Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1824
Views
5
Helpful
3
Replies

GRE over IPSEC issue

theerapongpomp
Level 1
Level 1

‎02-15-2021 11:29 PM

Hi Experts,

 

I have configured the GRE over IPsec between Cisco and Vyatta devices.

Weird thing is it is working before untile now.

Below is the log that I captured from the Cisco.

I saw some error like "processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3" that mostly comes from key mismatch.

But rechecking many times it is already matched on both sides. 

Please help if you guys can see any more errors.

Thank you in advance.

 

Feb 16 15:11:42.628 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:42.628 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:11:42.628 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:11:42.628 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:42.628 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:11:42.628 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:11:42.628 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:42.629 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:11:42.629 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:11:42.629 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:42.629 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:11:42.629 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:11:42.629 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:42.629 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:11:42.629 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:11:42.717 HKT: ISAKMP-PAK: (0):received packet from 161.202.57.86 dport 500 sport 500 Global (N) NEW SA
Feb 16 15:11:42.718 HKT: ISAKMP: (0):Found a peer struct for 161.202.57.86, peer port 500
Feb 16 15:11:42.718 HKT: ISAKMP: (0):Locking peer struct 0x80007F594B464EB8, refcount 1 for crypto_isakmp_process_block
Feb 16 15:11:42.718 HKT: ISAKMP: (0):local port 500, remote port 500
Feb 16 15:11:42.718 HKT: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = 80007F594B54E3F0
Feb 16 15:11:42.719 HKT: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Feb 16 15:11:42.719 HKT: ISAKMP: (0):Old State = IKE_READY New State = IKE_R_MM1

Feb 16 15:11:42.719 HKT: ISAKMP: (0):processing SA payload. message ID = 0
Feb 16 15:11:42.719 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.719 HKT: ISAKMP: (0):vendor ID seems Unity/DPD but major 215 mismatch
Feb 16 15:11:42.720 HKT: ISAKMP: (0):vendor ID is XAUTH
Feb 16 15:11:42.720 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.720 HKT: ISAKMP: (0):vendor ID is DPD
Feb 16 15:11:42.720 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.720 HKT: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Feb 16 15:11:42.720 HKT: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Feb 16 15:11:42.720 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.720 HKT: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Feb 16 15:11:42.721 HKT: ISAKMP: (0):vendor ID is NAT-T v2
Feb 16 15:11:42.721 HKT: ISAKMP: (0):found peer pre-shared key matching 161.202.57.86
Feb 16 15:11:42.721 HKT: ISAKMP: (0):local preshared key found
Feb 16 15:11:42.721 HKT: ISAKMP: (0):Scanning profiles for xauth ...
Feb 16 15:11:42.721 HKT: ISAKMP: (0):Checking ISAKMP transform 1 against priority 10 policy
Feb 16 15:11:42.721 HKT: ISAKMP: (0): encryption AES-CBC
Feb 16 15:11:42.721 HKT: ISAKMP: (0): keylength of 256
Feb 16 15:11:42.721 HKT: ISAKMP: (0): hash SHA256
Feb 16 15:11:42.722 HKT: ISAKMP: (0): default group 2
Feb 16 15:11:42.722 HKT: ISAKMP: (0): auth pre-share
Feb 16 15:11:42.722 HKT: ISAKMP: (0): life type in seconds
Feb 16 15:11:42.722 HKT: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Feb 16 15:11:42.722 HKT: ISAKMP-ERROR: (0):Diffie-Hellman group offered does not match policy!
Feb 16 15:11:42.723 HKT: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Feb 16 15:11:42.723 HKT: ISAKMP: (0):Checking ISAKMP transform 1 against priority 20 policy
Feb 16 15:11:42.723 HKT: ISAKMP: (0): encryption AES-CBC
Feb 16 15:11:42.723 HKT: ISAKMP: (0): keylength of 256
Feb 16 15:11:42.723 HKT: ISAKMP: (0): hash SHA256
Feb 16 15:11:42.723 HKT: ISAKMP: (0): default group 2
Feb 16 15:11:42.723 HKT: ISAKMP: (0): auth pre-share
Feb 16 15:11:42.723 HKT: ISAKMP: (0): life type in seconds
Feb 16 15:11:42.724 HKT: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Feb 16 15:11:42.724 HKT: ISAKMP-ERROR: (0):Hash algorithm offered does not match policy!
Feb 16 15:11:42.724 HKT: ISAKMP-ERROR: (0):atts are not acceptable. Next payload is 0
Feb 16 15:11:42.724 HKT: ISAKMP: (0):Checking ISAKMP transform 1 against priority 30 policy
Feb 16 15:11:42.724 HKT: ISAKMP: (0): encryption AES-CBC
Feb 16 15:11:42.725 HKT: ISAKMP: (0): keylength of 256
Feb 16 15:11:42.725 HKT: ISAKMP: (0): hash SHA256
Feb 16 15:11:42.725 HKT: ISAKMP: (0): default group 2
Feb 16 15:11:42.725 HKT: ISAKMP: (0): auth pre-share
Feb 16 15:11:42.725 HKT: ISAKMP: (0): life type in seconds
Feb 16 15:11:42.725 HKT: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Feb 16 15:11:42.726 HKT: ISAKMP: (0):atts are acceptable. Next payload is 0
Feb 16 15:11:42.726 HKT: ISAKMP: (0):Acceptable atts:actual life: 86400
Feb 16 15:11:42.726 HKT: ISAKMP: (0):Acceptable atts:life: 0
Feb 16 15:11:42.726 HKT: ISAKMP: (0):Fill atts in sa vpi_length:4
Feb 16 15:11:42.726 HKT: ISAKMP: (0):Fill atts in sa life_in_seconds:86400
Feb 16 15:11:42.726 HKT: ISAKMP: (0):Returning Actual lifetime: 86400
Feb 16 15:11:42.726 HKT: ISAKMP: (0):Started lifetime timer: 86400.

Feb 16 15:11:42.730 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.730 HKT: ISAKMP: (0):vendor ID seems Unity/DPD but major 215 mismatch
Feb 16 15:11:42.730 HKT: ISAKMP: (0):vendor ID is XAUTH
Feb 16 15:11:42.730 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.730 HKT: ISAKMP: (0):vendor ID is DPD
Feb 16 15:11:42.730 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.730 HKT: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
Feb 16 15:11:42.731 HKT: ISAKMP: (0):vendor ID is NAT-T RFC 3947
Feb 16 15:11:42.731 HKT: ISAKMP: (0):processing vendor id payload
Feb 16 15:11:42.731 HKT: ISAKMP: (0):vendor ID seems Unity/DPD but major 123 mismatch
Feb 16 15:11:42.731 HKT: ISAKMP: (0):vendor ID is NAT-T v2
Feb 16 15:11:42.731 HKT: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Feb 16 15:11:42.731 HKT: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM1

Feb 16 15:11:42.731 HKT: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID
Feb 16 15:11:42.732 HKT: ISAKMP-PAK: (0):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) MM_SA_SETUP
Feb 16 15:11:42.732 HKT: ISAKMP: (0):Sending an IKE IPv4 Packet.
Feb 16 15:11:42.732 HKT: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Feb 16 15:11:42.732 HKT: ISAKMP: (0):Old State = IKE_R_MM1 New State = IKE_R_MM2

Feb 16 15:11:42.738 HKT: ISAKMP-PAK: (0):received packet from 161.202.57.86 dport 500 sport 500 Global (R) MM_SA_SETUP
Feb 16 15:11:42.738 HKT: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Feb 16 15:11:42.738 HKT: ISAKMP: (0):Old State = IKE_R_MM2 New State = IKE_R_MM3

Feb 16 15:11:42.739 HKT: ISAKMP: (0):processing KE payload. message ID = 0
Feb 16 15:11:42.743 HKT: ISAKMP: (0):processing NONCE payload. message ID = 0
Feb 16 15:11:42.743 HKT: ISAKMP: (0):found peer pre-shared key matching 161.202.57.86
Feb 16 15:11:42.743 HKT: ISAKMP: (13280):received payload type 20
Feb 16 15:11:42.743 HKT: ISAKMP: (13280):His hash no match - this node outside NAT
Feb 16 15:11:42.743 HKT: ISAKMP: (13280):received payload type 20
Feb 16 15:11:42.743 HKT: ISAKMP: (13280):No NAT Found for self or peer
Feb 16 15:11:42.743 HKT: ISAKMP: (13280):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Feb 16 15:11:42.744 HKT: ISAKMP: (13280):Old State = IKE_R_MM3 New State = IKE_R_MM3

Feb 16 15:11:42.744 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) MM_KEY_EXCH
Feb 16 15:11:42.744 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:11:42.744 HKT: ISAKMP: (13280):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Feb 16 15:11:42.744 HKT: ISAKMP: (13280):Old State = IKE_R_MM3 New State = IKE_R_MM4

Feb 16 15:11:42.750 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) MM_KEY_EXCH
Feb 16 15:11:42.751 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Feb 16 15:11:42.751 HKT: ISAKMP: (13280):Old State = IKE_R_MM4 New State = IKE_R_MM5

Feb 16 15:11:42.751 HKT: ISAKMP: (13280):processing ID payload. message ID = 0
Feb 16 15:11:42.751 HKT: ISAKMP: (13280):ID payload
next-payload : 8
type : 1
Feb 16 15:11:42.751 HKT: ISAKMP: (13280): address : 161.202.57.86
Feb 16 15:11:42.751 HKT: ISAKMP: (13280): protocol : 0
port : 0
length : 12
Feb 16 15:11:42.751 HKT: ISAKMP: (0):peer matches *none* of the profiles
Feb 16 15:11:42.751 HKT: ISAKMP: (13280):processing HASH payload. message ID = 0
Feb 16 15:11:42.751 HKT: ISAKMP: (13280):SA authentication status:
authenticated
Feb 16 15:11:42.751 HKT: ISAKMP: (13280):SA has been authenticated with 161.202.57.86
Feb 16 15:11:42.752 HKT: ISAKMP: (13280):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Feb 16 15:11:42.752 HKT: ISAKMP: (13280):Old State = IKE_R_MM5 New State = IKE_R_MM5

Feb 16 15:11:42.752 HKT: ISAKMP: (13280):SA is doing
Feb 16 15:11:42.752 HKT: ISAKMP: (13280):pre-shared key authentication using id type ID_IPV4_ADDR
Feb 16 15:11:42.753 HKT: ISAKMP: (13280):ID payload
next-payload : 8
type : 1
Feb 16 15:11:42.753 HKT: ISAKMP: (13280): address : 218.255.105.58
Feb 16 15:11:42.753 HKT: ISAKMP: (13280): protocol : 17
port : 500
length : 12
Feb 16 15:11:42.753 HKT: ISAKMP: (13280):Total payload length: 12
Feb 16 15:11:42.753 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) MM_KEY_EXCH
Feb 16 15:11:42.753 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:11:42.753 HKT: ISAKMP: (13280):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Feb 16 15:11:42.753 HKT: ISAKMP: (13280):Old State = IKE_R_MM5 New State = IKE_R_MM5

Feb 16 15:11:42.753 HKT: ISAKMP: (13280):Input = IKE_MESG_INTERNAL, IKE_FETCH_USER_ATTR
Feb 16 15:11:42.753 HKT: ISAKMP: (13280):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE

Feb 16 15:11:42.754 HKT: ISAKMP: (13280):IKE_DPD is enabled, initializing timers
Feb 16 15:11:42.754 HKT: ISAKMP: (13280):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Feb 16 15:11:42.754 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:11:42.759 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:11:42.759 HKT: ISAKMP: (13280):set new node 3238832274 to QM_IDLE
Feb 16 15:11:42.759 HKT: ISAKMP: (13280):processing HASH payload. message ID = 3238832274
Feb 16 15:11:42.759 HKT: ISAKMP: (13280):processing SA payload. message ID = 3238832274
Feb 16 15:11:42.759 HKT: ISAKMP: (13280):Checking IPSec proposal 0
Feb 16 15:11:42.759 HKT: ISAKMP: (13280):transform 1, ESP_AES
Feb 16 15:11:42.759 HKT: ISAKMP: (13280): attributes in transform:
Feb 16 15:11:42.759 HKT: ISAKMP: (13280): key length is 256
Feb 16 15:11:42.759 HKT: ISAKMP: (13280): authenticator is HMAC-SHA256
Feb 16 15:11:42.759 HKT: ISAKMP: (13280): encaps is 2 (Transport)
Feb 16 15:11:42.760 HKT: ISAKMP: (13280): SA life type in seconds
Feb 16 15:11:42.760 HKT: ISAKMP: (13280): SA life duration (basic) of 43200
Feb 16 15:11:42.760 HKT: ISAKMP: (13280):atts are acceptable.
Feb 16 15:11:42.760 HKT: IPSEC(validate_proposal_request): proposal part #1
Feb 16 15:11:42.760 HKT: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0,
protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), esn= FALSE,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
Feb 16 15:11:42.760 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:11:42.760 HKT: (ipsec_process_proposal)Map Accepted: Tunnel201-head-0, 65537
Feb 16 15:11:42.760 HKT: ISAKMP: (13280):processing NONCE payload. message ID = 3238832274
Feb 16 15:11:42.760 HKT: ISAKMP: (13280):processing ID payload. message ID = 3238832274
Feb 16 15:11:42.760 HKT: ISAKMP: (13280):processing ID payload. message ID = 3238832274
Feb 16 15:11:42.760 HKT: ISAKMP: (13280):QM Responder gets spi
Feb 16 15:11:42.761 HKT: ISAKMP: (13280):Node 3238832274, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Feb 16 15:11:42.761 HKT: ISAKMP: (13280):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
Feb 16 15:11:42.761 HKT: ISAKMP: (13280):Node 3238832274, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
Feb 16 15:11:42.761 HKT: ISAKMP: (13280):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT
Feb 16 15:11:42.761 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:42.761 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:11:42.761 HKT: IPSEC(crypto_ipsec_create_ipsec_sas): Map found Tunnel201-head-0, 65537
Feb 16 15:11:42.762 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0xB49A208F(3029999759),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5977
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:42.762 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED2080, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:11:42.762 HKT: crypto_ipsec_hook_out_sa: ipsec_out_sa_hash_array[89]=0x7F5947ED2080
Feb 16 15:11:42.762 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xC74162CC(3342951116),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5978
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:42.766 HKT: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
Feb 16 15:11:42.766 HKT: ISAKMP: (13280):Received IPSec Install callback... proceeding with the negotiation
Feb 16 15:11:42.766 HKT: ISAKMP: (13280):Successfully installed IPSEC SA (SPI:0xB49A208F) on Tunnel201
Feb 16 15:11:42.767 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:11:42.767 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:11:42.767 HKT: ISAKMP: (13280):Node 3238832274, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
Feb 16 15:11:42.767 HKT: ISAKMP: (13280):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
Feb 16 15:11:42.773 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:11:42.773 HKT: ISAKMP: (13280):set new node 3850727141 to QM_IDLE
Feb 16 15:11:42.773 HKT: ISAKMP: (13280):processing HASH payload. message ID = 3850727141
Feb 16 15:11:42.773 HKT: ISAKMP: (13280):processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 3342951116, message ID = 3850727141, sa = 0x80007F594B54E3F0
Feb 16 15:11:42.773 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:11:42.773 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xC74162CC)
Feb 16 15:11:42.774 HKT: ISAKMP: (13280):deleting node 3850727141 error FALSE reason "Informational (in) state 1"
Feb 16 15:11:42.774 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:11:42.774 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:11:42.774 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:42.774 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:11:42.774 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:11:42.774 HKT: IPSEC(key_engine_delete_sas): delete SA with spi 0xC74162CC proto 50 for 161.202.57.86
Feb 16 15:11:42.774 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0xB49A208F(3029999759),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5977
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:42.775 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xC74162CC(3342951116),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5978
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:42.775 HKT: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
Feb 16 15:11:42.775 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED2080, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:11:42.778 HKT: IPSEC(ident_delete_notify_kmi): Failed to send KEY_ENG_DELETE_SAS
APHKDCR1#
Feb 16 15:11:42.778 HKT: IPSEC(ident_update_final_flow_stats): Collect Final Stats and update MIB
IPSEC get IKMP peer index from peer 0x7F5947ED0BF0 ikmp handle 0x4000003A
IPSEC IKMP peer index 0
[ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x24000F89,peer index 0

APHKDCR1#
Feb 16 15:11:48.709 HKT: ISAKMP: (1939):purging node 2235575165
APHKDCR1#
Feb 16 15:11:52.109 HKT: ISAKMP: (13278):purging SA., sa=80007F594B045040, delme=80007F594B045040
Feb 16 15:11:52.213 HKT: ISAKMP: (13279):purging node 1796635139
Feb 16 15:11:52.333 HKT: ISAKMP: (13279):purging node 319677595
Feb 16 15:11:52.767 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 3238832274 ...
Feb 16 15:11:52.767 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Feb 16 15:11:52.767 HKT: ISAKMP: (13280):retransmitting phase 2 3238832274 QM_IDLE
Feb 16 15:11:52.767 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:11:52.767 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:11:52.774 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:11:52.774 HKT: ISAKMP: (13280):set new node 1811761578 to QM_IDLE
Feb 16 15:11:52.774 HKT: ISAKMP: (13280):processing HASH payload. message ID = 1811761578
Feb 16 15:11:52.774 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 1811761578, sa = 0x80007F594B54E3F0
Feb 16 15:11:52.774 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 1 of 5: some bad notify
Feb 16 15:11:52.774 HKT: ISAKMP: (13280):deleting node 1811761578 error FALSE reason "Informational (in) state 2"
Feb 16 15:11:52.774 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:11:52.774 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:11:52.881 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:11:52.881 HKT: ISAKMP: (13280):set new node 1731070057 to QM_IDLE
Feb 16 15:11:52.881 HKT: ISAKMP: (13280):processing HASH payload. message ID = 1731070057
Feb 16 15:11:52.881 HKT: ISAKMP: (13280):processing SA payload. message ID = 1731070057
Feb 16 15:11:52.881 HKT: ISAKMP: (13280):Checking IPSec proposal 0
Feb 16 15:11:52.881 HKT: ISAKMP: (13280):transform 1, ESP_AES
Feb 16 15:11:52.881 HKT: ISAKMP: (13280): attributes in transform:
Feb 16 15:11:52.882 HKT: ISAKMP: (13280): key length is 256
Feb 16 15:11:52.882 HKT: ISAKMP: (13280): authenticator is HMAC-SHA256
Feb 16 15:11:52.882 HKT: ISAKMP: (13280): encaps is 2 (Transport)
Feb 16 15:11:52.882 HKT: ISAKMP: (13280): SA life type in seconds
Feb 16 15:11:52.882 HKT: ISAKMP: (13280): SA life duration (basic) of 43200
Feb 16 15:11:52.882 HKT: ISAKMP: (13280):atts are acceptable.
Feb 16 15:11:52.882 HKT: IPSEC(validate_proposal_request): proposal part #1
Feb 16 15:11:52.882 HKT: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0,
protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), esn= FALSE,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
Feb 16 15:11:52.882 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:11:52.882 HKT: (ipsec_process_proposal)Map Accepted: Tunnel201-head-0, 65537
Feb 16 15:11:52.882 HKT: ISAKMP: (13280):processing NONCE payload. message ID = 1731070057
Feb 16 15:11:52.883 HKT: ISAKMP: (13280):processing ID payload. message ID = 1731070057
Feb 16 15:11:52.883 HKT: ISAKMP: (13280):processing ID payload. message ID = 1731070057
Feb 16 15:11:52.883 HKT: ISAKMP: (13280):QM Responder gets spi
Feb 16 15:11:52.883 HKT: ISAKMP: (13280):Node 1731070057, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Feb 16 15:11:52.883 HKT: ISAKMP: (13280):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
Feb 16 15:11:52.883 HKT: ISAKMP: (13280):Node 1731070057, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
Feb 16 15:11:52.883 HKT: ISAKMP: (13280):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT
Feb 16 15:11:52.883 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:52.883 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:11:52.884 HKT: IPSEC(crypto_ipsec_create_ipsec_sas): Map found Tunnel201-head-0, 65537
Feb 16 15:11:52.884 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0x988EE07E(2559500414),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5979
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:52.885 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1F78, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:11:52.885 HKT: crypto_ipsec_hook_out_sa: ipsec_out_sa_hash_array[89]=0x7F5947ED1F78
Feb 16 15:11:52.885 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xCFDBB0F2(3487281394),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5980
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:52.888 HKT: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
Feb 16 15:11:52.889 HKT: ISAKMP: (13280):Received IPSec Install callback... proceeding with the negotiation
Feb 16 15:11:52.889 HKT: ISAKMP: (13280):Successfully installed IPSEC SA (SPI:0x988EE07E) on Tunnel201
Feb 16 15:11:52.889 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:11:52.889 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:11:52.889 HKT: ISAKMP: (13280):Node 1731070057, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
Feb 16 15:11:52.889 HKT: ISAKMP: (13280):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
Feb 16 15:11:52.895 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):set new node 159957691 to QM_IDLE
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):processing HASH payload. message ID = 159957691
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 3487281394, message ID = 159957691, sa = 0x80007F594B54E3F0
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xCFDBB0F2)
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):deleting node 159957691 error FALSE reason "Informational (in) state 1"
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:11:52.896 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:11:52.896 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:11:52.897 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:11:52.897 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:11:52.897 HKT: IPSEC(key_engine_delete_sas): delete SA with spi 0xCFDBB0F2 proto 50 for 161.202.57.86
Feb 16 15:11:52.897 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0x988EE07E(2559500414),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5979
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:52.897 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xCFDBB0F2(3487281394),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5980
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:11:52.897 HKT: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
Feb 16 15:11:52.898 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1F78, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:11:52.900 HKT: IPSEC(ident_delete_notify_kmi): Failed to send KEY_ENG_DELETE_SAS
Feb 16 15:11:52.900 HKT: IPSEC(ident_update_final_flow_stats): Collect Final Stats and update MIB
IPSEC get IKMP peer index from peer 0x7F5947ED0BF0 ikmp handle 0x4000003A
IPSEC IKMP peer index 0

APHKDCR1#[ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x24000F8B,peer index 0

APHKDCR1#
Feb 16 15:11:58.806 HKT: %OSPF-4-NOVALIDKEY: No valid authentication send key is available on interface GigabitEthernet0/0/1.117
Feb 16 15:11:58.975 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 218.255.105.61, sa_proto= 50,
sa_spi= 0xDE1661D0(3726008784),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5615
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 218.255.105.61:0, remote= 210.3.191.86:0,
local_proxy= 218.255.105.61/255.255.255.255/47/0,
remote_proxy= 210.3.191.86/255.255.255.255/47/0
Feb 16 15:11:58.975 HKT: IPSEC(delete_sa): SA found saving DEL kmi
Feb 16 15:11:58.975 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 210.3.191.86, sa_proto= 50,
sa_spi= 0xB46ECBBC(3027159996),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5616
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 218.255.105.61:0, remote= 210.3.191.86:0,
local_proxy= 218.255.105.61/255.255.255.255/47/0,
remote_proxy= 210.3.191.86/255.255.255.255/47/0
Feb 16 15:11:58.976 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1738, hash_idx=167, port=500/500, addr=0xDAFF693D/0xD203BF56
Feb 16 15:11:58.979 HKT: IPSEC(ident_update_final_flow_stats): Collect Final Stats and update MIB
IPSEC get IKMP peer index from peer 0x7F5947ECFFB0 ikmp handle 0x40000004
IPSEC IKMP peer index 0

APHKDCR1#[ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x24000E1F,peer index 0

Feb 16 15:11:58.979 HKT: ISAKMP: (1939):set new node 1380548612 to QM_IDLE
Feb 16 15:11:58.979 HKT: ISAKMP-PAK: (1939):sending packet to 210.3.191.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:11:58.979 HKT: ISAKMP: (1939):Sending an IKE IPv4 Packet.
Feb 16 15:11:58.980 HKT: ISAKMP: (1939):purging node 1380548612
Feb 16 15:11:58.980 HKT: ISAKMP: (1939):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL
Feb 16 15:11:58.980 HKT: ISAKMP: (1939):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

APHKDCR1#
Feb 16 15:12:02.214 HKT: ISAKMP: (13279):purging node 3933072426
Feb 16 15:12:02.334 HKT: ISAKMP: (13279):purging node 3405350482
Feb 16 15:12:02.443 HKT: ISAKMP: (13279):purging node 3043465584
Feb 16 15:12:02.767 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 3238832274 ...
Feb 16 15:12:02.767 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 2 of 5: retransmit phase 2
Feb 16 15:12:02.767 HKT: ISAKMP: (13280):retransmitting phase 2 3238832274 QM_IDLE
Feb 16 15:12:02.767 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:02.767 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:02.775 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:02.775 HKT: ISAKMP: (13280):set new node 3422245340 to QM_IDLE
Feb 16 15:12:02.775 HKT: ISAKMP: (13280):processing HASH payload. message ID = 3422245340
Feb 16 15:12:02.775 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 3422245340, sa = 0x80007F594B54E3F0
Feb 16 15:12:02.775 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 1 of 5: some bad notify
Feb 16 15:12:02.775 HKT: ISAKMP: (13280):deleting node 3422245340 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:02.775 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:02.775 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:02.889 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 1731070057 ...
Feb 16 15:12:02.889 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Feb 16 15:12:02.889 HKT: ISAKMP: (13280):retransmitting phase 2 1731070057 QM_IDLE
Feb 16 15:12:02.889 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:02.889 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:02.897 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:02.897 HKT: ISAKMP: (13280):set new node 2200988823 to QM_IDLE
Feb 16 15:12:02.897 HKT: ISAKMP: (13280):processing HASH payload. message ID = 2200988823
Feb 16 15:12:02.897 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 2200988823, sa = 0x80007F594B54E3F0
Feb 16 15:12:02.898 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 2 of 5: some bad notify
Feb 16 15:12:02.898 HKT: ISAKMP: (13280):deleting node 2200988823 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:02.898 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:02.898 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:02.994 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:02.994 HKT: ISAKMP: (13280):set new node 2665364519 to QM_IDLE
Feb 16 15:12:02.994 HKT: ISAKMP: (13280):processing HASH payload. message ID = 2665364519
Feb 16 15:12:02.994 HKT: ISAKMP: (13280):processing SA payload. message ID = 2665364519
Feb 16 15:12:02.994 HKT: ISAKMP: (13280):Checking IPSec proposal 0
Feb 16 15:12:02.994 HKT: ISAKMP: (13280):transform 1, ESP_AES
Feb 16 15:12:02.994 HKT: ISAKMP: (13280): attributes in transform:
Feb 16 15:12:02.994 HKT: ISAKMP: (13280): key length is 256
Feb 16 15:12:02.994 HKT: ISAKMP: (13280): authenticator is HMAC-SHA256
Feb 16 15:12:02.995 HKT: ISAKMP: (13280): encaps is 2 (Transport)
Feb 16 15:12:02.995 HKT: ISAKMP: (13280): SA life type in seconds
Feb 16 15:12:02.995 HKT: ISAKMP: (13280): SA life duration (basic) of 43200
Feb 16 15:12:02.995 HKT: ISAKMP: (13280):atts are acceptable.
Feb 16 15:12:02.995 HKT: IPSEC(validate_proposal_request): proposal part #1
Feb 16 15:12:02.995 HKT: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0,
protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), esn= FALSE,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
Feb 16 15:12:02.995 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:12:02.995 HKT: (ipsec_process_proposal)Map Accepted: Tunnel201-head-0, 65537
Feb 16 15:12:02.995 HKT: ISAKMP: (13280):processing NONCE payload. message ID = 2665364519
Feb 16 15:12:02.995 HKT: ISAKMP: (13280):processing ID payload. message ID = 2665364519
Feb 16 15:12:02.996 HKT: ISAKMP: (13280):processing ID payload. message ID = 2665364519
Feb 16 15:12:02.996 HKT: ISAKMP: (13280):QM Responder gets spi
Feb 16 15:12:02.996 HKT: ISAKMP: (13280):Node 2665364519, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Feb 16 15:12:02.996 HKT: ISAKMP: (13280):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
Feb 16 15:12:02.996 HKT: ISAKMP: (13280):Node 2665364519, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
Feb 16 15:12:02.996 HKT: ISAKMP: (13280):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT
Feb 16 15:12:02.996 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:02.996 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:12:02.996 HKT: IPSEC(crypto_ipsec_create_ipsec_sas): Map found Tunnel201-head-0, 65537
Feb 16 15:12:02.997 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0x5335E20E(1396040206),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5981
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:02.998 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1840, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:12:02.998 HKT: crypto_ipsec_hook_out_sa: ipsec_out_sa_hash_array[89]=0x7F5947ED1840
Feb 16 15:12:02.998 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xCE12CFE0(3457339360),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5982
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:03.001 HKT: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
Feb 16 15:12:03.002 HKT: ISAKMP: (13280):Received IPSec Install callback... proceeding with the negotiation
Feb 16 15:12:03.002 HKT: ISAKMP: (13280):Successfully installed IPSEC SA (SPI:0x5335E20E) on Tunnel201
Feb 16 15:12:03.002 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:03.002 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:03.002 HKT: ISAKMP: (13280):Node 2665364519, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
Feb 16 15:12:03.002 HKT: ISAKMP: (13280):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
Feb 16 15:12:03.008 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:03.008 HKT: ISAKMP: (13280):set new node 2739250811 to QM_IDLE
Feb 16 15:12:03.009 HKT: ISAKMP: (13280):processing HASH payload. message ID = 2739250811
Feb 16 15:12:03.009 HKT: ISAKMP: (13280):processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 3457339360, message ID = 2739250811, sa = 0x80007F594B54E3F0
Feb 16 15:12:03.009 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:03.009 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xCE12CFE0)
Feb 16 15:12:03.009 HKT: ISAKMP: (13280):deleting node 2739250811 error FALSE reason "Informational (in) state 1"
Feb 16 15:12:03.009 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:03.009 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:03.009 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:03.009 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:03.009 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:12:03.009 HKT: IPSEC(key_engine_delete_sas): delete SA with spi 0xCE12CFE0 proto 50 for 161.202.57.86
Feb 16 15:12:03.010 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0x5335E20E(1396040206),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5981
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:03.010 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xCE12CFE0(3457339360),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5982
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:03.010 HKT: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
Feb 16 15:12:03.011 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1840, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:12:03.013 HKT: IPSEC(ident_delete_notify_kmi): Failed to send KEY_ENG_DELETE_SAS
Feb 16 15:12:03.013 HKT: IPSEC(ident_update_final_flow_stats): Collect Final Stats and update MIB
IPSEC get IKMP peer index from peer 0x7F5947ED0BF0 ikmp handle 0x4000003A
IPSEC IKMP peer index 0

APHKDCR1#[ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x24000F8D,peer index 0

APHKDCR1#
Feb 16 15:12:12.036 HKT: %OSPF-4-INVALIDKEY: Key ID 0 received on interface GigabitEthernet0/0/1.117
APHKDCR1#
Feb 16 15:12:12.215 HKT: ISAKMP: (13279):purging node 487903096
Feb 16 15:12:12.334 HKT: ISAKMP: (13279):purging node 3458135603
Feb 16 15:12:12.443 HKT: ISAKMP: (13279):purging node 2949033579
Feb 16 15:12:12.551 HKT: ISAKMP: (13279):purging node 4057829165
Feb 16 15:12:12.767 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 3238832274 ...
Feb 16 15:12:12.767 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 3 of 5: retransmit phase 2
Feb 16 15:12:12.767 HKT: ISAKMP: (13280):retransmitting phase 2 3238832274 QM_IDLE
Feb 16 15:12:12.767 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:12.767 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:12.773 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:12.773 HKT: ISAKMP: (13280):set new node 311017145 to QM_IDLE
Feb 16 15:12:12.773 HKT: ISAKMP: (13280):processing HASH payload. message ID = 311017145
Feb 16 15:12:12.773 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 311017145, sa = 0x80007F594B54E3F0
Feb 16 15:12:12.773 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 1 of 5: some bad notify
Feb 16 15:12:12.773 HKT: ISAKMP: (13280):deleting node 311017145 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:12.774 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:12.774 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:12.889 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 1731070057 ...
Feb 16 15:12:12.889 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 2 of 5: retransmit phase 2
Feb 16 15:12:12.890 HKT: ISAKMP: (13280):retransmitting phase 2 1731070057 QM_IDLE
Feb 16 15:12:12.890 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:12.890 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:12.895 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:12.895 HKT: ISAKMP: (13280):set new node 3958158347 to QM_IDLE
Feb 16 15:12:12.895 HKT: ISAKMP: (13280):processing HASH payload. message ID = 3958158347
Feb 16 15:12:12.895 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 3958158347, sa = 0x80007F594B54E3F0
Feb 16 15:12:12.895 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 2 of 5: some bad notify
Feb 16 15:12:12.895 HKT: ISAKMP: (13280):deleting node 3958158347 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:12.896 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:12.896 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:13.003 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 2665364519 ...
Feb 16 15:12:13.003 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Feb 16 15:12:13.003 HKT: ISAKMP: (13280):retransmitting phase 2 2665364519 QM_IDLE
Feb 16 15:12:13.003 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:13.003 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:13.009 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:13.009 HKT: ISAKMP: (13280):set new node 2596629323 to QM_IDLE
Feb 16 15:12:13.009 HKT: ISAKMP: (13280):processing HASH payload. message ID = 2596629323
Feb 16 15:12:13.010 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 2596629323, sa = 0x80007F594B54E3F0
Feb 16 15:12:13.010 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 3 of 5: some bad notify
Feb 16 15:12:13.010 HKT: ISAKMP: (13280):deleting node 2596629323 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:13.010 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:13.010 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:13.107 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:13.107 HKT: ISAKMP: (13280):set new node 1359674481 to QM_IDLE
Feb 16 15:12:13.107 HKT: ISAKMP: (13280):processing HASH payload. message ID = 1359674481
Feb 16 15:12:13.107 HKT: ISAKMP: (13280):processing SA payload. message ID = 1359674481
Feb 16 15:12:13.107 HKT: ISAKMP: (13280):Checking IPSec proposal 0
Feb 16 15:12:13.107 HKT: ISAKMP: (13280):transform 1, ESP_AES
Feb 16 15:12:13.107 HKT: ISAKMP: (13280): attributes in transform:
Feb 16 15:12:13.108 HKT: ISAKMP: (13280): key length is 256
Feb 16 15:12:13.108 HKT: ISAKMP: (13280): authenticator is HMAC-SHA256
Feb 16 15:12:13.108 HKT: ISAKMP: (13280): encaps is 2 (Transport)
Feb 16 15:12:13.108 HKT: ISAKMP: (13280): SA life type in seconds
Feb 16 15:12:13.108 HKT: ISAKMP: (13280): SA life duration (basic) of 43200
Feb 16 15:12:13.108 HKT: ISAKMP: (13280):atts are acceptable.
Feb 16 15:12:13.108 HKT: IPSEC(validate_proposal_request): proposal part #1
Feb 16 15:12:13.108 HKT: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0,
protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), esn= FALSE,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
Feb 16 15:12:13.108 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:12:13.108 HKT: (ipsec_process_proposal)Map Accepted: Tunnel201-head-0, 65537
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):processing NONCE payload. message ID = 1359674481
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):processing ID payload. message ID = 1359674481
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):processing ID payload. message ID = 1359674481
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):QM Responder gets spi
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):Node 1359674481, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):Node 1359674481, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
Feb 16 15:12:13.109 HKT: ISAKMP: (13280):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT
Feb 16 15:12:13.109 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:13.110 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:12:13.110 HKT: IPSEC(crypto_ipsec_create_ipsec_sas): Map found Tunnel201-head-0, 65537
Feb 16 15:12:13.110 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0x4CAB4A42(1286294082),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5983
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:13.111 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1738, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:12:13.111 HKT: crypto_ipsec_hook_out_sa: ipsec_out_sa_hash_array[89]=0x7F5947ED1738
Feb 16 15:12:13.111 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xC178D3F8(3245921272),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5984
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:13.115 HKT: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
Feb 16 15:12:13.115 HKT: ISAKMP: (13280):Received IPSec Install callback... proceeding with the negotiation
Feb 16 15:12:13.115 HKT: ISAKMP: (13280):Successfully installed IPSEC SA (SPI:0x4CAB4A42) on Tunnel201
Feb 16 15:12:13.115 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:13.115 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:13.116 HKT: ISAKMP: (13280):Node 1359674481, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
Feb 16 15:12:13.116 HKT: ISAKMP: (13280):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
Feb 16 15:12:13.121 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:13.121 HKT: ISAKMP: (13280):set new node 1492417462 to QM_IDLE
Feb 16 15:12:13.121 HKT: ISAKMP: (13280):processing HASH payload. message ID = 1492417462
Feb 16 15:12:13.121 HKT: ISAKMP: (13280):processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 3245921272, message ID = 1492417462, sa = 0x80007F594B54E3F0
Feb 16 15:12:13.121 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:13.122 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xC178D3F8)
Feb 16 15:12:13.122 HKT: ISAKMP: (13280):deleting node 1492417462 error FALSE reason "Informational (in) state 1"
Feb 16 15:12:13.122 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:13.122 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:13.122 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:13.122 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:13.122 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:12:13.122 HKT: IPSEC(key_engine_delete_sas): delete SA with spi 0xC178D3F8 proto 50 for 161.202.57.86
Feb 16 15:12:13.122 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0x4CAB4A42(1286294082),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5983
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:13.123 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xC178D3F8(3245921272),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5984
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:13.123 HKT: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
Feb 16 15:12:13.123 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1738, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:12:13.125 HKT: IPSEC(ident_delete_notify_kmi): Failed to send KEY_ENG_DELETE_SAS
APHKDCR1#
Feb 16 15:12:13.125 HKT: IPSEC(ident_update_final_flow_stats): Collect Final Stats and update MIB
IPSEC get IKMP peer index from peer 0x7F5947ED0BF0 ikmp handle 0x4000003A
IPSEC IKMP peer index 0
[ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x24000F8F,peer index 0

APHKDCR1#
Feb 16 15:12:22.218 HKT: ISAKMP: (13279):purging node 906587556
Feb 16 15:12:22.338 HKT: ISAKMP: (13279):purging node 2069995496
Feb 16 15:12:22.446 HKT: ISAKMP: (13279):purging node 3212668452
Feb 16 15:12:22.553 HKT: ISAKMP: (13279):purging node 580081702
Feb 16 15:12:22.623 HKT: ISAKMP: (13279):purging node 1775041408
Feb 16 15:12:22.767 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 3238832274 ...
Feb 16 15:12:22.767 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 4 of 5: retransmit phase 2
Feb 16 15:12:22.767 HKT: ISAKMP: (13280):retransmitting phase 2 3238832274 QM_IDLE
Feb 16 15:12:22.767 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:22.767 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:22.773 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:22.773 HKT: ISAKMP: (13280):set new node 2266442092 to QM_IDLE
Feb 16 15:12:22.773 HKT: ISAKMP: (13280):processing HASH payload. message ID = 2266442092
Feb 16 15:12:22.774 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 2266442092, sa = 0x80007F594B54E3F0
APHKDCR1#
Feb 16 15:12:22.774 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 1 of 5: some bad notify
Feb 16 15:12:22.774 HKT: ISAKMP: (13280):deleting node 2266442092 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:22.774 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:22.774 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:22.891 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 1731070057 ...
Feb 16 15:12:22.891 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 3 of 5: retransmit phase 2
Feb 16 15:12:22.891 HKT: ISAKMP: (13280):retransmitting phase 2 1731070057 QM_IDLE
Feb 16 15:12:22.891 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:22.891 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:22.897 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:22.897 HKT: ISAKMP: (13280):set new node 2533129135 to QM_IDLE
Feb 16 15:12:22.897 HKT: ISAKMP: (13280):processing HASH payload. message ID = 2533129135
Feb 16 15:12:22.898 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 2533129135, sa = 0x80007F594B54E3F0
Feb 16 15:12:22.898 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 2 of 5: some bad notify
Feb 16 15:12:22.898 HKT: ISAKMP: (13280):deleting node 2533129135 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:22.898 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:22.898 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:23.003 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 2665364519 ...
Feb 16 15:12:23.003 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 2 of 5: retransmit phase 2
Feb 16 15:12:23.004 HKT: ISAKMP: (13280):retransmitting phase 2 2665364519 QM_IDLE
Feb 16 15:12:23.004 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:23.004 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:23.009 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:23.010 HKT: ISAKMP: (13280):set new node 368950252 to QM_IDLE
Feb 16 15:12:23.010 HKT: ISAKMP: (13280):processing HASH payload. message ID = 368950252
Feb 16 15:12:23.010 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 368950252, sa = 0x80007F594B54E3F0
Feb 16 15:12:23.010 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 3 of 5: some bad notify
Feb 16 15:12:23.010 HKT: ISAKMP: (13280):deleting node 368950252 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:23.010 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:23.010 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:23.116 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 1359674481 ...
Feb 16 15:12:23.116 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Feb 16 15:12:23.116 HKT: ISAKMP: (13280):retransmitting phase 2 1359674481 QM_IDLE
Feb 16 15:12:23.116 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:23.116 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:23.122 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:23.122 HKT: ISAKMP: (13280):set new node 442269473 to QM_IDLE
Feb 16 15:12:23.122 HKT: ISAKMP: (13280):processing HASH payload. message ID = 442269473
Feb 16 15:12:23.122 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 442269473, sa = 0x80007F594B54E3F0
Feb 16 15:12:23.123 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 4 of 5: some bad notify
Feb 16 15:12:23.123 HKT: ISAKMP: (13280):deleting node 442269473 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:23.123 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:23.123 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:23.146 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:23.147 HKT: ISAKMP: (13280):set new node 1014041066 to QM_IDLE
Feb 16 15:12:23.147 HKT: ISAKMP: (13280):processing HASH payload. message ID = 1014041066
Feb 16 15:12:23.147 HKT: ISAKMP: (13280):processing SA payload. message ID = 1014041066
Feb 16 15:12:23.147 HKT: ISAKMP: (13280):Checking IPSec proposal 0
Feb 16 15:12:23.147 HKT: ISAKMP: (13280):transform 1, ESP_AES
Feb 16 15:12:23.147 HKT: ISAKMP: (13280): attributes in transform:
Feb 16 15:12:23.147 HKT: ISAKMP: (13280): key length is 256
Feb 16 15:12:23.147 HKT: ISAKMP: (13280): authenticator is HMAC-SHA256
Feb 16 15:12:23.147 HKT: ISAKMP: (13280): encaps is 2 (Transport)
Feb 16 15:12:23.147 HKT: ISAKMP: (13280): SA life type in seconds
Feb 16 15:12:23.147 HKT: ISAKMP: (13280): SA life duration (basic) of 43200
Feb 16 15:12:23.147 HKT: ISAKMP: (13280):atts are acceptable.
Feb 16 15:12:23.148 HKT: IPSEC(validate_proposal_request): proposal part #1
Feb 16 15:12:23.148 HKT: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0,
protocol= ESP, transform= esp-aes 256 esp-sha256-hmac (Transport), esn= FALSE,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
Feb 16 15:12:23.148 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:12:23.148 HKT: (ipsec_process_proposal)Map Accepted: Tunnel201-head-0, 65537
Feb 16 15:12:23.148 HKT: ISAKMP: (13280):processing NONCE payload. message ID = 1014041066
Feb 16 15:12:23.148 HKT: ISAKMP: (13280):processing ID payload. message ID = 1014041066
Feb 16 15:12:23.148 HKT: ISAKMP: (13280):processing ID payload. message ID = 1014041066
Feb 16 15:12:23.148 HKT: ISAKMP: (13280):QM Responder gets spi
Feb 16 15:12:23.148 HKT: ISAKMP: (13280):Node 1014041066, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Feb 16 15:12:23.149 HKT: ISAKMP: (13280):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
Feb 16 15:12:23.149 HKT: ISAKMP: (13280):Node 1014041066, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
Feb 16 15:12:23.149 HKT: ISAKMP: (13280):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT
Feb 16 15:12:23.149 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:23.149 HKT: Crypto mapdb : proxy_match
src addr : 218.255.105.58
dst addr : 161.202.57.86
protocol : 47
src port : 0
dst port : 0
Feb 16 15:12:23.149 HKT: IPSEC(crypto_ipsec_create_ipsec_sas): Map found Tunnel201-head-0, 65537
Feb 16 15:12:23.150 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0xF88185AD(4169237933),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5985
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:23.150 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1840, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:12:23.150 HKT: crypto_ipsec_hook_out_sa: ipsec_out_sa_hash_array[89]=0x7F5947ED1840
Feb 16 15:12:23.150 HKT: IPSEC(create_sa): sa created,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xCB1DD0D5(3407728853),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5986
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:23.154 HKT: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
Feb 16 15:12:23.154 HKT: ISAKMP: (13280):Received IPSec Install callback... proceeding with the negotiation
Feb 16 15:12:23.155 HKT: ISAKMP: (13280):Successfully installed IPSEC SA (SPI:0xF88185AD) on Tunnel201
Feb 16 15:12:23.155 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:23.155 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:23.155 HKT: ISAKMP: (13280):Node 1014041066, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
Feb 16 15:12:23.155 HKT: ISAKMP: (13280):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
Feb 16 15:12:23.161 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:23.161 HKT: ISAKMP: (13280):set new node 1950852155 to QM_IDLE
Feb 16 15:12:23.161 HKT: ISAKMP: (13280):processing HASH payload. message ID = 1950852155
Feb 16 15:12:23.161 HKT: ISAKMP: (13280):processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 3407728853, message ID = 1950852155, sa = 0x80007F594B54E3F0
Feb 16 15:12:23.161 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:23.161 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xCB1DD0D5)
Feb 16 15:12:23.162 HKT: ISAKMP: (13280):deleting node 1950852155 error FALSE reason "Informational (in) state 1"
Feb 16 15:12:23.162 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:23.162 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:23.162 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:23.162 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:23.162 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:12:23.162 HKT: IPSEC(key_engine_delete_sas): delete SA with spi 0xCB1DD0D5 proto 50 for 161.202.57.86
Feb 16 15:12:23.162 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 218.255.105.58, sa_proto= 50,
sa_spi= 0xF88185AD(4169237933),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5985
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:23.163 HKT: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 161.202.57.86, sa_proto= 50,
sa_spi= 0xCB1DD0D5(3407728853),
sa_trans= esp-aes 256 esp-sha256-hmac , sa_conn_id= 5986
sa_lifetime(k/sec)= (4608000/43200),
(identity) local= 218.255.105.58:0, remote= 161.202.57.86:0,
local_proxy= 218.255.105.58/255.255.255.255/47/0,
remote_proxy= 161.202.57.86/255.255.255.255/47/0
Feb 16 15:12:23.163 HKT: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
Feb 16 15:12:23.163 HKT: ipsec_out_sa_hash_idx: sa=0x7F5947ED1840, hash_idx=89, port=500/500, addr=0xDAFF693A/0xA1CA3956
Feb 16 15:12:23.166 HKT: IPSEC(ident_delete_notify_kmi): Failed to send KEY_ENG_DELETE_SAS
APHKDCR1#
Feb 16 15:12:23.166 HKT: IPSEC(ident_update_final_flow_stats): Collect Final Stats and update MIB
IPSEC get IKMP peer index from peer 0x7F5947ED0BF0 ikmp handle 0x4000003A
IPSEC IKMP peer index 0
[ident_update_final_flow_stats] : Flow delete complete event received for flow id 0x24000F91,peer index 0

APHKDCR1#
Feb 16 15:12:32.216 HKT: ISAKMP: (13279):purging node 3715386134
Feb 16 15:12:32.336 HKT: ISAKMP: (13279):purging node 42402564
Feb 16 15:12:32.448 HKT: ISAKMP: (13279):purging node 2628854916
Feb 16 15:12:32.552 HKT: ISAKMP: (13279):purging node 1881919796
Feb 16 15:12:32.625 HKT: ISAKMP: (13279):purging node 684899306
Feb 16 15:12:32.626 HKT: ISAKMP: (13279):purging node 251463801
Feb 16 15:12:32.626 HKT: ISAKMP: (13279):purging node 2994436378
Feb 16 15:12:32.627 HKT: ISAKMP: (13279):purging node 2281031755
Feb 16 15:12:32.628 HKT: ISAKMP: (13279):purging node 3414217342
Feb 16 15:12:32.628 HKT: ISAKMP: (13279):purging node 1224938346
Feb 16 15:12:32.768 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 3238832274 ...
Feb 16 15:12:32.768 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 5 of 5: retransmit phase 2
Feb 16 15:12:32.768 HKT: ISAKMP: (13280):retransmitting phase 2 3238832274 QM_IDLE
Feb 16 15:12:32.768 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:32.768 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:32.774 HKT: ISAKMP: (13280):purging node 3850727141
Feb 16 15:12:32.774 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:32.774 HKT: ISAKMP: (13280):set new node 283893752 to QM_IDLE
Feb 16 15:12:32.774 HKT: ISAKMP: (13280):processing HASH payload. message ID = 283893752
Feb 16 15:12:32.774 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 283893752, sa = 0x80007F594B54E3F0
Feb 16 15:12:32.774 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 1 of 5: some bad notify
Feb 16 15:12:32.775 HKT: ISAKMP: (13280):deleting node 283893752 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:32.775 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:32.775 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:32.892 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 1731070057 ...
Feb 16 15:12:32.892 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 4 of 5: retransmit phase 2
Feb 16 15:12:32.892 HKT: ISAKMP: (13280):retransmitting phase 2 1731070057 QM_IDLE
Feb 16 15:12:32.892 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:32.892 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:32.898 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:32.898 HKT: ISAKMP: (13280):set new node 3682738027 to QM_IDLE
Feb 16 15:12:32.898 HKT: ISAKMP: (13280):processing HASH payload. message ID = 3682738027
Feb 16 15:12:32.898 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 3682738027, sa = 0x80007F594B54E3F0
Feb 16 15:12:32.898 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 2 of 5: some bad notify
Feb 16 15:12:32.898 HKT: ISAKMP: (13280):deleting node 3682738027 error FALSE reason "Informational (in) state 2"
APHKDCR1#
Feb 16 15:12:32.898 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:32.898 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:33.004 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 2665364519 ...
Feb 16 15:12:33.004 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 3 of 5: retransmit phase 2
Feb 16 15:12:33.005 HKT: ISAKMP: (13280):retransmitting phase 2 2665364519 QM_IDLE
Feb 16 15:12:33.005 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:33.005 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:33.010 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:33.010 HKT: ISAKMP: (13280):set new node 1267432634 to QM_IDLE
Feb 16 15:12:33.010 HKT: ISAKMP: (13280):processing HASH payload. message ID = 1267432634
Feb 16 15:12:33.011 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 1267432634, sa = 0x80007F594B54E3F0
Feb 16 15:12:33.011 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 3 of 5: some bad notify
Feb 16 15:12:33.011 HKT: ISAKMP: (13280):deleting node 1267432634 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:33.011 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:33.011 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:33.116 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 1359674481 ...
Feb 16 15:12:33.116 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 2 of 5: retransmit phase 2
Feb 16 15:12:33.116 HKT: ISAKMP: (13280):retransmitting phase 2 1359674481 QM_IDLE
Feb 16 15:12:33.116 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:33.116 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:33.122 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:33.122 HKT: ISAKMP: (13280):set new node 3907633941 to QM_IDLE
Feb 16 15:12:33.122 HKT: ISAKMP: (13280):processing HASH payload. message ID = 3907633941
Feb 16 15:12:33.122 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 3907633941, sa = 0x80007F594B54E3F0
Feb 16 15:12:33.122 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 4 of 5: some bad notify
Feb 16 15:12:33.123 HKT: ISAKMP: (13280):deleting node 3907633941 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:33.123 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:33.123 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:33.155 HKT: ISAKMP: (13280):retransmitting phase 2 QM_IDLE 1014041066 ...
Feb 16 15:12:33.155 HKT: ISAKMP: (13280):: incrementing error counter on node, attempt 1 of 5: retransmit phase 2
Feb 16 15:12:33.155 HKT: ISAKMP: (13280):retransmitting phase 2 1014041066 QM_IDLE
Feb 16 15:12:33.155 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:33.155 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:33.161 HKT: ISAKMP-PAK: (13280):received packet from 161.202.57.86 dport 500 sport 500 Global (R) QM_IDLE
Feb 16 15:12:33.161 HKT: ISAKMP: (13280):set new node 4044857561 to QM_IDLE
Feb 16 15:12:33.161 HKT: ISAKMP: (13280):processing HASH payload. message ID = 4044857561
Feb 16 15:12:33.161 HKT: ISAKMP: (13280):processing NOTIFY PAYLOAD_MALFORMED protocol 1
spi 0, message ID = 4044857561, sa = 0x80007F594B54E3F0
Feb 16 15:12:33.161 HKT: ISAKMP: (13280):: incrementing error counter on sa, attempt 5 of 5: some bad notify
Feb 16 15:12:33.162 HKT: ISAKMP: (13280):deleting node 4044857561 error FALSE reason "Informational (in) state 2"
Feb 16 15:12:33.162 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:33.162 HKT: ISAKMP-ERROR: (13280):deleting SA reason "SA err counter exceeded (info)" state (R) QM_IDLE (peer 161.202.57.86)
Feb 16 15:12:33.162 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Feb 16 15:12:33.162 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

Feb 16 15:12:33.162 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:33.162 HKT: IPSec: Key engine got a KEY_MGR_CHECK_MORE_SAS message
Feb 16 15:12:33.162 HKT: %CRYPTO-6-ISAKMP_MANUAL_DELETE: IKE SA manually deleted. Do 'clear crypto sa peer 161.202.57.86' to manually clear IPSec SA's covered by this IKE SA.
Feb 16 15:12:33.163 HKT: ISAKMP: (13280):set new node 570002422 to QM_IDLE
Feb 16 15:12:33.163 HKT: ISAKMP-PAK: (13280):sending packet to 161.202.57.86 my_port 500 peer_port 500 (R) QM_IDLE
Feb 16 15:12:33.163 HKT: ISAKMP: (13280):Sending an IKE IPv4 Packet.
Feb 16 15:12:33.163 HKT: ISAKMP: (13280):purging node 570002422
Feb 16 15:12:33.163 HKT: ISAKMP: (13280):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

Feb 16 15:12:33.164 HKT: ISAKMP-ERROR: (13280):deleting SA reason "SA err counter exceeded (info)" state (R) QM_IDLE (peer 161.202.57.86)
Feb 16 15:12:33.164 HKT: ISAKMP: (0):Unlocking peer struct 0x80007F594B464EB8 for isadb_mark_sa_deleted(), count 0
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):deleting node 3238832274 error FALSE reason "IKE deleted"
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xC74162CC)
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):deleting node 1731070057 error FALSE reason "IKE deleted"
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xCFDBB0F2)
Feb 16 15:12:33.164 HKT: ISAKMP: (13280):deleting node 2665364519 error FALSE reason "IKE deleted"
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xCE12CFE0)
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):deleting node 1359674481 error FALSE reason "IKE deleted"
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xC178D3F8)
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):deleting node 1014041066 error FALSE reason "IKE deleted"
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):peer does not do paranoid keepalives.
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0xCB1DD0D5)
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Feb 16 15:12:33.165 HKT: ISAKMP: (13280):Old State = IKE_DEST_SA New State = IKE_DEST_SA

Feb 16 15:12:33.166 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:33.166 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:33.166 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:12:33.166 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:33.166 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:33.166 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:12:33.166 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:33.166 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:33.166 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:12:33.166 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:33.166 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:33.166 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Feb 16 15:12:33.166 HKT: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Feb 16 15:12:33.167 HKT: IDB is NULL : in crypto_ipsec_key_engine_delete_sas (), 6145
Feb 16 15:12:33.167 HKT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

Labels:
Preview file
3 KB
0 Helpful
3 Replies 3

Sheraz.Salim
VIP
VIP

‎02-16-2021 02:01 AM - edited ‎02-16-2021 02:14 AM

processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3" means the remote VPN-Tunnel peer rejecting the phase 2 proposal.

 

looking at your provided configuration phase 2 you have these

!

set security vpn ipsec esp-group ESP-APHKDCR1 compression 'disable'
set security vpn ipsec esp-group ESP-APHKDCR1 lifetime '43200'
set security vpn ipsec esp-group ESP-APHKDCR1 mode 'transport'
set security vpn ipsec esp-group ESP-APHKDCR1 pfs 'disable'
set security vpn ipsec esp-group ESP-APHKDCR1 proposal 1 encryption 'aes256'
set security vpn ipsec esp-group ESP-APHKDCR1 proposal 1 hash 'sha2_256'

!

crypto isakmp key ********* address 161.202.57.86
crypto ipsec transform-set vyatta esp-aes 256 esp-sha256-hmac
mode transport

crypto ipsec profile IBM_Vyatta_IPsec_profile1
set security-association lifetime seconds 43200
set transform-set vyatta

 

 

have to initiated the tunnel from both ends and both routers give the same error? have to try to change the phase 2 values?

please do not forget to rate.

theerapongpomp
Level 1
Level 1
In response to Sheraz.Salim

‎02-16-2021 02:22 AM

Hi,

 

Yes I did.

I tried another phase 2 value with simple esp-aes , sha1 or other it returned the same error.

 

Thanks.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to theerapongpomp

‎02-16-2021 02:34 AM

can you try this command adding the PFS values

!

crypto ipsec profile IBM_Vyatta_IPsec_profile1
set security-association lifetime seconds 43200
set transform-set vyatta
set pfs group 15

!


set security vpn ipsec esp-group ESP-APHKDCR1 compression 'disable'
set security vpn ipsec esp-group ESP-APHKDCR1 lifetime '43200'
set security vpn ipsec esp-group ESP-APHKDCR1 mode 'transport'
set security vpn ipsec esp-group ESP-APHKDCR1 pfs '15'
set security vpn ipsec esp-group ESP-APHKDCR1 proposal 1 encryption 'aes256'
set security vpn ipsec esp-group ESP-APHKDCR1 proposal 1 hash 'sha2_256'

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents