Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1787
Views
5
Helpful
11
Replies

Site to site IPsec VPN between Cisco ASAv and Oracle cloud

sreeraj.murali
Level 3
Level 3

‎02-11-2021 09:05 AM

Hi Experts,

Trying to setup IPsec site to site vpn between Cisco ASAv(hosted on AWS cloud) and Oracle cloud VPN service. The phase 1 of VPN is failing. Below mentioned in the debug message capture on ASAv. Please check and guide, what could be the issue with VPN negotiation failing. Thanks

 

debug crypto ikev1 127

Feb 11 16:55:21 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:55:21 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:55:21 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:21 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:55:21 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:21 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:21 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:55:21 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500ed2a360) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:55:21 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:9e00da72 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:55:21 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:55:21 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:55:21 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:22 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:23 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:25 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:29 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:30 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:55:30 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:55:30 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:30 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:55:30 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:30 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:30 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:55:30 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500ed2a360) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:55:30 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:c67181b7 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:55:30 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:55:30 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:55:30 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:31 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:32 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:34 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:37 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:38 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:42 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:55:42 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:55:42 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:42 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:55:42 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:42 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:42 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:55:42 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f501946b580) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:55:42 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:1df53516 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:55:42 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:55:42 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:55:42 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:43 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:44 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:46 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:46 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)


Feb 11 16:55:50 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
debcry crypto ipsec 127Feb 11 16:55:51 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:55:51 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:55:51 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:51 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:55:51 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:55:51 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:55:51 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:55:51 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500ed2a360) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:55:51 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:73a74b94 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:55:51 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:55:51 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:55:51 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:52 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)

^
ERROR: % Invalid input detected at '^' marker.

HITSASAV1# Feb 11 16:55:53 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:53 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
debcry crypto ipsec 127Feb 11 16:55:55 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)

^
ERROR: % Invalid input detected at '^' marker.

HITSASAV1# Feb 11 16:55:58 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:55:59 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:02 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:07 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:14 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)


HITSASAV1#

HITSASAV1#

HITSASAV1#

HITSASAV1#

HITSASAV1# Feb 11 16:56:23 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:43 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:56:43 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:56:43 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:43 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:56:43 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:43 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:43 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:56:43 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500f0a3d40) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:56:43 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:afa401d4 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:56:43 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:56:43 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:56:43 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:44 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:45 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:47 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:48 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:56:48 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:56:48 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:48 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:56:48 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:48 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:48 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:56:48 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500f0a2ed0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:56:48 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:7a305750 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:56:48 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:56:48 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:56:48 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:49 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:50 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:51 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:52 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:53 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:56:53 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:56:53 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:53 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:56:53 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:53 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:53 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:56:53 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500f0a2ed0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:56:53 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:ef19f263 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:56:53 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:56:53 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:56:53 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:54 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:55 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:56 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:57 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:58 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:56:58 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:56:58 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:58 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:56:58 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:56:58 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:56:58 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:56:58 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f501944f5e0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:56:58 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:4bf3f717 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:56:58 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:56:58 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:56:58 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:59 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:56:59 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:00 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:01 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:02 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:03 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:57:03 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:57:03 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:03 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:57:03 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:03 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:03 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:57:03 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500f0a2ed0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:57:03 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:7c05349e terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:57:03 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:57:03 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:57:03 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:04 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:04 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:05 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:06 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:07 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:08 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:57:08 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:57:08 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:08 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:57:08 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:08 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:08 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:57:08 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f501944f5e0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:57:08 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:33b4a7cc terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:57:08 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:57:08 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:57:08 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:09 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:09 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:10 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:11 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:11 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 1768
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal ver 03 VID
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal ver 02 VID
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing IKE SA payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, IKE SA Proposal # 1, Transform # 14 acceptable Matches global IKE entry # 11
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:57:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:57:11 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:57:12 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:12 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:12 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:57:12 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Responder FSM error history (struct &0x00007f501944f5e0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
Feb 11 16:57:12 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:f94bfb90 terminating: flags 0x01000002, refcnt 0, tuncnt 0
Feb 11 16:57:12 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:57:12 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (src) without VM bit set
Feb 11 16:57:12 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:13 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:13 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:57:13 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:57:13 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:13 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:57:13 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:13 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:13 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:57:13 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500f0a2ed0) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:57:13 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:285e285a terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:57:13 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:57:13 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:57:13 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:14 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:14 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:15 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:16 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 16:57:17 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
no debug crypto ikev1 127Feb 11 16:57:18 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 16:57:18 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 16:57:18 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:18 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 16:57:18 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 16:57:18 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 16:57:18 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!
Feb 11 16:57:18 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500efe8c00) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG5, EV_GROUP_LOOKUP-->MM_BLD_MSG5, EV_TEST_CERT-->MM_BLD_MSG5, EV_SECRET_KEY_OK-->MM_BLD_MSG5, NullEvent-->MM_BLD_MSG5, EV_GEN_SECRET_KEY-->MM_WAIT_MSG4, EV_PROCESS_MSG-->MM_WAIT_MSG4, EV_RCV_MSG
Feb 11 16:57:18 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:a311fcb9 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 16:57:18 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 16:57:18 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 16:57:18 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)

 

Thanks in advance

Sreeraj

Labels:
0 Helpful
11 Replies 11

Rob Ingram
VIP
VIP

‎02-11-2021 09:12 AM

@sreeraj.murali 

I'd start with this error

Feb 11 16:55:21 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!

 What tunnel-group have you defined for the peer device? Please provide your configuration for further assistance.

0 Helpful

sreeraj.murali
Level 3
Level 3
In response to Rob Ingram

‎02-11-2021 09:22 AM

Hello,

Thanks for checking. Attaching the show tech. please do check and assist.

 

Thanks

Sreeraj

Preview file
100 KB
0 Helpful

Rob Ingram
VIP
VIP
In response to sreeraj.murali

‎02-11-2021 09:35 AM - edited ‎02-11-2021 09:38 AM

@sreeraj.murali Change the tunnel-group name to just the IP address

 

tunnel-group 193.122.134.217 type ipsec-l2l
tunnel-group 193.122.134.217 general-attributes
 default-group-policy GroupPolicy-193.122.134.217
tunnel-group 193.122.134.217 ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****


 

sreeraj.murali
Level 3
Level 3
In response to Rob Ingram

‎02-11-2021 09:59 AM

Thanks a lot, it worked.

Now phase 1 is stuck at MM_WAIT_MSG6, checking, will update.

 

0 Helpful

Rob Ingram
VIP
VIP
In response to sreeraj.murali

‎02-11-2021 10:05 AM

@sreeraj.murali

Good to hear there is progress.

If you are stuck as MSG6 check the PSK matches on both ends.

 

0 Helpful

sreeraj.murali
Level 3
Level 3
In response to Rob Ingram

‎02-11-2021 10:19 AM

Hi,

Verified the PSK, its same no issues. I have collected the debug, pasting below, please check and suggest.

 

2 IKE Peer: 193.122.134.217
Type : L2L Role : initiator
Rekey : no State : MM_WAIT_MSG6

 

Thanks

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2021.02.11 13:13:58 =~=~=~=~=~=~=~=~=~=~=~=
debug crypto condition peer 193.122.134.217

debug crypto ikev1 127

Feb 11 18:15:11 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 18:15:11 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 18:15:11 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:11 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 18:15:11 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:11 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:11 [IKEv1]IP = 193.122.134.217, Connection landed on tunnel_group 193.122.134.217
Feb 11 18:15:11 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Generating keys for Initiator...
Feb 11 18:15:11 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing ID payload
Feb 11 18:15:11 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing hash payload
Feb 11 18:15:11 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Computing hash for ISAKMP
Feb 11 18:15:11 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing dpd vid payload
Feb 11 18:15:11 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Feb 11 18:15:11 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end IS behind a NAT device
Feb 11 18:15:11 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Floating NAT-T to port 4500
Feb 11 18:15:11 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:11 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:12 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:12 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:13 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:13 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:15 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:15 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:15 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500e7ddc10) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_RESEND_MSG-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_RESEND_MSG
Feb 11 18:15:15 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:5c90f0f7 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 18:15:15 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 18:15:15 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing blank hash payload
Feb 11 18:15:15 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing IKE delete payload
Feb 11 18:15:15 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing qm hash payload
Feb 11 18:15:15 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=5f54a4b4) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 11 18:15:15 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:19 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, Connection landed on tunnel_group 193.122.134.217
Feb 11 18:15:19 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Generating keys for Initiator...
Feb 11 18:15:19 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing ID payload
Feb 11 18:15:19 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing hash payload
Feb 11 18:15:19 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Computing hash for ISAKMP
Feb 11 18:15:19 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing dpd vid payload
Feb 11 18:15:19 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Feb 11 18:15:19 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end IS behind a NAT device
Feb 11 18:15:19 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Floating NAT-T to port 4500
Feb 11 18:15:19 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:19 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:20 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:20 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:21 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:21 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:23 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:23 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:23 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500f654c50) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_RESEND_MSG-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_RESEND_MSG
Feb 11 18:15:23 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:605d4b27 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 18:15:23 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 18:15:23 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing blank hash payload
Feb 11 18:15:23 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing IKE delete payload
Feb 11 18:15:23 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing qm hash payload
Feb 11 18:15:23 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=46cbf95c) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 11 18:15:23 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 18:15:24 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 18:15:24 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 18:15:24 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:24 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 18:15:24 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:24 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:24 [IKEv1]IP = 193.122.134.217, Connection landed on tunnel_group 193.122.134.217
Feb 11 18:15:24 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Generating keys for Initiator...
Feb 11 18:15:24 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing ID payload
Feb 11 18:15:24 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing hash payload
Feb 11 18:15:24 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Computing hash for ISAKMP
Feb 11 18:15:24 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing dpd vid payload
Feb 11 18:15:24 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Feb 11 18:15:24 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end IS behind a NAT device
Feb 11 18:15:24 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Floating NAT-T to port 4500
Feb 11 18:15:24 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:24 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:25 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:25 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:26 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:26 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:27 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:27 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:28 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:28 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:28 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f5019938830) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_RESEND_MSG-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_RESEND_MSG
Feb 11 18:15:28 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:ab01ac84 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 18:15:28 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 18:15:28 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing blank hash payload
Feb 11 18:15:28 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing IKE delete payload
Feb 11 18:15:28 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing qm hash payload
Feb 11 18:15:28 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=22501548) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 11 18:15:28 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 18:15:29 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 18:15:29 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 18:15:29 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:29 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 18:15:29 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:29 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:29 [IKEv1]IP = 193.122.134.217, Connection landed on tunnel_group 193.122.134.217
Feb 11 18:15:29 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Generating keys for Initiator...
Feb 11 18:15:29 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing ID payload
Feb 11 18:15:29 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing hash payload
Feb 11 18:15:29 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Computing hash for ISAKMP
Feb 11 18:15:29 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing dpd vid payload
Feb 11 18:15:29 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Feb 11 18:15:29 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end IS behind a NAT device
Feb 11 18:15:29 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Floating NAT-T to port 4500
Feb 11 18:15:29 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:29 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:30 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:30 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:31 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:31 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:32 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:33 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:33 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:33 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f5019938830) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_RESEND_MSG-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_RESEND_MSG
Feb 11 18:15:33 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:ed4c53f4 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 18:15:33 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 18:15:33 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing blank hash payload
Feb 11 18:15:33 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing IKE delete payload
Feb 11 18:15:33 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing qm hash payload
Feb 11 18:15:33 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=55e831dc) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 11 18:15:33 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 18:15:34 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 18:15:34 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 18:15:34 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:34 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 18:15:34 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:34 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:34 [IKEv1]IP = 193.122.134.217, Connection landed on tunnel_group 193.122.134.217
Feb 11 18:15:34 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Generating keys for Initiator...
Feb 11 18:15:34 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing ID payload
Feb 11 18:15:34 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing hash payload
Feb 11 18:15:34 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Computing hash for ISAKMP
Feb 11 18:15:34 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing dpd vid payload
Feb 11 18:15:34 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Feb 11 18:15:34 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end IS behind a NAT device
Feb 11 18:15:34 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Floating NAT-T to port 4500
Feb 11 18:15:34 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:34 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:35 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:35 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:35 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:36 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:36 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:37 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:38 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:38 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:38 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500ef68360) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_RESEND_MSG-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_RESEND_MSG
Feb 11 18:15:38 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:465470d6 terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 18:15:38 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 18:15:38 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing blank hash payload
Feb 11 18:15:38 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing IKE delete payload
Feb 11 18:15:38 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing qm hash payload
Feb 11 18:15:38 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=81a9a2f5) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 11 18:15:38 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 18:15:40 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:41 [IKEv1]IP = 193.122.134.217, IKE Initiator: New Phase 1, Intf management, IKE Peer 193.122.134.217 local Proxy Address 10.255.3.0, remote Proxy Address 10.250.0.0, Crypto map (hits_public-network_10.255.8.0_map)
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ISAKMP SA payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 02 payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver 03 payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Traversal VID ver RFC payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Fragmentation VID + extended capabilities payload
Feb 11 18:15:41 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 324
Feb 11 18:15:41 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing SA payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, Oakley proposal is acceptable
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, Received DPD VID
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing VID payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, Received NAT-Traversal RFC VID
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing ke payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing nonce payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing Cisco Unity VID payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing xauth V6 VID payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, Send IOS VID
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing VID payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, constructing NAT-Discovery payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:41 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
Feb 11 18:15:41 [IKEv1]IP = 193.122.134.217, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 244
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing ke payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing ISA_KE payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing nonce payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, processing NAT-Discovery payload
Feb 11 18:15:41 [IKEv1 DEBUG]IP = 193.122.134.217, computing NAT Discovery hash
Feb 11 18:15:41 [IKEv1]IP = 193.122.134.217, Connection landed on tunnel_group 193.122.134.217
Feb 11 18:15:41 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Generating keys for Initiator...
Feb 11 18:15:41 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing ID payload
Feb 11 18:15:41 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing hash payload
Feb 11 18:15:41 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, Computing hash for ISAKMP
Feb 11 18:15:41 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing dpd vid payload
Feb 11 18:15:41 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Feb 11 18:15:41 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end IS behind a NAT device
Feb 11 18:15:41 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Floating NAT-T to port 4500
Feb 11 18:15:41 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:41 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:42 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:42 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:42 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:43 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:43 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:43 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:45 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:45 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Duplicate Phase 1 packet detected. Retransmitting last packet.
Feb 11 18:15:45 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, P1 Retransmit msg dispatched to MM FSM
Feb 11 18:15:45 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE MM Initiator FSM error history (struct &0x00007f500ef68360) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6, EV_RESEND_MSG-->MM_WAIT_MSG6, NullEvent-->MM_SND_MSG5, EV_SND_MSG-->MM_SND_MSG5, EV_START_TMR-->MM_SND_MSG5, EV_RESEND_MSG-->MM_WAIT_MSG6, EV_RESEND_MSG
Feb 11 18:15:45 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, IKE SA MM:63f8679f terminating: flags 0x01000022, refcnt 0, tuncnt 0
Feb 11 18:15:45 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, sending delete/delete with reason message
Feb 11 18:15:45 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing blank hash payload
Feb 11 18:15:45 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing IKE delete payload
Feb 11 18:15:45 [IKEv1 DEBUG]Group = 193.122.134.217, IP = 193.122.134.217, constructing qm hash payload
Feb 11 18:15:45 [IKEv1]IP = 193.122.134.217, IKE_DECODE SENDING Message (msgid=bb31ef51) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Feb 11 18:15:45 [IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Warning: Ignoring IKE SA (dst) without VM bit set
Feb 11 18:15:49 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:50 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:51 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:56 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:15:57 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)
Feb 11 18:16:01 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)


 

 no debug crypto ikev1 127Feb 11 18:16:06 [IKEv1]IP = 193.122.134.217, Header invalid, missing SA payload! (next payload = 4)


 no debug crypto ikev1 127debug crypto ikev1 127 debug crypto condition peer 193.122.134.217ndebug crypto condition peer 193.122.134.217odebug crypto condition peer 193.122.134.217 debug crypto condition peer 193.122.134.217
No crypto debug filters present, Do you want to disable ipsec/ikev1 debugs? [confirm]

 

0 Helpful

Rob Ingram
VIP
VIP
In response to sreeraj.murali

‎02-11-2021 10:30 AM

MM_WAIT_MSG6, EV_PROB_AUTH_FAIL-->MM_WAIT_MSG6

 

Probably Auth Fail - Did you check the PSK on both ends? Double check for white space, re-enter the PSK on both ends.

0 Helpful

sreeraj.murali
Level 3
Level 3
In response to Rob Ingram

‎02-11-2021 11:00 AM

Hi,

Reverified PSK, its not the issue. Disabled NAT-T on ASAv and checked, its same.

Please advice.

Thanks

Sreeraj

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Rob Ingram

‎02-13-2021 11:07 AM - edited ‎02-13-2021 11:17 AM

MM_WAIT_MSG6 means the identity of the peer is not matching. basically at MM5 and MM6 the both peer present each other either they want to use the ip address (for PSK) hostname, domain name (CN etc).

 

make sure the remote site is setup a to represent the ip address (if configured with ip than it use the PSK). by default ASA is configured with "crypto isakmp identity auto" where:

address Use the IP address of the interface for the identity
auto Identity automatically determined by the connection type: IP
address for preshared key and Cert DN for Cert based connections
hostname Use the hostname of the router for the identity
key-id Use the specified key-id for the identity

as advise by other double check you PSK both end or ask remote side to present it peer as ip addresse.

please do not forget to rate.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2021 09:25 AM

[IKEv1]Group = 193.122.134.217, IP = 193.122.134.217, Can't find a valid tunnel group, aborting...!

 

what is other side device, can you post both the side config ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sreeraj.murali
Level 3
Level 3
In response to balaji.bandi

‎02-11-2021 09:30 AM

Hello,

Other side is the IPSec VPN service provided by Oracle cloud infrastructure, similar to VPN service provided by AWS/Azure. Its a managed VPN service on Oracle cloud.

Thanks

Sreeraj

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents