Добрый день. Настраиваю соединение Lan-to-Lan между головным офисом и филиалом.
Соединение устанавливается но через некоторое время падает и повторно не поднимается,
Пинги с обоих сторон его не поднимают. Момогает только перезагрузка модема в головном офисе.
Подскажите если сможете, уже незнаю что думать.
Вот схема 10.0.0.0/24 10.0.0.12 -Сisco2811- 192.168.2.100
(сеть голов. офиса) |
|
|
192.168.100.11 Adsl Modem 192.168.2.3
|
|
сеть провайдера
|
|
192.168.100.7 -Cisco 817+Adsl Modem Bridge-10.0.7.3 10.0.7.0/24
(сеть филиала)
Циска в офисе
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(3h), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 25-Jul-07 15:20 by stshen
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
C2811 uptime is 33 minutes
System returned to ROM by reload at 10:04:32 UTC Fri Jun 20 2008
System image file is "flash:c2800nm-advipservicesk9-mz.124-3h.bin"
Конфиг Cisco2811
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname C2811
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 xxx
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name rsb.klg
ip ssh authentication-retries 2
vpdn enable
!
vpdn-group 1
!
!
voice-card 0
no dspfarm
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key key-password address 192.168.100.7 no-xauth
crypto isakmp keepalive 20 5
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ESP-DES esp-des esp-md5-hmac
!
crypto ipsec profile vpn_tunnel
set transform-set ESP-DES
!
!
crypto map CMAP_1 1 ipsec-isakmp
set peer 192.168.100.7
set transform-set ESP-DES
match address Main-Branch
!
!
interface FastEthernet0/0
ip address 192.168.2.100 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CMAP_1
!
interface FastEthernet0/1
ip address 10.0.0.12 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map clear-df
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.3
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/0 overload
!
ip access-list extended Main-Branch
permit ip 10.0.0.0 0.0.0.255 10.0.7.0 0.0.0.255
!
logging trap debugging
logging facility local2
logging 10.0.0.10
access-list 120 deny ip 10.0.0.0 0.0.0.255 10.0.7.0 0.0.0.255
access-list 120 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map clear-df permit 10
match ip address Main-Branch
set ip df 0
!
route-map nonat permit 10
match ip address 120
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
==================================================================================
Циска в филиале
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
K871 uptime is 33 minutes
System returned to ROM by reload
System image file is "flash:c870-advsecurityk9-mz.124-4.T8.bin"
Конфиг Cisco871
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname K871
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$pSiC$mdBRqchvE775q3hUY6aRQ.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 3
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
ip cef
!
!
no ip bootp server
no ip domain lookup
ip ssh time-out 60
ip ssh authentication-retries 2
vpdn enable
vpdn-group 1
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key key-password address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 20 5
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ESP-DES esp-des esp-md5-hmac
!
crypto dynamic-map DMAP1 10
set transform-set ESP-DES
match address tunnel
!
!
crypto map CMAP_1 1 ipsec-isakmp
set peer 192.168.100.11
set transform-set ESP-DES
match address tunnel
!
crypto map dtrans 10 ipsec-isakmp dynamic DMAP1
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
no ip redirects
no ip unreachables
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 10.0.7.3 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
ip policy route-map clear-df
!
interface Dialer0
ip address 192.168.100.7 255.255.255.0
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname intranet
ppp chap password 7 xxxxx
ppp pap sent-username intranet password 7 xxxxx
crypto map dtrans
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map nonat interface Dialer0 overload
ip access-list extended tunnel
permit ip 10.0.7.0 0.0.0.255 10.0.0.0 0.0.0.255
!
logging trap debugging
access-list 1 permit 10.0.7.0 0.0.0.255
access-list 101 permit gre host 192.168.100.7 host 192.168.100.11
access-list 120 deny ip 10.0.7.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 120 permit ip 10.0.7.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
route-map clear-df permit 10
match ip address tunnel
set ip df 0
!
route-map nonat permit 10
match ip address 120
!
!
control-plane
!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
===================================================================================
C2811#sh crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: CMAP_1, local addr 192.168.2.100
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.0.7.0/255.255.255.0/0/0)
current_peer 192.168.100.7 port 500
PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
#pkts encaps: 1166, #pkts encrypt: 1166, #pkts digest: 1166
#pkts decaps: 1249, #pkts decrypt: 1249, #pkts verify: 1249
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 117, #recv errors 0
local crypto endpt.: 192.168.2.100, remote crypto endpt.: 192.168.100.7
path mtu 1500, ip mtu 1500
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
C2811#sh crypto isakmp sa
dst src state conn-id slot status
192.168.100.7 192.168.2.100 MM_NO_STATE 1 0 ACTIVE (deleted)
====================================================================================
Вот логи со сторны С2811
2167: 001654: *Jun 20 10:43:34.235: ISAKMP: received ke message (1/1)
2168: 001655: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
2169: 001656: *Jun 20 10:43:34.235: ISAKMP: Created a peer struct for 192.168.100.7, peer port 500
2170: 001657: *Jun 20 10:43:34.235: ISAKMP: New peer created peer = 0x46B84EAC peer_handle = 0x80000012
2171: 001658: *Jun 20 10:43:34.235: ISAKMP: Locking peer struct 0x46B84EAC, IKE refcount 1 for isakmp_initiator
2172: 001659: *Jun 20 10:43:34.235: ISAKMP: local port 500, remote port 500
2173: 001660: *Jun 20 10:43:34.235: ISAKMP: set new node 0 to QM_IDLE
2174: 001661: *Jun 20 10:43:34.235: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 46ECFE38
2175: 001662: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
2176: 001663: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.100.7 in default
2177: 001664: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0): : success
2178: 001665: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.100.7
2179: 001666: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
2180: 001667: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
2181: 001668: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
2182: 001669: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
2183: 001670: *Jun 20 10:43:34.235: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1
2184:
2185: 001671: *Jun 20 10:43:34.239: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
2186: 001672: *Jun 20 10:43:34.239: ISAKMP:(0:0:N/A:0): sending packet to 192.168.100.7 my_port 500 peer_port 500 (I) MM_NO_STATE
2187: 001673: *Jun 20 10:43:34.283: ISAKMP (0:0): received packet from 192.168.100.7 dport 500 sport 500 Global (I) MM_NO_STATE
2188: 001674: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
2189: 001675: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2
2190:
2191: 001676: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
2192: 001677: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0): processing vendor id payload
2193: 001678: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245 mismatch
2194: 001679: *Jun 20 10:43:34.283: ISAKMP (0:0): vendor ID is NAT-T v7
2195: 001680: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.100.7 in default
2196: 001681: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0): : success
2197: 001682: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.100.7
2198: 001683: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0): local preshared key found
2199: 001684: *Jun 20 10:43:34.283: ISAKMP : Scanning profiles for xauth ...
2200: 001685: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 1 policy
2201: 001686: *Jun 20 10:43:34.283: ISAKMP: encryption DES-CBC
2202: 001687: *Jun 20 10:43:34.283: ISAKMP: hash MD5
2203: 001688: *Jun 20 10:43:34.283: ISAKMP: default group 2
2204: 001689: *Jun 20 10:43:34.283: ISAKMP: auth pre-share
2205: 001690: *Jun 20 10:43:34.283: ISAKMP: life type in seconds
2206: 001691: *Jun 20 10:43:34.283: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
2207: 001692: *Jun 20 10:43:34.283: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0
2208: 001693: *Jun 20 10:43:34.323: ISAKMP:(0:2:SW:1): processing vendor id payload
2209: 001694: *Jun 20 10:43:34.323: ISAKMP:(0:2:SW:1): vendor ID seems Unity/DPD but major 245 mismatch
2210: 001695: *Jun 20 10:43:34.323: ISAKMP (0:134217730): vendor ID is NAT-T v7
2211: 001696: *Jun 20 10:43:34.323: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
2212: 001697: *Jun 20 10:43:34.323: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2
2213:
2214: 001698: *Jun 20 10:43:34.323: ISAKMP:(0:2:SW:1): sending packet to 192.168.100.7 my_port 500 peer_port 500 (I) MM_SA_SETUP
2215: 001699: *Jun 20 10:43:34.327: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
2216: 001700: *Jun 20 10:43:34.327: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3
2217:
2218: 001701: *Jun 20 10:43:34.399: ISAKMP (0:134217730): received packet from 192.168.100.7 dport 500 sport 500 Global (I) MM_SA_SETUP
2219: 001702: *Jun 20 10:43:34.403: ISAKMP:(0:2:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
2220: 001703: *Jun 20 10:43:34.403: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4
2221:
2222: 001704: *Jun 20 10:43:34.403: ISAKMP:(0:2:SW:1): processing KE payload. message ID = 0
2223: 001705: *Jun 20 10:43:34.447: ISAKMP:(0:2:SW:1): processing NONCE payload. message ID = 0
2224: 001706: *Jun 20 10:43:34.447: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.100.7 in default
2225: 001707: *Jun 20 10:43:34.447: ISAKMP:(0:0:N/A:0): : success
2226: 001708: *Jun 20 10:43:34.447: ISAKMP:(0:2:SW:1):found peer pre-shared key matching 192.168.100.7
2227: 001709: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1):SKEYID state generated
2228: 001710: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1): processing vendor id payload
2229: 001711: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1): vendor ID is Unity
2230: 001712: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1): processing vendor id payload
2231: 001713: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1): vendor ID is DPD
2232: 001714: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1): processing vendor id payload
2233: 001715: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1): speaking to another IOS box!
2234: 001716: *Jun 20 10:43:34.451: ISAKMP (0:134217730): NAT found, the node inside NAT
2235: 001717: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
2236: 001718: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4
2237:
2238: 001719: *Jun 20 10:43:34.451: ISAKMP:(0:1:SW:1):purging SA., sa=4601473C, delme=4601473C
2239: 001720: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1):Send initial contact
2240: 001721: *Jun 20 10:43:34.451: ISAKMP:(0:2:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
2241: 001722: *Jun 20 10:43:34.451: ISAKMP (0:134217730): ID payload
2242: <009>next-payload : 8
2243: <009>type : 1
2244: <009>address : 192.168.2.100
2245:
2246: <009>protocol : 17
2247: <009>port : 0
2248: <009>length : 12
2249: 001723: *Jun 20 10:43:34.455: ISAKMP:(0:2:SW:1):Total payload length: 12
2250: 001724: *Jun 20 10:43:34.455: ISAKMP:(0:2:SW:1): sending packet to 192.168.100.7 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
2251: 001725: *Jun 20 10:43:34.455: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
2252: 001726: *Jun 20 10:43:34.455: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5
2253:
2254: 001727: *Jun 20 10:43:44.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH...
2255: 001728: *Jun 20 10:43:44.455: ISAKMP (0:134217730): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
2256: 001729: *Jun 20 10:43:44.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH
2257: 001730: *Jun 20 10:43:44.455: ISAKMP:(0:2:SW:1): sending packet to 192.168.100.7 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
2258: 001731: *Jun 20 10:43:54.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH...
2259: 001732: *Jun 20 10:43:54.455: ISAKMP (0:134217730): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
2260: 001733: *Jun 20 10:43:54.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH
2261: 001734: *Jun 20 10:43:54.455: ISAKMP:(0:2:SW:1): sending packet to 192.168.100.7 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
2262: 001735: *Jun 20 10:44:04.231: IPSEC(key_engine): request timer fired: count = 1,
2263: (identity) local= 192.168.2.100, remote= 192.168.100.7,
2264: local_proxy= 10.0.0.0/255.255.255.0/0/0 (type=4),
2265: remote_proxy= 10.0.7.0/255.255.255.0/0/0 (type=4)
2266: 001736: *Jun 20 10:44:04.231: IPSEC(sa_request): ,
2267: (key eng. msg.) OUTBOUND local= 192.168.2.100, remote= 192.168.100.7,
2268: local_proxy= 10.0.0.0/255.255.255.0/0/0 (type=4),
2269: remote_proxy= 10.0.7.0/255.255.255.0/0/0 (type=4),
2270: protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),
2271: lifedur= 86400s and 4608000kb,
2272: spi= 0xB8BDEF56(3099455318), conn_id= 0, keysize= 0, flags= 0x400A
2273: 001737: *Jun 20 10:44:04.231: ISAKMP: received ke message (1/1)
2274: 001738: *Jun 20 10:44:04.231: ISAKMP: set new node 0 to QM_IDLE
2275: 001739: *Jun 20 10:44:04.231: ISAKMP:(0:2:SW:1):SA is still budding. Attached new ipsec request to it. (local 192.168.2.100, remote 192.168.100.7)
2276: 001740: *Jun 20 10:44:04.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH...
2277: 001741: *Jun 20 10:44:04.455: ISAKMP (0:134217730): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
2278: 001742: *Jun 20 10:44:04.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH
2279: 001743: *Jun 20 10:44:04.455: ISAKMP:(0:2:SW:1): sending packet to 192.168.100.7 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
2280: 001744: *Jun 20 10:44:14.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH...
2281: 001745: *Jun 20 10:44:14.455: ISAKMP (0:134217730): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
2282: 001746: *Jun 20 10:44:14.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH
2283: 001747: *Jun 20 10:44:14.455: ISAKMP:(0:2:SW:1): sending packet to 192.168.100.7 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
2284: 001748: *Jun 20 10:44:24.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH...
2285: 001749: *Jun 20 10:44:24.455: ISAKMP (0:134217730): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
2286: 001750: *Jun 20 10:44:24.455: ISAKMP:(0:2:SW:1): retransmitting phase 1 MM_KEY_EXCH
2287: 001751: *Jun 20 10:44:24.455: ISAKMP:(0:2:SW:1): sending packet to 192.168.100.7 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
2288: 001752: *Jun 20 10:44:34.231: IPSEC(key_engine): request timer fired: count = 2,
2289: (identity) local= 192.168.2.100, remote= 192.168.100.7,
2290: local_proxy= 10.0.0.0/255.255.255.0/0/0 (type=4),
2291: remote_proxy= 10.0.7.0/255.255.255.0/0/0 (type=4)
2292: 001753: *Jun 20 10:44:34.231: ISAKMP: received ke message (3/1)
2293: 001754: *Jun 20 10:44:34.231: ISAKMP:(0:2:SW:1):peer does not do paranoid keepalives.
2294:
2295: 001755: *Jun 20 10:44:34.231: ISAKMP:(0:2:SW:1):deleting SA reason "P1 delete notify (in)" state (I) MM_KEY_EXCH (peer 192.168.100.7)
2296: 001756: *Jun 20 10:44:34.231: ISAKMP:(0:2:SW:1):deleting SA reason "P1 delete notify (in)" state (I) MM_KEY_EXCH (peer 192.168.100.7)
2297: 001757: *Jun 20 10:44:34.231: ISAKMP: Unlocking IKE struct 0x46B84EAC for isadb_mark_sa_deleted(), count 0
2298: 001758: *Jun 20 10:44:34.231: ISAKMP: Deleting peer node by peer_reap for 192.168.100.7: 46B84EAC
2299: 001759: *Jun 20 10:44:34.231: ISAKMP:(0:2:SW:1):deleting node -1385292352 error FALSE reason "IKE deleted"
2300: 001760: *Jun 20 10:44:34.231: ISAKMP:(0:2:SW:1):deleting node -123852857 error FALSE reason "IKE deleted"
2301: 001761: *Jun 20 10:44:34.231: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
2302: 001762: *Jun 20 10:44:34.231: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM5 New State = IKE_DEST_SA
2303:
2304: 001763: *Jun 20 10:44:34.235: IPSEC(key_engine): got a queue event with 1 kei messages
2305: 001764: *Jun 20 10:44:53.831: IPSEC(sa_request): ,
2306: (key eng. msg.) OUTBOUND local= 192.168.2.100, remote= 192.168.100.7,
2307: local_proxy= 10.0.0.0/255.255.255.0/0/0 (type=4),
2308: remote_proxy= 10.0.7.0/255.255.255.0/0/0 (type=4),
2309: protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),
2310: lifedur= 86400s and 4608000kb,
2311: spi= 0xEAA52046(3936690246), conn_id= 0, keysize= 0, flags= 0x400A
2312: 001765: *Jun 20 10:44:53.831: ISAKMP: received ke message (1/1)
2313: 001766: *Jun 20 10:44:53.831: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)
2314: 001767: *Jun 20 10:44:53.831: ISAKMP: Created a peer struct for 192.168.100.7, peer port 500
2315: 001768: *Jun 20 10:44:53.831: ISAKMP: New peer created peer = 0x46B84EAC peer_handle = 0x80000013
2316: 001769: *Jun 20 10:44:53.831: ISAKMP: Locking peer struct 0x46B84EAC, IKE refcount 1 for isakmp_initiator
2317: 001770: *Jun 20 10:44:53.835: ISAKMP: local port 500, remote port 500
2318: 001771: *Jun 20 10:44:53.835: ISAKMP: set new node 0 to QM_IDLE
2319: 001772: *Jun 20 10:44:53.835: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 46E683C8
2320: 001773: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
2321: 001774: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.100.7 in default
2322: 001775: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0): : success
2323: 001776: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.100.7
2324: 001777: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
2325: 001778: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
2326: 001779: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
2327: 001780: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
2328: 001781: *Jun 20 10:44:53.835: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(??) on 20-Июн-08, 10:52 
