如果这里面没人能解决，这里的都是菜鸟！ netscreen 50 ethernet2 dmz 192.168.0.1 ethernet3 untrust 202.96.128.68/32 固定IP user vpn ike:vpn@netscreen.com 远程内部网 192.168.1.2/32 外部IP是动态IP 以下是WEBUI的设置 vpn->autokey advanced gateway-> Dynamic IP Address Gateway Name abc peer id vpn@netscreen.com Preshared Key vpn@netscreen.com vpn->autokey ike VPN Name vpntunnel Security Level standard Predefined abc Objects-> address->list inner IP/Netmask 192.168.0.0/24 dmz outer IP/Netmask 192.168.1.2/32 untrust Policies->untrust->dmz->new source address outer Destination Address inner Action tunnel Tunnel VPN vpntunnel netscreen-remote connection ip subnet 192.168.0.0/24 gateway 202.96.128.68 identity presharekey vpn@netscreen select none id email vpn@netscreen security policy aggresive mode enable prefer forward group 2 enable relay direction authentication pre-sharekey triple des sha-1 group 2 key exchange triple des sha-1 tunnel 错误提示如下！ IKE<202.96.128.68> Phase 2 msg-id : Negotiations have failed. IKE<202.96.128.68> Phase 2: No policy exists for the proxy ID received: local ID (<192.168.0.0>/<255.255.255.0>,<0>,<0>) remote ID (<192.168.1.2>/<255.255.255.255>,<0>,<0>) IKE<202.96.128.68> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime.

从你局部摘要的配置不一定看得出问题。

看看是否配了Proxy ID，在VPN的设置里。

从你局部摘要的配置不一定看得出问题。

看看是否配了Proxy ID，在VPN的设置里。wu**li) wu**li)

晕,错误提示很清楚啊. 你没有做策略.

楼主发的那是什么啊，完全看不懂，看来我只能当菜鸟了。