Здравствуйте!
Задача настроить ipsec тунель между DFL-260E и Mikrotik RB1100AHx4.
Выполнил первоначальные настройки для каждого устройства: шифрование на обоих устройствах 3des sh1.
На DFL создал туннель, прописал правила для хождения трафика между сетями.
Но результат отрицательный. Использовал в работе пару мануалов найденных в сети:
https://sanotes.ru/vpn-ipsec-mikrotik-dfl-860e/http://zaraev.blogspot.com/2014/04/mikr ... -260e.htmlВот что вижу в логах DFL:
2018-12-22
19:56:50
Info
IPSEC
1802023 ike_sa_statistics
done=32 success=1 failed=31
2018-12-22
19:56:50
Warning
IPSEC
1802022 ike_sa_failed
no_ike_sa
statusmsg="Invalid syntax" reason="" local_peer="176.192.xx.xx:500 ID (null)" remote_peer="176.114.xx.xx:500 ID (null)" spi_i=0x8a73cd21c8655405 spi_r=0x25c5350b25bbf9a0 initiator=FALSE
2018-12-22
19:56:50
Warning
IPSEC
1800106 ike_invalid_payload
local_ip=176.192.xx.xx remote_ip=176.114.xx.xx cookies=0x8a73cd21c865540525c5350b25bbf9a0 reason="Invalid payload type in encrypted payload chain, possibly because of different pre-shared keys"
2018-12-22
19:56:30
Warning
IPSEC
1800106 ike_invalid_payload
local_ip=176.192.xx.xx remote_ip=176.114.xx.xx cookies=0x1278b120aeae9b8ab6dfe64f080ad101 reason="IKE_INVALID_COOKIE"
2018-12-22
19:56:28
Info
IPSEC
1800201 commit_succeeded
2018-12-22
19:56:28
Info
IPSEC
1800211 reconfig_IPsec
ipsec_reconfigured
2018-12-22
19:56:20
Warning
IPSEC
1800106 ike_invalid_payload
local_ip=176.192.xx.xx remote_ip=176.114.xx.xx cookies=0x1278b120aeae9b8ab6dfe64f080ad101 reason="IKE_INVALID_COOKIE"
2018-12-22
19:55:40
Info
IPSEC
1802023 ike_sa_statistics
done=31 success=1 failed=30
2018-12-22
19:55:40
Warning
IPSEC
1802022 ike_sa_failed
no_ike_sa
statusmsg="Invalid syntax" reason="" local_peer="176.192.xx.xx:500 ID (null)" remote_peer="176.114.xx.xx:500 ID (null)" spi_i=0x1278b120aeae9b8a spi_r=0xb6dfe64f080ad101 initiator=FALSE
2018-12-22
19:55:40
Warning
IPSEC
1800106 ike_invalid_payload
local_ip=176.192.xx.xx remote_ip=176.114.xx.xx cookies=0x1278b120aeae9b8ab6dfe64f080ad101 reason="Invalid payload type in encrypted payload chain, possibly because of different pre-shared keys"
2018-12-22
19:55:20
Warning
IPSEC
1800106 ike_invalid_payload
local_ip=176.192.xx.xx remote_ip=176.114.xx.xx cookies=0xa0d0b95c11f97b47ad78b39741050a73 reason="IKE_INVALID_COOKIE"
2018-12-22
19:55:10
Warning
IPSEC
1800106 ike_invalid_payload
local_ip=176.192.xx.xx remote_ip=176.114.xx.xx cookies=0xa0d0b95c11f97b47ad78b39741050a73 reason="IKE_INVALID_COOKIE"
2018-12-22
19:54:30
Info
IPSEC
1802023 ike_sa_statistics
done=30 success=1 failed=29
2018-12-22
19:54:30
Warning
IPSEC
1802022 ike_sa_failed
no_ike_sa
statusmsg="Invalid syntax" reason="" local_peer="176.192.xx.xx:500 ID (null)" remote_peer="176.114.xx.xx:500 ID (null)" spi_i=0xa0d0b95c11f97b47 spi_r=0xad78b39741050a73 initiator=FALSE
2018-12-22
19:54:30
Warning
IPSEC
1800106 ike_invalid_payload
local_ip=176.192.xx.xx remote_ip=176.114.xx.xx cookies=0xa0d0b95c11f97b47ad78b39741050a73 reason="Invalid payload type in encrypted payload chain, possibly because of different pre-shared keys"
В Микротике в логах одно и тоже:
mikrotik phase 1 negotiation failed due to time up
Если есть каике то мысли -посоветуйте в какую сторону двигаться.