怎樣用DEBUG實現兩個路由器之間做LTL的VPN

　　導語：歡迎大家來到學習啦，本文為大帶來怎樣用DEBUG實現兩個路由器之間做LTL的VPN，歡迎大家閱讀借鑒。

　　r1#

　　r1#

　　r1#ping 192.168.20.1 source 192.168.10.1

　　Type escape sequence to abort.

　　Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:

　　Packet sent with a source address of 192.168.10.1

　　*Aug 8 20:20:40.323: ISAKMP:(0): SA request profile is (NULL)

　　*Aug 8 20:20:40.323: ISAKMP: Created a peer struct for 202.102.1.2, peer port 5

　　00

　　*Aug 8 20:20:40.323: ISAKMP: New peer created peer = 0x6637AAAC peer_handle = 0

　　x80000003

　　*Aug 8 20:20:40.323: ISAKMP: Locking peer struct 0x6637AAAC, refcount 1 for isa

　　kmp_initiator

　　*Aug 8 20:20:40.323: ISAKMP: local port 500, remote port 500

　　*Aug 8 20:20:40.323: ISAKMP: set new node 0 to QM_IDLE

　　*Aug 8 20:20:40.323: insert sa successfully sa = 65D3B7A8

　　*Aug 8 20:20:40.323: ISAKMP:(0):Can not start Aggressive mode, trying Main mode

　　.

　　*Aug 8 20:20:40.323: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2

　　*Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-07 ID

　　*Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-03 ID

　　*Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-02 ID

　　*Aug 8 20:20:40.323: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

　　*Aug 8 20:20:40.323: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

　　*Aug 8 20:20:40.323: ISAKMP:(0): beginning Main Mode exchange

　　*Aug 8 20:20:40.323: ISAKMP:(0): sending packet to 202.102.1.2 my_port 500 peer

　　_port 500 (I) MM_NO_STATE (發送第一個包)

　　*Aug 8 20:20:40.351: ISAKMP (0:0): received packet from 202.102.1.2 dport 500 s

　　port 500 Global (I) MM_NO_STATE (接收第二個包)

　　*Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

　　*Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2

　　*Aug 8 20:20:40.355: ISAKMP:(0): processing SA payload. message ID = 0

　　*Aug 8 20:20:40.355: ISAKMP:(0): processing vendor id payload

　　*Aug 8 20:20:40.355: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismat

　　ch

　　*Aug 8 20:20:40.355: ISAKMP (0:0): vendor ID is NAT-T v7

　　*Aug 8 20:20:40.355: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2

　　*Aug 8 20:20:40.355: ISAKMP:(0): local preshared key found

　　*Aug 8 20:20:40.355: ISAKMP : Scanning profiles for xauth ...

　　*Aug 8 20:20:40.355: ISAKMP:.!!!!

　　Success rate is 80 percent (4/5), round-trip min/avg/max = 28/46/72 ms

　　r1#(0):Checking ISAKMP transform 1 against priority 100 policy

　　*Aug 8 20:20:40.355: ISAKMP: encryption DES-CBC

　　*Aug 8 20:20:40.355: ISAKMP: hash SHA

　　*Aug 8 20:20:40.355: ISAKMP: default group 1

　　*Aug 8 20:20:40.355: ISAKMP: auth pre-share

　　*Aug 8 20:20:40.355: ISAKMP: life type in seconds

　　*Aug 8 20:20:40.355: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

　　*Aug 8 20:20:40.355: ISAKMP:(0):atts are acceptable.(雙方都是認同的)Next payload is 0

　　如果老是重傳，說明策略不匹配

　　*Aug 8 20:20:40.355: ISAKMP:(0): processing vendor id payload

　　*Aug 8 20:20:40.355: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch

　　*Aug 8 20:20:40.355: ISAKMP (0:0): vendor ID is NAT-T v7

　　*Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MOD

　　E

　　*Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2

　　*Aug 8 20:20:40.355: ISAKMP:(0): sending packet to 202.102.1.2 my_port 500 peer

　　_port 500 (I) MM_SA_SETUP

　　*Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_ME

　　r1#SG_INTERNAL, IKE_PROCESS_COMPLETE

　　*Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3

　　發送一個

　　*Aug 8 20:20:40.403: ISAKMP (0:0): received packet from 202.102.1.2 dport 500 s

　　port 500 Global (I) MM_SA_SETUP

　　*Aug 8 20:20:40.407: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

　　*Aug 8 20:20:40.411: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4

　　接收一個

　　*Aug 8 20:20:40.419: ISAKMP:(0): processing KE payload. message ID = 0 公共值

　　*Aug 8 20:20:40.423: ISAKMP:(0): processing NONCE payload. message ID = 0 隨機數

　　*Aug 8 20:20:40.423: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2

　　*Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload

　　*Aug 8 20:20:40.423: ISAKMP:(1002): vendor ID is Unity

　　*Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload

　　*Aug 8 20:20:40.423: ISAKMP:(1002): vendor ID is DPD

　　*Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload

　　*Aug 8 20:20:40.423: ISAKMP:(1002): speaking to another IOS box!

　　*Au

　　r1#g 8 20:20:40.423: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_

　　MODE

　　*Aug 8 20:20:40.423: ISAKMP:(1002):Old State = IKE_I_MM4 New State = IKE_I_MM4

　　*Aug 8 20:20:40.423: ISAKMP:(1002):Send initial contact

　　*Aug 8 20:20:40.423: ISAKMP:(1002):SA is doing pre-shared key authentication us

　　ing id type ID_IPV4_ADDR

　　*Aug 8 20:20:40.423: ISAKMP (0:1002): ID payload