本帖最后由 萌大爷 于 2016-4-8 11:42 编辑
对端juniper SRX3600-01
# show security ipsec
proposal ipsec-prop1 {
protocol esp;
authentication-algorithm hmac-md5-96;
encryption-algorithm 3des-cbc;
lifetime-seconds 28800;
}
policy ipsec-pol1 {
proposals ipsec-prop1;
}
vpn ipsec-vpn1 {
bind-interface st0.0;
ike {
gateway ike-gw1;
proxy-identity {
local 10.58.0.0/16;
remote 192.168.33.104/32;
service any;
}
ipsec-policy ipsec-pol1;
}
establish-tunnels immediately;
}
本端某公司vpn2050 单臂
好像没什么参数不对,和3DES的模式有关吗,juniper设了3des-cbc,我们这边是啥,cbc还是ecb?
客户由于野蛮模式第一阶段建立不了,所以用了主模式,和这个有关吗? |