gabyrossi,
he añadido las policy route, en las dos VPN, tanto la interface mode como la normal, pero la conexión se cae igualmente:
equipo A
internal1 -> VPN_ZZZ_2 -> 192.168.10.0/255.255.255.0 -> 192.168.5.0/255.255.255.0 -> 1-65535 (protocol:6,gateway:0.0.0.0)
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> 10.10.1.0/255.255.255.0 -> 1-65535 (protocol:6,gateway:xx.xx.xx.xx)
equipo B (interface mode)
internal1 -> VPN_YYY_2 -> 192.168.5.0/255.255.255.0 -> 192.168.10.0/255.255.255.0 -> 1-65535 (protocol:6,gateway:0.0.0.0)
equipo C
internal -> wan2 -> 10.10.1.0/255.255.255.0 -> 192.168.10.0/255.255.255.0 -> 1-65535 (protocol:6,gateway:xx.xx.xx.xx)
por otra parte, vellito,
mientras hay conexión me sale todo el rato la misma repetción:
ike 0:VPN_ZZZ_2:69: notify msg received: R-U-THERE
mientras genero el log, no se me ha caído nunca la conexión... y no he podido ver que pasa...
pero si que en un momento concreto hace lo siguiente:
ike 0:VPN_ZZZ_2:69: notify msg received: R-U-THERE-ACK
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA 8453ca49/4cbe02da rekey 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: using existing connection
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: config found
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 negotiating
ike 0:VPN_ZZZ_2:69: cookie a740e10c71b1e35b/997ef961f067b9da:caa54322
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: initiator selectors 0 0:0.0.0.0/0.0.0.0:0:0->0:0.0.0.0/0.0.0.0:0:0
ike 0:VPN_ZZZ_2:69: enc A740E10C71B1E35B997EF961F067B9DA08102001CAA543220000016001000018A57A987AD359063989FABBBFA2545076E2213F060A000034000000010000000100000028010304014CBE02DB0000001C010300008001000180020708800400018005000280030005040000140A27EEBE39F747F2AA3F6544B8A1D33F050000C4E8BB9D429AB957C62D8EF9F8472B5EF5BFDF5EBFBD8C003DEB2FC04D0F350BFE8C49E2A70676A9E248AB7F02CF13276F2A60520C7171DF86DF5407E856DF6D1719AB001A1D60C22B8A8B89A582CE4744E6EF57426EE9F4EC824CFE29220780204F1D615C65AE0ADB75A1C99E900F3161F4C07C8E32D8CD22249B2E66C6241D884ED384BC07E3235B7805A207B495D32EA74C75BE62817F72FF721B0085082F2502C3DB5385E73D06E3A7A9AB48E943A5B2EF0721161B35F4315D1012DD3DF9CA0500001004000000000000000000000000000010040000000000000000000000
ike 0:VPN_ZZZ_2:69: out A740E10C71B1E35B997EF961F067B9DA08102001CAA54322000001645281D7E5462353C90D5182C80053E5EC90730F8D41B3E62386D7D4483D26A82D4E272981CFE08CFDA0A19320B6938E764B1766EC53C56BC5466E0EA63A1C17218CFAADC5073387FBBB07717F1C2E22ED7CF772AF649FD98C2295A7D2E466B9FFD190D9F771B4681C9C2BEBEB43688E374A4976E27DEAFB82CD075AC9976062796AAC937DF2BAAA89E626926640772873DEE3446A44D44ED8DF73EF15105D9CBB46E14609DF4AB6EBEF3A5BFFEE194281C42223D4E0E25A43A2E0DAB9791F50C6F00C2A93CD4EFBD08890CFE6795010A741933F8CE05F514BAA76CD61FDB7E12DC59D542DEDBFA6691E3C06D5AB4527ADC632CD5A3B141D4E3FB713AEB56D7FE75AF8F70F1142BA5FC1EC387501AA363867A7760D04B3BF29A5D512D0BA40E983FFFC9E0176AA861B8809CDC462A452424861190A7271E93D17531EDB089F30789DAD2A7D5DBF2C34
ike 0:VPN_ZZZ_2:69: sent IKE msg (quick_i1send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=356, id=a740e10c71b1e35b/997ef961f067b9da:caa54322
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Quick id=a740e10c71b1e35b/997ef961f067b9da:caa54322 len=356
ike 0: in A740E10C71B1E35B997EF961F067B9DA08102001CAA543220000016487C5904C1C576F1FAE61B0A7AA3023E92896F9074449F96C3135DA69138C7BCA22FE23326AF93735DF148CAA09FAC879732155DD6AC03CC65D63A0FB7E84EFF25E228FD76A5CED533706B03483BB026551F3DD623BCB04E6B92A7018E8F4BDF92C59E47993BBDD0A96A863335E9CF1B6FDD4DDE1C388F6D1731695F7C180F5D0A5E07A8A860BA4F612A0B4E889EECEB472206B64311B692481482F7CB69A563226BEE34F6E0417385D7C8EED7BF29FA47CEBD893A7A29752B2678113FAC653CDD8DE3ADAA65DED23B1C66443ACED4BA799736619152388BD88D060670C9113FAF21DB3F501D7C8A05A33897315B87F44BF8581FE6BBEF4728B80A4FF2C3BFB5EAFE81133F722F418CECEB78719522F555AB24806DE53E2A1E5977CB3A7FD5F0339594D25F7D32E591A55C86CCA3A04E7CCC9073360FE936C350EDE27ED106E7639C3E9F6D165735B
ike 0:VPN_ZZZ_2:69: dec A740E10C71B1E35B997EF961F067B9DA08102001CAA543220000016401000018FD573A5E79709D8E2A9911E674AE9239582BBF620A000034000000010000000100000028010304018453CA4B0000001C0103000080010001800207088004000180050002800300050400001488E5C7D5C4806AC22FCE569A80E4E79F050000C4307CCD73721140D9280B24C0D71FC8CF71ABE2A19868E29676EE59ED94D43474A70D5DF3DE692790E17BF06A007A977B7A9768D707ECD2FE4EEF72D9B927B2DD7C7D4EE1A98A1B3AE3CBC9880F30D32D5F7F7C7A18E39C53BBA073A94EB1B285666CE90A894CB55F46F07AA9D2D7A22055445DD83C7C3AE7C7FC6CC52D538F5562E773783F77884A0FEE0736033B3592B4480A0A080CE57E88EED8B36EE638BD2ACEC35400F1B125D3AFEAE6767DE11B2E9E771A22FDC0B4CE05A1C1D9C11239050000100400000000000000000000000000001004000000000000000000000058691D03
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: responder selectors 0:0.0.0.0/0.0.0.0:0->0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: my proposal:
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: proposal id = 1:
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: PFS DH group = 5
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: incoming proposal:
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: proposal id = 1:
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: PFS DH group = 5
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:69: enc A740E10C71B1E35B997EF961F067B9DA08102001CAA543220000003400000018DFC9C4296ABFF28F46D35D8A60A58CFF718E2B0C
ike 0:VPN_ZZZ_2:69: out A740E10C71B1E35B997EF961F067B9DA08102001CAA543220000003C350A5C14F0A87E4E5908F5A2B6F4B4142D0B42236B3E351C4D6DD6592991A15A
ike 0:VPN_ZZZ_2:69: sent IKE msg (quick_i2send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=60, id=a740e10c71b1e35b/997ef961f067b9da:caa54322
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: replay protection enabled
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: SA life soft seconds=1750.
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: SA life hard seconds=1800.
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: IPsec SA selectors #src=1 #dst=1
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: src 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: dst 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: add IPsec SA: SPIs=4cbe02db/8453ca4b
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: IPsec SA dec spi 4cbe02db key 24:14D9005489DFECE28966380646207D328E945EAB49F335CC auth 20:0C4E4A88B1272D069FAD73CDD71FD21722F0E12F
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: IPsec SA enc spi 8453ca4b key 24:825047406555EE7822DBF9994DBCB278FC4EFDC8D1AE1B73 auth 20:AFC47A94281E3193256C66D1FB3BDAE6E76CF9CB
ike 0:VPN_ZZZ_2:69:TUNNEL_ZZZ_2:227059: added IPsec SA: SPIs=4cbe02db/8453ca4b
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=159b8
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=159b9
ike 0:VPN_ZZZ_2:69: send IKEv1 DPD probe, seqno 88505
ike 0:VPN_ZZZ_2:69: enc A740E10C71B1E35B997EF961F067B9DA0810050104CB3E17000000540B00001832E1C4911CF4830C76D47066D9CAD8357C827B81000000200000000101108D28A740E10C71B1E35B997EF961F067B9DA000159B9
ike 0:VPN_ZZZ_2:69: out A740E10C71B1E35B997EF961F067B9DA0810050104CB3E170000005CDF83933B62568080A2983FA07B271795555C324D70BCB275AD03157651B8F1FBCAFAE9730CCA1026276E92A859DA42C505E28C1C42E1F48F8F1FD749445E9799
ike 0:VPN_ZZZ_2:69: sent IKE msg (R-U-THERE): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=92, id=a740e10c71b1e35b/997ef961f067b9da:04cb3e17
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Informational id=a740e10c71b1e35b/997ef961f067b9da:906fd5a9 len=92
ike 0: in A740E10C71B1E35B997EF961F067B9DA08100501906FD5A90000005CDC480C1C651A90EC0604EC3698E0320512BCFA55F7E7072E016906529DA8123885E68F0359D97D0889D0EA320A58AAB669B93FD1FC3747369F00455B254C9C66
ike 0:VPN_ZZZ_2:69: dec A740E10C71B1E35B997EF961F067B9DA08100501906FD5A90000005C0B000018999FEAA7014F9B749E39289A085B407CB6EC1103000000200000000101108D28A740E10C71B1E35B997EF961F067B9DA0001945FE649043C24DE7A07
ike 0:VPN_ZZZ_2:69: notify msg received: R-U-THERE
fallo VPN desde actualizacion a MR3
Re: fallo VPN desde actualizacion a MR3
diag debug enable
diag debug flow show console enable
diag debug flow filter saddr "ip" //coloca la ip de origen de donde se realizara el ping
diag debug flow filter daddr "ip" // coloca la ip de destino del equipo que tiene que llegar
diag debug flow trace start "numero"
a simple vista tiene bien configurara la vpn segun los log, prueba con los comando de arriba, quiza sea error de policita.
lo otro si te parece, me conecto por teamviewer a tu pc y yo te digo lo que tienes que hacer... eso es si estas totalmente desesperado.
prueba lo otro, vierifica el tiempo de vida que tienen las vpn y ojala que no este activado la vpn tranversal (esa se ocupa si tienes un equipo haciendo nat frente de ella.
saludos.
diag debug flow show console enable
diag debug flow filter saddr "ip" //coloca la ip de origen de donde se realizara el ping
diag debug flow filter daddr "ip" // coloca la ip de destino del equipo que tiene que llegar
diag debug flow trace start "numero"
a simple vista tiene bien configurara la vpn segun los log, prueba con los comando de arriba, quiza sea error de policita.
lo otro si te parece, me conecto por teamviewer a tu pc y yo te digo lo que tienes que hacer... eso es si estas totalmente desesperado.
prueba lo otro, vierifica el tiempo de vida que tienen las vpn y ojala que no este activado la vpn tranversal (esa se ocupa si tienes un equipo haciendo nat frente de ella.
saludos.