1. Уважаемые посетители форума! Прежде чем помещать в форум новое сообщение о возникшей у Вас проблеме, пожалуйста, поищите ее решение в ответах на часто задаваемые вопросы FAQ, или воспользуйтесь поиском по форуму.
  2. Форум не является системой моментального ответа на вопросы. Если Вам необходимо получить ответ на ваш вопрос в кратчайшие сроки - пожалуйста, позвоните в ближайший к Вам региональный офис D-Link.
faq обучение настройка
Текущее время: Пн авг 25, 2025 00:46

Сообщения без ответов | Активные темы


Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа




Начать новую тему Ответить на тему  Страница 1 из 1
  [ Сообщений: 3 ] 
  Предыдущая тема | Следующая тема 
Автор Сообщение
Lexxo
СообщениеДобавлено: Пт дек 17, 2010 15:23 
Не в сети

Зарегистрирован: Пт дек 17, 2010 14:49
Сообщений: 2
Настраивал IPSec туннель между 2 шлюзами под управление CentOS через racoon как написано вот тут - http://metalcandy.ru/how-to-forge-centos/369-centos-5-configuring-the-ipsec-tunnel туннель поднялся всё работает замечательно.
Далее надо настроить CentOS racoon IPSec туннель с DFL-210.
DFL-210 настраивал по аналогии с руководством http://www.dlink.ru/ru/faq/92/850.html, http://www.dlink.ru/ru/faq/92/520.html
Есть сервер на котором стоит racoon на CentOS с внешним адресом XX.XX.XX.XX в нём подсеть 192.168.9.0 шлюз подсети 192.168.9.54
Есть DFL-210 c внешним адресом YY.YY.YY.YY нём подсеть 192.168.0.0 шлюз подсети 192.168.0.54

Пингую машину в удаленной сети потом пингую внешний интерфейс сервера потом пингую шлюз сервера длее пингую DFL-210 c сервера
Скрытый текст: показать
login as: admin
admin@YY.YY.YY.YY's password:
Logged in as administrator - admin

DFL-210:/> ikesnoop -on -v

Ike snooping is active - verbose mode; snooping address *
DFL-210:/> killsa -all
Destroying all IPsec & IKE SAs for all remote peers.
DFL-210:/> ping 192.168.9.55
Sending 1 4-byte ICMP ping to 192.168.9.55 from 192.168.0.54
2010-12-17 14:35:19: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x9227ee40b2134b -> 0x00000000
Message ID : 0x00000000
Packet length : 636 bytes
# payloads : 10
Payloads:
SA (Security Association)
Payload data length : 424 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ISAKMP
SPI Size : 0
Transform 1/12
Transform ID : IKE
Encryption algorithm : Rijndael-cbc (aes)
Key length : 128
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 2/12
Transform ID : IKE
Encryption algorithm : Rijndael-cbc (aes)
Key length : 128
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 3/12
Transform ID : IKE
Encryption algorithm : 3DES-cbc
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 4/12
Transform ID : IKE
Encryption algorithm : 3DES-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 5/12
Transform ID : IKE
Encryption algorithm : DES-cbc
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 6/12
Transform ID : IKE
Encryption algorithm : DES-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 7/12
Transform ID : IKE
Encryption algorithm : Cast-cbc
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 8/12
Transform ID : IKE
Encryption algorithm : Cast-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 9/12
Transform ID : IKE
Encryption algorithm : Blowfish-cbc
Key length : 128
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 10/12
Transform ID : IKE
Encryption algorithm : Blowfish-cbc
Key length : 128
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 11/12
Transform ID : IKE
Encryption algorithm : Twofish-cbc
Key length : 128
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 12/12
Transform ID : IKE
Encryption algorithm : Twofish-cbc
Key length : 128
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 8f 9c c9 4e 01 24 8e cd f1 47 59 4c 28 4b 21 3b
Description : SSH Communications Security QuickSec 2.1.0
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0
Description : draft-stenberg-ipsec-nat-traversal-01
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd
Description : draft-stenberg-ipsec-nat-traversal-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
Description : draft-ietf-ipsec-nat-t-ike-00
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Description : draft-ietf-ipsec-nat-t-ike-03
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
Description : RFC 3947
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Description : draft-ietf-ipsec-dpd-00

2010-12-17 14:35:19: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x9227ee40b2134b -> 0xd4127edce89692e9
Message ID : 0x00000000
Packet length : 100 bytes
# payloads : 2
Payloads:
SA (Security Association)
Payload data length : 48 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ISAKMP
SPI Size : 0
Transform 1/1
Transform ID : IKE
Encryption algorithm : 3DES-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Description : draft-ietf-ipsec-dpd-00

2010-12-17 14:35:19: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x9227ee40b2134b -> 0xd4127edce89692e9
Message ID : 0x00000000
Packet length : 180 bytes
# payloads : 2
Payloads:
KE (Key Exchange)
Payload data length : 128 bytes
NONCE (Nonce)
Payload data length : 16 bytes

2010-12-17 14:35:20: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x9227ee40b2134b -> 0xd4127edce89692e9
Message ID : 0x00000000
Packet length : 180 bytes
# payloads : 2
Payloads:
KE (Key Exchange)
Payload data length : 128 bytes
NONCE (Nonce)
Payload data length : 16 bytes

2010-12-17 14:35:20: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x9227ee40b2134b -> 0xd4127edce89692e9
Message ID : 0x00000000
Packet length : 76 bytes
# payloads : 3
Payloads:
ID (Identification)
Payload data length : 8 bytes
ID : ipv4(any:0,[0..3]=YY.YY.YY.YY)
HASH (Hash)
Payload data length : 20 bytes
N (Notification)
Payload data length : 8 bytes
Protocol ID : ISAKMP
Notification : Initial contact

2010-12-17 14:35:20: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x9227ee40b2134b -> 0xd4127edce89692e9
Message ID : 0x00000000
Packet length : 64 bytes
# payloads : 2
Payloads:
ID (Identification)
Payload data length : 8 bytes
ID : ipv4(udp:500,[0..3]=XX.XX.XX.XX)
HASH (Hash)
Payload data length : 20 bytes

2010-12-17 14:35:20: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Quick mode
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x9227ee40b2134b -> 0xd4127edce89692e9
Message ID : 0x02886a1a
Packet length : 620 bytes
# payloads : 6
Payloads:
HASH (Hash)
Payload data length : 20 bytes
SA (Security Association)
Payload data length : 380 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ESP
SPI Size : 4
SPI Value : 0xbaf91e86
Transform 1/12
Transform ID : Rijndael (aes)
Key length : 128
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 2/12
Transform ID : Rijndael (aes)
Key length : 128
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 3/12
Transform ID : 3DES
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 4/12
Transform ID : 3DES
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 5/12
Transform ID : DES
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 6/12
Transform ID : DES
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 7/12
Transform ID : Cast
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 8/12
Transform ID : Cast
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 9/12
Transform ID : Blowfish
Key length : 128
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 10/12
Transform ID : Blowfish
Key length : 128
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 11/12
Transform ID : Twofish
Key length : 128
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 12/12
Transform ID : Twofish
Key length : 128
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
NONCE (Nonce)
Payload data length : 16 bytes
KE (Key Exchange)
Payload data length : 128 bytes
ID (Identification)
Payload data length : 12 bytes
ID : ipv4_subnet(any:0,[0..7]=192.168.0.0/24)
ID (Identification)
Payload data length : 12 bytes
ID : ipv4_subnet(any:0,[0..7]=192.168.9.0/24)

2010-12-17 14:35:20: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Informational
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x9227ee40b2134b -> 0xd4127edce89692e9
Message ID : 0xc70cb377
Packet length : 64 bytes
# payloads : 2
Payloads:
HASH (Hash)
Payload data length : 20 bytes
N (Notification)
Payload data length : 8 bytes
Protocol ID : ISAKMP
Notification : No proposal chosen

DFL-210:/>
Ping Results: Sent: 1, Received:0, Loss: 100%

DFL-210:/> ping XX.XX.XX.XX
Sending 1 4-byte ICMP ping to XX.XX.XX.XX from YY.YY.YY.YY
ICMP Reply from XX.XX.XX.XX seq=0 time= 50 ms TTL=44

Ping Results: Sent: 1, Received:1, Loss: 0%, Avg RTT: 50.0 ms

DFL-210:/> ping 192.168.9.54
Sending 1 4-byte ICMP ping to 192.168.9.54 from 192.168.0.54
2010-12-17 14:36:29: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x5f7059cb2d7c1eda -> 0x00000000
Message ID : 0x00000000
Packet length : 636 bytes
# payloads : 10
Payloads:
SA (Security Association)
Payload data length : 424 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ISAKMP
SPI Size : 0
Transform 1/12
Transform ID : IKE
Encryption algorithm : Rijndael-cbc (aes)
Key length : 128
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 2/12
Transform ID : IKE
Encryption algorithm : Rijndael-cbc (aes)
Key length : 128
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 3/12
Transform ID : IKE
Encryption algorithm : 3DES-cbc
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 4/12
Transform ID : IKE
Encryption algorithm : 3DES-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 5/12
Transform ID : IKE
Encryption algorithm : DES-cbc
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 6/12
Transform ID : IKE
Encryption algorithm : DES-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 7/12
Transform ID : IKE
Encryption algorithm : Cast-cbc
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 8/12
Transform ID : IKE
Encryption algorithm : Cast-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 9/12
Transform ID : IKE
Encryption algorithm : Blowfish-cbc
Key length : 128
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 10/12
Transform ID : IKE
Encryption algorithm : Blowfish-cbc
Key length : 128
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 11/12
Transform ID : IKE
Encryption algorithm : Twofish-cbc
Key length : 128
Hash algorithm : MD5
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
Transform 12/12
Transform ID : IKE
Encryption algorithm : Twofish-cbc
Key length : 128
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 8f 9c c9 4e 01 24 8e cd f1 47 59 4c 28 4b 21 3b
Description : SSH Communications Security QuickSec 2.1.0
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0
Description : draft-stenberg-ipsec-nat-traversal-01
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd
Description : draft-stenberg-ipsec-nat-traversal-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
Description : draft-ietf-ipsec-nat-t-ike-00
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Description : draft-ietf-ipsec-nat-t-ike-03
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
Description : RFC 3947
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Description : draft-ietf-ipsec-dpd-00

2010-12-17 14:36:29: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x5f7059cb2d7c1eda -> 0x9447a32c8d3cc8d2
Message ID : 0x00000000
Packet length : 100 bytes
# payloads : 2
Payloads:
SA (Security Association)
Payload data length : 48 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ISAKMP
SPI Size : 0
Transform 1/1
Transform ID : IKE
Encryption algorithm : 3DES-cbc
Hash algorithm : SHA
Authentication method : Pre-Shared Key
Group description : MODP 1024
Life type : Seconds
Life duration : 28800
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Description : draft-ietf-ipsec-dpd-00

2010-12-17 14:36:29: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x5f7059cb2d7c1eda -> 0x9447a32c8d3cc8d2
Message ID : 0x00000000
Packet length : 180 bytes
# payloads : 2
Payloads:
KE (Key Exchange)
Payload data length : 128 bytes
NONCE (Nonce)
Payload data length : 16 bytes

2010-12-17 14:36:29: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags :
Cookies : 0x5f7059cb2d7c1eda -> 0x9447a32c8d3cc8d2
Message ID : 0x00000000
Packet length : 180 bytes
# payloads : 2
Payloads:
KE (Key Exchange)
Payload data length : 128 bytes
NONCE (Nonce)
Payload data length : 16 bytes

2010-12-17 14:36:29: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x5f7059cb2d7c1eda -> 0x9447a32c8d3cc8d2
Message ID : 0x00000000
Packet length : 76 bytes
# payloads : 3
Payloads:
ID (Identification)
Payload data length : 8 bytes
ID : ipv4(any:0,[0..3]=YY.YY.YY.YY)
HASH (Hash)
Payload data length : 20 bytes
N (Notification)
Payload data length : 8 bytes
Protocol ID : ISAKMP
Notification : Initial contact

2010-12-17 14:36:29: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Identity Protection (main mode)
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x5f7059cb2d7c1eda -> 0x9447a32c8d3cc8d2
Message ID : 0x00000000
Packet length : 64 bytes
# payloads : 2
Payloads:
ID (Identification)
Payload data length : 8 bytes
ID : ipv4(udp:500,[0..3]=XX.XX.XX.XX)
HASH (Hash)
Payload data length : 20 bytes

2010-12-17 14:36:29: IkeSnoop: Sending IKE packet to XX.XX.XX.XX:500
Exchange type : Quick mode
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x5f7059cb2d7c1eda -> 0x9447a32c8d3cc8d2
Message ID : 0xb21e325c
Packet length : 620 bytes
# payloads : 6
Payloads:
HASH (Hash)
Payload data length : 20 bytes
SA (Security Association)
Payload data length : 380 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ESP
SPI Size : 4
SPI Value : 0x8f41fe8b
Transform 1/12
Transform ID : Rijndael (aes)
Key length : 128
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 2/12
Transform ID : Rijndael (aes)
Key length : 128
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 3/12
Transform ID : 3DES
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 4/12
Transform ID : 3DES
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 5/12
Transform ID : DES
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 6/12
Transform ID : DES
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 7/12
Transform ID : Cast
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 8/12
Transform ID : Cast
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 9/12
Transform ID : Blowfish
Key length : 128
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 10/12
Transform ID : Blowfish
Key length : 128
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 11/12
Transform ID : Twofish
Key length : 128
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
Transform 12/12
Transform ID : Twofish
Key length : 128
Authentication algorithm : HMAC-SHA-1
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
NONCE (Nonce)
Payload data length : 16 bytes
KE (Key Exchange)
Payload data length : 128 bytes
ID (Identification)
Payload data length : 12 bytes
ID : ipv4_subnet(any:0,[0..7]=192.168.0.0/24)
ID (Identification)
Payload data length : 12 bytes
ID : ipv4_subnet(any:0,[0..7]=192.168.9.0/24)

2010-12-17 14:36:30: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
Exchange type : Informational
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x5f7059cb2d7c1eda -> 0x9447a32c8d3cc8d2
Message ID : 0xaa432073
Packet length : 64 bytes
# payloads : 2
Payloads:
HASH (Hash)
Payload data length : 20 bytes
N (Notification)
Payload data length : 8 bytes
Protocol ID : ISAKMP
Notification : No proposal chosen


Ping Results: Sent: 1, Received:0, Loss: 100%

2010-12-17 14:37:18: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
2010-12-17 14:37:18: IkeSnoop: IKE packet belongs to unknown IKE SA
2010-12-17 14:37:28: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
2010-12-17 14:37:28: IkeSnoop: IKE packet belongs to unknown IKE SA
2010-12-17 14:37:38: IkeSnoop: Received IKE packet from XX.XX.XX.XX:500
2010-12-17 14:37:38: IkeSnoop: IKE packet belongs to unknown IKE SA

Вот что пишет логи на веб-интерфейсе при поднятие туннеля и пинга c сервера Racoon
Скрытый текст: показать
2010-12-17
15:09:18 Info IPSEC
1803021


ipsec_sa_statistics
done=4 success=0 failed=4
2010-12-17
15:09:18 Warning IPSEC
1800109


ike_quickmode_failed
local_ip=YY.YY.YY.YY remote_ip=XX.XX.XX.XX cookies=6a6d0b7b2ca875a25df3d64f44a6f88b reason="No proposal chosen"
2010-12-17
15:09:18 Warning IPSEC
1803020


ipsec_sa_failed
no_ipsec_sa
statusmsg="No proposal chosen"
2010-12-17
15:09:18 Info IPSEC
1800102


ipsec_event
message=" Remote Proxy ID 192.168.9.0/24 any"
2010-12-17
15:09:18 Info IPSEC
1800102


ipsec_event
message=" Local Proxy ID 192.168.0.0/24 any"
2010-12-17
15:09:18 Info IPSEC
1802703


ike_sa_negotiation_completed
ike_sa_completed
local_peer="YY.YY.YY.YY ID YY.YY.YY.YY" remote_peer="XX.XX.XX.XX ID XX.XX.XX.XX" initiator_spi="6a6d0b7b 2ca875a2" responder_spi="5df3d64f 44a6f88b" int_severity=6
2010-12-17
15:09:18 Info IPSEC
1800102


ipsec_event
message="IPsec SA [Responder] negotiation failed:"
2010-12-17
15:09:18 Warning IPSEC
1802717


ipsec_sa_selection_failed
no_ipsec_sa_selected
reason="Invalid proposal" int_severity=6
2010-12-17
15:09:18 Info IPSEC
1803054


failed_to_select_ipsec_sa
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message=" Remote Proxy ID 192.168.9.0/24 any"
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message=" Local Proxy ID 192.168.0.0/24 any"
2010-12-17
15:09:18 Info IPSEC
1802703


ike_sa_negotiation_completed
ike_sa_completed
local_peer="YY.YY.YY.YY ID YY.YY.YY.YY" remote_peer="XX.XX.XX.XX ID XX.XX.XX.XX" initiator_spi="6a6d0b7b 2ca875a2" responder_spi="5df3d64f 44a6f88b" int_severity=4
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message="IPsec SA [Responder] negotiation failed:"
2010-12-17
15:09:18 Warning IPSEC
1803053


failed_to_select_ipsec_proposal
sa_index=0
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message=" Remote Proxy ID 192.168.9.0/24 any"
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message=" Local Proxy ID 192.168.0.0/24 any"
2010-12-17
15:09:18 Info IPSEC
1802703


ike_sa_negotiation_completed
ike_sa_completed
local_peer="YY.YY.YY.YY ID YY.YY.YY.YY" remote_peer="XX.XX.XX.XX ID XX.XX.XX.XX" initiator_spi="6a6d0b7b 2ca875a2" responder_spi="5df3d64f 44a6f88b" int_severity=4
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message="IPsec SA [Responder] negotiation error:"
2010-12-17
15:09:18 Warning IPSEC
1803053


failed_to_select_ipsec_proposal
sa_index=0
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message=" Remote Proxy ID 192.168.9.0/24 any"
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message=" Local Proxy ID 192.168.0.0/24 any"
2010-12-17
15:09:18 Info IPSEC
1802703


ike_sa_negotiation_completed
ike_sa_completed
local_peer="YY.YY.YY.YY ID YY.YY.YY.YY" remote_peer="XX.XX.XX.XX ID XX.XX.XX.XX" initiator_spi="6a6d0b7b 2ca875a2" responder_spi="5df3d64f 44a6f88b" int_severity=4
2010-12-17
15:09:18 Warning IPSEC
1800102


ipsec_event
message="IPsec SA [Responder] negotiation error:"
2010-12-17
15:09:17 Info IPSEC
1802703


ike_sa_negotiation_completed
ike_sa_completed
local_peer="YY.YY.YY.YY ID YY.YY.YY.YY" remote_peer="XX.XX.XX.XX ID XX.XX.XX.XX" initiator_spi="6a6d0b7b 2ca875a2" responder_spi="5df3d64f 44a6f88b" int_severity=6
2010-12-17
15:09:17 Info IPSEC
1802024


ike_sa_negotiation_completed
options=Responder mode="Aggressive Mode" auth="Pre-shared keys" encryption=3des-cbc keysize= hash=sha1 dhgroup=2 bits=1024 lifetime=28800


Пингую с DFL-210 компьютер в подсети 192.168.9.55 на сервере racoon
Скрытый текст: показать
2010-12-17
15:17:49 Info IPSEC
1802708


ike_sa_destroyed
ike_sa_killed
ike_sa=" Initiator SPI ESP=0x6a6d0b7b, AH=0x2ca875a2, IPComp=0x5df3d64"
2010-12-17
15:17:49 Info IPSEC
1803021


ipsec_sa_statistics
done=5 success=0 failed=5
2010-12-17
15:17:49 Warning IPSEC
1800109


ike_quickmode_failed
local_ip=YY.YY.YY.YY remote_ip=XX.XX.XX.XX cookies=6a6d0b7b2ca875a25df3d64f44a6f88b reason="Aborted notification"
2010-12-17
15:17:49 Warning IPSEC
1803020


ipsec_sa_failed
no_ipsec_sa
statusmsg="Aborted notification"
2010-12-17
15:17:49 Info IPSEC
1800102


ipsec_event
message=" Remote Proxy ID 192.168.9.0/24 any"
2010-12-17
15:17:49 Info IPSEC
1800102


ipsec_event
message=" Local Proxy ID 192.168.0.0/24 any"
2010-12-17
15:17:49 Info IPSEC
1802703


ike_sa_negotiation_completed
ike_sa_completed
local_peer="YY.YY.YY.YY ID YY.YY.YY.YY" remote_peer="XX.XX.XX.XX ID XX.XX.XX.XX" initiator_spi="6a6d0b7b 2ca875a2" responder_spi="5df3d64f 44a6f88b" int_severity=6
2010-12-17
15:17:49 Info IPSEC
1800102


ipsec_event
message="IPsec SA [Initiator] negotiation failed:"


Помогите поднять этот туннель :(
Вернуться наверх
 Профиль  
 
danilovav
СообщениеДобавлено: Сб дек 18, 2010 08:15 
Не в сети

Зарегистрирован: Чт дек 07, 2006 15:42
Сообщений: 8502
Откуда: RareSoftware.ru
Проверяйте параметры IPsec. У вас, похоже, даже IKE не встает.
Если DFL совсем новый (2.27.00.15), то прошейте прошивкой с фтп (2.27.00.14) - появятся алгоритмы шифрования.

_________________
Хотите хороший девайс? D-Link DFL!

Хотите считать с него трафик?
http://www.raresoftware.ru/products/lan/dfltc

Изображение
Вернуться наверх
 Профиль  
 
Lexxo
СообщениеДобавлено: Пн дек 20, 2010 09:36 
Не в сети

Зарегистрирован: Пт дек 17, 2010 14:49
Сообщений: 2
то что IKE не встает это мне понятно, прошивка 2.27.00.14, есть ещё варианты ?
Вернуться наверх
 Профиль  
 
Показать сообщения за:  Сортировать по:  
Начать новую тему Ответить на тему  Страница 1 из 1
  [ Сообщений: 3 ] 

Список форумов » Маршрутизаторы и Firewall

Часовой пояс: UTC + 3 часа


Кто сейчас на форуме

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 56

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения

Найти:
Перейти:  
Создано на основе phpBB® Forum Software © phpBB Group
Русская поддержка phpBB