=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.02.24 15:18:59 =~=~=~=~=~=~=~=~=~=~=~= Payload contents: VID IDi CERT CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) AUTH CFG SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:18:36.379: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : 15A87F5590441992 - Responder SPI : 55FCF354B6C5C2FE Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: ENCR *Feb 24 15:18:37.307: IKEv2:(SA ID = 1):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 15A87F5590441992 - Responder SPI : 55FCF354B6C5C2FE Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: VID IDr CERT AUTH SA TSi TSr NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:18:37.311: IKEv2:(SA ID = 1):Process auth response notify *Feb 24 15:18:37.311: IKEv2:(SA ID = 1):Searching p Cbtme-Spoke1#olicy based on peer's identity '110.110.110.1' of type 'IPv4 address' *Feb 24 15:18:37.319: IKEv2:(SA ID = 1):Failed to locate an item in the database *Feb 24 15:18:37.319: IKEv2:(SA ID = 1): *Feb 24 15:18:37.319: IKEv2:(SA ID = 1):Verification of peer's authentication data FAILED *Feb 24 15:18:37.319: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:18:37.319: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:18:37.319: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:18:37.319: IKEv2:(SA ID = 1):Abort exchange *Feb 24 15:18:37.319: IKEv2:(SA ID = 1):Deleting SA *Feb 24 15:18:37.323: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session *Feb 24 15:18:37.323: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED Cbtme-Spoke1# *Feb 24 15:19:04.783: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 120.120.120.1:0, remote= 110.110.110.1:0, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0 *Feb 24 15:19:04.783: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 120.120.120.1:500, remote= 110.110.110.1:500, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0, protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0 *Feb 24 15:19:04.795: IKEv2:Searching Policy with fvrf 0, local address 120.120.120.1 *Feb 24 15:19:04.795: IKEv2:Found Policy 'policy' *Feb 24 15:19:04.811: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session *Feb 24 15:19:04.815: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED *Feb 24 15:19:04.815: IKEv2:(SA ID = 1):[IKEv2 -> Cryp Cbtme-Spoke1#to Engine] Computing DH public key, DH Group 14 *Feb 24 15:19:04.819: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:19:04.819: IKEv2:(SA ID = 1):Request queued for computation of DH key *Feb 24 15:19:04.823: IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch *Feb 24 15:19:04.823: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message *Feb 24 15:19:04.823: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA256 SHA256 DH_GROUP_2048_MODP/Group 14 *Feb 24 15:19:04.827: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : 8483C3FC5631B141 - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUEST Payload contents: SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) *Feb 24 15:19:04.827: IKEv2:(SA ID = 1):Insert SA *Feb 24 15:19:05.187: IKEv2:(SA ID = 1): Cbtme-Spoke1#Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 8483C3FC5631B141 - Responder SPI : 3DACC7B96CEF938C Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Payload contents: SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) *Feb 24 15:19:05.203: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:19:05.203: IKEv2:(SA ID = 1):Verify SA init message *Feb 24 15:19:05.207: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:19:05.207: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieving trustpoint(s) from received certificate hash(es) *Feb 24 15:19:05.207: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'ipsec-ca' 'dmvpn-ca' *Feb 24 15:19:05.211: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting cert chain for the trustpoint dmvpn-ca *Feb 24 15:19:05.251: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of cert chain for the trustpoint PASSED *Feb 24 15:1 Cbtme-Spoke1#9:05.259: IKEv2:(SA ID = 1):Checking NAT discovery *Feb 24 15:19:05.263: IKEv2:(SA ID = 1):NAT not found *Feb 24 15:19:05.267: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 *Feb 24 15:19:05.663: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:19:05.667: IKEv2:(SA ID = 1):Request queued for computation of DH secret *Feb 24 15:19:05.671: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA *Feb 24 15:19:05.679: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED *Feb 24 15:19:05.683: IKEv2:(SA ID = 1):Completed SA init exchange *Feb 24 15:19:05.691: IKEv2:Config data to send: *Feb 24 15:19:05.691: Config-type: Config-request *Feb 24 15:19:05.695: Attrib type: app-version, length: 247, data: Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1) Technical Support: http://www.ci Cbtme-Spoke1#sco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 20-Feb-14 06:51 by prod_rel_team *Feb 24 15:19:05.695: Attrib type: split-dns, length: 0 *Feb 24 15:19:05.699: Attrib type: banner, length: 0 *Feb 24 15:19:05.699: Attrib type: config-url, length: 0 *Feb 24 15:19:05.699: Attrib type: backup-gateway, length: 0 *Feb 24 15:19:05.703: Attrib type: def-domain, length: 0 *Feb 24 15:19:05.707: IKEv2:(SA ID = 1):Have config mode data to send *Feb 24 15:19:05.711: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:19:05.715: IKEv2:(SA ID = 1):Generate my authentication data *Feb 24 15:19:05.715: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data *Feb 24 15:19:05.719: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED *Feb 24 15:19:05.723: IKEv2:(SA ID = 1):Get my authentication method *Feb 24 15:19:05.723: IKEv2:(SA ID = 1):My authentication method is 'RSA' *Feb 24 15:19:05.727: IKEv2:(SA ID = 1):Sign authentic Cbtme-Spoke1#ation data *Feb 24 15:19:05.731: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting private key *Feb 24 15:19:05.735: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of private key PASSED *Feb 24 15:19:05.735: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Sign authentication data *Feb 24 15:19:06.255: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Signing of authenticaiton data PASSED *Feb 24 15:19:06.255: IKEv2:(SA ID = 1):Authentication material has been sucessfully signed *Feb 24 15:19:06.255: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:19:06.255: IKEv2:(SA ID = 1):Generating IKE_AUTH message *Feb 24 15:19:06.255: IKEv2:(SA ID = 1):Constructing IDi payload: '120.120.120.1' of type 'IPv4 address' *Feb 24 15:19:06.259: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) *Feb 24 15:19:06.259: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'dmvpn-ca' *Feb 24 15:19:06.259: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints *Feb 24 15:19:06.259 Cbtme-Spoke1#: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED *Feb 24 15:19:06.263: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation), Num. transforms: 3 AES-CBC SHA256 Don't use ESN *Feb 24 15:19:06.263: IKEv2:(SA ID = 1):Building packet for encryption. Payload contents: VID IDi CERT CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) AUTH CFG SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:19:06.267: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : 8483C3FC5631B141 - Responder SPI : 3DACC7B96CEF938C Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: ENCR *Feb 24 15:19:07.183: IKEv2:(SA ID = 1):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 8483C3FC5631B141 - Responder SPI : 3DACC7B96CEF938C Message id: 1 I Cbtme-Spoke1#KEv2 IKE_AUTH Exchange RESPONSE Payload contents: VID IDr CERT AUTH SA TSi TSr NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:19:07.211: IKEv2:(SA ID = 1):Process auth response notify *Feb 24 15:19:07.215: IKEv2:(SA ID = 1):Searching policy based on peer's identity '110.110.110.1' of type 'IPv4 address' *Feb 24 15:19:07.219: IKEv2:(SA ID = 1):Failed to locate an item in the database *Feb 24 15:19:07.219: IKEv2:(SA ID = 1): *Feb 24 15:19:07.219: IKEv2:(SA ID = 1):Verification of peer's authentication data FAILED *Feb 24 15:19:07.219: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:19:07.219: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:19:07.219: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:19:07.219: IKEv2:(SA ID = 1):Abort exchange *Feb 24 15:19:07.223: IKEv2:(SA ID = 1):Deleting SA *Feb 24 15:19:07.223: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session *Feb 24 15:19:07.223: IKEv2:( Cbtme-Spoke1#SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED Cbtme-Spoke1# *Feb 24 15:19:34.783: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 120.120.120.1:0, remote= 110.110.110.1:0, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0 *Feb 24 15:19:35.211: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 120.120.120.1:500, remote= 110.110.110.1:500, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0, protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0 *Feb 24 15:19:35.219: IKEv2:Searching Policy with fvrf 0, local address 120.120.120.1 *Feb 24 15:19:35.223: IKEv2:Found Policy 'policy' *Feb 24 15:19:35.247: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session *Feb 24 15:19:35.247: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED *Feb 24 15:19:35.251: IKEv2:(SA ID = 1):[IKEv2 -> Cryp Cbtme-Spoke1#to Engine] Computing DH public key, DH Group 14 *Feb 24 15:19:35.255: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:19:35.255: IKEv2:(SA ID = 1):Request queued for computation of DH key *Feb 24 15:19:35.259: IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch *Feb 24 15:19:35.259: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message *Feb 24 15:19:35.259: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA256 SHA256 DH_GROUP_2048_MODP/Group 14 *Feb 24 15:19:35.263: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUEST Payload contents: SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) *Feb 24 15:19:35.267: IKEv2:(SA ID = 1):Insert SA *Feb 24 15:19:35.695: IKEv2:(SA ID = 1): Cbtme-Spoke1#Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Payload contents: SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) *Feb 24 15:19:35.707: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:19:35.707: IKEv2:(SA ID = 1):Verify SA init message *Feb 24 15:19:35.707: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:19:35.711: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieving trustpoint(s) from received certificate hash(es) *Feb 24 15:19:35.711: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'ipsec-ca' 'dmvpn-ca' *Feb 24 15:19:35.715: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting cert chain for the trustpoint dmvpn-ca *Feb 24 15:19:35.739: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of cert chain for the trustpoint PASSED *Feb 24 15:1 Cbtme-Spoke1#9:35.743: IKEv2:(SA ID = 1):Checking NAT discovery *Feb 24 15:19:35.747: IKEv2:(SA ID = 1):NAT not found *Feb 24 15:19:35.751: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 *Feb 24 15:19:36.051: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:19:36.051: IKEv2:(SA ID = 1):Request queued for computation of DH secret *Feb 24 15:19:36.051: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA *Feb 24 15:19:36.059: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED *Feb 24 15:19:36.063: IKEv2:(SA ID = 1):Completed SA init exchange *Feb 24 15:19:36.067: IKEv2:Config data to send: *Feb 24 15:19:36.067: Config-type: Config-request *Feb 24 15:19:36.067: Attrib type: app-version, length: 247, data: Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 20-Feb-14 06:51 by prod_rel_team *Feb 24 15:19:36.067: Attrib type: split-dns, length: 0 *Feb 24 15:19:36.067: Attrib type: banner, length: 0 *Feb 24 15:19:36.067: Attrib type: config-url, length: 0 *Feb 24 15:19:36.067: Attrib type: backup-gateway, length: 0 *Feb 24 15:19:36.067: Att Cbtme-Spoke1#rib type: def-domain, length: 0 *Feb 24 15:19:36.067: IKEv2:(SA ID = 1):Have config mode data to send *Feb 24 15:19:36.067: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:19:36.071: IKEv2:(SA ID = 1):Generate my authentication data *Feb 24 15:19:36.071: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data *Feb 24 15:19:36.071: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED *Feb 24 15:19:36.071: IKEv2:(SA ID = 1):Get my authentication method *Feb 24 15:19:36.071: IKEv2:(SA ID = 1):My authentication method is 'RSA' *Feb 24 15:19:36.071: IKEv2:(SA ID = 1):Sign authentication data *Feb 24 15:19:36.071: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting private key *Feb 24 15:19:36.071: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of private key PASSED *Feb 24 15:19:36.071: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Sign authentication data *Feb 24 15:19:36.539: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Signing of authenticaiton data PASSED *Fe Cbtme-Spoke1#b 24 15:19:36.539: IKEv2:(SA ID = 1):Authentication material has been sucessfully signed *Feb 24 15:19:36.539: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:19:36.539: IKEv2:(SA ID = 1):Generating IKE_AUTH message *Feb 24 15:19:36.539: IKEv2:(SA ID = 1):Constructing IDi payload: '120.120.120.1' of type 'IPv4 address' *Feb 24 15:19:36.543: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) *Feb 24 15:19:36.543: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'dmvpn-ca' *Feb 24 15:19:36.543: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints *Feb 24 15:19:36.543: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED *Feb 24 15:19:36.543: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation), Num. transforms: 3 AES-CBC SHA256 Don't use ESN *Feb 24 15:19:36.547: IKEv2:(SA ID = 1):Building packet for encryption. Payload contents: VID IDi CERT CERTREQ NOTIFY(HTTP_CERT_LO Cbtme-Spoke1#OKUP_SUPPORTED) AUTH CFG SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:19:36.551: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: ENCR *Feb 24 15:19:37.551: IKEv2:(SA ID = 1):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: VID IDr CERT AUTH SA TSi TSr NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:19:37.579: IKEv2:(SA ID = 1):Process auth response notify *Feb 24 15:19:37.583: IKEv2:(SA ID = 1):Searching policy based on peer's identity '110.110.110.1' of type 'IPv4 Cbtme-Spoke1#address' *Feb 24 15:19:37.599: IKEv2:(SA ID = 1):Failed to locate an item in the database *Feb 24 15:19:37.599: IKEv2:(SA ID = 1): *Feb 24 15:19:37.599: IKEv2:(SA ID = 1):Verification of peer's authentication data FAILED *Feb 24 15:19:37.599: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:19:37.599: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:19:37.599: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:19:37.599: IKEv2:(SA ID = 1):Abort exchange *Feb 24 15:19:37.603: IKEv2:(SA ID = 1):Deleting SA *Feb 24 15:19:37.603: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session *Feb 24 15:19:37.603: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED Cbtme-Spoke1# *Feb 24 15:19:50.623: IKEv2:Detected an invalid IKE SPI *Feb 24 15:19:50.623: IKEv2:Couldn't find matching SA *Feb 24 15:19:50.623: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 0 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:19:50.623: IKEv2:A supplied parameter is incorrect *Feb 24 15:19:50.627: IKEv2: *Feb 24 15:19:50.627: IKEv2:Detected an invalid IKE SPI *Feb 24 15:19:50.627: IKEv2:Couldn't find matching SA *Feb 24 15:19:50.627: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Cbtme-Spoke1#Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 1 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:19:50.627: IKEv2:A supplied parameter is incorrect *Feb 24 15:19:50.627: IKEv2: Cbtme-Spoke1# *Feb 24 15:19:52.603: IKEv2:Detected an invalid IKE SPI *Feb 24 15:19:52.603: IKEv2:Couldn't find matching SA *Feb 24 15:19:52.603: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 0 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:19:52.607: IKEv2:A supplied parameter is incorrect *Feb 24 15:19:52.607: IKEv2: *Feb 24 15:19:52.615: IKEv2:Detected an invalid IKE SPI *Feb 24 15:19:52.615: IKEv2:Couldn't find matching SA *Feb 24 15:19:52.615: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Cbtme-Spoke1#Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 1 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:19:52.615: IKEv2:A supplied parameter is incorrect *Feb 24 15:19:52.615: IKEv2: Cbtme-Spoke1# *Feb 24 15:19:56.495: IKEv2:Detected an invalid IKE SPI *Feb 24 15:19:56.495: IKEv2:Couldn't find matching SA *Feb 24 15:19:56.495: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 1 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:19:56.495: IKEv2:A supplied parameter is incorrect *Feb 24 15:19:56.499: IKEv2: *Feb 24 15:19:56.563: IKEv2:Detected an invalid IKE SPI *Feb 24 15:19:56.563: IKEv2:Couldn't find matching SA *Feb 24 15:19:56.563: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Cbtme-Spoke1#Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 0 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:19:56.563: IKEv2:A supplied parameter is incorrect *Feb 24 15:19:56.563: IKEv2: Cbtme-Spoke1# *Feb 24 15:20:04.119: IKEv2:Detected an invalid IKE SPI *Feb 24 15:20:04.119: IKEv2:Couldn't find matching SA *Feb 24 15:20:04.119: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 1 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:20:04.119: IKEv2:A supplied parameter is incorrect *Feb 24 15:20:04.119: IKEv2: *Feb 24 15:20:04.371: IKEv2:Detected an invalid IKE SPI *Feb 24 15:20:04.371: IKEv2:Couldn't find matching SA *Feb 24 15:20:04.371: IKEv2:(SA ID = 0):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Cbtme-Spoke1#Initiator SPI : 716B3948525A284B - Responder SPI : 03C2E1A0F7367447 Message id: 0 IKEv2 INFORMATIONAL Exchange REQUEST *Feb 24 15:20:04.371: IKEv2:A supplied parameter is incorrect *Feb 24 15:20:04.371: IKEv2: *Feb 24 15:20:05.211: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 120.120.120.1:0, remote= 110.110.110.1:0, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0 *Feb 24 15:20:05.211: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 120.120.120.1:500, remote= 110.110.110.1:500, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0, protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0 *Feb 24 15:20:05.215: IKEv2:Searching Policy with fvrf 0, local address 120.120.120.1 *Feb 24 15:20:05.219: IKEv2:Found Policy 'policy' * Cbtme-Spoke1#Feb 24 15:20:05.223: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session *Feb 24 15:20:05.223: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED *Feb 24 15:20:05.223: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 *Feb 24 15:20:05.223: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:20:05.223: IKEv2:(SA ID = 1):Request queued for computation of DH key *Feb 24 15:20:05.227: IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch *Feb 24 15:20:05.227: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message *Feb 24 15:20:05.227: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA256 SHA256 DH_GROUP_2048_MODP/Group 14 *Feb 24 15:20:05.227: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : C3951A84AECBDB52 - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange Cbtme-Spoke1#REQUEST Payload contents: SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) *Feb 24 15:20:05.227: IKEv2:(SA ID = 1):Insert SA *Feb 24 15:20:05.627: IKEv2:(SA ID = 1):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : C3951A84AECBDB52 - Responder SPI : 26A22FAF621C1EA4 Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Payload contents: SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) *Feb 24 15:20:05.627: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:20:05.627: IKEv2:(SA ID = 1):Verify SA init message *Feb 24 15:20:05.631: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:20:05.631: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieving trustpoint(s) from received certificate hash(es) *Feb 24 15:20:05.631: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'ipsec-ca' 'dmvpn-ca' *Feb Cbtme-Spoke1#24 15:20:05.631: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting cert chain for the trustpoint dmvpn-ca *Feb 24 15:20:05.643: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of cert chain for the trustpoint PASSED *Feb 24 15:20:05.647: IKEv2:(SA ID = 1):Checking NAT discovery *Feb 24 15:20:05.647: IKEv2:(SA ID = 1):NAT not found *Feb 24 15:20:05.647: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 *Feb 24 15:20:06.011: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:20:06.011: IKEv2:(SA ID = 1):Request queued for computation of DH secret *Feb 24 15:20:06.011: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA *Feb 24 15:20:06.011: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED *Feb 24 15:20:06.011: IKEv2:(SA ID = 1):Completed SA init exchange *Feb 24 15:20:06.011: IKEv2:Config data to send: *Feb 24 15:20:06.011: Config-type: Confi Cbtme-Spoke1#g-request *Feb 24 15:20:06.011: Attrib type: app-version, length: 247, data: Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 20-Feb-14 06:51 by prod_rel_team *Feb 24 15:20:06.011: Attrib type: split-dns, length: 0 *Feb 24 15:20:06.011: Attrib type: banner, length: 0 *Feb 24 15:20:06.011: Attrib type: config-url, length: 0 *Feb 24 15:20:06.011: Attrib type: backup-gateway, length: 0 *Feb 24 15:20:06.011: Attrib type: def-domain, length: 0 *Feb 24 15:20:06.011: IKEv2:(SA ID = 1):Have config mode data to send *Feb 24 15:20:06.011: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:20:06.015: IKEv2:(SA ID = 1):Generate my authentication data *Feb 24 15:20:06.015: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data *Feb 24 15:20:06.015: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data gene Cbtme-Spoke1#ration PASSED *Feb 24 15:20:06.015: IKEv2:(SA ID = 1):Get my authentication method *Feb 24 15:20:06.015: IKEv2:(SA ID = 1):My authentication method is 'RSA' *Feb 24 15:20:06.015: IKEv2:(SA ID = 1):Sign authentication data *Feb 24 15:20:06.015: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting private key *Feb 24 15:20:06.015: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of private key PASSED *Feb 24 15:20:06.015: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Sign authentication data *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Signing of authenticaiton data PASSED *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):Authentication material has been sucessfully signed *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):Generating IKE_AUTH message *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):Constructing IDi payload: '120.120.120.1' of type 'IPv4 address' *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoin Cbtme-Spoke1#t(s) *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'dmvpn-ca' *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation), Num. transforms: 3 AES-CBC SHA256 Don't use ESN *Feb 24 15:20:06.431: IKEv2:(SA ID = 1):Building packet for encryption. Payload contents: VID IDi CERT CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) AUTH CFG SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:20:06.435: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : C3951A84AECBDB52 - Responder SPI : 26A22FAF621C1EA4 Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: Cbtme-Spoke1# ENCR *Feb 24 15:20:07.339: IKEv2:(SA ID = 1):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : C3951A84AECBDB52 - Responder SPI : 26A22FAF621C1EA4 Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: VID IDr CERT AUTH SA TSi TSr NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:20:07.343: IKEv2:(SA ID = 1):Process auth response notify *Feb 24 15:20:07.343: IKEv2:(SA ID = 1):Searching policy based on peer's identity '110.110.110.1' of type 'IPv4 address' *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):Failed to locate an item in the database *Feb 24 15:20:07.347: IKEv2:(SA ID = 1): *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):Verification of peer's authentication data FAILED *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):Auth exchange failed Cbtme-Spoke1# *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):Abort exchange *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):Deleting SA *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session *Feb 24 15:20:07.347: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED Cbtme-Spoke1# *Feb 24 15:20:35.211: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 120.120.120.1:0, remote= 110.110.110.1:0, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0 Cbtme-Spoke1# *Feb 24 15:20:39.795: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 120.120.120.1:500, remote= 110.110.110.1:500, local_proxy= 120.120.120.1/255.255.255.255/47/0, remote_proxy= 110.110.110.1/255.255.255.255/47/0, protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0 *Feb 24 15:20:39.807: IKEv2:Searching Policy with fvrf 0, local address 120.120.120.1 *Feb 24 15:20:39.807: IKEv2:Found Policy 'policy' *Feb 24 15:20:39.823: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session *Feb 24 15:20:39.827: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED *Feb 24 15:20:39.831: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 *Feb 24 15:20:39.831: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:20:39.835: IKEv2:(SA ID = 1):Request queued for computation of DH key *Feb 24 15:20:39.835: Cbtme-Spoke1#IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch *Feb 24 15:20:39.835: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message *Feb 24 15:20:39.839: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA256 SHA256 DH_GROUP_2048_MODP/Group 14 *Feb 24 15:20:39.843: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : DA27EA6D0BEADD1E - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUEST Payload contents: SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) *Feb 24 15:20:39.843: IKEv2:(SA ID = 1):Insert SA *Feb 24 15:20:40.219: IKEv2:(SA ID = 1):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : DA27EA6D0BEADD1E - Responder SPI : 18182CEE29229BD7 Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Payload contents: SA KE N VID VID NOTIFY(NAT_DE Cbtme-Spoke1#TECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) *Feb 24 15:20:40.223: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:20:40.223: IKEv2:(SA ID = 1):Verify SA init message *Feb 24 15:20:40.223: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message *Feb 24 15:20:40.227: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieving trustpoint(s) from received certificate hash(es) *Feb 24 15:20:40.227: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'ipsec-ca' 'dmvpn-ca' *Feb 24 15:20:40.231: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting cert chain for the trustpoint dmvpn-ca *Feb 24 15:20:40.267: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of cert chain for the trustpoint PASSED *Feb 24 15:20:40.275: IKEv2:(SA ID = 1):Checking NAT discovery *Feb 24 15:20:40.275: IKEv2:(SA ID = 1):NAT not found *Feb 24 15:20:40.279: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 *Feb 24 15:20:40.555: IKEv2:(SA ID Cbtme-Spoke1#= 1):[Crypto Engine -> IKEv2] DH key Computation PASSED *Feb 24 15:20:40.555: IKEv2:(SA ID = 1):Request queued for computation of DH secret *Feb 24 15:20:40.559: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA *Feb 24 15:20:40.567: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED *Feb 24 15:20:40.567: IKEv2:(SA ID = 1):Completed SA init exchange *Feb 24 15:20:40.571: IKEv2:Config data to send: *Feb 24 15:20:40.571: Config-type: Config-request *Feb 24 15:20:40.571: Attrib type: app-version, length: 247, data: Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 20-Feb-14 06:51 by prod_rel_team *Feb 24 15:20:40.571: Attrib type: split-dns, length: 0 *Feb 24 15:20:40.575: Attrib type: banner, length: 0 *Feb 24 15:20:40.5 Cbtme-Spoke1#75: Attrib type: config-url, length: 0 *Feb 24 15:20:40.575: Attrib type: backup-gateway, length: 0 *Feb 24 15:20:40.575: Attrib type: def-domain, length: 0 *Feb 24 15:20:40.575: IKEv2:(SA ID = 1):Have config mode data to send *Feb 24 15:20:40.575: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:20:40.575: IKEv2:(SA ID = 1):Generate my authentication data *Feb 24 15:20:40.575: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data *Feb 24 15:20:40.575: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED *Feb 24 15:20:40.575: IKEv2:(SA ID = 1):Get my authentication method *Feb 24 15:20:40.575: IKEv2:(SA ID = 1):My authentication method is 'RSA' *Feb 24 15:20:40.579: IKEv2:(SA ID = 1):Sign authentication data *Feb 24 15:20:40.579: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting private key *Feb 24 15:20:40.579: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of private key PASSED *Feb 24 15:20:40.579: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Sign a Cbtme-Spoke1#uthentication data *Feb 24 15:20:41.231: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Signing of authenticaiton data PASSED *Feb 24 15:20:41.231: IKEv2:(SA ID = 1):Authentication material has been sucessfully signed *Feb 24 15:20:41.231: IKEv2:(SA ID = 1):Check for EAP exchange *Feb 24 15:20:41.231: IKEv2:(SA ID = 1):Generating IKE_AUTH message *Feb 24 15:20:41.231: IKEv2:(SA ID = 1):Constructing IDi payload: '120.120.120.1' of type 'IPv4 address' *Feb 24 15:20:41.235: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) *Feb 24 15:20:41.235: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'dmvpn-ca' *Feb 24 15:20:41.235: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints *Feb 24 15:20:41.235: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED *Feb 24 15:20:41.239: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation), Num. transforms: 3 AES-CBC SHA256 Don't use ESN *Feb 24 1 Cbtme-Spoke1#5:20:41.239: IKEv2:(SA ID = 1):Building packet for encryption. Payload contents: VID IDi CERT CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) AUTH CFG SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:20:41.243: IKEv2:(SA ID = 1):Sending Packet [To 110.110.110.1:500/From 120.120.120.1:500/VRF i0:f0] Initiator SPI : DA27EA6D0BEADD1E - Responder SPI : 18182CEE29229BD7 Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: ENCR *Feb 24 15:20:42.279: IKEv2:(SA ID = 1):Received Packet [From 110.110.110.1:500/To 120.120.120.1:500/VRF i0:f0] Initiator SPI : DA27EA6D0BEADD1E - Responder SPI : 18182CEE29229BD7 Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: VID IDr CERT AUTH SA TSi TSr NOTIFY(USE_TRANSPORT_MODE) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) *Feb 24 15:20:42.307: IKEv2:(SA ID = 1):Process auth re Cbtme-Spoke1#sponse notify *Feb 24 15:20:42.315: IKEv2:(SA ID = 1):Searching policy based on peer's identity '110.110.110.1' of type 'IPv4 address' *Feb 24 15:20:42.327: IKEv2:(SA ID = 1):Failed to locate an item in the database *Feb 24 15:20:42.327: IKEv2:(SA ID = 1): *Feb 24 15:20:42.327: IKEv2:(SA ID = 1):Verification of peer's authentication data FAILED *Feb 24 15:20:42.327: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:20:42.327: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:20:42.327: IKEv2:(SA ID = 1):Auth exchange failed *Feb 24 15:20:42.327: IKEv2:(SA ID = 1):Abort exchange *Feb 24 15:20:42.331: IKEv2:(SA ID = 1):Deleting SA *Feb 24 15:20:42.331: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session *Feb 24 15:20:42.331: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED Cbtme-Spoke1#