Router-Main# *Mar 19 22:32:44.540: ISAKMP-PAK: (0):received packet from 174.230.20.234 dport 500 sport 8680 Global (N) NEW SA *Mar 19 22:32:44.540: ISAKMP: (0):Created a peer struct for 174.230.20.234, peer port 8680 *Mar 19 22:32:44.541: ISAKMP: (0):New peer created peer = 0x7F30ED48EC80 peer_handle = 0x80000003 *Mar 19 22:32:44.541: ISAKMP: (0):Locking peer struct 0x7F30ED48EC80, refcount 1 for crypto_isakmp_process_block *Mar 19 22:32:44.541: ISAKMP: (0):local port 500, remote port 8680 *Mar 19 22:32:44.541: crypto_engine_select_crypto_engine: can't handle any more *Mar 19 22:32:44.541: ISAKMP: (0):insert sa successfully sa = 7F30ED41B728 *Mar 19 22:32:44.541: ISAKMP: (0):processing SA payload. message ID = 0 *Mar 19 22:32:44.541: ISAKMP: (0):processing ID payload. message ID = 0 *Mar 19 22:32:44.541: ISAKMP: (0):ID payload next-payload : 13 type : 11 *Mar 19 22:32:44.541: ISAKMP: (0):group id : VPN-MANAGMENT *Mar 19 22:32:44.541: ISAKMP: (0): protocol : 0 port : 0 length : 23 *Mar 19 22:32:44.541: ISAKMP: (0):peer matches VPN-IKE-PROFILE-1 profile *Mar 19 22:32:44.541: ISAKMP: (0):Setting client config settings 7F30E8AC9150 *Mar 19 22:32:44.541: ISAKMP: (0):(Re)Setting client xauth list and state *Mar 19 22:32:44.541: ISAKMP: (0):xauth- initializing AAA request *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):processing IKE frag vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):Support for IKE Fragmentation not enabled *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID is NAT-T RFC 3947 *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID seems Unity/DPD but major 164 mismatch *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID is NAT-T v2 *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID seems Unity/DPD but major 221 mismatch *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID seems Unity/DPD but major 242 mismatch *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID is XAUTH *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID is Unity *Mar 19 22:32:44.544: ISAKMP: (0):processing vendor id payload *Mar 19 22:32:44.544: ISAKMP: (0):vendor ID is DPD *Mar 19 22:32:44.544: ISAKMP: (0):Authentication by xauth preshared *Mar 19 22:32:44.544: ISAKMP: (0):Checking ISAKMP transform 1 against priority 1 policy *Mar 19 22:32:44.544: ISAKMP: (0): life type in seconds *Mar 19 22:32:44.544: ISAKMP: (0): life duration (basic) of 28800 *Mar 19 22:32:44.544: ISAKMP: (0): encryption AES-CBC *Mar 19 22:32:44.544: ISAKMP: (0): keylength of 256 *Mar 19 22:32:44.544: ISAKMP: (0): auth XAUTHInitPreShared *Mar 19 22:32:44.544: ISAKMP: (0): hash SHA256 *Mar 19 22:32:44.544: ISAKMP: (0): default group 2 *Mar 19 22:32:44.544: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Mar 19 22:32:44.544: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Mar 19 22:32:44.544: ISAKMP: (0):Checking ISAKMP transform 2 against priority 1 policy *Mar 19 22:32:44.544: ISAKMP: (0): life type in seconds *Mar 19 22:32:44.544: ISAKMP: (0): life duration (basic) of 28800 *Mar 19 22:32:44.544: ISAKMP: (0): encryption AES-CBC *Mar 19 22:32:44.544: ISAKMP: (0): keylength of 256 *Mar 19 22:32:44.544: ISAKMP: (0): auth XAUTHInitPreShared *Mar 19 22:32:44.544: ISAKMP: (0): hash SHA *Mar 19 22:32:44.544: ISAKMP: (0): default group 2 *Mar 19 22:32:44.544: ISAKMP-ERROR: (0):Proposed key length does not match policy *Mar 19 22:32:44.544: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Mar 19 22:32:44.544: ISAKMP: (0):Checking ISAKMP transform 3 against priority 1 policy *Mar 19 22:32:44.544: ISAKMP: (0): life type in seconds *Mar 19 22:32:44.544: ISAKMP: (0): life duration (basic) of 28800 *Mar 19 22:32:44.544: ISAKMP: (0): encryption AES-CBC *Mar 19 22:32:44.544: ISAKMP: (0): keylength of 256 *Mar 19 22:32:44.544: ISAKMP: (0): auth XAUTHInitPreShared *Mar 19 22:32:44.545: ISAKMP: (0): hash MD5 *Mar 19 22:32:44.545: ISAKMP: (0): default group 2 *Mar 19 22:32:44.545: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Mar 19 22:32:44.545: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Mar 19 22:32:44.545: ISAKMP: (0):Checking ISAKMP transform 4 against priority 1 policy *Mar 19 22:32:44.545: ISAKMP: (0): life type in seconds *Mar 19 22:32:44.545: ISAKMP: (0): life duration (basic) of 28800 *Mar 19 22:32:44.545: ISAKMP: (0): encryption AES-CBC *Mar 19 22:32:44.545: ISAKMP: (0): keylength of 128 *Mar 19 22:32:44.545: ISAKMP: (0): auth XAUTHInitPreShared *Mar 19 22:32:44.545: ISAKMP: (0): hash SHA256 *Mar 19 22:32:44.545: ISAKMP: (0): default group 2 *Mar 19 22:32:44.545: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Mar 19 22:32:44.545: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Mar 19 22:32:44.545: ISAKMP: (0):Checking ISAKMP transform 5 against priority 1 policy *Mar 19 22:32:44.545: ISAKMP: (0): life type in seconds *Mar 19 22:32:44.545: ISAKMP: (0): life duration (basic) of 28800 *Mar 19 22:32:44.545: ISAKMP: (0): encryption AES-CBC *Mar 19 22:32:44.545: ISAKMP: (0): keylength of 128 *Mar 19 22:32:44.545: ISAKMP: (0): auth XAUTHInitPreShared *Mar 19 22:32:44.545: ISAKMP: (0): hash SHA *Mar 19 22:32:44.545: ISAKMP: (0): default group 2 *Mar 19 22:32:44.545: ISAKMP: (0):atts are acceptable. Next payload is 3 *Mar 19 22:32:44.545: ISAKMP: (0):Acceptable atts:actual life: 28800 *Mar 19 22:32:44.545: ISAKMP: (0):Acceptable atts:life: 0 *Mar 19 22:32:44.545: ISAKMP: (0):Basic life_in_seconds:28800 *Mar 19 22:32:44.545: ISAKMP: (0):Returning Actual lifetime: 28800 *Mar 19 22:32:44.545: ISAKMP: (0):Started lifetime timer: 28800. *Mar 19 22:32:44.545: crypto_engine_select_crypto_engine: can't handle any more *Mar 19 22:32:44.545: ISAKMP: (0):processing KE payload. message ID = 0 *Mar 19 22:32:44.545: crypto_engine: Create DH shared secret *Mar 19 22:32:44.547: ISAKMP: (0):processing NONCE payload. message ID = 0 *Mar 19 22:32:44.548: ISAKMP: (0):vendor ID is NAT-T RFC 3947 *Mar 19 22:32:44.548: ISAKMP: (0):vendor ID is NAT-T v2 *Mar 19 22:32:44.549: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH *Mar 19 22:32:44.549: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT *Mar 19 22:32:44.554: crypto_engine: Create IKE SA *Mar 19 22:32:44.554: crypto engine: deleting DH phase 2 SW:3 *Mar 19 22:32:44.554: crypto_engine: Delete DH shared secret *Mar 19 22:32:44.554: ISAKMP: (1002):constructed NAT-T vendor-rfc3947 ID *Mar 19 22:32:44.554: ISAKMP: (1002):SA is doing *Mar 19 22:32:44.554: ISAKMP: (1002):pre-shared key authentication plus XAUTH using id type ID_IPV4_ADDR *Mar 19 22:32:44.554: ISAKMP: (1002):ID payload next-payload : 10 type : 1 *Mar 19 22:32:44.554: ISAKMP: (1002): address : 192.168.0.200 *Mar 19 22:32:44.554: ISAKMP: (1002): protocol : 0 port : 0 length : 12 *Mar 19 22:32:44.554: ISAKMP: (1002):Total payload length: 12 *Mar 19 22:32:44.554: crypto_engine: Generate IKE hash *Mar 19 22:32:44.554: ISAKMP-PAK: (1002):sending packet to 174.230.20.234 my_port 500 peer_port 8680 (R) AG_INIT_EXCH *Mar 19 22:32:44.554: ISAKMP: (1002):Sending an IKE IPv4 Packet. Router-Main# *Mar 19 22:32:44.554: ISAKMP: (1002):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY *Mar 19 22:32:44.554: ISAKMP: (1002):Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2 Router-Main# *Mar 19 22:32:47.529: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) AG_INIT_EXCH *Mar 19 22:32:47.529: ISAKMP: (1002):phase 1 packet is a duplicate of a previous packet. *Mar 19 22:32:47.529: ISAKMP: (1002):retransmitting due to retransmit phase 1 *Mar 19 22:32:48.029: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH... *Mar 19 22:32:48.029: ISAKMP: (1002):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Mar 19 22:32:48.029: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH *Mar 19 22:32:48.029: ISAKMP-PAK: (1002):sending packet to 174.220.11.234 my_port 500 peer_port 8680 (R) AG_INIT_EXCH Router-OpSec-Main# *Mar 19 22:32:48.029: ISAKMP: (1002):Sending an IKE IPv4 Packet. Router-Main# *Mar 19 22:32:50.551: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) AG_INIT_EXCH *Mar 19 22:32:50.551: ISAKMP: (1002):phase 1 packet is a duplicate of a previous packet. *Mar 19 22:32:50.551: ISAKMP: (1002):retransmitting due to retransmit phase 1 *Mar 19 22:32:51.051: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH... *Mar 19 22:32:51.051: ISAKMP: (1002):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Mar 19 22:32:51.051: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH *Mar 19 22:32:51.051: ISAKMP-PAK: (1002):sending packet to 174.220.11.234 my_port 500 peer_port 8680 (R) AG_INIT_EXCH Router-Main# *Mar 19 22:32:51.051: ISAKMP: (1002):Sending an IKE IPv4 Packet. Router-Main# *Mar 19 22:32:53.550: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) AG_INIT_EXCH *Mar 19 22:32:53.550: ISAKMP: (1002):phase 1 packet is a duplicate of a previous packet. *Mar 19 22:32:53.550: ISAKMP: (1002):retransmitting due to retransmit phase 1 *Mar 19 22:32:54.050: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH... *Mar 19 22:32:54.050: ISAKMP: (1002):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Mar 19 22:32:54.050: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH *Mar 19 22:32:54.050: ISAKMP-PAK: (1002):sending packet to 174.220.11.234 my_port 500 peer_port 8680 (R) AG_INIT_EXCH Router-Main# *Mar 19 22:32:54.050: ISAKMP: (1002):Sending an IKE IPv4 Packet. Router-Main# *Mar 19 22:32:56.548: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) AG_INIT_EXCH *Mar 19 22:32:56.548: ISAKMP: (1002):phase 1 packet is a duplicate of a previous packet. *Mar 19 22:32:56.548: ISAKMP: (1002):retransmitting due to retransmit phase 1 *Mar 19 22:32:57.048: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH... *Mar 19 22:32:57.049: ISAKMP: (1002):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Mar 19 22:32:57.049: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH *Mar 19 22:32:57.049: ISAKMP-PAK: (1002):sending packet to 174.220.11.234 my_port 500 peer_port 8680 (R) AG_INIT_EXCH Router-Main# *Mar 19 22:32:57.049: ISAKMP: (1002):Sending an IKE IPv4 Packet. Router-Main# *Mar 19 22:32:59.562: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) AG_INIT_EXCH *Mar 19 22:32:59.562: ISAKMP: (1002):phase 1 packet is a duplicate of a previous packet. *Mar 19 22:32:59.562: ISAKMP: (1002):retransmitting due to retransmit phase 1 *Mar 19 22:33:00.062: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH... *Mar 19 22:33:00.062: ISAKMP: (1002):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Mar 19 22:33:00.062: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH *Mar 19 22:33:00.062: ISAKMP-PAK: (1002):sending packet to 174.220.11.234 my_port 500 peer_port 8680 (R) AG_INIT_EXCH Router-Main# *Mar 19 22:33:00.062: ISAKMP: (1002):Sending an IKE IPv4 Packet. Router-Main# *Mar 19 22:33:02.572: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) AG_INIT_EXCH *Mar 19 22:33:02.573: ISAKMP: (1002):phase 1 packet is a duplicate of a previous packet. *Mar 19 22:33:02.573: ISAKMP: (1002):retransmitting due to retransmit phase 1 *Mar 19 22:33:03.073: ISAKMP: (1002):retransmitting phase 1 AG_INIT_EXCH... *Mar 19 22:33:03.073: ISAKMP: (1002):peer does not do paranoid keepalives. *Mar 19 22:33:03.073: ISAKMP-ERROR: (1002):deleting SA reason "Death by retransmission P1" state (R) AG_INIT_EXCH (peer 174.220.11.234) *Mar 19 22:33:03.073: ISAKMP-ERROR: (1002):deleting SA reason "Death by retransmission P1" state (R) AG_INIT_EXCH (peer 174.220.11.234) *Mar 19 22:33:03.074: ISAKMP: (1002):Deleting the unauthenticated sa *Mar 19 22:33:03.074: ISAKMP: (1002):Unlocking peer struct 0x7F30ED48EC80 for isadb_mark_sa_deleted(), count 0 *Mar 19 22:33:03.074: ISAKMP: (1002):Deleting the peer struct for unauthenticated sa *Mar 19 22:33:03.077: ISAKMP: (0):Deleting peer node by peer_reap for 174.220.11.234: 7F30ED48EC80 *Mar 19 22:33:03.081: crypto engine: deleting IKE SA SW:2 *Mar 19 22:33:03.081: crypto_engine: Delete IKE SA Router-Main# *Mar 19 22:33:03.081: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 19 22:33:03.081: ISAKMP: (1002):Old State = IKE_R_AM2 New State = IKE_DEST_SA Router-Main# *Mar 19 22:33:05.584: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) MM_NO_STATE Router-Main# *Mar 19 22:33:08.595: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) MM_NO_STATE Router-Main# *Mar 19 22:33:11.578: ISAKMP-PAK: (1002):received packet from 174.230.20.234 dport 500 sport 8680 Global (R) MM_NO_STATE e