\u5728\u4e24\u8fb9\u90fd\u4f7f\u7528\u7b56\u7565VPN\u7684\u60c5\u51b5\u4e0b\u4e0d\u901a,DEBUG\u7ed3\u679c\u5982\u4e0b
\n****** 05955.0: <Trust\/ethernet1> packet received [60]******
\n ipid = 4765(129d), @d7816110
\n packet passed sanity check.
\n ethernet1:1.1.1.93\/7425->2.2.2.1\/768,1(8\/0)<Root>
\n no session found
\n flow_first_sanity_check: in <ethernet1>, out <N\/A>
\n chose interface ethernet1 as incoming nat if.
\n flow_first_routing: in <ethernet1>, out <N\/A>
\n search route to (ethernet1, 1.1.1.93->2.2.2.1) in vr trust-vr for vsd-0\/flag-0\/ifp-null
\nno route to (1.1.1.93->2.2.2.1) in vr trust-vr\/0
\n packet dropped, no route
\n****** 05960.0: <Trust\/ethernet1> packet received [60]******
\n ipid = 4766(129e), @d7816910
\n packet passed sanity check.
\n ethernet1:1.1.1.93\/7681->2.2.2.1\/768,1(8\/0)<Root>
\n no session found
\n flow_first_sanity_check: in <ethernet1>, out <N\/A>
\n chose interface ethernet1 as incoming nat if.
\n flow_first_routing: in <ethernet1>, out <N\/A>
\n search route to (ethernet1, 1.1.1.93->2.2.2.1) in vr trust-vr for vsd-0\/flag-0\/ifp-null
\nno route to (1.1.1.93->2.2.2.1) in vr trust-vr\/0
\n packet dropped, no route<\/p>\n
\u4ee5\u4e0a\u4fe1\u606f\u8bf4\u660e,\u8fd9\u79cd\u60c5\u51b5\u4e0b\u9632\u706b\u5899\u67e5\u627e\u8def\u7531,\u8fd8\u6ca1\u6709\u5230\u67e5\u627e\u7b56\u7565\u7684\u6b65\u9aa4.<\/p>\n
\u5728\u4e24\u8fb9\u90fd\u4f7f\u7528tunnel\u65b9\u5f0f,VPN\u901a,DEBUG\u7ed3\u679c\u5982\u4e0b
\n****** 11040.0: <Trust\/ethernet1> packet received [60]******
\n ipid = 21354(536a), @d7812910
\n packet passed sanity check.
\n ethernet1:1.1.1.93\/61956->2.2.2.1\/768,1(8\/0)<Root>
\n no session found
\n flow_first_sanity_check: in <ethernet1>, out <N\/A>
\n chose interface ethernet1 as incoming nat if.
\n flow_first_routing: in <ethernet1>, out <N\/A>
\n search route to (ethernet1, 1.1.1.93->2.2.2.1) in vr trust-vr for vsd-0\/flag-0\/ifp-null
\n [ Dest] 16.route 2.2.2.1->2.2.2.1, to tunnel.1
\n routed (x_dst_ip 2.2.2.1) from ethernet1 (ethernet1 in 0) to tunnel.1
\n? policy search from zone 2-> zone 1
\npolicy_flow_search? policy search nat_crt from zone 2-> zone 1
\n RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 2.2.2.1, port 22615, proto 1)
\n No SW RPC rule match, search HW rule
\n Permitted by policy 1
\n No src xlate NHTB entry search no found: vpn none tif tunnel.1 nexthop 2.2.2.1
\n choose interface tunnel.1 as outgoing phy if
\n no loop on ifp tunnel.1.
\n session application type 0, name None, nas_id 0, timeout 60sec
\n service lookup identified service 0.
\n flow_first_final_check: in <ethernet1>, out <tunnel.1>
\n existing vector list 5-66597e0.
\n Session (id:128058) created for first pak 5
\n flow_first_install_session======>
\n cache mac in the session
\n make_nsp_ready_no_resolve()
\n search route to (tunnel.1, 2.2.2.1->1.1.1.93) in vr trust-vr for vsd-0\/flag-3000\/ifp-ethernet1
\n [ Dest] 14.route 1.1.1.93->1.1.1.93, to ethernet1
\n route to 1.1.1.93
\n flow got session.
\n flow session id 128058
\n skipping pre-frag
\n going into tunnel 40000005.
\n flow_encrypt: pipeline.
\nchip info: DMA. Tunnel id 00000005
\n(vn2)? doing ESP encryption and size =64
\nipsec encrypt prepare engine done
\nipsec encrypt set engine done
\nipsec encrypt engine released
\nipsec encrypt done
\n put packet(557d210) into flush queue.
\n remove packet(557d210) out from flush queue.
\n**** jump to packet:30.0.0.1->30.0.0.254
\n out encryption tunnel 40000005 gw:30.0.0.254
\n no more encapping needed
\n send out through normal path.
\n flow_ip_send: 55f7:30.0.0.1->30.0.0.254,50 => ethernet3.3(112) flag 0x0, vlan 30
\n mac 001bc05dbc06 in session
\n packet send out to 001bc05dbc06 through ethernet3.3
\n **** pak processing end.<\/p>\n
\u7ed3\u8bba:\u4f7f\u7528untrust\u5b50\u63a5\u53e3\u4f5c\u4e3avpn\u7684\u63a5\u53e3\u7684\u9632\u706b\u5899\u9700\u8981\u4f7f\u7528tunnel\u65b9\u5f0f,\u5bf9\u7aef\u53ef\u4ee5\u4e3a\u7b56\u7565VPN.<\/p>\n
\u914d\u7f6e\u89c1\u9644\u4ef6:<\/p>\n
\u6587\u4ef6:
\nnetscreen.zip<\/p>\n
\u5927\u5c0f:
\n2KB<\/p>\n
\u4e0b\u8f7d:
\n\u4e0b\u8f7d<\/p>\n
\u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aKermit\u7684\u7f51\u7ad9<\/a> » Juniper\u9632\u706b\u5899 untrust\u5b50\u63a5\u53e3\u4e0a\u505aVPN<\/a><\/p>","protected":false},"excerpt":{"rendered":" \u5728\u4e24\u8fb9\u90fd\u4f7f\u7528\u7b56\u7565VPN\u7684\u60c5\u51b5\u4e0b\u4e0d\u901a,DEBUG\u7ed3\u679c\u5982\u4e0b ****** 05955.0: <Trust\/ethernet1> packet received [60]****** ipid = 4765(129d), @d7816110 p […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-40","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/40"}],"collection":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/comments?post=40"}],"version-history":[{"count":0,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/40\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/media?parent=40"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/categories?post=40"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/tags?post=40"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}