VPNが繋がらない（YAMAHA RTX1100)

【PC-A】--【拠点１ルータ1LAN内】--【拠点1ルータ2】--(Tunnel1)--【本社】--(Tunnel2)--【拠点2ルータ】

お世話になります。上記の様な配線の時、
【拠点１ルータ1LAN内】をYAMAHA RTX1100と交換したらVPNが繋がりません。
【本社】と【拠点2ルータ】はVPNが出来るのですが
【本社】と【拠点１ルータ1LAN内】はVPNが出来ません。
【PC-A】から本社WAN側までpingは通ります
【本社】に残ったログからIPsecの信号は受けている様ですが、
Tunnelが『UP』の状態になりません。
本社と各拠点からはInternetは問題なく出来ています。

【本社】に残ったログ
[IKE] generate spi list payload
same message repeated 1 times
[IKE] generate sequence number payload
[IKE] generate hash payload
[IKE] generate ISAKMP header
[IKE] send IKE message
[IKE] 2d 81 8f
[IKE] receive IKE message
[IKE] f6 69 06
[IKE] ... omitted
[IKE] respond ISAKMP phase to 111.111.111.111
[IKE] add ISAKMP context [214] f6
[IKE] receive message from unknown gateway 111.111.111.111
[IKE] receive IKE message
[IKE] 2d 81 8f
[IKE] receive heartbeat message from 222.222.222.222
[IKE] decrypted payload
[IKE] 08 00 00
[IKE] process sequence number payload
[IKE] receive sequence number 36
[IKE] process hash payload
[IKE] process notification payload
[IKE] receive notification from 222.222.222.222
[IKE] no SPI is specified.
[IKE] still connected : no message
[IKE] spi list payload 24
[IKE] receive spi list protocol = 3, n = 1
[IKE] spi 3b22054a
[IKE] inactivate context [214] f6
[IKE] inactivate ISAKMP socket[1]
[IKE] delete ISAKMP context [214] f6

No.1 ベストアンサー 回答者： takataka65 回答日時： 2006/09/27 12:28

これかな？

IPsec NATトラバーサル

http://www.rtpro.yamaha.co.jp/RT/docs/ipsec/nat- …

この回答への補足

【拠点１ルータ1LAN内】のコンフィグ　（RTX1100/IPフィルター無し）
ip route default gateway 192.168.98.250
ip route 192.168.0.0/24 gateway tunnel 1
ip route 192.168.21.0/24 gateway tunnel 1
ip lan1 address 192.168.88.250/24
ip lan2 address 192.168.98.251/24
ip lan2 nat descriptor 1
pp disable all
tunnel disable all
tunnel select 1
tunnel name "拠点１⇔本社"
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc md5-hmac
ipsec ike always-on 1 on
ipsec ike encryption 1 3des-cbc
ipsec ike esp-encapsulation 1 off
ipsec ike group 1 modp768
ipsec ike hash 1 md5
ipsec ike keepalive log 1 on
ipsec ike keepalive use 1 on
ipsec ike local address 1 192.168.88.250
ipsec ike log 1 message-info
ipsec ike local name 1 KYOTEN1 key-id
ipsec ike pfs 1 on
ipsec ike pre-shared-key 1 text TEST
ipsec ike remote address 1 AAA.AAA.AAA.AAA
ipsec auto refresh 1 on
tunnel enable 1
nat descriptor type 1 masquerade
nat descriptor address outer 1 primary
nat descriptor address inner 1 auto
nat descriptor masquerade incoming 1 reject
nat descriptor masquerade static 1 1 192.168.88.250 esp
nat descriptor masquerade static 1 2 192.168.88.250 udp 500
ipsec ike retry 10 5

補足日時：2006/09/27 13:46

この回答へのお礼

takataka65さん、ありがとうございます。
手元のRTX1100ではNATトラバーサルコマンドはサポートされておりませんでした。
以下コンフィグです。お願い致します。
【本社】のコンフィグ　（RTX1100/IPフィルター無し）
ip route default gateway pp 1
ip route 192.168.0.0/24 gateway tunnel 2
ip route 192.168.88.0/24 gateway tunnel 1
ip lan1 address 192.168.21.1/24
pp disable all
pp select 1
pp always-on on
pppoe use lan3
pppoe auto connect on
pppoe auto disconnect on
pp auth accept pap chap
pp auth myname *****@***** *****
ppp lcp mru on 1454
ppp ipcp msext on
ppp ccp type none
ip pp address AAA.AAA.AAA.AAA/32
ip pp mtu 1454
ip pp intrusion detection in on reject=on
ip pp nat descriptor 1
pp enable 1
tunnel disable all
tunnel select 1
tunnel name "本社⇔拠点１"
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc md5-hmac
ipsec ike always-on 1 off
ipsec ike encryption 1 3des-cbc
ipsec ike esp-encapsulation 1 off
ipsec ike group 1 modp768
ipsec ike hash 1 md5
ipsec ike keepalive log 1 on
ipsec ike keepalive use 1 on
ipsec ike local address 1 AAA.AAA.AAA.AAA
ipsec ike log 1 message-info
ipsec ike pfs 1 on
ipsec ike pre-shared-key 1 text TEST
ipsec ike remote address 1 any
ipsec ike remote name 1 KYOTEN1
ipsec auto refresh 1 on
tunnel enable 1
tunnel select 2
（省略）
nat descriptor type 1 masquerade
nat descriptor address outer 1 AAA.AAA.AAA.AAA
nat descriptor address inner 1 auto
nat descriptor masquerade incoming 1 reject
nat descriptor masquerade static 1 1 192.168.21.1 esp
nat descriptor masquerade static 1 2 192.168.21.1 udp 500
ipsec auto refresh on
ipsec ike retry 10 5

お礼日時：2006/09/27 13:45