TNG-UPH-A-FW-08-01/Internet# !-->packet tracer TNG-UPH-A-FW-08-01/Internet# !-->with source TNG-UPH-A-FW-08-01/Internet# !--> 192.168.27.52 TNG-UPH-A-FW-08-01/Internet# !--> to 10.8.14.1 branch TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# packet-tracer input inside icmp 192.168.27.52 8 0$ Phase: 1 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: found next-hop 122.200.3.246 using egress ifc Outside10G Phase: 2 Type: UN-NAT Subtype: static Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: NAT divert to egress interface Outside10G Untranslate 10.8.14.1/0 to 10.8.14.1/0 Phase: 3 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group Inside_access_in in interface Inside access-list Inside_access_in extended permit icmp any any Additional Information: Forward Flow based lookup yields rule: in id=0xff780ac4f0, priority=13, domain=permit, deny=false hits=4921492196, user_data=0x559100b580, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 4 Type: CONN-SETTINGS Subtype: Result: ALLOW Config: class-map class-default match any policy-map global_policy class class-default set connection decrement-ttl service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xffc04c2d80, priority=7, domain=conn-set, deny=false hits=63840238251, user_data=0xffc04c0910, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 5 Type: NAT Subtype: Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: Static translate 192.168.27.52/0 to 192.168.27.52/0 Forward Flow based lookup yields rule: in id=0xffd0a90010, priority=6, domain=nat, deny=false hits=2954, user_data=0xff98242b60, cs_id=0x0, flags=0x0, protocol=0 src ip/id=192.168.27.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.8.0.0, mask=255.255.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=Outside10G Phase: 6 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffca498950, priority=0, domain=nat-per-session, deny=true hits=27597040182, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 7 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffe92a4040, priority=0, domain=inspect-ip-options, deny=true hits=65217874792, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 8 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group Inside_access_in in interface Inside access-list Inside_access_in extended permit icmp any any Additional Information: Forward Flow based lookup yields rule: in id=0xff780ac4f0, priority=13, domain=permit, deny=false hits=4921492197, user_data=0x559100b580, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 9 Type: CONN-SETTINGS Subtype: Result: ALLOW Config: class-map class-default match any policy-map global_policy class class-default set connection decrement-ttl service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xffc04c2d80, priority=7, domain=conn-set, deny=false hits=63840238251, user_data=0xffc04c0910, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 10 Type: NAT Subtype: Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: Static translate 192.168.27.52/0 to 192.168.27.52/0 Forward Flow based lookup yields rule: in id=0xffd0a90010, priority=6, domain=nat, deny=false hits=2954, user_data=0xff98242b60, cs_id=0x0, flags=0x0, protocol=0 src ip/id=192.168.27.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.8.0.0, mask=255.255.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=Outside10G Phase: 11 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffca498950, priority=0, domain=nat-per-session, deny=true hits=27597040182, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 12 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffe92a4040, priority=0, domain=inspect-ip-options, deny=true hits=65217874792, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 13 Type: INSPECT Subtype: np-inspect Result: ALLOW Config: class-map inspection_default match default-inspection-traffic policy-map global_policy class inspection_default inspect icmp service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xffc04b7760, priority=70, domain=inspect-icmp, deny=false hits=6966497952, user_data=0xffc04b6cd0, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 14 Type: INSPECT Subtype: np-inspect Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffc04bd2b0, priority=70, domain=inspect-icmp-error, deny=false hits=6966497952, user_data=0xffc04bc820, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 15 Type: VPN Subtype: encrypt Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: out id=0xff7ccbf080, priority=70, domain=encrypt, deny=false hits=36, user_data=0x7e8d94c4, cs_id=0xffc72e1ee0, reverse, flags=0x0, protocol=0 src ip/id=192.168.27.52, mask=255.255.255.255, port=0, tag=any dst ip/id=10.8.14.0, mask=255.255.255.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=Outside10G Phase: 16 Type: NAT Subtype: rpf-check Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: Forward Flow based lookup yields rule: out id=0xffd2e48f90, priority=6, domain=nat-reverse, deny=false hits=2869, user_data=0xffba128380, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=192.168.27.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.8.0.0, mask=255.255.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=Outside10G Phase: 17 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffc29f67a0, priority=70, domain=ipsec-tunnel-flow, deny=false hits=36, user_data=0x7e8db05c, cs_id=0xffc72e1ee0, reverse, flags=0x0, protocol=0 src ip/id=10.8.14.0, mask=255.255.255.0, port=0, tag=any dst ip/id=192.168.27.52, mask=255.255.255.255, port=0, tag=any, dscp=0x0 input_ifc=Outside10G, output_ifc=any Phase: 18 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffca498950, priority=0, domain=nat-per-session, deny=true hits=27597040184, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 19 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffc4ff36a0, priority=0, domain=inspect-ip-options, deny=true hits=39021676925, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Outside10G, output_ifc=any Phase: 20 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 2629245067, packet dispatched to next module Module information for forward flow ... snp_fp_inspect_ip_options snp_fp_inspect_icmp snp_fp_translate snp_fp_adjacency snp_fp_encrypt snp_fp_fragment Result: input-interface: Inside input-status: up input-line-status: up output-interface: Outside10G output-status: up output-line-status: up Action: allow TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# !-->packet tracer TNG-UPH-A-FW-08-01/Internet# !-->with source TNG-UPH-A-FW-08-01/Internet# !--> 10.0.210.20 TNG-UPH-A-FW-08-01/Internet# !--> to 10.8.14.1 branch TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# packet-tracer input inside icmp 10.0.210.20 8 0 1$ Phase: 1 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: found next-hop 122.200.3.246 using egress ifc Outside10G Phase: 2 Type: UN-NAT Subtype: static Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: NAT divert to egress interface Outside10G Untranslate 10.8.14.1/0 to 10.8.14.1/0 Phase: 3 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group Inside_access_in in interface Inside access-list Inside_access_in extended permit icmp any any Additional Information: Forward Flow based lookup yields rule: in id=0xff780ac4f0, priority=13, domain=permit, deny=false hits=4921501138, user_data=0x559100b580, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 4 Type: CONN-SETTINGS Subtype: Result: ALLOW Config: class-map class-default match any policy-map global_policy class class-default set connection decrement-ttl service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xffc04c2d80, priority=7, domain=conn-set, deny=false hits=63840327102, user_data=0xffc04c0910, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 5 Type: NAT Subtype: Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: Static translate 10.0.210.20/0 to 10.0.210.20/0 Forward Flow based lookup yields rule: in id=0xffd2702bb0, priority=6, domain=nat, deny=false hits=2025, user_data=0xff98242b60, cs_id=0x0, flags=0x0, protocol=0 src ip/id=10.0.210.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.8.0.0, mask=255.255.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=Outside10G Phase: 6 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffca498950, priority=0, domain=nat-per-session, deny=true hits=27597074520, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 7 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffe92a4040, priority=0, domain=inspect-ip-options, deny=true hits=65217965658, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 8 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group Inside_access_in in interface Inside access-list Inside_access_in extended permit icmp any any Additional Information: Forward Flow based lookup yields rule: in id=0xff780ac4f0, priority=13, domain=permit, deny=false hits=4921501139, user_data=0x559100b580, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 9 Type: CONN-SETTINGS Subtype: Result: ALLOW Config: class-map class-default match any policy-map global_policy class class-default set connection decrement-ttl service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xffc04c2d80, priority=7, domain=conn-set, deny=false hits=63840327102, user_data=0xffc04c0910, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 10 Type: NAT Subtype: Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: Static translate 10.0.210.20/0 to 10.0.210.20/0 Forward Flow based lookup yields rule: in id=0xffd2702bb0, priority=6, domain=nat, deny=false hits=2025, user_data=0xff98242b60, cs_id=0x0, flags=0x0, protocol=0 src ip/id=10.0.210.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.8.0.0, mask=255.255.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=Outside10G Phase: 11 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffca498950, priority=0, domain=nat-per-session, deny=true hits=27597074520, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 12 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffe92a4040, priority=0, domain=inspect-ip-options, deny=true hits=65217965658, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 13 Type: INSPECT Subtype: np-inspect Result: ALLOW Config: class-map inspection_default match default-inspection-traffic policy-map global_policy class inspection_default inspect icmp service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xffc04b7760, priority=70, domain=inspect-icmp, deny=false hits=6966504100, user_data=0xffc04b6cd0, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 14 Type: INSPECT Subtype: np-inspect Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffc04bd2b0, priority=70, domain=inspect-icmp-error, deny=false hits=6966504100, user_data=0xffc04bc820, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=any Phase: 15 Type: VPN Subtype: encrypt Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: out id=0xffd9ad90b0, priority=70, domain=encrypt, deny=false hits=31, user_data=0x68633f6c, cs_id=0xffc72e1ee0, reverse, flags=0x0, protocol=0 src ip/id=10.0.210.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.8.14.0, mask=255.255.255.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=Outside10G Phase: 16 Type: NAT Subtype: rpf-check Result: ALLOW Config: nat (Inside,Outside10G) source static SiteToSiteMeraki_LocalNetwork SiteToSiteMeraki_LocalNetwork destination static SiteToSiteMeraki_SBY-2Network SiteToSiteMeraki_SBY-2Network no-proxy-arp route-lookup Additional Information: Forward Flow based lookup yields rule: out id=0xffd1d3ad00, priority=6, domain=nat-reverse, deny=false hits=2016, user_data=0xffba128380, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=10.0.210.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.8.0.0, mask=255.255.0.0, port=0, tag=any, dscp=0x0 input_ifc=Inside, output_ifc=Outside10G Phase: 17 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffda4dab80, priority=70, domain=ipsec-tunnel-flow, deny=false hits=31, user_data=0x6863502c, cs_id=0xffc72e1ee0, reverse, flags=0x0, protocol=0 src ip/id=10.8.14.0, mask=255.255.255.0, port=0, tag=any dst ip/id=10.0.210.0, mask=255.255.255.0, port=0, tag=any, dscp=0x0 input_ifc=Outside10G, output_ifc=any Phase: 18 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffca498950, priority=0, domain=nat-per-session, deny=true hits=27597074522, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 19 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffc4ff36a0, priority=0, domain=inspect-ip-options, deny=true hits=39021757699, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=Outside10G, output_ifc=any Phase: 20 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 2629323057, packet dispatched to next module Module information for forward flow ... snp_fp_inspect_ip_options snp_fp_inspect_icmp snp_fp_translate snp_fp_adjacency snp_fp_encrypt snp_fp_fragment snp_fp_tracer_drop Result: input-interface: Inside input-status: up input-line-status: up output-interface: Outside10G output-status: up output-line-status: up Action: allow TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# !--> Additional INFO : 1 TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# sh vpn-sessiondb detail l2l filter ipaddress 117.$ Session Type: LAN-to-LAN Detailed Connection : 117.102.75.130 Index : 140669 IP Addr : 117.102.75.130 Protocol : IKEv1 IPsec Encryption : IKEv1: (1)3DES IPsec: (8)AES256 Hashing : IKEv1: (1)SHA1 IPsec: (8)SHA1 Bytes Tx : 183204 Bytes Rx : 103064 Login Time : 15:10:11 WIB Wed Mar 27 2024 Duration : 0h:02m:47s IKEv1 Tunnels: 1 IPsec Tunnels: 8 IKEv1: Tunnel ID : 140669.1 UDP Src Port : 500 UDP Dst Port : 500 IKE Neg Mode : Main Auth Mode : preSharedKeys Encryption : 3DES Hashing : SHA1 Rekey Int (T): 12800 Seconds Rekey Left(T): 12633 Seconds D/H Group : 2 Filter Name : IPsec: Tunnel ID : 140669.2 Local Addr : 122.200.2.55/255.255.255.255/0/0 Remote Addr : 10.8.28.0/255.255.252.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28633 Seconds Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes Bytes Tx : 12300 Bytes Rx : 19884 Pkts Tx : 151 Pkts Rx : 254 IPsec: Tunnel ID : 140669.3 Local Addr : 122.200.12.34/255.255.255.255/0/0 Remote Addr : 10.8.0.0/255.255.0.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28634 Seconds Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes Bytes Tx : 1980 Bytes Rx : 0 Pkts Tx : 33 Pkts Rx : 0 IPsec: Tunnel ID : 140669.4 Local Addr : 192.168.27.10/255.255.255.255/0/0 Remote Addr : 10.8.28.0/255.255.252.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28634 Seconds Idle Time Out: 30 Minutes Idle TO Left : 30 Minutes Bytes Tx : 137414 Bytes Rx : 58711 Pkts Tx : 776 Pkts Rx : 807 IPsec: Tunnel ID : 140669.5 Local Addr : 192.168.27.52/255.255.255.255/0/0 Remote Addr : 10.8.14.0/255.255.255.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28650 Seconds Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes Bytes Tx : 5152 Bytes Rx : 5152 Pkts Tx : 62 Pkts Rx : 62 IPsec: Tunnel ID : 140669.6 Local Addr : 192.168.27.26/255.255.255.255/0/0 Remote Addr : 10.8.14.0/255.255.255.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28652 Seconds Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes Bytes Tx : 5124 Bytes Rx : 5124 Pkts Tx : 61 Pkts Rx : 61 IPsec: Tunnel ID : 140669.7 Local Addr : 192.168.27.184/255.255.255.255/0/0 Remote Addr : 10.8.14.0/255.255.255.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28653 Seconds Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes Bytes Tx : 5124 Bytes Rx : 5124 Pkts Tx : 61 Pkts Rx : 61 IPsec: Tunnel ID : 140669.8 Local Addr : 10.0.210.0/255.255.255.0/0/0 Remote Addr : 10.8.14.0/255.255.255.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28663 Seconds Idle Time Out: 30 Minutes Idle TO Left : 29 Minutes Bytes Tx : 2548 Bytes Rx : 2520 Pkts Tx : 31 Pkts Rx : 30 IPsec: Tunnel ID : 140669.9 Local Addr : 122.200.2.78/255.255.255.255/0/0 Remote Addr : 10.8.28.0/255.255.252.0/0/0 Encryption : AES256 Hashing : SHA1 Encapsulation: Tunnel Rekey Int (T): 28800 Seconds Rekey Left(T): 28688 Seconds Idle Time Out: 30 Minutes Idle TO Left : 28 Minutes Bytes Tx : 14144 Bytes Rx : 6757 Pkts Tx : 55 Pkts Rx : 59 TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# !--> Additional INFO : 2 TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# show crypto ipsec sa peer 117.102.75.130 detail peer address: 117.102.75.130 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip 10.0.210.0 255.255.255.0 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (10.0.210.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.8.14.0/255.255.255.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 31, #pkts encrypt: 31, #pkts digest: 31 #pkts decaps: 30, #pkts decrypt: 30, #pkts verify: 30 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 31, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: C22103E5 current inbound spi : A5482E4F inbound esp sas: spi: 0xA5482E4F (2772971087) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28653 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x7FFFFFFF outbound esp sas: spi: 0xC22103E5 (3256943589) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28652 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip host 122.200.2.55 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (122.200.2.55/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.8.28.0/255.255.252.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 157, #pkts encrypt: 157, #pkts digest: 157 #pkts decaps: 265, #pkts decrypt: 265, #pkts verify: 265 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 157, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: CA7778C8 current inbound spi : BAF9749C inbound esp sas: spi: 0xBAF9749C (3136910492) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28621 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0xFFFFFFFF 0xFFFFFFFF outbound esp sas: spi: 0xCA7778C8 (3396827336) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28621 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip host 122.200.2.78 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (122.200.2.78/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.8.28.0/255.255.252.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 55, #pkts encrypt: 55, #pkts digest: 55 #pkts decaps: 59, #pkts decrypt: 59, #pkts verify: 59 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 55, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: C158457E current inbound spi : 32E21A4D inbound esp sas: spi: 0x32E21A4D (853678669) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28677 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x0FFFFFFF 0xFFFFFFFF outbound esp sas: spi: 0xC158457E (3243787646) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28677 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip host 122.200.12.34 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (122.200.12.34/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.8.0.0/255.255.0.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 35, #pkts encrypt: 35, #pkts digest: 35 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 35, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: CE81BDF7 current inbound spi : 77681751 inbound esp sas: spi: 0x77681751 (2003310417) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28622 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 outbound esp sas: spi: 0xCE81BDF7 (3464609271) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28622 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip 192.168.27.0 255.255.255.0 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (192.168.27.10/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.8.28.0/255.255.252.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 812, #pkts encrypt: 812, #pkts digest: 812 #pkts decaps: 843, #pkts decrypt: 843, #pkts verify: 843 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 812, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: C5825D48 current inbound spi : C9214A78 inbound esp sas: spi: 0xC9214A78 (3374402168) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28622 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0xFFFFFFFF 0xFFFFFFFF outbound esp sas: spi: 0xC5825D48 (3313655112) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28622 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip 192.168.27.0 255.255.255.0 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (192.168.27.26/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.8.14.0/255.255.255.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 61, #pkts encrypt: 61, #pkts digest: 61 #pkts decaps: 61, #pkts decrypt: 61, #pkts verify: 61 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 61, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: C46C5B2F current inbound spi : 4F1E41E8 inbound esp sas: spi: 0x4F1E41E8 (1327383016) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28641 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x3FFFFFFF 0xFFFFFFFF outbound esp sas: spi: 0xC46C5B2F (3295435567) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28641 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip 192.168.27.0 255.255.255.0 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (192.168.27.52/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.8.14.0/255.255.255.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 62, #pkts encrypt: 62, #pkts digest: 62 #pkts decaps: 62, #pkts decrypt: 62, #pkts verify: 62 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 62, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: CD5ED0E8 current inbound spi : 2C944357 inbound esp sas: spi: 0x2C944357 (747914071) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28639 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x7FFFFFFF 0xFFFFFFFF outbound esp sas: spi: 0xCD5ED0E8 (3445543144) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28639 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 Crypto map tag: VPN-S2SAzure-Map, seq num: 140, local addr: 122.200.3.245 access-list SBY-MX extended permit ip 192.168.27.0 255.255.255.0 10.8.0.0 255.255.0.0 local ident (addr/mask/prot/port): (192.168.27.184/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (10.8.14.0/255.255.255.0/0/0) current_peer: 117.102.75.130 #pkts encaps: 61, #pkts encrypt: 61, #pkts digest: 61 #pkts decaps: 61, #pkts decrypt: 61, #pkts verify: 61 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 61, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 32767 #pkts invalid pad (rcv): 0, #pkts invalid ip version (send): 0, #pkts invalid ip version (rcv): 0 #pkts invalid len (send): 0, #pkts invalid len (rcv): 0 #pkts invalid ctx (send): 0, #pkts invalid ctx (rcv): 0 #pkts invalid ifc (send): 0, #pkts invalid ifc (rcv): 0 #pkts failed (send): 0, #pkts failed (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 122.200.3.245/0, remote crypto endpt.: 117.102.75.130/0 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled current outbound spi: C4422F0B current inbound spi : 5A6B8097 inbound esp sas: spi: 0x5A6B8097 (1516994711) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28642 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x3FFFFFFF 0xFFFFFFFF outbound esp sas: spi: 0xC4422F0B (3292671755) SA State: active transform: esp-aes-256 esp-sha-hmac no compression in use settings ={L2L, Tunnel, IKEv1, } slot: 0, conn_id: 140669, crypto-map: VPN-S2SAzure-Map sa timing: remaining key lifetime (sec): 28642 IV size: 16 bytes replay detection support: Y Anti replay bitmap: 0x00000000 0x00000001 TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet# TNG-UPH-A-FW-08-01/Internet#