我正在尝试在 Cisco ASA 上设置 IPSec 隧道。在 Google 上的路由中,我可以看到只有 172.0.99.0/24 和 172.0.100.0/24 应通过此隧道路由。
谷歌似乎要求所有交通路线都通过这条隧道
Cisco 日志:
%ASA-7-715047: Group = 35.234.136.243, IP = 35.234.136.243, processing hash payload
%ASA-7-715047: Group = 35.234.136.243, IP = 35.234.136.243, processing SA payload
%ASA-7-715047: Group = 35.234.136.243, IP = 35.234.136.243, processing nonce payload
%ASA-7-715047: Group = 35.234.136.243, IP = 35.234.136.243, processing ke payload
%ASA-7-713906: Group = 35.234.136.243, IP = 35.234.136.243, processing ISA_KE for PFS in phase 2
%ASA-7-715047: Group = 35.234.136.243, IP = 35.234.136.243, processing ID payload
%ASA-7-714011: Group = 35.234.136.243, IP = 35.234.136.243, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
%ASA-7-713035: Group = 35.234.136.243, IP = 35.234.136.243, Received remote IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
%ASA-7-715047: Group = 35.234.136.243, IP = 35.234.136.243, processing ID payload
%ASA-7-714011: Group = 35.234.136.243, IP = 35.234.136.243, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
%ASA-7-713034: Group = 35.234.136.243, IP = 35.234.136.243, Received local IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
%ASA-7-713906: Group = 35.234.136.243, IP = 35.234.136.243, QM IsRekeyed old sa not found by addr
%ASA-7-713221: Group = 35.234.136.243, IP = 35.234.136.243, Static Crypto Map check, checking map = outside_map, seq = 1...
%ASA-7-713222: Group = 35.234.136.243, IP = 35.234.136.243, Static Crypto Map check, map = outside_map, seq = 1, ACL does not match proxy IDs src:0.0.0.0 dst:0.0.0.0
%6.243, processing ID payload
%ASA-7-714011: Group = 35.234.136.243, IP = 35.234.136.243, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
google 日志显示连接已建立,然后当 Quickmode 建立时,Cisco 发送删除。