c892とWindows10とのVPN Connect問題

RANRAN · ‎2020-03-06

c892とWindows10をL2TP/IPsecで繋がるように

設定を行っています。

コネクションを確認しましてespパケットを交換するのことを

確認しましたが繋がってからすぐ連結が途切れてしまいます。

解決方法を教えていただけますでしょうか。

CLI

interface loopback 0
ip address 192.168.168.254 255.255.255.255

ip local pool REMOTE_POOL 192.168.168.200 192.168.168.210

aaa new-model
aaa authentication ppp default local

username test password test

vpdn enable

vpdn-group test
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication

interface virtual-template 1
ip unnumbered GigabitEthernet0
peer default ip address pool REMOTE_POOL
ppp authentication ms-chap-v2

crypto isakmp policy 10
encr 3des
hash sha
authentication pre-share
group 2
lifetime 3600

crypto isakmp key test address 0.0.0.0 0.0.0.0

crypto ipsec transform-set tset esp-3des esp-sha-hmac
mode transport

crypto dynamic-map dmap 1
set nat demux
set transform-set tset

crypto map cmap 1 ipsec-isakmp dynamic dmap

interface GigabitEthernet0
no shutdown
ip nat outside
ip address 192.168.200.1 255.255.255.0
duplex auto
speed auto
crypto map cmap

interface Vlan1
ip nat inside
ip address 192.168.0.1 255.255.255.0

router ospf 1
network 192.168.200.1 0.0.0.0 area 0
network 192.168.0.1 0.0.0.0 area 0

ip nat inside source list NAT interface GigabitEthernet0 overload

ip access-list extended NAT
permit ip any any
permit icmp any any

Debug **Phase2完了以降のSAダウンしのメッセージ

*Mar 6 02:14:43.099: ISAKMP:(2010):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
*Mar 6 02:15:18.131: ISAKMP (2010): received packet from 192.168.200.2 dport 500 sport 500 Global (R) QM_IDLE
*Mar 6 02:15:18.131: ISAKMP: set new node 1522539892 to QM_IDLE
*Mar 6 02:15:18.131: ISAKMP:(2010): processing HASH payload. message ID = 1522539892
*Mar 6 02:15:18.131: ISAKMP:(2010): processing DELETE payload. message ID = 1522539892
*Mar 6 02:15:18.131: ISAKMP:(2010):peer does not do paranoid keepalives.

*Mar 6 02:15:18.131: ISAKMP:(2010):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xED05B04E)
*Mar 6 02:15:18.131: ISAKMP:(2010):deleting node 1522539892 error FALSE reason "Informational (in) state 1"
*Mar 6 02:15:18.131: ISAKMP: Failed to find peer index node to update peer_info_list
*Mar 6 02:15:18.131: ISAKMP (2010): received packet from 192.168.200.2 dport 500 sport 500 Global (R) QM_IDLE
*Mar 6 02:15:18.131: ISAKMP: set new node 121880023 to QM_IDLE
*Mar 6 02:15:18.131: ISAKMP:(2010): processing HASH payload. message ID = 121880023
*Mar 6 02:15:18.131: ISAKMP:(2010): processing DELETE payload. message ID = 121880023
*Mar 6 02:15:18.131: ISAKMP:(2010):peer does not do paranoid keepalives.

*Mar 6 02:15:18.131: ISAKMP:(2010):deleting SA reason "No reason" state (R) QM_IDLE (peer 192.168.200.2)
*Mar 6 02:15:18.131: ISAKMP:(2010):deleting node 121880023 error FALSE reason "Informational (in) state 1"
*Mar 6 02:15:18.135: ISAKMP: set new node -454454405 to QM_IDLE
*Mar 6 02:15:18.135: ISAKMP:(2010): sending packet to 192.168.200.2 my_port 500 peer_port 500 (R) QM_IDLE
*Mar 6 02:15:18.135: ISAKMP:(2010):Sending an IKE IPv4 Packet.
*Mar 6 02:15:18.135: ISAKMP:(2010):purging node -454454405
*Mar 6 02:15:18.135: ISAKMP:(2010):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Mar 6 02:15:18.135: ISAKMP:(2010):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

*Mar 6 02:15:18.135: ISAKMP:(2010):deleting SA reason "No reason" state (R) QM_IDLE (peer 192.168.200.2)
*Mar 6 02:15:18.135: ISAKMP: Unlocking peer struct 0x8FAC7FB8 for isadb_mark_sa_deleted(), count 0
*Mar 6 02:15:18.135: ISAKMP:(2010):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 6 02:15:18.135: ISAKMP:(2010):Old State = IKE_DEST_SA New State = IKE_DEST_SA

*Mar 6 02:15:18.135: ISAKMP: Deleting peer node by peer_reap for 192.168.200.2: 8FAC7FB8
*Mar 6 02:15:33.099: ISAKMP:(2010):purging node 1