在日志和调试时加上时间戳

Router(config)#service timestamps log datetime localtime
Router(config)#service timestamps debug datetime localtime

设置时间

Router#clock set 15:30:00 January 1 2009
outer#calendar set 15:30:00 January 1 2009

Clock 和 Calendar 的区别：
Most Cisco routers have two clocks：a battery-powered hardware clock (referenced in CLI commands as the “calendar”) and a software clock (referenced in CLI commands as the “clock”). These two clocks are managed separately.
The primary source for time data on your system is the software clock. This clock runs from the moment the system starts up and keeps track of the current date and time. The software clock can be set from a number of sources and in turn can be used to distribute the current time through various mechanisms to other systems. When a router with a hardware clock is initialized or rebooted, the software clock is initially set based on the time in the hardware clock.

猛击阅读全文

IPSec VPN 实验时发现如下报错：

map_db_find_best did not find matching map
IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local addres X.X.X.X

检查配置并且多次尝试发现问题出在 ACL 上面，两台设备定义感兴趣流的 ACL 不是完全的镜像关系，而是包含关系，即 ACL A 的范围大于 ACL B 定义的范围，由 A 侧发起的 IPSec VPN 协商是不能成功的，报错信息如上。但是由 B 侧发起的流量能成功协商 IPSec VPN 并且对数据加密。

猛击阅读全文