站点到GPC和Fortinet 800C之间的VPN

时间:2016-08-18 10:33:18

标签: google-compute-engine google-cloud-platform google-cloud-endpoints vpn

我有一个VPN站点到站点配置Fortinet800C和Google Cloud VPN作为链接:https://cloud.google.com/files/CloudVPNGuide-UsingCloudVPNwithFortinetFortiGate300C.pdf
但它没有成功。日志看起来像是一遍又一遍地重复:

16:43:36.240
sending packet: from 146.148.29.x[500] to 27.72.57.x[500] (640 bytes)
16:43:36.547
received packet: from 27.72.57.x[500] to 146.148.29.x[500] (360 bytes)
16:43:36.548
parsed IKE_SA_INIT request 0 [ SA KE No ]
16:43:36.548
27.72.57.x is initiating an IKE_SA
16:43:36.559
generating IKE_SA_INIT response 0 [ SA KE No N(MULT_AUTH) ]
16:43:36.559
sending packet: from 146.148.29.x[500] to 27.72.57.x[500] (384 bytes)
16:43:36.565
received packet: from 27.72.57.x[500] to 146.148.29.x[500] (360 bytes)
16:43:36.565
parsed IKE_SA_INIT response 0 [ SA KE No ]
16:43:36.571
authentication of '146.148.29.x' (myself) with pre-shared key
16:43:36.571
establishing CHILD_SA vpn_27.72.57.x{1}
16:43:36.571
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) ]
16:43:36.572
sending packet: from 146.148.29.x[500] to 27.72.57.x[500] (316 bytes)
16:43:36.885
received packet: from 27.72.57.x[500] to 146.148.29.x[500] (204 bytes)
16:43:36.886
parsed IKE_AUTH request 1 [ IDi AUTH N(MSG_ID_SYN_SUP) SA TSi TSr ]
16:43:36.886
looking for peer configs matching 146.148.29.x[%any]...27.72.57.x[192.168.0.x]
16:43:36.886
no matching peer config found
16:43:36.886
generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
16:43:36.886
sending packet: from 146.148.29.x[500] to 27.72.57.x[500] (76 bytes)
16:43:36.891
received packet: from 27.72.57.x[500] to 146.148.29.x[500] (124 bytes)
16:43:36.891
parsed IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
16:43:36.891
authentication of '192.168.0.x' with pre-shared key successful
16:43:36.891
constraint check failed: identity '27.72.57.x' required
16:43:36.891
selected peer config 'vpn_27.72.57.x' inacceptable: constraint checking failed
16:43:36.891
no alternative config found
16:43:36.891
generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
16:43:36.891
sending packet: from 146.148.29.x[500] to 27.72.57.x[500] (76 bytes)
16:43:37.887
received packet: from 27.72.57.x[500] to 146.148.29.x[500] (360 bytes)
16:43:37.888
parsed IKE_SA_INIT request 0 [ SA KE No ]
16:43:37.888
27.72.57.140 is initiating an IKE_SA
16:43:37.900
generating IKE_SA_INIT response 0 [ SA KE No N(MULT_AUTH) ]
如果有人能发现我的错误,我将非常感激。谢谢。

2 个答案:

答案 0 :(得分:0)

我的猜测是云VPN和Fortinet设备没有配置为相同的IKE版本。请检查一下。

此外,请尝试查看云控制台中显示的VPN状态消息,或在命令行中使用“gcloud compute vpn-tunnels describe”。

答案 1 :(得分:0)

看起来第一阶段的一个或多个设置在双方都不匹配。没有看实际的配置,我无法确定。但一般情况下,检查预共享密钥,身份验证和加密算法,DH组,远程网关的IP和连接的出接口。这些因素必须匹配。此外,如果您在一端启用了NAT-Traversal,则必须在另一端启用它。