关于cisco和fortigate的ipsec vpn的连接失败

贴下配置 懂的帮忙看下 谢谢 我感觉问题可能出现在阶段1和阶段2上
飞塔100a
路由和策略都做了
 
cisco的配置
!         
crypto isakmp policy 1
 encr 3des
 hash md5 
 authentication pre-share
 group 2  
 lifetime 28800
crypto isakmp key seikorose address 116.236.121.203
!         
crypto ipsec security-association lifetime seconds 28800
!         
crypto ipsec transform-set vpntosj esp-3des esp-md5-hmac 
!         
crypto map new 1 ipsec-isakmp 
 set peer 116.236.121.203
 set transform-set vpntosj 
 match address 102
!         
!         
!         
!         
interface FastEthernet0/0
 ip address 116.193.49.230 255.255.255.224
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map new
!         
interface FastEthernet0/1
 ip address 172.16.30.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!         
ip classless
ip route 0.0.0.0 0.0.0.0 116.193.49.225
!         
!         
ip http server
no ip http secure-server
!         
access-list 102 permit ip 172.16.30.0 0.0.0.255 10.8.8.0 0.0.0.255
!         
!         
!  
QQ截图20151021170850.jpg QQ截图20151021170832.jpg
已邀请:

滕寄坤 - 曾经的飞塔代理工程师

赞同来自: kmliu

cisco  默认 pfs 关闭,飞塔阶段二的不要选PFS,并且飞塔要用接口模式

要回复问题请先登录注册