CSR#debug crypto ikev2       
IKEv2 default debugging is on
CSR#ter len 0
CSR# 

Mar 24 19:19:05.707: IKEv2:Received Packet [From 192.168.100.5:58130/To 192.168.222.136:500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST 
Payload contents: 
 SA KE N VID VID VID VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) VID CFG NOTIFY(REDIRECT_SUPPORTED) 

Mar 24 19:19:05.710: IKEv2:(SESSION ID = 3,SA ID = 1):Verify SA init message
Mar 24 19:19:05.710: IKEv2:(SESSION ID = 3,SA ID = 1):Insert SA
Mar 24 19:19:05.710: IKEv2:Searching Policy with fvrf 0, local address 192.168.222.136
Mar 24 19:19:05.710: IKEv2:Using the Default Policy for Proposal
Mar 24 19:19:05.710: IKEv2:Found Policy 'default'
Mar 24 19:19:05.710: IKEv2:(SESSION ID = 3,SA ID = 1):Processing IKE_SA_INIT message
Mar 24 19:19:05.712: IKEv2:(SESSION ID = 3,SA ID = 1):Received valid config mode data
Mar 24 19:19:05.713: IKEv2:(SESSION ID = 3,SA ID = 1):Config data recieved:
Mar 24 19:19:05.713: IKEv2:(SESSION ID = 3,SA ID = 1):Config-type: Config-request 
Mar 24 19:19:05.713: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 2, data: 0x2 0x40
Mar 24 19:19:05.713: IKEv2:IKEv2 responder - ignoring config data received in IKE_SA_INIT exch
Mar 24 19:19:05.713: IKEv2:(SESSION ID = 3,SA ID = 1):Set received config mode data
Mar 24 19:19:05.713: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s)
Mar 24 19:19:05.713: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'IOSCA'   'CA'   'SLA-TrustPoint'   
Mar 24 19:19:05.713: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints
Mar 24 19:19:05.713: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED
Mar 24 19:19:05.713: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session
Mar 24 19:19:05.714: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED
Mar 24 19:19:05.714: IKEv2:(SESSION ID = 3,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 19
Mar 24 19:19:05.715: IKEv2:(SESSION ID = 3,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
Mar 24 19:19:05.715: IKEv2:(SESSION ID = 3,SA ID = 1):Request queued for computation of DH key
Mar 24 19:19:05.715: IKEv2:(SESSION ID = 3,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 19
Mar 24 19:19:05.718: IKEv2:(SESSION ID = 3,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
Mar 24 19:19:05.718: IKEv2:(SESSION ID = 3,SA ID = 1):Request queued for computation of DH secret
Mar 24 19:19:05.718: IKEv2:(SESSION ID = 3,SA ID = 1):(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA
Mar 24 19:19:05.719: IKEv2:(SESSION ID = 3,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED
Mar 24 19:19:05.719: IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch
Mar 24 19:19:05.719: IKEv2:(SESSION ID = 3,SA ID = 1):Generating IKE_SA_INIT message
Mar 24 19:19:05.719: IKEv2:(SESSION ID = 3,SA ID = 1):IKE Proposal: 2, SPI size: 0 (initial negotiation), 
Num. transforms: 4
   AES-CBC   SHA384   SHA384   DH_GROUP_256_ECP/Group 19
Mar 24 19:19:05.720: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s)
Mar 24 19:19:05.720: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'IOSCA'   'CA'   'SLA-TrustPoint'   
Mar 24 19:19:05.720: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints
Mar 24 19:19:05.720: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED 

Mar 24 19:19:05.721: IKEv2:(SESSION ID = 3,SA ID = 1):Sending Packet [To 192.168.100.5:58130/From 192.168.222.136:500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE 
Payload contents: 
 SA KE N VID VID VID VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ 

Mar 24 19:19:05.722: IKEv2:(SESSION ID = 3,SA ID = 1):Co
CSR#mpleted SA init exchange
Mar 24 19:19:05.722: IKEv2:(SESSION ID = 3,SA ID = 1):Starting timer (30 sec) to wait for auth message 

Mar 24 19:19:05.743: IKEv2:(SESSION ID = 3,SA ID = 1):Received Packet [From 192.168.100.5:58131/To 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 1
IKEv2 IKE_AUTH Exchange REQUEST 
Payload contents: 
 VID IDi CERTREQ CFG SA NOTIFY(IPCOMP_SUPPORTED) TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) 

Mar 24 19:19:05.745: IKEv2:(SESSION ID = 3,SA ID = 1):Stopping timer to wait for auth message
Mar 24 19:19:05.745: IKEv2:(SESSION ID = 3,SA ID = 1):Checking NAT discovery
Mar 24 19:19:05.745: IKEv2:(SESSION ID = 3,SA ID = 1):NAT OUTSIDE found
Mar 24 19:19:05.746: IKEv2:(SESSION ID = 3,SA ID = 1):NAT detected float to init port 58131, resp port 4500
Mar 24 19:19:05.746: IKEv2:(SESSION ID = 3,SA ID = 1):Searching policy based on peer's identity '*$AnyConnectClient$*' of type 'key ID'
Mar 24 19:19:05.746: IKEv2:found matching IKEv2 profile 'ANYCONNECTPROF'
Mar 24 19:19:05.746: IKEv2:(SESSION ID = 3,SA ID = 1):Searching Policy with fvrf 0, local address 192.168.222.136
Mar 24 19:19:05.746: IKEv2:(SESSION ID = 3,SA ID = 1):Using the Default Policy for Proposal
Mar 24 19:19:05.746: IKEv2:(SESSION ID = 3,SA ID = 1):Found Policy 'default'
Mar 24 19:19:05.746: IKEv2:not a VPN-SIP session
Mar 24 19:19:05.746: IKEv2:(SESSION ID = 3,SA ID = 1):Verify peer's policy
Mar 24 19:19:05.746: IKEv2:(SESSION ID = 3,SA ID = 1):Peer's policy verified
Mar 24 19:19:05.746: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieving trustpoint(s) from received certificate hash(es)
Mar 24 19:19:05.746: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): NONE
Mar 24 19:19:05.746: IKEv2:% Received cert hash is invalid, using configured trustpoints from profile for signing

Mar 24 19:19:05.746: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting cert chain for the trustpoint IOSCA
Mar 24 19:19:05.747: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of cert chain for the trustpoint PASSED
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):Check for EAP exchange
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):Check for EAP exchange
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):Generate my authentication data
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):Get my authentication method
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):My authentication method is 'RSA'
Mar 24 19:19:05.747: IKEv2:(SESSION ID = 3,SA ID = 1):Sign authentication data
Mar 24 19:19:05.747: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting private key
Mar 24 19:19:05.747: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of private key PASSED
Mar 24 19:19:05.747: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Sign authentication data
Mar 24 19:19:05.769: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Signing of authenticaiton data PASSED
Mar 24 19:19:05.769: IKEv2:(SESSION ID = 3,SA ID = 1):Authentication material has been sucessfully signed
Mar 24 19:19:05.769: IKEv2:(SESSION ID = 3,SA ID = 1):Generating AnyConnect EAP request
Mar 24 19:19:05.769: IKEv2:(SESSION ID = 3,SA ID = 1):Sending AnyConnect EAP 'hello' request
Mar 24 19:19:05.769: IKEv2:(SESSION ID = 3,SA ID = 1):Constructing IDr payload: '192.168.222.136' of type 'IPv4 address'
Mar 24 19:19:05.769: IKEv2:(SESSION ID = 3,SA ID = 1):Building packet for encryption.  
Payload contents: 
 VID IDr CERT CERT AUTH EAP 

Mar 24 19:19:05.770: IKEv2:(SESSION ID = 3,SA ID = 1):Sending Packet [To 192.168.100.5:58131/From 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 1
IKEv2 IKE_AUTH Exchange RESPONSE 
Payload contents: 
 ENCR 

Mar 24 19:19:05.772: IKEv2:(SESSION ID = 3,SA ID = 1):Starti
CSR#ng timer (90 sec) to wait for auth message 

Mar 24 19:19:07.689: IKEv2:(SESSION ID = 3,SA ID = 1):Received Packet [From 192.168.100.5:58131/To 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 2
IKEv2 IKE_AUTH Exchange REQUEST 
Payload contents: 
 EAP 

Mar 24 19:19:07.691: IKEv2:(SESSION ID = 3,SA ID = 1):Stopping timer to wait for auth message
Mar 24 19:19:07.691: IKEv2:(SESSION ID = 3,SA ID = 1):Processing AnyConnect EAP response
Mar 24 19:19:07.692: IKEv2:(SESSION ID = 3,SA ID = 1):Checking for Dual Auth
Mar 24 19:19:07.693: IKEv2:(SESSION ID = 3,SA ID = 1):Generating AnyConnect EAP AUTH request
CSR#
Mar 24 19:19:07.694: IKEv2:(SESSION ID = 3,SA ID = 1):Sending AnyConnect EAP 'auth-request'
Mar 24 19:19:07.694: IKEv2:(SESSION ID = 3,SA ID = 1):Building packet for encryption.  
Payload contents: 
 EAP 

Mar 24 19:19:07.695: IKEv2:(SESSION ID = 3,SA ID = 1):Sending Packet [To 192.168.100.5:58131/From 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 2
IKEv2 IKE_AUTH Exchange RESPONSE 
Payload contents: 
 ENCR 

Mar 24 19:19:07.699: IKEv2:(SESSION ID = 3,SA ID = 1):Starting timer (90 sec) to wait for auth message
CSR# 

Mar 24 19:19:11.480: IKEv2:(SESSION ID = 3,SA ID = 1):Received Packet [From 192.168.100.5:58131/To 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 3
IKEv2 IKE_AUTH Exchange REQUEST 
Payload contents: 
 EAP 

Mar 24 19:19:11.481: IKEv2:(SESSION ID = 3,SA ID = 1):Stopping timer to wait for auth message
Mar 24 19:19:11.481: IKEv2:(SESSION ID = 3,SA ID = 1):Processing AnyConnect EAP response
Mar 24 19:19:11.483: IKEv2:Using authentication method list AUTHC

Mar 24 19:19:11.483: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authentication request sent
Mar 24 19:19:11.484: IKEv2-ERROR:AnyConnect EAP - failed to get author list
Mar 24 19:19:11.485: IKEv2-ERROR:Address type 2147516360 not supported

Mar 24 19:19:11.485: IKEv2:Received response from aaa for AnyConnect EAP
Mar 24 19:19:11.486: IKEv2:(SESSION ID = 3,SA ID = 1):Generating AnyConnect EAP VERIFY request
Mar 24 19:19:11.486: IKEv2:(SESSION ID = 3,SA ID = 1):Sending AnyConnect EAP 'VERIFY' request
Mar 24 19:19:11.486: IKEv2:(SESSION ID = 3,SA ID = 1):Building packet for encryption.  
Payload contents: 
 EAP 

Mar 24 19:19:11.486: IKEv2:(SESSION ID = 3,SA ID = 1):Sending Packet [To 192.168.100.5:58131/From 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 3
IKEv2 IKE_AUTH Exchange RESPONSE 
Payload contents: 
 ENCR 

Mar 24 19:19:11.489: IKEv2:(SESSION ID = 3,SA ID = 1):Starting timer (90 sec) to wait for auth message 

Mar 24 19:19:11.517: IKEv2:(SESSION ID = 3,SA ID = 1):Received Packet [From 192.168.100.5:58131/To 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 4
IKEv2 IKE_AUTH Exchange REQUEST 
Payload contents: 
 EAP 

Mar 24 19:19:11.517: IKEv2:(SESSION ID = 3,SA ID = 1):Stopping timer to wait for auth message
Mar 24 19:19:11.517: IKEv2:(SESSION ID = 3,SA ID = 1):Processing AnyConnect EAP ack response
Mar 24 19:19:11.517: IKEv2:(SESSION ID = 3,SA ID = 1):Generating AnyConnect EAP success request
Mar 24 19:19:11.517: IKEv2:(SESSION ID = 3,SA ID = 1):Sending AnyConnect EAP success status message
Mar 24 19:19:11.518: IKEv2:(SESSION ID = 3,SA ID = 1):Building packet for encryption.  
Payload contents: 
 EAP 

Mar 24 19:19:11.518: IKEv2:(SESSION ID = 3,SA ID = 1):Sending Packet [To 192.168.100.5:58131/From 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 4
IKEv2 IKE_AUTH Exchange RESPONSE 
Payload contents: 
 ENCR 

Mar 24 19:19:11.519: IKEv2:(SESSION ID = 3,SA ID = 1):Starting timer (90 sec) to wait for auth message 

Mar 24 19:19:11.524: IKEv2:(SESSION ID = 3,SA ID = 1):Received Packet [From 192.168.100.5:58131/To 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 5
IKEv2 IKE_AUTH Exchange REQUEST 
Payload contents: 
 AUTH 

Mar 24 19:19:11.524: IKEv2:(SESSION ID = 3,SA ID = 1):Stopping timer to wait for auth message
Mar 24 19:19:11.524: IKEv2:(SESSION ID = 3,SA ID = 1):Send AUTH, to verify peer after EAP exchange
Mar 24 19:19:11.525: IKEv2:(SESSION ID = 3,SA ID = 1):Verify peer's authentication data
Mar 24 19:19:11.525: IKEv2:(SESSION ID = 3,SA ID = 1):Use preshared key for id *$AnyConnectClient$*, key len 48
Mar 24 19:19:11.525: IKEv2:(SESSION ID = 3,SA ID = 1):[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
Mar 24 19:19:11.525: IKEv2:(SESSION ID = 3,SA ID = 1):[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
Mar 24 19:19:11.526: IKEv2:(SESSION ID = 3,SA ID = 1):Verification of peer's authentication data PASSED
Mar 24 19:19:11.526: IKEv2:(SESSION ID = 3,SA ID = 1):Processing INITIAL_CONTACT
Mar 24 19:19:11.526: IKEv2:Using mlist AUTHZ and username IKEAUTHZPOL for group author request
Mar 24 19:19:11.526: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authorisation request sent
Mar 24 19:19:11.527: IKEv2:(SA ID = 1):[AAA -> IKEv2] Received AAA authorisation response
Mar 24 19:
CSR#19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Received valid config mode data
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Config data recieved:
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Config-type: Config-request 
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-addr, length: 0
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-netmask, length: 0
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-dns, length: 0
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-nbns, length: 0
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: app-version, length: 29, data: AnyConnect Windows 4.10.06090
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-subnet, length: 0
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv6-addr, length: 0
Mar 24 19:19:11.528: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv6-dns, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv6-subnet, length: 0WIN-10ENT
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: reconnect-cleanup-interval, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: reconnect-dpd-interval, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.529: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: banner, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: smartcard-removal-disconnect, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 2, data: 0x5 0xFFFFFFFFFFFFFF86
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: def-domain, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: split-exclude, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: split-dns, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: pfs, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: reconnect-token-id, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: reconnect-session-id, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: reconnect-session-data, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.530: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
M
CSR#ar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 4, data: 0xFFFFFFFFFFFFFFC00xFFFFFFFFFFFFFFA80x640x5 
Mar 24 19:19:11.531: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 4, data: 0xFFFFFFFFFFFFFFC00xFFFFFFFFFFFFFFA80xFFFFFFFFFFFFFFDE0xFFFFFFFFFFFFFF88
Mar 24 19:19:11.532: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 0
Mar 24 19:19:11.532: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: unknown, length: 2, data: 0x5 0xFFFFFFFFFFFFFFDC
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib reconnect-cleanup-interval in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib reconnect-dpd-interval in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.532: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.533: IKEv2-ERROR:IKEv2 responder - unsupported attrib unknown in cfg-req
Mar 24 19:19:11.534: IKEv2:(SESSION ID = 3,SA ID = 1):Set received config mode data
Mar 24 19:19:11.534: IKEv2:(SESSION ID = 3,SA ID = 1):Processing IKE_AUTH message
Mar 24 19:19:11.536: IKEv2:% DVTI create request sent for profile ANYCONNECTPROF with PSH index 1.

Mar 24 19:19:11.536: IKEv2:(SESSION ID = 3,SA ID = 1):
Mar 24 19:19:11.541: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
Mar 24 19:19:11.603: %SYS-5-CONFIG_P: Configured programmatically by process Crypto INT from console as console
Mar 24 19:19:11.632: IKEv2:% DVTI Vi1 created for profile ANYCONNECTPROF with PSH index 1.

Mar 24 19:19:11.632: IKEv2:% Adding 
CSR#assigned IP address 172.16.7.3 to TSi.
Mar 24 19:19:11.633: IKEv2:(SESSION ID = 3,SA ID = 1):IPSec policy validate request sent for profile ANYCONNECTPROF with psh index 1.

Mar 24 19:19:11.647: IKEv2:(SESSION ID = 3,SA ID = 1):(SA ID = 1):[IPsec -> IKEv2] Callback received for the validate proposal - PASSED.

Mar 24 19:19:11.650: IKEv2:No reconnect for PSH: 1
Mar 24 19:19:11.650: IKEv2:(SESSION ID = 3,SA ID = 1):Config data to send:
Mar 24 19:19:11.650: IKEv2:(SESSION ID = 3,SA ID = 1):Config-type: Config-reply 
Mar 24 19:19:11.650: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-addr, length: 4, data: 172.16.7.3
Mar 24 19:19:11.651: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-subnet, length: 8, data: 192.168.1.0 255.255.255.0
Mar 24 19:19:11.651: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: ipv4-dns, length: 4, data: 8.8.8.8
Mar 24 19:19:11.651: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: app-version, length: 263, data: Cisco IOS Software [Amsterdam], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.4a, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Tue 20-Jul-21 04:59 by mcpre
Mar 24 19:19:11.651: IKEv2:(SESSION ID = 3,SA ID = 1):Attrib type: banner, length: 64, data: C WELCOME TO THE ANYCONNECT FLEX VPN. PLEASE ACCEPT TO CONTINUE 
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):Have config mode data to send
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):Get my authentication method
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):My authentication method is 'PSK'
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):Get peer's preshared key for *$AnyConnectClient$*
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):Generate my authentication data
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):Use preshared key for id 192.168.222.136, key len 48
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
Mar 24 19:19:11.652: IKEv2:(SESSION ID = 3,SA ID = 1):[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
Mar 24 19:19:11.653: IKEv2:(SESSION ID = 3,SA ID = 1):Get my authentication method
Mar 24 19:19:11.653: IKEv2:(SESSION ID = 3,SA ID = 1):My authentication method is 'PSK'
Mar 24 19:19:11.653: IKEv2:(SESSION ID = 3,SA ID = 1):Generate my authentication data
Mar 24 19:19:11.653: IKEv2:(SESSION ID = 3,SA ID = 1):Use preshared key for id 192.168.222.136, key len 48
Mar 24 19:19:11.653: IKEv2:(SESSION ID = 3,SA ID = 1):[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
Mar 24 19:19:11.653: IKEv2:(SESSION ID = 3,SA ID = 1):[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
Mar 24 19:19:11.653: IKEv2:(SESSION ID = 3,SA ID = 1):Send AUTH, to verify peer after EAP exchange
Mar 24 19:19:11.654: IKEv2:(SESSION ID = 3,SA ID = 1):ESP Proposal: 2, SPI size: 4 (IPSec negotiation), 
Num. transforms: 3
   AES-CBC   SHA96   Don't use ESN
Mar 24 19:19:11.655: IKEv2:(SESSION ID = 3,SA ID = 1):Building packet for encryption.  
Payload contents: 
 AUTH CFG SA TSi TSr NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) 

Mar 24 19:19:11.655: IKEv2:(SESSION ID = 3,SA ID = 1):Sending Packet [To 192.168.100.5:58131/From 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 5
IKEv2 IKE_AUTH Exchange RESPONSE 
Payload contents: 
 ENCR 

Mar 24 19:19:11.658: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session
Mar 24 19:19:11.658: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED
Mar 24 19:19:11.658: IKEv2:(SESSION ID = 3,SA ID = 1):IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started
Mar 24 19:19:11.658: IKEv2:(SESSION ID = 3,SA ID = 1):Session with IKE ID PAIR (farhan, 192.168.222.136) is UP
Mar 24 19:19:11.659: IKEv2:(SESSION ID = 0,SA ID = 0):IKEv2 MIB tunnel started, tunnel index 1
Mar 24 19:19:11.659: IKEv2:(SESSION ID = 3,SA ID
CSR# = 1):Load IPSEC key material
Mar 24 19:19:11.660: IKEv2:(SESSION ID = 3,SA ID = 1):(SA ID = 1):[IKEv2 -> IPsec] Create IPsec SA into IPsec database
Mar 24 19:19:11.700: IKEv2:(SESSION ID = 3,SA ID = 1):(SA ID = 1):[IPsec -> IKEv2] Creation of IPsec SA into IPsec database PASSED
Mar 24 19:19:11.700: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
Mar 24 19:19:11.709: IKEv2:(SESSION ID = 3,SA ID = 1):Checking for duplicate IKEv2 SA
Mar 24 19:19:11.709: IKEv2:(SESSION ID = 3,SA ID = 1):No duplicate IKEv2 SA found
Mar 24 19:19:11.709: IKEv2:(SESSION ID = 3,SA ID = 1):Starting timer (8 sec) to delete negotiation context
CSR# 

Mar 24 19:19:18.503: IKEv2:(SESSION ID = 3,SA ID = 1):Received Packet [From 192.168.100.5:58131/To 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 6
IKEv2 INFORMATIONAL Exchange REQUEST 
Payload contents: 
 DELETE NOTIFY(DELETE_REASON) 

Mar 24 19:19:18.504: IKEv2:(SESSION ID = 3,SA ID = 1):Building packet for encryption.  

Mar 24 19:19:18.505: IKEv2:(SESSION ID = 3,SA ID = 1):Sending Packet [To 192.168.100.5:58131/From 192.168.222.136:4500/VRF i0:f0] 
Initiator SPI : 0851CAF74BE863CC - Responder SPI : 8C8F1889A7E3C0B7 Message id: 6
IKEv2 INFORMATIONAL Exchange RESPONSE 
Payload contents: 
 ENCR 

Mar 24 19:19:18.506: IKEv2:(SESSION ID = 3,SA ID = 1):Process delete request from peer
Mar 24 19:19:18.506: IKEv2:(SESSION ID = 3,SA ID = 1):Processing DELETE INFO message for IKEv2 SA [ISPI: 0x0851CAF74BE863CC RSPI: 0x8C8F1889A7E3C0B7]
Mar 24 19:19:18.507: IKEv2:(SESSION ID = 3,SA ID = 1):Check for existing active SA
Mar 24 19:19:18.507: IKEv2:(SESSION ID = 3,SA ID = 1):Delete all IKE SAs
Mar 24 19:19:18.508: IKEv2:(SESSION ID = 3,SA ID = 1):Deleting SA
Mar 24 19:19:18.508: IKEv2-ERROR:IKEv2 tunnel stop failed tunnel info 0x80007FC8F0EE52D0

Mar 24 19:19:18.544: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
Mar 24 19:19:18.549: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
CSR#
Mar 24 19:19:18.581: %SYS-5-CONFIG_P: Configured programmatically by process VTEMPLATE Background Mgr from console as console