- Cisco Community
- Technology and Support
- Security
- VPN
- Re: ASA 5506 vpn IPSEC to AZURE
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2024 10:04 PM
Hello.
Just 3 days ago I discovered that I have 4 tunnels between asa and azure were broken. The connection was no longer happening.
When I enter the command sh crypto ikev2 sa - I get a message that there is no ikev2.
I did the configuration according to this article. I have been unable to solve this problem for 3 days now. I can't understand what's wrong. I am confused. Please help me.
Solved! Go to Solution.
- Labels:
-
IPSEC
-
Other VPN Topics
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2024 07:20 AM - edited 01-21-2024 07:20 AM
IKEv2-PROTO-2: (28): Failed to find a matching policy
As long as both ends have same settings, it doesn't matter which side you change. You can either change the settings on the ASA to match the ones in Azure, or vice-versa.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2024 10:18 PM
Thank you, everyone.
Problem Solved.
Microsoft Azure has changed the default policy - Default Group 24.
I have set the values manually to Group 14.
Thank you all for the tips.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2024 10:27 PM
Share the tunnel config
Share the debug crypto ikev2 error
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2024 11:11 PM
------debug-----------
S-FW1(config)# debug crypto ikev2 protocol
S-FW1(config)# IKEv2-PROTO-1: (28): Maximum number of retransmissions reached
IKEv2-PROTO-1: (28):
IKEv2-PROTO-1: (28): Initial exchange failed
IKEv2-PROTO-1: (28): Initial exchange failed
-----------config--------------
interface GigabitEthernet1/1.23
vlan 23
nameif FCMCLOUD-S-FW1
security-level 0
ip address 195.230.112.114 255.255.255.252
interface Tunnel1
nameif FCMCONTROL-S-FW1
ip address 10.70.202.1 255.255.255.252
tunnel source interface FCMCLOUD-S-FW1
tunnel destination 52.174.183.101
tunnel mode ipsec ipv4
tunnel protection ipsec profile AZURE-PROPOSAL
crypto ikev2 policy 50
encryption aes-gcm-256 aes-gcm-192 aes-gcm
integrity null
group 14 5 2
prf sha512 sha384 sha256 sha
lifetime seconds 86400
crypto ikev2 policy 60
encryption aes-256 aes-192 aes
integrity sha512 sha384 sha256 sha
group 14 5 2
prf sha512 sha384 sha256 sha
lifetime seconds 86400
group-policy AZURE internal
group-policy AZURE attributes
vpn-tunnel-protocol ikev2
tunnel-group 52.174.183.101 type ipsec-l2l
tunnel-group 52.174.183.101 general-attributes
default-group-policy AZURE
tunnel-group 52.174.183.101 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
router bgp 65000
bgp log-neighbor-changes
bgp graceful-restart
address-family ipv4 unicast
neighbor 10.13.16.158 remote-as 65525
neighbor 10.13.16.158 ebgp-multihop 255
neighbor 10.13.16.158 activate
network 172.16.0.0
network 172.17.0.0
network 172.18.0.0
network 10.70.202.0 mask 255.255.255.252
no auto-summary
no synchronization
exit-address-family
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2024 03:22 AM - edited 01-18-2024 07:30 AM
There is not traffic pass'
First did you config any route toward tunnel interface? I make double check you already use BGP then use update source the Tunnel IP, then share the debug ikev2
Second you need acl if the security level of Ingress traffic higher than "0" (you dont set secuirty level in tunnel interface so I assume it 0)
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2024 02:57 AM
Were they working before and then stopped working? or never worked? I assume you have the command "crypto ikev2 enable outside" applied. If so, I would suggest to check the PSK keys on both ends, if they match, probably I would try to enable some IKEv2 debugs and see if they show anything.
debug crypto conditions peer 52.174.183.101
debug crypto ikev2 platform 127
debug crypto ikev2 protocol 127
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2024 03:12 PM
Hello
Don't look at the IP - I changed them
------------------
debug crypto conditions peer 52.174.183.101
no debug
----------------------------------
debug crypto ikev2 platform 127
I-FW1# IKEv2-PLAT-4: Received PFKEY Acquire SA for SPI 0x0, error FALSE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: attempting to find tunnel group for IP: 52.174.183.101
IKEv2-PLAT-4: mapped to tunnel group 52.174.183.101 using peer IP
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: my_auth_method = 2
IKEv2-PLAT-4: supported_peers_auth_method = 2
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: ISAKMP P1 ID = 0
IKEv2-PLAT-4: Translating IKE_ID_AUTO to = 254
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: Received PFKEY SPI callback for SPI 0x9CE83798, error FALSE
IKEv2-PLAT-4:
IKEv2 received all requested SPIs from CTM to initiate tunnel.
IKEv2-PLAT-4: tp_name set to:
IKEv2-PLAT-4: tg_name set to: 52.174.183.101
IKEv2-PLAT-4: tunn grp type set to: L2L
IKEv2-PLAT-4: tunn grp virtual-template set to: 0
IKEv2-PLAT-7: New ikev2 sa request admitted
IKEv2-PLAT-7: Incrementing outgoing negotiating sa count by one
IKEv2-PLAT-5: (10): SENT PKT [IKE_SA_INIT] [95.70.236.231]:500->[52.174.183.101]:500 InitSPI=0x2085240f516f3d59 RespSPI=0x0000000000000000 MID=00000000
IKEv2-PLAT-5: RECV PKT [IKE_SA_INIT] [52.174.183.101]:500->[95.70.236.231]:500 InitSPI=0x2085240f516f3d59 RespSPI=0x2205cc78e1449f2e MID=00000000
IKEv2-PLAT-7: Negotiating SA request deleted
IKEv2-PLAT-7: Decrement count for outgoing negotiating
IKEv2-PLAT-4: (10): PSH cleanup
IKEv2-PLAT-4: Received PFKEY delete SA for SPI 0x9CE83798 error FALSE
IKEv2-PLAT-4: PFKEY Delete Ack from IPSec
IKEv2-PLAT-5: RECV PKT [IKE_SA_INIT] [52.174.183.101]:500->[95.70.236.231]:500 InitSPI=0xf618789319148c93 RespSPI=0x0000000000000000 MID=00000000
IKEv2-PLAT-4: Process custom VID payloads
IKEv2-PLAT-7: New ikev2 sa request admitted
IKEv2-PLAT-7: Incrementing incoming negotiating sa count by one
IKEv2-PLAT-5: (40): SENT PKT [IKE_SA_INIT] [95.70.236.231]:500->[52.174.183.101]:500 InitSPI=0xf618789319148c93 RespSPI=0x93909f64d3f881d6 MID=00000000
IKEv2-PLAT-7: Negotiating SA request deleted
IKEv2-PLAT-7: Decrement count for incoming negotiating
IKEv2-PLAT-4: (40): PSH cleanup
IKEv2-PLAT-5: RECV PKT [IKE_SA_INIT] [52.174.183.101]:500->[95.70.236.231]:500 InitSPI=0x5c823a63f15aa420 RespSPI=0x0000000000000000 MID=00000000
IKEv2-PLAT-4: Process custom VID payloads
IKEv2-PLAT-7: New ikev2 sa request admitted
IKEv2-PLAT-7: Incrementing incoming negotiating sa count by one
IKEv2-PLAT-5: (41): SENT PKT [IKE_SA_INIT] [95.70.236.231]:500->[52.174.183.101]:500 InitSPI=0x5c823a63f15aa420 RespSPI=0x9951524963f9f6e0 MID=00000000
IKEv2-PLAT-7: Negotiating SA request deleted
IKEv2-PLAT-7: Decrement count for incoming negotiating
IKEv2-PLAT-4: (41): PSH cleanup
IKEv2-PLAT-4: Received PFKEY Acquire SA for SPI 0x0, error FALSE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: attempting to find tunnel group for IP: 52.174.183.101
IKEv2-PLAT-4: mapped to tunnel group 52.174.183.101 using peer IP
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: my_auth_method = 2
IKEv2-PLAT-4: supported_peers_auth_method = 2
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: ISAKMP P1 ID = 0
IKEv2-PLAT-4: Translating IKE_ID_AUTO to = 254
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-7: INVALID PSH HANDLE
IKEv2-PLAT-4: Received PFKEY SPI callback for SPI 0x3C8234B7, error FALSE
IKEv2-PLAT-4:
IKEv2 received all requested SPIs from CTM to initiate tunnel.
IKEv2-PLAT-4: tp_name set to:
IKEv2-PLAT-4: tg_name set to: 52.174.183.101
IKEv2-PLAT-4: tunn grp type set to: L2L
IKEv2-PLAT-4: tunn grp virtual-template set to: 0
IKEv2-PLAT-7: New ikev2 sa request admitted
IKEv2-PLAT-7: Incrementing outgoing negotiating sa count by one
IKEv2-PLAT-5: (11): SENT PKT [IKE_SA_INIT] [95.70.236.231]:500->[52.174.183.101]:500 InitSPI=0xe463cb26c09d6f24 RespSPI=0x0000000000000000 MID=00000000
IKEv2-PLAT-5: RECV PKT [IKE_SA_INIT] [52.174.183.101]:500->[95.70.236.231]:500 InitSPI=0xe463cb26c09d6f24 RespSPI=0x39a4e2ab0e9c9132 MID=00000000
IKEv2-PLAT-7: Negotiating SA request deleted
IKEv2-PLAT-7: Decrement count for outgoing negotiating
IKEv2-PLAT-4: (11): PSH cleanup
IKEv2-PLAT-4: Received PFKEY delete SA for SPI 0x3C8234B7 error FALSE
IKEv2-PLAT-4: PFKEY Delete Ack from IPSec
IKEv2-PLAT-5: RECV PKT [IKE_SA_INIT] [52.174.183.101]:500->[95.70.236.231]:500 InitSPI=0x3561c1c17388174a RespSPI=0x0000000000000000 MID=00000000
IKEv2-PLAT-4: Process custom VID payloads
IKEv2-PLAT-7: New ikev2 sa request admitted
IKEv2-PLAT-7: Incrementing incoming negotiating sa count by one
IKEv2-PLAT-5: (42): SENT PKT [IKE_SA_INIT] [95.70.236.231]:500->[52.174.183.101]:500 InitSPI=0x3561c1c17388174a RespSPI=0xffab6c9f0dd6e4e5 MID=00000000
IKEv2-PLAT-7: Negotiating SA request deleted
IKEv2-PLAT-7: Decrement count for incoming negotiating
IKEv2-PLAT-4: (42): PSH cleanup
no debug all
____________________________________________
I-FW1# debug crypto ikev2 protocol 127
I-FW1#
IKEv2-PROTO-4: Received Packet [From 52.174.183.101:500/To 95.70.236.231:500/VRF i0:f0]
Initiator SPI : A41066993AF50181 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 620
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 260
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 40
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
KE Next payload: N, reserved: 0x0, length: 136
DH group: 2, Reserved: 0x0
2d f2 dd ee 20 8d e5 3d d1 7e a2 8f 27 83 92 b6
9f ff e4 bd 31 c9 11 33 bc 9a 61 b3 37 26 1c ff
02 3a 12 f3 02 9f 7c de b0 80 71 24 61 ac 07 a8
29 f5 38 b3 6b 70 b6 61 34 f0 73 8c c1 32 40 41
63 ab 9d 3b 19 7f a1 ac ad ea 42 6a b0 f2 1b b9
36 77 aa 78 b1 3c df 6f 0b 70 47 ba 74 c2 67 60
7f 5f 5b 05 2b a7 b6 e3 a4 ee b0 c3 98 f5 c4 cc
07 28 88 70 6c c1 20 40 b0 17 a5 b8 33 6e 3e 80
N Next payload: NOTIFY, reserved: 0x0, length: 52
f3 11 3d d2 4a b8 89 17 c9 90 39 b9 b7 6c 7c c1
07 99 c6 31 f5 81 cb 32 f5 c7 31 4a 16 70 9f f3
97 28 70 e6 3f ca 63 bc 63 78 f4 c9 bb 73 22 99
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
8d 9d dd cc 76 37 52 eb 7d 14 5d 4a de 5e 39 7e
f6 12 f4 3c
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
e0 95 f2 79 eb d0 3b 61 91 c7 e7 90 c1 11 c2 d2
fb 2e ae 4a
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 24
1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61
00 00 00 09
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NONE, reserved: 0x0, length: 24
01 52 8b bb c0 06 96 12 18 49 ab 9a 1c 5b 2a 51
00 00 00 02
Decrypted packet:Data: 620 bytes
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-4: (24): Checking NAT discovery
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
IKEv2-PROTO-7: (24): Redirect check is not needed, skipping it
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-4: (24): Verify SA init message
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (24): Insert SA
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-4: (24): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (24): Failed to verify the proposed policies
IKEv2-PROTO-2: (24): Failed to find a matching policy
IKEv2-PROTO-2: (24): Received Policies:
Proposal 1: AES-CBC-256 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 2: AES-CBC-256 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 3: AES-CBC-128 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 4: AES-CBC-128 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 5: 3DES SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 6: 3DES SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
IKEv2-PROTO-2: (24): Failed to find a matching policy
IKEv2-PROTO-2: (24): Expected Policies:
Proposal 1: AES-GCM-256 AES-GCM-192 AES-GCM-128 SHA512 SHA384 SHA256 SHA1 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
Proposal 2: AES-CBC-256 AES-CBC-192 AES-CBC-128 SHA512 SHA384 SHA256 SHA1 SHA512 SHA384 SHA256 SHA96 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-2: (24): Failed to find a matching policy
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: R_INIT Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-4: (24): Sending no proposal chosen notify
IKEv2-PROTO-7: Construct Notify Payload: NO_PROPOSAL_CHOSENIKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: R_INIT Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: R_INIT Event: EV_TRYSEND
(24):
IKEv2-PROTO-4: (24): Sending Packet [To 52.174.183.101:500/From 95.70.236.231:500/VRF i0:f0]
(24): Initiator SPI : A41066993AF50181 - Responder SPI : 29C363E4FEA1192B Message id: 0
(24): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (24): Next payload: NOTIFY, version: 2.0 (24): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (24): Message id: 0, length: 36(24):
Payload contents:
(24): NOTIFY(NO_PROPOSAL_CHOSEN)(24): Next payload: NONE, reserved: 0x0, length: 8
(24): Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN
(24):
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_FAIL
IKEv2-PROTO-4: (24): Failed SA init exchange
IKEv2-PROTO-2: (24): Initial exchange failed
IKEv2-PROTO-2: (24): Initial exchange failed
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (24): SM Trace-> SA: I_SPI=A41066993AF50181 R_SPI=29C363E4FEA1192B (R) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (24): Abort exchange
IKEv2-PROTO-4: (24): Deleting SA
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-7: (25): Setting configured policies
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-4: (25): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14
IKEv2-PROTO-4: (25): Request queued for computation of DH key
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-7: (25): Action: Action_Null
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-4: (25): Generating IKE_SA_INIT message
IKEv2-PROTO-4: (25): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 9
(25): AES-GCM(25): AES-GCM(25): AES-GCM(25): SHA512(25): SHA384(25): SHA256(25): SHA1(25): DH_GROUP_2048_MODP/Group 14(25): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (25): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 13
(25): AES-CBC(25): AES-CBC(25): AES-CBC(25): SHA512(25): SHA384(25): SHA256(25): SHA1(25): SHA512(25): SHA384(25): SHA256(25): SHA96(25): DH_GROUP_2048_MODP/Group 14(25): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-7: Construct Notify Payload: INTERMEDIATE_EXCHANGE_SUPPORTED(25):
IKEv2-PROTO-4: (25): Sending Packet [To 52.174.183.101:500/From 95.70.236.231:500/VRF i0:f0]
(25): Initiator SPI : 836D7052CD7BC00C - Responder SPI : 0000000000000000 Message id: 0
(25): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (25): Next payload: SA, version: 2.0 (25): Exchange type: IKE_SA_INIT, flags: INITIATOR (25): Message id: 0, length: 754(25):
Payload contents:
(25): SA(25): Next payload: KE, reserved: 0x0, length: 220
(25): last proposal: 0x2, reserved: 0x0, length: 92
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 9(25): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(25): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(25): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(25): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(25): last proposal: 0x0, reserved: 0x0, length: 124
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 13(25): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(25): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(25): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(25): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(25): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(25): KE(25): Next payload: N, reserved: 0x0, length: 264
(25): DH group: 14, Reserved: 0x0
(25):
(25): 5b c5 5b e9 63 29 32 b2 99 1e 32 ec 49 db 5f fc
(25): af 9e 68 7d 75 fe 5f 20 28 51 9a f8 db 15 61 59
(25): fe dd e9 98 a9 87 39 b3 79 b5 7c f2 7a cf 0d e6
(25): 22 27 17 b8 db ae 29 09 8c e8 90 04 34 ed b0 05
(25): 47 d4 e0 76 1d b0 15 5b 6e 42 8d e9 d2 7b b9 e1
(25): 14 c4 e4 16 e0 cc 92 ef 09 4e 69 bc b3 c5 2d 30
(25): fc 65 92 56 67 ca 92 fd 1d f5 26 4f f5 13 39 18
(25): 15 13 05 b4 19 ad 90 69 3c e8 9f f9 04 4b 39 58
(25): 26 fb a5 b1 96 fc 6b 30 e6 c5 98 79 2c 8f 54 31
(25): d5 26 5d 74 ac af 7b 7c 63 23 c7 e5 65 6a b4 ca
(25): fa 02 2c 78 43 6a 7e 1f bd 64 9d ba da e3 da d1
(25): 9f f5 ae d1 6b 95 31 dd b8 9b c1 e3 b1 27 fa 48
(25): d7 8d 4f 80 47 19 6d d3 ac 2c de 72 72 f5 ed e0
(25): 01 fb 46 9b 02 ab 7d d7 db 26 11 98 f4 55 89 ec
(25): 1b 45 66 ad d1 b4 48 ba c4 b9 6b 18 cc 73 c2 f8
(25): fd cd 86 f1 13 27 57 8b 91 a9 c5 49 14 9a 46 a1
(25): N(25): Next payload: VID, reserved: 0x0, length: 68
(25):
(25): 40 cf 67 0f f9 83 31 20 dd c5 69 b3 f8 2e 9e 22
(25): 14 94 34 e3 c3 68 00 76 2d 41 86 c8 0f 4c df 8d
(25): 1c 4c 5d 3d f4 d8 14 b7 5d ca b8 f5 c0 c6 c3 66
(25): f4 b7 32 d8 cc bf 39 c8 ba e7 2c e3 d1 e2 a4 6f
(25): VID(25): Next payload: VID, reserved: 0x0, length: 23
(25):
(25): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(25): 53 4f 4e
(25): VID(25): Next payload: NOTIFY, reserved: 0x0, length: 59
(25):
(25): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(25): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(25): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(25): 73 2c 20 49 6e 63 2e
(25): NOTIFY(NAT_DETECTION_SOURCE_IP)(25): Next payload: NOTIFY, reserved: 0x0, length: 28
(25): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(25):
(25): 8f a6 f1 30 a0 f1 3a aa 61 61 9c 9b 86 85 58 fb
(25): 7e 7f b2 3f
(25): NOTIFY(NAT_DETECTION_DESTINATION_IP)(25): Next payload: NOTIFY, reserved: 0x0, length: 28
(25): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(25):
(25): 7d 4c 13 97 a4 8a bf 06 3b b0 a9 e1 10 27 0c a3
(25): 97 00 4e c0
(25): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(25): Next payload: VID, reserved: 0x0, length: 8
(25): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(25): VID(25): Next payload: NOTIFY, reserved: 0x0, length: 20
(25):
(25): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(25): NOTIFY(INTERMEDIATE_EXCHANGE_SUPPORTED)(25): Next payload: NONE, reserved: 0x0, length: 8
(25): Security protocol id: Unknown - 0, spi size: 0, type: INTERMEDIATE_EXCHANGE_SUPPORTED
(25):
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (25): Insert SA
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
(25):
IKEv2-PROTO-4: (25): Received Packet [From 52.174.183.101:500/To 95.70.236.231:500/VRF i0:f0]
(25): Initiator SPI : 836D7052CD7BC00C - Responder SPI : 8F7320C9482B2722 Message id: 0
(25): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (25): Next payload: NOTIFY, version: 2.0 (25): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (25): Message id: 0, length: 36(25):
Payload contents:
IKEv2-PROTO-7: Parse Notify Payload: NO_PROPOSAL_CHOSEN(25): NOTIFY(NO_PROPOSAL_CHOSEN)(25): Next payload: NONE, reserved: 0x0, length: 8
(25): Security protocol id: Unknown - 0, spi size: 0, type: NO_PROPOSAL_CHOSEN
(25):
(25): Decrypted packet:(25): Data: 36 bytes
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=8F7320C9482B2722 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-7: (25): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=8F7320C9482B2722 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-4: (25): Processing IKE_SA_INIT message
IKEv2-PROTO-2: (25): Received no proposal chosen notify
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=8F7320C9482B2722 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_FAIL
IKEv2-PROTO-4: (25): Failed SA init exchange
IKEv2-PROTO-2: (25): Initial exchange failed
IKEv2-PROTO-2: (25): Initial exchange failed
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=8F7320C9482B2722 (I) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=8F7320C9482B2722 (I) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (25): SM Trace-> SA: I_SPI=836D7052CD7BC00C R_SPI=8F7320C9482B2722 (I) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (25): Abort exchange
IKEv2-PROTO-4: (25): Deleting SA
IKEv2-PROTO-4: Received Packet [From 52.174.183.101:500/To 95.70.236.231:500/VRF i0:f0]
Initiator SPI : 9481915BAB51E8AB - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 620
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 260
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 40
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
KE Next payload: N, reserved: 0x0, length: 136
DH group: 2, Reserved: 0x0
de 8d 48 40 ec 08 7f 60 a7 df 40 2d 1f 7b c3 c7
e1 4a 9b bf b0 52 b9 c5 30 f2 68 b8 67 8f 6a ca
64 4d d8 eb 6f 34 60 a2 04 c2 e7 46 ee 24 58 69
a4 f3 1e fd 7f 26 ce 2f 70 36 71 24 98 37 4b fe
85 1d a7 d3 d3 f9 4a 65 2f f3 16 bd c0 f4 b4 95
96 a3 12 2a 06 4d bf 48 28 0a e5 c5 f8 0e 8f a2
34 8b 13 87 0b 15 ad 5d 56 49 e7 22 71 75 76 47
6c e8 3c f4 67 a1 b7 7f 7c 6c 12 96 aa 71 75 cd
N Next payload: NOTIFY, reserved: 0x0, length: 52
3b fe 74 69 88 1c 8c 41 27 54 cd d5 b2 96 d4 85
d8 21 17 3d 88 b7 42 b2 34 bd 4e 1e 04 f3 16 b4
53 61 bb 94 e5 3b 7f 12 33 11 5d 61 09 71 61 1a
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
88 43 57 2b cf 1a 22 7c cf 1f 4c 99 a1 97 43 d6
ff 9f c1 e7
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
a6 29 85 28 2d 09 30 29 1f 4b 34 e0 0a 52 a6 ed
8f b7 19 6a
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 24
1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61
00 00 00 09
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NONE, reserved: 0x0, length: 24
01 52 8b bb c0 06 96 12 18 49 ab 9a 1c 5b 2a 51
00 00 00 02
Decrypted packet:Data: 620 bytes
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-4: (26): Checking NAT discovery
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
IKEv2-PROTO-7: (26): Redirect check is not needed, skipping it
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-4: (26): Verify SA init message
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (26): Insert SA
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-4: (26): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (26): Failed to verify the proposed policies
IKEv2-PROTO-2: (26): Failed to find a matching policy
IKEv2-PROTO-2: (26): Received Policies:
Proposal 1: AES-CBC-256 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 2: AES-CBC-256 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 3: AES-CBC-128 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 4: AES-CBC-128 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 5: 3DES SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 6: 3DES SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
IKEv2-PROTO-2: (26): Failed to find a matching policy
IKEv2-PROTO-2: (26): Expected Policies:
Proposal 1: AES-GCM-256 AES-GCM-192 AES-GCM-128 SHA512 SHA384 SHA256 SHA1 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
Proposal 2: AES-CBC-256 AES-CBC-192 AES-CBC-128 SHA512 SHA384 SHA256 SHA1 SHA512 SHA384 SHA256 SHA96 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-2: (26): Failed to find a matching policy
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: R_INIT Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-4: (26): Sending no proposal chosen notify
IKEv2-PROTO-7: Construct Notify Payload: NO_PROPOSAL_CHOSENIKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: R_INIT Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: R_INIT Event: EV_TRYSEND
(26):
IKEv2-PROTO-4: (26): Sending Packet [To 52.174.183.101:500/From 95.70.236.231:500/VRF i0:f0]
(26): Initiator SPI : 9481915BAB51E8AB - Responder SPI : 6FEC6BEE58B08D2C Message id: 0
(26): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (26): Next payload: NOTIFY, version: 2.0 (26): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (26): Message id: 0, length: 36(26):
Payload contents:
(26): NOTIFY(NO_PROPOSAL_CHOSEN)(26): Next payload: NONE, reserved: 0x0, length: 8
(26): Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN
(26):
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_FAIL
IKEv2-PROTO-4: (26): Failed SA init exchange
IKEv2-PROTO-2: (26): Initial exchange failed
IKEv2-PROTO-2: (26): Initial exchange failed
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (26): SM Trace-> SA: I_SPI=9481915BAB51E8AB R_SPI=6FEC6BEE58B08D2C (R) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (26): Abort exchange
IKEv2-PROTO-4: (26): Deleting SA
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-7: (27): Setting configured policies
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-4: (27): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14
IKEv2-PROTO-4: (27): Request queued for computation of DH key
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-7: (27): Action: Action_Null
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-4: (27): Generating IKE_SA_INIT message
IKEv2-PROTO-4: (27): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 9
(27): AES-GCM(27): AES-GCM(27): AES-GCM(27): SHA512(27): SHA384(27): SHA256(27): SHA1(27): DH_GROUP_2048_MODP/Group 14(27): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (27): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 13
(27): AES-CBC(27): AES-CBC(27): AES-CBC(27): SHA512(27): SHA384(27): SHA256(27): SHA1(27): SHA512(27): SHA384(27): SHA256(27): SHA96(27): DH_GROUP_2048_MODP/Group 14(27): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-7: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-7: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-7: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-7: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-7: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-7: Construct Notify Payload: INTERMEDIATE_EXCHANGE_SUPPORTED(27):
IKEv2-PROTO-4: (27): Sending Packet [To 52.174.183.101:500/From 95.70.236.231:500/VRF i0:f0]
(27): Initiator SPI : F4112AE9AE136416 - Responder SPI : 0000000000000000 Message id: 0
(27): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (27): Next payload: SA, version: 2.0 (27): Exchange type: IKE_SA_INIT, flags: INITIATOR (27): Message id: 0, length: 754(27):
Payload contents:
(27): SA(27): Next payload: KE, reserved: 0x0, length: 220
(27): last proposal: 0x2, reserved: 0x0, length: 92
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 9(27): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(27): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(27): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(27): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(27): last proposal: 0x0, reserved: 0x0, length: 124
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 13(27): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(27): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(27): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(27): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(27): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(27): KE(27): Next payload: N, reserved: 0x0, length: 264
(27): DH group: 14, Reserved: 0x0
(27):
(27): 9a 6c b3 a8 78 c5 e5 62 67 8f 2a 36 b2 5a 55 08
(27): 4e d2 86 a6 90 cd b8 ac 4f ab 8e 39 20 48 1b 65
(27): 17 6f 6e a3 e9 7d 6a b6 c6 7f 7a 93 c8 f7 e2 b6
(27): 73 49 e8 8d 6d b2 59 91 ec e6 68 07 3f 1d e5 9e
(27): 95 c2 0b c5 5a 2a 03 63 e4 34 da 82 88 fc 79 4b
(27): 22 3a 93 ac 80 83 94 18 b8 f0 a9 c5 4b 6a 2e b7
(27): e1 ea 85 b0 ac e4 b2 c9 23 f9 cf 21 6f c6 e0 31
(27): 0f 8d 08 42 f8 bb 6c 4e e6 7b 31 51 a1 e9 cc be
(27): e4 57 98 20 4a 2b 13 16 de 8e c6 86 3c 79 8f f5
(27): 8e 5a 7b 96 47 6c 3b 64 84 71 79 da 9b 1d 75 a8
(27): 5c cf 53 7f 89 9d 14 4c ed e4 aa 05 51 1f fb f9
(27): 2a 78 a7 ca 4e b9 b1 a3 f6 b3 b2 09 db e4 07 b8
(27): 74 3f f0 25 2b e1 a2 b8 f8 e5 a7 27 0e ae 82 16
(27): 37 23 b0 2b 96 ed 53 65 2a 39 0f af e2 6a 8c f7
(27): a9 01 98 f4 8f 8f e4 e0 a5 cd 86 83 12 97 09 5b
(27): 25 20 b6 e4 b2 98 75 7e 72 22 bf 64 61 b0 39 f9
(27): N(27): Next payload: VID, reserved: 0x0, length: 68
(27):
(27): 29 24 a7 d4 52 e1 2d ab e9 10 41 7f 91 be 9c 2a
(27): e6 15 30 90 f2 61 6f d6 e4 8b b9 ae 8d 20 bf f2
(27): fc 56 bc b2 e0 49 0c 47 3a 95 95 c0 35 23 28 43
(27): b0 0e 91 9f 10 b7 51 f3 d5 4b d5 02 21 df df 3c
(27): VID(27): Next payload: VID, reserved: 0x0, length: 23
(27):
(27): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(27): 53 4f 4e
(27): VID(27): Next payload: NOTIFY, reserved: 0x0, length: 59
(27):
(27): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(27): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(27): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(27): 73 2c 20 49 6e 63 2e
(27): NOTIFY(NAT_DETECTION_SOURCE_IP)(27): Next payload: NOTIFY, reserved: 0x0, length: 28
(27): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(27):
(27): 59 fb d6 a0 c1 79 54 68 dd bb 01 b1 2a d7 fa 97
(27): 94 1e fc d6
(27): NOTIFY(NAT_DETECTION_DESTINATION_IP)(27): Next payload: NOTIFY, reserved: 0x0, length: 28
(27): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(27):
(27): 85 21 83 c7 b6 4d 56 54 f0 b7 01 41 45 3e 86 4d
(27): 55 3a 19 7e
(27): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(27): Next payload: VID, reserved: 0x0, length: 8
(27): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(27): VID(27): Next payload: NOTIFY, reserved: 0x0, length: 20
(27):
(27): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(27): NOTIFY(INTERMEDIATE_EXCHANGE_SUPPORTED)(27): Next payload: NONE, reserved: 0x0, length: 8
(27): Security protocol id: Unknown - 0, spi size: 0, type: INTERMEDIATE_EXCHANGE_SUPPORTED
(27):
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (27): Insert SA
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
(27):
IKEv2-PROTO-4: (27): Received Packet [From 52.174.183.101:500/To 95.70.236.231:500/VRF i0:f0]
(27): Initiator SPI : F4112AE9AE136416 - Responder SPI : 2A751AEB52FBDB48 Message id: 0
(27): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (27): Next payload: NOTIFY, version: 2.0 (27): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (27): Message id: 0, length: 36(27):
Payload contents:
IKEv2-PROTO-7: Parse Notify Payload: NO_PROPOSAL_CHOSEN(27): NOTIFY(NO_PROPOSAL_CHOSEN)(27): Next payload: NONE, reserved: 0x0, length: 8
(27): Security protocol id: Unknown - 0, spi size: 0, type: NO_PROPOSAL_CHOSEN
(27):
(27): Decrypted packet:(27): Data: 36 bytes
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=2A751AEB52FBDB48 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-7: (27): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=2A751AEB52FBDB48 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-4: (27): Processing IKE_SA_INIT message
IKEv2-PROTO-2: (27): Received no proposal chosen notify
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=2A751AEB52FBDB48 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_FAIL
IKEv2-PROTO-4: (27): Failed SA init exchange
IKEv2-PROTO-2: (27): Initial exchange failed
IKEv2-PROTO-2: (27): Initial exchange failed
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=2A751AEB52FBDB48 (I) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=2A751AEB52FBDB48 (I) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (27): SM Trace-> SA: I_SPI=F4112AE9AE136416 R_SPI=2A751AEB52FBDB48 (I) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (27): Abort exchange
IKEv2-PROTO-4: (27): Deleting SA
IKEv2-PROTO-4: Received Packet [From 52.174.183.101:500/To 95.70.236.231:500/VRF i0:f0]
Initiator SPI : 9DA6B24E2B17C3A8 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 620
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 260
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 40
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
KE Next payload: N, reserved: 0x0, length: 136
DH group: 2, Reserved: 0x0
f6 b3 fb 1d 91 9c 43 dc db a2 fe 20 88 a5 16 bc
b3 81 ab ad dd 52 5f 3d c0 34 d7 e8 24 11 cb 86
67 62 f6 c9 2a e9 64 ae a6 6e 5a bd 8a cc e8 5a
90 2e 3a 47 e3 f3 31 17 a3 d2 32 38 0b f7 d3 7e
37 9f fc dc 36 b2 5b 92 c4 e8 0a ff 7e bf 71 d0
8d 0e 7a 44 59 ea 9e 53 ad d9 0d 7e 73 82 d1 66
1b 2a d5 c8 0f 06 18 09 b8 b1 79 d1 2d 59 4d 58
37 b2 9a d0 eb 19 ca f3 e8 50 b8 f3 22 08 a3 89
N Next payload: NOTIFY, reserved: 0x0, length: 52
64 58 18 76 77 48 4a 18 9e 99 b3 6e 71 47 da f6
fb 14 06 1f bd f9 73 43 b5 0d 03 e2 32 ba de fc
1d 19 5f 50 20 68 8a b0 48 05 7b 2c 08 e2 f8 fb
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
63 76 b2 81 5e a2 62 41 79 d6 cc f2 e1 a7 3d b0
c5 96 e2 35
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
4e 9b 20 ae 08 be 0a dc eb 4b 49 45 da 60 67 ba
21 94 cc 14
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 24
1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61
00 00 00 09
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NONE, reserved: 0x0, length: 24
01 52 8b bb c0 06 96 12 18 49 ab 9a 1c 5b 2a 51
00 00 00 02
Decrypted packet:Data: 620 bytes
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-4: (36): Checking NAT discovery
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
IKEv2-PROTO-7: (36): Redirect check is not needed, skipping it
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-4: (36): Verify SA init message
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (36): Insert SA
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-4: (36): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (36): Failed to verify the proposed policies
IKEv2-PROTO-2: (36): Failed to find a matching policy
IKEv2-PROTO-2: (36): Received Policies:
Proposal 1: AES-CBC-256 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 2: AES-CBC-256 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 3: AES-CBC-128 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 4: AES-CBC-128 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 5: 3DES SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 6: 3DES SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
IKEv2-PROTO-2: (36): Failed to find a matching policy
IKEv2-PROTO-2: (36): Expected Policies:
Proposal 1: AES-GCM-256 AES-GCM-192 AES-GCM-128 SHA512 SHA384 SHA256 SHA1 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
Proposal 2: AES-CBC-256 AES-CBC-192 AES-CBC-128 SHA512 SHA384 SHA256 SHA1 SHA512 SHA384 SHA256 SHA96 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-2: (36): Failed to find a matching policy
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: R_INIT Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-4: (36): Sending no proposal chosen notify
IKEv2-PROTO-7: Construct Notify Payload: NO_PROPOSAL_CHOSENIKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: R_INIT Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: R_INIT Event: EV_TRYSEND
(36):
IKEv2-PROTO-4: (36): Sending Packet [To 52.174.183.101:500/From 95.70.236.231:500/VRF i0:f0]
(36): Initiator SPI : 9DA6B24E2B17C3A8 - Responder SPI : FD7B1543003876B6 Message id: 0
(36): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (36): Next payload: NOTIFY, version: 2.0 (36): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (36): Message id: 0, length: 36(36):
Payload contents:
(36): NOTIFY(NO_PROPOSAL_CHOSEN)(36): Next payload: NONE, reserved: 0x0, length: 8
(36): Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN
(36):
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_FAIL
IKEv2-PROTO-4: (36): Failed SA init exchange
IKEv2-PROTO-2: (36): Initial exchange failed
IKEv2-PROTO-2: (36): Initial exchange failed
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (36): SM Trace-> SA: I_SPI=9DA6B24E2B17C3A8 R_SPI=FD7B1543003876B6 (R) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (36): Abort exchange
IKEv2-PROTO-4: (36): Deleting SA
IKEv2-PROTO-4: Received Packet [From 52.174.183.101:500/To 95.70.236.231:500/VRF i0:f0]
Initiator SPI : 8074EA4918F00C08 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 620
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 260
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 40
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
KE Next payload: N, reserved: 0x0, length: 136
DH group: 2, Reserved: 0x0
c4 a0 bd 05 68 ee 90 ee cf f4 c5 dc 2f 71 4a b2
31 10 95 b3 78 ac c9 40 05 01 12 f4 59 f2 32 a1
9e 2c eb 68 c0 9a e3 3e ae 38 df bb c0 48 51 a7
6d e2 5f 9c c6 1a 3c 2f b2 8a d9 c4 4c aa d4 5a
70 d7 8e 4f 7e 71 7d 8c f4 b9 7c 3a 91 fe 2b 04
70 5c 43 e9 c3 69 e9 4d 99 35 1d 96 44 b3 8b 86
0a b3 d9 b0 45 33 b6 65 b6 e0 a0 fa e1 0a 0e e5
a2 e7 24 59 95 ad ac 16 34 c9 e1 61 3e 22 75 f2
N Next payload: NOTIFY, reserved: 0x0, length: 52
88 82 98 93 97 ae a8 f1 f9 35 9b 85 28 bc e7 8a
b0 47 4e 36 ab 8b 69 9a 42 61 15 a9 f6 82 ac 9b
01 b8 45 07 f5 e9 91 bf db 56 81 74 3b b5 4b f9
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
92 6a 2c 76 08 03 fa 7a 82 1c e6 57 6c 88 dc d9
14 9c 77 1c
IKEv2-PROTO-7: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
a2 8e 65 72 8f a0 9a f6 02 8b 93 00 f3 61 57 02
72 7e 33 eb
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 24
1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61
00 00 00 09
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 20
26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19
IKEv2-PROTO-7: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NONE, reserved: 0x0, length: 24
01 52 8b bb c0 06 96 12 18 49 ab 9a 1c 5b 2a 51
00 00 00 02
Decrypted packet:Data: 620 bytes
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-4: (28): Checking NAT discovery
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
IKEv2-PROTO-7: (28): Redirect check is not needed, skipping it
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-4: (28): Verify SA init message
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (28): Insert SA
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-4: (28): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (28): Failed to verify the proposed policies
IKEv2-PROTO-2: (28): Failed to find a matching policy
IKEv2-PROTO-2: (28): Received Policies:
Proposal 1: AES-CBC-256 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 2: AES-CBC-256 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 3: AES-CBC-128 SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 4: AES-CBC-128 SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
Proposal 5: 3DES SHA1 SHA96 DH_GROUP_1024_MODP/Group 2
Proposal 6: 3DES SHA256 SHA256 DH_GROUP_1024_MODP/Group 2
IKEv2-PROTO-2: (28): Failed to find a matching policy
IKEv2-PROTO-2: (28): Expected Policies:
Proposal 1: AES-GCM-256 AES-GCM-192 AES-GCM-128 SHA512 SHA384 SHA256 SHA1 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
Proposal 2: AES-CBC-256 AES-CBC-192 AES-CBC-128 SHA512 SHA384 SHA256 SHA1 SHA512 SHA384 SHA256 SHA96 DH_GROUP_2048_MODP/Group 14 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-2: (28): Failed to find a matching policy
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: R_INIT Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-4: (28): Sending no proposal chosen notify
IKEv2-PROTO-7: Construct Notify Payload: NO_PROPOSAL_CHOSENIKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: R_INIT Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: R_INIT Event: EV_TRYSEND
(28):
IKEv2-PROTO-4: (28): Sending Packet [To 52.174.183.101:500/From 95.70.236.231:500/VRF i0:f0]
(28): Initiator SPI : 8074EA4918F00C08 - Responder SPI : 81CDC7B81FCF1CEF Message id: 0
(28): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (28): Next payload: NOTIFY, version: 2.0 (28): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (28): Message id: 0, length: 36(28):
Payload contents:
(28): NOTIFY(NO_PROPOSAL_CHOSEN)(28): Next payload: NONE, reserved: 0x0, length: 8
(28): Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN
(28):
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_FAIL
IKEv2-PROTO-4: (28): Failed SA init exchange
IKEv2-PROTO-2: (28): Initial exchange failed
IKEv2-PROTO-2: (28): Initial exchange failed
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (28): SM Trace-> SA: I_SPI=8074EA4918F00C08 R_SPI=81CDC7B81FCF1CEF (R) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (28): Abort exchange
IKEv2-PROTO-4: (28): Deleting SA
no debug all
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2024 03:23 PM
I've identified the problem
Help me customize AZURE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2024 07:54 AM
First point here match dh group
Now azure use dh 24' is it support 21'14 or 15?
If not what is asa version you have ?
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2024 07:20 AM - edited 01-21-2024 07:20 AM
IKEv2-PROTO-2: (28): Failed to find a matching policy
As long as both ends have same settings, it doesn't matter which side you change. You can either change the settings on the ASA to match the ones in Azure, or vice-versa.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2024 10:18 PM
Thank you, everyone.
Problem Solved.
Microsoft Azure has changed the default policy - Default Group 24.
I have set the values manually to Group 14.
Thank you all for the tips.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide