我在使用 NETGEAR ProSafe VPN 防火墙(型号 FVX538)时遇到了问题。
该系统设置为 IPSec VPN 隧道的一端,大多数时候运行良好。但是,每周有几天,它似乎会放弃并每隔几分钟就断开连接。这似乎与网络负载无关(尽管此特定盒子上的监控严重不足)。
对于这里可能发生的问题以及如何解决,您有什么建议吗?
以下是其中一个事件的日志摘录(IP 地址用 ** 替换):
2010 Jan 22 17:35:18 [FVX538] [IKE] Initiating new phase 2 negotiation: **[0]<=>**[0]_
2010 Jan 22 17:35:18 [FVX538] [IKE] The packet is retransmitted by **[500]._
2010 Jan 22 17:35:18 [FVX538] [IKE] the packet retransmitted in a short time from **[500]_
2010 Jan 22 17:35:19 [FVX538] [IKE] The packet is retransmitted by **[500]._
2010 Jan 22 17:35:25 [FVX538] [IKE] wrong state 8._
- Last output repeated 2 times -
2010 Jan 22 17:35:36 [FVX538] [IKE] attribute has been modified._
2010 Jan 22 17:35:47 [FVX538] [IKE] IPsec-SA established: ESP/Tunnel **->** with spi=86788277(0x52c48b5)_
2010 Jan 22 17:35:48 [FVX538] [IKE] The packet is retransmitted by **[500]._
2010 Jan 22 17:35:48 [FVX538] [IKE] IPsec-SA established: ESP/Tunnel **->** with spi=523825667(0x1f38f203)_
2010 Jan 22 17:35:49 [FVX538] [IKE] IPsec-SA established: ESP/Tunnel **->** with spi=57677960(0x3701888)_
2010 Jan 22 17:35:49 [FVX538] [IKE] IPsec-SA established: ESP/Tunnel **->** with spi=523825668(0x1f38f204)_
2010 Jan 22 17:35:51 [FVX538] [IKE] Sending Informational Exchange: delete payload[]_
2010 Jan 22 17:35:51 [FVX538] [IKE] an undead schedule has been deleted: 'pk_recvupdate'._
编辑:
另一端是企业级 Juniper 盒,我无法控制。在 Netear 盒上,我尝试的第一件事就是升级固件,但没有成功……
答案1
FVX538 的最佳处理方案是将其扔进垃圾箱。这样,您就不用花很多天去弄清楚它的设计者是来自月球的夜行啮齿动物。而且这是使用固件 3.0.6-29 时的情况。我不敢想象以前的固件是什么样的。