ACQBLRFW01/act/pri# debug crypto ikev2 protocol 255 ACQBLRFW01/act/pri# IKEv2-PROTO-4: Received Packet [From 34.157.146.197:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : 55DA711E8A726DFF - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 40 9c 0d 29 a7 e3 eb 43 17 c5 89 0d 99 88 68 d5 6b e7 0f 08 73 49 79 87 ac 84 91 d8 86 6d 26 2e 9c 43 ac ba 9e 10 55 46 26 13 d3 a7 54 9e d3 4c 58 e8 a5 4d e7 90 a0 ba 11 bc da 2a f7 68 ea e6 02 3b b2 42 44 dc f5 39 d7 16 82 90 6e e7 dc c8 ae f3 85 ec 55 40 c7 01 2d 3e be fa 9a 87 43 6e af 67 22 64 8e 27 7e 7d 09 10 59 e7 63 68 5a 3e a1 47 ba 4b 74 77 c2 21 57 26 92 f5 38 19 f8 20 05 82 b2 18 f7 d0 f0 16 73 5c 6c 17 87 74 0a 5a 80 3f c3 80 f0 a4 60 e5 32 9f f4 c0 0d 85 f3 c0 e0 15 cf 02 c6 ef e5 2d d6 3e 3b fb 14 e3 f1 dc fd 44 e5 21 b3 f8 1f 0a ce 42 87 75 5e ef ba 88 5a 74 d9 86 ec 52 18 90 7c 80 79 ea ca d1 cb ae 0c a1 81 3f e5 83 a2 bb 80 0a 5c cb 6b f9 85 9d cc 65 c1 9c 4c 0a 96 63 2d 09 97 6d f9 8f 08 75 b1 13 1f 4e f4 f2 bb e8 6c 68 69 09 f3 9e 6f b6 N Next payload: NOTIFY, reserved: 0x0, length: 36 b3 e6 e9 c8 4b d4 44 a0 e1 fc ea 0b 89 61 ff d3 11 28 98 26 83 01 c3 c8 62 38 25 45 32 ef 79 1b IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP 9c d0 c1 7f bd c2 e2 33 ac 53 5a 0f be 25 23 f8 75 a8 26 5b IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP b6 a3 1e de 34 67 ad 51 f9 5c e9 2e 45 e9 44 2d 25 78 10 38 IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (444): Checking NAT discovery IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (444): Redirect check is not needed, skipping it IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (444): Verify SA init message IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (444): Insert SA IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (444): Processing IKE_SA_INIT message IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (444): Process NAT discovery notify IKEv2-PROTO-7: (444): Processing nat detect src notify IKEv2-PROTO-7: (444): Remote address matched IKEv2-PROTO-7: (444): Processing nat detect dst notify IKEv2-PROTO-7: (444): Local address not matched IKEv2-PROTO-7: (444): Host is located NAT inside IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (444): Setting configured policies IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (444): Opening a PKI session IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (444): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (444): Request queued for computation of DH key IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (444): Action: Action_Null IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (444): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (444): Request queued for computation of DH secret IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (444): Action: Action_Null IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (444): Generate skeyid IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (444): Generating IKE_SA_INIT message IKEv2-PROTO-4: (444): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (444): AES-CBC(444): SHA256(444): SHA256(444): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(444): IKEv2-PROTO-4: (444): Sending Packet [To 34.157.146.197:500/From 192.168.68.2:500/VRF i0:f0] (444): Initiator SPI : 55DA711E8A726DFF - Responder SPI : 64433DAC65C18774 Message id: 0 (444): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (444): Next payload: SA, version: 2.0 (444): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (444): Message id: 0, length: 619(444): Payload contents: (444): SA(444): Next payload: KE, reserved: 0x0, length: 48 (444): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(444): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (444): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (444): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (444): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (444): KE(444): Next payload: N, reserved: 0x0, length: 264 (444): DH group: 14, Reserved: 0x0 (444): (444): 33 02 08 6f 2b 62 93 1b 58 73 83 d5 6e dc c1 4a (444): 43 a9 6d 7c 89 05 ce bc 0d ef 7c 00 77 6a c6 93 (444): 70 5d 54 cc a7 2c 4a 79 99 96 04 8b 46 99 96 04 (444): 5f fc 8e 02 77 57 6c 01 7b 3a 8e a5 6d 32 9c 26 (444): 36 10 02 26 2d 42 fc 08 52 9e cd 3f e5 08 e6 16 (444): 94 b0 3c 69 57 50 6b aa 67 ad 69 8c 55 7c e0 1a (444): 2d be 44 a7 73 39 a6 68 66 1f d8 db 26 b0 4d 91 (444): d6 95 56 1a f8 78 01 36 67 0b 4c 66 18 cb 7f e0 (444): 40 00 0e 34 56 b4 4a 3a 5a 86 82 15 f5 b1 cb 43 (444): e6 3e 00 6a 91 ce 6c 97 9e cb 02 89 3e 6a 1c 32 (444): 43 05 da 29 4a cb fe fb 55 bb 2d 0e bb 99 df a5 (444): 6b fb 73 a9 48 c8 c6 b5 27 56 61 db 59 7a b4 71 (444): 33 51 ac df 9c 32 85 9d cc ab 96 61 bd b1 d9 c6 (444): 38 da 51 e6 5e 44 64 42 f1 cd 28 fe d2 50 1a b9 (444): 07 92 ab 0d 25 53 5e 19 7f 9b 0a 11 c1 74 37 6d (444): 8d 14 3c e8 4e b4 c8 b1 fb 4a 47 29 30 6f 57 9b (444): N(444): Next payload: VID, reserved: 0x0, length: 68 (444): (444): 53 05 c5 83 fd 5f e4 6a 65 aa 00 8d 18 e2 cb 2e (444): d3 42 0d 0f 7f e5 88 1d 9c 15 ea c3 c9 6e 9b dd (444): 9e ff e9 85 b7 d7 bc 7e 7d dc 4e 59 25 fa a1 14 (444): 92 c7 11 09 50 e0 d3 e4 aa 46 f7 53 da e3 9e a4 (444): VID(444): Next payload: VID, reserved: 0x0, length: 23 (444): (444): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (444): 53 4f 4e (444): VID(444): Next payload: NOTIFY, reserved: 0x0, length: 59 (444): (444): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (444): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (444): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (444): 73 2c 20 49 6e 63 2e (444): NOTIFY(NAT_DETECTION_SOURCE_IP)(444): Next payload: NOTIFY, reserved: 0x0, length: 28 (444): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (444): (444): 46 63 a2 33 d3 ec ab 38 3b ba 5a cf ef 9e 08 0f (444): 1b 22 d9 b9 (444): NOTIFY(NAT_DETECTION_DESTINATION_IP)(444): Next payload: CERTREQ, reserved: 0x0, length: 28 (444): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (444): (444): 93 d4 ec 07 47 42 3f fb 93 15 cc 6a ad 23 cc f8 (444): 15 ef f9 4f (444): CERTREQ(444): Next payload: NOTIFY, reserved: 0x0, length: 45 (444): Cert encoding X.509 Certificate - signature (444): CertReq data: 40 bytes (444): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(444): Next payload: VID, reserved: 0x0, length: 8 (444): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (444): VID(444): Next payload: NONE, reserved: 0x0, length: 20 (444): (444): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (444): IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (444): IETF Fragmentation is enabled IKEv2-PROTO-4: (444): Completed SA init exchange IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (444): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (444): Request has mess_id 1; expected 1 through 1 (444): IKEv2-PROTO-4: (444): Received Packet [From 34.157.146.197:4500/To 192.168.68.2:500/VRF i0:f0] (444): Initiator SPI : 55DA711E8A726DFF - Responder SPI : 64433DAC65C18774 Message id: 1 (444): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (444): Next payload: ENCR, version: 2.0 (444): Exchange type: IKE_AUTH, flags: INITIATOR (444): Message id: 1, length: 320(444): Payload contents: IKEv2-PROTO-4: decrypt queued(444): (444): Decrypted packet:(444): Data: 320 bytes (444): REAL Decrypted packet:(444): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 92 c5 AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (444): Stopping timer to wait for auth message IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (444): Checking NAT discovery IKEv2-PROTO-4: (444): NAT INSIDE found IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (444): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (444): Received valid parameteres in process id IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (444): Searching policy based on peer's identity '34.157.146.197' of type 'IPv4 address' IKEv2-PROTO-2: (444): Failed to locate an item in the database IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (444): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (444): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (444): Building packet for encryption. (444): Payload contents: (444): NOTIFY(AUTHENTICATION_FAILED)(444): Next payload: NONE, reserved: 0x0, length: 8 (444): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (444): Action: Action_Null IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (444): IKEv2-PROTO-4: (444): Sending Packet [To 34.157.146.197:4500/From 192.168.68.2:4500/VRF i0:f0] (444): Initiator SPI : 55DA711E8A726DFF - Responder SPI : 64433DAC65C18774 Message id: 1 (444): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (444): Next payload: ENCR, version: 2.0 (444): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (444): Message id: 1, length: 80(444): Payload contents: (444): ENCR(444): Next payload: NOTIFY, reserved: 0x0, length: 52 (444): Encrypted data: 48 bytes (444): IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (444): Auth exchange failed IKEv2-PROTO-2: (444): Auth exchange failed IKEv2-PROTO-2: (444): Auth exchange failed IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (444): SM Trace-> SA: I_SPI=55DA711E8A726DFF R_SPI=64433DAC65C18774 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (444): Abort exchange IKEv2-PROTO-4: (444): Deleting SA IKEv2-PROTO-4: Received Packet [From 34.157.28.157:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : 796DBBA1267C3FFF - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 b5 03 73 1a ab c4 78 ff e9 95 f6 b7 c0 6a 60 3e 21 f5 19 d4 22 ae 7c d8 93 4c c0 c4 9b f7 24 30 69 07 ca b3 ae 1e 73 71 4b f6 58 1a 1f ea 5c 7c 9d 20 24 d5 8b 97 af 91 5c 5c 34 df 68 7d db 4f f5 27 df de 06 c2 92 f6 30 7b 20 91 f6 70 cb ed 0e d8 5c d8 87 34 45 ab 91 ab b1 28 f0 b4 5f bc 5f 19 ff b6 87 64 2e 78 c1 78 c4 94 de 65 5d ac 80 21 bb c9 f8 79 6f bc ed fa 74 20 76 9f 8a 4b 5b 2d 3d 65 09 49 b7 fc 67 a5 a7 fc c5 5e 1d de af 3e f3 c9 98 86 e0 5b b9 a8 89 5a 10 84 02 f2 44 af 40 dc d8 f4 d7 0b ed ef 91 ca 75 1b 49 fb 9a b2 1e fd 5c 0e 0f ad 8d 56 db 53 e3 8f 44 c7 27 99 a5 9a 54 9e c0 6d 1e e3 ac 1c 00 43 cb 84 3b b4 c6 f6 c6 9b 4b 97 2c c7 b5 6e ae 53 ca 91 e1 95 d7 15 01 2d 06 6a e6 90 cc 7f 74 77 88 24 39 d1 31 fa 0a fe 15 49 a1 12 79 cd ee 25 ad dc N Next payload: NOTIFY, reserved: 0x0, length: 36 97 7c 73 c4 d0 b1 c5 af a3 88 4a 39 2f 43 55 79 c4 ff 16 e0 92 f0 a6 d6 3a 83 cf b9 f2 2e 05 5f IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP 37 99 69 4a e8 cd 71 4f 4b d9 f6 d3 7e 69 e3 4c b0 35 ae c9 IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP d2 66 06 8f 58 f8 bf e2 c0 b6 f8 36 07 67 18 bd 0a 9a 65 f9 IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (567): Checking NAT discovery IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (567): Redirect check is not needed, skipping it IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (567): Verify SA init message IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (567): Insert SA IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (567): Processing IKE_SA_INIT message IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (567): Process NAT discovery notify IKEv2-PROTO-7: (567): Processing nat detect src notify IKEv2-PROTO-7: (567): Remote address matched IKEv2-PROTO-7: (567): Processing nat detect dst notify IKEv2-PROTO-7: (567): Local address not matched IKEv2-PROTO-7: (567): Host is located NAT inside IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (567): Setting configured policies IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (567): Opening a PKI session IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (567): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (567): Request queued for computation of DH key IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (567): Action: Action_Null IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (567): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (567): Request queued for computation of DH secret IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (567): Action: Action_Null IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (567): Generate skeyid IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (567): Generating IKE_SA_INIT message IKEv2-PROTO-4: (567): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (567): AES-CBC(567): SHA256(567): SHA256(567): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(567): IKEv2-PROTO-4: (567): Sending Packet [To 34.157.28.157:500/From 192.168.68.2:500/VRF i0:f0] (567): Initiator SPI : 796DBBA1267C3FFF - Responder SPI : F2F58646394830A2 Message id: 0 (567): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (567): Next payload: SA, version: 2.0 (567): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (567): Message id: 0, length: 619(567): Payload contents: (567): SA(567): Next payload: KE, reserved: 0x0, length: 48 (567): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(567): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (567): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (567): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (567): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (567): KE(567): Next payload: N, reserved: 0x0, length: 264 (567): DH group: 14, Reserved: 0x0 (567): (567): 5b f6 77 da 1f c5 e0 ec 27 37 2b 71 92 fe b3 41 (567): 2a f5 af 7d 56 2f 26 45 d0 aa 5f 81 0d 91 11 72 (567): ec cc af ec b4 90 8e 43 c7 e3 cd e4 b3 c4 c7 2d (567): 15 2e 62 58 a6 07 3a f9 f4 fc 90 0c 5f 2c a9 66 (567): 8e 89 fd 08 9c c9 4e 03 94 d7 31 3d 01 60 cf c8 (567): 87 a1 95 b0 e5 a3 98 5f f7 b1 1f ef 8e c7 56 c1 (567): 7f d5 ea 88 32 6c 7c 1e 07 bf 88 4f 0d c5 d4 81 (567): 5c ee e8 67 0c a4 6b ce fa e5 4a 2a 4e e6 bc e7 (567): 35 26 1f fa 8d 82 1a c2 5d 9b 68 ed 27 d6 d3 e2 (567): af f3 de a8 c0 b5 4f ba cc 0d f4 bb 54 80 4d 6b (567): 1f 43 b8 7c 94 bd 01 b5 b3 da cf f3 d0 21 4a 65 (567): 68 21 8b dc 8d 37 26 ff 2d dd 5e cd 11 62 14 fc (567): 09 28 25 66 5a 5f ac 72 93 b0 53 9e be bc c5 33 (567): d1 28 00 e6 f7 74 7d 24 fa af c1 df e0 71 6f 0d (567): 2d 4a bf 36 82 3d b5 4c 33 f3 fc b6 cc ea a5 45 (567): c0 f8 fe 23 20 9c 0c e1 e5 71 f2 70 44 9e 88 c1 (567): N(567): Next payload: VID, reserved: 0x0, length: 68 (567): (567): d5 89 59 89 c7 34 f2 a9 c4 27 bb 53 aa 5f 18 49 (567): 61 5e 6d c0 03 b2 38 a4 cd 5a 2f a3 0f f0 74 11 (567): e4 db b1 46 81 da b1 3a 46 92 07 a8 fd 01 48 74 (567): ad 4e e0 85 f9 29 34 a7 be 6e 8d 64 50 fe fe 54 (567): VID(567): Next payload: VID, reserved: 0x0, length: 23 (567): (567): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (567): 53 4f 4e (567): VID(567): Next payload: NOTIFY, reserved: 0x0, length: 59 (567): (567): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (567): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (567): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (567): 73 2c 20 49 6e 63 2e (567): NOTIFY(NAT_DETECTION_SOURCE_IP)(567): Next payload: NOTIFY, reserved: 0x0, length: 28 (567): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (567): (567): 40 90 92 17 60 f3 5a 05 20 eb 8c 86 8c 90 2f 21 (567): ba 62 87 9c (567): NOTIFY(NAT_DETECTION_DESTINATION_IP)(567): Next payload: CERTREQ, reserved: 0x0, length: 28 (567): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (567): (567): 20 bf 97 b0 68 1d f5 9a 1a a1 4b c1 01 24 cb ef (567): 26 c6 75 1b (567): CERTREQ(567): Next payload: NOTIFY, reserved: 0x0, length: 45 (567): Cert encoding X.509 Certificate - signature (567): CertReq data: 40 bytes (567): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(567): Next payload: VID, reserved: 0x0, length: 8 (567): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (567): VID(567): Next payload: NONE, reserved: 0x0, length: 20 (567): (567): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (567): IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (567): IETF Fragmentation is enabled IKEv2-PROTO-4: (567): Completed SA init exchange IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (567): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (567): Request has mess_id 1; expected 1 through 1 (567): IKEv2-PROTO-4: (567): Received Packet [From 34.157.28.157:4500/To 192.168.68.2:500/VRF i0:f0] (567): Initiator SPI : 796DBBA1267C3FFF - Responder SPI : F2F58646394830A2 Message id: 1 (567): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (567): Next payload: ENCR, version: 2.0 (567): Exchange type: IKE_AUTH, flags: INITIATOR (567): Message id: 1, length: 320(567): Payload contents: IKEv2-PROTO-4: decrypt queued(567): (567): Decrypted packet:(567): Data: 320 bytes (567): REAL Decrypted packet:(567): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 1c 9d AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (567): Stopping timer to wait for auth message IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (567): Checking NAT discovery IKEv2-PROTO-4: (567): NAT INSIDE found IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (567): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (567): Received valid parameteres in process id IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (567): Searching policy based on peer's identity '34.157.28.157' of type 'IPv4 address' IKEv2-PROTO-2: (567): Failed to locate an item in the database IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (567): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (567): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (567): Building packet for encryption. (567): Payload contents: (567): NOTIFY(AUTHENTICATION_FAILED)(567): Next payload: NONE, reserved: 0x0, length: 8 (567): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (567): Action: Action_Null IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (567): IKEv2-PROTO-4: (567): Sending Packet [To 34.157.28.157:4500/From 192.168.68.2:4500/VRF i0:f0] (567): Initiator SPI : 796DBBA1267C3FFF - Responder SPI : F2F58646394830A2 Message id: 1 (567): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (567): Next payload: ENCR, version: 2.0 (567): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (567): Message id: 1, length: 80(567): Payload contents: (567): ENCR(567): Next payload: NOTIFY, reserved: 0x0, length: 52 (567): Encrypted data: 48 bytes (567): IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (567): Auth exchange failed IKEv2-PROTO-2: (567): Auth exchange failed IKEv2-PROTO-2: (567): Auth exchange failed IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (567): SM Trace-> SA: I_SPI=796DBBA1267C3FFF R_SPI=F2F58646394830A2 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (567): Abort exchange IKEv2-PROTO-4: (567): Deleting SA IKEv2-PROTO-7: (263): Restarting DPD timer 10 secs IKEv2-PROTO-4: Received Packet [From 34.157.146.197:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : 8F50E1218C7D6945 - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 2d 5e 5c bc 6d 06 f1 db 41 3a 0d fb 1e 1e c0 85 ce b3 14 7f 5c 3d 5f a1 2d cf 11 74 55 8c ad d0 87 7a 03 bf 89 88 a8 6d 0a 6a ef 8b fe 66 12 0b ee c2 f4 d4 7d 18 f4 9c d9 3f 7a 8e 6b a4 5a 23 e7 31 91 4e a0 fa b8 60 5c ef ed b3 2d af cd 88 f6 1f ad bc a8 46 72 f0 83 3a 53 7d 2a 4a eb c2 43 63 fa bf 6a d5 26 65 39 9d 57 16 aa c9 f3 3b 46 f0 5a 3f ad ff eb 0d be 85 dc b5 8e 57 51 ae b3 c3 52 b9 eb bd 73 3b 19 a9 58 54 b3 e5 ec e1 f5 c3 3d 67 b3 d7 7c bd 05 86 c5 03 b2 11 f4 8c f1 7a 86 03 ff 78 4e e1 28 e2 91 16 20 c4 33 c8 74 82 0a 92 38 14 62 4b 2a c8 2a b9 11 dc 0f 7f 8e 5c 07 bd 70 86 8f 46 d0 21 77 64 0d a8 a1 cc 01 8d 22 9b 90 bd 53 52 07 22 22 d6 af 0e f3 1f 1a 42 16 91 6f 46 b9 af a4 4d 1f d9 91 6f af 78 5c 08 1b 2b 99 08 4b 63 61 d3 67 7a 4f 11 13 ea N Next payload: NOTIFY, reserved: 0x0, length: 36 f8 b7 88 55 30 43 ad 7a bb fa c4 09 79 de e0 22 aa 34 3d 2b 0e a2 19 ee 4d cb e0 27 42 2e bd 02 IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP 0e 10 22 94 e6 c9 2b 9c 1d 64 0b 4e ee 0f 64 2e 9c 2d e1 f0 IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP 7d d6 04 1c 0c 60 44 89 58 87 7f af d0 e3 59 a6 bb 3a e8 f1 IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (194): Checking NAT discovery IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (194): Redirect check is not needed, skipping it IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (194): Verify SA init message IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (194): Insert SA IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (194): Processing IKE_SA_INIT message IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (194): Process NAT discovery notify IKEv2-PROTO-7: (194): Processing nat detect src notify IKEv2-PROTO-7: (194): Remote address matched IKEv2-PROTO-7: (194): Processing nat detect dst notify IKEv2-PROTO-7: (194): Local address not matched IKEv2-PROTO-7: (194): Host is located NAT inside IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (194): Setting configured policies IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (194): Opening a PKI session IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (194): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (194): Request queued for computation of DH key IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (194): Action: Action_Null IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (194): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (194): Request queued for computation of DH secret IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (194): Action: Action_Null IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (194): Generate skeyid IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (194): Generating IKE_SA_INIT message IKEv2-PROTO-4: (194): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (194): AES-CBC(194): SHA256(194): SHA256(194): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(194): IKEv2-PROTO-4: (194): Sending Packet [To 34.157.146.197:500/From 192.168.68.2:500/VRF i0:f0] (194): Initiator SPI : 8F50E1218C7D6945 - Responder SPI : 20032AA0A3068F37 Message id: 0 (194): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (194): Next payload: SA, version: 2.0 (194): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (194): Message id: 0, length: 619(194): Payload contents: (194): SA(194): Next payload: KE, reserved: 0x0, length: 48 (194): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(194): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (194): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (194): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (194): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (194): KE(194): Next payload: N, reserved: 0x0, length: 264 (194): DH group: 14, Reserved: 0x0 (194): (194): a2 7a ce 82 d8 b6 92 7e 0b 16 ff e4 6b 14 61 f2 (194): 50 29 2e 28 40 e2 fd ef b1 4c fb da 7b 4e 3d 0a (194): 93 86 b2 d9 63 f4 b6 f7 f4 c5 0c b6 4b e7 aa 6e (194): 5a 50 ba 85 9c 20 4d 69 90 a2 a7 03 ea 28 60 83 (194): 92 8c f0 92 30 53 9a ea 70 4c 79 0d 5f 34 ac 25 (194): 01 09 7c 92 b6 91 30 6e e7 aa e6 f8 3e da 96 8c (194): 62 5a a0 9a dc a6 cf 42 65 be f0 20 6f 12 4e 58 (194): 0a b3 ea bf dc ae fd c0 89 69 db 40 0d 8d 1e 66 (194): d3 6e 67 b9 96 52 bf a9 46 cd 94 94 3a 46 ba 5b (194): c3 80 a5 9b 71 01 06 bb 60 01 77 aa c4 a7 e3 0c (194): a2 49 ac 46 08 45 6f a7 95 db 7c 97 72 80 6d 81 (194): 21 34 44 77 21 8b 1f 97 a7 90 f2 d2 0a 5a 15 c9 (194): 16 75 2f 24 7e 31 74 1f cc 83 82 32 93 60 b3 21 (194): 33 76 60 05 37 67 8a 61 bd 10 4f ba 5a b1 d6 a4 (194): fe de 52 34 c1 3e 9f ca fe e7 8a 59 dc be 08 fc (194): d6 71 4e a9 95 c8 e8 d8 7b 3e 0c 83 ae 51 70 cd (194): N(194): Next payload: VID, reserved: 0x0, length: 68 (194): (194): 6a df ea 9d 80 a1 c5 81 0a 9d aa 13 87 f2 c2 43 (194): 44 e0 a0 e6 7c 18 b1 54 20 b4 05 a6 aa 11 d7 0b (194): a1 19 0b 6a f0 58 08 3a 3c b0 3c f1 8c ef da 97 (194): db f9 b4 85 0b 9a e3 17 ee 87 f9 b8 90 b4 9c e6 (194): VID(194): Next payload: VID, reserved: 0x0, length: 23 (194): (194): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (194): 53 4f 4e (194): VID(194): Next payload: NOTIFY, reserved: 0x0, length: 59 (194): (194): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (194): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (194): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (194): 73 2c 20 49 6e 63 2e (194): NOTIFY(NAT_DETECTION_SOURCE_IP)(194): Next payload: NOTIFY, reserved: 0x0, length: 28 (194): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (194): (194): 9a d2 b4 e4 5f ce 3d c8 97 df a9 2c 2f 88 af 12 (194): e5 e0 1e 76 (194): NOTIFY(NAT_DETECTION_DESTINATION_IP)(194): Next payload: CERTREQ, reserved: 0x0, length: 28 (194): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (194): (194): b0 a6 28 a6 10 ce 75 8b 33 12 2c 74 f1 9f 92 0c (194): 3f 9c 34 3e (194): CERTREQ(194): Next payload: NOTIFY, reserved: 0x0, length: 45 (194): Cert encoding X.509 Certificate - signature (194): CertReq data: 40 bytes (194): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(194): Next payload: VID, reserved: 0x0, length: 8 (194): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (194): VID(194): Next payload: NONE, reserved: 0x0, length: 20 (194): (194): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (194): IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (194): IETF Fragmentation is enabled IKEv2-PROTO-4: (194): Completed SA init exchange IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (194): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (194): Request has mess_id 1; expected 1 through 1 (194): IKEv2-PROTO-4: (194): Received Packet [From 34.157.146.197:4500/To 192.168.68.2:500/VRF i0:f0] (194): Initiator SPI : 8F50E1218C7D6945 - Responder SPI : 20032AA0A3068F37 Message id: 1 (194): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (194): Next payload: ENCR, version: 2.0 (194): Exchange type: IKE_AUTH, flags: INITIATOR (194): Message id: 1, length: 320(194): Payload contents: IKEv2-PROTO-4: decrypt queued(194): (194): Decrypted packet:(194): Data: 320 bytes (194): REAL Decrypted packet:(194): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 92 c5 AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (194): Stopping timer to wait for auth message IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (194): Checking NAT discovery IKEv2-PROTO-4: (194): NAT INSIDE found IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (194): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (194): Received valid parameteres in process id IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (194): Searching policy based on peer's identity '34.157.146.197' of type 'IPv4 address' IKEv2-PROTO-2: (194): Failed to locate an item in the database IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (194): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (194): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (194): Building packet for encryption. (194): Payload contents: (194): NOTIFY(AUTHENTICATION_FAILED)(194): Next payload: NONE, reserved: 0x0, length: 8 (194): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (194): Action: Action_Null IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (194): IKEv2-PROTO-4: (194): Sending Packet [To 34.157.146.197:4500/From 192.168.68.2:4500/VRF i0:f0] (194): Initiator SPI : 8F50E1218C7D6945 - Responder SPI : 20032AA0A3068F37 Message id: 1 (194): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (194): Next payload: ENCR, version: 2.0 (194): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (194): Message id: 1, length: 80(194): Payload contents: (194): ENCR(194): Next payload: NOTIFY, reserved: 0x0, length: 52 (194): Encrypted data: 48 bytes (194): IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (194): Auth exchange failed IKEv2-PROTO-2: (194): Auth exchange failed IKEv2-PROTO-2: (194): Auth exchange failed IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (194): SM Trace-> SA: I_SPI=8F50E1218C7D6945 R_SPI=20032AA0A3068F37 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (194): Abort exchange IKEv2-PROTO-4: (194): Deleting SA IKEv2-PROTO-4: Received Packet [From 34.157.28.157:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : C93E2F7937B1C38D - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 ea 8e ee 3a 9e dd 83 e0 74 bf c3 1d ef 30 af 76 ce 7e ef 55 78 0e 8e 75 6e 05 97 f7 92 45 c9 92 50 77 de 50 93 00 a8 dc af 8b aa 12 93 37 be f8 d2 88 aa af 12 d4 78 46 7e 42 4e 0b 60 73 3d 38 bd 09 77 8b 31 de f9 02 33 4d 5d 9e 6e f2 ec 5e 26 84 a1 86 81 02 a3 ec 8e 3b 1f 90 a8 f0 6c 17 4d c8 e2 48 a0 40 7c 95 b7 89 cb d5 02 92 1f 5a 9c 7c 29 1d 0d 62 dc c9 d6 82 4d 05 06 6b 30 97 b1 a6 29 61 f6 b1 ef 47 1e c4 c9 9b 5f 04 07 95 71 d5 0e f3 dc 18 54 e1 59 ac 92 a6 f3 9b d9 72 81 92 47 c3 d9 3f 1c 5e a4 a4 c7 ce 22 24 22 4b 7f 41 48 df 83 d6 ad 7f c7 1f aa 0e f7 47 6e 42 00 70 d6 a0 76 bd 88 6f 11 aa 04 f8 75 6c 6d 77 3d ed d3 e0 cb 82 c6 34 83 e7 f1 e0 2d 81 f7 a2 9c d5 1d c3 ab a8 23 10 d8 d3 1f e3 65 28 6b 41 6e 4c 04 73 ca 05 8e 45 ec 36 12 0e a4 26 28 8a N Next payload: NOTIFY, reserved: 0x0, length: 36 7b 83 36 35 6b 0f 3e 25 9e 7d 29 55 f4 16 e6 f7 ae 16 41 f2 85 c6 04 cf 0c 99 35 a4 ed 47 de ca IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP 2a 93 d1 13 4d 83 18 72 cf 46 f3 7e 67 c8 20 7b 16 c2 99 27 IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP 3b f1 88 34 8f 3d 90 bd 00 09 ac 83 3f 03 cb 24 6b a2 8e 63 IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (219): Checking NAT discovery IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (219): Redirect check is not needed, skipping it IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (219): Verify SA init message IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (219): Insert SA IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (219): Processing IKE_SA_INIT message IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (219): Process NAT discovery notify IKEv2-PROTO-7: (219): Processing nat detect src notify IKEv2-PROTO-7: (219): Remote address matched IKEv2-PROTO-7: (219): Processing nat detect dst notify IKEv2-PROTO-7: (219): Local address not matched IKEv2-PROTO-7: (219): Host is located NAT inside IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (219): Setting configured policies IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (219): Opening a PKI session IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (219): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (219): Request queued for computation of DH key IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (219): Action: Action_Null IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (219): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (219): Request queued for computation of DH secret IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (219): Action: Action_Null IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (219): Generate skeyid IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (219): Generating IKE_SA_INIT message IKEv2-PROTO-4: (219): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (219): AES-CBC(219): SHA256(219): SHA256(219): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(219): IKEv2-PROTO-4: (219): Sending Packet [To 34.157.28.157:500/From 192.168.68.2:500/VRF i0:f0] (219): Initiator SPI : C93E2F7937B1C38D - Responder SPI : 3348F94B4B5F3920 Message id: 0 (219): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (219): Next payload: SA, version: 2.0 (219): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (219): Message id: 0, length: 619(219): Payload contents: (219): SA(219): Next payload: KE, reserved: 0x0, length: 48 (219): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(219): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (219): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (219): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (219): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (219): KE(219): Next payload: N, reserved: 0x0, length: 264 (219): DH group: 14, Reserved: 0x0 (219): (219): 0f ac 55 16 69 7b 07 8a 0b 24 3e 0e d5 f8 e8 f1 (219): c3 36 40 44 df 4f f4 06 9b 08 60 08 ee 57 54 3c (219): 39 4c 0a 9e b3 03 84 c1 da 53 e4 4a 2a 77 f0 5a (219): e9 4f 17 43 8c 7b 52 2f 66 87 53 3a 29 af bc 28 (219): 66 96 35 e5 00 b6 91 33 aa 76 04 4b c0 45 78 86 (219): 49 39 96 98 e9 f6 97 08 db 36 c3 f4 ac 48 88 1b (219): ed 93 e9 c7 35 7c c8 db 02 02 e6 e4 9b 43 68 a4 (219): 92 26 7d 86 57 47 22 9c ad 9f 09 d9 3c d8 19 7c (219): 77 9b c4 bd 14 40 db a0 79 c1 16 ba da da 7c f3 (219): d1 07 b8 7d 3a 0a 52 7c e2 ea f8 2e b5 e0 e9 15 (219): 61 c0 e0 a1 d3 88 9b 09 67 e7 ef c8 5b 51 eb 89 (219): dd 5e bf 97 56 29 82 f7 36 e9 76 14 3a fc 1e a3 (219): e9 1c b0 68 7a 03 6b f2 bd d7 ce 1f 47 3b 91 cc (219): f0 94 74 97 73 a5 25 34 3e d0 1a 24 5c e2 60 96 (219): 3d 5f dd 3a 63 b5 b1 97 62 e6 20 f4 0b c6 2c 98 (219): 77 e7 cf 1e d0 05 86 53 a0 8b d9 75 d8 92 a7 1e (219): N(219): Next payload: VID, reserved: 0x0, length: 68 (219): (219): ac 3f a6 dc b5 d2 11 7c 75 db f8 55 e8 ba 6d d2 (219): 05 b4 7f 07 ac 36 f0 58 00 1c f4 29 9f f2 35 af (219): d6 52 c9 66 25 a9 23 09 f0 8a f9 5f 53 b5 af 9e (219): 02 40 80 7f 14 a6 9e 19 dd d1 62 f9 15 a0 d1 01 (219): VID(219): Next payload: VID, reserved: 0x0, length: 23 (219): (219): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (219): 53 4f 4e (219): VID(219): Next payload: NOTIFY, reserved: 0x0, length: 59 (219): (219): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (219): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (219): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (219): 73 2c 20 49 6e 63 2e (219): NOTIFY(NAT_DETECTION_SOURCE_IP)(219): Next payload: NOTIFY, reserved: 0x0, length: 28 (219): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (219): (219): fc 5f 89 fe 0a 81 c3 99 e0 68 5f 4e 30 6d 19 8a (219): d6 97 0e 86 (219): NOTIFY(NAT_DETECTION_DESTINATION_IP)(219): Next payload: CERTREQ, reserved: 0x0, length: 28 (219): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (219): (219): 7c ef bd 35 ec ab 8d 4b ad 66 76 a1 7a 2d df d1 (219): 28 02 3e 41 (219): CERTREQ(219): Next payload: NOTIFY, reserved: 0x0, length: 45 (219): Cert encoding X.509 Certificate - signature (219): CertReq data: 40 bytes (219): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(219): Next payload: VID, reserved: 0x0, length: 8 (219): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (219): VID(219): Next payload: NONE, reserved: 0x0, length: 20 (219): (219): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (219): IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (219): IETF Fragmentation is enabled IKEv2-PROTO-4: (219): Completed SA init exchange IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (219): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (219): Request has mess_id 1; expected 1 through 1 (219): IKEv2-PROTO-4: (219): Received Packet [From 34.157.28.157:4500/To 192.168.68.2:500/VRF i0:f0] (219): Initiator SPI : C93E2F7937B1C38D - Responder SPI : 3348F94B4B5F3920 Message id: 1 (219): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (219): Next payload: ENCR, version: 2.0 (219): Exchange type: IKE_AUTH, flags: INITIATOR (219): Message id: 1, length: 320(219): Payload contents: IKEv2-PROTO-4: decrypt queued(219): (219): Decrypted packet:(219): Data: 320 bytes (219): REAL Decrypted packet:(219): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 1c 9d AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (219): Stopping timer to wait for auth message IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (219): Checking NAT discovery IKEv2-PROTO-4: (219): NAT INSIDE found IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (219): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (219): Received valid parameteres in process id IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (219): Searching policy based on peer's identity '34.157.28.157' of type 'IPv4 address' IKEv2-PROTO-2: (219): Failed to locate an item in the database IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (219): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (219): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (219): Building packet for encryption. (219): Payload contents: (219): NOTIFY(AUTHENTICATION_FAILED)(219): Next payload: NONE, reserved: 0x0, length: 8 (219): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (219): Action: Action_Null IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (219): IKEv2-PROTO-4: (219): Sending Packet [To 34.157.28.157:4500/From 192.168.68.2:4500/VRF i0:f0] (219): Initiator SPI : C93E2F7937B1C38D - Responder SPI : 3348F94B4B5F3920 Message id: 1 (219): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (219): Next payload: ENCR, version: 2.0 (219): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (219): Message id: 1, length: 80(219): Payload contents: (219): ENCR(219): Next payload: NOTIFY, reserved: 0x0, length: 52 (219): Encrypted data: 48 bytes (219): IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (219): Auth exchange failed IKEv2-PROTO-2: (219): Auth exchange failed IKEv2-PROTO-2: (219): Auth exchange failed IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (219): SM Trace-> SA: I_SPI=C93E2F7937B1C38D R_SPI=3348F94B4B5F3920 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (219): Abort exchange IKEv2-PROTO-4: (219): Deleting SA IKEv2-PROTO-4: Received Packet [From 34.157.146.197:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : 7117CE614132F465 - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 af 5c 0a df 9b 98 16 b1 ba f0 c6 6d de 4a a9 a8 d8 6b 1e ef 81 aa 0c f9 b5 58 02 f9 45 7d 1c 3c 84 c3 f1 12 05 91 51 a9 f1 2f ee 31 bb ee 07 50 6a 97 0d 22 b5 b7 0e a8 b4 db 3b 5c 57 f8 04 d2 52 df 01 fb 92 f0 7f e2 ad 64 c0 02 e5 f8 12 af 04 04 84 a3 4e b4 9e f0 a9 41 2d 33 47 43 89 b4 58 3f 95 a7 87 e9 65 2e e4 3c d6 90 02 a8 4c d7 b7 92 d6 e7 ab 76 82 c3 66 3e 94 6b 87 f4 52 4c e9 91 2c e4 60 8e 94 69 49 cc 6a ba 19 dc bb 51 c0 41 5f 94 24 b7 2f 5f c1 a0 f4 9b 9f 63 18 af 6d df f1 e3 77 47 a4 6e 18 a3 33 67 7e 17 4a 37 21 3b f6 b4 72 51 d8 28 83 e8 9b 1c db 1c 37 62 f9 81 63 a3 fa 6e f3 94 89 0d 78 b8 82 e2 bf 26 1f 90 df e4 12 cd b5 1c 9c d9 09 fa 28 16 00 a4 65 6f 3e 1f 63 6f 2f bd 3c ef c6 00 1b 19 80 4c f9 73 5c db c5 f3 2f 46 f7 09 c9 92 19 a8 db d8 N Next payload: NOTIFY, reserved: 0x0, length: 36 b7 06 d5 20 b3 01 6f ed 5f 10 75 eb e1 77 0c da 18 41 e3 2f 96 b8 dd 26 9b 68 31 ad a2 82 63 b2 IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP 52 27 7b ac 19 48 70 a6 3b 3b f5 01 80 b7 71 49 ab 11 79 3a IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP 53 cf 23 b3 87 64 24 a8 a9 70 ae e3 66 e5 7c ad 11 f2 1b d1 IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (621): Checking NAT discovery IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (621): Redirect check is not needed, skipping it IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (621): Verify SA init message IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (621): Insert SA IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (621): Processing IKE_SA_INIT message IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (621): Process NAT discovery notify IKEv2-PROTO-7: (621): Processing nat detect src notify IKEv2-PROTO-7: (621): Remote address matched IKEv2-PROTO-7: (621): Processing nat detect dst notify IKEv2-PROTO-7: (621): Local address not matched IKEv2-PROTO-7: (621): Host is located NAT inside IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (621): Setting configured policies IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (621): Opening a PKI session IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (621): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (621): Request queued for computation of DH key IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (621): Action: Action_Null IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (621): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (621): Request queued for computation of DH secret IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (621): Action: Action_Null IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (621): Generate skeyid IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (621): Generating IKE_SA_INIT message IKEv2-PROTO-4: (621): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (621): AES-CBC(621): SHA256(621): SHA256(621): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(621): IKEv2-PROTO-4: (621): Sending Packet [To 34.157.146.197:500/From 192.168.68.2:500/VRF i0:f0] (621): Initiator SPI : 7117CE614132F465 - Responder SPI : 5CBDDB99FF9418DE Message id: 0 (621): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (621): Next payload: SA, version: 2.0 (621): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (621): Message id: 0, length: 619(621): Payload contents: (621): SA(621): Next payload: KE, reserved: 0x0, length: 48 (621): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(621): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (621): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (621): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (621): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (621): KE(621): Next payload: N, reserved: 0x0, length: 264 (621): DH group: 14, Reserved: 0x0 (621): (621): 85 e8 71 cb 5c 26 5e ab 2f 25 57 d4 8f 01 87 8f (621): dc b7 3e f1 51 d3 d9 6a 90 c9 df 0b 8e 35 92 ec (621): 91 b2 4b a5 92 f1 55 41 19 29 db 31 b2 45 93 2d (621): 9a 27 f5 ab 18 60 9e 61 17 9a 01 e3 ad a4 a1 7f (621): f2 a6 76 c1 5b da dc 40 aa 09 5e 5b e7 cf ed 75 (621): 1e 66 a7 56 b2 2e bc 04 9a 98 12 85 71 65 f8 39 (621): ee d8 df 56 c6 56 c6 4d d5 e2 ba 2c 29 08 eb 6a (621): 04 b3 7a 6c 98 27 36 31 a7 07 73 8a 7a 99 b1 d3 (621): 83 c6 34 da c3 23 e2 e8 88 68 ec de 94 be 56 0b (621): db 57 50 46 5f 91 ff 23 1f 5c c5 5e 13 fc 08 9f (621): cf 6a 46 5b 10 53 c7 cf b8 23 24 6e d8 66 eb f0 (621): e1 a2 26 a6 a0 6c 0e 9f 04 70 d9 57 56 b4 0a a1 (621): c9 df c1 ae 40 01 a0 fa 96 19 42 80 ca 4b 4c 2c (621): c0 70 18 94 73 5f 00 03 71 47 a8 6d 0f da 8e 21 (621): 8e ee ea 4d f9 3f c8 5c 41 c1 8a fa 1d 53 38 4d (621): 81 1a 75 d3 5e 37 07 4c 7d 39 8f c0 de 42 c0 b0 (621): N(621): Next payload: VID, reserved: 0x0, length: 68 (621): (621): 66 69 ce 7d a9 39 5d dd 8c cf ce d9 3a 3d bd 0a (621): 5b 4c a7 bc 19 7d 3e b0 ee 0e a5 60 c1 fb 95 66 (621): 28 2a c2 b4 9a 02 44 90 c2 a5 e9 71 a3 37 6f 9f (621): f6 e8 0f f6 e3 8e bf 5a 90 73 25 68 91 e1 41 ae (621): VID(621): Next payload: VID, reserved: 0x0, length: 23 (621): (621): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (621): 53 4f 4e (621): VID(621): Next payload: NOTIFY, reserved: 0x0, length: 59 (621): (621): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (621): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (621): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (621): 73 2c 20 49 6e 63 2e (621): NOTIFY(NAT_DETECTION_SOURCE_IP)(621): Next payload: NOTIFY, reserved: 0x0, length: 28 (621): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (621): (621): e1 59 fd e5 76 e1 23 fa 49 09 ea 4f 63 5d 7e e9 (621): b3 d3 a2 7e (621): NOTIFY(NAT_DETECTION_DESTINATION_IP)(621): Next payload: CERTREQ, reserved: 0x0, length: 28 (621): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (621): (621): fa 9d 19 bb d7 f6 88 2c ca 10 dc ab 36 59 0c ef (621): bf eb 5d 21 (621): CERTREQ(621): Next payload: NOTIFY, reserved: 0x0, length: 45 (621): Cert encoding X.509 Certificate - signature (621): CertReq data: 40 bytes (621): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(621): Next payload: VID, reserved: 0x0, length: 8 (621): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (621): VID(621): Next payload: NONE, reserved: 0x0, length: 20 (621): (621): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (621): IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (621): IETF Fragmentation is enabled IKEv2-PROTO-4: (621): Completed SA init exchange IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (621): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (621): Request has mess_id 1; expected 1 through 1 (621): IKEv2-PROTO-4: (621): Received Packet [From 34.157.146.197:4500/To 192.168.68.2:500/VRF i0:f0] (621): Initiator SPI : 7117CE614132F465 - Responder SPI : 5CBDDB99FF9418DE Message id: 1 (621): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (621): Next payload: ENCR, version: 2.0 (621): Exchange type: IKE_AUTH, flags: INITIATOR (621): Message id: 1, length: 320(621): Payload contents: IKEv2-PROTO-4: decrypt queued(621): (621): Decrypted packet:(621): Data: 320 bytes (621): REAL Decrypted packet:(621): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 92 c5 AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (621): Stopping timer to wait for auth message IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (621): Checking NAT discovery IKEv2-PROTO-4: (621): NAT INSIDE found IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (621): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (621): Received valid parameteres in process id IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (621): Searching policy based on peer's identity '34.157.146.197' of type 'IPv4 address' IKEv2-PROTO-2: (621): Failed to locate an item in the database IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (621): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (621): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (621): Building packet for encryption. (621): Payload contents: (621): NOTIFY(AUTHENTICATION_FAILED)(621): Next payload: NONE, reserved: 0x0, length: 8 (621): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (621): Action: Action_Null IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (621): IKEv2-PROTO-4: (621): Sending Packet [To 34.157.146.197:4500/From 192.168.68.2:4500/VRF i0:f0] (621): Initiator SPI : 7117CE614132F465 - Responder SPI : 5CBDDB99FF9418DE Message id: 1 (621): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (621): Next payload: ENCR, version: 2.0 (621): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (621): Message id: 1, length: 80(621): Payload contents: (621): ENCR(621): Next payload: NOTIFY, reserved: 0x0, length: 52 (621): Encrypted data: 48 bytes (621): IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (621): Auth exchange failed IKEv2-PROTO-2: (621): Auth exchange failed IKEv2-PROTO-2: (621): Auth exchange failed IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (621): SM Trace-> SA: I_SPI=7117CE614132F465 R_SPI=5CBDDB99FF9418DE (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (621): Abort exchange IKEv2-PROTO-4: (621): Deleting SA IKEv2-PROTO-4: Received Packet [From 34.157.28.157:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : 13A7DFB06FC51380 - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 c3 24 d4 57 eb 26 f3 13 40 4a 33 13 49 61 7c af 60 09 50 fe 9a df f3 15 ba c7 ce 83 62 cc 4f aa 7b 10 d5 c8 f2 4e cb 40 82 e0 0f cb f7 c2 94 56 07 5b e4 45 95 17 69 5c bc 73 c3 39 d4 38 8d ae 35 aa c9 f2 ff ec e2 19 f4 1d 5a 11 e9 ef 19 5a 69 d0 17 4e b6 e9 1e eb 0b e4 e1 3b f6 8a f8 d2 bd dc 49 e6 2b 6e 5b 73 92 45 db 80 16 98 65 03 91 a2 99 ae cc 78 67 cd 33 64 4b 5d 00 e4 f5 3d cd ec d9 f0 38 03 0c 52 66 b6 a0 7d f8 2e 00 1d ae ba c0 2d fc 4b 7c fc c5 09 48 d2 27 9d ad a4 44 57 ba 2d 7d d9 e1 eb 75 03 aa d5 01 de fd 02 2a 41 35 59 8a 11 e4 73 92 5d ab 87 3c 02 19 34 c2 e3 52 48 b9 06 f7 16 4c a1 88 e9 0d d8 04 d8 ee f8 dd d6 0b 3e 1d 9b c6 7b 86 d6 e1 db d1 b4 f8 44 e9 2f 3c 40 5f f5 10 0c c7 20 96 08 01 5c 5f 67 f3 87 ee 78 f6 fa cb 4c 3b 6f 27 ca a6 34 N Next payload: NOTIFY, reserved: 0x0, length: 36 19 43 f7 f6 d3 4c 2e 38 e6 dd 7d 3d b4 ef d0 53 3d 82 88 7d 4e 2f 56 5b a6 4d 57 5a 47 a1 09 fa IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP 46 f8 cb 36 50 96 e5 6d ca da 8c 68 29 a8 26 8a 69 4e 19 1a IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP ea b2 07 9e c8 5b 1f 3f 3b b0 9f c5 79 d6 ae c7 94 77 f8 c9 IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (675): Checking NAT discovery IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (675): Redirect check is not needed, skipping it IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (675): Verify SA init message IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (675): Insert SA IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (675): Processing IKE_SA_INIT message IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (675): Process NAT discovery notify IKEv2-PROTO-7: (675): Processing nat detect src notify IKEv2-PROTO-7: (675): Remote address matched IKEv2-PROTO-7: (675): Processing nat detect dst notify IKEv2-PROTO-7: (675): Local address not matched IKEv2-PROTO-7: (675): Host is located NAT inside IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (675): Setting configured policies IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (675): Opening a PKI session IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (675): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (675): Request queued for computation of DH key IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (675): Action: Action_Null IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (675): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (675): Request queued for computation of DH secret IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (675): Action: Action_Null IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (675): Generate skeyid IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (675): Generating IKE_SA_INIT message IKEv2-PROTO-4: (675): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (675): AES-CBC(675): SHA256(675): SHA256(675): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(675): IKEv2-PROTO-4: (675): Sending Packet [To 34.157.28.157:500/From 192.168.68.2:500/VRF i0:f0] (675): Initiator SPI : 13A7DFB06FC51380 - Responder SPI : 808214938158E582 Message id: 0 (675): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (675): Next payload: SA, version: 2.0 (675): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (675): Message id: 0, length: 619(675): Payload contents: (675): SA(675): Next payload: KE, reserved: 0x0, length: 48 (675): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(675): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (675): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (675): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (675): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (675): KE(675): Next payload: N, reserved: 0x0, length: 264 (675): DH group: 14, Reserved: 0x0 (675): (675): ca 3d 0e b7 52 07 20 6e 9f 94 26 3a 4e e9 0f e3 (675): 40 ae 7d cc 6f 7e 50 5e 6c c9 38 85 a6 90 fc da (675): 87 bb e7 8f 30 42 8a 66 6f 0b 6d 26 79 f7 ed 52 (675): 6a d7 58 de 9e 33 78 68 46 8b e6 e7 f8 3b 3d a7 (675): 04 95 60 8c 1b 12 14 74 dc a5 a4 24 30 2d 63 a8 (675): 4c c8 79 da 5a 57 06 4c e7 05 07 ea 9b e0 02 04 (675): 24 12 61 ec d7 7c 82 8d 49 c9 d5 ec 8f 43 e3 f3 (675): 46 da ab 8a 12 6c 74 ee 5b c7 6e 2d 8a 10 be 74 (675): 9b 5b c8 40 e7 66 d0 69 af 8b 00 f1 ed 3f 35 80 (675): 88 8c 19 3f cc c9 0c 0f d6 27 0f ef 01 88 ad 13 (675): 82 fa 89 30 04 41 2e a0 a2 29 8e 19 6d 5f a6 1a (675): 30 fb a3 dd f4 04 58 61 a2 6a e4 f1 00 80 59 d5 (675): 11 16 5d e5 82 39 e5 e8 c0 e6 1c 62 2a c3 0c 94 (675): 88 80 d5 35 cf 36 9f 74 92 d4 8c 57 91 4a 18 47 (675): b5 3f c1 86 9e c9 88 39 f6 70 c5 6d 5b 2d 09 7c (675): ee 97 95 49 c8 af 2d cc 6a 69 c1 24 f3 d7 7b 3f (675): N(675): Next payload: VID, reserved: 0x0, length: 68 (675): (675): 19 d2 a7 89 6a 9e b6 88 1b 5a 57 00 26 b4 64 78 (675): 11 e1 fc 6c 54 cf 11 c3 29 5c 91 55 f1 82 c9 6c (675): 68 18 3a ac d4 6b 64 a1 ce 91 4b 2d 1a 20 a0 98 (675): f6 5e 50 94 b7 bd 7a 25 74 ae dd b5 ff b1 c2 67 (675): VID(675): Next payload: VID, reserved: 0x0, length: 23 (675): (675): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (675): 53 4f 4e (675): VID(675): Next payload: NOTIFY, reserved: 0x0, length: 59 (675): (675): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (675): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (675): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (675): 73 2c 20 49 6e 63 2e (675): NOTIFY(NAT_DETECTION_SOURCE_IP)(675): Next payload: NOTIFY, reserved: 0x0, length: 28 (675): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (675): (675): 91 74 d3 40 21 a0 2b 4d 2e e0 8e cb a1 e4 a5 55 (675): a3 cb 54 55 (675): NOTIFY(NAT_DETECTION_DESTINATION_IP)(675): Next payload: CERTREQ, reserved: 0x0, length: 28 (675): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (675): (675): 62 3c 68 29 d6 a6 06 a2 bc 25 16 e2 0f d5 f1 b7 (675): 3d 0c 3e 47 (675): CERTREQ(675): Next payload: NOTIFY, reserved: 0x0, length: 45 (675): Cert encoding X.509 Certificate - signature (675): CertReq data: 40 bytes (675): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(675): Next payload: VID, reserved: 0x0, length: 8 (675): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (675): VID(675): Next payload: NONE, reserved: 0x0, length: 20 (675): (675): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (675): IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (675): IETF Fragmentation is enabled IKEv2-PROTO-4: (675): Completed SA init exchange IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (675): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (675): Request has mess_id 1; expected 1 through 1 (675): IKEv2-PROTO-4: (675): Received Packet [From 34.157.28.157:4500/To 192.168.68.2:500/VRF i0:f0] (675): Initiator SPI : 13A7DFB06FC51380 - Responder SPI : 808214938158E582 Message id: 1 (675): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (675): Next payload: ENCR, version: 2.0 (675): Exchange type: IKE_AUTH, flags: INITIATOR (675): Message id: 1, length: 320(675): Payload contents: IKEv2-PROTO-4: decrypt queued(675): (675): Decrypted packet:(675): Data: 320 bytes (675): REAL Decrypted packet:(675): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 1c 9d AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (675): Stopping timer to wait for auth message IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (675): Checking NAT discovery IKEv2-PROTO-4: (675): NAT INSIDE found IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (675): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (675): Received valid parameteres in process id IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (675): Searching policy based on peer's identity '34.157.28.157' of type 'IPv4 address' IKEv2-PROTO-2: (675): Failed to locate an item in the database IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (675): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (675): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (675): Building packet for encryption. (675): Payload contents: (675): NOTIFY(AUTHENTICATION_FAILED)(675): Next payload: NONE, reserved: 0x0, length: 8 (675): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (675): Action: Action_Null IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (675): IKEv2-PROTO-4: (675): Sending Packet [To 34.157.28.157:4500/From 192.168.68.2:4500/VRF i0:f0] (675): Initiator SPI : 13A7DFB06FC51380 - Responder SPI : 808214938158E582 Message id: 1 (675): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (675): Next payload: ENCR, version: 2.0 (675): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (675): Message id: 1, length: 80(675): Payload contents: (675): ENCR(675): Next payload: NOTIFY, reserved: 0x0, length: 52 (675): Encrypted data: 48 bytes (675): IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (675): Auth exchange failed IKEv2-PROTO-2: (675): Auth exchange failed IKEv2-PROTO-2: (675): Auth exchange failed IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (675): SM Trace-> SA: I_SPI=13A7DFB06FC51380 R_SPI=808214938158E582 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (675): Abort exchange IKEv2-PROTO-4: (675): Deleting SA no de IKEv2-PROTO-4: Received Packet [From 34.157.146.197:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : 1F2E3C8A49AE36F7 - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 94 68 13 94 23 b6 7e d7 16 23 af cd d2 0c 2c 8e 07 dd cf 9e 91 f8 97 1a a3 b7 e0 98 1e 7a 61 57 22 8c ef 70 7a 73 c5 ac e4 01 ff b7 26 85 eb cd 88 34 fe a4 5a fc f1 22 3c ae 86 94 1b 2b c2 70 5d 21 0e 6f 60 7f 22 37 ee c4 dd 40 82 7e 5d 34 90 d2 50 77 04 14 ae ed b5 ef 38 dc 11 2a aa be 56 09 5e ff 95 e6 d9 4d a1 00 cd 8e 78 7e 42 73 5c bb 0f aa b2 79 ca 8c b6 c7 58 e5 51 0d db ce 44 32 9d 4c 7e f8 91 04 a4 0f be 3a f7 75 f7 42 7f 18 db b7 7d df 4f 1e 1f 2e ed 40 2d ef ca 5a 51 78 fe e3 ee 48 8d b1 7d d4 7c 0c 82 24 d7 51 f0 2f ea ff 22 1d 2a 44 f0 57 cc 74 69 98 4b d9 2f 5a 1f 6e 22 41 54 fc 2b 0a 7c 40 97 ab dc fc 8b 86 5f 66 1a 98 01 4e fa cd 8d b0 71 a2 84 d0 71 1d 28 17 69 bf 9a c5 6b e9 05 c2 98 e0 61 37 80 9d 0c c9 9d b6 66 35 5b f1 56 bf de a6 6c 92 N Next payload: NOTIFY, reserved: 0x0, length: 36 33 c2 02 f0 22 cf c7 5f 73 99 ed c4 9f 87 da 7f 5f 70 8c b5 51 c4 b7 45 d8 f7 5a 13 c0 3a 4d 0a IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP a1 23 35 65 65 0e 6e 00 04 87 44 ee da 2c d3 ca 90 a4 17 c5 IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP 7d 75 60 89 28 69 75 06 15 83 52 ca ba 13 ea eb a6 74 17 d8 IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (345): Checking NAT discovery IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (345): Redirect check is not needed, skipping it IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (345): Verify SA init message IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (345): Insert SA IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (345): Processing IKE_SA_INIT message IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (345): Process NAT discovery notify IKEv2-PROTO-7: (345): Processing nat detect src notify IKEv2-PROTO-7: (345): Remote address matched IKEv2-PROTO-7: (345): Processing nat detect dst notify IKEv2-PROTO-7: (345): Local address not matched IKEv2-PROTO-7: (345): Host is located NAT inside IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (345): Setting configured policies IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (345): Opening a PKI session IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (345): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (345): Request queued for computation of DH key IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (345): Action: Action_Null IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (345): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (345): Request queued for computation of DH secret IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (345): Action: Action_Null IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (345): Generate skeyid IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (345): Generating IKE_SA_INIT message IKEv2-PROTO-4: (345): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (345): AES-CBC(345): SHA256(345): SHA256(345): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(345): IKEv2-PROTO-4: (345): Sending Packet [To 34.157.146.197:500/From 192.168.68.2:500/VRF i0:f0] (345): Initiator SPI : 1F2E3C8A49AE36F7 - Responder SPI : 5BE4316E5BA5EB02 Message id: 0 (345): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (345): Next payload: SA, version: 2.0 (345): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (345): Message id: 0, length: 619(345): Payload contents: (345): SA(345): Next payload: KE, reserved: 0x0, length: 48 (345): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(345): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (345): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (345): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (345): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (345): KE(345): Next payload: N, reserved: 0x0, length: 264 (345): DH group: 14, Reserved: 0x0 (345): (345): 81 54 bc 22 39 4a 70 b8 52 71 1a df b8 df 83 33 (345): bb 1c 2a bf ee 99 95 df 40 59 a4 54 4d aa ac 40 (345): 9e 55 5a 57 42 50 3c 78 d4 fc b6 91 dc 19 b9 85 (345): ac 1a 5a f8 fa 98 c8 f2 00 1a aa fb 95 73 1d 78 (345): 16 0a 5b 78 2f 79 73 d1 0c 3e d7 3a 44 27 50 ba (345): 97 65 25 e2 6e 12 c0 50 7e 33 ae 26 85 c8 c4 44 (345): 3c 79 ed 6d ab 93 3b 09 0d de 7e 10 b1 89 6a 8a (345): 9e fa d2 93 2a 78 14 7c 41 63 a0 bf 77 f4 8b f3 (345): 2e ba d8 d8 c3 4c 52 af 41 93 51 b4 e7 6f a1 bc (345): 77 03 a8 78 7a b3 f6 dd c3 4d fb 9d 42 16 6e 4c (345): 8a 51 09 30 14 7a 56 ef 6b 70 50 b3 48 97 a5 a9 (345): 6e c2 01 f7 db ad d0 0f bb 49 38 bb 03 79 77 2a (345): cf e3 de 24 5d f1 05 2e cc 78 e6 18 55 13 c4 2b (345): fe 6d 20 f8 58 f6 46 f4 1d 8b 5d fa 0e d7 13 42 (345): 8a 3b a8 f2 24 7a a9 a6 e0 c3 c1 88 2e 5c 5c 30 (345): 7e e2 c2 b2 a2 03 52 24 49 d7 e3 81 8b db ed f2 (345): N(345): Next payload: VID, reserved: 0x0, length: 68 (345): (345): 41 b7 b5 e8 5f 08 f3 40 d4 33 d3 20 22 d7 c0 1d (345): 41 ff 55 5a f3 8e 26 92 c4 2c 17 be 51 12 c5 7f (345): 6a 44 49 b4 6f fd 96 6b 3a fb 16 f8 6a 19 44 39 (345): 2c 26 59 b0 c5 68 21 7e d4 b6 ad 0a ab b6 2a a5 (345): VID(345): Next payload: VID, reserved: 0x0, length: 23 (345): (345): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (345): 53 4f 4e (345): VID(345): Next payload: NOTIFY, reserved: 0x0, length: 59 (345): (345): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (345): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (345): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (345): 73 2c 20 49 6e 63 2e (345): NOTIFY(NAT_DETECTION_SOURCE_IP)(345): Next payload: NOTIFY, reserved: 0x0, length: 28 (345): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (345): (345): e3 67 71 47 9b 91 9b 49 be a9 2c 3f 47 ca e1 33 (345): 27 46 ab 4f (345): NOTIFY(NAT_DETECTION_DESTINATION_IP)(345): Next payload: CERTREQ, reserved: 0x0, length: 28 (345): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (345): (345): 21 c8 dd 44 38 77 c0 d2 ff ee 9e 11 f2 00 c2 1b (345): 7b b5 0d 53 (345): CERTREQ(345): Next payload: NOTIFY, reserved: 0x0, length: 45 (345): Cert encoding X.509 Certificate - signature (345): CertReq data: 40 bytes (345): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(345): Next payload: VID, reserved: 0x0, length: 8 (345): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (345): VID(345): Next payload: NONE, reserved: 0x0, length: 20 (345): (345): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (345): IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (345): IETF Fragmentation is enabled IKEv2-PROTO-4: (345): Completed SA init exchange IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (345): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (345): Request has mess_id 1; expected 1 through 1 (345): IKEv2-PROTO-4: (345): Received Packet [From 34.157.146.197:4500/To 192.168.68.2:500/VRF i0:f0] (345): Initiator SPI : 1F2E3C8A49AE36F7 - Responder SPI : 5BE4316E5BA5EB02 Message id: 1 (345): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (345): Next payload: ENCR, version: 2.0 (345): Exchange type: IKE_AUTH, flags: INITIATOR (345): Message id: 1, length: 320(345): Payload contents: IKEv2-PROTO-4: decrypt queued(345): (345): Decrypted packet:(345): Data: 320 bytes (345): REAL Decrypted packet:(345): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 92 c5 AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (345): Stopping timer to wait for auth message IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (345): Checking NAT discovery IKEv2-PROTO-4: (345): NAT INSIDE found IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (345): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (345): Received valid parameteres in process id IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (345): Searching policy based on peer's identity '34.157.146.197' of type 'IPv4 address' IKEv2-PROTO-2: (345): Failed to locate an item in the database IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (345): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (345): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (345): Building packet for encryption. (345): Payload contents: (345): NOTIFY(AUTHENTICATION_FAILED)(345): Next payload: NONE, reserved: 0x0, length: 8 (345): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (345): Action: Action_Null IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (345): IKEv2-PROTO-4: (345): Sending Packet [To 34.157.146.197:4500/From 192.168.68.2:4500/VRF i0:f0] (345): Initiator SPI : 1F2E3C8A49AE36F7 - Responder SPI : 5BE4316E5BA5EB02 Message id: 1 (345): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (345): Next payload: ENCR, version: 2.0 (345): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (345): Message id: 1, length: 80(345): Payload contents: (345): ENCR(345): Next payload: NOTIFY, reserved: 0x0, length: 52 (345): Encrypted data: 48 bytes (345): IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (345): Auth exchange failed IKEv2-PROTO-2: (345): Auth exchange failed IKEv2-PROTO-2: (345): Auth exchange failed IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (345): SM Trace-> SA: I_SPI=1F2E3C8A49AE36F7 R_SPI=5BE4316E5BA5EB02 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (345): Abort exchange IKEv2-PROTO-4: (345): Deleting SA buIKEv2-PROTO-4: Send NAT keepalive packet local 192.168.68.2:4500 remote 96.248.92.197:4500 g IKEv2-PROTO-4: Received Packet [From 34.157.28.157:500/To 192.168.68.2:500/VRF i0:f0] Initiator SPI : F26EAF6FF835CE1E - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 884 Payload contents: SA Next payload: KE, reserved: 0x0, length: 476 last proposal: 0x2, reserved: 0x0, length: 204 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 23 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 last proposal: 0x0, reserved: 0x0, length: 268 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 31 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: AES XCBC 96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: AES CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: Unknown - 8 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: MD5 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA384 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 23 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_3072_MODP/Group 15 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_4096_MODP/Group 16 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 18 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: Unknown - 22 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_25519_ECP/Group 31 KE Next payload: N, reserved: 0x0, length: 264 DH group: 14, Reserved: 0x0 6a a7 c9 2c f9 d5 ed 24 8b 9f 01 4c 68 7f d5 8c 75 95 1d b5 3e d8 a4 50 50 ba 21 ae a2 7c 2b 09 07 66 ef de c8 1b b0 54 98 7e 4b c5 f2 7b 51 95 5a 4b 3b 57 d8 83 89 10 16 c4 50 8c ce 11 72 28 32 26 52 60 b0 d4 9a a7 52 a3 af 76 2c 2a 7b b3 7a 79 ac b2 01 ce 2f 63 bc b2 00 bd 66 8b e4 98 c7 2b 97 2f 04 68 e3 0b 35 d1 45 87 11 cd 18 15 29 2f 1f 32 0d c4 4b ad b7 54 69 9a d5 cb 46 9c 1a d9 79 85 b4 ea 86 6d bc c6 6c 20 b7 51 d9 65 b9 bb af a6 e8 6c f3 03 38 cd 17 77 bf 1a 8a c8 01 c5 a0 a4 15 87 d0 eb dd f1 f0 41 a0 b9 38 da 07 9b 28 63 c2 b1 82 03 44 f2 56 44 8e 41 ac fc 0a 3d 8a ed fa 39 10 d8 15 b7 b3 2f ab 7d 68 f3 f7 15 d8 47 16 19 37 5d 9c d7 f1 98 22 88 23 86 98 5f 72 af ee df 3c b5 76 73 6e 55 f2 36 3c 47 fc b9 33 1f a6 3d c6 35 1f bd d0 0c bb a6 0b c9 N Next payload: NOTIFY, reserved: 0x0, length: 36 45 b4 92 93 f3 37 95 3e e6 e6 08 7f 30 b7 08 1f 79 c7 fb 28 b9 5e d3 bd 5d ce 3c 46 9d 5d 19 2f IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP bc 60 5d fe 16 6e 8d c5 6a 7c 81 f4 ad b4 de eb f1 18 5b 6c IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP 5a b9 9d 59 97 65 4e bc 47 b2 b7 80 a9 15 eb 1e 28 fe c5 fb IKEv2-PROTO-7: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16431 NOTIFY(Unknown - 16431) Next payload: NONE, reserved: 0x0, length: 16 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 00 01 00 02 00 03 00 04 Decrypted packet:Data: 884 bytes IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-4: (76): Checking NAT discovery IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-7: (76): Redirect check is not needed, skipping it IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-4: (76): Verify SA init message IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-4: (76): Insert SA IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-4: (76): Processing IKE_SA_INIT message IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-7: (76): Process NAT discovery notify IKEv2-PROTO-7: (76): Processing nat detect src notify IKEv2-PROTO-7: (76): Remote address matched IKEv2-PROTO-7: (76): Processing nat detect dst notify IKEv2-PROTO-7: (76): Local address not matched IKEv2-PROTO-7: (76): Host is located NAT inside IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-7: (76): Setting configured policies IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-7: (76): Opening a PKI session IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-4: (76): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14 IKEv2-PROTO-4: (76): Request queued for computation of DH key IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-7: (76): Action: Action_Null IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-4: (76): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14 IKEv2-PROTO-4: (76): Request queued for computation of DH secret IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-7: (76): Action: Action_Null IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-7: (76): Generate skeyid IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-4: (76): Generating IKE_SA_INIT message IKEv2-PROTO-4: (76): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 (76): AES-CBC(76): SHA256(76): SHA256(76): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATION(76): IKEv2-PROTO-4: (76): Sending Packet [To 34.157.28.157:500/From 192.168.68.2:500/VRF i0:f0] (76): Initiator SPI : F26EAF6FF835CE1E - Responder SPI : 582E6EB2AEB8EB7B Message id: 0 (76): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (76): Next payload: SA, version: 2.0 (76): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (76): Message id: 0, length: 619(76): Payload contents: (76): SA(76): Next payload: KE, reserved: 0x0, length: 48 (76): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(76): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (76): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA256 (76): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 (76): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14 (76): KE(76): Next payload: N, reserved: 0x0, length: 264 (76): DH group: 14, Reserved: 0x0 (76): (76): 70 27 2e 0b e4 36 2a e5 6b 2c c2 6b b5 38 5b f8 (76): 73 99 1c 25 47 59 38 6e 6c 73 0e f0 25 9d f8 0f (76): 67 73 6e 83 97 ab 9c 7b c1 21 de 9c 3b 0f 96 a8 (76): d1 0f ac f1 76 92 01 5e ab 83 2b 03 1c 1b f5 91 (76): 37 c5 13 c3 8b 36 4e c4 b2 52 be fb 3f e2 9a cc (76): 04 30 b4 a5 ac b0 06 5a 71 ea 53 ca a1 c6 46 d1 (76): 75 e6 de 75 20 0c df 46 22 2e 8f 57 53 90 32 d9 (76): c4 7e 17 33 c0 67 9a e2 e6 1f 9f 5f 4a 2d 3f 47 (76): f9 8c a6 c1 69 92 4e fa 07 7f 59 df 48 87 b3 79 (76): a8 0a d3 23 62 2e 39 be 7a 5f f0 08 77 5a d8 fe (76): 94 eb 14 21 01 4b 29 3f 6e 36 48 a1 bc b4 e6 e8 (76): a8 ab 0a 93 cf 70 7b f6 8a e4 47 07 5c 2d fa c2 (76): 57 a4 ca 32 be 4a cd c9 05 e0 d3 ea 6b f2 af 51 (76): a8 97 4d 05 f9 29 fd fe d7 7f 41 87 49 83 3d 0c (76): 23 3c d8 36 ee 7a 68 23 3c 3d 4c ab cd e1 8f 97 (76): 31 f5 6f 1a 55 a8 9c f7 05 04 b1 12 f1 49 c8 13 (76): N(76): Next payload: VID, reserved: 0x0, length: 68 (76): (76): ee 84 fd 65 1e 9f a0 5f 18 27 b5 48 37 0c 68 60 (76): 61 b3 e8 b4 13 46 6c b7 44 79 ac 6d 71 18 dd 4b (76): f2 ff eb 4c 5b 63 e4 cd 53 0b 4a 51 dd 16 89 2e (76): 1d 05 c2 28 38 ee af 4d 7d 54 8a dc 09 7b 6f 97 (76): VID(76): Next payload: VID, reserved: 0x0, length: 23 (76): (76): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (76): 53 4f 4e (76): VID(76): Next payload: NOTIFY, reserved: 0x0, length: 59 (76): (76): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (76): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (76): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (76): 73 2c 20 49 6e 63 2e (76): NOTIFY(NAT_DETECTION_SOURCE_IP)(76): Next payload: NOTIFY, reserved: 0x0, length: 28 (76): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (76): (76): fa 01 a9 18 7c 36 cf 63 4b 67 0f 4d 4a e6 99 8c (76): 88 75 64 de (76): NOTIFY(NAT_DETECTION_DESTINATION_IP)(76): Next payload: CERTREQ, reserved: 0x0, length: 28 (76): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (76): (76): c6 61 5d ad 04 63 20 f1 a4 2d e7 47 5c 87 5a 6b (76): 92 a0 84 6d (76): CERTREQ(76): Next payload: NOTIFY, reserved: 0x0, length: 45 (76): Cert encoding X.509 Certificate - signature (76): CertReq data: 40 bytes (76): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(76): Next payload: VID, reserved: 0x0, length: 8 (76): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (76): VID(76): Next payload: NONE, reserved: 0x0, length: 20 (76): (76): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (76): IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-4: (76): IETF Fragmentation is enabled IKEv2-PROTO-4: (76): Completed SA init exchange IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-4: (76): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT aIKEv2-PROTO-7: (76): Request has mess_id 1; expected 1 through 1 (76): IKEv2-PROTO-4: (76): Received Packet [From 34.157.28.157:4500/To 192.168.68.2:500/VRF i0:f0] (76): Initiator SPI : F26EAF6FF835CE1E - Responder SPI : 582E6EB2AEB8EB7B Message id: 1 (76): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (76): Next payload: ENCR, version: 2.0 (76): Exchange type: IKE_AUTH, flags: INITIATOR (76): Message id: 1, length: 320(76): Payload contents: IKEv2-PROTO-4: decrypt queued(76): (76): Decrypted packet:(76): Data: 320 bytes (76): REAL Decrypted packet:(76): Data: 248 bytes IDi Next payload: AUTH, reserved: 0x0, length: 12 Id type: IPv4 address, Reserved: 0x0 0x0 22 9d 1c 9d AUTH Next payload: SA, reserved: 0x0, length: 40 Auth method PSK, reserved: 0x0, reserved 0x0 Auth data: 32 bytes SA Next payload: TSi, reserved: 0x0, length: 140 last proposal: 0x2, reserved: 0x0, length: 56 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-GCM last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN last proposal: 0x0, reserved: 0x0, length: 80 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 7 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA256 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA512 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 IKEv2-PROTO-7: Parse Notify Payload: Unknown - 16417 NOTIFY(Unknown - 16417) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH IKEv2-PROTO-4: (76): Stopping timer to wait for auth message IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T IKEv2-PROTO-4: (76): Checking NAT discovery IKEv2-PROTO-4: (76): NAT INSIDE found IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-4: (76): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID IKEv2-PROTO-7: (76): Received valid parameteres in process id IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_OK_RECD_EXTDB_RESP IKEv2-PROTO-4: (76): Searching policy based on peer's identity '34.157.28.157' of type 'IPv4 address' IKEv2-PROTO-2: (76): Failed to locate an item in the database IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL IKEv2-PROTO-4: (76): Verification of peer's authentication data FAILED IKEv2-PROTO-4: (76): Sending authentication failure notify IKEv2-PROTO-7: Construct Notify Payload: AUTHENTICATION_FAILEDIKEv2-PROTO-4: (76): Building packet for encryption. (76): Payload contents: (76): NOTIFY(AUTHENTICATION_FAILED)(76): Next payload: NONE, reserved: 0x0, length: 8 (76): Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-7: (76): Action: Action_Null IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_TRYSEND (76): IKEv2-PROTO-4: (76): Sending Packet [To 34.157.28.157:4500/From 192.168.68.2:4500/VRF i0:f0] (76): Initiator SPI : F26EAF6FF835CE1E - Responder SPI : 582E6EB2AEB8EB7B Message id: 1 (76): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (76): Next payload: ENCR, version: 2.0 (76): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (76): Message id: 1, length: 80(76): Payload contents: (76): ENCR(76): Next payload: NOTIFY, reserved: 0x0, length: 52 (76): Encrypted data: 48 bytes (76): IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-4: (76): Auth exchange failed IKEv2-PROTO-2: (76): Auth exchange failed IKEv2-PROTO-2: (76): Auth exchange failed IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-7: (76): SM Trace-> SA: I_SPI=F26EAF6FF835CE1E R_SPI=582E6EB2AEB8EB7B (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-4: (76): Abort exchange IKEv2-PROTO-4: (76): Deleting SA ll ACQBLRFW01/act/pri#