目录第1章IPSec和IKE故障排除..................................................................................................1-11.1IPSec和IKE故障排除综述...............................................................................................1-11.1.1IPSec和IKE知识简介............................................................................................1-11.1.2IPSec和IKE配置的一般步骤.................................................................................1-21.1.3手工方式下IPSec功能和性能的常见问题...............................................................1-31.1.4协商方式下IPSec和IKE功能和性能的常见问题....................................................1-51.1.5IPSec和IKE配置过程的注意事项..........................................................................1-61.2与IPSec和IKE故障相关的show、debug命令介绍......................................................1-111.2.1showaccess-list...................................................................................................1-111.2.2showcryptoikepolicy...........................................................................................1-121.2.3showcryptoipsecsa............................................................................................1-131.2.4showcryptoipsecsalifetime................................................................................1-151.2.5showcryptoipsecstatistics..................................................................................1-151.2.6showcryptoipsectransform.................................................................................1-161.2.7showcryptomap..................................................................................................1-171.2.8debugike..............................................................................................................1-181.2.9debugipsec..........................................................................................................1-191.3IPSec和IKE故障案例分析.............................................................................................1-201.3.1两端的SPI不匹配导致SA协商失败.....................................................................1-201.3.2密钥不匹配造成无法通信......................................................................................1-211.3.3两端ACL不匹配导致阶段2协商失败...................................................................1-231.3.4两端pre-shared不一致导致阶段1的SA协商失败...............................................1-251.3.5应用接口错误导致阶段2协商失败........................................................................1-271.3.6ACL配置重叠导致通讯失败..................................................................................1-30第2章包过滤防火墙故障排除.................................................................................................2-12.1包过滤防火墙故障排除综述..............................................................................................2-12.1.1包过滤防火墙知识简介............................................................................................2-12.1.2包过滤防火墙功能和性能的常见问题......................................................................2-42.1.3包过滤防火墙故障排除的一般步骤......................................................................
