|
Help
Есть сеть офиса с сервером (Win2003, AD, DNS, DHCP) и маршрутизатором DI-808HV fw1.44
внутренняя сеть:
20.20.1.0
255.0.0.0
Настройки DI-808HV:
WAN
Static IP Address
75.ххх.ххх.ххх
255.255.255.0
75.ххх.ххх.1
MTU 1500
WAN Keep-alive - Enabled
Change the TTL value - Enabled
Auto-backup - Disabled
LAN
IP Address 20.20.1.3
Subnet Mask 255.255.255.0
DHCP Server - Disabled
VPN
Local Subnet 20.20.1.0
Local Netmask 255.0.0.0
Remote Subnet 20.20.2.0
Remote Netmask 255.0.0.0
Remote Gateway 10.0.0.43
_______________________________________________________
Есть удаленный офис с маршрутизатором DI-808HV fw1.44
20.20.2.0
255.0.0.0
Настройки DI-808HV:
WAN
Static IP Address
10.0.0.43
255.255.248.0
10.0.0.1
MTU 1500
WAN Keep-alive - Enabled
Change the TTL value - Enabled
Auto-backup - Disabled
LAN
IP Address 20.20.2.1
Subnet Mask 255.255.255.0
DHCP Server - Enabled
VPN
Local Subnet 20.20.2.0
Local Netmask 255.0.0.0
Remote Subnet 20.20.1.0
Remote Netmask 255.0.0.0
Remote Gateway 75.ххх.ххх.ххх
____________________________________________________________
вобоих маршрутизаторах добавлены статические маршруты:
20.20.2.0 255.0.0.0 10.0.0.43
75.xxx.xxx.0 255.255.255.0 75.xxx.xxx.1
10.0.0.0 255.255.248.0 10.0.0.1
20.20.1.0 255.0.0.0 75.xxx.xxx.xxx
Тунель IPSec установлен, а вот из одной сети другую невидно
Вот лог маршрутизатора:
Sunday October 14, 2007 13:10:38 Restarted by 20.20.1.53
Sunday October 14, 2007 13:10:59 Send IKE M1(INIT) : 75.ххх.ххх.ххх --> 10.0.0.43
Sunday October 14, 2007 13:10:59 Receive IKE M2(RESP) : 10.0.0.43 --> 75.ххх.ххх.ххх
Sunday October 14, 2007 13:10:59 Try to match with ENC:3DES AUTH:PSK HASH:MD5 Group:Group1
Sunday October 14, 2007 13:10:59 Send IKE M3(KEYINIT) : 75.ххх.ххх.ххх --> 10.0.0.43
Sunday October 14, 2007 13:10:59 Send IKE M3(KEYINIT) : 75.ххх.ххх.ххх --> 10.0.0.43
Sunday October 14, 2007 13:10:59 Receive IKE M4(KEYRESP) : 10.0.0.43 --> 75.ххх.ххх.ххх
Sunday October 14, 2007 13:10:59 Send IKE M5(IDINIT) : 75.ххх.ххх.ххх --> 10.0.0.43
Sunday October 14, 2007 13:10:59 Receive IKE M6(IDRESP) : 10.0.0.43 --> 75.ххх.ххх.ххх
Sunday October 14, 2007 13:10:59 IKE Phase1 (ISAKMP SA) established : 10.0.0.43 <-> 75.ххх.ххх.ххх
Sunday October 14, 2007 13:10:59 Send IKE Q1(QINIT) : 20.20.1.0 --> 20.20.2.0
Sunday October 14, 2007 13:10:59 Receive IKE Q2(QRESP) : [20.20.2.0|10.0.0.43]-->[75.ххх.ххх.ххх |20.20.1.0]
Sunday October 14, 2007 13:10:59 Try to match ESP with MODE:Tunnel PROTOCAL:ESP-3DES AUTH:MD5 HASH:Others PFS(Group):Group1
Sunday October 14, 2007 13:10:59 Send IKE Q3(QHASH) : 20.20.1.0 --> 20.20.2.0
Sunday October 14, 2007 13:10:59 IKE Phase2 (IPSEC SA) established : [20.20.2.0|10.0.0.43]<->[75.ххх.ххх.ххх |20.20.1.0]
Sunday October 14, 2007 13:10:59 inbound SPI = 0x2000010, outbound SPI = 0x2000010
Последний раз редактировалось gyo Чт авг 30, 2007 12:13, всего редактировалось 2 раз(а).
|
Вход
Регистрация
FAQ
Поиск
