IKE主模式失败 [英] IKE Main Mode Fails

问题描述

使用WFP，我已经在Windows 7端点和专有设备之间设置了隧道策略，使用预共享密钥身份验证。从Windows端启动流量后，IKE MM通过密钥交换消息成功完成。然后，Windows
enpoint发送一个仅包含40字节加密数据的IDENITIFCATION有效负载。更具体地，存在标识"Identification（5）"的ISAKMP报头。作为下一个有效载荷，但有效载荷仅为加密数据的40个字节。没有ISAKMP
有效负载标头。由于没有标题，远程端点拒绝它，发送"UNEQUAL-PAYLOAD-LENGTHS"的通知。谁能告诉我为什么Windows没有在IDENTIFICATION有效载荷上放置ISAKMP有效载荷头？

谢谢。

解决方案

< blockquote>

你能提供网络捕获（例如NetMon，Wireshark等） 除了netsh捕获（"NetSh.exe WFP Capture Start"，重新发布问题，"NetSh.exe WFP Capture Stop"）。 请发一个链接，我可以得到结果文件（或
发送邮件给DHarper AT Microsoft DOT com）。

你正在与之沟通的对等设备是什么？

谢谢，

Hi,

Using WFP, I've set up a tunnel policy for between a Windows 7 endpoint and proprietary device, using pre-shared key authentication. After initiating traffic from the Windows side, IKE MM succeeds through the key exchange messages. Then, the Windows enpoint sends an IDENITIFCATION payload containing only 40 bytes of encrypted data. More specifically, there is an ISAKMP header identifying "Identification (5)" as the next payload, but the payload is only 40 byes of encrypted data. There is no ISAKMP payload header. Since there is no header, the remote endpoint rejects it, sending a NOTIFICATION of "UNEQUAL-PAYLOAD-LENGTHS". Can anyone tell me why Windows is not putting an ISAKMP payload header on the IDENTIFICATION payload?

Thanks.

解决方案

Can you provide a network capture (e.g. NetMon, Wireshark, etc.)  in addition to a netsh capture ("NetSh.exe WFP Capture Start", repro the issues, "NetSh.exe WFP Capture Stop").  The please post a link to were I can get the resultant files (or send mail to DHarper AT Microsoft DOT com ).

Also what is the peer device you are communicating with?

Thanks,

这篇关于IKE主模式失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！