esp sas:
! t; _6 ^* p: |# `  E      spi: 0xED424D37 (3980545335)
         transform: esp-des esp-md5-hmac none
7 I- J" A/ x: C: a5 E6 t1 P1 K& ]         in use settings ={L2L, Tunnel, PFS Group 2, }
3 h/ J: o% z# j- Y0 s         slot: 0, conn_id: 26, crypto-map: mymap
5 u: m. i6 g7 H0 u: v         sa timing: remaining key lifetime (kB/sec): (1709998/3580)
4 R7 p- {" A  ~& h- g1 |% Y( ~3 G# J         IV size: 8 bytes
' h+ B( Q5 J5 C% ^* @         replay detection support: Y

真是 收益 匪浅

看帖回帖是美德！:lol

这是什么东东啊

我抢、我抢、我抢沙发~

好好 学习了 确实不错