Cannot Connect IKE_V1 using PSK and XAUTH #270
Replies: 2 comments 3 replies
-
Hi, Looks like your config is invalid and not actually loaded. Generally, you should switch to another technology though. IPsec/L2TP is really outdated as a concept. Generally, that's the source of your issues though:
Btw, strongSwan itself does nothing with L2TP. What you got setup there is xl2tpd doing the l2tp part and strongSwan doing the IKE part. |
Beta Was this translation helpful? Give feedback.
-
That's just a list of payloads in the packet
Nonce
Hash
Looks like your PSK is wrong
Am March 23, 2021 12:35:38 AM UTC schrieb tjmcclure0501 ***@***.***>:
…Thermi,
Thanks for your help. I believe I am getting closer. I have no
control on the VPN configuration as I am integrating into a customer's
configuration. They are configured with IKEV1 with PSK and XAUTH. I
have their ike and esp setting also so I should be able to get this to
work.
I get the following error:
initiating Aggressive Mode IKE_SA VPN1[1] to XXX.XXX.XXX.XXX
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.0.216[500] to XXX.XXX.XXX.XXX[500] (416
bytes)
received packet: from XXX.XXX.XXX.XXX[500] to 10.0.0.216[500] (412
bytes)
parsed AGGRESSIVE response 0 [ SA V V V V V KE ID No HASH NAT-D NAT-D ]
received Cisco Unity vendor ID
received DPD vendor ID
received unknown vendor ID:
ef:dc:bd:36:1e:15:98:d4:a5:e7:89:bb:05:04:7b:29
received XAuth vendor ID
received NAT-T (RFC 3947) vendor ID
calculated HASH does not match HASH payload
generating INFORMATIONAL_V1 request 385591662 [ HASH N(AUTH_FAILED) ]
sending packet: from 10.0.0.216[500] to XXX.XXX.XXX.XXX[500] (84 bytes)
establishing connection 'VPN1' failed
My ipsec.conf:
conn rw-base
dpdaction=restart
dpddelay=30
dpdtimeout=90
fragmentation=yes
conn vip-base
also=rw-base
leftsourceip=%config
conn VPN1
also=vip-base
ike=3des-sha1-modp1024
esp=3des-sha1
keyexchange=ikev1
leftauth=psk
leftauth2=xauth
right=XXX.XXX.XXX.XXX
rightauth=psk
rightsubnet=0.0.0.0/0
aggressive=yes
xauth_identity=strax
auto=add
my ipsec.secrets:
XXX.XXX.XXX.XXX : PSK "xxxxx"
strax : EAP "xxxxx"
Any ideas why the hash is failing? I noticed this:
parsed AGGRESSIVE response 0 [ SA V V V V V KE ID No HASH NAT-D NAT-D ]
The response says No HASH. Does this mean anything?
Tim
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#270 (reply in thread)
--
Sent from mobile
|
Beta Was this translation helpful? Give feedback.
-
I am trying to connect to a customers VPN that is configured for IKE_V1, PSK and XAUTH. They use a ShrewSoft Windows UI as a VPN client that I was able to get connected - debug log at the end of the post. I want to use StrongSwan. It seems that the ShrewSoft connects to the VPN using port 500. Line from the ShrewSoft log:
21/03/17 11:26:28 DB : 192.168.56.2:500 <-> 50.213.203.33:500
Also I keep getting the error no VPN1 configuration event though I have one.
I changed my connect ports in the conf to 500 but it seems that StrongSwan still tries to connect on 1701. Output from the xl2tpd service:
Mar 17 14:57:19 5df3bfb7d42b5.streamlock.net systemd[1]: Starting LSB: layer 2 tunelling protocol daemon...
Mar 17 14:57:19 5df3bfb7d42b5.streamlock.net xl2tpd[1341]: Not looking for kernel SAref support.
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1341]: Using l2tp kernel support.
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1325]: Starting xl2tpd: xl2tpd.
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net systemd[1]: Started LSB: layer 2 tunelling protocol daemon.
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: xl2tpd version xl2tpd-1.3.10 started on 5df3bfb7d42b5.streamlock.net PID:1373
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Forked by Scott Balmos and David Stipp, (C) 2001
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Inherited by Jeff McAdams, (C) 2002
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Listening on IP address 0.0.0.0, port 1701
Mar 17 15:02:34 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Connecting to host 50.213.203.33, port 1701
Mar 17 15:03:05 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Maximum retries exceeded for tunnel 43187. Closing.
Mar 17 15:03:05 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Connection 0 closed to 50.213.203.33, port 1701 (Timeout)
Mar 17 15:03:36 5df3bfb7d42b5.streamlock.net xl2tpd[1373]: Unable to deliver closing message for tunnel 43187. Destroying anyway.
Output from the strongswan service:
Mar 17 14:57:19 5df3bfb7d42b5.streamlock.net systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec[1324]: Starting strongSwan 5.6.2 IPsec [starter]...
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: Starting strongSwan 5.6.2 IPsec [starter]...
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec[1324]: # bad protocol: leftprotoport=500
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: # bad protocol: leftprotoport=500
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec[1324]: bad argument value in conn 'VPN1'
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: bad argument value in conn 'VPN1'
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec[1324]: # bad protocol: rightprotoport=500
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: # bad protocol: rightprotoport=500
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec[1324]: bad argument value in conn 'VPN1'
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: bad argument value in conn 'VPN1'
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec[1324]: # ignored conn 'VPN1' due to 2 parsing errors
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: # ignored conn 'VPN1' due to 2 parsing errors
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec[1324]: ### 2 parsing errors (0 fatal) ###
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: ### 2 parsing errors (0 fatal) ###
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net charon[1385]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-66-generic, x86_64)
Mar 17 14:57:20 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] PKCS11 module '' lacks library path
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] disabling load-tester plugin, not configured
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NUL
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] dnscert plugin is disabled
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] ipseckey plugin is disabled
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] attr-sql plugin: database URI not set
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loaded IKE secret for %any
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loaded EAP secret for strax
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] sql plugin: database URI not set
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or direct
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] eap-simaka-sql database URI missing
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] loaded 0 RADIUS server configurations
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] HA config misses local/remote address
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] no threshold configured for systime-fix, disabled
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[CFG] coupling file path unspecified
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net charon[1385]: 00[JOB] spawning 16 worker threads
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net ipsec[1324]: charon (1385) started after 1380 ms
Mar 17 14:57:21 5df3bfb7d42b5.streamlock.net ipsec_starter[1324]: charon (1385) started after 1380 ms
Mar 17 15:02:34 5df3bfb7d42b5.streamlock.net charon[1385]: 14[CFG] received stroke: initiate 'VPN1'
Mar 17 15:02:34 5df3bfb7d42b5.streamlock.net charon[1385]: 14[CFG] no config named 'VPN1'
My ipsec.conf file:
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn VPN1
keyexchange=ikev1
left=10.0.0.206
leftid=strax
leftauth=psk
leftauth2=xauth
auto=add
ike="aes128-sha1-modp2048,3des-sha1-modp1536"
esp="aes128-sha1,3des-sha1"
type=transport
leftprotoport=500
rightprotoport=500
right=50.213.203.33
rightauth=psk
My strongswan.conf file:
strongswan.conf - strongSwan configuration file
Refer to the strongswan.conf(5) manpage for details
Configuration changes should be made in the included files
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
The log from my successful ShrewSoft connection:21/03/17 11:25:40 ## : IKE Daemon, ver 2.2.2
21/03/17 11:25:40 ## : Copyright 2013 Shrew Soft Inc.
21/03/17 11:25:40 ## : This product linked OpenSSL 1.0.1c 10 May 2012
21/03/17 11:25:40 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'
21/03/17 11:25:40 ii : rebuilding vnet device list ...
21/03/17 11:25:40 ii : device ROOT\VNET\0000 disabled
21/03/17 11:25:40 ii : network process thread begin ...
21/03/17 11:25:40 ii : ipc server process thread begin ...
21/03/17 11:25:40 ii : pfkey process thread begin ...
21/03/17 11:26:28 ii : ipc client process thread begin ...
21/03/17 11:26:28 <A : peer config add message
21/03/17 11:26:28 <A : proposal config message
21/03/17 11:26:28 <A : proposal config message
21/03/17 11:26:28 <A : client config message
21/03/17 11:26:28 <A : xauth username message
21/03/17 11:26:28 <A : xauth password message
21/03/17 11:26:28 <A : local id 'strax' message
21/03/17 11:26:28 <A : preshared key message
21/03/17 11:26:28 <A : peer tunnel enable message
21/03/17 11:26:28 DB : peer added ( obj count = 1 )
21/03/17 11:26:28 ii : local address 192.168.56.2 selected for peer
21/03/17 11:26:28 DB : tunnel added ( obj count = 1 )
21/03/17 11:26:28 DB : new phase1 ( ISAKMP initiator )
21/03/17 11:26:28 DB : exchange type is aggressive
21/03/17 11:26:28 DB : 192.168.56.2:500 <-> 50.213.203.33:500
21/03/17 11:26:28 DB : 04c01be5d5362ffe:0000000000000000
21/03/17 11:26:28 DB : phase1 added ( obj count = 1 )
21/03/17 11:26:28 >> : security association payload
21/03/17 11:26:28 >> : - proposal #1 payload
21/03/17 11:26:28 >> : -- transform #1 payload
21/03/17 11:26:28 >> : -- transform #2 payload
21/03/17 11:26:28 >> : -- transform #3 payload
21/03/17 11:26:28 >> : -- transform #4 payload
21/03/17 11:26:28 >> : -- transform #5 payload
21/03/17 11:26:28 >> : -- transform #6 payload
21/03/17 11:26:28 >> : -- transform #7 payload
21/03/17 11:26:28 >> : -- transform #8 payload
21/03/17 11:26:28 >> : -- transform #9 payload
21/03/17 11:26:28 >> : -- transform #10 payload
21/03/17 11:26:28 >> : -- transform #11 payload
21/03/17 11:26:28 >> : -- transform #12 payload
21/03/17 11:26:28 >> : -- transform #13 payload
21/03/17 11:26:28 >> : -- transform #14 payload
21/03/17 11:26:28 >> : -- transform #15 payload
21/03/17 11:26:28 >> : -- transform #16 payload
21/03/17 11:26:28 >> : -- transform #17 payload
21/03/17 11:26:28 >> : -- transform #18 payload
21/03/17 11:26:28 >> : key exchange payload
21/03/17 11:26:28 >> : nonce payload
21/03/17 11:26:28 >> : identification payload
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports XAUTH
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports nat-t ( draft v00 )
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports nat-t ( draft v01 )
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports nat-t ( draft v02 )
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports nat-t ( draft v03 )
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports nat-t ( rfc )
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports FRAGMENTATION
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local supports DPDv1
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local is SHREW SOFT compatible
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local is NETSCREEN compatible
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local is SIDEWINDER compatible
21/03/17 11:26:28 >> : vendor id payload
21/03/17 11:26:28 ii : local is CISCO UNITY compatible
21/03/17 11:26:28 >= : cookies 04c01be5d5362ffe:0000000000000000
21/03/17 11:26:28 >= : message 00000000
21/03/17 11:26:28 -> : send IKE packet 192.168.56.2:500 -> 50.213.203.33:500 ( 1201 bytes )
21/03/17 11:26:28 DB : phase1 resend event scheduled ( ref count = 2 )
21/03/17 11:26:28 <- : recv IKE packet 50.213.203.33:500 -> 192.168.56.2:500 ( 416 bytes )
21/03/17 11:26:28 DB : phase1 found
21/03/17 11:26:28 ii : processing phase1 packet ( 416 bytes )
21/03/17 11:26:28 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:28 =< : message 00000000
21/03/17 11:26:28 << : security association payload
21/03/17 11:26:28 << : - propsal #1 payload
21/03/17 11:26:28 << : -- transform #1 payload
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != aes )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != aes )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != aes )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != aes )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != aes )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != aes )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != blowfish )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != blowfish )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != blowfish )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != blowfish )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != blowfish )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : cipher type ( 3des != blowfish )
21/03/17 11:26:28 ii : unmatched isakmp proposal/transform
21/03/17 11:26:28 ii : hash type ( hmac-sha1 != hmac-md5 )
21/03/17 11:26:28 !! : peer violates RFC, transform number mismatch ( 1 != 14 )
21/03/17 11:26:28 ii : matched isakmp proposal #1 transform #1
21/03/17 11:26:28 ii : - transform = ike
21/03/17 11:26:28 ii : - cipher type = 3des
21/03/17 11:26:28 ii : - key length = default
21/03/17 11:26:28 ii : - hash type = sha1
21/03/17 11:26:28 ii : - dh group = group2 ( modp-1024 )
21/03/17 11:26:28 ii : - auth type = xauth-initiator-psk
21/03/17 11:26:28 ii : - life seconds = 86400
21/03/17 11:26:28 ii : - life kbytes = 0
21/03/17 11:26:28 << : vendor id payload
21/03/17 11:26:28 ii : peer is CISCO UNITY compatible
21/03/17 11:26:28 << : vendor id payload
21/03/17 11:26:28 ii : peer supports DPDv1
21/03/17 11:26:28 << : vendor id payload
21/03/17 11:26:28 ii : unknown vendor id ( 16 bytes )
21/03/17 11:26:28 0x : efdcbd36 c09232af fed4752d 8e4baaa3
21/03/17 11:26:28 << : vendor id payload
21/03/17 11:26:28 ii : peer supports XAUTH
21/03/17 11:26:28 << : vendor id payload
21/03/17 11:26:28 ii : peer supports nat-t ( rfc )
21/03/17 11:26:28 << : key exchange payload
21/03/17 11:26:28 << : identification payload
21/03/17 11:26:28 ii : phase1 id target is any
21/03/17 11:26:28 ii : phase1 id match
21/03/17 11:26:28 ii : received = ipv4-host 50.213.203.33
21/03/17 11:26:28 << : nonce payload
21/03/17 11:26:28 << : hash payload
21/03/17 11:26:28 << : nat discovery payload
21/03/17 11:26:28 << : nat discovery payload
21/03/17 11:26:28 ii : nat discovery - local address is translated
21/03/17 11:26:28 ii : switching to src nat-t udp port 4500
21/03/17 11:26:28 ii : switching to dst nat-t udp port 4500
21/03/17 11:26:28 == : DH shared secret ( 128 bytes )
21/03/17 11:26:28 == : SETKEYID ( 20 bytes )
21/03/17 11:26:28 == : SETKEYID_d ( 20 bytes )
21/03/17 11:26:28 == : SETKEYID_a ( 20 bytes )
21/03/17 11:26:28 == : SETKEYID_e ( 20 bytes )
21/03/17 11:26:28 == : cipher key ( 40 bytes )
21/03/17 11:26:28 == : cipher iv ( 8 bytes )
21/03/17 11:26:28 == : phase1 hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:28 >> : hash payload
21/03/17 11:26:28 >> : nat discovery payload
21/03/17 11:26:28 >> : nat discovery payload
21/03/17 11:26:28 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:28 >= : message 00000000
21/03/17 11:26:28 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:28 == : encrypt packet ( 100 bytes )
21/03/17 11:26:28 == : stored iv ( 8 bytes )
21/03/17 11:26:28 DB : phase1 resend event canceled ( ref count = 1 )
21/03/17 11:26:28 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 132 bytes )
21/03/17 11:26:28 == : phase1 hash_r ( computed ) ( 20 bytes )
21/03/17 11:26:28 == : phase1 hash_r ( received ) ( 20 bytes )
21/03/17 11:26:28 ii : phase1 sa established
21/03/17 11:26:28 ii : 50.213.203.33:4500 <-> 192.168.56.2:4500
21/03/17 11:26:28 ii : 4c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:28 ii : sending peer INITIAL-CONTACT notification
21/03/17 11:26:28 ii : - 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:26:28 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:28 ii : - data size 0
21/03/17 11:26:28 >> : hash payload
21/03/17 11:26:28 >> : notification payload
21/03/17 11:26:28 == : new informational hash ( 20 bytes )
21/03/17 11:26:28 == : new informational iv ( 8 bytes )
21/03/17 11:26:28 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:28 >= : message cc55c2b0
21/03/17 11:26:28 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:28 == : encrypt packet ( 80 bytes )
21/03/17 11:26:28 == : stored iv ( 8 bytes )
21/03/17 11:26:28 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 116 bytes )
21/03/17 11:26:28 DB : phase2 not found
21/03/17 11:26:38 <- : recv IKE packet 50.213.203.33:500 -> 192.168.56.2:500 ( 416 bytes )
21/03/17 11:26:38 DB : phase1 found
21/03/17 11:26:38 ww : initiator port values should only float once per session
21/03/17 11:26:38 ii : processing phase1 packet ( 416 bytes )
21/03/17 11:26:38 !! : phase1 packet ignored, resending last packet ( phase1 already mature )
21/03/17 11:26:38 -> : resend 1 phase1 packet(s) [0/2] 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:26:38 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 100 bytes )
21/03/17 11:26:38 DB : phase1 found
21/03/17 11:26:38 ii : processing informational packet ( 100 bytes )
21/03/17 11:26:38 == : new informational iv ( 8 bytes )
21/03/17 11:26:38 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 =< : message 3356c530
21/03/17 11:26:38 =< : decrypt iv ( 8 bytes )
21/03/17 11:26:38 == : decrypt packet ( 100 bytes )
21/03/17 11:26:38 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:26:38 <= : stored iv ( 8 bytes )
21/03/17 11:26:38 << : hash payload
21/03/17 11:26:38 << : notification payload
21/03/17 11:26:38 == : informational hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:38 == : informational hash_c ( received ) ( 20 bytes )
21/03/17 11:26:38 ii : informational hash verified
21/03/17 11:26:38 ii : received peer RphaseONDER-LIFETIME notification
21/03/17 11:26:38 ii : - 50.213.203.33:4500 -> 192.168.56.2:4500
21/03/17 11:26:38 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 ii : - data size 12
21/03/17 11:26:38 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 76 bytes )
21/03/17 11:26:38 DB : phase1 found
21/03/17 11:26:38 ii : processing config packet ( 76 bytes )
21/03/17 11:26:38 DB : config not found
21/03/17 11:26:38 DB : config added ( obj count = 1 )
21/03/17 11:26:38 == : new config iv ( 8 bytes )
21/03/17 11:26:38 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 =< : message 92e7b197
21/03/17 11:26:38 =< : decrypt iv ( 8 bytes )
21/03/17 11:26:38 == : decrypt packet ( 76 bytes )
21/03/17 11:26:38 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:26:38 <= : stored iv ( 8 bytes )
21/03/17 11:26:38 << : hash payload
21/03/17 11:26:38 << : attribute payload
21/03/17 11:26:38 == : configure hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:38 == : configure hash_c ( computed ) ( 20 bytes )
21/03/17 11:26:38 ii : configure hash verified
21/03/17 11:26:38 ii : - xauth username
21/03/17 11:26:38 ii : - xauth password
21/03/17 11:26:38 ii : received basic xauth request -
21/03/17 11:26:38 ii : - standard xauth username
21/03/17 11:26:38 ii : - standard xauth password
21/03/17 11:26:38 ii : sending xauth response for strax
21/03/17 11:26:38 >> : hash payload
21/03/17 11:26:38 >> : attribute payload
21/03/17 11:26:38 == : new configure hash ( 20 bytes )
21/03/17 11:26:38 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 >= : message 92e7b197
21/03/17 11:26:38 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:38 == : encrypt packet ( 83 bytes )
21/03/17 11:26:38 == : stored iv ( 8 bytes )
21/03/17 11:26:38 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 116 bytes )
21/03/17 11:26:38 DB : config resend event scheduled ( ref count = 2 )
21/03/17 11:26:38 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 68 bytes )
21/03/17 11:26:38 DB : phase1 found
21/03/17 11:26:38 ii : processing config packet ( 68 bytes )
21/03/17 11:26:38 DB : config found
21/03/17 11:26:38 == : new config iv ( 8 bytes )
21/03/17 11:26:38 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 =< : message 847ebfa1
21/03/17 11:26:38 =< : decrypt iv ( 8 bytes )
21/03/17 11:26:38 == : decrypt packet ( 68 bytes )
21/03/17 11:26:38 <= : trimmed packet padding ( 4 bytes )
21/03/17 11:26:38 <= : stored iv ( 8 bytes )
21/03/17 11:26:38 << : hash payload
21/03/17 11:26:38 << : attribute payload
21/03/17 11:26:38 == : configure hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:38 == : configure hash_c ( computed ) ( 20 bytes )
21/03/17 11:26:38 ii : configure hash verified
21/03/17 11:26:38 ii : received xauth result -
21/03/17 11:26:38 ii : user strax authentication succeeded
21/03/17 11:26:38 ii : sending xauth acknowledge
21/03/17 11:26:38 >> : hash payload
21/03/17 11:26:38 >> : attribute payload
21/03/17 11:26:38 == : new configure hash ( 20 bytes )
21/03/17 11:26:38 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 >= : message 847ebfa1
21/03/17 11:26:38 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:38 == : encrypt packet ( 60 bytes )
21/03/17 11:26:38 == : stored iv ( 8 bytes )
21/03/17 11:26:38 DB : config resend event canceled ( ref count = 1 )
21/03/17 11:26:38 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 92 bytes )
21/03/17 11:26:38 DB : config resend event scheduled ( ref count = 2 )
21/03/17 11:26:38 ii : building config attribute list
21/03/17 11:26:38 ii : - IP4 Address
21/03/17 11:26:38 ii : - Address Expiry
21/03/17 11:26:38 ii : - IP4 Netmask
21/03/17 11:26:38 ii : - IP4 DNS Server
21/03/17 11:26:38 ii : - IP4 WINS Server
21/03/17 11:26:38 ii : - DNS Suffix
21/03/17 11:26:38 ii : - IP4 Split Network Include
21/03/17 11:26:38 ii : - IP4 Split Network Exclude
21/03/17 11:26:38 ii : - Login Banner
21/03/17 11:26:38 ii : - Save Password
21/03/17 11:26:38 ii : - CISCO UDP Port
21/03/17 11:26:38 ii : - Application Version = Cisco Systems VPN Client 4.8.01.0300:WinNT
21/03/17 11:26:38 ii : - Firewall Type = CISCO-UNKNOWN
21/03/17 11:26:38 == : new config iv ( 8 bytes )
21/03/17 11:26:38 ii : sending config pull request
21/03/17 11:26:38 >> : hash payload
21/03/17 11:26:38 >> : attribute payload
21/03/17 11:26:38 == : new configure hash ( 20 bytes )
21/03/17 11:26:38 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 >= : message 514a9fef
21/03/17 11:26:38 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:38 == : encrypt packet ( 166 bytes )
21/03/17 11:26:38 == : stored iv ( 8 bytes )
21/03/17 11:26:38 DB : config resend event canceled ( ref count = 1 )
21/03/17 11:26:38 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 204 bytes )
21/03/17 11:26:38 DB : config resend event scheduled ( ref count = 2 )
21/03/17 11:26:38 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 452 bytes )
21/03/17 11:26:38 DB : phase1 found
21/03/17 11:26:38 ii : processing config packet ( 452 bytes )
21/03/17 11:26:38 DB : config found
21/03/17 11:26:38 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:38 =< : message 514a9fef
21/03/17 11:26:38 =< : decrypt iv ( 8 bytes )
21/03/17 11:26:38 == : decrypt packet ( 452 bytes )
21/03/17 11:26:38 <= : trimmed packet padding ( 7 bytes )
21/03/17 11:26:38 <= : stored iv ( 8 bytes )
21/03/17 11:26:38 << : hash payload
21/03/17 11:26:38 << : attribute payload
21/03/17 11:26:38 == : configure hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:38 == : configure hash_c ( computed ) ( 20 bytes )
21/03/17 11:26:38 ii : configure hash verified
21/03/17 11:26:38 ii : received config pull response
21/03/17 11:26:38 ii : - IP4 Address = 172.16.10.53
21/03/17 11:26:38 ii : - Address Expiry = 1968242944
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:172.16.10.0/24:*
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:10.0.216.131/32:*
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:172.16.10.0/24:*
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:10.0.215.131/32:*
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:10.0.219.132/32:*
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:172.16.10.0/24:*
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:10.0.219.131/32:*
21/03/17 11:26:38 ii : - IP4 Split Network Include = ANY:172.16.10.0/24:*
21/03/17 11:26:38 ii : - Save Password = 1
21/03/17 11:26:38 ii : - Application Version = Cisco IOS Software, 2801 Software (C2801-ADVSECURITYK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
21/03/17 11:26:38 Technical Support: http://www.cisco.com/techsupport
21/03/17 11:26:38 Copyright (c) 1986-2012 by Cisco Systems, Inc.
21/03/17 11:26:38 Compiled Tue 04-Sep-12 16:19 by prod_rel_team
21/03/17 11:26:38 !! : invalid private netmask, defaulting to 255.255.255.0
21/03/17 11:26:38 DB : config resend event canceled ( ref count = 1 )
21/03/17 11:26:38 ii : enabled adapter ROOT\VNET\0000
21/03/17 11:26:38 ii : adapter ROOT\VNET\0000 unavailable, retrying ...
21/03/17 11:26:39 ii : apapter ROOT\VNET\0000 MTU is 1380
21/03/17 11:26:39 ii : generating IPSEC security policies at REQUIRE level
21/03/17 11:26:39 ii : creating NONE INBOUND policy ANY:50.213.203.33:* -> ANY:192.168.56.2:*
21/03/17 11:26:39 DB : policy added ( obj count = 1 )
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 ii : creating NONE OUTBOUND policy ANY:192.168.56.2:* -> ANY:50.213.203.33:*
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 ii : created NONE policy route for 50.213.203.33/32
21/03/17 11:26:39 DB : policy added ( obj count = 2 )
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 ii : creating NONE INBOUND policy ANY:192.168.56.1:* -> ANY:172.16.10.53:*
21/03/17 11:26:39 DB : policy added ( obj count = 3 )
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 ii : creating NONE OUTBOUND policy ANY:172.16.10.53:* -> ANY:192.168.56.1:*
21/03/17 11:26:39 DB : policy added ( obj count = 4 )
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 ii : creating IPSEC INBOUND policy ANY:172.16.10.0/24:* -> ANY:172.16.10.53:*
21/03/17 11:26:39 DB : policy added ( obj count = 5 )
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:172.16.10.0/24:*
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 ii : created IPSEC policy route for 172.16.10.0/24
21/03/17 11:26:39 DB : policy added ( obj count = 6 )
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 ii : creating IPSEC INBOUND policy ANY:10.0.216.131/32:* -> ANY:172.16.10.53:*
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 ii : calling init phase2 for initial policy
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 DB : policy added ( obj count = 7 )
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 DB : tunnel found
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : new phase2 ( IPSEC initiator )
21/03/17 11:26:39 DB : phase2 added ( obj count = 1 )
21/03/17 11:26:39 K> : send pfkey GETSPI ESP message
21/03/17 11:26:39 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:10.0.216.131/32:*
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 K< : recv pfkey GETSPI ESP message
21/03/17 11:26:39 DB : phase2 found
21/03/17 11:26:39 ii : updated spi for 1 ipsec-esp proposal
21/03/17 11:26:39 DB : phase1 found
21/03/17 11:26:39 >> : hash payload
21/03/17 11:26:39 >> : security association payload
21/03/17 11:26:39 >> : - proposal #1 payload
21/03/17 11:26:39 >> : -- transform #1 payload
21/03/17 11:26:39 >> : -- transform #2 payload
21/03/17 11:26:39 >> : -- transform #3 payload
21/03/17 11:26:39 >> : -- transform #4 payload
21/03/17 11:26:39 >> : -- transform #5 payload
21/03/17 11:26:39 >> : -- transform #6 payload
21/03/17 11:26:39 >> : -- transform #7 payload
21/03/17 11:26:39 >> : -- transform #8 payload
21/03/17 11:26:39 >> : -- transform #9 payload
21/03/17 11:26:39 >> : -- transform #10 payload
21/03/17 11:26:39 >> : -- transform #11 payload
21/03/17 11:26:39 >> : -- transform #12 payload
21/03/17 11:26:39 >> : -- transform #13 payload
21/03/17 11:26:39 >> : -- transform #14 payload
21/03/17 11:26:39 >> : -- transform #15 payload
21/03/17 11:26:39 >> : -- transform #16 payload
21/03/17 11:26:39 >> : -- transform #17 payload
21/03/17 11:26:39 >> : -- transform #18 payload
21/03/17 11:26:39 >> : -- transform #19 payload
21/03/17 11:26:39 >> : -- transform #20 payload
21/03/17 11:26:39 >> : -- transform #21 payload
21/03/17 11:26:39 >> : -- transform #22 payload
21/03/17 11:26:39 >> : -- transform #23 payload
21/03/17 11:26:39 >> : -- transform #24 payload
21/03/17 11:26:39 >> : -- transform #25 payload
21/03/17 11:26:39 >> : -- transform #26 payload
21/03/17 11:26:39 >> : -- transform #27 payload
21/03/17 11:26:39 >> : -- transform #28 payload
21/03/17 11:26:39 >> : -- transform #29 payload
21/03/17 11:26:39 >> : -- transform #30 payload
21/03/17 11:26:39 >> : -- transform #31 payload
21/03/17 11:26:39 >> : -- transform #32 payload
21/03/17 11:26:39 >> : -- transform #33 payload
21/03/17 11:26:39 >> : -- transform #34 payload
21/03/17 11:26:39 ii : created IPSEC policy route for 10.0.216.131/32
21/03/17 11:26:39 >> : -- transform #35 payload
21/03/17 11:26:39 DB : policy added ( obj count = 8 )
21/03/17 11:26:39 >> : -- transform #36 payload
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 >> : -- transform #37 payload
21/03/17 11:26:39 >> : -- transform #38 payload
21/03/17 11:26:39 >> : -- transform #39 payload
21/03/17 11:26:39 >> : -- transform #40 payload
21/03/17 11:26:39 >> : -- transform #41 payload
21/03/17 11:26:39 >> : -- transform #42 payload
21/03/17 11:26:39 >> : -- transform #43 payload
21/03/17 11:26:39 >> : -- transform #44 payload
21/03/17 11:26:39 >> : -- transform #45 payload
21/03/17 11:26:39 >> : nonce payload
21/03/17 11:26:39 >> : identification payload
21/03/17 11:26:39 >> : identification payload
21/03/17 11:26:39 ii : creating IPSEC INBOUND policy ANY:172.16.10.0/24:* -> ANY:172.16.10.53:*
21/03/17 11:26:39 == : phase2 hash_i ( input ) ( 1460 bytes )
21/03/17 11:26:39 DB : policy added ( obj count = 9 )
21/03/17 11:26:39 == : phase2 hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:39 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 == : new phase2 iv ( 8 bytes )
21/03/17 11:26:39 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:39 >= : message c3e5497c
21/03/17 11:26:39 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:39 == : encrypt packet ( 1508 bytes )
21/03/17 11:26:39 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:172.16.10.0/24:*
21/03/17 11:26:39 == : stored iv ( 8 bytes )
21/03/17 11:26:39 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 1540 bytes )
21/03/17 11:26:39 ii : fragmented packet to 1514 bytes ( MTU 1500 bytes )
21/03/17 11:26:39 ii : fragmented packet to 74 bytes ( MTU 1500 bytes )
21/03/17 11:26:39 DB : phase2 resend event scheduled ( ref count = 2 )
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:39 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:39 DB : policy found
21/03/17 11:26:43 DB : phase1 found
21/03/17 11:26:43 ii : sending peer DPDV1-R-U-THERE notification
21/03/17 11:26:43 ii : - 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:26:43 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:43 ii : - data size 4
21/03/17 11:26:43 >> : hash payload
21/03/17 11:26:43 >> : notification payload
21/03/17 11:26:43 == : new informational hash ( 20 bytes )
21/03/17 11:26:43 == : new informational iv ( 8 bytes )
21/03/17 11:26:43 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:43 >= : message 399a6b92
21/03/17 11:26:43 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:43 == : encrypt packet ( 84 bytes )
21/03/17 11:26:43 == : stored iv ( 8 bytes )
21/03/17 11:26:43 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 116 bytes )
21/03/17 11:26:43 ii : DPD ARE-YOU-THERE sequence 0cf28b66 requested
21/03/17 11:26:43 DB : phase1 found
21/03/17 11:26:43 -> : send NAT-T:KEEP-ALIVE packet 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:26:43 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 92 bytes )
21/03/17 11:26:43 DB : phase1 found
21/03/17 11:26:43 ii : processing informational packet ( 92 bytes )
21/03/17 11:26:43 == : new informational iv ( 8 bytes )
21/03/17 11:26:43 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:43 =< : message 2f53ae13
21/03/17 11:26:43 =< : decrypt iv ( 8 bytes )
21/03/17 11:26:43 == : decrypt packet ( 92 bytes )
21/03/17 11:26:43 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:26:43 <= : stored iv ( 8 bytes )
21/03/17 11:26:43 << : hash payload
21/03/17 11:26:43 << : notification payload
21/03/17 11:26:43 == : informational hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:43 == : informational hash_c ( received ) ( 20 bytes )
21/03/17 11:26:43 ii : informational hash verified
21/03/17 11:26:43 ii : received peer DPDV1-R-U-THERE-ACK notification
21/03/17 11:26:43 ii : - 50.213.203.33:4500 -> 192.168.56.2:4500
21/03/17 11:26:43 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:43 ii : - data size 4
21/03/17 11:26:43 ii : DPD ARE-YOU-THERE-ACK sequence 0cf28b66 accepted
21/03/17 11:26:43 ii : next tunnel DPD request in 15 secs for peer 50.213.203.33:4500
21/03/17 11:26:44 ii : fragmented packet to 1514 bytes ( MTU 1500 bytes )
21/03/17 11:26:44 ii : fragmented packet to 74 bytes ( MTU 1500 bytes )
21/03/17 11:26:44 -> : resend 1 phase2 packet(s) [0/2] 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:26:45 !! : failed to create IPSEC policy route for 172.16.10.0/24
21/03/17 11:26:45 DB : policy added ( obj count = 10 )
21/03/17 11:26:45 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 ii : creating IPSEC INBOUND policy ANY:10.0.215.131/32:* -> ANY:172.16.10.53:*
21/03/17 11:26:45 DB : policy added ( obj count = 11 )
21/03/17 11:26:45 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:10.0.215.131/32:*
21/03/17 11:26:45 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 DB : policy found
21/03/17 11:26:45 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 DB : policy found
21/03/17 11:26:45 ii : created IPSEC policy route for 10.0.215.131/32
21/03/17 11:26:45 DB : policy added ( obj count = 12 )
21/03/17 11:26:45 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 DB : policy found
21/03/17 11:26:45 ii : creating IPSEC INBOUND policy ANY:10.0.219.132/32:* -> ANY:172.16.10.53:*
21/03/17 11:26:45 DB : policy added ( obj count = 13 )
21/03/17 11:26:45 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:10.0.219.132/32:*
21/03/17 11:26:45 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 DB : policy found
21/03/17 11:26:45 ii : created IPSEC policy route for 10.0.219.132/32
21/03/17 11:26:45 DB : policy added ( obj count = 14 )
21/03/17 11:26:45 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 ii : creating IPSEC INBOUND policy ANY:172.16.10.0/24:* -> ANY:172.16.10.53:*
21/03/17 11:26:45 DB : policy added ( obj count = 15 )
21/03/17 11:26:45 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 DB : policy found
21/03/17 11:26:45 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:172.16.10.0/24:*
21/03/17 11:26:45 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:45 DB : policy found
21/03/17 11:26:45 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 188 bytes )
21/03/17 11:26:45 DB : phase1 found
21/03/17 11:26:45 ii : processing phase2 packet ( 188 bytes )
21/03/17 11:26:45 DB : phase2 found
21/03/17 11:26:45 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:45 =< : message c3e5497c
21/03/17 11:26:45 =< : decrypt iv ( 8 bytes )
21/03/17 11:26:45 == : decrypt packet ( 188 bytes )
21/03/17 11:26:45 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:26:45 <= : stored iv ( 8 bytes )
21/03/17 11:26:45 << : hash payload
21/03/17 11:26:45 << : security association payload
21/03/17 11:26:45 << : - propsal #1 payload
21/03/17 11:26:45 << : -- transform #1 payload
21/03/17 11:26:45 << : nonce payload
21/03/17 11:26:45 << : identification payload
21/03/17 11:26:45 << : identification payload
21/03/17 11:26:45 << : notification payload
21/03/17 11:26:45 == : phase2 hash_r ( input ) ( 152 bytes )
21/03/17 11:26:45 == : phase2 hash_r ( computed ) ( 20 bytes )
21/03/17 11:26:45 == : phase2 hash_r ( received ) ( 20 bytes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-aes )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : crypto transform type ( esp-3des != esp-blowfish )
21/03/17 11:26:45 ii : unmatched ipsec-esp proposal/transform
21/03/17 11:26:45 ii : msg auth ( hmac-sha1 != hmac-md5 )
21/03/17 11:26:45 !! : peer violates RFC, transform number mismatch ( 1 != 32 )
21/03/17 11:26:45 ii : matched ipsec-esp proposal #1 transform #32
21/03/17 11:26:45 ii : - transform = esp-3des
21/03/17 11:26:45 ii : - key length = default
21/03/17 11:26:45 ii : - encap mode = udp-tunnel ( rfc )
21/03/17 11:26:45 ii : - msg auth = hmac-sha1
21/03/17 11:26:45 ii : - pfs dh group = none
21/03/17 11:26:45 ii : - life seconds = 3600
21/03/17 11:26:45 ii : - life kbytes = 0
21/03/17 11:26:45 DB : policy found
21/03/17 11:26:45 ii : received peer RESPONDER-LIFETIME notification
21/03/17 11:26:45 ii : - 50.213.203.33:4500 -> 192.168.56.2:4500
21/03/17 11:26:45 ii : - ipsec-esp spi = 0x6f5541d2
21/03/17 11:26:45 ii : - data size 12
21/03/17 11:26:45 K> : send pfkey GETSPI ESP message
21/03/17 11:26:45 K< : recv pfkey GETSPI ESP message
21/03/17 11:26:45 DB : phase2 found
21/03/17 11:26:45 ii : phase2 ids accepted
21/03/17 11:26:45 ii : - loc ANY:172.16.10.53:* -> ANY:0.0.0.0/0:*
21/03/17 11:26:45 ii : - rmt ANY:0.0.0.0/0:* -> ANY:172.16.10.53:*
21/03/17 11:26:45 ii : phase2 sa established
21/03/17 11:26:45 ii : 192.168.56.2:4500 <-> 50.213.203.33:4500
21/03/17 11:26:45 == : phase2 hash_p ( input ) ( 45 bytes )
21/03/17 11:26:45 == : phase2 hash_p ( computed ) ( 20 bytes )
21/03/17 11:26:45 >> : hash payload
21/03/17 11:26:45 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:45 >= : message c3e5497c
21/03/17 11:26:45 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:45 == : encrypt packet ( 52 bytes )
21/03/17 11:26:45 == : stored iv ( 8 bytes )
21/03/17 11:26:45 DB : phase2 resend event canceled ( ref count = 1 )
21/03/17 11:26:45 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 84 bytes )
21/03/17 11:26:45 == : spi cipher key data ( 24 bytes )
21/03/17 11:26:45 == : spi hmac key data ( 20 bytes )
21/03/17 11:26:45 K> : send pfkey UPDATE ESP message
21/03/17 11:26:45 K< : recv pfkey UPDATE ESP message
21/03/17 11:26:45 == : spi cipher key data ( 24 bytes )
21/03/17 11:26:45 == : spi hmac key data ( 20 bytes )
21/03/17 11:26:45 K> : send pfkey UPDATE ESP message
21/03/17 11:26:45 K< : recv pfkey UPDATE ESP message
21/03/17 11:26:50 !! : failed to create IPSEC policy route for 172.16.10.0/24
21/03/17 11:26:50 DB : policy added ( obj count = 16 )
21/03/17 11:26:50 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 ii : creating IPSEC INBOUND policy ANY:10.0.219.131/32:* -> ANY:172.16.10.53:*
21/03/17 11:26:50 DB : policy added ( obj count = 17 )
21/03/17 11:26:50 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:10.0.219.131/32:*
21/03/17 11:26:50 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 DB : policy found
21/03/17 11:26:50 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 DB : policy found
21/03/17 11:26:50 ii : created IPSEC policy route for 10.0.219.131/32
21/03/17 11:26:50 DB : policy added ( obj count = 18 )
21/03/17 11:26:50 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 DB : policy found
21/03/17 11:26:50 ii : creating IPSEC INBOUND policy ANY:172.16.10.0/24:* -> ANY:172.16.10.53:*
21/03/17 11:26:50 DB : policy added ( obj count = 19 )
21/03/17 11:26:50 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 ii : creating IPSEC OUTBOUND policy ANY:172.16.10.53:* -> ANY:172.16.10.0/24:*
21/03/17 11:26:50 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:50 DB : policy found
21/03/17 11:26:55 !! : failed to create IPSEC policy route for 172.16.10.0/24
21/03/17 11:26:55 DB : policy added ( obj count = 20 )
21/03/17 11:26:55 K> : send pfkey X_SPDADD UNSPEC message
21/03/17 11:26:55 K< : recv pfkey X_SPDADD UNSPEC message
21/03/17 11:26:55 DB : policy found
21/03/17 11:26:55 ii : split DNS is disabled
21/03/17 11:26:58 DB : phase1 found
21/03/17 11:26:58 -> : send NAT-T:KEEP-ALIVE packet 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:26:58 DB : phase1 found
21/03/17 11:26:58 ii : sending peer DPDV1-R-U-THERE notification
21/03/17 11:26:58 ii : - 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:26:58 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:58 ii : - data size 4
21/03/17 11:26:58 >> : hash payload
21/03/17 11:26:58 >> : notification payload
21/03/17 11:26:58 == : new informational hash ( 20 bytes )
21/03/17 11:26:58 == : new informational iv ( 8 bytes )
21/03/17 11:26:58 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:58 >= : message a6795b99
21/03/17 11:26:58 >= : encrypt iv ( 8 bytes )
21/03/17 11:26:58 == : encrypt packet ( 84 bytes )
21/03/17 11:26:58 == : stored iv ( 8 bytes )
21/03/17 11:26:58 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 116 bytes )
21/03/17 11:26:58 ii : DPD ARE-YOU-THERE sequence 0cf28b67 requested
21/03/17 11:26:58 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 92 bytes )
21/03/17 11:26:58 DB : phase1 found
21/03/17 11:26:58 ii : processing informational packet ( 92 bytes )
21/03/17 11:26:58 == : new informational iv ( 8 bytes )
21/03/17 11:26:58 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:58 =< : message 6cd4bf8e
21/03/17 11:26:58 =< : decrypt iv ( 8 bytes )
21/03/17 11:26:58 == : decrypt packet ( 92 bytes )
21/03/17 11:26:58 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:26:58 <= : stored iv ( 8 bytes )
21/03/17 11:26:58 << : hash payload
21/03/17 11:26:58 << : notification payload
21/03/17 11:26:58 == : informational hash_i ( computed ) ( 20 bytes )
21/03/17 11:26:58 == : informational hash_c ( received ) ( 20 bytes )
21/03/17 11:26:58 ii : informational hash verified
21/03/17 11:26:58 ii : received peer DPDV1-R-U-THERE-ACK notification
21/03/17 11:26:58 ii : - 50.213.203.33:4500 -> 192.168.56.2:4500
21/03/17 11:26:58 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:26:58 ii : - data size 4
21/03/17 11:26:58 ii : DPD ARE-YOU-THERE-ACK sequence 0cf28b67 accepted
21/03/17 11:26:58 ii : next tunnel DPD request in 15 secs for peer 50.213.203.33:4500
21/03/17 11:27:13 DB : phase1 found
21/03/17 11:27:13 -> : send NAT-T:KEEP-ALIVE packet 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:27:13 DB : phase1 found
21/03/17 11:27:13 ii : sending peer DPDV1-R-U-THERE notification
21/03/17 11:27:13 ii : - 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:27:13 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:13 ii : - data size 4
21/03/17 11:27:13 >> : hash payload
21/03/17 11:27:13 >> : notification payload
21/03/17 11:27:13 == : new informational hash ( 20 bytes )
21/03/17 11:27:13 == : new informational iv ( 8 bytes )
21/03/17 11:27:13 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:13 >= : message 074574b1
21/03/17 11:27:13 >= : encrypt iv ( 8 bytes )
21/03/17 11:27:13 == : encrypt packet ( 84 bytes )
21/03/17 11:27:13 == : stored iv ( 8 bytes )
21/03/17 11:27:13 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 116 bytes )
21/03/17 11:27:13 ii : DPD ARE-YOU-THERE sequence 0cf28b68 requested
21/03/17 11:27:13 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 92 bytes )
21/03/17 11:27:13 DB : phase1 found
21/03/17 11:27:13 ii : processing informational packet ( 92 bytes )
21/03/17 11:27:13 == : new informational iv ( 8 bytes )
21/03/17 11:27:13 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:13 =< : message 44a1f0cc
21/03/17 11:27:13 =< : decrypt iv ( 8 bytes )
21/03/17 11:27:13 == : decrypt packet ( 92 bytes )
21/03/17 11:27:13 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:27:13 <= : stored iv ( 8 bytes )
21/03/17 11:27:13 << : hash payload
21/03/17 11:27:13 << : notification payload
21/03/17 11:27:13 == : informational hash_i ( computed ) ( 20 bytes )
21/03/17 11:27:13 == : informational hash_c ( received ) ( 20 bytes )
21/03/17 11:27:13 ii : informational hash verified
21/03/17 11:27:13 ii : received peer DPDV1-R-U-THERE-ACK notification
21/03/17 11:27:13 ii : - 50.213.203.33:4500 -> 192.168.56.2:4500
21/03/17 11:27:13 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:13 ii : - data size 4
21/03/17 11:27:13 ii : DPD ARE-YOU-THERE-ACK sequence 0cf28b68 accepted
21/03/17 11:27:13 ii : next tunnel DPD request in 15 secs for peer 50.213.203.33:4500
21/03/17 11:27:28 DB : phase1 found
21/03/17 11:27:28 -> : send NAT-T:KEEP-ALIVE packet 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:27:28 DB : phase1 found
21/03/17 11:27:28 ii : sending peer DPDV1-R-U-THERE notification
21/03/17 11:27:28 ii : - 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:27:28 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:28 ii : - data size 4
21/03/17 11:27:28 >> : hash payload
21/03/17 11:27:28 >> : notification payload
21/03/17 11:27:28 == : new informational hash ( 20 bytes )
21/03/17 11:27:28 == : new informational iv ( 8 bytes )
21/03/17 11:27:28 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:28 >= : message 4b65c3e0
21/03/17 11:27:28 >= : encrypt iv ( 8 bytes )
21/03/17 11:27:28 == : encrypt packet ( 84 bytes )
21/03/17 11:27:28 == : stored iv ( 8 bytes )
21/03/17 11:27:28 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 116 bytes )
21/03/17 11:27:28 ii : DPD ARE-YOU-THERE sequence 0cf28b69 requested
21/03/17 11:27:28 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 92 bytes )
21/03/17 11:27:28 DB : phase1 found
21/03/17 11:27:28 ii : processing informational packet ( 92 bytes )
21/03/17 11:27:28 == : new informational iv ( 8 bytes )
21/03/17 11:27:28 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:28 =< : message b3d83550
21/03/17 11:27:28 =< : decrypt iv ( 8 bytes )
21/03/17 11:27:28 == : decrypt packet ( 92 bytes )
21/03/17 11:27:28 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:27:28 <= : stored iv ( 8 bytes )
21/03/17 11:27:28 << : hash payload
21/03/17 11:27:28 << : notification payload
21/03/17 11:27:28 == : informational hash_i ( computed ) ( 20 bytes )
21/03/17 11:27:28 == : informational hash_c ( received ) ( 20 bytes )
21/03/17 11:27:28 ii : informational hash verified
21/03/17 11:27:28 ii : received peer DPDV1-R-U-THERE-ACK notification
21/03/17 11:27:28 ii : - 50.213.203.33:4500 -> 192.168.56.2:4500
21/03/17 11:27:28 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:28 ii : - data size 4
21/03/17 11:27:28 ii : DPD ARE-YOU-THERE-ACK sequence 0cf28b69 accepted
21/03/17 11:27:28 ii : next tunnel DPD request in 15 secs for peer 50.213.203.33:4500
21/03/17 11:27:43 DB : phase1 found
21/03/17 11:27:43 -> : send NAT-T:KEEP-ALIVE packet 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:27:43 DB : phase1 found
21/03/17 11:27:43 ii : sending peer DPDV1-R-U-THERE notification
21/03/17 11:27:43 ii : - 192.168.56.2:4500 -> 50.213.203.33:4500
21/03/17 11:27:43 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:43 ii : - data size 4
21/03/17 11:27:43 >> : hash payload
21/03/17 11:27:43 >> : notification payload
21/03/17 11:27:43 == : new informational hash ( 20 bytes )
21/03/17 11:27:43 == : new informational iv ( 8 bytes )
21/03/17 11:27:43 >= : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:43 >= : message 43dd3428
21/03/17 11:27:43 >= : encrypt iv ( 8 bytes )
21/03/17 11:27:43 == : encrypt packet ( 84 bytes )
21/03/17 11:27:43 == : stored iv ( 8 bytes )
21/03/17 11:27:43 -> : send NAT-T:IKE packet 192.168.56.2:4500 -> 50.213.203.33:4500 ( 116 bytes )
21/03/17 11:27:43 ii : DPD ARE-YOU-THERE sequence 0cf28b6a requested
21/03/17 11:27:43 <- : recv NAT-T:IKE packet 50.213.203.33:4500 -> 192.168.56.2:4500 ( 92 bytes )
21/03/17 11:27:43 DB : phase1 found
21/03/17 11:27:43 ii : processing informational packet ( 92 bytes )
21/03/17 11:27:43 == : new informational iv ( 8 bytes )
21/03/17 11:27:43 =< : cookies 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:43 =< : message cb350c90
21/03/17 11:27:43 =< : decrypt iv ( 8 bytes )
21/03/17 11:27:43 == : decrypt packet ( 92 bytes )
21/03/17 11:27:43 <= : trimmed packet padding ( 8 bytes )
21/03/17 11:27:43 <= : stored iv ( 8 bytes )
21/03/17 11:27:43 << : hash payload
21/03/17 11:27:43 << : notification payload
21/03/17 11:27:43 == : informational hash_i ( computed ) ( 20 bytes )
21/03/17 11:27:43 == : informational hash_c ( received ) ( 20 bytes )
21/03/17 11:27:43 ii : informational hash verified
21/03/17 11:27:43 ii : received peer DPDV1-R-U-THERE-ACK notification
21/03/17 11:27:43 ii : - 50.213.203.33:4500 -> 192.168.56.2:4500
21/03/17 11:27:43 ii : - isakmp spi = 04c01be5d5362ffe:1a1b1a2bc09332af
21/03/17 11:27:43 ii : - data size 4
21/03/17 11:27:43 ii : DPD ARE-YOU-THERE-ACK sequence 0cf28b6a accepted
21/03/17 11:27:43 ii : next tunnel DPD request in 15 secs for peer 50.213.203.33:4500
Beta Was this translation helpful? Give feedback.
All reactions