Компания решила переходить с шлюзов на FreeBSD на сетевое железо.
Выбор пал на линейку Fortigate от Fortinet.
Сейчас настроены 15 тунелей между филиалами и центральным офисом, все на FreeBSD IpSec .
Требуется вместо центрального узла, установить шлюз на Fortigate 100D.
А потом поэтапно заменить все дочерние узлы на соответствующие модели Fortigate.
Я пытаюсь настроить IPSec между ОС и железкой VPN Site-to-Site, но по всей видимости где-то ошибаюсь.
Вот лог Racoon:
Код: Выделить всё
2014-01-17 13:23:22: INFO: respond new phase 2 negotiation: 192.168.1.2[0]<=>А.А.А.А[0]
2014-01-17 13:23:22: ERROR: no policy found: 192.168.0.0/24[0] 192.168.1.0/24[0] proto=any dir=in
2014-01-17 13:23:22: ERROR: failed to get proposal for responder.
2014-01-17 13:23:22: ERROR: failed to pre-process packet.
2014-01-17 13:23:54: INFO: ISAKMP-SA expired 192.168.1.2[500]-А.А.А.А[500] spi:23d7376b8dea1089:54fc51b56219c3d1
2014-01-17 13:23:55: INFO: ISAKMP-SA deleted 192.168.1.2[500]-А.А.А.А[500] spi:23d7376b8dea1089:54fc51b56219c3d1
2014-01-17 13:23:55: INFO: respond new phase 1 negotiation: 192.168.1.2[500]<=>А.А.А.А[500]
2014-01-17 13:23:55: INFO: begin Aggressive mode.
2014-01-17 13:23:55: INFO: received Vendor ID: RFC 3947
2014-01-17 13:23:55: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
2014-01-17 13:23:55: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2014-01-17 13:23:55: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2014-01-17 13:23:55: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
2014-01-17 13:23:55: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
2014-01-17 13:23:55: INFO: received Vendor ID: DPD
2014-01-17 13:23:55: INFO: received Vendor ID: FRAGMENTATION
2014-01-17 13:23:55: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2014-01-17 13:23:56: WARNING: ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
2014-01-17 13:23:56: INFO: ISAKMP-SA established 192.168.1.2[500]А.А.А.А[500] spi:2b8b1066abd8ac6d:e034586a6795d10c
