|
楼主 |
发表于 2010-5-16 23:28:33
|
显示全部楼层
回复 14# mdctmk
win2003端和winxp端的连接是自动协商的,同一家的东西就是好
我的实验结果是,在ROS3.20下面,不管设不设安全策略,nat 内的xp都连不上 ros
ros4.8下面,不设安全策略,ipsec 的1 2 阶段协商成功,但l2tp无法启动
May/16/2010 19:49:42 ipsec respond new phase 1 negotiation: 192.168.111.2[500]<=>192.168.111.1[61682]
May/16/2010 19:49:42 ipsec begin Identity Protection mode.
May/16/2010 19:49:42 ipsec received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
May/16/2010 19:49:42 ipsec received Vendor ID: FRAGMENTATION
May/16/2010 19:49:42 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
May/16/2010 19:49:42 ipsec
May/16/2010 19:49:42 ipsec ISAKMP-SA established 192.168.111.2[500]-192.168.111.1[61682] spi:a348f308c5350ce8:6b52c1972efd3ec2
May/16/2010 19:49:42 ipsec respond new phase 2 negotiation: 192.168.111.2[500]<=>192.168.111.1[61682]
May/16/2010 19:49:42 ipsec no policy found, try to generate the policy : 192.168.121.2/32[1701] 192.168.111.2/32[1701] proto=udp dir=in
May/16/2010 19:49:42 ipsec IPsec-SA established: ESP/Transport 192.168.111.1[0]->192.168.111.2[0] spi=201063362(0xbfbfbc2)
May/16/2010 19:49:42 ipsec IPsec-SA established: ESP/Transport 192.168.111.2[0]->192.168.111.1[0] spi=3491752769(0xd01feb41)
到这里就停了
设了安全策略,下面就是l2tp ppp部分了 |
|