\u30ed\u30b0\u304b\u3089\u300cCompared: DB:Peer\u300d\u3068\u66f8\u304b\u308c\u305f\u90e8\u5206\u3092\u898b\u3064\u3051\u308b\u3002<\/li>\n<\/ol>\n\u4ee5\u4e0b\u306f\u4eca\u56de\u306e\u30b7\u30ca\u30ea\u30aa\u3067\u51fa\u529b\u3055\u308c\u308b\u30ed\u30b0\u3067\u3059\u3002<\/p>\n
2021-07-06 18:35:17.869 +0900\u00a0 [DEBG]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: Compared: DB:Peer\r\n2021-07-06 18:35:17.869 +0900\u00a0 [DEBG]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: (lifetime = 28800:28800)\r\n2021-07-06 18:35:17.869 +0900\u00a0 [DEBG]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: (lifebyte = 0:0)\r\n2021-07-06 18:35:17.869 +0900\u00a0 [DEBG]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: enctype = AES:AES2021-07-06 18:35:17.870 +0900\u00a0 [DEBG]: { \u00a0\u00a0\u00a09:\u00a0\u00a0\u00a0\u00a0 }: (encklen = 256:256)\r\n2021-07-06 18:35:17.870 +0900\u00a0 [DEBG]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: hashtype = SHA256:SHA512\r\n2021-07-06 18:35:17.870 +0900\u00a0 [DEBG]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: authmethod = PSK:PSK\r\n2021-07-06 18:35:17.870 +0900\u00a0 [DEBG]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: dh_group = DH20:DH20\r\n(\u7701\u7565)\r\n2021-07-06 18:35:17.870 +0900\u00a0 [PERR]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#1) = SHA256:SHA512\r\n2021-07-06 18:35:17.870 +0900\u00a0 [PERR]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: no suitable proposal found.\r\n2021-07-06 18:35:17.870 +0900\u00a0 [PERR]: {\u00a0\u00a0\u00a0 9:\u00a0\u00a0\u00a0\u00a0 }: 200.100.5.1[500] - 200.100.1.254[500]:(nil) failed to get valid proposal.<\/pre>\n2\uff0d\uff17\u884c\u76ee\u306b\u306fPhase1\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u304c\u4ee5\u4e0b\u306e\u5f62\u5f0f\u3067\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u9805\u76ee = PaloAlto\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u30d1\u30e9\u30e1\u30fc\u30bf:VPN\u88c5\u7f6e\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u30d1\u30e9\u30e1\u30fc\u30bf<\/p>\n
\u5404\u9805\u76ee\u306e\u8aac\u660e<\/p>\n
lifetime : \u9375\u306e\u6709\u52b9\u6642\u9593<\/p>\n
lifebyte : \u9375\u306e\u901a\u4fe1\u91cf\u306e\u9650\u5ea6<\/p>\n
enctype : \u6697\u53f7\u5316\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u7a2e\u985e<\/p>\n
encklen : \u6697\u53f7\u5316\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u9375\u306e\u9577\u3055<\/p>\n
hashtype : \u8a8d\u8a3c\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u7a2e\u985e<\/p>\n
authmethod : \u8a8d\u8a3c\u65b9\u5f0f<\/p>\n
dg_group : DH\u30b0\u30eb\u30fc\u30d7\u306e\u7a2e\u985e<\/p>\n
\n- 2\u306e\u5404\u30d1\u30e9\u30e1\u30fc\u30bf\u3068VPN\u63a5\u7d9a\u3092\u884c\u3046\u305f\u3081\u306b\u4e8b\u524d\u306b\u5b9a\u7fa9\u3057\u305f\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u5dee\u7570\u3092\u6bd4\u8f03\u3057\u3001\u5dee\u7570\u306e\u3042\u308b\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u6b63\u3057\u304f\u8a2d\u5b9a\u3059\u308b\u3002<\/li>\n<\/ol>\n
\u4eca\u56de\u306e\u5834\u5408\u306fPaloAlto\u306e\u8a8d\u8a3c\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u304c\u6b63\u3057\u304f\u8a2d\u5b9a\u3067\u304d\u3066\u3044\u306a\u3044\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002\u305d\u306e\u305f\u3081\u3001PaloAlto\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u8a8d\u8a3c\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092sha256\u304b\u3089sha512\u3078\u4fee\u6b63\u3057\u307e\u3059\u3002<\/p>\n
\n\n\n\u9805\u76ee<\/strong><\/td>\nVPN\u88c5\u7f6e<\/strong><\/td>\nPaloAlto<\/strong><\/td>\n<\/tr>\n\nPhase1<\/strong><\/td>\n\u00a0-<\/strong><\/td>\n\u00a0-<\/strong><\/td>\n<\/tr>\n\n| DH\u30b0\u30eb\u30fc\u30d7<\/td>\n | 20<\/td>\n | 20<\/td>\n<\/tr>\n | \n| \u6697\u53f7\u5316\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\n | aes-256-cbc<\/td>\n | aes-256-cbc<\/td>\n<\/tr>\n | \n| \u8a8d\u8a3c\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0<\/td>\n | sha512<\/td>\n | sha512<\/td>\n<\/tr>\n | \n| \u9375\u306e\u6709\u52b9\u6642\u9593<\/td>\n | 8\u6642\u9593<\/td>\n | 8\u6642\u9593<\/td>\n<\/tr>\n | \n| \u4e8b\u524d\u5171\u6709\u9375<\/td>\n | testvpn<\/td>\n | testvpn<\/td>\n<\/tr>\n | \n| \u30e2\u30fc\u30c9<\/td>\n | \u30e1\u30a4\u30f3<\/td>\n | \u30e1\u30a4\u30f3<\/td>\n<\/tr>\n | \n| \u30ed\u30fc\u30ab\u30ebIP\u30a2\u30c9\u30ec\u30b9<\/td>\n | 200.100.1.254\/24<\/td>\n | 200.100.5.1\/24<\/td>\n<\/tr>\n | \n| \u30d4\u30a2\u30a2\u30c9\u30ec\u30b9<\/td>\n | 200.100.5.1\/24<\/td>\n | 200.100.1.254\/24<\/td>\n<\/tr>\n | \n| \u30ed\u30fc\u30ab\u30ebID<\/td>\n | \u7121\u3057<\/td>\n | \u7121\u3057<\/td>\n<\/tr>\n | \n| \u30d4\u30a2ID<\/td>\n | \u7121\u3057<\/td>\n | \u7121\u3057<\/td>\n<\/tr>\n | \n| DPD\u691c\u77e5<\/td>\n | \u6709\u52b9<\/td>\n | \u6709\u52b9<\/td>\n<\/tr>\n | \n| \u518d\u8a66\u884c\u56de\u6570<\/td>\n | 5<\/td>\n | 5<\/td>\n<\/tr>\n | \n| \u518d\u8a66\u884c\u9593\u9694<\/td>\n | 5\u79d2<\/td>\n | 5\u79d2<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n- \u30d1\u30bf\u30fc\u30f3\u2462\u306e\u30ed\u30b0\u304c\u51fa\u529b\u3055\u308c\u306a\u3044\u5834\u5408\u3001\u30ed\u30b0\u30ec\u30d9\u30eb\u3092\u5909\u66f4\u524d\u306e\u8a2d\u5b9a\u306b\u623b\u3059\u305f\u3081\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/li>\n<\/ol>\n
# debug ike global on normal<\/pre>\n<\/h3>\n<\/span>\u30d1\u30bf\u30fc\u30f3\u2463\u306e\u5834\u5408<\/strong><\/span><\/h3>\n![\"\"](\"https:\/\/www.secuavail.com\/kb\/wp-content\/uploads\/2021\/07\/image13.png\") <\/p>\n
\u00a0<\/strong>\u30b7\u30b9\u30c6\u30e0\u30ed\u30b0\u304b\u3089\u300cIKE phase-1 negotiation is failed likely due to pre-shared key mismatch.\u300d\u3068\u51fa\u529b\u3055\u308c\u308b\u5834\u5408\u3001PaloAlto\u3068VPN\u88c5\u7f6e\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u4e8b\u524d\u5171\u6709\u9375\u306e\u5024\u304c\u6b63\u3057\u304f\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u304c\u6319\u3052\u3089\u308c\u307e\u3059\u3002<\/p>\n\u305d\u306e\u305f\u3081\u3001\u4ee5\u4e0b\u306e\u624b\u9806\u306b\u5f93\u3063\u3066\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n \n- PaloAlto\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u4e8b\u524d\u5171\u6709\u9375\u306e\u5024\u304c\u3001\u6b63\u3057\u304f\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/li>\n
- 1\u304c\u554f\u984c\u306a\u3044\u5834\u5408\u3001VPN\u88c5\u7f6e\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u4e8b\u524d\u5171\u6709\u9375\u306e\u5024\u304c\u6b63\u3057\u304f\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/li>\n<\/ol>\n
<\/p>\n \u4ee5\u4e0a\u3067\u3001PaloAlto\u3092\u7528\u3044\u3066VPN\u88c5\u7f6e\u3068\u306eVPN(IPsec)\u63a5\u7d9a\u3092\u884c\u3046\u969b\u306b\u3001IKEv1\u306ePhase1\u306b\u3066\u63a5\u7d9a\u304c\u5931\u6557\u3057\u3066\u3044\u308b\u5834\u5408\u306e\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306b\u3064\u3044\u3066\u306e\u8aac\u660e\u306f\u7d42\u4e86\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":" \u5f53\u8a18\u4e8b\u3067\u306f\u3001PaloAlto\u3092\u7528\u3044\u3066\u5bfe\u5411\u306eVPN\u88c5\u7f6e(\u4ee5\u4e0b\u3001VPN\u88c5\u7f6e\u3068\u8a18\u8f09)\u3068\u306eVPN(IPsec)\u63a5\u7d9a\u3092\u884c\u3046\u969b\u306bIKEv1\u306ePhase1\u306b\u3066\u63a5\u7d9a\u304c\u5931\u6557\u3057\u3066\u3044\u308b\u5834\u5408\u306e\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u307e […]","protected":false},"author":17,"featured_media":8816,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[49,55,2],"tags":[18],"class_list":["post-8346","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nw-device","category-paloalto","category-tech-blog","tag-paloalto"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/8346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/comments?post=8346"}],"version-history":[{"count":18,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/8346\/revisions"}],"predecessor-version":[{"id":8414,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/8346\/revisions\/8414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/media\/8816"}],"wp:attachment":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/media?parent=8346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/categories?post=8346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/tags?post=8346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} | | | | | | |