ISAKMP Policies supported by Win7

最新推荐文章于 2026-06-22 09:41:44 发布

原创最新推荐文章于 2026-06-22 09:41:44 发布 · 901 阅读

0 ·

本内容遵循CC 4.0 BY-SA版权协议

标签

#encryption #algorithm #cisco #ios

Cisco与网络技术专栏收录该内容

105 篇文章

订阅专栏

本文记录了一次因IKE策略不匹配导致的连接失败案例。详细分析了提出的五个转换中加密算法、密钥长度、散列算法、DH组及认证方式等参数与策略之间的冲突。最终指出仅当使用特定策略时（如最后一个例子所示），配置才被接受。

Sep 15 12:00:36.589: ISAKMP:(0):Checking ISAKMP transform 1 against priority 5 policy
Sep 15 12:00:36.589: ISAKMP:      encryption AES-CBC
Sep 15 12:00:36.589: ISAKMP:      keylength of 256
Sep 15 12:00:36.589: ISAKMP:      hash SHA
Sep 15 12:00:36.589: ISAKMP:      unknown DH group 20
Sep 15 12:00:36.589: ISAKMP:      auth pre-share
Sep 15 12:00:36.589: ISAKMP:      life type in seconds
Sep 15 12:00:36.589: ISAKMP:      life duration (VPI) of 0x0 0x0 0x70 0x80
Sep 15 12:00:36.589: ISAKMP:(0):Diffie-Hellman group offered does not match policy!
Sep 15 12:00:36.589: ISAKMP:(0):atts are not acceptable. Next payload is 3
Sep 15 12:00:36.589: ISAKMP:(0):Checking ISAKMP transform 2 against priority 5 policy
Sep 15 12:00:36.589: ISAKMP:      encryption AES-CBC
Sep 15 12:00:36.589: ISAKMP:      keylength of 128
Sep 15 12:00:36.589: ISAKMP:      hash SHA
Sep 15 12:00:36.589: ISAKMP:      unknown DH group 19
Sep 15 12:00:36.589: ISAKMP:      auth pre-share
Sep 15 12:00:36.589: ISAKMP:      life type in seconds
Sep 15 12:00:36.593: ISAKMP:      life duration (VPI) of 0x0 0x0 0x70 0x80
Sep 15 12:00:36.593: ISAKMP:(0):Proposed key length does not match policy
Sep 15 12:00:36.593: ISAKMP:(0):atts are not acceptable. Next payload is 3
Sep 15 12:00:36.593: ISAKMP:(0):Checking ISAKMP transform 3 against priority 5 policy
Sep 15 12:00:36.593: ISAKMP:      encryption AES-CBC
Sep 15 12:00:36.593: ISAKMP:      keylength of 256
Sep 15 12:00:36.593: ISAKMP:      hash SHA
Sep 15 12:00:36.593: ISAKMP:      unknown DH group 14
Sep 15 12:00:36.593: ISAKMP:      auth pre-share
Sep 15 12:00:36.593: ISAKMP:      life type in seconds
Sep 15 12:00:36.593: ISAKMP:      life duration (VPI) of 0x0 0x0 0x70 0x80
Sep 15 12:00:36.593: ISAKMP:(0):Diffie-Hellman group offered does not match policy!
Sep 15 12:00:36.593: ISAKMP:(0):atts are not acceptable. Next payload is 3
Sep 15 12:00:36.593: ISAKMP:(0):Checking ISAKMP transform 4 against priority 5 policy
Sep 15 12:00:36.593: ISAKMP:      encryption 3DES-CBC
Sep 15 12:00:36.593: ISAKMP:      hash SHA
Sep 15 12:00:36.593: ISAKMP:      unknown DH group 14
Sep 15 12:00:36.593: ISAKMP:      auth pre-share
Sep 15 12:00:36.593: ISAKMP:      life type in seconds
Sep 15 12:00:36.593: ISAKMP:      life duration (VPI) of 0x0 0x0 0x70 0x80
Sep 15 12:00:36.593: ISAKMP:(0):Encryption algorithm offered does not match policy!
Sep 15 12:00:36.593: ISAKMP:(0):atts are not acceptable. Next payload is 3
Sep 15 12:00:36.593: ISAKMP:(0):Checking ISAKMP transform 5 against priority 5 policy
Sep 15 12:00:36.593: ISAKMP:      encryption 3DES-CBC
Sep 15 12:00:36.593: ISAKMP:      hash SHA
Sep 15 12:00:36.593: ISAKMP:      default group 2
Sep 15 12:00:36.593: ISAKMP:      auth pre-share
Sep 15 12:00:36.593: ISAKMP:      life type in seconds
Sep 15 12:00:36.593: ISAKMP:      life duration (VPI) of 0x0 0x0 0x70 0x80
Sep 15 12:00:36.593: ISAKMP:(0):Encryption algorithm offered does not match policy!
Sep 15 12:00:36.593: ISAKMP:(0):atts are not acceptable. Next payload is 0