AI 助理
备案控制台
开发者社区> 问答> 正文

阿里云VPN网关与IDC网关连接失败

阿里云VPN网关与IDC网关连接第一阶段协商未成功。帮我分析一下,谢了。
1、阿里云VPN网关配置
{
  "LocalSubnet": "10.116.0.0/16",
  "RemoteSubnet": "172.17.0.0/16",
  "IpsecConfig": {
    "IpsecPfs": "group2",
    "IpsecEncAlg": "aes",
    "IpsecAuthAlg": "md5",
    "IpsecLifetime": 86400
  },
  "Local": "xxx.xxx.xxx.xxx",
  "Remote": "yyy.yyy.yyy.yyy",
  "IkeConfig": {
    "IkeAuthAlg": "md5",
    "LocalId": "xxx.xxx.xxx.xxx",
    "IkeEncAlg": "aes",
    "IkeVersion": "ikev1",
    "IkeMode": "main",
    "IkeLifetime": 86400,
    "RemoteId": "yyy.yyy.yyy.yyy",
    "Psk": "kyglbd82eb8hgcnp",
    "IkePfs": "group2"
  }
}
2、IDC网关(思科路由器)配置如下:
crypto isakmp policy 100 
 encryption aes
 hash md5
 authentication pre-share      
 group 2
 lifetime 86400
!
crypto isakmp key kyglbd82eb8hgcnp address yyy.yyy.yyy.yyy
!
crypto ipsec transform-set AliVPN esp-aes esp-md5-hmac
!
crypto map clientmap 100 ipsec-isakmp
 set peer yyy.yyy.yyy.yyy 
 set security-association lifetime seconds 86400
 set transform-set AliVPN
 set pfs group2
 match address AliVPN-ACL
ip access-list extended AliVPN-ACL
 permit ip 10.116.0.0 0.0.255.255 172.17.0.0 0.0.255.255

3、日志如下
2018-09-21 17:28:35 14[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 5 of request message ID 0, seq 3
2018-09-21 17:28:35 14[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:28:54 14[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending keep alive to xxx.xxx.xxx.xxx[4500]
2018-09-21 17:29:14 11[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending keep alive to xxx.xxx.xxx.xxx[4500]
2018-09-21 17:29:34 14[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending keep alive to xxx.xxx.xxx.xxx[4500]
2018-09-21 17:29:50 11[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> giving up after 5 retransmits
2018-09-21 17:29:50 11[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> peer not responding, trying again (2/3)
2018-09-21 17:29:50 11[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> initiating Main Mode IKE_SA vco-2zecu5qsefdknk9a9zmdf[48] to xxx.xxx.xxx.xxx
2018-09-21 17:29:50 11[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> generating ID_PROT request 0 [ SA V V V V V ]
2018-09-21 17:29:50 11[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[500] to xxx.xxx.xxx.xxx[500] (224 bytes)
2018-09-21 17:29:50 06[NET] <vco-2zecu5qsefdknk9a9zmdf|48> received packet: from xxx.xxx.xxx.xxx[500] to 172.17.1.16[500] (108 bytes)
2018-09-21 17:29:50 06[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> parsed ID_PROT response 0 [ SA V ]
2018-09-21 17:29:50 06[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received NAT-T (RFC 3947) vendor ID
2018-09-21 17:29:50 06[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2018-09-21 17:29:50 06[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
2018-09-21 17:29:50 12[NET] <vco-2zecu5qsefdknk9a9zmdf|48> received packet: from xxx.xxx.xxx.xxx[500] to 172.17.1.16[500] (296 bytes)
2018-09-21 17:29:50 12[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
2018-09-21 17:29:50 12[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received Cisco Unity vendor ID
2018-09-21 17:29:50 12[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received DPD vendor ID
2018-09-21 17:29:50 12[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> received unknown vendor ID: b8:fd:13:8e:3a:7e:00:53:2b:f3:b5:af:dd:41:48:bd
2018-09-21 17:29:50 12[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received XAuth vendor ID
2018-09-21 17:29:50 12[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> generating ID_PROT request 0 [ ID HASH ]
2018-09-21 17:29:50 12[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:29:54 11[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 1 of request message ID 0, seq 3
2018-09-21 17:29:54 11[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:30:02 06[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 2 of request message ID 0, seq 3
2018-09-21 17:30:02 06[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:30:15 14[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 3 of request message ID 0, seq 3
2018-09-21 17:30:15 14[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:30:38 12[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 4 of request message ID 0, seq 3
2018-09-21 17:30:38 12[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:31:20 07[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 5 of request message ID 0, seq 3
2018-09-21 17:31:20 07[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:32:36 07[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> giving up after 5 retransmits
2018-09-21 17:32:36 07[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> peer not responding, trying again (3/3)
2018-09-21 17:32:36 07[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> initiating Main Mode IKE_SA vco-2zecu5qsefdknk9a9zmdf[48] to xxx.xxx.xxx.xxx
2018-09-21 17:32:36 07[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> generating ID_PROT request 0 [ SA V V V V V ]
2018-09-21 17:32:36 07[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[500] to xxx.xxx.xxx.xxx[500] (224 bytes)
2018-09-21 17:32:36 08[NET] <vco-2zecu5qsefdknk9a9zmdf|48> received packet: from xxx.xxx.xxx.xxx[500] to 172.17.1.16[500] (108 bytes)
2018-09-21 17:32:36 08[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> parsed ID_PROT response 0 [ SA V ]
2018-09-21 17:32:36 08[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received NAT-T (RFC 3947) vendor ID
2018-09-21 17:32:36 08[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2018-09-21 17:32:36 08[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
2018-09-21 17:32:36 10[NET] <vco-2zecu5qsefdknk9a9zmdf|48> received packet: from xxx.xxx.xxx.xxx[500] to 172.17.1.16[500] (296 bytes)
2018-09-21 17:32:36 10[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
2018-09-21 17:32:36 10[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received Cisco Unity vendor ID
2018-09-21 17:32:36 10[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received DPD vendor ID
2018-09-21 17:32:36 10[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> received unknown vendor ID: b8:fd:13:8e:a6:71:2c:2b:1e:9b:c2:48:94:54:2b:13
2018-09-21 17:32:36 10[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> received XAuth vendor ID
2018-09-21 17:32:36 10[ENC] <vco-2zecu5qsefdknk9a9zmdf|48> generating ID_PROT request 0 [ ID HASH ]
2018-09-21 17:32:36 10[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:32:40 11[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 1 of request message ID 0, seq 3
2018-09-21 17:32:40 11[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:32:47 10[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 2 of request message ID 0, seq 3
2018-09-21 17:32:47 10[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:33:00 06[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 3 of request message ID 0, seq 3
2018-09-21 17:33:00 06[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:33:23 07[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 4 of request message ID 0, seq 3
2018-09-21 17:33:23 07[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:34:05 10[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> sending retransmit 5 of request message ID 0, seq 3
2018-09-21 17:34:05 10[NET] <vco-2zecu5qsefdknk9a9zmdf|48> sending packet: from 172.17.1.16[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
2018-09-21 17:35:21 12[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> giving up after 5 retransmits
2018-09-21 17:35:21 12[IKE] <vco-2zecu5qsefdknk9a9zmdf|48> establishing IKE_SA failed, peer not responding

以上

展开
收起
1747835884016656 2018-09-21 18:03:41 2868 0
0 条回答
写回答
取消 提交回答
问答分类:
网络安全 网络虚拟化 图形学 网络架构 专有网络VPC VPN网关 日志服务 NAT网关
问答标签:
阿里云网关 VPN网关连接 网关阿里云 VPN网关网关 vpn idc网关
问答地址:
开发者社区 > 人工智能 > 问答

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

相关问答
配置本地IDC客户端到strongSwan网关的路由时出现“网络不可达”错误是什么原因?
33
0
0
如何在配置IPsec-VPN连接时设置本地IDC客户端到本地网关设备以及反向的路由?
23
0
0
如何配置本地IDC客户端到strongSwan网关的路由?
43
0
0
如何在strongSwan网关上配置到本地IDC客户端的路由?
118
8
0
可以使用阿里云NAT网关的SNAT功能实现多台服务器共享一个公网IP访问互联网?
49
1
0
如何使用VPN访问阿里云NAS?
108
1
0
查看阿里云VPN网关的公网地址?
21
0
0
如何使共享API网关实例与您的私有VPC通过阿里云内网通信?
38
0
0
微服务引擎MSE网关访问域名一直重定向如何排查
46
1
0
微服务引擎MSE云原生网关返回502
54
1
0
问答排行榜
最热
最新
1 【大咖问答】对话PostgreSQL 中国社区发起人之一,阿里云数据库高级专家 德哥 1819059
2 据说在家办公的程序员是这样写代码的? 1793212
3 阿里云开放端口权限 690311
4 如何升级配置 536309
5 【藏经阁一起读(27)】本周推荐《Apache Flink案例集(2022版)》,你有哪些心得? 522877
6 【精品问答】python技术1000问(1) 514141
7 Flink Forward Asia 2021 有奖问答 512921
8 OceanBase 使用动画(持续更新) 359386
9 阿里云LNAMP(Linux + Nginx + Apache + MySQL + PHP)环境一键安装脚本 329807
10 OSS存储服务-客户端工具 321605
11 为体验实验室取一个新名字。 307494
12 企业邮箱发送邮件时,若出现投递失败产生退信,内容提示包含如下: the mta server of * reply:550 failed to meet SPF requirements 或者 the mta server of 163.com — 163mx01.mxmail.netease.com(220.181.14.141) reply:550 MI:SPF mx14,QMCowECpA0qTiftVaeB3Cg—.872S2 1442548128 http://mail.163.com/help 304110
13 Win Server 2003-2016 加密勒索事件必打补丁合集 295338
14 FLASH播放器,在IE浏览器下显示请确定您的域名已完成备案和CNAME绑定 284223
15 安全组详解,新手必看教程 277351
16 写code还是做管理,开发者如何进行职业规划? 269202
17 惊喜翻倍:免费ECS+免费环境配置~!(ECS免费体验6个月活动3月31日结束) 255886
18 阿里云手机和阿云浏览器连接问题专帖 235697
19 支付宝H5 下载的时候,提示 【请确保该下载文件来源安全,如需浏览,请长按网址复制后使用浏览器访问】 229269
20 请问阿里云邮箱如何开启SMTP服务啊! 225879
1 AI 编码助手能否引领编程革命?一起探索 AI 对研发流程的变革 261
2 AI新茶饮,是噱头还是未来? 654
3 开发者们需要如何打造属于自己的Plan B? 343
4 动机VS自律,对开发者们来说哪个比较重要? 455
5 AI音色克隆挑战播客,它能模拟人的特质吗? 977
6 阿里云RDS mysql数据库show slave status信息疑问 347
7 求助:宜搭如何在请求数据源时传入参数 101
8 宜搭报表对日期字段赋值 243
9 求助:如何在宜搭自定义表单中获取普通表单子表单中的数据 167
10 AI生成海报or人工手绘,哪个更戳你? 2174
11 “AI +脱口秀”,笑点能靠算法去创造吗? 1053
12 宜搭配置更新花名册信息的连接器 229
13 请教:通过按钮打开另外一个表单,并把其中一个值传递给另一个表单的其中一个字段。 435
14 AI宠物更适合当代年轻人的陪伴需求吗? 1389
15 AI客服未来会完全代替人工吗? 1744
16 modelscope下载 的模型 如何转ollama 437
17 关于宜搭自定义页面循环数据渲染的问题。 110
18 “云+AI”能够孵化出多少可能? 1262
19 当AI频繁生成虚假信息,我们还能轻信大模型吗? 1197
20 使用免费证书后 服务器浏览器访问没有问题,外网访问 显示证书不可信,使用同一种浏览器哦 439

相关课程

更多
  • 使用Higress AI网关优化AI调用成本
    204
    1
    去学习
  • 从概念、部署到优化,Kubernetes Ingress 网关的落地实践
    233
    1
    去学习
    • 推荐问答
    乘风问答官招募中!机械键盘免费拿

    相关文章

  • EV代码签名证书怎么申请?
  • 云服务诊断评测
  • 代理IP助力下的AI厨电新纪元
  • 多域名 SSL 证书是什么? 多域名 SSL 证书申请流程
  • Siemens NX何时支持GPU光线追踪与图形加速?

    • 相关电子书

    更多
    • 阿里云容器 AHAS Sentinel 网关流控揭秘 立即下载
    阿里Tengine网关最佳实践 立即下载
    《MSE 微服务网关》 立即下载

    相关实验场景

    更多
  • 通过HTTPS加速网关快速部署网站加密
    183
    1.0小时
    去实验
  • 通过云拨测对指定服务器进行Ping/DNS监测
    1038
    1.0小时
    去实验