Перейти к содержимому
Калькуляторы

catalist

VIP
  • Публикации

    1355
  • Зарегистрирован

  • Посещение

7 подписчиков

О catalist

  • Звание
    Доцент
    Доцент

Контакты

  • Сайт
    Array
  • ICQ
    Array

Информация

  • Пол
    Array

Посетители профиля

7588 просмотров профиля
  1. sess_tcp=2000

    а что за телеграм-канал?
  2. MES3124 28-port 1G/10G Managed Switch В комплекте два БП, уши, провод питания Цена 35 тыс 30тыс, есть две штуки находится в челябинске, стояли в ЦОДе Отправлю любой ТК, можно по безналу но тогда +20% НДС
  3. думаете они по IP банят?
  4. не могу зайти из-за санкций (
  5. попробую поменять имена. поставил клиент cisco anyconnect с ним тоже не поднимается, но там дело в том что нужны сертификаты, а гайды в инете везде как по прешаред ключам подключать а anyconnect прешаред ключи не умеет падла.
  6. После ковыряний удалось продвинуться в вопросе, правда до след проблемы.Продвижение выразилось в том что создал новый VT интерфейс (на старом IP был прибит руками, на новом unnumbered), вот измениня: Но соединение все равно не устанавливается. interface Virtual-Template3 type tunnel ip unnumbered Loopback2 tunnel mode ipsec ipv4 tunnel protection ipsec profile VPN interface Loopback2 description IKEv2 source interface ip address 172.16.253.1 255.255.255.0 ip local pool VPN 172.16.253.11 172.16.253.50 crypto ikev2 authorization policy VPN pool VPN route set interface
  7. блин на айфоне нет никаких логов.... может ему не понравилось что IP адреса нет? 033040: Jan 31 18:21:40: IKEv2:Config data recieved: 033041: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Config-type: Config-request 033042: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-addr, length: 0 033043: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-netmask, length: 0 033044: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033045: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-dns, length: 0 033046: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv6-addr, length: 0 033047: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033048: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv6-dns, length: 0 033049: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0
  8. на телефоне iphone ) debug ikev2 включен но там везде пасс ASR-1001-OFFICE#sh debug General OS: AAA Authorization debugging is on IOSXE Conditional Debug Configs: Conditional Debug Global State: Stop Radius protocol debugging is on Radius packet protocol debugging is on Cryptographic Subsystem: Crypto ISAKMP debugging is on Crypto IPSEC debugging is on IKEV2: IKEv2 error debugging is on IKEv2 default debugging is on PKI: verbose debug output debugging is on вот полные логи: 032985: Jan 31 18:21:40: IKEv2:Received Packet [From xxxxxxxx:512/To yyyyyyyy:500/VRF i0:f0] Initiator SPI : 23A9F58A5DEE618E - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUEST Payload contents: SA KE N NOTIFY(REDIRECT_SUPPORTED) NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) 032986: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Verify SA init message 032987: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Insert SA 032988: Jan 31 18:21:40: IKEv2:Searching Policy with fvrf 0, local address yyyyyyyy 032989: Jan 31 18:21:40: IKEv2:Found Policy 'VPN' 032990: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Processing IKE_SA_INIT message 032991: Jan 31 18:21:40: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) 032992: Jan 31 18:21:40: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): NONE 032993: Jan 31 18:21:40: IKEv2:Failed to retrieve Certificate Issuer list 032994: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 032995: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Request queued for computation of DH key 032996: Jan 31 18:21:40: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED 032997: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 032998: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Request queued for computation of DH secret 032999: Jan 31 18:21:40: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED 033000: Jan 31 18:21:40: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA 033001: Jan 31 18:21:40: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED 033002: Jan 31 18:21:40: IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch 033003: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Generating IKE_SA_INIT message 033004: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA256 SHA256 DH_GROUP_2048_MODP/Group 14 033005: Jan 31 18:21:40: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) 033006: Jan 31 18:21:40: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): NONE 033007: Jan 31 18:21:40: IKEv2:Failed to retrieve Certificate Issuer list 033008: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Sending Packet [To xxxxxxxx:512/From yyyyyyyy:500/VRF i0:f0] Initiator SPI : 23A9F58A5DEE618E - Responder SPI : 2F530865CE1CF8B6 Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Payload contents: SA KE N VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) 033009: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Completed SA init exchange 033010: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Starting timer (30 sec) to wait for auth message 033011: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Received Packet [From xxxxxxxx:5079/To yyyyyyyy:500/VRF i0:f0] Initiator SPI : 23A9F58A5DEE618E - Responder SPI : 2F530865CE1CF8B6 Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: IDi NOTIFY(INITIAL_CONTACT) IDr AUTH CFG NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) SA TSi TSr NOTIFY(Unknown - 16396) 033012: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Stopping timer to wait for auth message 033013: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Checking NAT discovery 033014: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):NAT OUTSIDE found 033015: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):NAT detected float to init port 5079, resp port 4500 033016: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Searching policy based on peer's identity 'aaaaa@bbbb.ru' of type 'RFC822 address' 033017: Jan 31 18:21:40: IKEv2:found matching IKEv2 profile 'VPN' 033018: Jan 31 18:21:40: ISAKMP: (0):peer matches VPN profile 033019: Jan 31 18:21:40: IKEv2:% Getting preshared key from profile keyring VPN 033020: Jan 31 18:21:40: IKEv2:% Matched peer block 'all' 033021: Jan 31 18:21:40: IKEv2:Searching Policy with fvrf 0, local address yyyyyyyy 033022: Jan 31 18:21:40: IKEv2:Found Policy 'VPN' 033023: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Verify peer's policy 033024: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Peer's policy verified 033025: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Get peer's authentication method 033026: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Peer's authentication method is 'PSK' 033027: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Get peer's preshared key for aaaaa@bbbb.ru 033028: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Verify peer's authentication data 033029: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Use preshared key for id aaaaa@bbbb.ru, key len 10 033030: Jan 31 18:21:40: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data 033031: Jan 31 18:21:40: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED 033032: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Verification of peer's authenctication data PASSED 033033: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Processing INITIAL_CONTACT 033034: Jan 31 18:21:40: IKEv2:Using mlist IKEv2 and username VPN for group author request 033035: Jan 31 18:21:40: AAA/BIND(00000575): Bind i/f 033036: Jan 31 18:21:40: AAA/AUTHOR (0x575): Pick method list 'IKEv2' 033037: Jan 31 18:21:40: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authorisation request sent 033038: Jan 31 18:21:40: IKEv2:(SA ID = 1):[AAA -> IKEv2] Received AAA authorisation response 033039: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Received valid config mode data 033040: Jan 31 18:21:40: IKEv2:Config data recieved: 033041: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Config-type: Config-request 033042: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-addr, length: 0 033043: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-netmask, length: 0 033044: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033045: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-dns, length: 0 033046: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv6-addr, length: 0 033047: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033048: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv6-dns, length: 0 033049: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033050: Jan 31 18:21:40: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req 033051: Jan 31 18:21:40: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req 033052: Jan 31 18:21:40: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req 033053: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Set received config mode data 033054: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Processing IKE_AUTH message 033055: Jan 31 18:21:40: IKEv2:% DVTI create request sent for profile VPN with PSH index 1. 033056: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1): 033057: Jan 31 18:21:40: IPSEC(key_engine): got a queue event with 1 KMI message(s) 033058: Jan 31 18:21:40: Cannot find crypto swsb : in crypto_ipsec_notify_isakmp_delete (), 604 033059: Jan 31 18:21:40: Cannot find crypto swsb : in crypto_ipsec_notify_isakmp_delete (), 604 033060: Jan 31 18:21:40: ISAKMP-ERROR: (0):ignoring request to send delete notify (no ISAKMP sa) src yyyyyyyy dst xxxxxxxx for SPI 0x0 033061: Jan 31 18:21:41: IKEv2-ERROR:: Negotiation context locked currently in use 033062: Jan 31 18:21:43: IKEv2-ERROR:: Negotiation context locked currently in use 033064: Jan 31 18:21:47: IKEv2-ERROR:: Negotiation context locked currently in use 033065: Jan 31 18:21:55: IKEv2-ERROR:: Negotiation context locked currently in use 033079: Jan 31 18:22:05: IKEv2:(SESSION ID = 326,SA ID = 1):Verification of peer's authentication data FAILED 033080: Jan 31 18:22:05: IKEv2:(SESSION ID = 326,SA ID = 1):Sending authentication failure notify 033081: Jan 31 18:22:05: IKEv2:(SESSION ID = 326,SA ID = 1):Building packet for encryption. Payload contents: NOTIFY(AUTHENTICATION_FAILED) 033082: Jan 31 18:22:05: IKEv2:(SESSION ID = 326,SA ID = 1):Sending Packet [To xxxxxxxx:5079/From yyyyyyyy:4500/VRF i0:f0] Initiator SPI : 23A9F58A5DEE618E - Responder SPI : 2F530865CE1CF8B6 Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR 033083: Jan 31 18:22:05: IKEv2:(SESSION ID = 326,SA ID = 1):Auth exchange failed 033084: Jan 31 18:22:05: IKEv2-ERROR:(SESSION ID = 326,SA ID = 1):: Auth exchange failed 033085: Jan 31 18:22:05: IKEv2:(SESSION ID = 326,SA ID = 1):Abort exchange 033086: Jan 31 18:22:05: IKEv2:(SESSION ID = 326,SA ID = 1):Deleting SA С компа завтра попробую
  9. Добрый день! Есть цыска ASR-1000 Ктонибудь настраивал на цыске IKEv2? Пытаюсь подключиться с телефона, такое чувство что не получается адрес выдать, но это не точно. aaa authorization network IKEv2 local crypto ikev2 authorization policy VPN pool L2TP route set interface ! crypto ikev2 proposal VPN encryption aes-cbc-256 integrity sha256 sha1 md5 sha384 sha512 group 14 ! crypto ikev2 policy VPN match address local xxxxxxxxxxxx proposal VPN ! crypto ikev2 keyring VPN peer all identity email test@test.ru pre-shared-key yyyyyyyyy ! ! ! crypto ikev2 profile VPN match identity remote email test@test.ru identity local dn authentication local pre-share authentication remote pre-share keyring local VPN aaa authorization group psk list IKEv2 VPN virtual-template 1 mode auto ip local pool L2TP 172.16.252.11 172.16.252.50 interface Virtual-Template1 description FOR L2TP VPN ip address 172.16.252.1 255.255.255.0 ip nat inside no logging event link-status peer default ip address pool L2TP no snmp trap link-status keepalive 5 ppp authentication ms-chap-v2 ppp ipcp dns 10.0.0.60 В конце логов вот такое: 033036: Jan 31 18:21:40: AAA/AUTHOR (0x575): Pick method list 'IKEv2' 033037: Jan 31 18:21:40: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authorisation request sent 033038: Jan 31 18:21:40: IKEv2:(SA ID = 1):[AAA -> IKEv2] Received AAA authorisation response 033039: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Received valid config mode data 033040: Jan 31 18:21:40: IKEv2:Config data recieved: 033041: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Config-type: Config-request 033042: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-addr, length: 0 033043: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-netmask, length: 0 033044: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033045: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv4-dns, length: 0 033046: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv6-addr, length: 0 033047: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033048: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: ipv6-dns, length: 0 033049: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Attrib type: unknown, length: 0 033050: Jan 31 18:21:40: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req 033051: Jan 31 18:21:40: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req 033052: Jan 31 18:21:40: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req 033053: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Set received config mode data 033054: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1):Processing IKE_AUTH message 033055: Jan 31 18:21:40: IKEv2:% DVTI create request sent for profile VPN with PSH index 1. 033056: Jan 31 18:21:40: IKEv2:(SESSION ID = 326,SA ID = 1): 033057: Jan 31 18:21:40: IPSEC(key_engine): got a queue event with 1 KMI message(s) 033058: Jan 31 18:21:40: Cannot find crypto swsb : in crypto_ipsec_notify_isakmp_delete (), 604 033059: Jan 31 18:21:40: Cannot find crypto swsb : in crypto_ipsec_notify_isakmp_delete (), 604 033060: Jan 31 18:21:40: ISAKMP-ERROR: (0):ignoring request to send delete notify (no ISAKMP sa) src xxxxxxxxx dst yyyyyyyyyyy for SPI 0x0 033061: Jan 31 18:21:41: IKEv2-ERROR:: Negotiation context locked currently in use 033062: Jan 31 18:21:43: IKEv2-ERROR:: Negotiation context locked currently in use И че ей надо не понятно, ошибки не гуглсятся.