fortigate 跟juniper 协商失败,debug提示 no suitable ISAKMP SA 是哪个配置有问题?

ike 0:to-srx: schedule auto-negotiate
ike 0:to-srx:to-srx: IPsec SA connect 2 60.0.130.253->60.0.130.50:0
ike 0:to-srx:to-srx: config found
ike 0:to-srx: created connection: 0x452bc40 2 60.0.130.253->60.0.130.50:500.
ike 0:to-srx: IPsec SA connect 2 60.0.130.253->60.0.130.50:500 negotiating
**ike 0:to-srx: no suitable ISAKMP SA, queuing quick-mode request and initiating ISAKMP SA negotiation**
ike 0:to-srx:1619: initiator: main mode is sending 1st message...
ike 0:to-srx:1619: cookie 5415ea993e1589bb/0000000000000000
ike 0:to-srx:1619: out 5415EA993E1589BB00000000000000000110020000000000000001040D000034000000010000000100000028010100010000002001010000800B0001800C7080800100018003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000148299031757A36082C6A621DE00050E18
ike 0:to-srx:1619: sent IKE msg (ident_i1send): 60.0.130.253:500->60.0.130.50:500, len=260, id=5415ea993e1589bb/0000000000000000
ike 0:to-srx:to-srx: IPsec SA connect 2 60.0.130.253->60.0.130.50:0
ike 0:to-srx:to-srx: using existing connection
ike 0:to-srx:to-srx: config found
ike 0:to-srx: request is on the queue
ike 0:to-srx:1619: out 5415EA993E1589BB00000000000000000110020000000000000001040D000034000000010000000100000028010100010000002001010000800B0001800C7080800100018003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000148299031757A36082C6A621DE00050E18
ike 0:to-srx:1619: sent IKE msg (P1_RETRANSMIT): 60.0.130.253:500->60.0.130.50:500, len=260, id=5415ea993e1589bb/0000000000000000
ike 0:to-srx:to-srx: IPsec SA connect 2 60.0.130.253->60.0.130.50:0
ike 0:to-srx:to-srx: using existing connection
ike 0:to-srx:to-srx: config found
ike 0:to-srx: request is on the queue
ike 0:to-srx:to-srx: IPsec SA connect 2 60.0.130.253->60.0.130.50:0
ike 0:to-srx:to-srx: using existing connection
ike 0:to-srx:to-srx: config found
ike 0:to-srx: request is on the queue
已邀请:

jony - XDF_ShiJie

赞同来自: bollytom

已解决,原因是对端ipsec outgoing interface配置错误

要回复问题请先登录注册