11-05-2021 05:30 AM
Hello,
I am trying to create a site2site VPN Connection since several hours to no avail.
Location 1 has a dynamic connection. With it I had no debug loga created on site B at all.... So i changed the identity from key to auto and did the config with IPs.
Can you please check the debug? What could be the issue? Not even Phase 1 goes through.
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-5: (20): Setting configured policies IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-2: (20): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5 IKEv2-PROTO-2: (20): Request queued for computation of DH key IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-5: (20): Action: Action_Null IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-2: (20): Generating IKE_SA_INIT message IKEv2-PROTO-2: (20): IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 5 (20): AES-CBC(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 5 (20): AES-CBC(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 3, SPI size: 0 (initial negotiation), Num. transforms: 5 (20): AES-CBC(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 4, SPI size: 0 (initial negotiation), Num. transforms: 5 (20): 3DES(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 5, SPI size: 0 (initial negotiation), Num. transforms: 5 (20): DES(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2(20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:500/From 192.168.13.2:500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : 0000000000000000 Message id: 0 (20): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: SA, version: 2.0 (20): Exchange type: IKE_SA_INIT, flags: INITIATOR (20): Message id: 0, length: 718(20): Payload contents: (20): SA(20): Next payload: KE, reserved: 0x0, length: 256 (20): last proposal: 0x2, reserved: 0x0, length: 52 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (20): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 (20): last proposal: 0x2, reserved: 0x0, length: 52 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (20): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 (20): last proposal: 0x2, reserved: 0x0, length: 52 Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (20): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 (20): last proposal: 0x2, reserved: 0x0, length: 48 Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES (20): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 (20): last proposal: 0x0, reserved: 0x0, length: 48 Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: DES (20): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 (20): KE(20): Next payload: N, reserved: 0x0, length: 200 (20): DH group: 5, Reserved: 0x0 (20): (20): f0 8c f6 7e 91 8e b4 6c cd 79 84 4d 55 a3 22 16 (20): eb a0 d5 71 5e ea 79 50 28 0f c3 15 1e 5e e8 9e (20): ef 31 48 00 f3 71 ec b4 78 61 9a 80 b4 f0 85 2b (20): 1f 36 bb 42 6c ec 1c 6d 8d 0b 82 b9 cf fd 73 ea (20): a1 56 2d e3 78 40 89 47 9d 92 8d cd 01 17 a1 ff (20): 90 70 1d bd 8f d9 0c 8f 68 89 64 17 fe 96 70 21 (20): 65 eb ea f9 fa ea 9b 7a d7 e3 09 ac c5 81 52 dd (20): f8 34 b2 e0 58 f3 f1 fb c3 ef 4e 59 ce 8e 59 93 (20): b4 4e 90 fb 8d b8 12 15 ca 67 e0 d3 b6 bc f8 e9 (20): e9 48 ff f3 14 ed 23 6d 24 b1 38 d4 c3 cd 57 18 (20): 02 64 d5 c6 f8 4b f0 db 34 bf 86 90 4b 8f b0 14 (20): 95 4e 48 70 b2 b1 be 59 e6 8c 98 1c fe e3 6e b2 (20): N(20): Next payload: VID, reserved: 0x0, length: 68 (20): (20): 3a ee 1e 9e 32 65 55 d8 a4 7a 00 90 a6 2e 7f a2 (20): e8 c8 d9 bb 82 89 70 48 d1 a9 0c bd 27 ac d5 02 (20): 0d b3 8b 83 35 c4 67 da 38 2a 27 7e a4 fa 59 d1 (20): 7b c2 20 1f f2 45 83 2f a2 d0 dd 38 41 b2 5c a2 (20): VID(20): Next payload: VID, reserved: 0x0, length: 23 (20): (20): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (20): 53 4f 4e (20): VID(20): Next payload: NOTIFY, reserved: 0x0, length: 59 (20): (20): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (20): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (20): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (20): 73 2c 20 49 6e 63 2e (20): NOTIFY(NAT_DETECTION_SOURCE_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28 (20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (20): (20): be ae cd bf 28 a8 dd 0e e7 a6 fe 04 a1 0b 36 6f (20): 18 a5 10 05 (20): NOTIFY(NAT_DETECTION_DESTINATION_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28 (20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (20): (20): 51 57 57 d0 09 7a 96 3d b1 c6 5c d1 bb 7f ea 29 (20): 51 41 3e ff (20): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(20): Next payload: VID, reserved: 0x0, length: 8 (20): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (20): VID(20): Next payload: NONE, reserved: 0x0, length: 20 (20): (20): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA IKEv2-PROTO-2: (20): Insert SA IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT (20): IKEv2-PROTO-2: (20): Received Packet [From 176....:500/To 192.168.13.2:500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 0 (20): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-3: (20): Next payload: SA, version: 2.0 (20): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (20): Message id: 0, length: 510(20): Payload contents: (20): SA(20): Next payload: KE, reserved: 0x0, length: 48 (20): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (20): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 (20): KE(20): Next payload: N, reserved: 0x0, length: 200 (20): DH group: 5, Reserved: 0x0 (20): (20): 4f 2e e9 81 f0 10 cf 50 85 20 72 36 6b 47 a9 24 (20): 8d e2 92 68 c0 e4 c1 76 08 18 99 9f 8b 0d 33 14 (20): c0 bc 63 53 0e eb 9a ff e6 9f 3a 27 e4 99 b8 b4 (20): cf 04 53 1a 6d 73 c8 92 2d ff e4 b6 4e 4f 18 8a (20): fd 20 72 25 bf 41 d2 46 d6 d6 34 59 49 0d dc 81 (20): 55 8f 15 e6 77 94 db 24 01 6e 4c 10 47 29 44 7b (20): a7 48 e2 7b 27 89 60 7a e4 4c 9e 4c d4 67 b1 b8 (20): 40 04 37 72 2a 63 8c 16 09 86 1d a2 46 2f 96 cf (20): 4d 81 e5 c7 43 47 b9 ed 8e c0 14 61 40 94 fd 1f (20): 29 b9 28 f2 af 6d ff 42 0b 77 fc 95 b1 89 65 18 (20): 3a dc 59 17 88 6e fd 1c 71 34 90 0e 5a e1 a0 e6 (20): b9 0d df 94 ec 7f ca f3 42 eb 2d f1 45 e3 29 4d (20): N(20): Next payload: VID, reserved: 0x0, length: 68 (20): (20): d2 a9 95 1f 3c 57 cc 9c e3 a6 01 d8 6d a1 40 f9 (20): 2b 73 3b 64 5d f6 2e 00 9a 26 f8 c1 9c 57 b7 f7 (20): d8 e7 42 5c 66 c5 b2 45 97 6e 4c e6 c8 fe 5a 27 (20): 95 34 02 c3 b5 c4 a5 26 8f 72 c8 e0 ec 82 0d c8 (20): VID(20): Next payload: VID, reserved: 0x0, length: 23 (20): (20): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (20): 53 4f 4e (20): VID(20): Next payload: NOTIFY, reserved: 0x0, length: 59 (20): (20): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (20): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (20): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (20): 73 2c 20 49 6e 63 2e (20): NOTIFY(NAT_DETECTION_SOURCE_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28 (20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (20): (20): 22 0a 28 1e f8 9b 3a 21 83 2e 01 ee b7 4f 0a a8 (20): d4 4d 88 c9 (20): NOTIFY(NAT_DETECTION_DESTINATION_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28 (20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (20): (20): c5 df 37 bc 68 33 8f 87 c0 0a 4d 09 5b 84 b5 a8 (20): 16 d7 50 3c (20): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(20): Next payload: VID, reserved: 0x0, length: 8 (20): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (20): VID(20): Next payload: NONE, reserved: 0x0, length: 20 (20): (20): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (20): (20): Decrypted packet:(20): Data: 510 bytes IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT IKEv2-PROTO-5: (20): Processing IKE_SA_INIT message IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY IKEv2-PROTO-2: (20): Processing IKE_SA_INIT message IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-2: (20): Verify SA init message IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG IKEv2-PROTO-2: (20): Processing IKE_SA_INIT message IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT IKEv2-PROTO-5: (20): Process NAT discovery notify IKEv2-PROTO-5: (20): Processing nat detect src notify IKEv2-PROTO-5: (20): Remote address not matched IKEv2-PROTO-5: (20): Processing nat detect dst notify IKEv2-PROTO-5: (20): Local address not matched IKEv2-PROTO-5: (20): Host is located NAT inside IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T IKEv2-PROTO-2: (20): Checking NAT discovery IKEv2-PROTO-2: (20): NAT INSIDE found IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHG_NAT_T_PORT IKEv2-PROTO-2: (20): NAT detected float to init port 4500, resp port 4500 IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET IKEv2-PROTO-2: (20): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 5 IKEv2-PROTO-2: (20): Request queued for computation of DH secret IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-5: (20): Action: Action_Null IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID IKEv2-PROTO-5: (20): Generate skeyid IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-2: (20): IETF Fragmentation is enabled IKEv2-PROTO-2: (20): Cisco Fragmentation is enabled IKEv2-PROTO-5: (20): Cisco DeleteReason Notify is enabled IKEv2-PROTO-2: (20): Completed SA init exchange IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP IKEv2-PROTO-2: (20): Check for EAP exchange IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH IKEv2-PROTO-2: (20): Generate my authentication data IKEv2-PROTO-2: (20): Use preshared key for id 192.168.13.2, key len 9 IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE IKEv2-PROTO-2: (20): Get my authentication method IKEv2-PROTO-2: (20): My authentication method is 'PSK' IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN IKEv2-PROTO-2: (20): Check for EAP exchange IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH IKEv2-PROTO-2: (20): Generating IKE_AUTH message IKEv2-PROTO-2: (20): Constructing IDi payload: '192.168.13.2' of type 'IPv4 address' IKEv2-PROTO-2: (20): ESP Proposal: 1, SPI size: 4 (IPSec negotiation), Num. transforms: 4 (20): AES-CBC(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 2, SPI size: 4 (IPSec negotiation), Num. transforms: 4 (20): AES-CBC(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 3, SPI size: 4 (IPSec negotiation), Num. transforms: 4 (20): AES-CBC(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 4, SPI size: 4 (IPSec negotiation), Num. transforms: 4 (20): 3DES(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 5, SPI size: 4 (IPSec negotiation), Num. transforms: 4 (20): DES(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): Building packet for encryption. (20): Payload contents: (20): VID(20): Next payload: IDi, reserved: 0x0, length: 20 (20): (20): 1b 83 b0 6f 38 ff 8f 40 ed 6a 86 f3 05 f9 62 f6 (20): IDi(20): Next payload: AUTH, reserved: 0x0, length: 12 (20): Id type: IPv4 address, Reserved: 0x0 0x0 (20): (20): c0 a8 0d 02 (20): AUTH(20): Next payload: SA, reserved: 0x0, length: 28 (20): Auth method PSK, reserved: 0x0, reserved 0x0 (20): Auth data: 20 bytes (20): SA(20): Next payload: TSi, reserved: 0x0, length: 236 (20): last proposal: 0x2, reserved: 0x0, length: 48 Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN (20): last proposal: 0x2, reserved: 0x0, length: 48 Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN (20): last proposal: 0x2, reserved: 0x0, length: 48 Proposal: 3, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN (20): last proposal: 0x2, reserved: 0x0, length: 44 Proposal: 4, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN (20): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 5, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: DES (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (20): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: MD596 (20): last transform: 0x0, reserved: 0x0: length: 8 type: 5, reserved: 0x0, id: Don't use ESN (20): TSi(20): Next payload: TSr, reserved: 0x0, length: 40 (20): Num of TSs: 2, reserved 0x0, reserved 0x0 (20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 (20): start port: 0, end port: 65535 (20): start addr: 192.168.53.31, end addr: 192.168.53.31 (20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 (20): start port: 0, end port: 65535 (20): start addr: 192.168.53.0, end addr: 192.168.53.255 (20): TSr(20): Next payload: NOTIFY, reserved: 0x0, length: 40 (20): Num of TSs: 2, reserved 0x0, reserved 0x0 (20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 (20): start port: 0, end port: 65535 (20): start addr: 192.168.59.254, end addr: 192.168.59.254 (20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16 (20): start port: 0, end port: 65535 (20): start addr: 192.168.59.0, end addr: 192.168.59.255 (20): NOTIFY(INITIAL_CONTACT)(20): Next payload: NOTIFY, reserved: 0x0, length: 8 (20): Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT (20): NOTIFY(ESP_TFC_NO_SUPPORT)(20): Next payload: NOTIFY, reserved: 0x0, length: 8 (20): Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT (20): NOTIFY(NON_FIRST_FRAGS)(20): Next payload: NONE, reserved: 0x0, length: 8 (20): Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_ENCRYPT_MSG IKEv2-PROTO-2: (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_OK_ENCRYPT_RESP IKEv2-PROTO-5: (20): Action: Action_Null IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_TRYSEND (20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1 (20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20): Payload contents: (20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448 (20): Encrypted data: 444 bytes (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_CHK_EAP_POST_ASYNC IKEv2-PROTO-2: (20): Check for EAP exchange IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT IKEv2-PROTO-2: (20): Retransmitting packet (20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1 (20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20): Payload contents: (20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448 (20): Encrypted data: 444 bytes (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT IKEv2-PROTO-2: (20): Retransmitting packet (20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1 (20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20): Payload contents: (20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448 (20): Encrypted data: 444 bytes (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT IKEv2-PROTO-2: (20): Retransmitting packet (20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1 (20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20): Payload contents: (20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448 (20): Encrypted data: 444 bytes (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT IKEv2-PROTO-2: (20): Retransmitting packet (20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1 (20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20): Payload contents: (20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448 (20): Encrypted data: 444 bytes (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT IKEv2-PROTO-2: (20): Retransmitting packet (20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1 (20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20): Payload contents: (20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448 (20): Encrypted data: 444 bytes (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-2: Received Packet [From 176....:500/To 192.168.13.2:500/VRF i0:f0] Initiator SPI : F3A220800F1D080E - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-3: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 718 Payload contents: SA Next payload: KE, reserved: 0x0, length: 256 last proposal: 0x2, reserved: 0x0, length: 52 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last proposal: 0x2, reserved: 0x0, length: 52 Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last proposal: 0x2, reserved: 0x0, length: 52 Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last proposal: 0x2, reserved: 0x0, length: 48 Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: 3DES last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 last proposal: 0x0, reserved: 0x0, length: 48 Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 8 type: 1, reserved: 0x0, id: DES last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 last transform: 0x3, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2 KE Next payload: N, reserved: 0x0, length: 200 DH group: 5, Reserved: 0x0 1b b8 a8 78 8e a4 52 43 6b d4 be b8 e2 b9 70 c3 c7 89 5e 61 5b 3a a8 68 49 22 92 d4 11 61 58 4f b6 cb 0c 44 84 6d 70 b2 3f 08 e4 e4 b1 65 60 47 1b ea 80 69 75 54 fa d5 e2 29 8d 45 ff b5 51 28 ea 4d 1b c2 68 89 b7 ac 42 f4 5a f3 42 96 60 ec e9 db 79 6d 12 e3 a7 48 b9 46 45 12 40 45 bb 47 84 72 1d 1a 46 c9 84 73 da fe b8 a3 9f 8b 11 a1 c9 d2 e9 70 79 c6 ab f9 7f bf 40 95 2c e5 04 fe 7c 06 ae 30 5e 6f 53 e8 37 8d 6a e7 4b 1b 92 22 b0 95 9b 81 c2 bd 14 ca 1c 2f 49 af 18 03 89 60 c4 22 e7 1a b0 b7 57 49 11 da f1 13 7f 8e 29 19 fc b3 5b 65 35 b1 36 b9 50 d3 ac ab 70 84 c9 dc N Next payload: VID, reserved: 0x0, length: 68 d9 fa ac fe 38 1e ff 33 94 e8 a3 08 cf 03 8e ec e4 48 b8 25 fb e8 19 9d ce 65 7c 04 c6 e9 be d2 69 75 88 51 5a 1b 98 68 e3 5b 52 ee b3 04 d7 69 2c a8 ee d9 5b 71 d6 ae 0f d3 e3 32 97 31 f1 53 VID Next payload: VID, reserved: 0x0, length: 23 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 53 4f 4e VID Next payload: NOTIFY, reserved: 0x0, length: 59 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d 73 2c 20 49 6e 63 2e NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP fa eb b9 f5 51 61 72 46 97 52 64 97 00 30 98 75 4d e1 7d a8 NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28 Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP 37 6c b6 64 e7 3b 65 01 df c3 3c ec b7 b0 20 cb d7 76 1f 10 NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: VID, reserved: 0x0, length: 8 Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED VID Next payload: NONE, reserved: 0x0, length: 20 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Decrypted packet:Data: 718 bytes IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT IKEv2-PROTO-2: (21): Checking NAT discovery IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT IKEv2-PROTO-5: (21): Redirect check is not needed, skipping it IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG IKEv2-PROTO-2: (21): Verify SA init message IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA IKEv2-PROTO-2: (21): Insert SA IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG IKEv2-PROTO-2: (21): Processing IKE_SA_INIT message IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT IKEv2-PROTO-5: (21): Process NAT discovery notify IKEv2-PROTO-5: (21): Processing nat detect src notify IKEv2-PROTO-5: (21): Remote address not matched IKEv2-PROTO-5: (21): Processing nat detect dst notify IKEv2-PROTO-5: (21): Local address not matched IKEv2-PROTO-5: (21): Host is located NAT inside IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-5: (21): Setting configured policies IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN IKEv2-PROTO-5: (21): Opening a PKI session IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-2: (21): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5 IKEv2-PROTO-2: (21): Request queued for computation of DH key IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-5: (21): Action: Action_Null IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET IKEv2-PROTO-2: (21): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 5 IKEv2-PROTO-2: (21): Request queued for computation of DH secret IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP IKEv2-PROTO-5: (21): Action: Action_Null IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID IKEv2-PROTO-5: (21): Generate skeyid IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-2: (21): Generating IKE_SA_INIT message IKEv2-PROTO-2: (21): IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 4 (21): AES-CBC(21): SHA1(21): SHA96(21): DH_GROUP_1536_MODP/Group 5(21): IKEv2-PROTO-2: (21): Sending Packet [To 176....:500/From 192.168.13.2:500/VRF i0:f0] (21): Initiator SPI : F3A220800F1D080E - Responder SPI : 9996C27D83C6FFA7 Message id: 0 (21): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-3: (21): Next payload: SA, version: 2.0 (21): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (21): Message id: 0, length: 510(21): Payload contents: (21): SA(21): Next payload: KE, reserved: 0x0, length: 48 (21): last proposal: 0x0, reserved: 0x0, length: 44 Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(21): last transform: 0x3, reserved: 0x0: length: 12 type: 1, reserved: 0x0, id: AES-CBC (21): last transform: 0x3, reserved: 0x0: length: 8 type: 2, reserved: 0x0, id: SHA1 (21): last transform: 0x3, reserved: 0x0: length: 8 type: 3, reserved: 0x0, id: SHA96 (21): last transform: 0x0, reserved: 0x0: length: 8 type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5 (21): KE(21): Next payload: N, reserved: 0x0, length: 200 (21): DH group: 5, Reserved: 0x0 (21): (21): 90 3c 4b 48 be c5 e7 0c 71 df 45 26 51 31 c7 f2 (21): 43 f3 18 1f 8d bb bc c7 34 bd f3 3c e2 23 b6 07 (21): 08 94 64 46 24 1a 91 53 a2 f0 42 b5 e1 4b 6f 23 (21): 86 21 9e c5 dc 10 2d 59 69 be e3 17 c6 3e 72 f6 (21): a2 07 88 32 09 a5 06 c3 c6 bd 06 04 01 63 f1 61 (21): 76 55 08 bd a6 03 98 37 d3 f5 73 20 1d 0e 6f 4b (21): 2c 7c fe f3 c9 ce a7 0c a0 42 52 f2 e7 b7 f9 73 (21): e7 fb 14 39 7b 9a a4 f0 b8 f2 12 c8 53 22 e6 77 (21): 86 8f 37 4d a1 b5 d6 1a 69 d9 c0 eb f0 27 0b 8b (21): 2b 00 38 18 7e cd 5f c8 d2 0a 10 3c 78 08 db 22 (21): a3 c1 83 b6 3a fa d8 62 84 8c e6 d7 d1 b0 e3 0c (21): 3b 54 36 8c 43 ed bd 20 a0 b0 90 3e 74 e7 0d 61 (21): N(21): Next payload: VID, reserved: 0x0, length: 68 (21): (21): af f1 44 a6 d7 f6 35 f6 59 aa 0a e4 c2 1c 3b 62 (21): 11 14 13 2b 23 8a b5 72 05 bd cf 43 32 53 c1 9b (21): f9 7a e1 d0 0c 65 20 21 99 9d ff 96 eb 5d c7 d7 (21): 73 1d b8 b2 22 f2 69 cb 6f b2 74 2d 76 ed 35 ab (21): VID(21): Next payload: VID, reserved: 0x0, length: 23 (21): (21): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41 (21): 53 4f 4e (21): VID(21): Next payload: NOTIFY, reserved: 0x0, length: 59 (21): (21): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29 (21): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 (21): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d (21): 73 2c 20 49 6e 63 2e (21): NOTIFY(NAT_DETECTION_SOURCE_IP)(21): Next payload: NOTIFY, reserved: 0x0, length: 28 (21): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP (21): (21): a8 f0 5e 54 37 75 8f 51 f8 56 fa d0 08 ca 68 50 (21): bd f5 bf 9c (21): NOTIFY(NAT_DETECTION_DESTINATION_IP)(21): Next payload: NOTIFY, reserved: 0x0, length: 28 (21): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP (21): (21): e4 6a 0d 35 b7 f1 c1 3e 45 17 29 9c fc 82 19 25 (21): e2 d3 17 27 (21): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(21): Next payload: VID, reserved: 0x0, length: 8 (21): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED (21): VID(21): Next payload: NONE, reserved: 0x0, length: 20 (21): (21): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 (21): IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE IKEv2-PROTO-2: (21): IETF Fragmentation is enabled IKEv2-PROTO-2: (21): Cisco Fragmentation is enabled IKEv2-PROTO-5: (21): Cisco DeleteReason Notify is enabled IKEv2-PROTO-2: (21): Completed SA init exchange IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR IKEv2-PROTO-2: (21): Starting timer (30 sec) to wait for auth message IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_WAIT4_AUTH_TMO IKEv2-PROTO-1: (21): Failed to receive the AUTH msg before the timer expired IKEv2-PROTO-1: (21): IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-2: (21): Auth exchange failed IKEv2-PROTO-1: (21): Auth exchange failed IKEv2-PROTO-1: (21): Auth exchange failed IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-2: (21): Abort exchange IKEv2-PROTO-2: (21): Deleting SA IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT IKEv2-PROTO-2: (20): Retransmitting packet (20): IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0] (20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1 (20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20): Payload contents: (20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448 (20): Encrypted data: 444 bytes (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT_EXCEED IKEv2-PROTO-1: (20): Maximum number of retransmissions reached IKEv2-PROTO-1: (20): IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL IKEv2-PROTO-2: (20): Auth exchange failed IKEv2-PROTO-1: (20): Auth exchange failed IKEv2-PROTO-1: (20): Auth exchange failed IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS IKEv2-PROTO-2: (20): Abort exchange IKEv2-PROTO-2: (20): Deleting SA IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY IKEv2-PROTO-5: (22): Setting configured policies IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY IKEv2-PROTO-2: (22): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5 IKEv2-PROTO-2: (22): Request queued for computation of DH key IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP IKEv2-PROTO-5: (22): Action: Action_Null IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG IKEv2-PROTO-2: (22): Generating IKE_SA_INIT message IKEv2-PROTO-2: (22): IKE Proposal: 1, SPI size: 0 (initial negotiation), Num. transforms: 5 (22): AES-CBC(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 5 (22): AES-CBC(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 3, SPI size: 0 (initial negotiation), Num. transforms: 5 (22): AES-CBC(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 4, SPI size: 0 (initial negotiation), Num. transforms: 5 (22): 3DES(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 5, SPI size: 0 (initial negotiation), Num. transforms: 5 (22): DES(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2(22):
Here the config
The one where I changed the identity
! interface GigabitEthernet1/1 nameif outside security-level 0 ip address 192.168.10.253 255.255.255.0 ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 192.168.59.254 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only no nameif no security-level no ip address ! ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 object network obj_any subnet 0.0.0.0 0.0.0.0 object network insideNetwork subnet 192.168.59.0 255.255.255.0 object network ClientNetwork subnet 192.168.0.0 255.255.0.0 object network ServerNetwork subnet 192.168.49.0 255.255.255.0 object network MuenchenNetwork subnet 192.168.53.0 255.255.255.0 object network NETWORK_OBJ_192.168.59.0_24 subnet 192.168.59.0 255.255.255.0 object network ClientNetz subnet 192.168.51.0 255.255.255.0 object network BerlinNetz subnet 192.168.52.0 255.255.255.0 object-group network RemoteNetwork network-object object BerlinNetz network-object object ClientNetz network-object object ServerNetwork object-group network DM_INLINE_NETWORK_1 network-object object ServerNetwork network-object object BerlinNetz network-object object ClientNetz network-object object MuenchenNetwork object-group service internet service-object icmp service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object udp destination eq domain object-group network DM_INLINE_NETWORK_2 network-object object MuenchenNetwork group-object RemoteNetwork access-list outside_cryptomap extended permit ip object insideNetwork object-group RemoteNetwork access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 192.168.59.0 255.255.255.0 access-list inside_access_in extended permit object-group internet 192.168.59.0 255.255.255.0 any access-list inside_access_in extended permit ip 192.168.59.0 255.255.255.0 object-group RemoteNetwork access-list inside_access_in extended permit ip 192.168.59.0 255.255.255.0 object MuenchenNetwork access-list inside_access_in extended deny ip any any access-list outside_cryptomap_2 extended permit ip object insideNetwork object MuenchenNetwork pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-761.bin no asdm history enable arp inside 192.168.59.59 14da.e9cd.1ec9 arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static insideNetwork insideNetwork destination static RemoteNetwork RemoteNetwork no-proxy-arp route-lookup nat (inside,outside) source static NETWORK_OBJ_192.168.59.0_24 NETWORK_OBJ_192.168.59.0_24 destination static MuenchenNetwork MuenchenNetwork no-proxy-arp route-lookup nat (inside,outside) source static insideNetwork insideNetwork destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside,outside) source static insideNetwork insideNetwork destination static MuenchenNetwork MuenchenNetwork no-proxy-arp route-lookup ! object network obj_any nat (any,outside) dynamic interface object network insideNetwork nat (any,outside) dynamic interface access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 192.168.10.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable http 192.168.1.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 inside http 192.168.59.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 inside no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map outside_map1 1 match address outside_cryptomap crypto map outside_map1 1 set peer 92.... crypto map outside_map1 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 1 set security-association lifetime seconds 86400 crypto map outside_map1 1 set security-association lifetime kilobytes unlimited crypto map outside_map1 2 match address outside_cryptomap_2 crypto map outside_map1 2 set peer 217.... crypto map outside_map1 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 interface outside crypto ca trustpool policy crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 no ssh stricthostkeycheck ssh 192.168.49.0 255.255.255.0 outside ssh 192.168.49.0 255.255.255.0 inside ssh 192.168.53.0 255.255.255.0 inside ssh 192.168.59.0 255.255.255.0 inside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd address 192.168.59.60-192.168.59.200 inside dhcpd dns 192.168.49.1 4.2.2.2 interface inside dhcpd enable inside ! ntp server 129.217.131.21 prefer group-policy GroupPolicy2 internal group-policy GroupPolicy2 attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol ikev2 group-policy gpolicyMain internal group-policy gpolicyMain attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 dynamic-access-policy-record DfltAccessPolicy username Cisco password CNM39dVbVYF9qTEc encrypted privilege 15 username ..password 5.hmROwzSjKk4pTL encrypted privilege 15 username ..password IQ.Jl3uQBtj3cVgD encrypted privilege 15 tunnel-group 62... type ipsec-l2l tunnel-group 62... general-attributes default-group-policy gpolicyMain tunnel-group 62... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 92... type ipsec-l2l tunnel-group 92... general-attributes default-group-policy gpolicyMain tunnel-group 92... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 217... type ipsec-l2l tunnel-group 217.... general-attributes default-group-policy GroupPolicy2 tunnel-group 217... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:ac252d15d11d868f3fef49ee086f757e : end
The other one
! interface GigabitEthernet1/1 nameif outside security-level 0 ip address 192.168.13.2 255.255.255.0 ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 192.168.53.254 255.255.255.0 ! interface GigabitEthernet1/3 shutdown nameif scanner security-level 100 ip address 192.168.63.254 255.255.255.0 ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only nameif management security-level 100 ip address 10.0.40.217 255.255.255.0 ! ftp mode passive same-security-traffic permit intra-interface object network inside subnet 192.168.53.0 255.255.255.0 object network RZNetwork subnet 192.168.49.0 255.255.255.0 object network scanner subnet 192.168.63.0 255.255.255.0 object network ClientNetwork subnet 192.168.51.0 255.255.255.0 object network Messe subnet 192.168.60.0 255.255.255.0 object network MUC2 subnet 192.168.54.0 255.255.255.0 object network RemoteNetwork subnet 192.168.149.0 255.255.255.0 object network bNetwork subnet 192.168.59.0 255.255.255.0 object network NETWORK_OBJ_192.168.53.0_24 subnet 192.168.53.0 255.255.255.0 object-group network RemoteNetworks network-object object RZNetwork network-object object ClientNetwork network-object object RemoteNetwork network-object object NETWORK_OBJ_192.168.53.0_24 object-group network LocalNetworks network-object object inside network-object object scanner object-group service internet service-object icmp service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object udp destination eq domain object-group network Alarmanlage network-object host 188... network-object host 62... network-object host 62... network-object host 80... access-list outside_cryptomap extended permit ip object-group LocalNetworks object-group RemoteNetworks access-list outside_cryptomap_1 extended permit ip object inside object Messe access-list inside_access_in extended permit object-group internet object inside any access-list inside_access_in extended permit ip object inside object-group RemoteNetworks access-list inside_access_in extended permit tcp any object-group Alarmanlage eq 2683 access-list inside_access_in extended permit ip object inside object BNetwork access-list inside_access_in extended deny ip any any access-list outside_cryptomap_7 extended permit ip object inside object BNetwork access-list outside_access_in extended permit ip object BNetwork any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu scanner 1500 mtu management 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-782.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (inside,outside) source static inside inside destination static RZNetwork RZNetwork no-proxy-arp route-lookup nat (scanner,outside) source static scanner scanner destination static RZNetwork RZNetwork no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static ClientNetwork ClientNetwork no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static Messe Messe no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static MUC2 MUC2 no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static RemoteNetworks RemoteNetworks no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static RemoteNetwork RemoteNetwork route-lookup nat (inside,outside) source static inside inside destination static BNetwork BNetwork no-proxy-arp route-lookup ! object network inside nat (any,outside) dynamic interface object network scanner nat (any,outside) dynamic interface access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 192.168.13.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authentication login-history http server enable http 192.168.1.0 255.255.255.0 management http 10.10.0.0 255.255.255.0 management http 213.203.223.132 255.255.255.255 outside http 192.168.53.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 inside no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map outside_map1 1 match address outside_cryptomap crypto map outside_map1 1 set peer 92... crypto map outside_map1 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 1 set security-association lifetime seconds 86400 crypto map outside_map1 1 set security-association lifetime kilobytes unlimited crypto map outside_map1 2 match address outside_cryptomap_1 crypto map outside_map1 2 set peer 212.... crypto map outside_map1 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 2 set security-association lifetime seconds 86400 crypto map outside_map1 2 set security-association lifetime kilobytes unlimited crypto map outside_map1 3 match address outside_cryptomap_7 crypto map outside_map1 3 set peer 176.... crypto map outside_map1 3 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 interface outside crypto ca trustpool policy crypto isakmp identity address crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 telnet timeout 5 no ssh stricthostkeycheck ssh 192.168.49.0 255.255.255.0 outside ssh 192.168.51.0 255.255.255.0 outside ssh 192.168.49.0 255.255.255.0 inside ssh 192.168.53.0 255.255.255.0 inside ssh 192.168.51.0 255.255.255.0 inside ssh 10.10.0.0 255.255.255.0 management ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd address 192.168.53.50-192.168.53.200 inside dhcpd dns 192.168.49.1 4.2.2.2 interface inside dhcpd option 43 hex f104c0a8310f interface inside dhcpd enable inside ! dhcpd address 192.168.63.50-192.168.63.200 scanner dhcpd dns 192.168.49.1 4.2.2.2 interface scanner dhcpd enable scanner ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev2 l2tp-ipsec ssl-clientless group-policy GroupPolicy2 internal group-policy GroupPolicy2 attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol ikev2 group-policy gpolicyMain internal group-policy gpolicyMain attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 group-policy gpolicymuc internal group-policy gpolicymuc attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol l2tp-ipsec periodic-authentication certificate none dynamic-access-policy-record DfltAccessPolicy username Cisco password $sha512$5000$52iVX12RdZJB8iPpuJn7RQ==$mI4SJgMu6WEcijMzmJBSlQ== pbkdf2 privilege 15 tunnel-group 212.,.. type ipsec-l2l tunnel-group 212.... general-attributes default-group-policy gpolicymuc tunnel-group 212.... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 92.... type ipsec-l2l tunnel-group 92... general-attributes default-group-policy gpolicyMain tunnel-group 92... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 176.... type ipsec-l2l tunnel-group 176.... general-attributes default-group-policy GroupPolicy2 tunnel-group 176... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:29bd7c9ee28a00a0fb3ba5fb94974169 : end
Thank you!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide