*Feb 22 15:59:02.389: insert of map into mapdb AVL failed, map + ace pair already exists on the mapdb
*Feb 22 15:59:02.389: IPSEC:(SESSION ID = 2516) (recalculate_mtu) reset sadb_root 7082436F2AE0 mtu to 1500
*Feb 22 15:59:02.389: IPSEC(sa_request): ,
  (key eng. msg.) OUTBOUND local= 10.0.3.3:500, remote= 10.0.4.4:500,
    local_proxy= 0.0.0.0/0.0.0.0/256/0,
    remote_proxy= 0.0.0.0/0.0.0.0/256/0,
    protocol= ESP, transform= esp-gcm 256  (Tunnel), esn= FALSE,
    lifedur= 3600s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
*Feb 22 15:59:02.390: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
*Feb 22 15:59:02.390: IKEv2:% Getting preshared key from profile keyring IKEv2_KEYRING
*Feb 22 15:59:02.390: IKEv2:% Matched peer block 'ANY'
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 0,SA ID = 0):Searching Policy with fvrf 0, local address 10.0.3.3
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 0,SA ID = 0):Found Policy 'IKEv2_PROPOSAL'
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 19
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):Request queued for computation of DH key
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):IKEv2 initiator - no config data to send in IKE_SA_INIT exch
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):Generating IKE_SA_INIT message
*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 8
   AES-GCM   SHA256   SHA384   SHA512   DH_GROUP_256_ECP/Group 19   DH_GROUP_384_ECP/Group 20   DH_GROUP_521_ECP/Group 21   DH_GROUP_2048_256_MODP/Group 24

*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):Sending Packet [To 10.0.4.4:500/From 10.0.3.3:500/VRF i0:f0]
Initiator SPI : 39EF758A6B523BB9 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)

*Feb 22 15:59:02.390: IKEv2:(SESSION ID = 2604,SA ID = 1):Insert SA

*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):Received Packet [From 10.0.4.4:500/To 10.0.3.3:500/VRF i0:f0]
Initiator SPI : 39EF758A6B523BB9 - Responder SPI : 040C3B1627BBC398 Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
Payload contents:

*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing SA payload SA
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing KE payload KE
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing N payload N
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing VID payload VID
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing VID payload VID
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing VID payload VID
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing VID payload VID
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing NOTIFY payload NOTIFY(NAT_DETECTION_SOURCE_IP)
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing NOTIFY payload NOTIFY(NAT_DETECTION_DESTINATION_IP)
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing CERTREQ payload CERTREQ
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing NOTIFY payload NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED)

*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):Processing IKE_SA_INIT message
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):Verify SA init message
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):Processing IKE_SA_INIT message
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):Checking NAT discovery
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):NAT not found
*Feb 22 15:59:02.394: IKEv2:(SESSION ID = 2604,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 19
*Feb 22 15:59:02.396: IKEv2:(SE
SSION ID = 2604,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Feb 22 15:59:02.396: IKEv2:(SESSION ID = 2604,SA ID = 1):Request queued for computation of DH secret
*Feb 22 15:59:02.396: IKEv2:(SESSION ID = 2604,SA ID = 1):(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA
*Feb 22 15:59:02.396: IKEv2:(SESSION ID = 2604,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED
*Feb 22 15:59:02.396: IKEv2:(SESSION ID = 2604,SA ID = 1):Completed SA init exchange
*Feb 22 15:59:02.396: IKEv2:(SESSION ID = 2604,SA ID = 1):Config data to send:
*Feb 22 15:59:02.396: IKEv2:(SESSION ID = 2604,SA ID = 1):Config-type: Config-request
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: ipv4-dns, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: ipv4-dns, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: ipv4-nbns, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: ipv4-nbns, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: ipv4-subnet, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: ipv6-dns, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: ipv6-subnet, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: app-version, length: 247, data: Cisco IOS Software [IOSXE], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.13.1, RELEASE SOFTWARE (fc9)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2023 by Cisco Systems, Inc.
Compiled Thu 07-Dec-23 18:16 by mcpre
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: split-dns, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: banner, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: config-url, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: backup-gateway, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Attrib type: def-domain, length: 0
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Have config mode data to send
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Check for EAP exchange
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Generate my authentication data
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Use preshared key for id 10.0.3.3, key len 8
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Get my authentication method
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):My authentication method is 'PSK'
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Check for EAP exchange
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Generating IKE_AUTH message
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Constructing IDi payload: '10.0.3.3' of type 'IPv4 address'
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 2
   AES-GCM   Don't use ESN
*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Building packet for encryption.
Payload contents:
 VID IDi AUTH CFG SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS)

*Feb 22 15:59:02.397: IKEv2:(SESSION ID = 2604,SA ID = 1):Sending Packet [To 10.0.4.4:500/From 10.0.3.3:500/VRF i0:f0]
Initiator SPI : 39EF758A6B523BB9 - Responder SPI : 040C3B1627BBC398 Message id: 1
IKEv2 IKE_AUTH Exchange REQUEST
Payload contents:
 ENCR


*Feb 22 15:59:02.400: IKEv2:(SESSION ID = 2604,SA ID = 1):Received Packet [From 10.0.4.4:500/To 10.0.3.3:500/VRF i0
:f0]
Initiator SPI : 39EF758A6B523BB9 - Responder SPI : 040C3B1627BBC398 Message id: 1
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:

*Feb 22 15:59:02.400: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing ENCR payload
*Feb 22 15:59:02.400: IKEv2:(SESSION ID = 2604,SA ID = 1):parsing NOTIFY payload NOTIFY(AUTHENTICATION_FAILED)

*Feb 22 15:59:02.400: IKEv2:(SESSION ID = 2604,SA ID = 1):Process auth response notify
*Feb 22 15:59:02.402: IKEv2-ERROR:(SESSION ID = 2604,SA ID = 1):
*Feb 22 15:59:02.402: IKEv2:(SESSION ID = 2604,SA ID = 1):Auth exchange failed
*Feb 22 15:59:02.403: IKEv2-ERROR:(SESSION ID = 2604,SA ID = 1):: Auth exchange failed
*Feb 22 15:59:02.405: IKEv2:(SESSION ID = 2604,SA ID = 1):Abort exchange
*Feb 22 15:59:02.406: IKEv2:(SESSION ID = 2604,SA ID = 1):Deleting SA
*Feb 22 15:59:02.762: %SYS-5-CONFIG_I: Configured from console by cisco on console

*Feb 22 15:59:04.077: IKEv2:Received Packet [From
10.0.4.4:500/To 10.0.3.3:500/VRF i0:f0]
Initiator SPI : C1E8D9E624D9E407 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:

*Feb 22 15:59:04.077: IKEv2:parsing SA payload SA
*Feb 22 15:59:04.077: IKEv2:parsing KE payload KE
*Feb 22 15:59:04.077: IKEv2:parsing N payload N
*Feb 22 15:59:04.077: IKEv2:parsing VID payload VID
*Feb 22 15:59:04.077: IKEv2:parsing VID payload VID
*Feb 22 15:59:04.077: IKEv2:parsing VID payload VID
*Feb 22 15:59:04.077: IKEv2:parsing VID payload VID
*Feb 22 15:59:04.077: IKEv2:parsing NOTIFY payload NOTIFY(NAT_DETECTION_SOURCE_IP)
*Feb 22 15:59:04.077: IKEv2:parsing NOTIFY payload NOTIFY(NAT_DETECTION_DESTINATION_IP)

*Feb 22 15:59:04.077: IKEv2:(SESSION ID = 2605,SA ID = 1):Verify SA init message
*Feb 22 15:59:04.077: IKEv2:(SESSION ID = 2605,SA ID = 1):Insert SA
*Feb 22 15:59:04.077: IKEv2:Searching Policy with fvrf 0, local address
 10.0.3.3
*Feb 22 15:59:04.077: IKEv2:Found Policy 'IKEv2_PROPOSAL'
*Feb 22 15:59:04.077: IKEv2:(SESSION ID = 2605,SA ID = 1):Processing IKE_SA_INIT message
*Feb 22 15:59:04.077: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s)
*Feb 22 15:59:04.077: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'TP-self-signed-1057753575'   'SLA-TrustPoint'
*Feb 22 15:59:04.077: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints
*Feb 22 15:59:04.077: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED
*Feb 22 15:59:04.077: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session
*Feb 22 15:59:04.077: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED
*Feb 22 15:59:04.077: IKEv2:(SESSION ID = 2605,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 19
*Feb 22 15:59:04.077: IKEv2:(SESSION ID = 2605,SA ID = 1):(SA ID = 1):[Crypto Engi
ne -> IKEv2] DH key Computation PASSED
*Feb 22 15:59:04.077: IKEv2:(SESSION ID = 2605,SA ID = 1):Request queued for computation of DH key
*Feb 22 15:59:04.077: IKEv2:(SESSION ID = 2605,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 19
*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):Request queued for computation of DH secret
*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA
*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED
*Feb 22 15:59:04.080: IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch
*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):Generating
IKE_SA_INIT message
*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 3
   AES-GCM   SHA256   DH_GROUP_256_ECP/Group 19
*Feb 22 15:59:04.080: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s)
*Feb 22 15:59:04.080: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'TP-self-signed-1057753575'   'SLA-TrustPoint'
*Feb 22 15:59:04.080: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints
*Feb 22 15:59:04.080: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED

*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):Sending Packet [To 10.0.4.4:500/From 10.0.3.3:500/VRF i0:f0]
Initiator SPI : C1E8D9E624D9E407 - Responder SPI : 360A34428BC64DB9 Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
Payload contents:
 SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP)
NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED)

*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):Completed SA init exchange
*Feb 22 15:59:04.080: IKEv2:(SESSION ID = 2605,SA ID = 1):Starting timer (30 sec) to wait for auth message

*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):Received Packet [From 10.0.4.4:500/To 10.0.3.3:500/VRF i0:f0]
Initiator SPI : C1E8D9E624D9E407 - Responder SPI : 360A34428BC64DB9 Message id: 1
IKEv2 IKE_AUTH Exchange REQUEST
Payload contents:

*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing ENCR payload
*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing VID payload VID
*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing IDi payload IDi
*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing AUTH payload AUTH
*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing CFG pa
yload CFG
*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing SA payload SA
*Feb 22 15:59:04.083: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing TSi payload TSi
*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing TSr payload TSr
*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing NOTIFY payload NOTIFY(INITIAL_CONTACT)
*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing NOTIFY payload NOTIFY(SET_WINDOW_SIZE)
*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing NOTIFY payload NOTIFY(ESP_TFC_NO_SUPPORT)
*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):parsing NOTIFY payload NOTIFY(NON_FIRST_FRAGS)

*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):Stopping timer to wait for auth message
*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):Checking NAT discovery
*Feb 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):NAT not found
*Fe
b 22 15:59:04.084: IKEv2:(SESSION ID = 2605,SA ID = 1):Searching policy based on peer's identity '10.0.4.4' of type 'IPv4 address'
*Feb 22 15:59:04.085: IKEv2-ERROR:(SESSION ID = 2605,SA ID = 1):% IKEv2 profile not found
*Feb 22 15:59:04.086: ISAKMP: (0):peer matches *none* of the profiles
*Feb 22 15:59:04.088: IKEv2-ERROR:(SESSION ID = 2605,SA ID = 1):: Failed to locate an item in the database
*Feb 22 15:59:04.088: IKEv2:(SESSION ID = 2605,SA ID = 1):Verification of peer's authentication data FAILED
*Feb 22 15:59:04.088: IKEv2:(SESSION ID = 2605,SA ID = 1):Sending authentication failure notify
*Feb 22 15:59:04.088: IKEv2:(SESSION ID = 2605,SA ID = 1):Building packet for encryption.
Payload contents:
 NOTIFY(AUTHENTICATION_FAILED)

*Feb 22 15:59:04.088: IKEv2:(SESSION ID = 2605,SA ID = 1):Sending Packet [To 10.0.4.4:500/From 10.0.3.3:500/VRF i0:f0]
Initiator SPI : C1E8D9E624D9E407 - Responder SPI : 360A34428BC64DB9
Message id: 1
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:
 ENCR

*Feb 22 15:59:04.089: IKEv2:(SESSION ID = 2605,SA ID = 1):Auth exchange failed
*Feb 22 15:59:04.090: IKEv2-ERROR:(SESSION ID = 2605,SA ID = 1):: Auth exchange failed
*Feb 22 15:59:04.092: IKEv2:(SESSION ID = 2605,SA ID = 1):Abort exchange
*Feb 22 15:59:04.092: IKEv2:(SESSION ID = 2605,SA ID = 1):Deleting SA
*Feb 22 15:59:04.092: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session
*Feb 22 15:59:04.092: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED
*Feb 22 15:59:04.378: %LINK-3-UPDOWN: Interface Tunnel4000, changed state to up