请求帮助：思科ASA 5520和华为eudemon 300建立L2L vpn不通

如何确认ipsec sa建立起来了？

这是华为的配置：
#
, h9 ]7 m  ?0 y9 ~- w" D2 |" Vacl number 2000
rule 0 permit source 172.16.14.1 0
$ e* M  V# D. y rule 1 permit source 172.16.1.0 0.0.0.255
( ^, y, Y! ^# r, |  f0 r rule 3 permit source 172.16.2.1 0
rule 4 permit source 172.16.2.13 0
rule 5 permit source 172.16.10.0 0.0.0.255
rule 6 permit source 172.16.16.2 0
rule 7 permit source 172.16.2.2 0
4 h' [. o6 z' |* ?3 ~" C* O rule 8 permit source 172.16.14.50 0
& E0 l, ?# @8 w* X$ t rule 10 deny
( f( b% E0 R0 O  K  `9 ]acl number 2001
# p& j* e% f* l( a/ h9 c rule 0 permit source 172.16.12.51 0
rule 5 deny
acl number 2002
rule 0 permit source 172.16.12.61 0
. P( e7 P" P! {; Y8 g rule 5 deny
0 x7 D5 P, q" w$ Kacl number 2003
rule 0 permit source 172.15.10.4 0
rule 5 deny
#
acl number 3000
/ F3 V8 I' ?3 G description dmz-trust
8 R' }  ]( q/ H7 b1 n rule 0 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 4008
7 m' {! F4 D& ?5 u7 c* P) O rule 1 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8898
/ x5 o+ X# K; ^ rule 2 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8868
rule 3 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8858
7 P/ V7 l; r. l) m- _% C; t0 u rule 4 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 4008
5 r$ e5 Y) v: R! J2 l rule 5 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8898
rule 6 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8868
rule 7 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8858
rule 8 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq 4003
rule 9 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq ftp
- B* M- l& ^! G/ M7 S rule 10 permit tcp source 172.16.12.61 0 destination 172.16.10.51 0 destination-port eq ftp
5 ]9 ^9 ^  G+ C. N; D- t4 _ rule 11 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq ftp
5 E$ E9 D  o5 V rule 12 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq ftp
rule 13 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq ftp
rule 14 permit tcp source 172.16.12.51 0 destination 172.16.10.51 0 destination-port eq ftp
rule 15 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq 4003
! l% q1 o. x! W1 q( C& P rule 16 permit ospf
; r2 V7 E- g$ H' o- [$ T- y0 e7 f; v/ k rule 17 permit tcp source 172.16.12.51 0 destination 172.16.10.101 0 destination-port eq 8
! b7 _# g! e7 v$ \8 f rule 18 deny tcp
acl number 3001
# ~: r! d0 K7 M- L description For Untrust-dmz
rule 0 permit tcp source 172.16.20.0 0.0.0.255 destination 172.16.12.51 0 destination-port eq 5000
rule 5 permit icmp
3 o* _% ]! W. ]0 S+ ~/ K rule 10 permit ospf                     
rule 15 deny tcp source 172.16.20.0 0.0.0.255
acl number 3002
/ o5 Y; z; ?6 |% o description To_Yinlian
rule 0 permit ip source 9.234.21.63 0 destination 144.234.97.33 0
rule 5 permit ip source 9.234.21.64 0 destination 144.234.97.33 0
5 `- E' N8 n$ A/ y# G: m rule 10 permit ip source 9.234.21.66 0 destination 144.234.97.33 0
$ X; d3 `/ }- H# q rule 15 deny ip
acl number 3003
description for Untrust-Trust
rule 0 permit ip source 10.78.72.70 0 destination 172.15.10.4 0
. h) M  p& K7 v5 |. ~2 M0 Y9 Z, f rule 1 permit ip source 172.16.2.26 0 destination 172.16.10.111 0
rule 2 permit ip source 172.16.2.26 0 destination 172.16.14.1 0
rule 3 permit ip source 10.78.72.153 0 destination 172.15.10.4 0
" s; l4 w0 K9 M/ A' M; O- w" P  O rule 4 permit ip source 10.78.72.157 0 destination 172.15.10.4 0
rule 5 permit ip source 192.168.100.43 0 destination 172.15.10.4 0
rule 6 permit ip source 10.16.2.7 0 destination 172.15.10.4 0
3 _/ S; m3 h7 ^3 U- ~, T3 M: ^ rule 7 permit ip source 10.16.2.5 0 destination 172.15.10.4 0
rule 8 permit ip source 10.16.2.6 0 destination 172.15.10.4 0
9 I: h4 e0 v0 Z8 i* F rule 9 permit ip source 10.16.2.8 0 destination 172.15.10.4 0
+ B+ A  c0 j: |1 R4 x rule 11 permit ip source 10.139.25.26 0 destination 172.15.10.4 0
rule 13 permit ip source 10.143.10.183 0 destination 172.15.10.4 0
rule 50 deny ip
1 Z$ l. x9 g9 ~+ ^acl number 3004                           
) }3 b0 P  m: i/ t- h# S! q+ p( v rule 0 permit ip source 172.16.1.7 0 destination 172.16.10.111 0
acl number 3005
description TO_dudubao
$ C2 P* }4 D9 `3 y" u+ K$ h) K/ ] rule 0 permit tcp destination 172.15.10.4 0 destination-port eq 6868
: v" o5 h4 b: u2 o# g5 U2 G/ B: | rule 1 permit tcp destination 172.15.10.4 0 destination-port eq ftp-data
rule 2 permit tcp destination 172.15.10.4 0 destination-port eq ftp
acl number 3006
7 \% C. L( M* T( Z) _ rule 0 permit ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
acl number 3007
+ Q7 x& ]3 n) }& c rule 0 deny ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
9 ]0 x2 W8 B* }- v& S( `$ b rule 1 permit ip source 172.16.12.0 0.0.0.255
#
7 k5 \3 F/ k: E2 @: g' a+ B9 J sysname NB_Eudemon300-A
#
" U/ c4 a) Y# C. C, M super password level 3 cipher '._1D9P1YCQ=^Q`MAF4<1!!
#
info-center loghost 172.16.10.192
info-center loghost 172.16.10.111
#
hrp enable
3 L8 F/ D. ~& U0 E8 ?$ J. `& ^$ Y# E hrp interface Ethernet2/0/7
#
: J. _5 Y$ l: {' s5 f router id 172.16.1.3                     
#
firewall packet-filter default permit interzone local trust direction inbound
0 E3 g: B8 y4 P; I' [ firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
0 S. B0 |+ h% Z- f firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
( w& D4 X: i# W: b firewall packet-filter default permit interzone local hrp direction inbound
9 j5 J, _- L9 ?) ~' v, \& O firewall packet-filter default permit interzone local hrp direction outbound
firewall packet-filter default permit interzone local gprs direction inbound
& j, H+ M1 a, v* Z3 t3 h firewall packet-filter default permit interzone local gprs direction outbound
" l, q" y0 o& \0 d  g& a, s2 F firewall packet-filter default permit interzone local dudubao direction inbound
2 L* k9 _/ S8 }6 o; |3 Z firewall packet-filter default permit interzone local dudubao direction outbound
! z+ O9 Q& ~6 u5 h/ m firewall packet-filter default permit interzone trust untrust direction outbound
! y8 i: j1 i: v) s, e+ o( z* T# y firewall packet-filter default permit interzone trust dmz direction inbound
5 M! o  T/ l3 x% E firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone trust gprs direction inbound
firewall packet-filter default permit interzone trust gprs direction outbound
/ B5 O( ?( `2 X3 T! A firewall packet-filter default permit interzone trust dudubao direction inbound
firewall packet-filter default permit interzone trust dudubao direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
" E: s7 N0 f. ]! N6 c5 z firewall packet-filter default permit interzone dmz gprs direction inbound
firewall packet-filter default permit interzone dmz gprs direction outbound
1 Y+ R7 z; y( Y& l$ s; m! D  a firewall packet-filter default permit interzone dmz dudubao direction inbound
3 K2 u0 o  b  p( j9 Y firewall packet-filter default permit interzone dmz dudubao direction outbound
. @! P: e4 A' _8 ]7 b#
nat address-group 3 145.234.97.33 145.234.97.33
" m' B3 }3 C, R& u+ Y+ q7 `$ v nat address-group 5 144.234.97.33 144.234.97.33
nat server zone gprs  global 144.234.97.33 inside 172.16.12.61
1 ~3 e( l2 Y1 C#
bypass switch-back auto
/ S; T* E5 B2 v$ }#
2 p( E- h6 m4 `2 p firewall mode route
#
firewall defend ip-spoofing enable
6 @- f( _7 E9 [ firewall defend land enable
/ b: }. Z2 U4 Z" O firewall defend smurf enable
firewall defend fraggle enable
" N/ q% D5 a5 t# Q firewall defend winnuke enable
firewall defend syn-flood enable
firewall defend udp-flood enable
' k  C. q: M0 r. ]/ [ firewall defend icmp-redirect enable
firewall defend icmp-unreachable enable
firewall defend ip-sweep enable         
firewall defend port-scan enable
firewall defend route-record enable
firewall defend ping-of-death enable
8 V- Q. O& A; N+ [2 s firewall defend teardrop enable
$ |6 a$ ?4 G% ~  g' x firewall defend tcp-flag enable
firewall defend large-icmp enable
#
- r4 v( f3 k9 O8 o firewall statistic system enable
#
6 G, y# a+ P! w* ^4 wike proposal 1
/ y/ |  e7 H. W& P0 q9 V! u8 c$ Z#
6 h* }# ]5 r+ F) G  dike peer a
pre-shared-key cnnbtk
! m9 L9 ?/ M/ n, r7 v  p& Z3 @9 l ike-proposal 1
remote-address 119.57.5.5
#
( j+ Q: K! h8 I$ x  @# u  kipsec proposal tran1
8 F/ V. }+ J0 k0 q#
ipsec policy map1 1 isakmp
) H5 G" n6 g1 l5 ? security acl 3006
9 |  H( O" R2 f4 P! w pfs dh-group2
ike-peer a
: {7 e+ R$ Q6 p# y& I% Q proposal tran1                           
local-address 60.12.194.14
* R- k. {" U, x. A& F  c#
- M* ^/ X0 V" U3 Pinterface Aux0
- u* `/ u9 ?6 V. K async mode flow
  h. `- R, @/ t5 U link-protocol ppp
#
interface Ethernet0/0/0
, B2 ]  f( S* V* `6 m2 ^#
. M8 D$ Z! l) Y$ Q( O0 t7 ~/ }interface Ethernet0/0/1
#
5 n9 s! N7 e; `! ?$ Pinterface Ethernet2/0/0
description To_S5624-A(1/0/24)
' Y) A; g9 I0 }* [( D7 {( A ip address 172.16.2.9 255.255.255.252
ospf cost 100
#
6 t5 E& h4 r$ w+ j* Ainterface Ethernet2/0/1
description To_Yinlian
7 P2 r  r  o8 }) e; [+ D4 I" Z# [. s ip address 145.234.132.154 255.255.255.252
& y& U2 `* K, g/ |#
: h, q* w# W2 \; N& pinterface Ethernet2/0/2
" w; A( y; c# x6 L4 O" c description To_S6506R_A(7/0/48)
* n; P  I, N4 m7 { ip address 172.16.2.2 255.255.255.252
ospf cost 100                           
$ n7 B$ D3 H# i# J1 c#
interface Ethernet2/0/3
description To-dudubao
ip address 60.12.194.14 255.255.255.240
4 H6 C  D7 e3 I- e7 R1 ? ipsec policy map1
. Y* O) o) X. X) ~- L#
" D! y. \( }& R; e$ X- Z6 h# ^; Sinterface Ethernet2/0/4
#
- L% o3 l- [0 K; K8 c6 J0 tinterface Ethernet2/0/5
* }4 r4 }3 I; {# c& p/ e/ ~$ b0 v7 C#
interface Ethernet2/0/6
8 C, G2 v4 `8 E9 V#
interface Ethernet2/0/7
3 X% e: b" B2 x5 X4 m4 N description To_Eudemon300-B_E2/0/7
0 c) z1 ~" J/ s, W ip address 172.16.2.201 255.255.255.248
- M, d, ~* f0 M% A$ T& K vrrp vrid 1 virtual-ip 172.16.2.203
vrrp vrid 1 priority 150
" g0 s- J8 h1 m vrrp vrid 1 preempt-mode timer delay 60
/ D  E/ ]: Q$ Z+ ?& s vrrp vrid 2 virtual-ip 172.16.2.204
' \* |4 u, k" F# W2 I#
interface GigabitEthernet1/0/0
" N1 B9 m1 p* X0 v shutdown                                 
#
" d6 f2 v" l2 a$ f* \; [interface GigabitEthernet1/0/1
2 N9 n- F' @  l" R3 ] description To_S5624-B(1/0/25)
" ^/ j$ u! i- @3 d. J ip address 172.16.2.25 255.255.255.252
ospf cost 500
#
3 Q! A0 {. d9 Z/ q: Jinterface NULL0
#
( b* ]) ~' `! e* [" b9 k/ D% ]) ?interface LoopBack0
1 B, F2 d% t& W ip address 172.16.1.3 255.255.255.255
#
) ~) {- S& ]% I3 e6 ?# ^1 Nfirewall zone local
set priority 100
% @- n8 M5 \9 c. e$ d#
firewall zone trust
2 E, ]. [* L. C1 @& a- ]. Q" }: S set priority 85
detect ftp
add interface Ethernet2/0/2
# S5 y7 t! Z' O. P) \#
firewall zone untrust
set priority 5
detect ftp                              
) n1 E9 M) Z; _" h% s! v add interface GigabitEthernet1/0/1
#
2 H* R1 A  d; Y8 ^firewall zone dmz
set priority 50
7 l( N8 L: K) M* f) V8 W, ~2 d; Y add interface Ethernet2/0/0
' y* @: F. N- [5 G+ ^, u#
firewall zone name hrp
set priority 40
add interface Ethernet2/0/7
#
" E+ T2 o( _8 K4 Kfirewall zone name gprs
set priority 4
detect ftp
add interface Ethernet2/0/1
6 m. q4 N( p. a% x: B#
3 K9 Z) c- {' W& Z- G* Afirewall zone name dudubao
set priority 3
detect ftp
7 K. ^/ G) C9 j! y) h add interface Ethernet2/0/3
#
- s1 _4 @/ P1 V8 }" Afirewall interzone local trust
#
& H; C+ f! Y+ |) Mfirewall interzone local untrust         
#
9 P5 ~' P% f2 S8 B  Q4 vfirewall interzone local dmz
#
/ R  c: K1 U4 B& Y/ ^firewall interzone local hrp
#
# @. r, X  G6 S$ t5 Lfirewall interzone local gprs
#
3 c0 R' ?( `8 v8 j! a1 {+ Hfirewall interzone local dudubao
2 {5 F8 q; R  O. T+ @#
* R9 f& @. w" C1 _5 L% G! O% y0 H1 jfirewall interzone trust untrust
packet-filter 3003 inbound
6 q* |. m2 t( ]* N: B detect ftp
7 |$ G$ v5 L' G( n#
firewall interzone trust dmz
#
; G$ ^) u" J% b! }5 M) a; hfirewall interzone trust hrp
#
firewall interzone trust gprs
9 C4 O# t' ~  r9 I0 A2 N" `, C, ^# e5 U nat outbound 2003 address-group 3
) L# K7 m% ?* \% A4 N5 q detect ftp
4 u" ^' K8 M4 P3 o  u5 a1 U4 [- u#
firewall interzone trust dudubao
' Z# M! L* C; h% f packet-filter 3005 inbound               
detect ftp
, @0 s6 k0 U3 X4 O; i' E#
! B. j* p$ Z8 a+ w3 b& tfirewall interzone dmz untrust
* a, c2 W4 r$ `% U' H#
- f. q9 H% }" ifirewall interzone hrp untrust
#
firewall interzone untrust gprs
#
firewall interzone untrust dudubao
" S3 `# {) X/ d& a2 Q: }+ @#
firewall interzone dmz hrp
$ S3 H' |- N$ {) i! ~0 X8 h#
2 i7 U; i1 X; p" v# o) f/ h' ffirewall interzone dmz gprs
packet-filter 3002 inbound
9 v/ p1 h& H7 \; r9 m nat outbound 2002 address-group 5
detect ftp
1 E+ ^* n. ]  T, B1 t9 f! ?9 L#
- P9 M( w! B, F1 W1 s2 Lfirewall interzone dmz dudubao
packet-filter 3006 outbound
$ W" B3 S6 @% l3 N#
firewall interzone hrp gprs
" [- Z$ r& z! T# y#
4 f% S% p+ y5 ?4 b8 W0 g5 ?firewall interzone hrp dudubao            
3 ]1 B) u/ I8 D& o6 g#
firewall interzone gprs dudubao
, s; H; Y% j: G+ h- P0 O#
vrrp group 1
add interface Ethernet2/0/7 vrrp vrid 1 data
- g2 W4 g) ^! ~" x% g vrrp-group enable
* i6 S. R7 w- s) M vrrp-group priority 105
vrrp-group preempt delay 60
undo vrrp-group group-send
vrrp group 2
add interface Ethernet2/0/7 vrrp vrid 2 data
vrrp-group enable
9 j# O& a: A# \" ~6 \ undo vrrp-group preempt
& C8 r/ u7 x1 I5 ~5 } undo vrrp-group group-send
#
aaa
, r& c! [% M( Y+ t8 M6 K local-user huawei password cipher 1_`%CO&$8@7&quot;+C5`;6XL!!!
local-user huawei service-type terminal telnet ssh
" v& S6 S2 n/ ?" J, p8 P/ C7 n6 a local-user huawei level 1
+ ~# ~( V! B$ ?8 R9 l/ v1 o authentication-scheme default
  s, u/ x6 Y. v3 ^#
authorization-scheme default
, {6 d$ m- P: m" x#                                         
8 X' d1 m+ B# N) ~9 O( u9 V accounting-scheme default
9 Q' i- a% a! l! p. G#
domain default
#
#
  x4 {- y. q, |9 ]% S" s' Q6 tospf 1
0 R7 _, u) P3 j; k4 F import-route static
; P! B) O+ N* [2 D- S# F( t4 R& { area 0.0.0.0
  network 172.16.1.3 0.0.0.0
3 e8 R, p7 @0 G- B3 e& l* V  network 172.16.2.0 0.0.0.3
  network 172.16.2.8 0.0.0.3
! z& a5 _0 N+ K/ c  network 172.16.2.24 0.0.0.3
3 @. i0 e  P* z9 P* q+ s: j6 t#
ip route-static 9.234.21.0 255.255.255.0 145.234.132.153
ip route-static 10.0.1.0 255.255.255.0 60.12.194.129
6 e: t( A9 P- a' q* ]& f/ K% n ip route-static 61.14.10.218 255.255.255.255 60.12.194.129
ip route-static 119.57.5.0 255.255.255.0 60.12.194.129
2 N$ s- y, U! Q$ I6 ~ ip route-static 172.15.10.4 255.255.255.255 172.16.2.1
# N+ r0 U# s9 [, C ip route-static 221.136.75.25 255.255.255.255 60.12.194.129
3 s- H; o8 Y4 V#
; G* J% k6 I+ {# z/ A- S snmp-agent
snmp-agent local-engineid 000007DB7F00000100001BEE
snmp-agent community read  nbcardro      
1 P3 e% u$ w. Z snmp-agent sys-info version all
8 d0 w' d, G& w( {* A6 [4 V$ l3 @#
7 x2 @0 ]: Y/ m ssh server timeout 30
ssh server rekey-interval 24
, n1 ]* _+ t8 x/ B) w ssh user huawei authentication-type password
#
user-interface con 0
! q& i/ `6 Z& ]" S authentication-mode aaa
user-interface aux 0
! n; U% m5 B3 x$ m8 M authentication-mode none
user-interface vty 0 4
2 W/ a- d& p  N; c' Z) A acl 2000 inbound
" ~5 r0 W3 R6 h  g authentication-mode aaa
idle-timeout 5 0
( R* K3 a5 K4 [# m- u#
return

帮看看

帮看看172.16.12.71到达60.12.194.140的路由有什么问题？

sh crypto ipsec sa detail
, l  r. v6 D4 f% U1 m
1 B. i7 e( }1 n6 v1 f1 H- V+ j) p9 } Crypto map tag: mymap, seq num: 20, local addr: 119.57.5.5

      access-list outside_20_cryptomap permit ip host 10.0.1.17 172.16.12.0 255.255.255.0
      local ident (addr/mask/prot/port): (10.0.1.17/255.255.255.255/0/0)
      remote ident (addr/mask/prot/port): (172.16.12.0/255.255.255.0/0/0)
: P* c5 {, Q3 p9 q      current_peer: 60.12.194.14
1 T3 u: }; M: l  j- t( Z8 q              
      #pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18
- T1 }7 d+ `5 y2 E* R$ l# w      #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 18, #pkts comp failed: 0, #pkts decomp failed: 0
8 j, [4 F' }7 B  |      #pkts no sa (send): 0, #pkts invalid sa (rcv): 0
5 M. ^4 s- l3 r( M- Q( {      #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0
      #pkts invalid prot (rcv): 0, #pkts verify failed: 0
0 C1 k' \5 c7 W$ J! d, K) Y: s2 z      #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0
  j& ?1 P$ V" c5 f, q      #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0
+ Y, o! M% j: w  Y      #pkts replay failed (rcv): 0
      #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0
; K& m( e- r6 J2 I      #pkts internal err (send): 0, #pkts internal err (rcv): 0

# ?) y! A6 f  f* R      local crypto endpt.: 119.57.5.5, remote crypto endpt.: 60.12.194.14

      path mtu 1500, ipsec overhead 58, media mtu 1500
" c% H3 t' D3 x: P0 l6 q/ L      current outbound spi: ED424D37

, F# R6 H& r6 k. V% j    inbound esp sas:
9 N& h# W3 k2 T) S. W      spi: 0xFE26B574 (4263949684)
         transform: esp-des esp-md5-hmac none
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 26, crypto-map: mymap
         sa timing: remaining key lifetime (kB/sec): (1710000/3582)
/ J$ n6 \4 E% p, |# i% X         IV size: 8 bytes
. @" [: }' M+ m8 P/ R9 k         replay detection support: Y
$ c- ], o# a' d( V! M! _' u    outbound esp sas:
      spi: 0xED424D37 (3980545335)
         transform: esp-des esp-md5-hmac none
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 26, crypto-map: mymap
         sa timing: remaining key lifetime (kB/sec): (1709998/3580)
         IV size: 8 bytes
         replay detection support: Y

真是 收益 匪浅

看帖回帖是美德！:lol

这是什么东东啊

我抢、我抢、我抢沙发~

好好 学习了 确实不错