Spoke router#sh debugging

Cryptographic Subsystem:
  Crypto ISAKMP debugging is on
  Crypto IPSEC debugging is on



Spoke router#sh log
Syslog logging: enabled (0 messages dropped, 77 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


    Console logging: level debugging, 4571 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 5 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 4645 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 3899 message lines logged
        Logging Source-Interface:       VRF Name:

Log Buffer (8192 bytes):
tocol= ESP, transform= esp-des esp-md5-hmac  (Transport),
    lifedur= 3600s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Aug 16 14:48:04.515: ISAKMP: (6665):set new node 0 to QM_IDLE
Aug 16 14:48:04.515: ISAKMP-ERROR: (6665):SA is still budding. Attached new ipsec request to it. (local 216.26.58.254, remote 74.87.123.90)
Aug 16 14:48:04.515: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA
Aug 16 14:48:04.515: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2.
Aug 16 14:48:05.119: ISAKMP: (6665):retransmitting phase 1 MM_KEY_EXCH...
Aug 16 14:48:05.119: ISAKMP: (6665):peer does not do paranoid keepalives.
Aug 16 14:48:05.119: ISAKMP-ERROR: (6665):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 74.87.123.90)
Aug 16 14:48:05.119: ISAKMP-ERROR: (6665):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 74.87.123.90)
Aug 16 14:48:05.119: ISAKMP: (0):Unlocking peer struct 0x274F6EF0 for isadb_mark_sa_deleted(), count 0
Aug 16 14:48:05.119: ISAKMP: (0):Deleting peer node by peer_reap for 74.87.123.90: 274F6EF0
Aug 16 14:48:05.119: ISAKMP: (6665):deleting node -493702733 error FALSE reason "IKE deleted"
Aug 16 14:48:05.119: ISAKMP: (6665):deleting node 605111318 error FALSE reason "IKE deleted"
Aug 16 14:48:05.119: ISAKMP: (6665):deleting node 1480678003 error FALSE reason "IKE deleted"
Aug 16 14:48:05.119: ISAKMP: (6665):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Aug 16 14:48:05.119: ISAKMP: (6665):Old State = IKE_I_MM5  New State = IKE_DEST_SA

Aug 16 14:48:05.119: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Aug 16 14:48:34.515: IPSEC:(SESSION ID = 2719) (key_engine) request timer fired: count = 2,
  (identity) local= 216.26.58.254:0, remote= 74.87.123.90:0,
    local_proxy= "spoke iP"/255.255.255.255/47/0,
    remote_proxy= "Hub IP"/255.255.255.255/47/0
Aug 16 14:48:34.515: IPSEC(sa_request): ,
  (key eng. msg.) OUTBOUND local= 216.26.58.254:500, remote= "Hub IP":500,
    local_proxy= "spoke iP"/255.255.255.255/47/0,
    remote_proxy= "Hub IP"/255.255.255.255/47/0,
    protocol= ESP, transform= esp-des esp-md5-hmac  (Transport),
    lifedur= 3600s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Aug 16 14:48:34.515: ISAKMP: (0):SA request profile is (NULL)
Aug 16 14:48:34.515: ISAKMP: (0):Created a peer struct for 74.87.123.90, peer port 500
Aug 16 14:48:34.515: ISAKMP: (0):New peer created peer = 0x274F6EF0 peer_handle = 0x8000EB00
Aug 16 14:48:34.515: ISAKMP: (0):Locking peer struct 0x274F6EF0, refcount 1 for isakmp_initiator
Aug 16 14:48:34.515: ISAKMP: (0):local port 500, remote port 500
Aug 16 14:48:34.515: ISAKMP: (0):set new node 0 to QM_IDLE
Aug 16 14:48:34.515: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 3E95273C
Aug 16 14:48:34.515: ISAKMP: (0):Can not start Aggressive mode, trying Main mode.
Aug 16 14:48:34.515: ISAKMP: (0):found peer pre-shared key matching "Hub IP"
Aug 16 14:48:34.515: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID
Aug 16 14:48:34.515: ISAKMP: (0):constructed NAT-T vendor-07 ID
Aug 16 14:48:34.515: ISAKMP: (0):constructed NAT-T vendor-03 ID
Aug 16 14:48:34.515: ISAKMP: (0):constructed NAT-T vendor-02 ID
Aug 16 14:48:34.515: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Aug 16 14:48:34.515: ISAKMP: (0):Old State = IKE_READY  New State = IKE_I_MM1

Aug 16 14:48:34.515: ISAKMP: (0):beginning Main Mode exchange
Aug 16 14:48:34.515: ISAKMP-PAK: (0):sending packet to "Hub IP" my_port 500 peer_port 500 (I) MM_NO_STATE
Aug 16 14:48:34.515: ISAKMP: (0):Sending an IKE IPv4 Packet.
Aug 16 14:48:34.567: ISAKMP-PAK: (0):received packet from "Hub IP" dport 500 sport 500 Global (I) MM_NO_STATE
Aug 16 14:48:34.567: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Aug 16 14:48:34.567: ISAKMP: (0):Old State = IKE_I_MM1  New State = IKE_I_MM2

Aug 16 14:48:34.567: ISAKMP: (0):processing SA payload. message ID = 0
Aug 16 14:48:34.567: ISAKMP: (0):processing vendor id payload
Aug 16 14:48:34.567: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Aug 16 14:48:34.567: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Aug 16 14:48:34.567: ISAKMP: (0):found peer pre-shared key matching "Hub IP"
Aug 16 14:48:34.567: ISAKMP: (0):local preshared key found
Aug 16 14:48:34.567: ISAKMP: (0):Scanning profiles for xauth ...
Aug 16 14:48:34.567: ISAKMP: (0):Checking ISAKMP transform 1 against priority 1 policy
Aug 16 14:48:34.567: ISAKMP: (0):      encryption DES-CBC
Aug 16 14:48:34.567: ISAKMP: (0):      hash SHA
Aug 16 14:48:34.567: ISAKMP: (0):      default group 1
Aug 16 14:48:34.567: ISAKMP: (0):      auth pre-share
Aug 16 14:48:34.567: ISAKMP: (0):      life type in seconds
Aug 16 14:48:34.567: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
Aug 16 14:48:34.567: ISAKMP: (0):atts are acceptable. Next payload is 0
Aug 16 14:48:34.567: ISAKMP: (0):Acceptable atts:actual life: 0
Aug 16 14:48:34.567: ISAKMP: (0):Acceptable atts:life: 0
Aug 16 14:48:34.567: ISAKMP: (0):Fill atts in sa vpi_length:4
Aug 16 14:48:34.567: ISAKMP: (0):Fill atts in sa life_in_seconds:86400
Aug 16 14:48:34.567: ISAKMP: (0):Returning Actual lifetime: 86400
Aug 16 14:48:34.567: ISAKMP: (0):Started lifetime timer: 86400.

Aug 16 14:48:34.567: ISAKMP: (0):processing vendor id payload
Aug 16 14:48:34.567: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Aug 16 14:48:34.567: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Aug 16 14:48:34.567: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Aug 16 14:48:34.567: ISAKMP: (0):Old State = IKE_I_MM2  New State = IKE_I_MM2

Aug 16 14:48:34.567: ISAKMP-PAK: (0):sending packet to "Hub IP" 0 my_port 500 peer_port 500 (I) MM_SA_SETUP
Aug 16 14:48:34.567: ISAKMP: (0):Sending an IKE IPv4 Packet.
Aug 16 14:48:34.567: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Aug 16 14:48:34.567: ISAKMP: (0):Old State = IKE_I_MM2  New State = IKE_I_MM3

Aug 16 14:48:34.619: ISAKMP-PAK: (0):received packet from 74.87.123.90 dport 500 sport 500 Global (I) MM_SA_SETUP
Aug 16 14:48:34.619: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Aug 16 14:48:34.619: ISAKMP: (0):Old State = IKE_I_MM3  New State = IKE_I_MM4

Aug 16 14:48:34.619: ISAKMP: (0):processing KE payload. message ID = 0
Aug 16 14:48:34.639: ISAKMP: (0):processing NONCE payload. message ID = 0
Aug 16 14:48:34.639: ISAKMP: (0):found peer pre-shared key matching "Hub IP"
Aug 16 14:48:34.639: ISAKMP: (6666):processing vendor id payload
Aug 16 14:48:34.639: ISAKMP: (6666):vendor ID is Unity
Aug 16 14:48:34.639: ISAKMP: (6666):processing vendor id payload
Aug 16 14:48:34.639: ISAKMP: (6666):vendor ID is DPD
Aug 16 14:48:34.639: ISAKMP: (6666):processing vendor id payload
Aug 16 14:48:34.639: ISAKMP: (6666):speaking to another IOS box!
Aug 16 14:48:34.639: ISAKMP: (6666):received payload type 20
Aug 16 14:48:34.639: ISAKMP: (6666):His hash no match - this node outside NAT
Aug 16 14:48:34.639: ISAKMP: (6666):received payload type 20
Aug 16 14:48:34.639: ISAKMP: (6666):His hash no match - this node outside NAT
Aug 16 14:48:34.639: ISAKMP: (6666):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Aug 16 14:48:34.639: ISAKMP: (6666):Old State = IKE_I_MM4  New State = IKE_I_MM4

Aug 16 14:48:34.639: ISAKMP: (6666):Send initial contact
Aug 16 14:48:34.639: ISAKMP: (6666):SA is doing
Aug 16 14:48:34.639: ISAKMP: (6666):pre-shared key authentication using id type ID_IPV4_ADDR
Aug 16 14:48:34.643: ISAKMP: (6666):ID payload
        next-payload : 8
        type         : 1
Aug 16 14:48:34.643: ISAKMP: (6666):    address      : "Spoke ip"
Aug 16 14:48:34.643: ISAKMP: (6666):    protocol     : 17
        port         : 0
        length       : 12
Aug 16 14:48:34.643: ISAKMP: (6666):Total payload length: 12
Aug 16 14:48:34.643: ISAKMP-PAK: (6666):sending packet to "Hub IP" my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
Aug 16 14:48:34.643: ISAKMP: (6666):Sending an IKE IPv4 Packet.
Aug 16 14:48:34.643: ISAKMP: (6666):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Aug 16 14:48:34.643: ISAKMP: (6666):Old State = IKE_I_MM4  New State = IKE_I_MM5