我已经创建了一个运行 Racoon 的 Amazon EC2 Linux 实例,该实例正在尝试连接其他 Amazon VPC IPSec 接口(interface)。我使用弹性 IP 地址作为客户网关,但遇到了这些故障。
有人对此有什么想法吗?
2013-04-04 12:43:29: DEBUG: db :0x7f2583cda3b0: 169.254.255.93/30[0] 169.254.255.94/30[0] proto=any dir=fwd
2013-04-04 12:43:29: DEBUG: sub:0x7fff9bd61ba0: 169.254.255.93/30[0] 169.254.255.94/30[0] proto=any dir=in
2013-04-04 12:43:29: DEBUG: db :0x7f2583cda630: 169.254.255.93/30[0] 169.254.255.94/30[0] proto=any dir=in
2013-04-04 12:43:29: DEBUG: suitable inbound SP found: 169.254.255.93/30[0] 169.254.255.94/30[0] proto=any dir=in.
2013-04-04 12:43:29: DEBUG: new acquire 169.254.255.94/30[0] 169.254.255.93/30[0] proto=any dir=out
2013-04-04 12:43:29: [72.21.209.192] DEBUG: configuration "72.21.209.192[500]" selected.
2013-04-04 12:43:29: DEBUG: getsainfo params: loc='169.254.255.94/30' rmt='169.254.255.93/30'
peer='NULL' client='NULL' id=0
2013-04-04 12:43:29: DEBUG: evaluating sainfo: loc='169.254.255.90/30', rmt='169.254.255.89/30',
peer='ANY', id=0
2013-04-04 12:43:29: DEBUG: check and compare ids : value mismatch (IPv4_subnet)
2013-04-04 12:43:29: DEBUG: cmpid target: '169.254.255.94/30'
2013-04-04 12:43:29: DEBUG: cmpid source: '169.254.255.90/30'
2013-04-04 12:43:29: DEBUG: evaluating sainfo: loc='169.254.255.94/30', rmt='169.254.255.93/30',
peer='ANY', id=0
2013-04-04 12:43:29: DEBUG: check and compare ids : values matched (IPv4_subnet)
2013-04-04 12:43:29: DEBUG: cmpid target: '169.254.255.94/30'
2013-04-04 12:43:29: DEBUG: cmpid source: '169.254.255.94/30'
2013-04-04 12:43:29: DEBUG: check and compare ids : values matched (IPv4_subnet)
2013-04-04 12:43:29: DEBUG: cmpid target: '169.254.255.93/30'
2013-04-04 12:43:29: DEBUG: cmpid source: '169.254.255.93/30'
2013-04-04 12:43:29: DEBUG: selected sainfo: loc='169.254.255.94/30', rmt='169.254.255.93/30',
peer='ANY', id=0
2013-04-04 12:43:29: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel
reqid=0:0)
2013-04-04 12:43:29: DEBUG: (trns_id=AES encklen=128 authtype=hmac-sha)
2013-04-04 12:43:29: DEBUG: in post_acquire
2013-04-04 12:43:29: [72.21.209.192] DEBUG: configuration "72.21.209.192[500]" selected.
2013-04-04 12:43:29: INFO: IPsec-SA request for 72.21.209.192 queued due to no phase1 found.
2013-04-04 12:43:29: DEBUG: ===
2013-04-04 12:43:29: INFO: initiate new phase 1 negotiation: 54.236.196.228[500]<=>72.21.209.192[500]
2013-04-04 12:43:29: INFO: begin Identity Protection mode.
2013-04-04 12:43:29: DEBUG: new cookie:
6d61a8ce6f870d1d
2013-04-04 12:43:29: DEBUG: add payload of len 52, next type 13
2013-04-04 12:43:29: DEBUG: add payload of len 16, next type 0
2013-04-04 12:43:29: ERROR: phase1 negotiation failed due to send error.
6d61a8ce6f870d1d:0000000000000000
2013-04-04 12:43:29: ERROR: failed to begin ipsec sa negotication.
最佳答案
如果您的两个 VPC 位于同一 AWS 区域,则您可以使用新发布的 VPC 对等连接功能。它允许您在两个 VPC 之间创建连接并通过它路由流量。请参阅 AWS 文档:http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html
如果您的 VPC 位于不同区域,请参阅 Amir 的回答。
关于amazon-web-services - Amazon VPC 到 VPC 连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15811662/