从iPad/iPhone连接到Sonicwall L2TP VPN时出错
客户端拥有运行SonicOS 3.0的SonicWallPro2040,他们希望能够使用来自iPads的L2TP VPN客户端连接到内部服务(Citrix等)。我已经在Sonicwall上启用了L2TP VPN服务器,确保为第二阶段设置了AES-128,并使用适当的用户名、密码和预共享密钥在测试iPad上设置了配置。当我试图连接时,我在Sonicwall上的日志中得到了一些非常神秘的错误消息:
2 03/29/2011 12:25:09.096 IKE Responder: IPSec proposal does not match (Phase 2) [My outbound IP address redacted] (admin) [WAN IP address redacted] 10.10.130.7/32 -> [WAN IP address redacted]/32
3 03/29/2011 12:25:09.096 IKE Responder: Received Quick Mode Request (Phase 2) [My outbound IP address redacted], 61364 (admin) [WAN IP address redacted], 500
4 03/29/2011 12:25:07.048 IKE Responder: IPSec proposal does not match (Phase 2) [My outbound IP address redacted] (admin) [WAN IP address redacted] 10.10.130.7/32 -> [WAN IP address redacted]/32
5 03/29/2011 12:25:07.048 IKE Responder: Received Quick Mode Request (Phase 2) [My outbound IP address redacted], 61364 (admin) [WAN IP address redacted], 500iPad上的控制台日志如下所示:
Mar 29 13:31:24 Daves-iPad racoon[519] <Info>: [519] INFO: ISAKMP-SA established 10.10.130.7[500]-[WAN IP address redacted][500] spi:5d705eb6c760d709:458fcdf80ee8acde
Mar 29 13:31:24 Daves-iPad racoon[519] <Notice>: IPSec Phase1 established (Initiated by me).
Mar 29 13:31:24 Daves-iPad kernel[0] <Debug>: launchd[519] Builtin profile: racoon (sandbox)
Mar 29 13:31:25 Daves-iPad racoon[519] <Info>: [519] INFO: initiate new phase 2 negotiation: 10.10.130.7[500]<=>[WAN IP address redacted][500]
Mar 29 13:31:25 Daves-iPad racoon[519] <Notice>: IPSec Phase2 started (Initiated by me).
Mar 29 13:31:25 Daves-iPad racoon[519] <Info>: [519] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Mar 29 13:31:25 Daves-iPad racoon[519] <Info>: [519] ERROR: Message: '@ No proposal is chosen'.
Mar 29 13:31:46 Daves-iPad racoon[519] <Info>: [519] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Mar 29 13:31:46 Daves-iPad racoon[519] <Info>: [519] ERROR: Message: '@ No proposal is chosen'.
Mar 29 13:31:55 Daves-iPad pppd[518] <Notice>: IPSec connection failed这能提供关于哪里出了问题的线索吗?
回答 2
Server Fault用户
发布于 2011-03-29 18:01:40
首先,我强烈建议您(或您的客户端)升级到最新版本的SonicOS,或者更确切地说是SonicOS增强版。
关于您的问题,通过阅读错误消息,SonicWall和iPad上的第二阶段建议似乎不匹配。我想看看所使用的协议和认证。确保相应地配置了iPad。
两个可能有用的链接:
- 配置iPod/iPad/iPhone L2TP客户端以连接到SonicWALL设备
- 如何在L2TP设备上配置SonicWALL服务器
Server Fault用户
发布于 2011-03-29 19:13:14
虽然SonicWALL确实说您的配置应该工作,但您可能会尝试跳转到AES-256,看看您是否有更好的运气。还请确保PFS未被选中。
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8260
https://serverfault.com/questions/253291
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号