MikroTik RouterOS (часть 3) - [87] :: В помощь системному администратору

Здравствуйте. Недавно начал знакомиться с микротиком. И потребовалось настроить VPN L2TP IPsec. Нашёл здесь простенький пример настройки который подходит как раз к моему случаю - http://forum.ru-board.com/topic.cgi?forum=8&topic=38493&start=880#10
Настроил вроде по такому примеру. Но Виндовс семерка не хочет подключатся, выдает ошибку 809.
В Фаерволе никаких правил нет.
вот что в логах пишет:

Цитата:

Jun/08/2011 15:05:27 ipsec respond new phase 1 negotiation: X.X.X.X[500]<=>Y.Y.Y.Y[500]
Jun/08/2011 15:05:27 ipsec begin Identity Protection mode.
Jun/08/2011 15:05:27 ipsec received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
Jun/08/2011 15:05:27 ipsec received Vendor ID: RFC 3947
Jun/08/2011 15:05:27 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Jun/08/2011 15:05:27 ipsec
Jun/08/2011 15:05:27 ipsec received Vendor ID: FRAGMENTATION
Jun/08/2011 15:05:27 ipsec Selected NAT-T version: RFC 3947
Jun/08/2011 15:05:27 ipsec invalid DH group 20.
Jun/08/2011 15:05:27 ipsec invalid DH group 19.
Jun/08/2011 15:05:28 ipsec Hashing X.X.X.X[500] with algo #2
Jun/08/2011 15:05:28 ipsec NAT-D payload #0 verified
Jun/08/2011 15:05:28 ipsec Hashing Y.Y.Y.Y[500] with algo #2
Jun/08/2011 15:05:28 ipsec NAT-D payload #1 doesn't match
Jun/08/2011 15:05:28 ipsec NAT detected: PEER
Jun/08/2011 15:05:28 ipsec Hashing Y.Y.Y.Y[500] with algo #2
Jun/08/2011 15:05:28 ipsec Hashing X.X.X.X[500] with algo #2
Jun/08/2011 15:05:28 ipsec Adding remote and local NAT-D payloads.
Jun/08/2011 15:05:28 ipsec NAT-T: ports changed to: Y.Y.Y.Y[4500]<->X.X.X.X[4500]
Jun/08/2011 15:05:28 ipsec KA list add: X.X.X.X[4500]->Y.Y.Y.Y[4500]
Jun/08/2011 15:05:28 ipsec ISAKMP-SA established X.X.X.X[4500]-Y.Y.Y.Y[4500] spi:de8e9f4e6ced8129:f7ec1fab5f8e1a2d
Jun/08/2011 15:05:28 ipsec respond new phase 2 negotiation: X.X.X.X[4500]<=>Y.Y.Y.Y[4500]
Jun/08/2011 15:05:28 ipsec Update the generated policy : 10.1.1.254/32[1701] X.X.X.X/32[1701] proto=udp dir=in
Jun/08/2011 15:05:28 ipsec Adjusting my encmode UDP-Transport->Transport
Jun/08/2011 15:05:28 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
Jun/08/2011 15:05:28 ipsec trns_id mismatched: my:3DES peer:AES
Jun/08/2011 15:05:28 ipsec not matched
Jun/08/2011 15:05:28 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
Jun/08/2011 15:05:28 ipsec IPsec-SA established: ESP/Transport Y.Y.Y.Y[4500]->X.X.X.X[4500] spi=19494969(0x1297839)
Jun/08/2011 15:05:28 ipsec IPsec-SA established: ESP/Transport X.X.X.X[4500]->Y.Y.Y.Y[4500] spi=188278572(0xb38e72c)
Jun/08/2011 15:06:03 ipsec generated policy, deleting it.
Jun/08/2011 15:06:03 ipsec get a src address from ID payload 10.1.1.254[1701] prefixlen=32 ul_proto=17
Jun/08/2011 15:06:03 ipsec get dst address from ID payload X.X.X.X[1701] prefixlen=32 ul_proto=17
Jun/08/2011 15:06:03 ipsec pfkey spddelete(inbound) sent.
Jun/08/2011 15:06:03 ipsec purged IPsec-SA proto_id=ESP spi=188278572.
Jun/08/2011 15:06:03 ipsec ISAKMP-SA expired X.X.X.X[4500]-Y.Y.Y.Y[4500] spi:de8e9f4e6ced8129:f7ec1fab5f8e1a2d
Jun/08/2011 15:06:03 ipsec pfkey X_SPDDELETE failed: No such file or directory
Jun/08/2011 15:06:03 ipsec pfkey X_SPDDELETE failed: No such file or directory
Jun/08/2011 15:06:04 ipsec ISAKMP-SA deleted X.X.X.X[4500]-Y.Y.Y.Y[4500] spi:de8e9f4e6ced8129:f7ec1fab5f8e1a2d
Jun/08/2011 15:06:04 ipsec KA remove: X.X.X.X[4500]->Y.Y.Y.Y[4500]

Заранее спасибо

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
ShriEkeR (05-01-2012 00:59):	Версия для печати • Подписаться • Добавить в закладки
Страницы: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147