Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4363
Views
14
Helpful
54
Replies

ASA to Palo Alto VPN

Go to solution
irbk
Level 1
Level 1

‎02-08-2024 07:13 AM

Hello Experts!

I'm setting up a new vpn tunnel to a partner.  ASA on our side Palo Alto on theirs.  When the tunnel connects, it seems to run fine.  However, should the tunnel go down, it will not come back up unless they initiate the traffic.  They claim that both sides can initiate traffic but my logs seem to disagree.  It looks to me like we send a packet to them to establish the tunnel, wait, don't get any response, so we try again, wait, don't get any response so we try again, until we just finally give up.  Can you see something different in the logs?

IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-7: (1773): Setting configured policies
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-4: (1773): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5
IKEv2-PROTO-4: (1773): Request queued for computation of DH key
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-7: (1773): Action: Action_Null
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-4: (1773): Generating IKE_SA_INIT message
IKEv2-PROTO-4: (1773): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 5
(1773): AES-CBC(1773): SHA1(1773): SHA96(1773): DH_GROUP_1536_MODP/Group 5(1773): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (1773): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 4
(1773): AES-CBC(1773): SHA1(1773): SHA256(1773): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (1773): IKE Proposal: 3, SPI size: 0 (initial negotiation),
Num. transforms: 4
(1773): AES-CBC(1773): SHA256(1773): SHA256(1773): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (1773): IKE Proposal: 4, SPI size: 0 (initial negotiation),
Num. transforms: 4
(1773): AES-CBC(1773): SHA1(1773): SHA512(1773): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (1773): IKE Proposal: 5, SPI size: 0 (initial negotiation),
Num. transforms: 8
(1773): AES-CBC(1773): SHA512(1773): SHA384(1773): SHA256(1773): SHA1(1773): MD5(1773): SHA256(1773): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (1773): IKE Proposal: 6, SPI size: 0 (initial negotiation),
Num. transforms: 8
(1773): AES-CBC(1773): SHA512(1773): SHA384(1773): SHA256(1773): SHA1(1773): MD5(1773): SHA512(1773): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (1773): IKE Proposal: 7, SPI size: 0 (initial negotiation),
Num. transforms: 5
(1773): AES-CBC(1773): SHA256(1773): SHA1(1773): SHA256(1773): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (1773): IKE Proposal: 8, SPI size: 0 (initial negotiation),
Num. transforms: 4
(1773): AES-CBC(1773): SHA1(1773): SHA256(1773): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (1773): IKE Proposal: 9, SPI size: 0 (initial negotiation),
Num. transforms: 7
(1773): AES-CBC(1773): SHA512(1773): SHA384(1773): SHA256(1773): SHA1(1773): SHA512(1773): DH_GROUP_521_ECP/Group 21IKEv2-PROTO-4: (1773): IKE Proposal: 10, SPI size: 0 (initial negotiation),
Num. transforms: 5
(1773): AES-CBC(1773): SHA1(1773): SHA96(1773): DH_GROUP_1536_MODP/Group 5(1773): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (1773): IKE Proposal: 11, SPI size: 0 (initial negotiation),
Num. transforms: 7
(1773): AES-CBC(1773): SHA512(1773): SHA384(1773): SHA256(1773): SHA1(1773): SHA256(1773): DH_GROUP_384_ECP/Group 20IKEv2-PROTO-4: (1773): IKE Proposal: 12, SPI size: 0 (initial negotiation),
Num. transforms: 5
(1773): AES-CBC(1773): SHA1(1773): SHA96(1773): DH_GROUP_1536_MODP/Group 5(1773): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (1773): IKE Proposal: 13, SPI size: 0 (initial negotiation),
Num. transforms: 5
(1773): 3DES(1773): SHA1(1773): SHA96(1773): DH_GROUP_1536_MODP/Group 5(1773): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (1773): IKE Proposal: 14, SPI size: 0 (initial negotiation),
Num. transforms: 5
(1773): DES(1773): SHA1(1773): SHA96(1773): DH_GROUP_1536_MODP/Group 5(1773): DH_GROUP_1024_MODP/Group 2(1773):
IKEv2-PROTO-4: (1773): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(1773): Initiator SPI : 573E7B9E117A16B0 - Responder SPI : 0000000000000000 Message id: 0
(1773): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (1773): Next payload: SA, version: 2.0 (1773): Exchange type: IKE_SA_INIT, flags: INITIATOR (1773): Message id: 0, length: 1234(1773):
Payload contents:
(1773): SA(1773): Next payload: KE, reserved: 0x0, length: 772
(1773): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(1773): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(1773): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(1773): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(1773): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(1773): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(1773): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 5(1773): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(1773): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(1773): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(1773): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(1773): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(1773): KE(1773): Next payload: N, reserved: 0x0, length: 200
(1773): DH group: 5, Reserved: 0x0
(1773):
(1773): 54 8a 75 ca 48 5d 15 44 19 5b fc 78 37 4a dc 08
(1773): 67 02 18 f1 33 d4 78 60 00 9c 07 0d ba 2e 0a a7
(1773): da f4 80 8b b9 0f ef 2b fc ed 69 85 92 1f 18 1d
(1773): 71 32 83 a0 b6 c1 db fa aa e1 7d 95 47 12 d4 6e
(1773): 47 6c c8 1e 05 f9 f5 8c 95 6a 7b bf 2f 96 fc a9
(1773): a2 9e e8 4b 84 9c d4 aa 01 1c d4 ff 64 7a c7 e9
(1773): 03 f0 f5 c0 09 d2 c4 25 a9 65 a6 85 fb 2b 1b 8c
(1773): 80 54 41 c3 a7 03 4b 8d 88 09 b1 bf 1e 1e 5b 79
(1773): 92 e3 0e 18 32 b1 f7 e0 ae ef 1f 8b f0 2e 9a 9e
(1773): 7c b0 6c 3a b6 1f 5f a7 50 52 6c 6c ca 7c 68 29
(1773): 51 89 b7 ff 02 9b 89 1e 03 f7 5a 88 da f1 f8 a1
(1773): 85 49 ed df 63 b1 70 40 3e 21 b0 e4 71 e3 bb 49
(1773): N(1773): Next payload: VID, reserved: 0x0, length: 68
(1773):
(1773): 6a 08 4f 40 76 39 b7 35 0c 2b a9 8d 10 69 87 3c
(1773): 37 24 08 68 c0 28 3c f5 f8 40 bd 97 f6 8b 9f bd
(1773): 25 a4 09 a8 6f f5 72 7a a9 73 a9 bf f6 e2 43 00
(1773): ee b0 92 b7 81 fe d0 88 4e 2a e1 a8 a9 fd 45 72
(1773): VID(1773): Next payload: VID, reserved: 0x0, length: 23
(1773):
(1773): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(1773): 53 4f 4e
(1773): VID(1773): Next payload: NOTIFY, reserved: 0x0, length: 59
(1773):
(1773): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(1773): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(1773): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(1773): 73 2c 20 49 6e 63 2e
(1773): NOTIFY(NAT_DETECTION_SOURCE_IP)(1773): Next payload: NOTIFY, reserved: 0x0, length: 28
(1773): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(1773):
(1773): b1 b8 6f 4e 95 e9 35 4b de f2 e1 ae 79 50 06 12
(1773): d8 81 e9 62
(1773): NOTIFY(NAT_DETECTION_DESTINATION_IP)(1773): Next payload: NOTIFY, reserved: 0x0, length: 28
(1773): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(1773):
(1773): ce 20 67 9b db 8a d3 da 7e 1e 59 a7 4f 74 af d9
(1773): c6 4c c1 59
(1773): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(1773): Next payload: VID, reserved: 0x0, length: 8
(1773): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(1773): VID(1773): Next payload: NONE, reserved: 0x0, length: 20
(1773):
(1773): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(1773):
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (1773): Insert SA
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (1773): Retransmitting packet

For the sake of space, I'll summarize from here on....

(1773):
IKEv2-PROTO-4: (1773): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(1773): Initiator SPI : 573E7B9E117A16B0 - Responder SPI : 0000000000000000 Message id: 0
(1773): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (1773): Next payload: SA, version: 2.0 (1773): Exchange type: IKE_SA_INIT, flags: INITIATOR (1773): Message id: 0, length: 1234(1773):

IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (1773): Retransmitting packet
(1773):
IKEv2-PROTO-4: (1773): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(1773): Initiator SPI : 573E7B9E117A16B0 - Responder SPI : 0000000000000000 Message id: 0
(1773): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (1773): Next payload: SA, version: 2.0 (1773): Exchange type: IKE_SA_INIT, flags: INITIATOR (1773): Message id: 0, length: 1234(1773):

IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (1773): Retransmitting packet
(1773):
IKEv2-PROTO-4: (1773): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(1773): Initiator SPI : 573E7B9E117A16B0 - Responder SPI : 0000000000000000 Message id: 0
(1773): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (1773): Next payload: SA, version: 2.0 (1773): Exchange type: IKE_SA_INIT, flags: INITIATOR (1773): Message id: 0, length: 1234(1773):

IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (1773): Retransmitting packet
(1773):
IKEv2-PROTO-4: (1773): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(1773): Initiator SPI : 573E7B9E117A16B0 - Responder SPI : 0000000000000000 Message id: 0
(1773): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (1773): Next payload: SA, version: 2.0 (1773): Exchange type: IKE_SA_INIT, flags: INITIATOR (1773): Message id: 0, length: 1234(1773):

IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (1773): Retransmitting packet
(1773):
IKEv2-PROTO-4: (1773): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(1773): Initiator SPI : 573E7B9E117A16B0 - Responder SPI : 0000000000000000 Message id: 0
(1773): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (1773): Next payload: SA, version: 2.0 (1773): Exchange type: IKE_SA_INIT, flags: INITIATOR (1773): Message id: 0, length: 1234(1773):

IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (1773): Retransmitting packet
(1773):
IKEv2-PROTO-4: (1773): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(1773): Initiator SPI : 573E7B9E117A16B0 - Responder SPI : 0000000000000000 Message id: 0
(1773): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (1773): Next payload: SA, version: 2.0 (1773): Exchange type: IKE_SA_INIT, flags: INITIATOR (1773): Message id: 0, length: 1234(1773):

IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT_EXCEED
IKEv2-PROTO-2: (1773): Maximum number of retransmissions reached
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_FAIL
IKEv2-PROTO-4: (1773): Failed SA init exchange
IKEv2-PROTO-2: (1773): Initial exchange failed
IKEv2-PROTO-2: (1773): Initial exchange failed
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (1773): SM Trace-> SA: I_SPI=573E7B9E117A16B0 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (1773): Abort exchange
IKEv2-PROTO-4: (1773): Deleting SA

Am I missing something?  TIA!

Labels:
0 Helpful
54 Replies 54

Go to solution
irbk
Level 1
Level 1
In response to MHM Cisco World

‎02-19-2024 11:48 AM

@MHmh Well the VPN dropped about 15 min ago.  This time around it came up after just a little bit.  I got the protocol log, it didn't come up but this wasn't a "no response at all" this time we got some response from them, but they dropped the ball on replying in time to establish the tunnel.  During the platform log, the connection came up.  So I'm not sure if the logs will be useful.

 

cidc276-da2-fwc0/act# debug crypto ikev2 pro

cidc276-da2-fwc0/act# debug crypto ikev2 protocol 127

cidc276-da2-fwc0/act# ping tcp lc.biz-prod 198.x.x.x 20113 source 10.x.x.x 0
Type escape sequence to abort.
Sending 5 TCP SYN requests to 198.x.x.x port 20113
from 10.x.x.x, timeout is 2 seconds:
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-7: (166): Setting configured policies
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-4: (166): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5
IKEv2-PROTO-4: (166): Request queued for computation of DH key
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-4: (166): Generating IKE_SA_INIT message
IKEv2-PROTO-4: (166): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA1(166): SHA256(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 3, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA256(166): SHA256(166): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (166): IKE Proposal: 4, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA1(166): SHA512(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 5, SPI size: 0 (initial negotiation),
Num. transforms: 8
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): MD5(166): SHA256(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 6, SPI size: 0 (initial negotiation),
Num. transforms: 8
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): MD5(166): SHA512(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 7, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA256(166): SHA1(166): SHA256(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 8, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA1(166): SHA256(166): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (166): IKE Proposal: 9, SPI size: 0 (initial negotiation),
Num. transforms: 7
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): SHA512(166): DH_GROUP_521_ECP/Group 21IKEv2-PROTO-4: (166): IKE Proposal: 10, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 11, SPI size: 0 (initial negotiation),
Num. transforms: 7
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): SHA256(166): DH_GROUP_384_ECP/Group 20IKEv2-PROTO-4: (166): IKE Proposal: 12, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA256(166): SHA256(166): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (166): IKE Proposal: 13, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 14, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): 3DES(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 15, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): DES(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
? type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 200
(166): DH group: 5, Reserved: 0x0
(166):
(166): 65 c3 35 7e b3 c9 69 c5 80 3b 0d 82 1c 10 ac 07
(166): bb 66 c7 1b 13 a5 2c 1a 9d d7 cb a9 81 ea 04 f7
(166): d4 47 43 fd 4e cb b5 69 4c 90 f8 a8 62 5b 15 ec
(166): 36 34 94 5b f9 11 01 58 f6 fc 41 16 82 58 98 d0
(166): 8e df cf ed 69 df e0 da ec ab 49 f0 46 a9 8c 86
(166): 53 30 80 a5 ab 36 c3 7b 43 b7 24 55 ae b4 83 47
(166): ce 6b 4a ab a7 47 c5 9e e5 2b 91 cf 45 87 f5 0f
(166): f0 79 72 cb e5 6e a1 06 58 02 32 d5 3e c4 3e 0e
(166): d1 e0 cf 29 c4 82 95 58 a1 79 44 bb 79 c4 4a 2c
(166): 72 42 c2 1f 91 7d dd 65 0a 7f 05 71 fa f1 3b 43
(166): d5 c0 44 44 fd 1a e4 c9 92 09 5c d7 69 d2 eb 51
(166): d0 ee 8d 6b f6 2c 63 3b 1a dc 27 66 e3 7a 23 de
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): 65 18 66 43 f6 52 71 7a 87 56 05 0a 73 58 13 46
(166): 7f 38 5f 83 a6 91 ae f3 f9 c7 32 16 e6 69 d2 e5
(166): 5d 35 4b 18 28 8c 76 87 da b7 9d ce 12 66 ed 42
(166): f3 3a 68 dd 58 5d c1 c3 99 11 8d ac c0 6a 17 ed
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (166): Insert SA
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (166): Retransmitting packet
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 200
(166): DH group: 5, Reserved: 0x0
(166):
(166): 65 c3 35 7e b3 c9 69 c5 80 3b 0d 82 1c 10 ac 07
(166): bb 66 c7 1b 13 a5 2c 1a 9d d7 cb a9 81 ea 04 f7
(166): d4 47 43 fd 4e cb b5 69 4c 90 f8 a8 62 5b 15 ec
(166): 36 34 94 5b f9 11 01 58 f6 fc 41 16 82 58 98 d0
(166): 8e df cf ed 69 df e0 da ec ab 49 f0 46 a9 8c 86
(166): 53 30 80 a5 ab 36 c3 7b 43 b7 24 55 ae b4 83 47
(166): ce 6b 4a ab a7 47 c5 9e e5 2b 91 cf 45 87 f5 0f
(166): f0 79 72 cb e5 6e a1 06 58 02 32 d5 3e c4 3e 0e
(166): d1 e0 cf 29 c4 82 95 58 a1 79 44 bb 79 c4 4a 2c
(166): 72 42 c2 1f 91 7d dd 65 0a 7f 05 71 fa f1 3b 43
(166): d5 c0 44 44 fd 1a e4 c9 92 09 5c d7 69 d2 eb 51
(166): d0 ee 8d 6b f6 2c 63 3b 1a dc 27 66 e3 7a 23 de
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): 65 18 66 43 f6 52 71 7a 87 56 05 0a 73 58 13 46
(166): 7f 38 5f 83 a6 91 ae f3 f9 c7 32 16 e6 69 d2 e5
(166): 5d 35 4b 18 28 8c 76 87 da b7 9d ce 12 66 ed 42
(166): f3 3a 68 dd 58 5d c1 c3 99 11 8d ac c0 6a 17 ed
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
?IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (166): Retransmitting packet
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 200
(166): DH group: 5, Reserved: 0x0
(166):
(166): 65 c3 35 7e b3 c9 69 c5 80 3b 0d 82 1c 10 ac 07
(166): bb 66 c7 1b 13 a5 2c 1a 9d d7 cb a9 81 ea 04 f7
(166): d4 47 43 fd 4e cb b5 69 4c 90 f8 a8 62 5b 15 ec
(166): 36 34 94 5b f9 11 01 58 f6 fc 41 16 82 58 98 d0
(166): 8e df cf ed 69 df e0 da ec ab 49 f0 46 a9 8c 86
(166): 53 30 80 a5 ab 36 c3 7b 43 b7 24 55 ae b4 83 47
(166): ce 6b 4a ab a7 47 c5 9e e5 2b 91 cf 45 87 f5 0f
(166): f0 79 72 cb e5 6e a1 06 58 02 32 d5 3e c4 3e 0e
(166): d1 e0 cf 29 c4 82 95 58 a1 79 44 bb 79 c4 4a 2c
(166): 72 42 c2 1f 91 7d dd 65 0a 7f 05 71 fa f1 3b 43
(166): d5 c0 44 44 fd 1a e4 c9 92 09 5c d7 69 d2 eb 51
(166): d0 ee 8d 6b f6 2c 63 3b 1a dc 27 66 e3 7a 23 de
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): 65 18 66 43 f6 52 71 7a 87 56 05 0a 73 58 13 46
(166): 7f 38 5f 83 a6 91 ae f3 f9 c7 32 16 e6 69 d2 e5
(166): 5d 35 4b 18 28 8c 76 87 da b7 9d ce 12 66 ed 42
(166): f3 3a 68 dd 58 5d c1 c3 99 11 8d ac c0 6a 17 ed
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
???
Success rate is 0 percent (0/5)

cidc276-da2-fwc0/act# IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (166): Retransmitting packet
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 200
(166): DH group: 5, Reserved: 0x0
(166):
(166): 65 c3 35 7e b3 c9 69 c5 80 3b 0d 82 1c 10 ac 07
(166): bb 66 c7 1b 13 a5 2c 1a 9d d7 cb a9 81 ea 04 f7
(166): d4 47 43 fd 4e cb b5 69 4c 90 f8 a8 62 5b 15 ec
(166): 36 34 94 5b f9 11 01 58 f6 fc 41 16 82 58 98 d0
(166): 8e df cf ed 69 df e0 da ec ab 49 f0 46 a9 8c 86
(166): 53 30 80 a5 ab 36 c3 7b 43 b7 24 55 ae b4 83 47
(166): ce 6b 4a ab a7 47 c5 9e e5 2b 91 cf 45 87 f5 0f
(166): f0 79 72 cb e5 6e a1 06 58 02 32 d5 3e c4 3e 0e
(166): d1 e0 cf 29 c4 82 95 58 a1 79 44 bb 79 c4 4a 2c
(166): 72 42 c2 1f 91 7d dd 65 0a 7f 05 71 fa f1 3b 43
(166): d5 c0 44 44 fd 1a e4 c9 92 09 5c d7 69 d2 eb 51
(166): d0 ee 8d 6b f6 2c 63 3b 1a dc 27 66 e3 7a 23 de
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): 65 18 66 43 f6 52 71 7a 87 56 05 0a 73 58 13 46
(166): 7f 38 5f 83 a6 91 ae f3 f9 c7 32 16 e6 69 d2 e5
(166): 5d 35 4b 18 28 8c 76 87 da b7 9d ce 12 66 ed 42
(166): f3 3a 68 dd 58 5d c1 c3 99 11 8d ac c0 6a 17 ed
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (166): Retransmitting packet
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 200
(166): DH group: 5, Reserved: 0x0
(166):
(166): 65 c3 35 7e b3 c9 69 c5 80 3b 0d 82 1c 10 ac 07
(166): bb 66 c7 1b 13 a5 2c 1a 9d d7 cb a9 81 ea 04 f7
(166): d4 47 43 fd 4e cb b5 69 4c 90 f8 a8 62 5b 15 ec
(166): 36 34 94 5b f9 11 01 58 f6 fc 41 16 82 58 98 d0
(166): 8e df cf ed 69 df e0 da ec ab 49 f0 46 a9 8c 86
(166): 53 30 80 a5 ab 36 c3 7b 43 b7 24 55 ae b4 83 47
(166): ce 6b 4a ab a7 47 c5 9e e5 2b 91 cf 45 87 f5 0f
(166): f0 79 72 cb e5 6e a1 06 58 02 32 d5 3e c4 3e 0e
(166): d1 e0 cf 29 c4 82 95 58 a1 79 44 bb 79 c4 4a 2c
(166): 72 42 c2 1f 91 7d dd 65 0a 7f 05 71 fa f1 3b 43
(166): d5 c0 44 44 fd 1a e4 c9 92 09 5c d7 69 d2 eb 51
(166): d0 ee 8d 6b f6 2c 63 3b 1a dc 27 66 e3 7a 23 de
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): 65 18 66 43 f6 52 71 7a 87 56 05 0a 73 58 13 46
(166): 7f 38 5f 83 a6 91 ae f3 f9 c7 32 16 e6 69 d2 e5
(166): 5d 35 4b 18 28 8c 76 87 da b7 9d ce 12 66 ed 42
(166): f3 3a 68 dd 58 5d c1 c3 99 11 8d ac c0 6a 17 ed
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT


cidc276-da2-fwc0/act#

cidc276-da2-fwc0/act# IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (166): Retransmitting packet
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 200
(166): DH group: 5, Reserved: 0x0
(166):
(166): 65 c3 35 7e b3 c9 69 c5 80 3b 0d 82 1c 10 ac 07
(166): bb 66 c7 1b 13 a5 2c 1a 9d d7 cb a9 81 ea 04 f7
(166): d4 47 43 fd 4e cb b5 69 4c 90 f8 a8 62 5b 15 ec
(166): 36 34 94 5b f9 11 01 58 f6 fc 41 16 82 58 98 d0
(166): 8e df cf ed 69 df e0 da ec ab 49 f0 46 a9 8c 86
(166): 53 30 80 a5 ab 36 c3 7b 43 b7 24 55 ae b4 83 47
(166): ce 6b 4a ab a7 47 c5 9e e5 2b 91 cf 45 87 f5 0f
(166): f0 79 72 cb e5 6e a1 06 58 02 32 d5 3e c4 3e 0e
(166): d1 e0 cf 29 c4 82 95 58 a1 79 44 bb 79 c4 4a 2c
(166): 72 42 c2 1f 91 7d dd 65 0a 7f 05 71 fa f1 3b 43
(166): d5 c0 44 44 fd 1a e4 c9 92 09 5c d7 69 d2 eb 51
(166): d0 ee 8d 6b f6 2c 63 3b 1a dc 27 66 e3 7a 23 de
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): 65 18 66 43 f6 52 71 7a 87 56 05 0a 73 58 13 46
(166): 7f 38 5f 83 a6 91 ae f3 f9 c7 32 16 e6 69 d2 e5
(166): 5d 35 4b 18 28 8c 76 87 da b7 9d ce 12 66 ed 42
(166): f3 3a 68 dd 58 5d c1 c3 99 11 8d ac c0 6a 17 ed
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT


cidc276-da2-fwc0/act#

cidc276-da2-fwc0/act#
IKEv2-PROTO-4: Received Packet [From 52.x.x.x:500/To 173.x.x.x:500/VRF i0:f0]
Initiator SPI : 7BCC4E242D7F6401 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 432
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 48
last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
KE Next payload: N, reserved: 0x0, length: 264
DH group: 14, Reserved: 0x0

d8 fc a6 e9 d6 97 ac 9c 7e 6c c6 8d ce e3 b3 ca
ee d0 80 1b 7c 4f d5 b4 b4 27 04 d5 db 1d 91 e9
e8 ef 66 83 3c 35 13 1b 3f e7 2c 67 ea 66 27 c1
e0 b9 6b 85 b1 b7 34 bf 6b 4c b7 8d 17 b8 19 dd
08 19 97 4f 06 f9 63 33 b9 56 6d 60 62 ca d4 2f
1c 62 a5 69 c8 58 93 96 57 fb 66 8b 0c 4a 62 f6
b3 d9 9c 20 69 4b 8e f4 88 ba af f7 62 2e b8 46
41 85 bd 03 a8 ae 4c fb 67 1e 8b d6 33 da c7 97
f8 c0 fe be a7 c5 d6 c9 e9 ab 45 5a 22 4d 04 de
60 ea 2c ce 04 cb 5e 3f a7 17 9f f1 98 5b cc e4
6d 77 e4 cb 66 83 ef 63 12 7b c4 42 b0 b4 25 6a
81 51 63 5b c0 f4 c5 3e 4a 0c c1 9f 22 e2 ce 49
0e 94 ca c3 df f3 dd d4 88 8f b6 b8 19 7b 9c 31
53 62 e6 d3 0c 57 d7 d1 86 38 ab de e8 b1 c6 2a
ac ef 6d ae 02 4d cd 4e ee 08 e5 3e 80 0b a9 e6
ac 5f 56 f2 a4 f8 ef b6 7e bd 14 91 7a 2e 46 44
N Next payload: NOTIFY, reserved: 0x0, length: 36

b4 f5 ba 5f 88 75 28 0b ae 8c bf 32 66 3f 62 be
ff 10 b4 56 e7 22 89 f4 ff 12 72 2b b3 19 32 d9
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP

f0 a9 93 a1 ca 4a ca ac d6 4a e1 65 24 aa 37 71
87 48 89 b2
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

9e 8c 78 4c 5a 2b 33 02 8b 3f 52 c4 5e 7c 55 97
86 d8 8e 60

Decrypted packet:Data: 432 bytes
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-4: (104): Checking NAT discovery
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
IKEv2-PROTO-7: (104): Redirect check is not needed, skipping it
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-4: (104): Verify SA init message
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-4: (104): Insert SA
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-4: (104): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-7: (104): Process NAT discovery notify
IKEv2-PROTO-7: (104): Processing nat detect src notify
IKEv2-PROTO-7: (104): Remote address not matched
IKEv2-PROTO-7: (104): Processing nat detect dst notify
IKEv2-PROTO-7: (104): Local address matched
IKEv2-PROTO-7: (104): Host is located NAT outside
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-7: (104): Setting configured policies
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-7: (104): Opening a PKI session
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-4: (104): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14
IKEv2-PROTO-4: (104): Request queued for computation of DH key
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-7: (104): Action: Action_Null
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
IKEv2-PROTO-4: (104): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14
IKEv2-PROTO-4: (104): Request queued for computation of DH secret
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-7: (104): Action: Action_Null
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
IKEv2-PROTO-7: (104): Generate skeyid
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-4: (104): Generating IKE_SA_INIT message
IKEv2-PROTO-4: (104): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
(104): AES-CBC(104): SHA256(104): SHA256(104): DH_GROUP_2048_MODP/Group 14(104):
IKEv2-PROTO-4: (104): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(104): Initiator SPI : 7BCC4E242D7F6401 - Responder SPI : F2FC2C8689843323 Message id: 0
(104): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (104): Next payload: SA, version: 2.0 (104): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (104): Message id: 0, length: 599(104):
Payload contents:
(104): SA(104): Next payload: KE, reserved: 0x0, length: 48
(104): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(104): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(104): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(104): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(104): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(104): KE(104): Next payload: N, reserved: 0x0, length: 264
(104): DH group: 14, Reserved: 0x0
(104):
(104): 81 aa 88 b0 70 0f d8 b4 df 60 54 53 97 8c 23 68
(104): 75 75 9b e9 20 1d da a2 ff bb ed ad f2 dd 63 6a
(104): 14 78 7b 84 41 36 e1 2c 79 73 a4 f0 bb 92 39 c5
(104): 51 52 f3 5f 0b b6 0e 08 7d f5 a4 35 de 4b 91 6b
(104): 83 a1 0e 0b 10 87 e8 65 0d 06 d8 54 35 10 c8 ad
(104): 82 93 db cd 5b 70 ab 39 ad 54 68 62 a8 aa e1 0a
(104): 6e da 1c 82 8c 92 f5 81 a3 ff ed 05 ae eb 03 87
(104): 1a 8d b4 9e ac 38 ad c0 dd b7 c3 23 20 15 93 42
(104): c0 3c 62 5f 22 fd 40 14 49 36 10 a7 84 d8 f3 03
(104): 1a 64 28 51 a9 a4 98 a8 bc 9b 87 72 9b 6e d7 0a
(104): 78 51 6e 03 e1 83 c8 a6 d7 f8 d8 98 0c fb b0 33
(104): b6 96 18 dd fc 08 8f e0 fb ac 07 3c 96 6e 29 d6
(104): 5a 91 1b 9a 43 24 54 d6 fe df cf 6f 5f 6a 02 5b
(104): da 0c e7 d5 06 b3 0c f0 16 04 ee 35 8a 21 65 8e
(104): 1c 95 0b 26 b8 cf 1e 22 1d 05 a6 3c 9b 40 1d 63
(104): ec f9 ab 83 cf bb d4 d9 8e 15 8d 27 79 3c d7 70
(104): N(104): Next payload: VID, reserved: 0x0, length: 68
(104):
(104): 48 08 10 73 c2 7a b3 4b 2f 04 ef f2 bc bc 37 ee
(104): 38 96 1f f9 88 f3 84 6c e7 7d 13 6c 8a b6 fd cd
(104): ca a9 ea a8 25 79 01 51 4c 4e 10 64 e4 43 89 7d
(104): 9a a9 d8 d2 ae 01 e8 bd 7f 35 1a 6b 41 a7 78 31
(104): VID(104): Next payload: VID, reserved: 0x0, length: 23
(104):
(104): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(104): 53 4f 4e
(104): VID(104): Next payload: NOTIFY, reserved: 0x0, length: 59
(104):
(104): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(104): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(104): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(104): 73 2c 20 49 6e 63 2e
(104): NOTIFY(NAT_DETECTION_SOURCE_IP)(104): Next payload: NOTIFY, reserved: 0x0, length: 28
(104): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(104):
(104): 60 a4 a3 20 0c c6 3c 17 43 66 b7 82 fe d1 ad 2e
(104): 02 1d 9c 98
(104): NOTIFY(NAT_DETECTION_DESTINATION_IP)(104): Next payload: CERTREQ, reserved: 0x0, length: 28
(104): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(104):
(104): 42 34 86 60 12 72 54 39 89 2a a4 b0 7f af 6e cd
(104): 09 25 30 ac
(104): CERTREQ(104): Next payload: NOTIFY, reserved: 0x0, length: 25
(104): Cert encoding X.509 Certificate - signature
(104): CertReq data: 20 bytes
(104): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(104): Next payload: VID, reserved: 0x0, length: 8
(104): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(104): VID(104): Next payload: NONE, reserved: 0x0, length: 20
(104):
(104): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(104):
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-4: (104): Completed SA init exchange
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
IKEv2-PROTO-4: (104): Starting timer (30 sec) to wait for auth message
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-4: (166): Retransmitting packet
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 200
(166): DH group: 5, Reserved: 0x0
(166):
(166): 65 c3 35 7e b3 c9 69 c5 80 3b 0d 82 1c 10 ac 07
(166): bb 66 c7 1b 13 a5 2c 1a 9d d7 cb a9 81 ea 04 f7
(166): d4 47 43 fd 4e cb b5 69 4c 90 f8 a8 62 5b 15 ec
(166): 36 34 94 5b f9 11 01 58 f6 fc 41 16 82 58 98 d0
(166): 8e df cf ed 69 df e0 da ec ab 49 f0 46 a9 8c 86
(166): 53 30 80 a5 ab 36 c3 7b 43 b7 24 55 ae b4 83 47
(166): ce 6b 4a ab a7 47 c5 9e e5 2b 91 cf 45 87 f5 0f
(166): f0 79 72 cb e5 6e a1 06 58 02 32 d5 3e c4 3e 0e
(166): d1 e0 cf 29 c4 82 95 58 a1 79 44 bb 79 c4 4a 2c
(166): 72 42 c2 1f 91 7d dd 65 0a 7f 05 71 fa f1 3b 43
(166): d5 c0 44 44 fd 1a e4 c9 92 09 5c d7 69 d2 eb 51
(166): d0 ee 8d 6b f6 2c 63 3b 1a dc 27 66 e3 7a 23 de
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): 65 18 66 43 f6 52 71 7a 87 56 05 0a 73 58 13 46
(166): 7f 38 5f 83 a6 91 ae f3 f9 c7 32 16 e6 69 d2 e5
(166): 5d 35 4b 18 28 8c 76 87 da b7 9d ce 12 66 ed 42
(166): f3 3a 68 dd 58 5d c1 c3 99 11 8d ac c0 6a 17 ed
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
(166):
IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:500/To 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: NOTIFY, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (166): Message id: 0, length: 38(166):
Payload contents:
(166): NOTIFY(INVALID_KE_PAYLOAD)(166): Next payload: NONE, reserved: 0x0, length: 10
(166): Security protocol id: Unknown - 0, spi size: 0, type: INVALID_KE_PAYLOAD
(166):
(166): 00 0e
(166):
(166): Decrypted packet:(166): Data: 38 bytes
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-7: (166): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-4: (166): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_INV_KE
IKEv2-PROTO-4: (166): Processing invalid ke notification, we sent group 5, peer prefers group 14
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-4: (166): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14
IKEv2-PROTO-4: (166): Request queued for computation of DH key
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-4: (166): Generating IKE_SA_INIT message
IKEv2-PROTO-4: (166): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA1(166): SHA256(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 3, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA256(166): SHA256(166): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (166): IKE Proposal: 4, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA1(166): SHA512(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 5, SPI size: 0 (initial negotiation),
Num. transforms: 8
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): MD5(166): SHA256(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 6, SPI size: 0 (initial negotiation),
Num. transforms: 8
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): MD5(166): SHA512(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 7, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA256(166): SHA1(166): SHA256(166): DH_GROUP_1536_MODP/Group 5IKEv2-PROTO-4: (166): IKE Proposal: 8, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA1(166): SHA256(166): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (166): IKE Proposal: 9, SPI size: 0 (initial negotiation),
Num. transforms: 7
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): SHA512(166): DH_GROUP_521_ECP/Group 21IKEv2-PROTO-4: (166): IKE Proposal: 10, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 11, SPI size: 0 (initial negotiation),
Num. transforms: 7
(166): AES-CBC(166): SHA512(166): SHA384(166): SHA256(166): SHA1(166): SHA256(166): DH_GROUP_384_ECP/Group 20IKEv2-PROTO-4: (166): IKE Proposal: 12, SPI size: 0 (initial negotiation),
Num. transforms: 4
(166): AES-CBC(166): SHA256(166): SHA256(166): DH_GROUP_2048_MODP/Group 14IKEv2-PROTO-4: (166): IKE Proposal: 13, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): AES-CBC(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 14, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): 3DES(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-4: (166): IKE Proposal: 15, SPI size: 0 (initial negotiation),
Num. transforms: 5
(166): DES(166): SHA1(166): SHA96(166): DH_GROUP_1536_MODP/Group 5(166): DH_GROUP_1024_MODP/Group 2(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1342(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 76
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 8(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 7, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 8, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 9, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 10, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 68
Proposal: 11, Protocol id: IKE, SPI size: 0, #trans: 7(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 12, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 13, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 14, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 15, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): KE(166): Next payload: N, reserved: 0x0, length: 264
(166): DH group: 14, Reserved: 0x0
(166):
(166): 40 4a 91 f7 17 58 7c 79 de de b6 01 6d 11 0d 43
(166): 91 37 06 83 00 90 f8 90 32 21 e3 07 76 c2 45 88
(166): cf dd 96 e2 37 46 cd 95 8c 68 51 1c f2 04 cd 4d
(166): 5a 31 71 26 bf cf bb 86 d4 ca 7e cc 6e 9d 9c 41
(166): 3a 36 63 6a 9c 16 64 e7 ae 54 9f 68 16 50 af 9e
(166): 2d f2 35 14 55 83 5e b6 5d 6f 1c 5d 5e 44 f3 46
(166): df e4 05 0c 93 25 6c d2 31 70 78 d1 b8 6a 6b 54
(166): de 54 92 82 ce 8d 0a 6e e7 c7 c8 83 23 37 f4 ae
(166): bd 3b 84 14 5c 45 cc 3b b9 08 df 36 1f 6a a0 f7
(166): 30 fb e4 c4 35 55 ba d0 34 19 a9 d8 bf 7f 16 e5
(166): d4 51 d8 08 01 10 5d 6e b3 d2 ac 38 b6 38 49 ce
(166): 7b 46 f8 6b d9 19 74 41 4d b4 58 4e 5f 04 37 6b
(166): e4 f2 78 a4 82 71 2e 49 27 f8 97 c4 17 b1 1d 0d
(166): 30 b6 94 ac 42 68 d0 a7 fd 72 4b b7 d7 29 9f 57
(166): da a3 cc 78 cb 2a 11 b6 75 d2 e6 5c c1 0b 36 e7
(166): a8 f7 87 9e 6d 6b b0 af 39 0c 9e 51 c0 a1 6c ee
(166): N(166): Next payload: VID, reserved: 0x0, length: 68
(166):
(166): cb 45 ab 23 0c 1d f1 7f b9 46 15 fd 79 4f 3d df
(166): 4c 1e bc c9 98 7f 9d cf 5a 59 f3 14 7f 50 95 bf
(166): 9c b3 e9 f6 74 e3 1b cd 09 57 bb ad 32 e0 20 64
(166): f5 9e eb a9 78 23 aa 62 9c 98 e0 ee 62 b4 f1 62
(166): VID(166): Next payload: VID, reserved: 0x0, length: 23
(166):
(166): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(166): 53 4f 4e
(166): VID(166): Next payload: NOTIFY, reserved: 0x0, length: 59
(166):
(166): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(166): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(166): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(166): 73 2c 20 49 6e 63 2e
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 1a 6d c3 6c 7c c7 b7 95 40 59 de 8c b7 5f 2f 0f
(166): 17 cf dc a5
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 6a 20 1f 81 1c a7 05 ff b6 3f 7b 10 f4 65 80 19
(166): 6a 7b e1 e9
(166): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(166): Next payload: VID, reserved: 0x0, length: 8
(166): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(166): VID(166): Next payload: NONE, reserved: 0x0, length: 20
(166):
(166): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
(166):
IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:500/To 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (166): Message id: 0, length: 432(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 48
(166): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): KE(166): Next payload: N, reserved: 0x0, length: 264
(166): DH group: 14, Reserved: 0x0
(166):
(166): 45 79 32 e2 3f ba 46 af 1e f4 58 23 a5 1b 0e 83
(166): 79 6d 4c c0 38 72 8d ad 45 a0 57 ff 2b 4a 62 ee
(166): 82 b2 28 95 81 ed aa 8a c7 7f ad 8c c4 a5 81 76
(166): d1 1b 6a 97 44 47 cc 62 89 81 53 77 ec 7d 95 7d
(166): 64 19 a2 de 76 73 52 4a 59 b9 d1 48 48 9f 09 f1
(166): 6d 6f a6 c8 ef b5 8d 7f ef b3 57 31 3d 40 b4 8b
(166): 43 0b 0a 75 6b d6 42 69 8b ba 55 53 ee 65 08 b7
(166): 27 c6 30 37 21 65 18 1c 50 b9 a8 b9 24 1a 05 68
(166): 0c 3c 5a 37 b1 eb 70 b6 cd e9 52 4e f7 fc e1 6a
(166): c1 de a7 00 20 5f f8 70 7c 3d 31 e4 56 c2 2d 63
(166): f8 eb ac e1 48 b7 ad fa 29 95 7c 65 79 e0 92 72
(166): 99 d0 e4 54 e8 86 7e d4 f9 37 a6 bd 31 25 91 24
(166): c2 5d d4 af 03 68 ad 1f 20 69 db fb 99 5a 24 86
(166): 1f 04 24 77 ac 64 8c 40 83 c3 40 3a 3f db 90 c6
(166): b4 5d e1 0a 05 26 ec 50 4d cf 98 07 78 27 38 e6
(166): 73 8a c6 37 b1 07 26 8f 20 d7 98 8f 57 a1 35 fa
(166): N(166): Next payload: NOTIFY, reserved: 0x0, length: 36
(166):
(166): 3b c9 64 d8 2b df ad b4 c5 ce f3 47 ae 59 14 15
(166): fa 78 38 ff e8 15 2e 7e 8c 8c b3 d9 8d b1 65 f0
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 79 01 a6 39 ae 54 6d ca 5b a8 e5 f6 0e 6e 10 7a
(166): e3 40 6d a7
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NONE, reserved: 0x0, length: 28
(166): Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 00 2f 1c 65 fa 71 c6 87 2f 90 20 31 2a 27 2b f8
(166): 9d a4 9d 43
(166):
(166): Decrypted packet:(166): Data: 432 bytes
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-7: (166): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-4: (166): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-4: (166): Verify SA init message
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG
IKEv2-PROTO-4: (166): Processing IKE_SA_INIT message
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-7: (166): Process NAT discovery notify
IKEv2-PROTO-7: (166): Processing nat detect src notify
IKEv2-PROTO-7: (166): Remote address not matched
IKEv2-PROTO-7: (166): Processing nat detect dst notify
IKEv2-PROTO-7: (166): Local address matched
IKEv2-PROTO-7: (166): Host is located NAT outside
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-4: (166): Checking NAT discovery
IKEv2-PROTO-4: (166): NAT OUTSIDE found
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHG_NAT_T_PORT
IKEv2-PROTO-4: (166): NAT detected float to init port 4500, resp port 4500
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-4: (166): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14
IKEv2-PROTO-4: (166): Request queued for computation of DH secret
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-7: (166): Generate skeyid
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-4: (166): Completed SA init exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-4: (166): Check for EAP exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-4: (166): Generate my authentication data
IKEv2-PROTO-4: (166): Use preshared key for id 173.x.x.x, key len 22
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-4: (166): Get my authentication method
IKEv2-PROTO-4: (166): My authentication method is 'PSK'
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-4: (166): Check for EAP exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-4: (166): Generating IKE_AUTH message
IKEv2-PROTO-4: (166): Constructing IDi payload: '173.x.x.x' of type 'IPv4 address'
IKEv2-PROTO-4: (166): ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
(166): AES-CBC(166): SHA256(166): Don't use ESNIKEv2-PROTO-4: (166): Building packet for encryption.
(166):
Payload contents:
(166): VID(166): Next payload: IDi, reserved: 0x0, length: 20
(166):
(166): b3 b4 56 4e 09 6f 94 22 ae 9a 9b 32 2e cd 2a 45
(166): IDi(166): Next payload: AUTH, reserved: 0x0, length: 12
(166): Id type: IPv4 address, Reserved: 0x0 0x0
(166):
(166): ad ed 9c c4
(166): AUTH(166): Next payload: SA, reserved: 0x0, length: 40
(166): Auth method PSK, reserved: 0x0, reserved 0x0
(166): Auth data: 32 bytes
(166): SA(166): Next payload: TSi, reserved: 0x0, length: 44
(166): last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(166): TSi(166): Next payload: TSr, reserved: 0x0, length: 24
(166): Num of TSs: 1, reserved 0x0, reserved 0x0
(166): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(166): start port: 0, end port: 65535
(166): start addr: 173.237.156.200, end addr: 173.237.156.200
(166): TSr(166): Next payload: NOTIFY, reserved: 0x0, length: 24
(166): Num of TSs: 1, reserved 0x0, reserved 0x0
(166): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(166): start port: 0, end port: 65535
(166): start addr: 198.x.x.x, end addr: 198.x.x.x
(166): NOTIFY(INITIAL_CONTACT)(166): Next payload: NOTIFY, reserved: 0x0, length: 8
(166): Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
(166): NOTIFY(ESP_TFC_NO_SUPPORT)(166): Next payload: NOTIFY, reserved: 0x0, length: 8
(166): Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
(166): NOTIFY(NON_FIRST_FRAGS)(166): Next payload: NONE, reserved: 0x0, length: 8
(166): Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_OK_ENCRYPT_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_TRYSEND
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:4500/From 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 1
(166): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: IKE_AUTH, flags: INITIATOR (166): Message id: 1, length: 256(166):
Payload contents:
(166): ENCR(166): Next payload: VID, reserved: 0x0, length: 228
(166): Encrypted data: 224 bytes
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_CHK_EAP_POST_ASYNC
IKEv2-PROTO-4: (166): Check for EAP exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
(166):
IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:4500/To 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 1
(166): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (166): Message id: 1, length: 224(166):
Payload contents:
(166):
(166): Decrypted packet:(166): Data: 224 bytes
(166): REAL Decrypted packet:(166): Data: 152 bytes
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY
IKEv2-PROTO-4: (166): Process auth response notify
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_PROC_MSG
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_GET_POLICY_BY_PEERID
IKEv2-PROTO-4: (166): Searching policy based on peer's identity '10.116.84.61' of type 'IPv4 address'
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
IKEv2-PROTO-4: (166): Verify peer's policy
IKEv2-PROTO-4: (166): Peer's policy verified
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-4: (166): Get peer's authentication method
IKEv2-PROTO-4: (166): Peer's authentication method is 'PSK'
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_GET_PRESHR_KEY
IKEv2-PROTO-4: (166): Get peer's preshared key for 10.116.84.61
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_VERIFY_AUTH
IKEv2-PROTO-4: (166): Verify peer's authentication data
IKEv2-PROTO-4: (166): Use preshared key for id 10.116.84.61, key len 22
IKEv2-PROTO-4: (166): Verification of peer's authenctication data PASSED
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-4: (166): Check for EAP exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_NOTIFY_AUTH_DONE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_IC
IKEv2-PROTO-4: (166): Processing INITIAL_CONTACT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK_IKE_ONLY
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_PROC_SA_TS
IKEv2-PROTO-4: (166): Processing IKE_AUTH message
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_OK
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_INSERT_IKE
IKEv2-PROTO-4: (166): IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started
IKEv2-PROTO-4: (166): Session with IKE ID PAIR (10.116.84.61, 173.x.x.x) is UP
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_REGISTER_SESSION
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_NO_EVENT
IKEv2-PROTO-4: (166): Initializing DPD, configured for 10 seconds
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_RECD_REGISTER_SESSION_RESP
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_GEN_LOAD_IPSEC
IKEv2-PROTO-4: (166): Load IPSEC key material
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL_RECD_LOAD_IPSEC
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: READY Event: EV_DEL_SA
IKEv2-PROTO-4: (166): Queuing IKE SA delete request reason: unknown
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: READY Event: EV_FREE_NEG
IKEv2-PROTO-7: (166): Deleting negotiation context for my message ID: 0x1
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: READY Event: EV_IPSEC_DEL
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: INFO_I_BLD_INFO Event: EV_SND_IPSEC_DEL
IKEv2-PROTO-4: (166): Sending DELETE INFO message for IPsec SA [SPI: 0xCE53921E]
IKEv2-PROTO-4: (166): Building packet for encryption.
(166):
Payload contents:
(166): DELETE(166): Next payload: NONE, reserved: 0x0, length: 12
(166): Security protocol id: ESP, spi size: 4, num of spi: 1
(166):
(166): ce 53 92 1e
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: INFO_I_BLD_INFO Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: INFO_I_BLD_INFO Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): Locked SA.Event EV_DELETE queued in the state READY
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: INFO_I_BLD_INFO Event: EV_OK_ENCRYPT_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: INFO_I_BLD_INFO Event: EV_TRYSEND
IKEv2-PROTO-4: (166): Checking if request will fit in peer window
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:4500/From 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 2
(166): IKEv2 INFORMATIONAL Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: INITIATOR (166): Message id: 2, length: 80(166):
Payload contents:
(166): ENCR(166): Next payload: DELETE, reserved: 0x0, length: 52
(166): Encrypted data: 48 bytes
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_CHK4_ACTIVE_IPSEC_SA
IKEv2-PROTO-4: (166): Check for existing IPSEC SA
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_TERM_CONN
IKEv2-PROTO-4: (166): Delete all IKE SAs
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_WAIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: READY Event: EV_DELETE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: DELETE Event: EV_DELETE
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_SND_SA_DEL
IKEv2-PROTO-4: (166): Sending DELETE INFO message for IKEv2 SA [ISPI: 0xB1B4574E1A586765 RSPI: 0x2BFD5F03992DAEE9]
IKEv2-PROTO-4: (166): Building packet for encryption.
(166):
Payload contents:
(166): DELETE(166): Next payload: NONE, reserved: 0x0, length: 8
(166): Security protocol id: IKE, spi size: 0, num of spi: 0
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_OK_ENCRYPT_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_TRYSEND
IKEv2-PROTO-4: (166): Checking if request will fit in peer window
IKEv2-PROTO-7: (166): No room in peer window request is throttled: Current Req = 2 Next Req = 3
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_CHK4_ACTIVE_SA
IKEv2-PROTO-4: (166): Check for existing active SA
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_STOP_ACCT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_BLD_INFO Event: EV_TERM_CONN
IKEv2-PROTO-4: (166): Delete all IKE SAs
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_WAIT Event: EV_NO_EVENT
(166):
IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:4500/To 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 2
(166): IKEv2 INFORMATIONAL Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE (166): Message id: 2, length: 80(166):
Payload contents:
(166):
(166): Decrypted packet:(166): Data: 80 bytes
(166): REAL Decrypted packet:(166): Data: 12 bytes
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_WAIT Event: EV_RECV_INFO_ACK
IKEv2-PROTO-4: (166): Processing ACK to informational exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_WAIT Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_WAIT Event: EV_RECV_IPSEC_DEL_ACK
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_WAIT Event: EV_CHK4_ACTIVE_IPSEC_SA
IKEv2-PROTO-4: (166): Check for existing IPSEC SA
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: INFO_I_WAIT Event: EV_TERM_CONN
IKEv2-PROTO-4: (166): Delete all IKE SAs
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: EXIT Event: EV_CHK_PENDING
IKEv2-PROTO-7: (166): Processed response with message id 2, Requests can be sent from range 3 to 3
IKEv2-PROTO-7: (166): Room in peer window. Request is un-throttled: Current Req = 3 Next Req = 4
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: EXIT Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000002 CurState: EXIT Event: EV_FREE_NEG
IKEv2-PROTO-7: (166): Deleting negotiation context for my message ID: 0x2
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000003 CurState: INFO_I_WAIT Event: EV_SEND
(166):
IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:4500/From 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 3
(166): IKEv2 INFORMATIONAL Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: INITIATOR (166): Message id: 3, length: 80(166):
Payload contents:
(166): ENCR(166): Next payload: DELETE, reserved: 0x0, length: 52
(166): Encrypted data: 48 bytes
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000003 CurState: INFO_I_WAIT Event: EV_NO_EVENT
(166):
IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:4500/To 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 3
(166): IKEv2 INFORMATIONAL Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE (166): Message id: 3, length: 80(166):
Payload contents:
(166):
(166): Decrypted packet:(166): Data: 80 bytes
(166): REAL Decrypted packet:(166): Data: 0 bytes
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000003 CurState: INFO_I_WAIT Event: EV_RECV_INFO_ACK
IKEv2-PROTO-4: (166): Processing ACK to informational exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000003 CurState: INFO_I_WAIT Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000003 CurState: DELETE Event: EV_RECV_DEL_ACK
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000003 CurState: DELETE Event: EV_FREE_SA
IKEv2-PROTO-4: (166): Deleting SA
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_WAIT4_AUTH_TMO
IKEv2-PROTO-2: (104): Failed to receive the AUTH msg before the timer expired
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-4: (104): Auth exchange failed
IKEv2-PROTO-2: (104): Auth exchange failed
IKEv2-PROTO-2: (104): Auth exchange failed
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-7: (104): SM Trace-> SA: I_SPI=7BCC4E242D7F6401 R_SPI=F2FC2C8689843323 (R) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-4: (104): Abort exchange
IKEv2-PROTO-4: (104): Deleting SA


cidc276-da2-fwc0/act#

cidc276-da2-fwc0/act#

cidc276-da2-fwc0/act# ping tcp lc.biz-prod 198.x.x.x 20113 source 10.x.x.x 0debug crypto ikev2 protocol 127 ndebug crypto ikev2 protocol 127odebug crypto ikev2 protocol 127 debug crypto ikev2 protocol 127

cidc276-da2-fwc0/act# no debug crypto ikev2 protocol 127ping tcp lc.biz-prod 198.x.x.x 20113 source 10.x.x.x 0debug crypto ikev2 protocol 127             platform 127

cidc276-da2-fwc0/act# debug crypto ikev2 platform 127no debug crypto ikev2 protocol 127ping tcp lc.biz-prod 198.x.x.x 20113 source 10.x.x.x 0
Type escape sequence to abort.
Sending 5 TCP SYN requests to 198.x.x.x port 20113
from 10.x.x.x, timeout is 2 seconds:
IKEv2-PLAT-4: (223): Site to Site connection detected
IKEv2-PLAT-4: (223): P1 ID = 0
IKEv2-PLAT-4: (223): Translating IKE_ID_AUTO to = 255
IKEv2-PLAT-4: (223): Completed authentication for connection
IKEv2-PLAT-4: (223): connection auth hdl set to 1117
IKEv2-PLAT-4: (223): AAA conn attribute retrieval successfully queued for register session request.
IKEv2-PLAT-4: (223): idle timeout set to: 30
IKEv2-PLAT-4: (223): session timeout set to: 0
IKEv2-PLAT-4: (223): group policy set to GroupPolicy_52.x.x.x
IKEv2-PLAT-4: (223): class attr set
IKEv2-PLAT-4: (223): tunnel protocol set to: 0x40
IKEv2-PLAT-4: (223): IPv4 filter ID not configured for connection
IKEv2-PLAT-4: (223): group lock set to: none
IKEv2-PLAT-4: (223): IPv6 filter ID not configured for connection
IKEv2-PLAT-4: (223): connection attributes set valid to TRUE
IKEv2-PLAT-4: (223): Successfully retrieved conn attrs
IKEv2-PLAT-4: (223): Session registration after conn attr retrieval PASSED, No error
IKEv2-PLAT-4: (223): connection auth hdl set to -1
IKEv2-PLAT-4: (223): Base MTU get: 0
IKEv2-PLAT-4: (223): Queued Outbound PFKEY MSG
IKEv2-PLAT-4: (223): Base MTU get: 0
IKEv2-PLAT-4: (223): Queued Inbound PFKEY MSG
IKEv2-PLAT-4: (223): PSH added CTM sa hdl 797015395
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Crypto map outside_map seq 1 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 2 is incomplete
IKEv2-PLAT-4: (223): Crypto map outside_map seq 3 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 4 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 5 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 6 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 7 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 8 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 9 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 10 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 11 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 12 is incomplete
IKEv2-PLAT-4: (223): Crypto map outside_map seq 13 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 14 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 15 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 16 is incomplete
IKEv2-PLAT-4: (223): Crypto map outside_map seq 17 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 18 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 19 is incomplete
IKEv2-PLAT-4: (223): Crypto map outside_map seq 20 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 21 peer doesn't match map entry
IKEv2-PLAT-4: (223): Crypto map outside_map seq 22 peer doesn't match map entry
IKEv2-PLAT-4: (223): PROXY MATCH on crypto map outside_map seq 23
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [CREATE_CHILD_SA] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000000
IKEv2-PLAT-4: (223): Base MTU get: 0
IKEv2-PLAT-4: (223): Queued Outbound PFKEY MSG
IKEv2-PLAT-4: (223): Base MTU get: 0
IKEv2-PLAT-4: (223): Queued Inbound PFKEY MSG
IKEv2-PLAT-4: (223): PSH added CTM sa hdl 797053465
?!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 74/75/76 ms

cidc276-da2-fwc0/act# IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000001
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000002
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000003
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000004
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000005
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000006
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000007
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000008
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000009
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000000a
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000000b
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000000c
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000000d
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000000e
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000000f
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000010
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000011
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000012
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000013
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000014
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000015
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000016
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000017
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000018
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=00000019
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000001a
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000001b
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000001c
IKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000001d
u allIKEv2-PLAT-4: (223): Decrypt success status returned via ipc 1
IKEv2-PLAT-4: (223): Encrypt success status returned via ipc 1
IKEv2-PLAT-5: (223): SENT PKT [INFORMATIONAL] [173.x.x.x]:4500->[52.x.x.x]:4500 InitSPI=0xa35f7bde2fa650e0 RespSPI=0xa158a09e2f7300db MID=0000001e

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to irbk

‎02-24-2024 02:39 AM


ASA generate IKA-INITI message and send to Palo with multi proposal 

IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44

IKEv2-PROTO-4: (166): Retransmitting packet

IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44

IKEv2-PROTO-4: (166): Retransmitting packet


IKEv2-PROTO-4: (166): Retransmitting packet

IKEv2-PROTO-4: (166): Retransmitting packet

Here ASA recieve IKA-INIT from Palo 

IKEv2-PROTO-4: Received Packet [From 52.x.x.x:500/To 173.x.x.x:500/VRF i0:f0]
Initiator SPI : 7BCC4E242D7F6401 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 432
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 48
last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
KE Next payload: N, reserved: 0x0, length: 264
DH group: 14, Reserved: 0x0

d8 fc a6 e9 d6 97 ac 9c 7e 6c c6 8d ce e3 b3 ca
ee d0 80 1b 7c 4f d5 b4 b4 27 04 d5 db 1d 91 e9
e8 ef 66 83 3c 35 13 1b 3f e7 2c 67 ea 66 27 c1
e0 b9 6b 85 b1 b7 34 bf 6b 4c b7 8d 17 b8 19 dd
08 19 97 4f 06 f9 63 33 b9 56 6d 60 62 ca d4 2f
1c 62 a5 69 c8 58 93 96 57 fb 66 8b 0c 4a 62 f6
b3 d9 9c 20 69 4b 8e f4 88 ba af f7 62 2e b8 46
41 85 bd 03 a8 ae 4c fb 67 1e 8b d6 33 da c7 97
f8 c0 fe be a7 c5 d6 c9 e9 ab 45 5a 22 4d 04 de
60 ea 2c ce 04 cb 5e 3f a7 17 9f f1 98 5b cc e4
6d 77 e4 cb 66 83 ef 63 12 7b c4 42 b0 b4 25 6a
81 51 63 5b c0 f4 c5 3e 4a 0c c1 9f 22 e2 ce 49
0e 94 ca c3 df f3 dd d4 88 8f b6 b8 19 7b 9c 31
53 62 e6 d3 0c 57 d7 d1 86 38 ab de e8 b1 c6 2a
ac ef 6d ae 02 4d cd 4e ee 08 e5 3e 80 0b a9 e6
ac 5f 56 f2 a4 f8 ef b6 7e bd 14 91 7a 2e 46 44
N Next payload: NOTIFY, reserved: 0x0, length: 36

b4 f5 ba 5f 88 75 28 0b ae 8c bf 32 66 3f 62 be
ff 10 b4 56 e7 22 89 f4 ff 12 72 2b b3 19 32 d9
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP

f0 a9 93 a1 ca 4a ca ac d6 4a e1 65 24 aa 37 71
87 48 89 b2
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

9e 8c 78 4c 5a 2b 33 02 8b 3f 52 c4 5e 7c 55 97
86 d8 8e 60

ASA start build IKE internal 

IKEv2-PROTO-7: (104): Process NAT discovery notify
IKEv2-PROTO-7: (104): Processing nat detect src notify
IKEv2-PROTO-7: (104): Remote address not matched <<- this indicate that the Palo behind the NAT as I mention before
IKEv2-PROTO-7: (104): Processing nat detect dst notify
IKEv2-PROTO-7: (104): Local address matched
IKEv2-PROTO-7: (104): Host is located NAT outside

ASA reply to Palo with responder 

IKEv2-PROTO-4: (104): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(104): Initiator SPI : 7BCC4E242D7F6401 - Responder SPI : F2FC2C8689843323 Message id: 0
(104): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (104): Next payload: SA, version: 2.0 (104): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (104): Message id: 0, length: 599(104):
Payload contents:
(104): SA(104): Next payload: KE, reserved: 0x0, length: 48
(104): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(104): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(104): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(104): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(104): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(104): KE(104): Next payload: N, reserved: 0x0, length: 264
(104): DH group: 14, Reserved: 0x0
(104):
(104): 81 aa 88 b0 70 0f d8 b4 df 60 54 53 97 8c 23 68
(104): 75 75 9b e9 20 1d da a2 ff bb ed ad f2 dd 63 6a
(104): 14 78 7b 84 41 36 e1 2c 79 73 a4 f0 bb 92 39 c5
(104): 51 52 f3 5f 0b b6 0e 08 7d f5 a4 35 de 4b 91 6b
(104): 83 a1 0e 0b 10 87 e8 65 0d 06 d8 54 35 10 c8 ad
(104): 82 93 db cd 5b 70 ab 39 ad 54 68 62 a8 aa e1 0a
(104): 6e da 1c 82 8c 92 f5 81 a3 ff ed 05 ae eb 03 87
(104): 1a 8d b4 9e ac 38 ad c0 dd b7 c3 23 20 15 93 42
(104): c0 3c 62 5f 22 fd 40 14 49 36 10 a7 84 d8 f3 03
(104): 1a 64 28 51 a9 a4 98 a8 bc 9b 87 72 9b 6e d7 0a
(104): 78 51 6e 03 e1 83 c8 a6 d7 f8 d8 98 0c fb b0 33
(104): b6 96 18 dd fc 08 8f e0 fb ac 07 3c 96 6e 29 d6
(104): 5a 91 1b 9a 43 24 54 d6 fe df cf 6f 5f 6a 02 5b
(104): da 0c e7 d5 06 b3 0c f0 16 04 ee 35 8a 21 65 8e
(104): 1c 95 0b 26 b8 cf 1e 22 1d 05 a6 3c 9b 40 1d 63
(104): ec f9 ab 83 cf bb d4 d9 8e 15 8d 27 79 3c d7 70
(104): N(104): Next payload: VID, reserved: 0x0, length: 68
(104):
(104): 48 08 10 73 c2 7a b3 4b 2f 04 ef f2 bc bc 37 ee
(104): 38 96 1f f9 88 f3 84 6c e7 7d 13 6c 8a b6 fd cd
(104): ca a9 ea a8 25 79 01 51 4c 4e 10 64 e4 43 89 7d
(104): 9a a9 d8 d2 ae 01 e8 bd 7f 35 1a 6b 41 a7 78 31
(104): VID(104): Next payload: VID, reserved: 0x0, length: 23
(104):
(104): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(104): 53 4f 4e
(104): VID(104): Next payload: NOTIFY, reserved: 0x0, length: 59
(104):
(104): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(104): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(104): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(104): 73 2c 20 49 6e 63 2e
(104): NOTIFY(NAT_DETECTION_SOURCE_IP)(104): Next payload: NOTIFY, reserved: 0x0, length: 28
(104): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(104):
(104): 60 a4 a3 20 0c c6 3c 17 43 66 b7 82 fe d1 ad 2e
(104): 02 1d 9c 98
(104): NOTIFY(NAT_DETECTION_DESTINATION_IP)(104): Next payload: CERTREQ, reserved: 0x0, length: 28
(104): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(104):
(104): 42 34 86 60 12 72 54 39 89 2a a4 b0 7f af 6e cd
(104): 09 25 30 ac
(104): CERTREQ(104): Next payload: NOTIFY, reserved: 0x0, length: 25
(104): Cert encoding X.509 Certificate - signature
(104): CertReq data: 20 bytes
(104): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(104): Next payload: VID, reserved: 0x0, length: 8
(104): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(104): VID(104): Next payload: NONE, reserved: 0x0, length: 20
(104):
(104): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(104):
I
IKEv2-PROTO-4: (166): Retransmitting packet

ASA still try initiate to Palo 

IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1278(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44

ASA success to receive responder from Palo but it INVALID_KE

IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:500/To 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: NOTIFY, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (166): Message id: 0, length: 38(166):
Payload contents:
(166): NOTIFY(INVALID_KE_PAYLOAD)(166): Next payload: NONE, reserved: 0x0, length: 10
(166): Security protocol id: Unknown - 0, spi size: 0, type: INVALID_KE_PAYLOAD

ASA try again send IKE-INIT


IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:500/From 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 0000000000000000 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: INITIATOR (166): Message id: 0, length: 1342(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 816
(166): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(166): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(166): last proposal: 0x2, reserved: 0x0, length: 44

ASA success receive responder from Palo and this time successfully 

IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:500/To 173.x.x.x:500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 0
(166): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: SA, version: 2.0 (166): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (166): Message id: 0, length: 432(166):
Payload contents:
(166): SA(166): Next payload: KE, reserved: 0x0, length: 48
(166): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 4(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(166): KE(166): Next payload: N, reserved: 0x0, length: 264
(166): DH group: 14, Reserved: 0x0
(166):
(166): 45 79 32 e2 3f ba 46 af 1e f4 58 23 a5 1b 0e 83
(166): 79 6d 4c c0 38 72 8d ad 45 a0 57 ff 2b 4a 62 ee
(166): 82 b2 28 95 81 ed aa 8a c7 7f ad 8c c4 a5 81 76
(166): d1 1b 6a 97 44 47 cc 62 89 81 53 77 ec 7d 95 7d
(166): 64 19 a2 de 76 73 52 4a 59 b9 d1 48 48 9f 09 f1
(166): 6d 6f a6 c8 ef b5 8d 7f ef b3 57 31 3d 40 b4 8b
(166): 43 0b 0a 75 6b d6 42 69 8b ba 55 53 ee 65 08 b7
(166): 27 c6 30 37 21 65 18 1c 50 b9 a8 b9 24 1a 05 68
(166): 0c 3c 5a 37 b1 eb 70 b6 cd e9 52 4e f7 fc e1 6a
(166): c1 de a7 00 20 5f f8 70 7c 3d 31 e4 56 c2 2d 63
(166): f8 eb ac e1 48 b7 ad fa 29 95 7c 65 79 e0 92 72
(166): 99 d0 e4 54 e8 86 7e d4 f9 37 a6 bd 31 25 91 24
(166): c2 5d d4 af 03 68 ad 1f 20 69 db fb 99 5a 24 86
(166): 1f 04 24 77 ac 64 8c 40 83 c3 40 3a 3f db 90 c6
(166): b4 5d e1 0a 05 26 ec 50 4d cf 98 07 78 27 38 e6
(166): 73 8a c6 37 b1 07 26 8f 20 d7 98 8f 57 a1 35 fa
(166): N(166): Next payload: NOTIFY, reserved: 0x0, length: 36
(166):
(166): 3b c9 64 d8 2b df ad b4 c5 ce f3 47 ae 59 14 15
(166): fa 78 38 ff e8 15 2e 7e 8c 8c b3 d9 8d b1 65 f0
(166): NOTIFY(NAT_DETECTION_SOURCE_IP)(166): Next payload: NOTIFY, reserved: 0x0, length: 28
(166): Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(166):
(166): 79 01 a6 39 ae 54 6d ca 5b a8 e5 f6 0e 6e 10 7a
(166): e3 40 6d a7
(166): NOTIFY(NAT_DETECTION_DESTINATION_IP)(166): Next payload: NONE, reserved: 0x0, length: 28
(166): Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(166):
(166): 00 2f 1c 65 fa 71 c6 87 2f 90 20 31 2a 27 2b f8
(166): 9d a4 9d 43

ASA build Internal IKE 


IKEv2-PROTO-7: (166): Process NAT discovery notify
IKEv2-PROTO-7: (166): Processing nat detect src notify
IKEv2-PROTO-7: (166): Remote address not matched
IKEv2-PROTO-7: (166): Processing nat detect dst notify
IKEv2-PROTO-7: (166): Local address matched
IKEv2-PROTO-7: (166): Host is located NAT outside
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-4: (166): Checking NAT discovery
IKEv2-PROTO-4: (166): NAT OUTSIDE found
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHG_NAT_T_PORT
IKEv2-PROTO-4: (166): NAT detected float to init port 4500, resp port 4500
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-4: (166): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14
IKEv2-PROTO-4: (166): Request queued for computation of DH secret
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-7: (166): Generate skeyid
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-4: (166): Completed SA init exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-4: (166): Check for EAP exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-4: (166): Generate my authentication data
IKEv2-PROTO-4: (166): Use preshared key for id 173.x.x.x, key len 22
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-4: (166): Get my authentication method
IKEv2-PROTO-4: (166): My authentication method is 'PSK'
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-4: (166): Check for EAP exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-4: (166): Generating IKE_AUTH message
IKEv2-PROTO-4: (166): Constructing IDi payload: '173.x.x.x' of type 'IPv4 address'
IKEv2-PROTO-4: (166): ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
(166): AES-CBC(166): SHA256(166): Don't use ESNIKEv2-PROTO-4: (166): Building packet for encryption.
(166):
Payload contents:
(166): VID(166): Next payload: IDi, reserved: 0x0, length: 20
(166):
(166): b3 b4 56 4e 09 6f 94 22 ae 9a 9b 32 2e cd 2a 45
(166): IDi(166): Next payload: AUTH, reserved: 0x0, length: 12
(166): Id type: IPv4 address, Reserved: 0x0 0x0
(166):
(166): ad ed 9c c4
(166): AUTH(166): Next payload: SA, reserved: 0x0, length: 40
(166): Auth method PSK, reserved: 0x0, reserved 0x0
(166): Auth data: 32 bytes
(166): SA(166): Next payload: TSi, reserved: 0x0, length: 44
(166): last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3(166): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(166): TSi(166): Next payload: TSr, reserved: 0x0, length: 24
(166): Num of TSs: 1, reserved 0x0, reserved 0x0
(166): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(166): start port: 0, end port: 65535
(166): start addr: 173.237.156.200, end addr: 173.237.156.200
(166): TSr(166): Next payload: NOTIFY, reserved: 0x0, length: 24
(166): Num of TSs: 1, reserved 0x0, reserved 0x0
(166): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(166): start port: 0, end port: 65535
(166): start addr: 198.x.x.x, end addr: 198.x.x.x
(166): NOTIFY(INITIAL_CONTACT)(166): Next payload: NOTIFY, reserved: 0x0, length: 8
(166): Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
(166): NOTIFY(ESP_TFC_NO_SUPPORT)(166): Next payload: NOTIFY, reserved: 0x0, length: 8
(166): Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
(166): NOTIFY(NON_FIRST_FRAGS)(166): Next payload: NONE, reserved: 0x0, length: 8
(166): Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_ENCRYPT_MSG
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_OK_ENCRYPT_RESP
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_TRYSEND
(166):

ASA send auth using the 4500 as port  

IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:4500/From 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 1
(166): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: IKE_AUTH, flags: INITIATOR (166): Message id: 1, length: 256(166):
Payload contents:
(166): ENCR(166): Next payload: VID, reserved: 0x0, length: 228
(166): Encrypted data: 224 bytes
(166):
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_CHK_EAP_POST_ASYNC
IKEv2-PROTO-4: (166): Check for EAP exchange
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
(166):

ASA success receive the Palo auth 

IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:4500/To 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 1
(166): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (166): Message id: 1, length: 224(166):
Payload contents:
(166):
(166): Decrypted packet:(166): Data: 224 bytes
(166): REAL Decrypted packet:(166): Data: 152 bytes
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-7: (166): Action: Action_Null
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY
IKEv2-PROTO-4: (166): Process auth response notify
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_PROC_MSG
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_GET_POLICY_BY_PEERID
IKEv2-PROTO-4: (166): Searching policy based on peer's identity '10.116.84.61' of type 'IPv4 address'
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
IKEv2-PROTO-4: (166): Verify peer's policy
IKEv2-PROTO-4: (166): Peer's policy verified
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-4: (166): Get peer's authentication method
IKEv2-PROTO-4: (166): Peer's authentication method is 'PSK'
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_GET_PRESHR_KEY
IKEv2-PROTO-4: (166): Get peer's preshared key for 10.116.84.61
IKEv2-PROTO-7: (166): SM Trace-> SA: I_SPI=B1B4574E1A586765 R_SPI=2BFD5F03992DAEE9 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_VERIFY_AUTH
IKEv2-PROTO-4: (166): Verify peer's authentication data
IKEv2-PROTO-4: (166): Use preshared key for id 10.116.84.61, key len 22
IKEv2-PROTO-4: (166): Verification of peer's authenctication data PASSEDIKEv2-PROTO-7: (166): SM Trace-> SA: 

ASA send delete (this normal in success IPsec)


IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:4500/From 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 2
(166): IKEv2 INFORMATIONAL Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: INITIATOR (166): Message id: 2, length: 80(166):
Payload contents:
(166): ENCR(166): Next payload: DELETE, reserved: 0x0, length: 52
(166): Encrypted data: 48 bytes
(166):

ASA receive Palo phase2 message 


IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:4500/To 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 2
(166): IKEv2 INFORMATIONAL Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE (166): Message id: 2, length: 80(166):
Payload contents:

ASA send delete (this normal in success IPsec) again ???????


IKEv2-PROTO-4: (166): Sending Packet [To 52.x.x.x:4500/From 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 3
(166): IKEv2 INFORMATIONAL Exchange REQUESTIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: INITIATOR (166): Message id: 3, length: 80(166):
Payload contents:
(166): ENCR(166): Next payload: DELETE, reserved: 0x0, length: 52
(166): Encrypted data: 48 bytes

ASA receive Palo phase2 message  again ?????


IKEv2-PROTO-4: (166): Received Packet [From 52.x.x.x:4500/To 173.x.x.x:4500/VRF i0:f0]
(166): Initiator SPI : B1B4574E1A586765 - Responder SPI : 2BFD5F03992DAEE9 Message id: 3
(166): IKEv2 INFORMATIONAL Exchange RESPONSEIKEv2-PROTO-5: (166): Next payload: ENCR, version: 2.0 (166): Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE (166): Message id: 3, length: 80(166):
Payload contents:
(166):

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎02-24-2024 02:41 AM

this is correct for phase2 of IPsec ?? the prefix selector IP and algorithm you use ?
also I mention the IP use by palo, the palo behind NAT and I build blue color the IP Palo use can you double check it 

type: 1, reserved: 0x0, id: AES-CBC
(166): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(166): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(166): TSi(166): Next payload: TSr, reserved: 0x0, length: 24
(166): Num of TSs: 1, reserved 0x0, reserved 0x0
(166): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(166): start port: 0, end port: 65535
(166): start addr: 173.237.156.200, end addr: 173.237.156.200
(166): TSr(166): Next payload: NOTIFY, reserved: 0x0, length: 24
(166): Num of TSs: 1, reserved 0x0, reserved 0x0
(166): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(166): start port: 0, end port: 65535
(166): start addr: 198.x.x.x, end addr: 198.x.x.x

0 Helpful

Go to solution
irbk
Level 1
Level 1
In response to MHM Cisco World

‎02-27-2024 11:29 AM

Guess I missed whitewashing some IPs there.  I've asked about the PA being behind another NAT, I'm told no.  I've actually been working with Cisco TAC on this for about a week now and TAC isn't quite sure what's going on either.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to irbk

‎02-27-2024 11:40 AM

What is in my mind that the NAT device not open port 500 and 4500 this make one side asa send without response,

Until he initiated traffic and build NAT entry in that time both side can talk to each other. 

Hope you get respons from palo 

And get good support from TAC

Have a nice day friend 

MHM

0 Helpful

Go to solution
irbk
Level 1
Level 1

‎03-15-2024 05:25 AM

Hello everyone.  I do believe we finally have a resolution to the issue.  It appears that the issue was twofold.  One on my side and one on their side.  From my side, this was a migration of a VPN tunnel with an existing partner.  I completely forgot to change the external IP on my whitelist for incoming traffic.  Once I changed that, they were able to establish a VPN with me but I still had issues if I was the initiator.  It took getting on the phone with their team, PA support, and Amazon support.  Once Amazon support came on they quickly identified that there was a filter in AWS that was preventing my traffic from getting to the hosted PA.  So while the other side insisted that there wasn't a firewall in front of their PA, there was this AWS filter that was preventing the traffic.  Once my external IP got added to their AWS filter rule, we were able to establish the tunnel without much issue.  The real interesting thing to me is, if it was a firewall issue on both sides, how did we ever manage to establish a tunnel in the first place?

Go to solution
MHM Cisco World
VIP
VIP
In response to irbk

‎03-16-2024 03:17 AM - edited ‎03-16-2024 03:18 AM

as I mention before NAT and/or ACL can make one site retransmitting the ISAKMP phas1 
and the Phase1 only success if the traffic initiate from other Peer (the ASA statfull ACL open port for return traffic).  

photo1- when R3 initiate Phase1

Screenshot (176).png

 

Photo2- When R2 initiate phase1

Screenshot (177).png

Screenshot (178).png

Go to solution
adamscottmaster2013
Level 3
Level 3

‎03-16-2024 04:13 AM - edited ‎03-16-2024 04:14 AM

Here is what you should do.  As the PA people that manage the PA for the followings when the tunnel failed to come up:

1- show vpn ike-sa gateway your-cisco-asa

2- show vpn ipsec-sa

3- less mp-log ikemgr.log at the time when the connection failed

Example below:  Resp means the PAN is the responder in this case.  The output also shows both phase I and phase II timeout.  The ikemgr.log will show why it failed.

admin@PA-VPN(active)> show vpn ike-sa gateway CiscoASA
IKEv2 SAs
Gateway ID Peer-Address Gateway Name Role SN Algorithm Established Expiration Xt Child ST
---------- ------------ ------------ ---- -- --------- ----------- ---------- -- ----- --
1 11.200.200.15 CiscoASA Init 71 PSK/DH20/A256/SHA384 Mar.16 02:24:54 Mar.17 02:24:54 0 1 Established
IKEv2 IPSec Child SAs
Gateway Name TnID Tunnel ID Parent Role SPI(in) SPI(out) MsgID ST
------------ ---- ------ -- ------ ---- ------- -------- ----- --
CiscoASA 4 CiscoASA:CiscoASA_10.100.101.102_32 1725 71 Resp 99937422 9F4B3884 00000010 Mature
admin@PA-VPN(active)>
admin@PA-VPN(active)> show vpn ipsec-sa

GwID/client IP TnID Peer-Address Tunnel(Gateway) Algorithm SPI(in) SPI(out) life(Sec/KB) remain-time(Sec)
-------------- ---- ------------ --------------- --------- ------- -------- ------------ ----------------
1 4 11.200.200.15 CiscoASA:CiscoASA_10.100.101.102_32(CiscoASA) ESP/A256/SHA384 99937422 9F4B3884 3600/Unlimited 503
admin@PA-VPN(active)>

0 Helpful

Go to solution
irbk
Level 1
Level 1
In response to adamscottmaster2013

‎03-18-2024 05:12 AM

Thanks for your reply, perhaps you missed it but the issue has been resolved.  There was a filter in AWS that was preventing my traffic from getting to the hosted PA.

0 Helpful

Go to solution
adamscottmaster2013
Level 3
Level 3
In response to irbk

‎03-18-2024 08:53 AM

Ah... AWS Security Group (SG) 

0 Helpful
Customers Also Viewed These Support Documents