! Jun 12 CISCO DEBUG LOGS I Jun 12 09:49:24.214: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 24.106.X.X:500, remote= 18.218.X.X:500, local_proxy= 0.0.0.0/0.0.0.0/256/0, remote_proxy= 0.0.0.0/0.0.0.0/256/0, protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel), esn= FALSE, lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0 Jun 12 09:49:24.214: IKEv2:(SESSION ID = 0,SA ID = 0):Searching Policy with fvrf 0, local address 24.106.X.X Jun 12 09:49:24.214: IKEv2:(SESSION ID = 0,SA ID = 0):Found Policy 'POLICY1' Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: IDLE Event: EV_INIT_SA Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_SET_POLICY Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Setting configured policies Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_GET_PPK_CAP Jun 12 09:49:24.215: C12345R1# IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_PKI_SESH_OPEN Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Opening a PKI session Jun 12 09:49:24.215: CRYPTO_PKI: (60367) Session started - identity not specified Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY Jun 12 09:49:24.215: IKEv2:(SESSION ID = 1,SA ID = 5):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 2 Jun 12 09:49:24.215: IKEv2:(SESSION ID = 1,SA ID = 5):(SA ID = 5):[Crypto Engine -> IKEv2] DH key Computation PASSED Jun 12 09:49:24.215: IKEv2:(SESSION ID = 1,SA ID = 5):Request queued for computation of DH key Jun 12 09:49:24.215: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_NO_EVENT Jun 12 09:49:24.216: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP Jun 12 09:49:24.216: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Action: Action_Null Jun 12 09:49:24.216: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE Jun 12 09:49:24.216: IKEv2:(SESSION ID = 1,SA ID = 5):IKEv2 initiator - no config data to send in IKE_SA_INIT exch Jun 12 09:49:24.216: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):No config data to send to toolkit: Jun 12 09:49:24.216: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_BLD_MSG Jun 12 09:49:24.216: IKEv2:(SESSION ID = 1,SA ID = 5):Generating IKE_SA_INIT message Jun 12 09:49:24.216: IKEv2:(SESSION ID = 1,SA ID = 5):IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA1 SHA96 DH_GROUP_1024_MODP/Group 2 Jun 12 09:49:24.217: IKEv2:(SESSION ID = 1,SA ID = 5):Sending Packet [To 18.218.X.X:500/From 24.106.X.X:500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUEST Jun 12 09:49:24.217: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 390 Payload contents: SA Next payload: KE, reserved: 0x0, length: 48 last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 KE Next payload: N, reserved: 0x0, length: 136 DH group: 2, Reserved: 0x0 N Next payload: VID, reserved: 0x0, length: 36 VID Next payload: VID, reserved: 0x0, length: 23 VID Next payload: VID, reserved: 0x0, length: 19 VID Next payload: VID, reserved: 0x0, length: 23 VID Next payload: NOTIFY, reserved: 0x0, length: 21 NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP Jun 12 09:49:24.218: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI C12345R1#=0000000000000000 (I) MsgID = 0 CurState: I_BLD_INIT Event: EV_INSERT_SA Jun 12 09:49:24.218: IKEv2:(SESSION ID = 1,SA ID = 5):Insert SA Jun 12 09:49:24.218: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=0000000000000000 (I) MsgID = 0 CurState: I_WAIT_INIT Event: EV_NO_EVENT Jun 12 09:49:24.250: IKEv2:(SESSION ID = 1,SA ID = 5):Received Packet [From 18.218.X.X:500/To 24.106.X.X:500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Jun 12 09:49:24.250: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE Message id: 0, length: 357 Payload contents: SA Next payload: KE, reserved: 0x0, length: 48 last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: C12345R1# 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 KE Next payload: N, reserved: 0x0, length: 136 DH group: 2, Reserved: 0x0 N Next payload: NOTIFY, reserved: 0x0, length: 36 NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28 Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP CERTREQ Next payload: NOTIFY, reserved: 0x0, length: 45 Cert encoding X.509 Certificate - signature NOTIFY(Unknow C12345R1#n - 16404) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0 Jun 12 09:49:24.251: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_WAIT_INIT Event: EV_RECV_INIT Jun 12 09:49:24.251: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Processing IKE_SA_INIT message Jun 12 09:49:24.251: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY Jun 12 09:49:24.251: IKEv2:(SESSION ID = 1,SA ID = 5):Processing IKE_SA_INIT message Jun 12 09:49:24.251: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_VERIFY_MSG Jun 12 09:49:24.251: IKEv2:(SESSION ID = 1,SA ID = 5):Verify SA init message Jun 12 09: C12345R1#49:24.251: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_PROC_MSG Jun 12 09:49:24.251: IKEv2:(SESSION ID = 1,SA ID = 5):Processing IKE_SA_INIT message Jun 12 09:49:24.252: CRYPTO_PKI: Trust-Point AWSVPNCert picked up Jun 12 09:49:24.252: CRYPTO_PKI: 1 matching trustpoints found Jun 12 09:49:24.252: CRYPTO_PKI: locked trustpoint AWSVPNCert, refcount is 5 Jun 12 09:49:24.252: CRYPTO_PKI: Identity bound (AWSVPNCert) for session 60367 Jun 12 09:49:24.252: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Matching certificate found Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_DETECT_NAT Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Process NAT discovery notify Jun 12 09:49:24.253: IKEv2-INTERNAL:(SE C12345R1#SSION ID = 1,SA ID = 5):Processing nat detect src notify Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Remote address not matched Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Processing nat detect dst notify Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Local address matched Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Host is located NAT outside Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_CHK_NAT_T Jun 12 09:49:24.253: IKEv2:(SESSION ID = 1,SA ID = 5):Checking NAT discovery Jun 12 09:49:24.253: IKEv2:(SESSION ID = 1,SA ID = 5):NAT OUTSIDE found Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_CHK_DIKE Jun 12 09:49: C12345R1#24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_CHG_NAT_T_PORT Jun 12 09:49:24.253: IKEv2:(SESSION ID = 1,SA ID = 5):NAT detected float to init port 4500, resp port 4500 Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE Jun 12 09:49:24.253: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: INIT_DONE Event: EV_GEN_DH_SECRET Jun 12 09:49:24.253: IKEv2:(SESSION ID = 1,SA ID = 5):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 2 Jun 12 09:49:24.257: IKEv2:(SESSION ID = 1,SA ID = 5):(SA ID = 5):[Crypto Engine -> IKEv2] DH key Computation PASSED Jun 12 09:49:24.257: IKEv2:(SESSION ID = 1,SA ID = 5):Request qu C12345R1#eued for computation of DH secret Jun 12 09:49:24.257: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: INIT_DONE Event: EV_NO_EVENT Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Action: Action_Null Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: INIT_DONE Event: EV_GEN_SKEYID Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Generate skeyid Jun 12 09:49:24.258: IKEv2:(SESSION ID = 1,SA ID = 5):(SA ID = 5):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA Jun 12 09:49:24.258: IKEv2:(SESSION ID = 1,SA ID = 5):(SA ID C12345R1#= 5):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: INIT_DONE Event: EV_DONE Jun 12 09:49:24.258: IKEv2:(SESSION ID = 1,SA ID = 5):Completed SA init exchange Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: INIT_DONE Event: EV_CHK4_ROLE Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE Jun 12 09:49:24.258: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Sending config data to toolkit Jun 12 09:49:24.258: IKEv2:(SESSION ID = 1,SA ID = 5):Config data to send: Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Config-type C12345R1#: Config-request Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: ipv4-dns, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: ipv4-dns, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: ipv4-nbns, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: ipv4-nbns, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: ipv4-subnet, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: ipv6-dns, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: ipv6-subnet, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: app-version, length: 257, data: Cisco IOS Software [Amsterdam], ISR Software (ARMV8EL_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.4a, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2021 by Cisco C12345R1# Systems, Inc. Compiled Tue 20-Jul-21 04:11 by mcpre Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: split-dns, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: banner, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: config-url, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: backup-gateway, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Attrib type: def-domain, length: 0 Jun 12 09:49:24.259: IKEv2:(SESSION ID = 1,SA ID = 5):Have config mode data to send Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_CHK_FOR_PPK Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Context already unlocked for 80007F36368858 Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Tr C12345R1#ace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_CHK_PPK_MAND Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_CHK_EAP Jun 12 09:49:24.260: IKEv2:(SESSION ID = 1,SA ID = 5):Check for EAP exchange Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_GEN_AUTH Jun 12 09:49:24.260: IKEv2:(SESSION ID = 1,SA ID = 5):Generate my authentication data Jun 12 09:49:24.260: IKEv2:(SESSION ID = 1,SA ID = 5):[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data Jun 12 09:49:24.260: IKEv2:(SESSION ID = 1,SA ID = 5):[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> C12345R1# SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: unknown event Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE Jun 12 09:49:24.260: IKEv2:(SESSION ID = 1,SA ID = 5):Get my authentication method Jun 12 09:49:24.260: IKEv2:(SESSION ID = 1,SA ID = 5):My authentication method is 'RSA' Jun 12 09:49:24.260: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_SIGN Jun 12 09:49:24.260: IKEv2:(SESSION ID = 1,SA ID = 5):Sign authentication data Jun 12 09:49:24.297: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_NO_EVENT Jun 12 09:49:24.297: IKEv2-INTERNAL:(SESSION ID = C12345R1#1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_OK_RECD_SIG Jun 12 09:49:24.297: IKEv2:(SESSION ID = 1,SA ID = 5):Authentication material has been sucessfully signed Jun 12 09:49:24.297: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN Jun 12 09:49:24.297: IKEv2:(SESSION ID = 1,SA ID = 5):Check for EAP exchange Jun 12 09:49:24.297: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 0 CurState: I_BLD_AUTH Event: EV_SEND_AUTH Jun 12 09:49:24.297: IKEv2:(SESSION ID = 1,SA ID = 5):Generating IKE_AUTH message Jun 12 09:49:24.297: IKEv2:(SESSION ID = 1,SA ID = 5):Constructing IDi payload: 'X.io' of type 'FQDN' Jun 12 09:49:24.298: IKEv2:(SESSION ID = 1,SA ID = 5):ESP Proposal: 1, SPI size: 4 C12345R1# (IPSec negotiation), Num. transforms: 3 AES-CBC SHA96 Don't use ESN Jun 12 09:49:24.298: IKEv2:(SESSION ID = 1,SA ID = 5):Building packet for encryption. Payload contents: VID Next payload: IDi, reserved: 0x0, length: 20 IDi Next payload: CERT, reserved: 0x0, length: 14 Id type: FQDN, Reserved: 0x0 0x0 CERT Next payload: CERTREQ, reserved: 0x0, length: 972 Cert encoding X.509 Certificate - signature CERTREQ Next payload: NOTIFY, reserved: 0x0, length: 25 Cert encoding Hash and URL of PKIX NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) Next payload: AUTH, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: HTTP_CERT_LOOKUP_SUPPORTED AUTH Next payload: CFG, reserved: 0x0, length: 264 Auth method RSA, reserved: 0x0, reserved 0x0 CFG Next payload: SA, reserved: 0x0, length: 317 cfg type: CFG_REQUEST, reserved: 0x0, reserved: 0x0 attrib type: internal IP C12345R1#4 DNS, length: 0 attrib type: internal IP4 DNS, length: 0 attrib type: internal IP4 NBNS, length: 0 attrib type: internal IP4 NBNS, length: 0 attrib type: internal IP4 subnet, length: 0 attrib type: internal IP6 DNS, length: 0 attrib type: internal IP6 subnet, length: 0 attrib type: application version, length: 257 attrib type: Unknown - 28675, length: 0 attrib type: Unknown - 28672, length: 0 attrib type: Unknown - 28692, length: 0 attrib type: Unknown - 28681, length: 0 attrib type: Unknown - 28674, length: 0 SA Next payload: TSi, reserved: 0x0, length: 44 last proposal: 0x0, reserved: 0x0, length: 40 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 l C12345R1#ast transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NOTIFY, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: INITIAL_CONTACT NOTIFY(SET_WINDOW_SIZE) Next payload: NOTIFY, reserved: 0x0, length: 12 Security protocol id: Unknown - 0, spi size: 0, type: SET_WINDOW_SIZE NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8 C12345R1# Security protocol id: Unknown - 0, spi size: 0, type: ESP_TFC_NO_SUPPORT NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: NON_FIRST_FRAGS Jun 12 09:49:24.302: IKEv2:(SESSION ID = 1,SA ID = 5):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:24.302: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:24.303: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:24.528: IKEv2-INTERNAL:(S C12345R1#ESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:49:24.528: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet Jun 12 09:49:24.528: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : 08C6AFB6BCC3F41A - Responder SPI : 714EC031D5EDCEB3 Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:24.528: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:24.529: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:24.708: IKEv2:(SESSION ID = 1,SA ID = 5):Rece C12345R1#ived Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Jun 12 09:49:24.708: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 2556 Payload contents: IDr Next payload: CERT, reserved: 0x0, length: 53 Id type: DER ASN1 DN, Reserved: 0x0 0x0 CERT Next payload: CERT, reserved: 0x0, length: 1023 Cert encoding X.509 Certificate - signature CERT Next payload: AUTH, reserved: 0x0, length: 1059 Cert encoding X.509 Certificate - signature AUTH Next payload: SA, reserved: 0x0, length: 264 Auth method RSA, reserved: 0x0, reserved 0x0 SA Next payload: TSi, reserved: 0x0, length: 44 last proposal: 0x0, reserved: 0x0, length: 40 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: C12345R1# 3 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN TSi Next payload: TSr, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 TSr Next payload: NONE, reserved: 0x0, length: 24 Num of TSs: 1, reserved 0x0, reserved 0x0 TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 start port: 0, end port: 65535 start addr: 0.0.0.0, end addr: 255.255.255.255 Jun 12 09:49:24.710: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_ C12345R1#RECV_AUTH Jun 12 09:49:24.710: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Action: Action_Null Jun 12 09:49:24.710: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY Jun 12 09:49:24.710: IKEv2:(SESSION ID = 1,SA ID = 5):Process auth response notify Jun 12 09:49:24.710: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_PROC_AUTH Event: EV_PROC_MSG Jun 12 09:49:24.712: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:49:24.712: IKEv2:(SESSION ID = 1,SA ID = 5):Retransmitting packet Jun 12 09:49:24.712: IKEv2:(SESSION ID = 1,SA ID = 5):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A474 C12345R1#49A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:24.712: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:24.713: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:24.788: IKEv2-ERROR:(SESSION ID = 1,SA ID = 5):Response is outside of window received 0x1, expect 0x2 <= mess_id < 0x2 : Received an IKE msg id outside supported window Jun 12 09:49:24.788: IKEv2:(SESSION ID = 0,SA ID = 0):Received Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange RESPON C12345R1#SE Jun 12 09:49:24.788: IKEv2-PAK:(SESSION ID = 0,SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 2556 Jun 12 09:49:26.559: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:49:26.560: IKEv2:(SESSION ID = 1,SA ID = 5):Retransmitting packet Jun 12 09:49:26.560: IKEv2:(SESSION ID = 1,SA ID = 5):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:26.560: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:26.561: IKE C12345R1#v2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:26.649: IKEv2-ERROR:(SESSION ID = 1,SA ID = 5):Response is outside of window received 0x1, expect 0x2 <= mess_id < 0x2 : Received an IKE msg id outside supported window Jun 12 09:49:26.650: IKEv2:(SESSION ID = 0,SA ID = 0):Received Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Jun 12 09:49:26.650: IKEv2-PAK:(SESSION ID = 0,SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 2556 Jun 12 09:49:29.372: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 C12345R1# 09:49:29.372: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT_EXCEED Jun 12 09:49:29.372: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):: Maximum number of retransmissions reached Jun 12 09:49:29.372: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: AUTH_DONE Event: EV_FAIL Jun 12 09:49:29.372: IKEv2:(SESSION ID = 1,SA ID = 1):Auth exchange failed Jun 12 09:49:29.372: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):: Auth exchange failed Jun 12 09:49:29.373: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: EXIT Event: EV_ABORT Jun 12 09:49:29.373: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: EXIT Event: E C12345R1#V_CHK_PENDING_ABORT Jun 12 09:49:29.373: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: EXIT Event: EV_CHK_GKM Jun 12 09:49:29.373: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 1):SM Trace-> SA: I_SPI=08C6AFB6BCC3F41A R_SPI=714EC031D5EDCEB3 (I) MsgID = 1 CurState: EXIT Event: EV_UPDATE_CAC_STATS Jun 12 09:49:29.373: IKEv2:(SESSION ID = 1,SA ID = 1):Abort exchange Jun 12 09:49:29.373: IKEv2:(SESSION ID = 1,SA ID = 1):Deleting SA Jun 12 09:49:29.373: CRYPTO_PKI: Rcvd request to end PKI session A0363. Jun 12 09:49:29.373: CRYPTO_PKI: PKI session A0363 has ended. Freeing all resources. Jun 12 09:49:29.373: CRYPTO_PKI: unlocked trustpoint AWSVPNCert, refcount is 4 Jun 12 09:49:30.560: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:49:30.560: C12345R1#IKEv2:(SESSION ID = 1,SA ID = 5):Retransmitting packet Jun 12 09:49:30.560: IKEv2:(SESSION ID = 1,SA ID = 5):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:30.560: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:30.561: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:30.650: IKEv2-ERROR:(SESSION ID = 1,SA ID = 5):Response is outside of window received 0x1, expect 0x2 <= mess_id < 0x2 : Received an IKE msg id outside supported window Jun 12 09:49:30.650: IKEv2:(SESSION C12345R1# ID = 0,SA ID = 0):Received Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Jun 12 09:49:30.650: IKEv2-PAK:(SESSION ID = 0,SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 2556 Jun 12 09:49:37.916: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:49:37.916: IKEv2:(SESSION ID = 1,SA ID = 5):Retransmitting packet Jun 12 09:49:37.916: IKEv2:(SESSION ID = 1,SA ID = 5):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:37.916: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):N C12345R1#ext payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:37.917: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:38.013: IKEv2-ERROR:(SESSION ID = 1,SA ID = 5):Response is outside of window received 0x1, expect 0x2 <= mess_id < 0x2 : Received an IKE msg id outside supported window Jun 12 09:49:38.013: IKEv2:(SESSION ID = 0,SA ID = 0):Received Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Jun 12 09:49:38.013: IKEv2-PAK:(SESSION ID = 0,SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Messa C12345R1#ge id: 1, length: 2556 Jun 12 09:49:47.525: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Request has mess_id 0; expected 0 through 4 Jun 12 09:49:47.526: IKEv2:(SESSION ID = 1,SA ID = 5):Received Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 0 IKEv2 INFORMATIONAL Exchange REQUEST Jun 12 09:49:47.526: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: RESPONDER Message id: 0, length: 76 Payload contents: Jun 12 09:49:47.526: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (R) MsgID = 0 CurState: I_WAIT_AUTH Event: EV_RECV_INFO_REQ Jun 12 09:49:47.526: IKEv2-ERROR:(SESSION ID = 1,SA ID = 5):Current state I_WAIT_AUTH does not expect event, EV_RECV_INFO_REQ : Error encountered while navigating State Machine Jun 1 C12345R1#2 09:49:53.803: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:49:53.803: IKEv2:(SESSION ID = 1,SA ID = 5):Retransmitting packet Jun 12 09:49:53.804: IKEv2:(SESSION ID = 1,SA ID = 5):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:53.804: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:53.804: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:53.895: IKEv2-E C12345R1#RROR:(SESSION ID = 1,SA ID = 5):Response is outside of window received 0x1, expect 0x2 <= mess_id < 0x2 : Received an IKE msg id outside supported window Jun 12 09:49:53.896: IKEv2:(SESSION ID = 0,SA ID = 0):Received Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Jun 12 09:49:53.896: IKEv2-PAK:(SESSION ID = 0,SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 2556 Jun 12 09:49:54.212: IPSEC:(SESSION ID = 1) (key_engine) request timer fired: count = 5, (identity) local= 24.106.X.X:0, remote= 18.218.X.X:0, local_proxy= 0.0.0.0/0.0.0.0/256/0, remote_proxy= 0.0.0.0/0.0.0.0/256/0 Jun 12 09:49:55.395: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 4):SM Trace-> SA: I_SPI=A12576E07C089FB5 R_SPI=C37DFF047430220B (I) MsgID C12345R1# = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:49:55.396: IKEv2:(SESSION ID = 1,SA ID = 4):Retransmitting packet Jun 12 09:49:55.396: IKEv2:(SESSION ID = 1,SA ID = 4):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A12576E07C089FB5 - Responder SPI : C37DFF047430220B Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:55.396: IKEv2-PAK:(SESSION ID = 1,SA ID = 4):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:55.396: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 4):SM Trace-> SA: I_SPI=A12576E07C089FB5 R_SPI=C37DFF047430220B (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:56.596: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: I_WAIT_A C12345R1#UTH Event: EV_RE_XMT Jun 12 09:49:56.597: IKEv2:(SESSION ID = 1,SA ID = 2):Retransmitting packet Jun 12 09:49:56.597: IKEv2:(SESSION ID = 1,SA ID = 2):Sending Packet [To 18.218.X.X:4500/From 24.106.X.X:4500/VRF i0:f0] Initiator SPI : EBB6321D85BAD128 - Responder SPI : 588B23D02EC73ECE Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Jun 12 09:49:56.597: IKEv2-PAK:(SESSION ID = 1,SA ID = 2):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 1820 Payload contents: ENCR Next payload: VID, reserved: 0x0, length: 1792 Jun 12 09:49:56.598: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_NO_EVENT Jun 12 09:49:57.527: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Request has mess_id 0; expected 0 through 4 Jun 12 09:49:57.527: IKEv2:(SESSION ID = 1,SA ID = 5):Received Pa C12345R1#cket [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 0 IKEv2 INFORMATIONAL Exchange REQUEST Jun 12 09:49:57.527: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: RESPONDER Message id: 0, length: 76 Payload contents: Jun 12 09:49:57.528: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (R) MsgID = 0 CurState: I_WAIT_AUTH Event: EV_RECV_INFO_REQ Jun 12 09:49:57.528: IKEv2-ERROR:(SESSION ID = 1,SA ID = 5):Current state I_WAIT_AUTH does not expect event, EV_RECV_INFO_REQ : Error encountered while navigating State Machine C12345R1# Jun 12 09:50:01.592: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT Jun 12 09:50:01.592: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: I_WAIT_AUTH Event: EV_RE_XMT_EXCEED Jun 12 09:50:01.592: IKEv2-ERROR:(SESSION ID = 1,SA ID = 2):: Maximum number of retransmissions reached Jun 12 09:50:01.592: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: AUTH_DONE Event: EV_FAIL Jun 12 09:50:01.592: IKEv2:(SESSION ID = 1,SA ID = 2):Auth exchange failed Jun 12 09:50:01.592: IKEv2-ERROR:(SESSION ID = 1,SA ID = 2):: Auth exchange failed Jun 12 09:50:01.593: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: EXIT Event: EV_ABORT Jun 12 09:50:01.593: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: EXIT Event: EV_CHK_PENDING_ABORT Jun C12345R1# 12 09:50:01.593: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: EXIT Event: EV_CHK_GKM Jun 12 09:50:01.593: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 2):SM Trace-> SA: I_SPI=EBB6321D85BAD128 R_SPI=588B23D02EC73ECE (I) MsgID = 1 CurState: EXIT Event: EV_UPDATE_CAC_STATS Jun 12 09:50:01.593: IKEv2:(SESSION ID = 1,SA ID = 2):Abort exchange Jun 12 09:50:01.593: IKEv2:(SESSION ID = 1,SA ID = 2):Deleting SA Jun 12 09:50:01.593: CRYPTO_PKI: Rcvd request to end PKI session 90364. Jun 12 09:50:01.593: CRYPTO_PKI: PKI session 90364 has ended. Freeing all resources. Jun 12 09:50:01.593: CRYPTO_PKI: unlocked trustpoint AWSVPNCert, refcount is 3 C12345R1# Jun 12 09:50:07.528: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):Request has mess_id 0; expected 0 through 4 Jun 12 09:50:07.528: IKEv2:(SESSION ID = 1,SA ID = 5):Received Packet [From 18.218.X.X:4500/To 24.106.X.X:4500/VRF i0:f0] Initiator SPI : A47449A2BD1AE71A - Responder SPI : 5A1E2DF2291B6E9D Message id: 0 IKEv2 INFORMATIONAL Exchange REQUEST Jun 12 09:50:07.528: IKEv2-PAK:(SESSION ID = 1,SA ID = 5):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: RESPONDER Message id: 0, length: 76 Payload contents: C12345R1# Jun 12 09:50:07.529: IKEv2-INTERNAL:(SESSION ID = 1,SA ID = 5):SM Trace-> SA: I_SPI=A47449A2BD1AE71A R_SPI=5A1E2DF2291B6E9D (R) MsgID = 0 CurState: I_WAIT_AUTH Event: EV_RECV_INFO_REQ Jun 12 09:50:07.529: IKEv2-ERROR:(SESSION ID = 1,SA ID = 5):Current state I_WAIT_AUTH does not expect event, EV_RECV_INFO_REQ : Error encountered while navigating State Machine