- Cisco Community
- Technology and Support
- Security
- VPN
- Re: IPSEC tunnel sa local ident is an odd IP range
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
IPSEC tunnel sa local ident is an odd IP range
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2012 08:25 AM - edited 02-21-2020 06:11 PM
I am setting up for the first time a tunnell from my ASA 5505 to an ISA 2006 server. I have a successful connection between the two devices, but what seems for only a certain IP range. show crypto ipsec sa shows local ident (192.168.100.16/255.255.255.240/0/0). It has been like this since I set up the tunnel, a few days ago, then this morning there is another SA that has local ident (192.168.100.64/255.255.255.192/0/0). Everything acts as it should between boths ends of the tunnel from devices within these ip subnets.
The subnet should be 192.168.100.0 255.255.255.0, how can I fix this?
asa# show crypto ipsec sa
interface: outside
Crypto map tag: outside_map, seq num: 1, local addr: xxx.xxx.xxx.193
access-list outside_1_cryptomap permit ip DG-office 255.255.255.0 Colo 25
.255.255.0
local ident (addr/mask/prot/port): (192.168.100.16/255.255.255.240/0/0)
remote ident (addr/mask/prot/port): (Colo/255.255.255.0/0/0)
current_peer: xxx.xxx.xxx.162
#pkts encaps: 39963, #pkts encrypt: 39963, #pkts digest: 39963
#pkts decaps: 38308, #pkts decrypt: 38308, #pkts verify: 38308
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 39963, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: xxx.xxx.xxx.193, remote crypto endpt.: xxx.xxx.xxx.162
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 8959F8CC
inbound esp sas:
spi: 0x3F356DCF (1060466127)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92667/2268)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8959F8CC (2304374988)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92660/2268)
IV size: 8 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 1, local addr: xxx.xxx.xxx.193
access-list outside_1_cryptomap permit ip DG-office 255.255.255.0 Colo 25
.255.255.0
local ident (addr/mask/prot/port): (192.168.100.64/255.255.255.192/0/0)
remote ident (addr/mask/prot/port): (Colo/255.255.255.0/0/0)
current_peer: xxx.xxx.xxx.162
#pkts encaps: 69, #pkts encrypt: 69, #pkts digest: 69
#pkts decaps: 67, #pkts decrypt: 67, #pkts verify: 67
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 69, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: xxx.xxx.xxx.193, remote crypto endpt.: xxx.xxx.xxx.162
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: B1A6CD86
inbound esp sas:
spi: 0xA5593A3C (2774088252)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92762/2814)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0xB1A6CD86 (2980498822)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92766/2814)
IV size: 8 bytes
replay detection support: Y
- Labels:
-
IPSEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2012 08:44 AM
This is a common behaviour if the remote side initiates the connection and only asks for a subset of your local crypto definition. You need to configure the remote side to initiate the tunnel for the whole /24 subnet.
Sent from Cisco Technical Support iPad App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2012 11:35 AM
Everything on my ISA server is set for the /24 subnet. Any other ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2012 01:32 PM
Hi,
Please run these commands to see the negotiation process between the peers:
"debug crypto condition peer ip_address_ISA"
"debug crypto isakmp 190"
"debug crypto ipsec 190"
Attach the outputs.
*Make sure you clear the tunnel, to collect a fresh set of logs.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2012 02:12 PM
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, processi
ng hash payload
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, loading
all IPSEC SAs
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Generati
ng Quick Mode Key!
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Generati
ng Quick Mode Key!
Jul 13 11:32:52 [IKEv1]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Security negot
iation complete for LAN-to-LAN Group (xxx.xxx.xxx.162) Initiator, Inbound SPI = 0x
7862725e, Outbound SPI = 0xca67d9d3
IPSEC: New embryonic SA created @ 0x03E70C60,
SCB: 0x03E2DF48,
Direction: outbound
SPI : 0xCA67D9D3
Session ID: 0x00000012
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xCA67D9D3
IPSEC: Creating outbound VPN context, SPI 0xCA67D9D3
Flags: 0x00000005
SA : 0x03E70C60
SPI : 0xCA67D9D3
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x03E2DF48
Channel: 0x0174FC00
IPSEC: Completed outbound VPN context, SPI 0xCA67D9D3
VPN handle: 0x0053C12C
IPSEC: New outbound encrypt rule, SPI 0xCA67D9D3
Src addr: 192.168.100.16
Src mask: 255.255.255.240
Dst addr: Colo
Dst mask: 255.255.255.0
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound encrypt rule, SPI 0xCA67D9D3
Rule ID: 0x03E75638
IPSEC: New outbound permit rule, SPI 0xCA67D9D3
Src addr: yyy.yyy.yyy.193
Src mask: 255.255.255.255
Dst addr: xxx.xxx.xxx.162
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0xCA67D9D3
Use SPI: true
IPSEC: Completed outbound permit rule, SPI 0xCA67D9D3
Rule ID: 0x03E731C0
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, IKE got
a KEY_ADD msg for SA: SPI = 0xca67d9d3
IPSEC: Completed host IBSA update, SPI 0x7862725E
IPSEC: Creating inbound VPN context, SPI 0x7862725E
Flags: 0x00000006
SA : 0x03F0E0D0
SPI : 0x7862725E
MTU : 0 bytes
VCID : 0x00000000
Peer : 0x0053C12C
SCB : 0x03E68E68
Channel: 0x0174FC00
IPSEC: Completed inbound VPN context, SPI 0x7862725E
VPN handle: 0x005568A4
IPSEC: Updating outbound VPN context 0x0053C12C, SPI 0xCA67D9D3
Flags: 0x00000005
SA : 0x03E70C60
SPI : 0xCA67D9D3
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x005568A4
SCB : 0x03E2DF48
Channel: 0x0174FC00
IPSEC: Completed outbound VPN context, SPI 0xCA67D9D3
VPN handle: 0x0053C12C
IPSEC: Completed outbound inner rule, SPI 0xCA67D9D3
Rule ID: 0x03E75638
IPSEC: Completed outbound outer SPD rule, SPI 0xCA67D9D3
Rule ID: 0x03E731C0
IPSEC: New inbound tunnel flow rule, SPI 0x7862725E
Src addr: Colo
Src mask: 255.255.255.0
Dst addr: 192.168.100.16
Dst mask: 255.255.255.240
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound tunnel flow rule, SPI 0x7862725E
Rule ID: 0x03F829D0
IPSEC: New inbound decrypt rule, SPI 0x7862725E
Src addr: xxx.xxx.xxx.162
Src mask: 255.255.255.255
Dst addr: yyy.yyy.yyy.193
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x7862725E
Use SPI: true
IPSEC: Completed inbound decrypt rule, SPI 0x7862725E
Rule ID: 0x03E87A38
IPSEC: New inbound permit rule, SPI 0x7862725E
Src addr: xxx.xxx.xxx.162
Src mask: 255.255.255.255
Dst addr: yyy.yyy.yyy.193
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x7862725E
Use SPI: true
IPSEC: Completed inbound permit rule, SPI 0x7862725E
Rule ID: 0x03EDF708
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Pitcher:
received KEY_UPDATE, spi 0x7862725e
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Starting
P2 rekey timer: 3420 seconds.
Jul 13 11:32:52 [IKEv1]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, PHASE 2 COMPLE
TED (msgid=9937ed26)Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, processi
ng hash payload
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, loading
all IPSEC SAs
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Generati
ng Quick Mode Key!
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Generati
ng Quick Mode Key!
Jul 13 11:32:52 [IKEv1]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Security negot
iation complete for LAN-to-LAN Group (xxx.xxx.xxx.162) Initiator, Inbound SPI = 0x
7862725e, Outbound SPI = 0xca67d9d3
IPSEC: New embryonic SA created @ 0x03E70C60,
SCB: 0x03E2DF48,
Direction: outbound
SPI : 0xCA67D9D3
Session ID: 0x00000012
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xCA67D9D3
IPSEC: Creating outbound VPN context, SPI 0xCA67D9D3
Flags: 0x00000005
SA : 0x03E70C60
SPI : 0xCA67D9D3
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x03E2DF48
Channel: 0x0174FC00
IPSEC: Completed outbound VPN context, SPI 0xCA67D9D3
VPN handle: 0x0053C12C
IPSEC: New outbound encrypt rule, SPI 0xCA67D9D3
Src addr: 192.168.100.16
Src mask: 255.255.255.240
Dst addr: Colo
Dst mask: 255.255.255.0
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Completed outbound encrypt rule, SPI 0xCA67D9D3
Rule ID: 0x03E75638
IPSEC: New outbound permit rule, SPI 0xCA67D9D3
Src addr: yyy.yyy.yyy.193
Src mask: 255.255.255.255
Dst addr: xxx.xxx.xxx.162
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0xCA67D9D3
Use SPI: true
IPSEC: Completed outbound permit rule, SPI 0xCA67D9D3
Rule ID: 0x03E731C0
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, IKE got
a KEY_ADD msg for SA: SPI = 0xca67d9d3
IPSEC: Completed host IBSA update, SPI 0x7862725E
IPSEC: Creating inbound VPN context, SPI 0x7862725E
Flags: 0x00000006
SA : 0x03F0E0D0
SPI : 0x7862725E
MTU : 0 bytes
VCID : 0x00000000
Peer : 0x0053C12C
SCB : 0x03E68E68
Channel: 0x0174FC00
IPSEC: Completed inbound VPN context, SPI 0x7862725E
VPN handle: 0x005568A4
IPSEC: Updating outbound VPN context 0x0053C12C, SPI 0xCA67D9D3
Flags: 0x00000005
SA : 0x03E70C60
SPI : 0xCA67D9D3
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x005568A4
SCB : 0x03E2DF48
Channel: 0x0174FC00
IPSEC: Completed outbound VPN context, SPI 0xCA67D9D3
VPN handle: 0x0053C12C
IPSEC: Completed outbound inner rule, SPI 0xCA67D9D3
Rule ID: 0x03E75638
IPSEC: Completed outbound outer SPD rule, SPI 0xCA67D9D3
Rule ID: 0x03E731C0
IPSEC: New inbound tunnel flow rule, SPI 0x7862725E
Src addr: Colo
Src mask: 255.255.255.0
Dst addr: 192.168.100.16
Dst mask: 255.255.255.240
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Completed inbound tunnel flow rule, SPI 0x7862725E
Rule ID: 0x03F829D0
IPSEC: New inbound decrypt rule, SPI 0x7862725E
Src addr: xxx.xxx.xxx.162
Src mask: 255.255.255.255
Dst addr: yyy.yyy.yyy.193
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x7862725E
Use SPI: true
IPSEC: Completed inbound decrypt rule, SPI 0x7862725E
Rule ID: 0x03E87A38
IPSEC: New inbound permit rule, SPI 0x7862725E
Src addr: xxx.xxx.xxx.162
Src mask: 255.255.255.255
Dst addr: yyy.yyy.yyy.193
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x7862725E
Use SPI: true
IPSEC: Completed inbound permit rule, SPI 0x7862725E
Rule ID: 0x03EDF708
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Pitcher:
received KEY_UPDATE, spi 0x7862725e
Jul 13 11:32:52 [IKEv1 DEBUG]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, Starting
P2 rekey timer: 3420 seconds.
Jul 13 11:32:52 [IKEv1]: Group = xxx.xxx.xxx.162, IP = xxx.xxx.xxx.162, PHASE 2 COMPLE
TED (msgid=9937ed26)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2012 02:18 PM
Did you initiate the tunnel from the ISA server?
Please increase the debugging level to 255.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2012 01:20 PM
Here I increased the debug level to 255 and initiated the tunnel from the ISA side.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.16 15:13:19 =~=~=~=~=~=~=~=~=~=~=~=
VIREasa#
VIREasa# ena
^
ERROR: % Invalid input detected at '^' marker.
VIREasa# ena
^
ERROR: % Invalid input detected at '^' marker.
VIREasa# clear crypto isakmp sa
VIREasa# debug crypto condition peer XXX.XXX.XXX.162
^
ERROR: % Invalid input detected at '^' marker.
VIREasa# debug crypto isakmp 255
VIREasa# debug crypto ipsec 255
VIREasa# Jul 16 10:37:06 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE Initiator: New Phase 1, Intf inside, IKE Peer XXX.XXX.XXX.162 local Proxy Address 192.168.100.0, remote Proxy Address 10.1.245.0, Crypto map (outside_map)
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing ISAKMP SA payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing Fragmentation VID + extended capabilities payload
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 108
SENDING PACKET to XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 108
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 2
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 00 70 80
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
01 10 02 00 00 00 00 00 00 00 00 a8 0d 00 00 38 | ...............8
00 00 00 01 00 00 00 01 00 00 00 2c 01 01 00 01 | ...........,....
00 00 00 24 01 01 00 00 80 01 00 05 80 02 00 02 | ...$............
80 04 00 02 80 03 00 01 80 0b 00 01 00 0c 00 04 | ................
00 00 70 80 0d 00 00 18 1e 2b 51 69 05 99 1c 7d | ..p......+Qi...}
7c 96 fc bf b5 87 e4 61 00 00 00 04 0d 00 00 14 | |......a........
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | @H..n...%......
0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ........>.in.c..
ec 42 7b 1f 00 00 00 14 72 87 2b 95 fc da 2e b7 | .B{.....r.+.....
08 ef e3 22 11 9b 49 71 | ..."..Iq
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 168
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 00 70 80
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data (In Hex):
1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61
00 00 00 04
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
72 87 2b 95 fc da 2e b7 08 ef e3 22 11 9b 49 71
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing SA payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Oakley proposal is acceptable
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Received Fragmentation VID
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Received NAT-Traversal ver 02 VID
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing ke payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing nonce payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing Cisco Unity VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing xauth V6 VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Send IOS VID
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 256
SENDING PACKET to XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 256
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
20 ef 0c b5 34 72 9c d0 e7 04 57 3d c1 24 33 18
61 7b 4c 20 22 4f 21 35 03 9e f2 32 f4 00 93 dd
48 e5 75 70 88 84 59 e8 25 15 e6 7f 34 78 36 7b
fc ef c5 af 08 f7 84 42 ae 2f 2c bb 1f a5 28 c6
76 3d c5 96 72 e0 17 de 18 e9 65 37 b0 8d 8f ca
de 12 14 49 2d 92 2e c2 0f 75 82 ef e6 14 83 99
c3 34 f4 3f b1 18 b7 47 ec da 1f af 8a d3 4f c7
a6 8d be ab 06 f3 e9 b6 62 4b 92 aa 84 ea fd 1a
Payload Nonce
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
1d fd 28 53 fc e8 e3 a2 8e 45 13 6a f0 eb 35 ed
60 e9 b4 34
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
42 2e e9 4b 4d c6 d9 2a 0a 4f d8 e6 97 31 29 31
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
1f 07 f7 0e aa 65 14 d3 b0 fa 96 54 2a 50 01 00
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
04 10 02 00 00 00 00 00 00 00 00 b8 0a 00 00 84 | ................
08 da ec 1d 50 67 35 31 dd 86 2e 10 8a 06 f9 5a | ....Pg51.......Z
15 b8 21 8f 41 78 91 6e 6a 58 69 9e 51 b2 3e c8 | ..!.Ax.njXi.Q.>.
f2 73 66 c6 dc 96 fc 02 c3 a8 4f 50 8c 39 c8 2e | .sf.......OP.9..
f1 ee f9 19 c3 b5 c8 19 2e d3 59 64 bb 78 19 a8 | ..........Yd.x..
ff e4 02 a6 82 a4 2c 73 ba 9a 7a c3 7b 3b 25 d9 | ......,s..z.{;%.
7b d5 e0 52 a5 c6 fb 5e b7 42 8e 5d 93 7d 83 c5 | {..R...^.B.].}..
91 8f 7d f9 4f 05 66 4b 6c c0 da bc 80 44 a5 1b | ..}.O.fKl....D..
da f4 34 03 3a a2 bd 24 6a 9c ff 47 3c f3 ba e8 | ..4.:..$j..G<...
00 00 00 18 1a bf f9 d7 92 92 38 1f 1f 37 48 18 | ..........8..7H.
e2 84 c9 5e 86 2c c8 e8 | ...^.,..
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 184
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
08 da ec 1d 50 67 35 31 dd 86 2e 10 8a 06 f9 5a
15 b8 21 8f 41 78 91 6e 6a 58 69 9e 51 b2 3e c8
f2 73 66 c6 dc 96 fc 02 c3 a8 4f 50 8c 39 c8 2e
f1 ee f9 19 c3 b5 c8 19 2e d3 59 64 bb 78 19 a8
ff e4 02 a6 82 a4 2c 73 ba 9a 7a c3 7b 3b 25 d9
7b d5 e0 52 a5 c6 fb 5e b7 42 8e 5d 93 7d 83 c5
91 8f 7d f9 4f 05 66 4b 6c c0 da bc 80 44 a5 1b
da f4 34 03 3a a2 bd 24 6a 9c ff 47 3c f3 ba e8
Payload Nonce
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
1a bf f9 d7 92 92 38 1f 1f 37 48 18 e2 84 c9 5e
86 2c c8 e8
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NONE (0) total length : 184
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing ke payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing ISA_KE payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing nonce payload
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, Connection landed on tunnel_group XXX.XXX.XXX.162
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Generating keys for Initiator...
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing ID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing hash payload
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Computing hash for ISAKMP
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing dpd vid payload
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
05 10 02 00 00 00 00 00 1c 00 00 00 08 00 00 0c | ................
01 11 01 f4 ad 0f 76 c1 0d 00 00 18 7b 35 df 40 | ......v.....{5.@
d0 10 31 39 3a 14 72 50 cb ff 48 de c4 f1 9d e2 | ..19:.rP..H.....
00 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | ........h...k...
77 57 01 00 | wW..
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 469762048
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: YYY.YYY.YYY
Payload Hash
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
7b 35 df 40 d0 10 31 39 3a 14 72 50 cb ff 48 de
c4 f1 9d e2
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
SENDING PACKET to XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 84
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
05 10 02 01 00 00 00 00 00 00 00 44 ed 48 40 6f | ...........D.H@o
aa 8e b8 5a b3 59 f7 d8 cc 4e e9 a7 d3 d1 0a 04 | ...Z.Y...N......
ca cf 7f 53 11 d9 ea e7 fa eb 2f ad cf 85 fc d8 | ..S....../.....
d0 00 1e 11 | ....
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 68
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 68
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: XXX.XXX.XXX.162
Payload Hash
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
9d 85 c6 d1 37 3d 5e df 25 22 2c 01 1f f8 4d 42
e5 51 da ed
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 64
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing ID payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, ID_IPV4_ADDR ID received
XXX.XXX.XXX.162
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Computing hash for ISAKMP
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, Connection landed on tunnel_group XXX.XXX.XXX.162
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Freeing previously allocated memory for authorization-dn-attributes
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Oakley begin quick mode
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator starting QM: msg id = d034947b
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, PHASE 1 COMPLETED
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, Keep-alive type for this connection: None
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, Keep-alives configured on but peer does not support keep-alives (type = None)
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Starting P1 rekey timer: 21600 seconds.
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC: New embryonic SA created @ 0x03F0A668,
SCB: 0x03E6B0D0,
Direction: inbound
SPI : 0xAC3E784B
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE got SPI from key engine: SPI = 0xac3e784b
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, oakley constucting quick mode
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec nonce payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing proxy ID
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Transmitting Proxy Id:
Local subnet: 192.168.100.0 mask 255.255.255.0 Protocol 0 Port 0
Remote subnet: 10.1.245.0 Mask 255.255.255.0 Protocol 0 Port 0
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator sending Initial Contact
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing qm hash payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator sending 1st QM pkt: msg id = d034947b
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=d034947b) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 196
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 00 7b 94 34 d0 1c 00 00 00 01 00 00 18 | .. .{.4.........
3f 10 13 8a 47 5e 02 06 75 50 d3 43 26 14 5f 12 | ?...G^..uP.C&._.
dd 0f 3c fa 0a 00 00 3c 00 00 00 01 00 00 00 01 | ..<....<........
00 00 00 30 01 03 04 01 ac 3e 78 4b 00 00 00 24 | ...0.....>xK...$
01 03 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00 02 | .....FP.........
05 00 00 18 53 e8 3e 40 01 c5 64 9e 79 39 ea 39 | ....S.>@..d.y9.9
ab a6 0d 55 14 26 f1 49 05 00 00 10 04 00 00 00 | ...U.&.I........
c0 a8 64 00 ff ff ff 00 0b 00 00 10 04 00 00 00 | ..d.............
0a 01 f5 00 ff ff ff 00 00 00 00 1c 00 00 00 01 | ................
01 10 60 02 b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d | ..`...NVM..*.@.]
bc 96 49 67 | ..Ig
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (none)
MessageID: 7B9434D0
Length: 469762048
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
3f 10 13 8a 47 5e 02 06 75 50 d3 43 26 14 5f 12
dd 0f 3c fa
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 60
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 48
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: ac 3e 78 4b
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: ESP_3DES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
53 e8 3e 40 01 c5 64 9e 79 39 ea 39 ab a6 0d 55
14 26 f1 49
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: DG-office/255.255.255.0
Payload Identification
Next Payload: Notification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: Colo/255.255.255.0
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: STATUS_INITIAL_CONTACT
SPI:
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 05 01 ee d1 a5 04 00 00 00 44 26 c1 f7 cc | ...........D&...
ec 14 8f 80 ff d0 08 ae ab 96 92 b3 56 2b 07 7c | ............V+.|
c5 e5 77 ec 2e 15 6e 56 d2 5d 33 37 4d fc bb 7d | ..w...nV.]37M..}
e8 98 2b c1 | ..+.
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: EED1A504
Length: 68
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: EED1A504
Length: 68
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
53 20 d4 29 bd 19 4a b1 f6 65 f7 c4 e8 6d 5c af
cf fa ea b5
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 16
DOI: IPsec
Protocol-ID: PROTO_IPSEC_ESP
Spi Size: 4
Notify Type: INVALID_ID_INFO
SPI: 00 00 00 00
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=eed1a504) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 68
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing notify payload
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received non-routine Notify message: Invalid ID info (18)
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 01 a2 7b cd 29 00 00 00 ac 19 db 72 b1 | .. ..{.)......r.
04 b4 77 94 93 8c 06 d2 9e 67 f7 ab c1 23 19 74 | ..w......g...#.t
e5 f6 92 4a 61 7b 62 93 2e 75 18 b6 c3 53 89 74 | ...Ja{b..u...S.t
d7 f9 b3 2e 6d 0f 9e 9c 26 4a b0 1e 6d 05 be 7f | ....m...&J..m..
e1 60 fa f1 34 c9 af d8 5c dd b5 71 a9 8c 80 77 | .`..4...\..q...w
7a ad b4 2e 72 a9 df d2 d1 cd 61 a6 02 5c 08 4f | z...r.....a..\.O
74 18 3e db 0e 4e 9d 8b a2 03 48 c2 a3 9e 30 de | t.>..N....H...0.
d6 93 fb df 34 fc e4 9c 28 59 bb b8 a6 d9 62 4d | ....4...(Y....bM
35 8c c4 65 78 03 a6 db cc 7f 33 7e eb ff 9e b3 | 5..ex....3~....
6f 11 7b aa 56 cf 74 48 58 45 1c c0 | o.{.V.tHXE..
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: A27BCD29
Length: 172
Jul 16 10:37:07 [IKEv1 DECODE]: IP = XXX.XXX.XXX.162, IKE Responder starting QM: msg id = a27bcd29
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: A27BCD29
Length: 172
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
9c 15 1c c7 d7 e6 b5 91 c6 8e 1b d6 b2 4c c7 63
ee 9f 60 3e
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 64
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 52
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: de 9f df a1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 40
Transform #: 1
Transform-Id: ESP_3DES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 00 00 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
ed 0a 2d a8 d8 f0 80 aa c6 19 bf 9e bb d3 68 18
0c 40 15 96
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: Colo/255.255.255.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 192.168.100.16/255.255.255.240
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=a27bcd29) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 172
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing nonce payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing ID payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, ID_IPV4_ADDR_SUBNET ID received--10.1.245.0--255.255.255.0
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received remote IP Proxy Subnet data in ID Payload: Address 10.1.245.0, Mask 255.255.255.0, Protocol 0, Port 0
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing ID payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, ID_IPV4_ADDR_SUBNET ID received--192.168.100.16--255.255.255.240
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received local IP Proxy Subnet data in ID Payload: Address 192.168.100.16, Mask 255.255.255.240, Protocol 0, Port 0
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, QM IsRekeyed old sa not found by addr
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Static Crypto Map check, checking map = outside_map, seq = 1...
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Static Crypto Map check, map outside_map, seq = 1 is a successful match
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Remote Peer configured for crypto map: outside_map
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing IPSec SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IPSec SA Proposal # 1, Transform # 1 acceptable Matches global IPSec SA entry # 1
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE: requesting SPI!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC: New embryonic SA created @ 0x0406CF98,
SCB: 0x03E3BE78,
Direction: inbound
SPI : 0x8B032DDE
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE got SPI from key engine: SPI = 0x8b032dde
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, oakley constucting quick mode
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec nonce payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing proxy ID
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Transmitting Proxy Id:
Remote subnet: 10.1.245.0 Mask 255.255.255.0 Protocol 0 Port 0
Local subnet: 192.168.100.16 mask 255.255.255.240 Protocol 0 Port 0
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing qm hash payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Responder sending 2nd QM pkt: msg id = a27bcd29
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=a27bcd29) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 168
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 00 29 cd 7b a2 1c 00 00 00 01 00 00 18 | .. .).{.........
db fb e2 21 78 0a 66 2b b4 92 0f 63 80 bd ee b5 | ...!x.f+...c....
1a b6 be d1 0a 00 00 3c 00 00 00 01 00 00 00 01 | .......<........
00 00 00 30 01 03 04 01 8b 03 2d de 00 00 00 24 | ...0......-....$
01 03 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00
IKE Recv RAW packet dump
b7 e9 Jul 16 10:37:07 [IKEv1]IPSEC: New embryonic SA created @ 0x03F64B78,
SCB: 0x03F74178,
Direction: outbound
SPI : 0xDE9FDFA1
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xDE9FDFA1
IPSEC: Creating outbound VPN context, SPI 0xDE9FDFA1
Flags: 0x00000005
SA : 0x03F64B78
SPI : 0xDE9FDFA1
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x03F74178
Channel: 0x0174FC00
IPSEC: Increment SA NP ref counter for outbound SPI 0xDE9FDFA1, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:5166)
IPSEC: Completed outbound VPN context, SPI 0xDE9FDFA1
VPN handle: 0x053ADADC
IPSEC: Increment SA NP ref counter for outbound SPI 0xDE9FDFA1, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:4257)
Jul 16 10:37:09 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
Jul 16 10:37:15 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:18 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:21 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
Jul 16 10:37:27 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
Jul 16 10:37:39 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, QM FSM error (P2 struct &0x3f0cf28, mess id 0xd034947b)!
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE QM Initiator FSM error history (struct &0x3f0cf28)
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, sending delete/delete with reason message
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:39 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Deleting SA: Remote Proxy 10.1.245.0, Local Proxy 192.168.100.0
Jul 16 10:37:39 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Removing peer from correlator table failed, no match!
IPSEC: Received a PFKey message from IKE
IPSEC: Destroy current inbound SPI: 0xAC3E784B
Jul 16 10:37:39 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xac3e784b
Jul 16 10:37:40 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:40 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator: New Phase 2, Intf inside, IKE Peer XXX.XXX.XXX.162 local Proxy Address 192.168.100.0, remote Proxy Address 10.1.245.0, Crypto map (outside_map)
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Oakley begin quick mode
Jul 16 10:37:40 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator starting QM: msg id = 51890662
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC: New embryonic SA created @ 0x03F0A668,
SCB: 0x03E6B0D0,
Direction: inbound
SPI : 0xF14B8E07
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE got SPI from key engine: SPI = 0xf14b8e07
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, oakley constucting quick mode
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec SA payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec nonce payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing proxy ID
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Transmitting Proxy Id:
Local subnet: 192.168.100.0 mask 255.255.255.0 Protocol 0 Port 0
Remote subnet: 10.1.245.0 Mask 255.255.255.0 Protocol 0 Port 0
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing qm hash payload
Jul 16 10:37:40 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator sending 1st QM pkt: msg id = 51890662
Jul 16 10:37:40 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=51890662) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 168
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 00 62 06 89 51 1c 00 00 00 01 00 00 18 | .. .b..Q........
d1 63 d0 1c f2 fe 51 54 ed 50 52 e5 15 97 11 61 | .c....QT.PR....a
bc cf 89 bf 0a 00 00 3c 00 00 00 01 00 00 00 01 | .......<........
00 00 00 30 01 03 04 01 f1 4b 8e 07 00 00 00 24 | ...0.....K.....$
01 03 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00 02 | .....FP.........
05 00 00 18 dc d3 97 00 48 5b e9 d4 05 af ef 1d | ........H[......
5c 3f bd b4 06 e5 ad 4c 05 00 00 10 04 00 00 00 | \?.....L........
c0 a8 64 00 ff ff ff 00 00 00 00 10 04 00 00 00 | ..d.............
0a 01 f5 00 ff ff ff 00 | ........
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (none)
MessageID: 62068951
Length: 469762048
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
d1 63 d0 1c f2 fe 51 54 ed 50 52 e5 15 97 11 61
bc cf 89 bf
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 60
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 48
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: f1 4b 8e 07
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: ESP_3DES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
dc d3 97 00 48 5b e9 d4 05 af ef 1d 5c 3f bd b4
06 e5 ad 4c
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: DG-office/255.255.255.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: Colo/255.255.255.0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 51890662
Length: 172
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 05 01 50 d5 d4 b3 00 00 00 44 6b 63 20 72 | ....P......Dkc r
fc 1c c8 af 22 61 8f ae f0 9c 5c 41 1d 80 b1 6e | ...."a....\A...n
75 46 65 1c 9d 8e 51 5b d0 f7 82 d8 88 9b 49 e9 | uFe...Q[......I.
42 5f a2 a8 | B_..
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 50D5D4B3
Length: 68
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 50D5D4B3
Length: 68
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
a8 07 00 a6 3c 57 dd 50 49 a7 5e e0 55 ab 01 f3
65 29 9e 9b
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 16
DOI: IPsec
Protocol-ID: PROTO_IPSEC_ESP
Spi Size: 4
Notify Type: INVALID_ID_INFO
SPI: 00 00 00 00
Jul 16 10:37:40 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=50d5d4b3) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 68
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing notify payload
Jul 16 10:37:40 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received non-routine Notify message: Invalid ID info (18)
Jul 16 10:37:43 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 51890662
Length: 172
Jul 16 10:37:49 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
VIREasa#
VIREasa# no debug crypto isakmp 255
VIREasa# no debug crypto ipsec 255
VIREasa#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2012 09:14 AM
Any tips at all would be greatly appreciated. Still having the same issue and we have wipped the entire configuration from both ends of the tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide