VPNが成功した時の確認
ssg5-serial-> get ike cookies
IKEv1 SA — Active: 0, Dead: 0, Total 1
80520f/0002, 10.0.0.2:500->10.0.0.1:500, PRESHR/grp2/3DES/SHA, xchg(2) (Gateway_SSGXT/grp-1/usr-1)
resent-tmr 39 lifetime 28800 lt-recv 28800 nxt_rekey 28771 cert-expire 0
responder, err cnt 7, send dir 0, cond 0x0
nat-traversal map not available
ike heartbeat : disabled
ike heartbeat last rcv time: 0
ike heartbeat last snd time: 0
XAUTH status: 0
DPD seq local 0, peer 0
p2_tasks:
task_type = 0x3
p2 sa id = 0x2 (index 0x0)
app_sa_flags = 0x25000e0
p2 spi = 0x0
IKEv2 SA — Active: 0, Dead: 0, Total 0
ssg5-serial-> get sa
total configured sa: 1
HEX ID Gateway Port Algorithm SPI Life:sec kb Sta PID vsys
00000002< 10.0.0.2 500 esp:3des/sha1 20b7afdc 2640 unlim I/I 14 0
00000002> 10.0.0.2 500 esp:3des/sha1 b5ad367b 2640 unlim I/I 15 0
s
ssg5-serial-> get session
alloc 4/max 8064, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 8060
id 8053/s**,vsys 0,flag 00000040/0080/0021,policy 320002,time 3, dip 0 module 0
if 0(nspflag 880601):10.0.0.2/500->10.0.0.1/500,17,0010db779351,sess token 4,vlan 0,tun 0,vsd 0,route 1
if 3(nspflag 2082010):10.0.0.2/500<-10.0.0.1/500,17,000000000000,sess token 5,vlan 0,tun 0,vsd 0,route 0
Total 1 sessions shown
Preshared keyが一致しない
Rejected an IKE packet on untrust from 10.0.0.1:500 to 10.0.0.2:500 with cookies 9770a1313ef82394 and 4797e8469d206579 because Phase 1 negotiations failed. (The preshared keys might not match.).
Phase-1 proposalが一致しない場合
013-09-02 20:11:44 system info 00536 Rejected an IKE packet on ethernet0/0
from 10.0.0.2:500 to 10.0.0.1:500 with
cookies d7f4387fe29225fc and
c3dfe849099afe5c because There were no
acceptable Phase 1 proposals.