netscreen@SRX3600> show security ipsec security-associations
Total active tunnels: 1
ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys
<86769665 10.200.51.202 500 ESP:3des/sha1 4b9f0aa9 expir/expir - root
>86769665 10.200.51.202 500 ESP:3des/sha1 743ca5f3 expir/expir - root
解决方法:
netscreen@SRX3600# set groups global system processes ntp enable
netscreen@SRX3600# set groups global system ntp boot-server 123.146.124.27
netscreen@SRX3600# set groups global system ntp server 123.146.124.27
netscreen@SRX3600# set system ntp
netscreen@SRX3600# set security zones security-zone untrust host-inbound-traffic system-services ntp
完成后重启防火墙:
netscreen@SRX3600> request system reboot
再次查看IPSec SA Lifetime:
netscreen@SRX3600> show security ipsec security-associations
Total active tunnels: 1
ID Gateway Port Algorithm SPI Life:sec/kb Mon vsys
<86769665 10.200.51.202 500 ESP:3des/sha1 4b34955f 3195/ unlim - root
>86769665 10.200.51.202 500 ESP:3des/sha1 1c39b7c4 3195/ unlim - root
查看IKE SA也有输出了:
netscreen@SRX3600> show security ike security-associations
Index Remote Address State Initiator cookie Responder cookie Mode
2474320938 10.200.51.202 UP 30701f305ab6d1a7 0277d0c4d1f15e36 Aggressive
转载于:https://blog.51cto.com/handsomelbl/1136828