juniper SRX 与 Cisco 奇怪的 VPN 错误

juniper SRX 与 Cisco 奇怪的 VPN 错误

IKE 似乎失败了,我不知道为什么...这是 ike 日志:

Jun 13 10:38:28 No proposal selected in first phase for local=ipv4(any:0,[0..3]=X.X.X.X) remote=ipv4(udp:500,[0..3]=Y.Y.Y.Y)
Jun 13 10:38:32 Phase-1 negotiation failed with error Timeout for p1_local=ipv4(any:0,[0..3]=X.X.X.X) p1_remote=ipv4(udp:500,[0..3]=Y.Y.Y.Y)
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is 'draft-ietf-ipsec-nat-t-ike-02'
Jun 13 10:39:03 Not setting PMDATA_PEER_IS_OURS for Y.Y.Y.Y
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is 'draft-ietf-ipsec-nat-t-ike-03'
Jun 13 10:39:03 Not setting PMDATA_PEER_IS_OURS for Y.Y.Y.Y
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is '4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f'
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is '40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 c0 00 00 00'
Jun 13 10:39:03 No proposal selected in first phase for local=ipv4(any:0,[0..3]=X.X.X.X) remote=ipv4(udp:500,[0..3]=Y.Y.Y.Y)

我认为奇怪的是,有 2x“远程服务器位于”,这是正常的吗?

有什么建议么?

答案1

事实证明,我们需要使用 SHA-1,而不是 SHA-256

我会自己回答,以防有人遇到同样的神秘错误信息(或者我将来自己也会遇到)

相关内容