小弟的公司最近新買了一台Juniper ssg5 汰換
設定安裝後 其他都正常 內部user可以正常使用 有問題的是mail server
本來的mail server是直接接在ATU-R上 (IP:211.X.X.X)
要改接在Juniper SSG5 後面
但是我改了mail server的IP(內部IP:192.X.X.X)
也設定了NAT 卻都還是不通
請問要怎麼設定? 不知道是不是我設定錯了?
個人積分:2分
文章編號:10147742
個人積分:47分
文章編號:10148766
個人積分:0分
文章編號:10205712
個人積分:2分
文章編號:10206035
個人積分:797分
文章編號:12724664
使用 Juniper SSG-5 單純設定 client 端 連到 公司VPN
就是一直連不進去, 相關log 如下, 請高手幫忙幫忙..
6-20: 20:21:51.833 My Connections\VPN_Client - Initiating IKE Phase 1 (IP ADDR=220.134.x.xx)
6-20: 20:21:52.073 My Connections\VPN_Client - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
6-20: 20:21:52.193 My Connections\VPN_Client - RECEIVED<<< ISAKMP OAK AG (SA, VID 3x, KE, NON, ID, HASH, VID, NAT-D 2x)
6-20: 20:21:52.193 My Connections\VPN_Client - Peer supports Dead Peer Detection Version 1.0
6-20: 20:21:52.193 My Connections\VPN_Client - Dead Peer Detection enabled
6-20: 20:21:52.193 My Connections\VPN_Client - Peer is NAT-T draft-02 capable
6-20: 20:21:52.193 My Connections\VPN_Client - Dead Peer Detection enabled
6-20: 20:21:52.193 My Connections\VPN_Client - NAT is detected for Client
6-20: 20:21:52.193 My Connections\VPN_Client - Floating to IKE non-500 port
6-20: 20:21:52.314 My Connections\VPN_Client - SENDING>>>> ISAKMP OAK AG *(HASH, NAT-D 2x, NOTIFY:STATUS_REPLAY_STATUS, NOTIFY:STATUS_INITIAL_CONTACT)
6-20: 20:21:52.314 My Connections\VPN_Client - Established IKE SA
6-20: 20:21:52.314 My Connections\VPN_Client - MY COOKIE 42 e7 cb 8d 38 5a 26 be
6-20: 20:21:52.314 My Connections\VPN_Client - HIS COOKIE 27 6e b6 1 95 ee 8c 40
6-20: 20:21:52.384 My Connections\VPN_Client - Initiating IKE Phase 2 with Client IDs (message id: 25B073A4)
6-20: 20:21:52.384 My Connections\VPN_Client - Initiator = IP ADDR=192.168.0.103, prot = 0 port = 0
6-20: 20:21:52.384 My Connections\VPN_Client - Responder = IP ADDR=220.134.x.xxx, prot = 0 port = 0
6-20: 20:21:52.384 My Connections\VPN_Client - SENDING>>>> ISAKMP OAK QM *(HASH, SA, NON, ID 2x)
6-20: 20:22:07.736 My Connections\VPN_Client - QM re-keying timed out. Retry count: 1
6-20: 20:22:07.736 My Connections\VPN_Client - SENDING>>>> ISAKMP OAK QM *(Retransmission)
6-20: 20:22:22.757 My Connections\VPN_Client - QM re-keying timed out. Retry count: 2
6-20: 20:22:22.757 My Connections\VPN_Client - SENDING>>>> ISAKMP OAK QM *(Retransmission)
6-20: 20:22:37.779 My Connections\VPN_Client - QM re-keying timed out. Retry count: 3
6-20: 20:22:37.779 My Connections\VPN_Client - SENDING>>>> ISAKMP OAK QM *(Retransmission)
6-20: 20:22:52.851 My Connections\VPN_Client - Exceeded 3 attempts (message id: 25B073A4)
6-20: 20:22:52.851 My Connections\VPN_Client - Disconnecting IKE SA negotiation
6-20: 20:22:52.861 My Connections\VPN_Client - Deleting IKE SA (IP ADDR=220.134.x.xxx)
6-20: 20:22:52.861 My Connections\VPN_Client - MY COOKIE 42 e7 cb 8d 38 5a 26 be
6-20: 20:22:52.861 My Connections\VPN_Client - HIS COOKIE 27 6e b6 1 95 ee 8c 40
6-20: 20:22:52.861 My Connections\VPN_Client - SENDING>>>> ISAKMP OAK INFO *(HASH, DEL)
傑瑞的旅遊日記
www.gotoplay.tw
GotoPlay Happy together
