这是分部的 错误日志 IKE<202.136.217.212> Phase 1: Retransmission limit has been reached. 2008-06-18 04:34:51 info IKE<202.136.217.212> Phase 1: Retransmission limit has been reached. 2008-06-18 04:34:48 warn Admin user "netscreen" logged in for Web(http) management (port 80) from 192.168.23.8:1554 2008-06-18 04:33:48 info IKE<202.136.217.212> Phase 1: Retransmission limit has been reached. 2008-06-18 04:32:57 notif DNS has been refreshed. 2008-06-18 04:32:57 notif No NTP server could be contacted. 2008-06-18 04:32:57 notif Trial keys are available to download to enable advanced features. To find out, please visit http://www.juniper.net/products/subscription/trial/. 2008-06-18 04:32:56 notif DNS has been refreshed. 2008-06-18 04:32:56 info DNS entries have been refreshed as result of external event. 2008-06-18 04:32:56 notif VPN 张家浜仓库toshhuafa with gateway to shhuafa and P2 proposal g2-esp-des-md5 has been modified from NULL 2008-06-18 04:32:56 notif Point-to-Point Protocol over Ethernet (PPPoE) settings changed. 2008-06-18 04:32:56 notif PPPoE session was successfully established. 2008-06-18 04:32:56 notif DNS has been refreshed. 2008-06-18 04:32:56 info DNS entries have been refreshed as result of DNS server address change. 2008-06-18 04:32:56 notif Ternary DNS server IP has been changed. 2008-06-18 04:32:56 notif DNS has been refreshed. 2008-06-18 04:32:56 info DNS entries have been refreshed as result of DNS server address change. 2008-06-18 04:32:56 notif Secondary DNS server IP has been changed. 2008-06-18 04:32:56 notif DNS has been refreshed. 2008-06-18 04:32:56 info DNS entries have been refreshed as result of DNS server address change.

这是总部 ns50错误日志

Date / Time Level Description 2008-06-17 14:45:54 warn Admin user "netscreen" logged in for Web(http) management (port 8080) from 116.226.134.238:1179 2008-06-17 14:44:59 info IKE<116.226.134.238> Phase 1: Main mode negotiations have failed. 2008-06-17 14:44:59 info IKE<116.226.134.238> Phase 1: Cannot use a preshared key because the peer gateway <center-zhb-gateway> has a dynamic IP address and negotiations are in Main mode. 2008-06-17 14:44:59 info IKE<116.226.134.238> Phase 1: Responder starts MAIN mode negotiations. 2008-06-17 14:44:20 info IKE<58.33.167.16> Phase 2 msg ID <6e38f517>: Completed negotiations with SPI <dc4d5a40>, tunnel ID <15>, and lifetime <3600> seconds/<0> KB. 2008-06-17 14:44:20 info IKE<58.33.167.16> Phase 2: Initiated negotiations. 2008-06-17 14:44:20 info IKE<58.33.167.16> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime. 2008-06-17 14:43:56 info IKE<116.226.134.238> Phase 1: Main mode negotiations have failed. 2008-06-17 14:43:56 info IKE<116.226.134.238> Phase 1: Cannot use a preshared key because the peer gateway <center-zhb-gateway> has a dynamic IP address and negotiations are in Main mode. 2008-06-17 14:43:56 info IKE<116.226.134.238> Phase 1: Responder starts MAIN mode negotiations. 2008-06-17 14:42:48 info IKE<58.33.167.16> Phase 2 msg ID <b531d2e4>: Completed negotiations with SPI <dc4d5a3f>, tunnel ID <15>, and lifetime <3600> seconds/<0> KB. 2008-06-17 14:42:48 info IKE<58.33.167.16> Phase 2 msg ID <b531d2e4>: Responded to the peer's first message. 2008-06-17 14:42:29 info IKE<116.226.134.238> Phase 1: Main mode negotiations have failed. 2008-06-17 14:42:29 info IKE<116.226.134.238> Phase 1: Cannot use a preshared key because the peer gateway <center-zhb-gateway> has a dynamic IP address and negotiations are in Main mode. 2008-06-17 14:42:29 info IKE<116.226.134.238> Phase 1: Responder starts MAIN mode negotiations. 2008-06-17 14:41:26 info IKE<116.226.134.238> Phase 1: Main mode negotiations have failed. 2008-06-17 14:41:26 info IKE<116.226.134.238> Phase 1: Cannot use a preshared key because the peer gateway <center-zhb-gateway> has a dynamic IP address and negotiations are in Main mode. 2008-06-17 14:41:26 info IKE<116.226.134.238> Phase 1: Responder starts MAIN mode negotiations. 2008-06-17 14:40:23 info IKE<116.226.134.238> Phase 1: Main mode negotiations have failed. 2008-06-17 14:40:23 info IKE<116.226.134.238> Phase 1: Cannot use a preshared key because the peer gateway <center-zhb-gateway> has a dynamic IP address and negotiations are in Main mode.

请高手 指教   谢谢

总部的untrust ip是不是:  202.136.217.212 ?
分部的untrust ip是不是:116.226.134.238 ?

点对点的VPN其实说穿了一点都不难,光键点在于赋予对方拨VPN的帐号:建立的时候三个一样,第一个是策略的名字,第二是拨号的帐户名,第三是建的帐户名.这三点一定不能弄错,要一模一样.这样基本上VPN重点就差不多了,具体配置有三步:一是建立VPN连接(先是建VPN服务器,然后建远程站点(这是最重要的重点了)),二是建网络规则,允许两个网络之间的路由畅通,三是建立访问规则,允许两个网络之间的主机可以互相访问.其他的自己看看应该都知道的.

配置VPN网络
VPN(Virtual Private Network，虚拟专用网络)是专用网络的延伸，它包含了类似 Internet 的共享或公共网络连接。通过VPN可以模拟点对点专用连接的方式通过共享或公共网络在两台计算机之间发送数据。它具有良好的保密和不受干扰性，使双方能进行自由而安全的点对点连接，因此广泛地受到网络管理员们的关注。

pix软件版本是多少?
6.0跟7.0的配置不一样
去cisco查文档吧 有详细的配置说明

VPN的英文全称是“Virtual Private Network”，翻译过来就是“虚拟专用网络”。顾名思义，虚拟专用网络我们可以把它理解成是虚拟出来的企业内部专线。它可以通过特殊的加密的通讯协议在连接在Internet上的位于不同地方的两个或多个企业内部网之间建立一条专有的通讯线路，就好比是架设了一条专线一样，但是它并不需要真正的去铺设光缆之类的物理线路。这就好比去电信局申请专线，但是不用给铺设线路的费用，也不用购买路由器等硬件设备。VPN技术原是路由器具有的重要技术之一，目前在交换机，防火墙设备或WINDOWS2000等软件里也都支持VPN功能，一句话，VPN的核心就是在利用公共网络建立虚拟私有网。

VPN指的是基于公共网络(如internet)，在两个或两个以上的局域网之间传输数据的网络隧道。在配置为VPN之后用户可以在自己的家中或者是其他地方通过INTERNET访问公司网络。
在配置的时候首先要配置一个远程访问服务器，主要功能是接受拨号连接以及在远程访问的客户机与远程访问服务器所在网络之间进行数据传输。然后对要通过VPN访问公司内网的用户进行设置，主要是在用户的“拨入属性”中设置为“允许拨入”或是“通过远程访问策略”控制。最后在远程登陆客户机上设置一个拨号程序，再输入远程访问服务器的IP地址或是域名即可。
远程登陆时首先要创建一个“拨号网络”，设置好VPN服务器的公网IP地址或者是域名，在拨号时只要输入用户名和密码即可。
如果出现用户无法远程登陆，首先应该查看是否在用户属性中设置为“拒绝登陆”，或是“应用远程访问策略”，如果是后者的话就要查看一下远程访问策略的设置有没有冲突。如果在服务器端没有问题，就看一下客户端的设置有没有问题，如VPN服务器的IP地址设置是否正确，用户名和密码是否正确等。