Mexonizator
-
Posts
13 -
Joined
-
Last visited
Content Type
Profiles
Forums
Gallery
Downloads
Blogs
Events
Posts posted by Mexonizator
-
-
Но это же просто таймер без привязки ко времени? И как я помню, если сохранить настройки на роутере файлик этот перезапишется и инструкция потеряется?
-
Однако здравствуйте.
Воскрешу пост, ибо проблема актуальна. Не знаю, как у вас, а у меня у Кинетика со временем переполняется память и приходится перезагружать руками. Нужен способ прописать ребут в конкретное время и ещё лучше с заданной частотой. В сети почему-то только треш в виде компа с виндой и запуском скрипта с него.
Собственно, можно ли как-то это прописать в самом роутере?
- 1
-
Итого. Все 3 ошибки удалось побороть, тоннель стабилен, полёт нормальный.
1. Видимо, ошибка вызывается НАТом на роутере (циска за ним), а также, возможно, его фишкой IPSEC ALG. Инициация соединения со стороны неё, а не Зухеля решило проблему.
05[KNL] NAT mappings of CHILD_SA ESP/0xc872b75d/ZYXEL_IP changed to CISCO_IP[4500], queuing update job Nov 14 19:22:12ipsec
2. Галка Nailed-Up и trasnport mode во второй фазе вызывали разрывы тоннеля даже при успешной установке.
3. Ну и наконец. Оказалось, что эта ошибка возникает из-за слишком сильного шифрования при первой фазе. Кинетик банально не успевал выполнить шифрование при согласовании, и Циска отправляла повторные запросы. Что, в конечном счёте, и приводило к разрыву. Понижение шифра до 128 бит, и переход на SHA1 решило проблему.
10[IKE] retransmit 1 of request with message ID 0 Nov 10 13:15:20ipsec
Всем спасибо, тему можно считать закрытой.
-
TP-LINK RT480T+.
У роутера этого есть фишка IPSEC ALG, которую я вырубил. Что характерно, особого эффекта не оказало.
ЗЫ. Версия прошивки - скрытым постом.
-
Понятно, спасибо.
-
Тогда другой вопрос. Если IPSec загружает процессор под 100% при передаче данных, что можно сделать в этом случае?
-
Добрый день.
Поддерживает ли Keenetic III аппаратное шифрование? С чем связана следующая ошибка?
(config)> crypto engine hardware Command::Base error[7405602]: engine: argument parse error.
Спасибо!
-
Вести с полей. Смена режима ВПН-ки с transport на tunnel убрало ошибку. Зато возник новый глюк. После первого запуска, ВПН-ка проработала некоторое время, а затем стала валиться в лог:
Nov 14 19:22:12ipsec 05[KNL] NAT mappings of CHILD_SA ESP/0xc872b75d/ZYXEL_IP changed to CISCO_IP[4500], queuing update job Nov 14 19:22:12ipsec 08[KNL] NAT mappings of CHILD_SA ESP/0xc872b75d/ZYXEL_IP changed to CISCO_IP[4500], queuing update job Nov 14 19:22:15ipsec 06[KNL] NAT mappings of CHILD_SA ESP/0xc872b75d/ZYXEL_IP changed to CISCO_IP[4500], queuing update job Nov 14 19:22:17ipsec 13[KNL] NAT mappings of CHILD_SA ESP/0xc872b75d/ZYXEL_IP changed to CISCO_IP[4500], queuing update job Nov 14 19:22:22ipsec 05[KNL] NAT mappings of CHILD_SA ESP/0xc872b75d/ZYXEL_IP changed to CISCO_IP[4500], queuing update job
По всей видимости, ошибка имеет отношение к НАТу, но непонятно, какое именно. Со стороны циски (т.е. между ней и тоннелем) НАТа нет.
Причём, что характерно, перезапуск ВПН-ки не помог. Очевидно, что проблема как-то связана с сопоставлением со стороны НАТа.
UPD: При запуске на следующий день, ВПН-ка снова без проблем поднялась и работает некоторое время.
UPD2: Ошибка снова посыпалась, но, что интересно, данные пока продолжают ходить.
-
Понятно, спасибо. А идей каких-то нет, из-за чего это может быть?
-
38 минут назад, Le ecureuil сказал:
Ничего непонятно.
Начните с установки draft и приложения sefl-test, а также объясните кто у вас инициатор соединения.
Инициатор - зухель, который подрубается к циске.
По поводу draft. Можно ли как-то обойтись без него?
Self-test приложу следующим постом.
5 часов назад, makc22 сказал:Словил тоже на 2.11.A.8.0-3
решил отключением "Включить IPv6:" в Broadband connection
Жаль, нет такой опции в настройках соединения.
-
Добрый день!
Собственно, как и следует из названия темы, устройство начинает пробрасывать тоннель, причём, по какой-то непостижимой причине, производится сразу несколько попыток. В результате, соединение успешно устанавливается в рамках одного из согласований, а затем благополучно дропается, т.к. другое не получает ответа от Циски и рубит по тайм-ауту. Что характерно, с самим соединений никаких проблем нет: пакеты ходят, компы друг друга видят, пингуют...
Версия прошивки: v2.08(AAUU.4)C2
Версия Циски: 15.4
Логи Кинетика:
Nov 10 13:15:01ipsec 06[MGR] ignoring request with ID 0, already processing Nov 10 13:15:08ipsec 16[IKE] remote host is behind NAT Nov 10 13:15:08ipsec 14[CFG] looking for peer configs matching ZYXEL_IP[%any]...CISCO_IP[192.168.0.2] Nov 10 13:15:08ipsec 14[CFG] selected peer config 'Test' Nov 10 13:15:08ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:15:08ipsec 14[IKE] authentication of '192.168.0.2' with pre-shared key successful Nov 10 13:15:08ipsec 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 10 13:15:08ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:15:08ipsec 14[IKE] authentication of 'ZYXEL_IP' (myself) with pre-shared key Nov 10 13:15:08ipsec 14[IKE] IKE_SA Test[4] established between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:15:08ipsec 14[IKE] scheduling reauthentication in 3573s Nov 10 13:15:08ipsec 14[IKE] maximum IKE_SA lifetime 3593s Nov 10 13:15:08ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 0. Nov 10 13:15:08ipsec 14[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:15:08ipsec 14[CFG] configured proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/MODP_4096/NO_EXT_SEQ Nov 10 13:15:08ipsec 14[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:15:08ipsec 14[IKE] CHILD_SA Test{2} established with SPIs c12ee9c8_i c20b83b1_o and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:15:08ndm IpSec::Configurator: crypto map "Test" is up. Nov 10 13:15:08ndm IpSec::Configurator: reconnection for crypto map "Test" was cancelled. Nov 10 13:15:08ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 1. Nov 10 13:15:08ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:15:08ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:15:11ipsec 10[IKE] retransmit 1 of request with message ID 0 Nov 10 13:15:20ipsec 08[IKE] retransmit 2 of request with message ID 0 Nov 10 13:15:30ipsec 10[IKE] retransmit 3 of request with message ID 0 Nov 10 13:15:41ipsec 09[IKE] retransmit 4 of request with message ID 0 Nov 10 13:15:52ipsec 05[IKE] retransmit 5 of request with message ID 0 Nov 10 13:16:05ipsec 10[IKE] retransmit 6 of request with message ID 0 Nov 10 13:16:20ipsec 09[IKE] retransmit 7 of request with message ID 0 Nov 10 13:16:35ipsec 16[IKE] retransmit 8 of request with message ID 0 Nov 10 13:16:52ipsec 12[IKE] giving up after 8 retransmits Nov 10 13:16:52ndm IpSec::Configurator: remote peer of crypto map "Test" is down. Nov 10 13:16:52ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:16:52ndm IpSec::Configurator: fallback peer is not defined for crypto map "Test", retry. Nov 10 13:16:52ndm IpSec::Configurator: schedule reconnect for crypto map "Test". Nov 10 13:16:52ipsec 12[IKE] establishing IKE_SA failed, peer not responding Nov 10 13:17:08ndm IpSec::Configurator: reconnecting crypto map "Test". Nov 10 13:17:10ndm IpSec::Configurator: crypto map "Test" shutdown started. Nov 10 13:17:10ipsec 12[CFG] received stroke: unroute 'Test' Nov 10 13:17:10ipsec 13[CFG] received stroke: terminate 'Test{*}' Nov 10 13:17:10ipsec 16[IKE] closing CHILD_SA Test{2} with SPIs c12ee9c8_i (40144 bytes) c20b83b1_o (811908 bytes) and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:17:10ipsec 16[IKE] sending DELETE for ESP CHILD_SA with SPI c12ee9c8 Nov 10 13:17:10ipsec 09[IKE] received DELETE for ESP CHILD_SA with SPI c20b83b1 Nov 10 13:17:10ipsec 09[IKE] CHILD_SA closed Nov 10 13:17:10ipsec 14[CFG] received stroke: terminate 'Test[*]' Nov 10 13:17:10ndm IpSec::Configurator: crypto map "Test" shutdown complete. Nov 10 13:17:11ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:17:11ipsec 06[IKE] deleting IKE_SA Test[4] between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:17:11ipsec 06[IKE] sending DELETE for IKE_SA Test[4] Nov 10 13:17:11ipsec 11[IKE] IKE_SA deleted Nov 10 13:17:11ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:17:11ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:17:11ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:17:11ipsec 15[IKE] received Cisco Delete Reason vendor ID Nov 10 13:17:11ipsec 15[IKE] CISCO_IP is initiating an IKE_SA Nov 10 13:17:11ipsec 15[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:17:11ipsec 15[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:17:11ipsec 15[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:17:11ipsec 12[CFG] received stroke: initiate 'Test' Nov 10 13:17:11ndm IpSec::Configurator: crypto map "Test" initialized. Nov 10 13:17:13ipsec 07[MGR] ignoring request with ID 0, already processing Nov 10 13:17:17ipsec 09[MGR] ignoring request with ID 0, already processing Nov 10 13:17:19ipsec 15[IKE] remote host is behind NAT Nov 10 13:17:19ipsec 16[IKE] initiating IKE_SA Test[6] to CISCO_IP Nov 10 13:17:20ipsec 14[CFG] looking for peer configs matching ZYXEL_IP[%any]...CISCO_IP[192.168.0.2] Nov 10 13:17:20ipsec 14[CFG] selected peer config 'Test' Nov 10 13:17:20ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:17:20ipsec 14[IKE] authentication of '192.168.0.2' with pre-shared key successful Nov 10 13:17:20ipsec 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 10 13:17:20ipsec 14[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:17:20ipsec 14[IKE] authentication of 'ZYXEL_IP' (myself) with pre-shared key Nov 10 13:17:20ipsec 14[IKE] IKE_SA Test[5] established between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:17:20ipsec 14[IKE] scheduling reauthentication in 3569s Nov 10 13:17:20ipsec 14[IKE] maximum IKE_SA lifetime 3589s Nov 10 13:17:20ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 0. Nov 10 13:17:20ipsec 14[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:17:20ipsec 14[CFG] configured proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/MODP_4096/NO_EXT_SEQ Nov 10 13:17:20ipsec 14[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:17:20ipsec 14[IKE] CHILD_SA Test{3} established with SPIs c96d5999_i 8d98ca14_o and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:17:20ndm IpSec::Configurator: crypto map "Test" is up. Nov 10 13:17:20ndm IpSec::Configurator: reconnection for crypto map "Test" was cancelled. Nov 10 13:17:20ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 1. Nov 10 13:17:20ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:17:20ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:17:32ipsec 11[IKE] retransmit 1 of request with message ID 0 Nov 10 13:17:41ipsec 07[IKE] retransmit 2 of request with message ID 0 Nov 10 13:17:50ipsec 05[IKE] retransmit 3 of request with message ID 0 Nov 10 13:18:01ipsec 13[IKE] retransmit 4 of request with message ID 0 Nov 10 13:18:13ipsec 05[IKE] retransmit 5 of request with message ID 0 Nov 10 13:18:26ipsec 15[IKE] retransmit 6 of request with message ID 0 Nov 10 13:18:40ipsec 13[IKE] retransmit 7 of request with message ID 0 Nov 10 13:18:55ipsec 16[IKE] retransmit 8 of request with message ID 0 Nov 10 13:19:13ipsec 14[IKE] giving up after 8 retransmits Nov 10 13:19:13ndm IpSec::Configurator: remote peer of crypto map "Test" is down. Nov 10 13:19:13ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:19:13ndm IpSec::Configurator: fallback peer is not defined for crypto map "Test", retry. Nov 10 13:19:13ndm IpSec::Configurator: schedule reconnect for crypto map "Test". Nov 10 13:19:13ipsec 14[IKE] establishing IKE_SA failed, peer not responding Nov 10 13:19:29ndm IpSec::Configurator: reconnecting crypto map "Test". Nov 10 13:19:31ndm IpSec::Configurator: crypto map "Test" shutdown started. Nov 10 13:19:31ipsec 14[CFG] received stroke: unroute 'Test' Nov 10 13:19:31ipsec 08[CFG] received stroke: terminate 'Test{*}' Nov 10 13:19:31ipsec 16[IKE] closing CHILD_SA Test{3} with SPIs c96d5999_i (24735 bytes) 8d98ca14_o (68197 bytes) and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:19:31ipsec 16[IKE] sending DELETE for ESP CHILD_SA with SPI c96d5999 Nov 10 13:19:31ipsec 13[IKE] received DELETE for ESP CHILD_SA with SPI 8d98ca14 Nov 10 13:19:31ipsec 13[IKE] CHILD_SA closed Nov 10 13:19:31ipsec 09[CFG] received stroke: terminate 'Test[*]' Nov 10 13:19:31ndm IpSec::Configurator: crypto map "Test" shutdown complete. Nov 10 13:19:31ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:19:31ipsec 10[IKE] deleting IKE_SA Test[5] between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:19:31ipsec 10[IKE] sending DELETE for IKE_SA Test[5] Nov 10 13:19:31ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:19:31ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:19:32ipsec 12[CFG] received stroke: initiate 'Test' Nov 10 13:19:32ndm IpSec::Configurator: crypto map "Test" initialized. Nov 10 13:19:39ipsec 15[IKE] unable to create CHILD_SA while deleting IKE_SA Nov 10 13:19:39ipsec 05[IKE] IKE_SA deleted Nov 10 13:19:39ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:19:39ipsec 07[IKE] initiating IKE_SA Test[7] to CISCO_IP Nov 10 13:19:51ipsec 08[IKE] retransmit 1 of request with message ID 0 Nov 10 13:20:00ipsec 13[IKE] retransmit 2 of request with message ID 0 Nov 10 13:20:01ipsec 10[IKE] received Cisco Delete Reason vendor ID Nov 10 13:20:01ipsec 10[IKE] CISCO_IP is initiating an IKE_SA Nov 10 13:20:01ipsec 10[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:20:01ipsec 10[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:20:01ipsec 10[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_4096/# Nov 10 13:20:03ipsec 14[MGR] ignoring request with ID 0, already processing Nov 10 13:20:06ipsec 16[MGR] ignoring request with ID 0, already processing Nov 10 13:20:09ipsec 10[IKE] remote host is behind NAT Nov 10 13:20:09ipsec 08[CFG] looking for peer configs matching ZYXEL_IP[%any]...CISCO_IP[192.168.0.2] Nov 10 13:20:09ipsec 08[CFG] selected peer config 'Test' Nov 10 13:20:09ipsec 08[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:20:09ipsec 08[IKE] authentication of '192.168.0.2' with pre-shared key successful Nov 10 13:20:09ipsec 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Nov 10 13:20:09ipsec 08[IKE] linked key for crypto map 'Test' is not found, still searching Nov 10 13:20:09ipsec 08[IKE] authentication of 'ZYXEL_IP' (myself) with pre-shared key Nov 10 13:20:09ipsec 08[IKE] IKE_SA Test[8] established between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:20:09ipsec 08[IKE] scheduling reauthentication in 3567s Nov 10 13:20:09ipsec 08[IKE] maximum IKE_SA lifetime 3587s Nov 10 13:20:09ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 0. Nov 10 13:20:09ipsec 08[CFG] received proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:20:09ipsec 08[CFG] configured proposals: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/MODP_4096/NO_EXT_SEQ Nov 10 13:20:09ipsec 08[CFG] selected proposal: ESP:AES_CBC=256/HMAC_SHA2_256_128/#/#/NO_EXT_SEQ Nov 10 13:20:09ipsec 08[IKE] CHILD_SA Test{4} established with SPIs cdeb3b19_i 00d56f15_o and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:20:09ndm IpSec::Configurator: crypto map "Test" is up. Nov 10 13:20:09ndm IpSec::Configurator: reconnection for crypto map "Test" was cancelled. Nov 10 13:20:09ndm IpSec::Configurator: crypto map "Test" active IKE SA: 1, active CHILD SA: 1. Nov 10 13:20:09ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Nov 10 13:20:10ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Nov 10 13:20:10ipsec 05[IKE] retransmit 3 of request with message ID 0 Nov 10 13:20:20ipsec 15[IKE] retransmit 4 of request with message ID 0 Nov 10 13:20:32ipsec 05[IKE] retransmit 5 of request with message ID 0 Nov 10 13:20:45ipsec 08[IKE] retransmit 6 of request with message ID 0 Nov 10 13:20:48ndhcps _WEBADMIN: DHCPREQUEST received (STATE_SELECTING) for 192.168.10.45 from 74:04:2b:84:60:e8. Nov 10 13:20:48ndhcps _WEBADMIN: sending ACK of 192.168.10.45 to 74:04:2b:84:60:e8. Nov 10 13:20:59ipsec 16[IKE] retransmit 7 of request with message ID 0 Nov 10 13:21:15ipsec 15[IKE] retransmit 8 of request with message ID 0 Nov 10 13:21:32ipsec 13[IKE] giving up after 8 retransmits Nov 10 13:21:32ndm IpSec::Configurator: remote peer of crypto map "Test" is down. Nov 10 13:21:32ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:21:32ndm IpSec::Configurator: fallback peer is not defined for crypto map "Test", retry. Nov 10 13:21:32ndm IpSec::Configurator: schedule reconnect for crypto map "Test". Nov 10 13:21:32ipsec 13[IKE] establishing IKE_SA failed, peer not responding Nov 10 13:21:48ndm IpSec::Configurator: reconnecting crypto map "Test". Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" shutdown started. Nov 10 13:21:50ipsec 13[CFG] received stroke: unroute 'Test' Nov 10 13:21:50ipsec 07[CFG] received stroke: terminate 'Test{*}' Nov 10 13:21:50ipsec 15[IKE] closing CHILD_SA Test{4} with SPIs cdeb3b19_i (24726 bytes) 00d56f15_o (85210 bytes) and TS 192.168.10.0/24 === 192.168.0.0/24 Nov 10 13:21:50ipsec 15[IKE] sending DELETE for ESP CHILD_SA with SPI cdeb3b19 Nov 10 13:21:50ipsec 16[IKE] received DELETE for ESP CHILD_SA with SPI 00d56f15 Nov 10 13:21:50ipsec 16[IKE] CHILD_SA closed Nov 10 13:21:50ipsec 06[CFG] received stroke: terminate 'Test[*]' Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" shutdown complete. Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0. Nov 10 13:21:50ipsec 08[IKE] deleting IKE_SA Test[8] between ZYXEL_IP[ZYXEL_IP]...CISCO_IP[192.168.0.2] Nov 10 13:21:50ipsec 08[IKE] sending DELETE for IKE_SA Test[8] Nov 10 13:21:50ipsec 05[IKE] IKE_SA deleted Nov 10 13:21:50ndm IpSec::Configurator: crypto map "Test" active IKE SA: 0, active CHILD SA: 0.
Спасибо!
- 1
Автоматическая перезагрузка интернет-центра по расписанию
in 2.11
Posted
Спасибо за наводку, попробую. Хотя, как я понял, оно же просто увеличивает доступное место, а не расчищает уже занятую память и не снижает её потребление?