留言板

“留言板” 包含 1 条回应

1. 请教各位：我想使用VPP与网关建立IPsec连接，配置如下，总是建立不起来，抓包看在第一步就没有完成，网关给VPP发起连接，VPP没有任何回复。可否请各位大神帮忙看看，究竟是哪里有问题？
   ————— —————

   | | 192.168.2.0/24 | |

   192.168.4.1 X VPP X================X GW X 192.168.1.1

   | responder |.99 .4| initiator |

   ————— —————
   VPP as responder:
   set int state GigabitEthernet2/5/0 up
   set int ip address GigabitEthernet2/5/0 192.168.2.99/24
   set int state GigabitEthernet2/6/0 up
   set int ip address GigabitEthernet2/6/0 192.168.4.1/24
   ikev2 profile add pr1
   ikev2 profile set pr1 auth shared-key-mic string Vpp123
   ikev2 profile set pr1 id local ip4-addr 192.168.2.99
   ikev2 profile set pr1 id remote ip4-addr 192.168.2.4
   ikev2 profile set pr1 traffic-selector local ip-range 192.168.4.0 – 192.168.4.255 port-range 0 – 65535 protocol 0
   ikev2 profile set pr1 traffic-selector remote ip-range 192.168.1.0 – 192.168.1.255 port-range 0 – 65535 protocol 0
   ikev2 profile set pr1 responder GigabitEthernet2/5/0 192.168.2.99
   ikev2 profile set pr1 ike-crypto-alg aes-cbc 256 ike-integ-alg sha1-96 ike-dh modp-1024
   ikev2 profile set pr1 esp-crypto-alg aes-cbc 256 esp-integ-alg sha1-96 esp-dh ecp-256
   ikev2 profile set pr1 sa-lifetime 3600 10 5 0

   GW as initiator:
   #test BEGIN
   conn test
   left=192.168.2.6
   leftnexthop=192.168.2.4
   leftsubnets={ 192.168.4.0/24, }
   right=192.168.2.4
   rightnexthop=192.168.2.6
   rightsubnets={ 192.168.1.0/24, }
   auto=add
   authby=secret
   ike=aes256-SHA1-modp1024!
   ikelifetime=86400s
   type=tunnel
   esp=aes256-SHA1!
   keylife=3600s
   pfs=no
   #test END

   回复