*Aug 21 22:55:32.926: %SYS-6-TTY_EXPIRE_TIMER: (exec timer expired, tty 0 (0.0.0.0)), user *Aug 21 23:22:17.890: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up *Aug 21 23:22:18.890: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up *Aug 21 23:22:22.287: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/1, changed state to up *Aug 21 23:22:22.295: %LINK-3-UPDOWN: Interface Vlan1, changed state to up *Aug 21 23:22:23.286: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/1, changed state to up *Aug 21 23:22:23.295: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up *Aug 21 23:22:24.355: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/0, changed state to up *Aug 21 23:22:25.354: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/0, changed state to up *Aug 21 23:22:30.295: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/2, changed state to up *Aug 21 23:22:31.294: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/2, changed state to up *Aug 21 23:22:35.298: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/3, changed state to up *Aug 21 23:22:36.298: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/3, changed state to up VTARouter>enable Password: VTARouter# *Aug 21 23:23:08.105: ISAKMP: (0):SA request profile is (NULL) *Aug 21 23:23:08.105: ISAKMP: (0):Created a peer struct for 20.20.20.2, peer port 500 *Aug 21 23:23:08.105: ISAKMP: (0):New peer created peer = 0x80FFFF4BEB4760 peer_handle = 0x80000040000172 *Aug 21 23:23:08.105: ISAKMP: (0):Locking peer struct 0x80FFFF4BEB4760, refcount 1 for isakmp_initiator *Aug 21 23:23:08.105: ISAKMP: (0):local port 500, remote port 500 *Aug 21 23:23:08.105: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:23:08.106: ISAKMP: (0):insert sa successfully sa = 80FFFF4D123F28 *Aug 21 23:23:08.106: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Aug 21 23:23:08.106: ISAKMP: (0):found peer pre-shared key matching 20.20.20.2 *Aug 21 23:23:08.106: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Aug 21 23:23:08.106: ISAKMP: (0):constructed NAT-T vendor-07 ID *Aug 21 23:23:08.106: ISAKMP: (0):constructed NAT-T vendor-03 ID *Aug 21 23:23:08.106: ISAKMP: (0):constructed NAT-T vendor-02 ID *Aug 21 23:23:08.106: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Aug 21 23:23:08.106: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Aug 21 23:23:08.106: ISAKMP: (0):beginning Main Mode exchange *Aug 21 23:23:08.107: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:23:08.107: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:23:12.354: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/2, changed state to down *Aug 21 23:23:15.454: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/2, changed state to down *Aug 21 23:23:18.105: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:23:18.105: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Aug 21 23:23:18.105: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:23:18.106: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:23:18.106: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:23:24.462: %LINK-3-UPDOWN: Interface GigabitEthernet0/1/2, changed state to up *Aug 21 23:23:25.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1/2, changed state to up *Aug 21 23:23:28.107: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:23:28.107: ISAKMP: (0):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Aug 21 23:23:28.107: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:23:28.107: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:23:28.107: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:23:38.103: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:23:38.103: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 10.10.10.2, remote 20.20.20.2) *Aug 21 23:23:38.104: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA *Aug 21 23:23:38.104: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2. *Aug 21 23:23:38.106: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:23:38.106: ISAKMP: (0):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Aug 21 23:23:38.107: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:23:38.107: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:23:38.107: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:23:48.106: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:23:48.106: ISAKMP: (0):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Aug 21 23:23:48.106: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:23:48.106: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:23:48.106: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:23:58.107: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:23:58.107: ISAKMP: (0):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Aug 21 23:23:58.107: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:23:58.107: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:23:58.107: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:24:08.106: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:24:08.106: ISAKMP: (0):peer does not do paranoid keepalives. *Aug 21 23:24:08.107: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:24:08.107: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:24:08.107: ISAKMP: (0):Unlocking peer struct 0x80FFFF4BEB4760 for isadb_mark_sa_deleted(), count 0 *Aug 21 23:24:08.107: ISAKMP: (0):Deleting peer node by peer_reap for 20.20.20.2: 80FFFF4BEB4760 *Aug 21 23:24:08.108: ISAKMP: (0):deleting node 4041938 error FALSE reason "IKE deleted" *Aug 21 23:24:08.108: ISAKMP: (0):deleting node 2092569515 error FALSE reason "IKE deleted" *Aug 21 23:24:08.108: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Aug 21 23:24:08.108: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_DEST_SA *Aug 21 23:24:08.334: ISAKMP: (0):SA request profile is (NULL) *Aug 21 23:24:08.334: ISAKMP: (0):Created a peer struct for 20.20.20.2, peer port 500 *Aug 21 23:24:08.334: ISAKMP: (0):New peer created peer = 0x80FFFF4BEB4760 peer_handle = 0x80000040000173 *Aug 21 23:24:08.334: ISAKMP: (0):Locking peer struct 0x80FFFF4BEB4760, refcount 1 for isakmp_initiator *Aug 21 23:24:08.334: ISAKMP: (0):local port 500, remote port 500 *Aug 21 23:24:08.334: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:24:08.334: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80FFFF4AC86510 *Aug 21 23:24:08.334: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Aug 21 23:24:08.335: ISAKMP: (0):found peer pre-shared key matching 20.20.20.2 *Aug 21 23:24:08.335: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Aug 21 23:24:08.335: ISAKMP: (0):constructed NAT-T vendor-07 ID *Aug 21 23:24:08.335: ISAKMP: (0):constructed NAT-T vendor-03 ID *Aug 21 23:24:08.335: ISAKMP: (0):constructed NAT-T vendor-02 ID *Aug 21 23:24:08.335: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Aug 21 23:24:08.335: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Aug 21 23:24:08.335: ISAKMP: (0):beginning Main Mode exchange *Aug 21 23:24:08.335: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:24:08.335: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:24:18.334: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:24:18.334: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Aug 21 23:24:18.334: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:24:18.334: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:24:18.334: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:24:28.335: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:24:28.335: ISAKMP: (0):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Aug 21 23:24:28.335: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:24:28.335: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:24:28.335: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:24:38.335: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:24:38.335: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 10.10.10.2, remote 20.20.20.2) *Aug 21 23:24:38.335: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA *Aug 21 23:24:38.336: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2. *Aug 21 23:24:38.336: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:24:38.336: ISAKMP: (0):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Aug 21 23:24:38.336: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:24:38.336: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:24:38.336: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:24:48.334: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:24:48.335: ISAKMP: (0):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Aug 21 23:24:48.335: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:24:48.335: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:24:48.335: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:24:58.106: ISAKMP: (0):purging node 4041938 *Aug 21 23:24:58.107: ISAKMP: (0):purging node 2092569515 *Aug 21 23:24:58.334: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:24:58.334: ISAKMP: (0):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Aug 21 23:24:58.334: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:24:58.334: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:24:58.334: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:25:08.106: ISAKMP: (0):purging SA., sa=80FFFF4D123F28, delme=80FFFF4D123F28 *Aug 21 23:25:08.333: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:25:08.333: ISAKMP: (0):peer does not do paranoid keepalives. *Aug 21 23:25:08.334: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:25:08.334: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:25:08.334: ISAKMP: (0):Unlocking peer struct 0x80FFFF4BEB4760 for isadb_mark_sa_deleted(), count 0 *Aug 21 23:25:08.334: ISAKMP: (0):Deleting peer node by peer_reap for 20.20.20.2: 80FFFF4BEB4760 *Aug 21 23:25:08.335: ISAKMP: (0):deleting node 1087487115 error FALSE reason "IKE deleted" *Aug 21 23:25:08.335: ISAKMP: (0):deleting node 639102807 error FALSE reason "IKE deleted" *Aug 21 23:25:08.335: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Aug 21 23:25:08.335: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_DEST_SA *Aug 21 23:25:08.339: ISAKMP: (0):SA request profile is (NULL) *Aug 21 23:25:08.339: ISAKMP: (0):Created a peer struct for 20.20.20.2, peer port 500 *Aug 21 23:25:08.339: ISAKMP: (0):New peer created peer = 0x80FFFF4BEB4760 peer_handle = 0x80000040000174 *Aug 21 23:25:08.339: ISAKMP: (0):Locking peer struct 0x80FFFF4BEB4760, refcount 1 for isakmp_initiator *Aug 21 23:25:08.339: ISAKMP: (0):local port 500, remote port 500 *Aug 21 23:25:08.339: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:25:08.339: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80FFFF4D123F28 *Aug 21 23:25:08.339: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Aug 21 23:25:08.340: ISAKMP: (0):found peer pre-shared key matching 20.20.20.2 *Aug 21 23:25:08.340: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Aug 21 23:25:08.340: ISAKMP: (0):constructed NAT-T vendor-07 ID *Aug 21 23:25:08.340: ISAKMP: (0):constructed NAT-T vendor-03 ID *Aug 21 23:25:08.340: ISAKMP: (0):constructed NAT-T vendor-02 ID *Aug 21 23:25:08.340: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Aug 21 23:25:08.340: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Aug 21 23:25:08.340: ISAKMP: (0):beginning Main Mode exchange *Aug 21 23:25:08.340: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:25:08.340: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:25:18.338: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:25:18.338: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Aug 21 23:25:18.338: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:25:18.338: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:25:18.338: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:25:28.338: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:25:28.339: ISAKMP: (0):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Aug 21 23:25:28.339: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:25:28.339: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:25:28.339: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:25:38.354: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:25:38.354: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 10.10.10.2, remote 20.20.20.2) *Aug 21 23:25:38.354: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA *Aug 21 23:25:38.354: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2. *Aug 21 23:25:38.354: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:25:38.354: ISAKMP: (0):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Aug 21 23:25:38.354: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:25:38.354: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:25:38.355: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:25:48.354: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:25:48.354: ISAKMP: (0):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Aug 21 23:25:48.354: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:25:48.355: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:25:48.355: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:25:58.334: ISAKMP: (0):purging node 1087487115 *Aug 21 23:25:58.334: ISAKMP: (0):purging node 639102807 *Aug 21 23:25:58.354: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:25:58.354: ISAKMP: (0):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Aug 21 23:25:58.354: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:25:58.354: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:25:58.354: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:26:08.334: ISAKMP: (0):purging SA., sa=80FFFF4AC86510, delme=80FFFF4AC86510 *Aug 21 23:26:08.353: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:26:08.353: ISAKMP: (0):peer does not do paranoid keepalives. *Aug 21 23:26:08.354: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:26:08.354: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:26:08.354: ISAKMP: (0):Unlocking peer struct 0x80FFFF4BEB4760 for isadb_mark_sa_deleted(), count 0 *Aug 21 23:26:08.354: ISAKMP: (0):Deleting peer node by peer_reap for 20.20.20.2: 80FFFF4BEB4760 *Aug 21 23:26:08.355: ISAKMP: (0):deleting node 3210441431 error FALSE reason "IKE deleted" *Aug 21 23:26:08.355: ISAKMP: (0):deleting node 1408180759 error FALSE reason "IKE deleted" *Aug 21 23:26:08.355: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Aug 21 23:26:08.355: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_DEST_SA *Aug 21 23:26:14.249: ISAKMP: (0):SA request profile is (NULL) *Aug 21 23:26:14.249: ISAKMP: (0):Created a peer struct for 20.20.20.2, peer port 500 *Aug 21 23:26:14.249: ISAKMP: (0):New peer created peer = 0x80FFFF4BEB4760 peer_handle = 0x80000040000175 *Aug 21 23:26:14.249: ISAKMP: (0):Locking peer struct 0x80FFFF4BEB4760, refcount 1 for isakmp_initiator *Aug 21 23:26:14.249: ISAKMP: (0):local port 500, remote port 500 *Aug 21 23:26:14.249: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:26:14.250: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80FFFF3FC06470 *Aug 21 23:26:14.250: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Aug 21 23:26:14.250: ISAKMP: (0):found peer pre-shared key matching 20.20.20.2 *Aug 21 23:26:14.250: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Aug 21 23:26:14.250: ISAKMP: (0):constructed NAT-T vendor-07 ID *Aug 21 23:26:14.250: ISAKMP: (0):constructed NAT-T vendor-03 ID *Aug 21 23:26:14.250: ISAKMP: (0):constructed NAT-T vendor-02 ID *Aug 21 23:26:14.250: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Aug 21 23:26:14.250: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Aug 21 23:26:14.250: ISAKMP: (0):beginning Main Mode exchange *Aug 21 23:26:14.250: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:26:14.250: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:26:20.799: ISAKMP-PAK: (0):received packet from 30.30.30.2 dport 500 sport 500 Global (N) NEW SA *Aug 21 23:26:20.799: ISAKMP: (0):Created a peer struct for 30.30.30.2, peer port 500 *Aug 21 23:26:20.800: ISAKMP: (0):New peer created peer = 0x80FFFF49BF2548 peer_handle = 0x80000040000176 *Aug 21 23:26:20.800: ISAKMP: (0):Locking peer struct 0x80FFFF49BF2548, refcount 1 for crypto_isakmp_process_block *Aug 21 23:26:20.800: ISAKMP: (0):local port 500, remote port 500 *Aug 21 23:26:20.800: ISAKMP: (0):insert sa successfully sa = 80FFFF4CF5C500 *Aug 21 23:26:20.800: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Aug 21 23:26:20.800: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1 *Aug 21 23:26:20.800: ISAKMP: (0):processing SA payload. message ID = 0 *Aug 21 23:26:20.801: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.801: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch *Aug 21 23:26:20.801: ISAKMP: (0):vendor ID is NAT-T v2 *Aug 21 23:26:20.801: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.801: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch *Aug 21 23:26:20.801: ISAKMP: (0):vendor ID is NAT-T v3 *Aug 21 23:26:20.801: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.801: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch *Aug 21 23:26:20.801: ISAKMP: (0):vendor ID is NAT-T RFC 3947 *Aug 21 23:26:20.801: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.801: ISAKMP: (0):processing IKE frag vendor id payload *Aug 21 23:26:20.801: ISAKMP: (0):Support for IKE Fragmentation not enabled *Aug 21 23:26:20.802: ISAKMP-ERROR: (0):No pre-shared key with 30.30.30.2! *Aug 21 23:26:20.802: ISAKMP: (0):Scanning profiles for xauth ... *Aug 21 23:26:20.802: ISAKMP: (0):Checking ISAKMP transform 1 against priority 10 policy *Aug 21 23:26:20.802: ISAKMP: (0): default group 5 *Aug 21 23:26:20.802: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.802: ISAKMP: (0): keylength of 128 *Aug 21 23:26:20.802: ISAKMP: (0): hash SHA *Aug 21 23:26:20.802: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.802: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.802: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Aug 21 23:26:20.803: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.803: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Aug 21 23:26:20.803: ISAKMP: (0):Checking ISAKMP transform 2 against priority 10 policy *Aug 21 23:26:20.803: ISAKMP: (0): default group 5 *Aug 21 23:26:20.803: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.803: ISAKMP: (0): keylength of 192 *Aug 21 23:26:20.803: ISAKMP: (0): hash SHA *Aug 21 23:26:20.803: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.803: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.803: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Aug 21 23:26:20.803: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.804: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Aug 21 23:26:20.804: ISAKMP: (0):Checking ISAKMP transform 3 against priority 10 policy *Aug 21 23:26:20.804: ISAKMP: (0): default group 2 *Aug 21 23:26:20.804: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.804: ISAKMP: (0): keylength of 256 *Aug 21 23:26:20.804: ISAKMP: (0): hash SHA *Aug 21 23:26:20.804: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.804: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.804: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Aug 21 23:26:20.804: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.804: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Aug 21 23:26:20.804: ISAKMP: (0):Checking ISAKMP transform 4 against priority 10 policy *Aug 21 23:26:20.804: ISAKMP: (0): default group 2 *Aug 21 23:26:20.804: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.804: ISAKMP: (0): keylength of 192 *Aug 21 23:26:20.804: ISAKMP: (0): hash SHA *Aug 21 23:26:20.804: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.804: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.804: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Aug 21 23:26:20.805: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.805: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Aug 21 23:26:20.805: ISAKMP: (0):Checking ISAKMP transform 5 against priority 10 policy *Aug 21 23:26:20.805: ISAKMP: (0): default group 2 *Aug 21 23:26:20.805: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.805: ISAKMP: (0): keylength of 128 *Aug 21 23:26:20.805: ISAKMP: (0): hash SHA *Aug 21 23:26:20.805: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.805: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.805: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Aug 21 23:26:20.805: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.805: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Aug 21 23:26:20.805: ISAKMP: (0):Checking ISAKMP transform 6 against priority 10 policy *Aug 21 23:26:20.805: ISAKMP: (0): default group 2 *Aug 21 23:26:20.805: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.805: ISAKMP: (0): keylength of 128 *Aug 21 23:26:20.805: ISAKMP: (0): hash MD5 *Aug 21 23:26:20.805: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.805: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.805: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Aug 21 23:26:20.806: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.806: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Aug 21 23:26:20.806: ISAKMP: (0):Checking ISAKMP transform 7 against priority 10 policy *Aug 21 23:26:20.806: ISAKMP: (0): default group 5 *Aug 21 23:26:20.806: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.806: ISAKMP: (0): keylength of 256 *Aug 21 23:26:20.806: ISAKMP: (0): hash SHA *Aug 21 23:26:20.806: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.806: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.806: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Aug 21 23:26:20.806: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.806: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 3 *Aug 21 23:26:20.806: ISAKMP: (0):Checking ISAKMP transform 8 against priority 10 policy *Aug 21 23:26:20.806: ISAKMP: (0): default group 5 *Aug 21 23:26:20.807: ISAKMP: (0): encryption AES-CBC *Aug 21 23:26:20.807: ISAKMP: (0): keylength of 128 *Aug 21 23:26:20.807: ISAKMP: (0): hash SHA *Aug 21 23:26:20.807: ISAKMP: (0): auth pre-share *Aug 21 23:26:20.807: ISAKMP: (0): life type in seconds *Aug 21 23:26:20.807: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Aug 21 23:26:20.807: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy! *Aug 21 23:26:20.807: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0 *Aug 21 23:26:20.807: ISAKMP-ERROR: (0):no offers accepted! *Aug 21 23:26:20.807: ISAKMP-ERROR: (0):phase 1 SA policy not acceptable! (local 10.10.10.2 remote 30.30.30.2) *Aug 21 23:26:20.808: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init *Aug 21 23:26:20.808: ISAKMP-PAK: (0):sending packet to 30.30.30.2 my_port 500 peer_port 500 (R) MM_NO_STATE *Aug 21 23:26:20.808: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:26:20.808: ISAKMP: (0):peer does not do paranoid keepalives. *Aug 21 23:26:20.808: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 30.30.30.2) *Aug 21 23:26:20.808: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.809: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch *Aug 21 23:26:20.809: ISAKMP: (0):vendor ID is NAT-T v2 *Aug 21 23:26:20.809: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.809: ISAKMP: (0):vendor ID seems Unity/DPD but major 157 mismatch *Aug 21 23:26:20.809: ISAKMP: (0):vendor ID is NAT-T v3 *Aug 21 23:26:20.809: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.809: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch *Aug 21 23:26:20.809: ISAKMP: (0):vendor ID is NAT-T RFC 3947 *Aug 21 23:26:20.809: ISAKMP: (0):processing vendor id payload *Aug 21 23:26:20.809: ISAKMP: (0):processing IKE frag vendor id payload *Aug 21 23:26:20.809: ISAKMP: (0):Support for IKE Fragmentation not enabled *Aug 21 23:26:20.810: ISAKMP-ERROR: (0):(0): FSM action returned error: 2 *Aug 21 23:26:20.810: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Aug 21 23:26:20.810: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM1 *Aug 21 23:26:20.811: ISAKMP-ERROR: (0):deleting SA reason "Phase1 SA policy proposal not accepted" state (R) MM_NO_STATE (peer 30.30.30.2) *Aug 21 23:26:20.811: ISAKMP: (0):Unlocking peer struct 0x80FFFF49BF2548 for isadb_mark_sa_deleted(), count 0 *Aug 21 23:26:20.811: ISAKMP: (0):Deleting peer node by peer_reap for 30.30.30.2: 80FFFF49BF2548 *Aug 21 23:26:20.811: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Aug 21 23:26:20.812: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_DEST_SA *Aug 21 23:26:24.251: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:26:24.251: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Aug 21 23:26:24.251: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:26:24.251: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:26:24.251: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:26:28.791: ISAKMP-PAK: (0):received packet from 30.30.30.2 dport 500 sport 500 Global (R) MM_NO_STATE *Aug 21 23:26:34.250: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:26:34.251: ISAKMP: (0):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Aug 21 23:26:34.251: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:26:34.251: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:26:34.251: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:26:36.791: ISAKMP-PAK: (0):received packet from 30.30.30.2 dport 500 sport 500 Global (R) MM_NO_STATE *Aug 21 23:26:44.246: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:26:44.246: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 10.10.10.2, remote 20.20.20.2) *Aug 21 23:26:44.246: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA *Aug 21 23:26:44.246: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2. *Aug 21 23:26:44.251: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:26:44.251: ISAKMP: (0):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Aug 21 23:26:44.251: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:26:44.251: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:26:44.251: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:26:44.791: ISAKMP-PAK: (0):received packet from 30.30.30.2 dport 500 sport 500 Global (R) MM_NO_STATE *Aug 21 23:26:54.250: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:26:54.250: ISAKMP: (0):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Aug 21 23:26:54.250: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:26:54.251: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:26:54.251: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:26:58.354: ISAKMP: (0):purging node 3210441431 *Aug 21 23:26:58.354: ISAKMP: (0):purging node 1408180759 *Aug 21 23:27:04.251: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:27:04.251: ISAKMP: (0):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Aug 21 23:27:04.251: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:27:04.251: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:27:04.251: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:27:08.354: ISAKMP: (0):purging SA., sa=80FFFF4D123F28, delme=80FFFF4D123F28 *Aug 21 23:27:14.250: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:27:14.250: ISAKMP: (0):peer does not do paranoid keepalives. *Aug 21 23:27:14.250: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:27:14.251: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:27:14.251: ISAKMP: (0):Unlocking peer struct 0x80FFFF4BEB4760 for isadb_mark_sa_deleted(), count 0 *Aug 21 23:27:14.251: ISAKMP: (0):Deleting peer node by peer_reap for 20.20.20.2: 80FFFF4BEB4760 *Aug 21 23:27:14.252: ISAKMP: (0):deleting node 2890331829 error FALSE reason "IKE deleted" *Aug 21 23:27:14.252: ISAKMP: (0):deleting node 2846821450 error FALSE reason "IKE deleted" *Aug 21 23:27:14.252: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Aug 21 23:27:14.252: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_DEST_SA *Aug 21 23:27:18.316: ISAKMP: (0):SA request profile is (NULL) *Aug 21 23:27:18.316: ISAKMP: (0):Created a peer struct for 20.20.20.2, peer port 500 *Aug 21 23:27:18.316: ISAKMP: (0):New peer created peer = 0x80FFFF4BEB4760 peer_handle = 0x80000040000178 *Aug 21 23:27:18.317: ISAKMP: (0):Locking peer struct 0x80FFFF4BEB4760, refcount 1 for isakmp_initiator *Aug 21 23:27:18.317: ISAKMP: (0):local port 500, remote port 500 *Aug 21 23:27:18.317: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:27:18.317: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80FFFF4D123F28 *Aug 21 23:27:18.317: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Aug 21 23:27:18.317: ISAKMP: (0):found peer pre-shared key matching 20.20.20.2 *Aug 21 23:27:18.317: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Aug 21 23:27:18.317: ISAKMP: (0):constructed NAT-T vendor-07 ID *Aug 21 23:27:18.318: ISAKMP: (0):constructed NAT-T vendor-03 ID *Aug 21 23:27:18.318: ISAKMP: (0):constructed NAT-T vendor-02 ID *Aug 21 23:27:18.318: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Aug 21 23:27:18.318: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Aug 21 23:27:18.318: ISAKMP: (0):beginning Main Mode exchange *Aug 21 23:27:18.318: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:27:18.318: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:27:20.811: ISAKMP: (0):purging SA., sa=80FFFF4CF5C500, delme=80FFFF4CF5C500 VTARouter#stop console logging ^ % Invalid input detected at '^' marker. VTARouter# *Aug 21 23:27:28.318: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:27:28.318: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Aug 21 23:27:28.318: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:27:28.318: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:27:28.318: ISAKMP: (0):Sending an IKE IPv4 Packet.conf t Enter configuration commands, one per line. End with CNTL/Z. VTARouter(config)#stop console logging ^ % Invalid input detected at '^' marker. VTARouter(config)# *Aug 21 23:27:38.319: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:27:38.319: ISAKMP: (0):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Aug 21 23:27:38.319: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:27:38.319: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:27:38.319: ISAKMP: (0):Sending an IKE IPv4 Packet.no conso *Aug 21 23:27:48.315: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:27:48.315: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 10.10.10.2, remote 20.20.20.2) *Aug 21 23:27:48.316: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA *Aug 21 23:27:48.316: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2. *Aug 21 23:27:48.318: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:27:48.319: ISAKMP: (0):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Aug 21 23:27:48.319: ISAKMP: (0):retransmitting phase 1 MM_NO_STATEle logg *Aug 21 23:27:48.319: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:27:48.319: ISAKMP: (0):Sending an IKE IPv4 Packet.ing ^ % Invalid input detected at '^' marker. VTARouter(config)#exit VTARouter# *Aug 21 23:27:56.853: %SYS-5-CONFIG_I: Configured from console by console VTARouter# *Aug 21 23:27:58.319: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:27:58.319: ISAKMP: (0):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Aug 21 23:27:58.319: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:27:58.319: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:27:58.319: ISAKMP: (0):Sending an IKE IPv4 Packet.no console logging ^ % Invalid input detected at '^' marker. VTARouter# *Aug 21 23:28:04.249: ISAKMP: (0):purging node 2890331829 *Aug 21 23:28:04.249: ISAKMP: (0):purging node 2846821450 *Aug 21 23:28:08.318: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:28:08.319: ISAKMP: (0):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Aug 21 23:28:08.319: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:28:08.319: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:28:08.319: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:28:14.250: ISAKMP: (0):purging SA., sa=80FFFF3FC06470, delme=80FFFF3FC06470 *Aug 21 23:28:18.318: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:28:18.318: ISAKMP: (0):peer does not do paranoid keepalives. *Aug 21 23:28:18.318: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:28:18.319: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 20.20.20.2) *Aug 21 23:28:18.319: ISAKMP: (0):Unlocking peer struct 0x80FFFF4BEB4760 for isadb_mark_sa_deleted(), count 0 *Aug 21 23:28:18.319: ISAKMP: (0):Deleting peer node by peer_reap for 20.20.20.2: 80FFFF4BEB4760 *Aug 21 23:28:18.320: ISAKMP: (0):deleting node 1776083288 error FALSE reason "IKE deleted" *Aug 21 23:28:18.320: ISAKMP: (0):deleting node 3476150412 error FALSE reason "IKE deleted" *Aug 21 23:28:18.320: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Aug 21 23:28:18.320: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_DEST_SA *Aug 21 23:28:18.327: ISAKMP: (0):SA request profile is (NULL) *Aug 21 23:28:18.327: ISAKMP: (0):Created a peer struct for 20.20.20.2, peer port 500 *Aug 21 23:28:18.327: ISAKMP: (0):New peer created peer = 0x80FFFF4BEB4760 peer_handle = 0x80000040000177 *Aug 21 23:28:18.327: ISAKMP: (0):Locking peer struct 0x80FFFF4BEB4760, refcount 1 for isakmp_initiator *Aug 21 23:28:18.327: ISAKMP: (0):local port 500, remote port 500 *Aug 21 23:28:18.327: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:28:18.327: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80FFFF4CF5C500 *Aug 21 23:28:18.327: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Aug 21 23:28:18.327: ISAKMP: (0):found peer pre-shared key matching 20.20.20.2 *Aug 21 23:28:18.327: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Aug 21 23:28:18.328: ISAKMP: (0):constructed NAT-T vendor-07 ID *Aug 21 23:28:18.328: ISAKMP: (0):constructed NAT-T vendor-03 ID *Aug 21 23:28:18.328: ISAKMP: (0):constructed NAT-T vendor-02 ID *Aug 21 23:28:18.328: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Aug 21 23:28:18.328: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Aug 21 23:28:18.328: ISAKMP: (0):beginning Main Mode exchange *Aug 21 23:28:18.328: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:28:18.328: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:28:28.326: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:28:28.326: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Aug 21 23:28:28.326: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:28:28.326: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:28:28.327: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:28:31.004: %IOSXE-6-PLATFORM: R0/0: cpp_cp: QFP:0.0 Thread:000 TS:00009871860523652240 %FW-6-DROP_PKT: Dropping tcp pkt from GigabitEthernet0/0/1 23.204.250.97:443 => 192.168.0.14:58460(target:class)-(OUTSIDE-INSIDE:class-default) due to Policy drop:classify result with ip ident 63436 tcp flag 0x19, seq 3356394286, ack 4134163323 *Aug 21 23:28:36.610: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=10.10.10.2, prot=50, spi=0x30303030(808464432), srcaddr=207.90.244.4, input interface=GigabitEthernet0/0/1 *Aug 21 23:28:36.610: ISAKMP-ERROR: (0):ignoring request to send delete notify (no ISAKMP sa) src 10.10.10.2 dst 207.90.244.4 for SPI 0x30303030 VTARouter# *Aug 21 23:28:38.327: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:28:38.327: ISAKMP: (0):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Aug 21 23:28:38.327: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:28:38.327: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:28:38.328: ISAKMP: (0):Sending an IKE IPv4 Packet.no logging console ^ % Invalid input detected at '^' marker. VTARouter#conf t Enter configuration commands, one per line. End with CNTL/Z. VTARouter(config)#no loggin *Aug 21 23:28:48.326: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Aug 21 23:28:48.326: ISAKMP: (0):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Aug 21 23:28:48.326: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Aug 21 23:28:48.326: ISAKMP-PAK: (0):sending packet to 20.20.20.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Aug 21 23:28:48.326: ISAKMP: (0):Sending an IKE IPv4 Packet. *Aug 21 23:28:48.327: ISAKMP: (0):set new node 0 to QM_IDLE *Aug 21 23:28:48.327: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 10.10.10.2, remote 20.20.20.2)g cons *Aug 21 23:28:48.327: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA *Aug 21 23:28:48.328: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2.ole VTARouter(config)#exit VTARouter#show crypto ipsec sa interface: GigabitEthernet0/0/1 Crypto map tag: mymap, local addr 10.10.10.2 protected vrf: (none) local ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0) current_peer 20.20.20.2 port 500 PERMIT, flags={origin_is_acl,ipsec_sa_request_sent} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 125, #recv errors 0 local crypto endpt.: 10.10.10.2, remote crypto endpt.: 20.20.20.2 plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0/1 current outbound spi: 0x0(0) PFS (Y/N): N, DH group: none inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: VTARouter#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id status 20.20.20.2 10.10.10.2 MM_NO_STATE 0 ACTIVE 20.20.20.2 10.10.10.2 MM_NO_STATE 0 ACTIVE (deleted) 10.10.10.2 30.30.30.2 MM_NO_STATE 0 ACTIVE (deleted) 10.10.10.2 30.30.30.2 MM_NO_STATE 0 ACTIVE (deleted) IPv6 Crypto ISAKMP SA VTARouter#debug crypto isakmp Crypto ISAKMP debugging is on VTARouter#show crypto map Crypto Map IPv4 "mymap" 10 ipsec-isakmp Peer = 20.20.20.2 Extended IP access list brvpn access-list brvpn permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255 Current peer: 20.20.20.2 Security association lifetime: 4608000 kilobytes/3600 seconds Responder-Only (Y/N): N PFS (Y/N): N Mixed-mode : Disabled Transform sets={ myset: { esp-aes esp-sha256-hmac } , } Interfaces using crypto map mymap: GigabitEthernet0/0/1 VTARouter#