【求助】netscreen 25防火墙的vpn连接问题(分不够绝对一直加)
我做了一个25的VPN,目的是想从外部的上网用户可以通过25 的VPN安全的联入到公司的网络。
我按照找到的配置例子配置了ns25,配置的选项有:
interface、policy->untrust--trunst、vpn->atuokey ike、vpn->atuokey advanced gateway、user->local、user->group
客户端软件使用的是:netscreen remote
也安装配置例子进行了相应的配置
结果是:
vpn建立不起来,在ns25的log文件里发现如下错误提示:
Rejected an IKE packet on ethernet3 from 172.28.118.13:500 to 172.28.118.52:500 with cookies cc7b69737cd23735 and 0000000000000000 because an initial Phase 1 packet arrived from an unrecognized peer gateway.
请教各位高手,这是什么原因?如何解决?
我是按照下面连接中的例子进行配置的:
http://bits2005.bokee.com/5280919.html
我的拨号用户的IP为192.168.1.0的网段,公司内部网络也是192.168.1.0的网段,配置完后,Netscreen Romote的拨号客户机连外部网都上不了,更别提连到公司的网络了,Romote日志显示为以下内容:
18:50:58.906
18:50:58.906 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:50:58.921 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:51:14.578 My Connections\dialup - message not received! Retransmitting!
18:51:14.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:22.734
18:51:29.578 My Connections\dialup - message not received! Retransmitting!
18:51:29.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:44.578 My Connections\dialup - message not received! Retransmitting!
18:51:44.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:51:44.734
18:51:59.578 My Connections\dialup - Exceeded 3 IKE SA negotiation attempts
18:51:59.734
18:51:59.750 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:51:59.781 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:52:15.578 My Connections\dialup - message not received! Retransmitting!
18:52:15.578 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:52:22.750
18:52:30.593 My Connections\dialup - message not received! Retransmitting!
18:52:30.593 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:52:44.750
18:52:45.593 My Connections\dialup - message not received! Retransmitting!
18:52:45.593 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:58:34.718
18:58:34.734 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
18:58:34.781 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
18:58:50.640 My Connections\dialup - message not received! Retransmitting!
18:58:50.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:00.625
18:59:05.640 My Connections\dialup - message not received! Retransmitting!
18:59:05.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:20.640 My Connections\dialup - message not received! Retransmitting!
18:59:20.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
18:59:23.937
18:59:35.640 My Connections\dialup - Exceeded 3 IKE SA negotiation attempts
19:00:31.515
19:00:31.531 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
19:00:31.546 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
19:00:46.640 My Connections\dialup - message not received! Retransmitting!
19:00:46.640 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
19:07:32.328
19:07:32.343 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
19:07:32.390 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
19:07:47.671 My Connections\dialup - message not received! Retransmitting!
19:07:47.671 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
19:08:02.671 My Connections\dialup - message not received! Retransmitting!
19:08:02.671 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
19:08:17.671 My Connections\dialup - message not received! Retransmitting!
19:08:17.671 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
19:08:32.671 My Connections\dialup - Exceeded 3 IKE SA negotiation attempts
19:08:56.515
19:08:56.531 My Connections\dialup - Initiating IKE Phase 1 (IP ADDR=218.204.216.10)
19:08:56.562 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID, VID)
19:09:11.687 My Connections\dialup - message not received! Retransmitting!
19:09:11.687 My Connections\dialup - SENDING>>>> ISAKMP OAK AG (Retransmission)
哪位大哥大姐帮忙,先帮忙解决安装了Netscreen Romote软件后不能访问外网的问题,再帮忙解决无法连到公司VPN的问题,谢谢,分不够可一直加!
[解决办法]
It seems look like you post a right question to wrong place.
There is the Windows forum, so, you should try other place.
Good luck.
[解决办法]
我在一台03的肉鸡上测试你的问题 结果给丢了 唉 这两天这么倒霉
你的第一个问题(解决安装了Netscreen Romote软件后不能访问外网的问题)
建立了VPN后路由表中的这条路优先了 这条路的metric比较小 所以走这条路
以我测试为例 原来的IP为192.168.8.3 网关为192.168.8.2 建立了VPN后分的IP为192.168.1.224 网关192.168.1.224
上面的可用route print看到
建立VPN后不能上网,因为路由表中有两条路由到0.0.0.0 mask 0.0.0.0 的路由 网关分别为 192.168.8.2和 192.168.1.224
但网关为192.168.1.224的metric比较小 所以不走原来的路了
解决方法
route change 0.0.0.0 mask 0.0.0.0 192.168.1.224 metric 88
运行这条命令后默认路由的网关就是192.168.1.224了 就是VPN那个了 metric是88
再添加一条新的 route -p add 0.0.0.0 mask 0.0.0.0 192.168.8.2 metric 1
这条路比较近 都走这了
到现在拨了VPN也能上网了 至于别的问题没办法 没你那环境 你给我个VPN号 帮你测试
[解决办法]
我用的是SoftEther,很好用。
[解决办法]
以后需再关注,现在先帮你顶一下
