服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 连接到Cisco-CSR的GCP VPN
Intereting Posts
elinks | 表单提交后转储 vSphere教育 – 使用*太多内存configuration虚拟机有什么缺点? VMware分布式vSwitches(VDS) – devise,理论,*真实*用例和实例? 如何测量用电效率(PUE) FTP把几个目录不覆盖? Linux上的mount_afp,用户权限 列出VMware数据存储上的所有文件 – PowerCLI / SSH? 挂起域名 什么是WinHttpAutoProxySvc? 我如何知道用户映射的networking驱动器? Adaptec 2610 RAID 1 – 状态“受影响” 在Windows上自动申请个人证书 鱿鱼不会储存我的形象 从鱿鱼的子网中排除一些IP Oracle企业pipe理器显示代理不可访问,负磁盘空间?

连接到Cisco-CSR的GCP VPN

我把GCP VPN网关和CSR的configuration和日志。 你可以看看,看看他们为什么不形成VPN。 谢谢。

[#GCP#]

VPN-1

networking 

csr-gcp

地区 

 us-west1

IP地址 

 1.1.1.1

日志查看隧道远端对端IP地址: 

 2.2.2.2

等价的REST

[#CSR#] 

 csr-120#show run Building configuration... Current configuration : 5316 bytes ! ! Last configuration change at 21:56:04 UTC Tue Sep 26 2017 by ec2-user ! version 16.6 service timestamps debug datetime msec service timestamps log datetime msec platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core platform console virtual ! hostname csr-120 ! boot-start-marker boot-end-marker ! ! logging persistent size 1000000 filesize 8192 immediate ! no aaa new-model ! subscriber templating ! multilink bundle-name authenticated ! crypto pki trustpoint TP-self-signed-1059349623 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1059349623 revocation-check none rsakeypair TP-self-signed-1059349623 ! ! crypto pki certificate chain TP-self-signed-1059349623 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31303539 33343936 3233301E 170D3137 30393235 32323434 33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353933 34393632 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100C941 8C187C11 6E8B8CBC 2FACEC5C DB9478E0 50A51C30 7B778824 FBAD84A0 49D4862E 0799E97A D9B442F4 661853C3 E0C6BFF9 948C94F3 F8A436F9 FC0D9D1A 2C435DEC F81BF6CF 0CB5A9EB 57FA92BD 3B60EC15 B2C7CFD5 9380BF5A EC4BF740 D66A3F8B A91E7CAA 33D03B96 852FC1CD 401262FD D319E890 2EE87719 0B72EC46 622A7455 0A0C8D50 A8AE1149 1FAC8D13 9169800F 594C56AD CAC3CCCF DAD045DA F801A1A9 01F49021 87E91547 E32F1E77 B80A2850 2EC5D6F9 0AA55BBE BA4631D6 FA8789C3 B01C695B CAF0EAED FC36EE97 512CF07A F0515279 4CBAD3CE 2953E96A B939E5FB 2E0DB9C1 380950DB 6993D8A1 EF785FAB 649D3BF4 3A6412C7 8F3F07FD 26A70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 144966F9 DE272657 AE254946 315DBBEA A61A4534 D9301D06 03551D0E 04160414 4966F9DE 272657AE 25494631 5DBBEAA6 1A4534D9 300D0609 2A864886 F70D0101 05050003 82010100 36D61218 5A0F0101 66A4D627 76314582 2FBF6A3B 6E2484B3 7542627A C61B74F6 0B6A0759 EDC7AC01 5CC9CCF8 6BC363E5 76A0C875 62C29F61 326EA00E 61EBDEF8 1C8284EC 0479660E 937A0A41 2A3442F4 59A2F549 E024B767 6AE8E7B4 E83BA399 30EAC1DB 041277DF 45E2052E B46FF15F 24E922EB F880BF92 4D9BF370 C1BCDF85 047B967B 49065543 9B7A111C 9CFBC5AA FAB91CF3 2B98F9A3 FC5B3BAF A3F2F1E5 076DD861 825A5EF6 526301CE E6708320 094F2A73 5BEB3748 A1525872 DEFCC022 75542F07 DCCEE8D4 FD0758B3 B7C682AE C42DE108 DA166AA8 CB907B79 8064E900 96E7B92F E77D59B9 7EF3AE80 64BA5439 CE554E42 0AA33781 42BA9F18 9EADF681 quit ! license udi pid CSR1000V sn 950W1OHY4HZ diagnostic bootup level minimal spanning-tree extend system-id ! username ec2-user privilege 15 secret 5 $1$.Tna$JDoOwEJ5BqGHVaNWJkIbx0 ! redundancy ! crypto ikev2 proposal csrisakmp ! Proposal Incomplete(MUST have atleast an encryption algorithm, an integrity algorithm and a dh group configured) encryption aes-cbc-256 ! crypto ikev2 policy 1 ! Policy Incomplete(MUST have atleast one complete proposal attached) ! crypto isakmp policy 1 encr aes 256 hash sha256 authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 ! crypto ipsec security-association replay window-size 1024 ! crypto ipsec transform-set csrpoc esp-aes 256 esp-sha256-hmac mode tunnel crypto ipsec transform-set csrisakmp esp-aes 256 mode tunnel ! crypto ipsec profile csrisa set security-association idle-time 60 set security-association replay window-size 1024 set transform-set csrisakmp ! crypto ipsec profile csrpoc set security-association idle-time 60 set security-association replay window-size 1024 set transform-set csrpoc set pfs group2 ! ! interface Tunnel0 ip address 192.168.1.2 255.255.255.0 load-interval 30 tunnel source GigabitEthernet1 tunnel mode ipsec ipv4 tunnel destination 1.1.1.1 tunnel protection ipsec profile csrpoc ! interface VirtualPortGroup0 ip address 192.168.35.1 255.255.255.0 ip nat inside no mop enabled no mop sysid ! interface GigabitEthernet1 ip address dhcp ip nat outside negotiation auto no mop enabled no mop sysid ! interface GigabitEthernet2 ip address 10.120.1.149 255.255.255.0 negotiation auto no mop enabled no mop sysid ! ! virtual-service csr_mgmt ip shared host-interface GigabitEthernet1 activate ! iox ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 overload ip forward-protocol nd ip tcp window-size 131072 ip http server ip http authentication local ip http secure-server ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 10.120.0.1 ! ip ssh window-size 131072 ip ssh rsa keypair-name ssh-key ip ssh version 2 ip ssh pubkey-chain username ec2-user key-hash ssh-rsa F4F8CB76872223E7C38C55AB08544D37 ec2-user ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip scp server enable ! ! ip access-list standard GS_NAT_ACL permit 192.0.0.0 0.255.255.255 ! ! control-plane ! ! line con 0 stopbits 1 line vty 0 4 login local transport input ssh ! ! end csr-120#

[#错误 – GCP#] 

 D parsed ID_PROT request 0 [ SA VVVV ] D no IKE config found for 1.1.1.1...2.2.2.2, sending NO_PROPOSAL_CHOSEN D generating INFORMATIONAL_V1 request 3739193206 [ N(NO_PROP) ] D sending packet: from 1.1.1.1[500] to 2.2.2.2[500] (40 bytes) D retransmit 2 of request with message ID 0

[#错误 – CSR#] 

 csr-120#show cry isa sa IPv4 Crypto ISAKMP SA dst src state conn-id status 1.1.1.1 10.120.0.212 MM_NO_STATE 0 ACTIVE *Sep 26 21:57:37.677: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 1.1.1.1 *Sep 26 21:58:38.116: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 1.1.1.1 csr-120#