求一个SRX210的 Dyncamic VPN配置
求一个SRX210的 Dyncamic VPN配置我配置完用,在外网用pluse secure不能连接,用windowsz自带的VPN连接出现如下LOG,也不明白哪里有问题
Oct 23 10:14:07 kmd: IKE Phase-1: (Responder) Policy lookup failed
Oct 23 10:14:07 kmd: IKE negotiation failed with error: No proposal chosen. IKE Version: 2, VPN: Not-Available Gateway: Not-Available, Local: 221.216.141.18/500, Remote: 123.113.110.42/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0
Oct 23 10:14:07 kmd: KMD_VPN_PV_PHASE1: IKE Phase-1 Failure: No proposal chosen
Oct 23 10:14:09 kmd: IKE Phase-1: (Responder) Policy lookup failed
Oct 23 10:14:09 kmd: IKE negotiation failed with error: No proposal chosen. IKE Version: 2, VPN: Not-Available Gateway: Not-Available, Local: 221.216.141.18/500, Remote: 123.113.110.42/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0
Oct 23 10:14:09 kmd: KMD_VPN_PV_PHASE1: IKE Phase-1 Failure: No proposal chosen
Oct 23 10:14:12 kmd: IKE Phase-1: (Responder) Policy lookup failed
Oct 23 10:14:12 kmd: IKE negotiation failed with error: No proposal chosen. IKE Version: 2, VPN: Not-Available Gateway: Not-Available, Local: 221.216.141.18/500, Remote: 123.113.110.42/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0
Oct 23 10:14:12 kmd: KMD_VPN_PV_PHASE1: IKE Phase-1 Failure: No proposal chosen
Oct 23 10:15:00 /usr/sbin/cron: (root) CMD (newsyslog)
Oct 23 10:15:00 /usr/sbin/cron: (root) CMD ( /usr/libexec/atrun)
Oct 23 10:15:38 mgd: UI_CMDLINE_READ_LINE: User 'root', command 'show log messages | no-more
我的目的就是在外面可以VNP到家里,家里和外面的是动态IP,并且家里公网IP封了80和8080 SRX是PPPOE,external-interface用pp0.0也没错啊
set security ike gateway DVPN-vpn external-interface pp0.0 本帖最后由 motiti 于 2017-10-24 12:52 编辑
只是我的配置
root# show | compare rollback 1
+ ike {
+ policy DVPN-vpn {
+ mode aggressive;
+ proposal-set compatible;
+ pre-shared-key ascii-text "$9$81Yx-woJDmfzYgfz36u0LxN"; ## SECRET-DATA
+ }
+ gateway DVPN-vpn {
+ ike-policy DVPN-vpn;
+ dynamic {
+ hostname dynvpn;
+ connections-limit 50;
+ ike-user-type group-ike-id;
+ }
+ external-interface pp0.0;
+ xauth access-profile dyn-profile;
+ }
+ }
+ ipsec {
+ policy DVPN-vpn {
+ proposal-set standard;
+ }
+ vpn DVPN-vpn {
+ ike {
+ gateway DVPN-vpn;
+ ipsec-policy DVPN-vpn;
+ }
+ }
+ }
+ dynamic-vpn {
+ access-profile dyn-profile;
+ clients {
+ dyn-vpn {
+ remote-protected-resources {
+ 192.168.1.0/24;
+ }
+ ipsec-vpn DVPN-vpn;
+ user {
+ vpn1;
+ }
+ }
+ }
+ }
policy 100 { ... }
+ policy dyn-vpn {
+ match {
+ source-address any;
+ destination-address any;
+ application any;
+ }
+ then {
+ permit {
+ tunnel {
+ ipsec-vpn DVPN-vpn;
+ }
+ }
+ }
+ }
all { ... }
+ https;
+ http;
+ ike;
+ ping;
+access {
+ profile dyn-profile {
+ client vpn1 {
+ firewall-user {
+ password "$9$lNXvxdVwgUjqY2"; ## SECRET-DATA
+ }
+ }
+ address-assignment {
+ pool dyn-ip-pool;
+ }
+ }
+ address-assignment {
+ pool dyn-ip-pool {
+ family inet {
+ network 192.168.1.0/24;
+ range 10to100 {
+ low 192.168.1.3;
+ high 192.168.1.3;
+ }
+ }
+ }
+ }
+ firewall-authentication {
+ web-authentication {
+ default-profile dyn-profile;
+ }
+ }
+}
web-management {
http {
interface vlan.1;
}
https {
system-generated-certificate;
interface [ pp0.0 vlan.1 ]; 现在出现这个Pulse Secure告警,不是用HTTPS吗,怎么发HTTP请求?公网被封了80了
Wait 连接错误
发送初始 HTTP 请求失败。 (错误:1453)
网络错误可能是由一些临时情况(如无效的 URL 或服务器不可用等)所导致。请重新尝试此操作。请重启系统,然后重新尝试此操作。如果问题仍然存在,请联系网络管理员。
我的这边这个月原来配置好的,一直用的好好,九月底就用不了,拨号死活连接不上,重新配置一样,不知道怎么回事 我这边拨号也是出现这种错误,九月份的时候还用的好好的,九月十几号后就连接不上了,外网一直无法请求到数据 ,感觉是不是HTTPS这个443端口也封了 motiti 发表于 2017-10-24 18:55
现在出现这个Pulse Secure告警,不是用HTTPS吗,怎么发HTTP请求?公网被封了80了
我这边九月底就出现这个问题,原先好好的。感觉80 443这些端口封了的感觉
页:
[1]