К сожалению, на версии 2.09.B.0.0-1 такая же проблема. Но, если установить опцию "Nailed-up", то IPsec lifetime шлется верный . На старой версии v2.08(AAUX.0)C2 я с этой опцией не проверял.
1) Без опции "Nailed-up" (лог на стороне S-Terra Gate):
Jul 3 00:05:20 localhost vpnsvc: 10000001 <79:0> Start IKE session, Request: Inbound ISAKMP packet, type Main, peer 46.39.231.48:45740, sessionId 11723A184C9AA51B.0
Jul 3 00:05:20 localhost vpnsvc: 00101012 <79:0> Received ISAKMP proposals:
Jul 3 00:05:20 localhost vpnsvc: 00101013 <79:0> Transform #1: Cipher:AES-CBC, Attr(14):(256), Hash:SHA, Group:MODP_1536, Auth:Pre-Shared Key, Life Time:0
Jul 3 00:05:20 localhost vpnsvc: 00101031 <79:0> Checking Transform #1 for Rule "IKERule:CMAP:1:DMAP:1", Transform #2: payload malformed
Jul 3 00:05:20 localhost vpnsvc: 10000018 <79:0> IKE session stopped at [Main Mode, Responder, Packets 1,2][Compare policy], Reason: NO-PROPOSAL-CHOSEN
Jul 3 00:05:20 localhost vpnsvc: 10000001 <79:1> Start IKE session, Request: ISAKMP notification, type Informational, peer 46.39.231.48:45740, sessionId 11723A184C9AA51B.22A7B03F
Jul 3 00:05:20 localhost vpnsvc: 1000001b <79:1> Sending notification [NO-PROPOSAL-CHOSEN] for <79:0>
Jul 3 00:05:20 localhost vpnsvc: 10000002 <79:1> Session completed
Jul 3 00:05:26 localhost vpnsvc: 10000006 ISAKMP connection 77 closed, peer 46.39.231.48:39849, id "192.168.1.1", bytes sent/received: 856/1000, exchanges passed: 1, Reason: Delete payload received
2) С опцией "Nailed-up" (лог на стороне S-Terra Gate):
Jul 3 00:05:45 localhost vpnsvc: 10000001 <80:0> Start IKE session, Request: Inbound ISAKMP packet, type Main, peer 46.39.231.48:45740, sessionId 67F709E498610C9C.0
Jul 3 00:05:45 localhost vpnsvc: 00101012 <80:0> Received ISAKMP proposals:
Jul 3 00:05:45 localhost vpnsvc: 00101013 <80:0> Transform #1: Cipher:AES-CBC, Attr(14):(256), Hash:SHA, Group:MODP_1536, Auth:Pre-Shared Key, Life Time:3600
Jul 3 00:05:45 localhost vpnsvc: 00101031 <80:0> Checking Transform #1 for Rule "IKERule:CMAP:1:DMAP:1", Transform #2: match
Jul 3 00:05:45 localhost vpnsvc: 00101011 <80:0> Sending ISAKMP proposals:
Jul 3 00:05:45 localhost vpnsvc: 00101013 <80:0> Transform #1: Cipher:AES-CBC, Attr(14):(256), Hash:SHA, Group:MODP_1536, Auth:Pre-Shared Key, Life Time:3600
Jul 3 00:05:46 localhost vpnsvc: 10000101 <80:0> NAT detected on remote side
Jul 3 00:05:46 localhost vpnsvc: 10000102 <80:0> NAT detected on local side
Jul 3 00:05:46 localhost vpnsvc: 00101036 <80:0> Using preshared key "cs_key_0_0_0_0__0_0_0_0"
Jul 3 00:05:46 localhost vpnsvc: 10000009 <80:0> Float partner to 46.39.231.48:39849
Jul 3 00:05:46 localhost vpnsvc: 1000001d <80:0> Received unprotected notification [INITIAL-CONTACT]: Ignore
Jul 3 00:05:46 localhost vpnsvc: 10000007 <80:0> Receive identity "192.168.1.1", peer 46.39.231.48:39849
Jul 3 00:05:46 localhost vpnsvc: 10000008 <80:0> Send identity "172.16.5.2", peer 46.39.231.48:39849, id "192.168.1.1"
Jul 3 00:05:46 localhost vpnsvc: 10000002 <80:0> Session completed
Jul 3 00:05:46 localhost vpnsvc: 10000005 <80:0> ISAKMP connection 80 created, peer 46.39.231.48:39849, id "192.168.1.1"
Jul 3 00:05:46 localhost vpnsvc: 10000001 <80:1> Start IKE session, Request: Inbound ISAKMP packet, type Quick, peer 46.39.231.48:39849, sessionId 67F709E498610C9C.D66C17E1
Jul 3 00:05:46 localhost vpnsvc: 1000000b <80:1> Receive traffic request: (192.168.1.0/255.255.255.0,,)->(172.16.1.0/255.255.255.0,,)
Jul 3 00:05:46 localhost vpnsvc: 00101022 <80:1> Received IPSec proposals:
Jul 3 00:05:46 localhost vpnsvc: 00101023 <80:1> Proposal #0:
Jul 3 00:05:46 localhost vpnsvc: 00101024 <80:1> Protocol ESP:
Jul 3 00:05:46 localhost vpnsvc: 00101025 <80:1> Transform #1: Trans-ID:ESP_AES, Attr(6):(256), Integrity:HMAC-SHA, Encapsulation:UDP-Encapsulated-Tunnel, Life Time:3600, Life Traffic:21474836
Jul 3 00:05:46 localhost vpnsvc: 00101031 <80:1> Checking Proposal #0, Protocol ESP, Transform #1 for Rule "IPsecAction:CMAP:1:DMAP:1", Proposal #1, Protocol ESP, Transform #1: match
Jul 3 00:05:46 localhost vpnsvc: 00101021 <80:1> Sending IPSec proposals:
Jul 3 00:05:46 localhost vpnsvc: 00101023 <80:1> Proposal #0:
Jul 3 00:05:46 localhost vpnsvc: 00101024 <80:1> Protocol ESP:
Jul 3 00:05:46 localhost vpnsvc: 00101025 <80:1> Transform #1: Trans-ID:ESP_AES, Attr(6):(256), Integrity:HMAC-SHA, Encapsulation:UDP-Encapsulated-Tunnel, Life Time:3600, Life Traffic:21474836
Jul 3 00:05:46 localhost vpnsvc: 1000001b <80:1> Sending notification [RESPONDER-LIFETIME], LifeTraffic:4608000
Jul 3 00:05:46 localhost vpnsvc: 1000001b <80:1> Sending notification [INITIAL-CONTACT] for ISAKMP connection 80
Jul 3 00:05:46 localhost vpnsvc: 1000001b <80:1> Sending notification [CONNECTED]
Jul 3 00:05:46 localhost vpnsvc: 00100119 <80:1> IPSec connection 5 established, traffic selector 172.16.1.0-172.16.1.255->192.168.1.0-192.168.1.255, peer 46.39.231.48:39849, id "192.168.1.1", Filter IPsec:Protect:CMAP:1:DMAP:1:to_zyxel, IPsecAction IPsecAction:CMAP:1:DMAP:1, IKERule IKERule:CMAP:1:DMAP:1