Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- VPN
- Site2site no connection
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
699
Views
0
Helpful
0
Replies
Site2site no connection
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2021 05:30 AM
Hello,
I am trying to create a site2site VPN Connection since several hours to no avail.
Location 1 has a dynamic connection. With it I had no debug loga created on site B at all.... So i changed the identity from key to auto and did the config with IPs.
Can you please check the debug? What could be the issue? Not even Phase 1 goes through.
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-5: (20): Setting configured policies
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-2: (20): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5
IKEv2-PROTO-2: (20): Request queued for computation of DH key
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (20): Action: Action_Null
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (20): Generating IKE_SA_INIT message
IKEv2-PROTO-2: (20): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 5
(20): AES-CBC(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 5
(20): AES-CBC(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 3, SPI size: 0 (initial negotiation),
Num. transforms: 5
(20): AES-CBC(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 4, SPI size: 0 (initial negotiation),
Num. transforms: 5
(20): 3DES(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (20): IKE Proposal: 5, SPI size: 0 (initial negotiation),
Num. transforms: 5
(20): DES(20): SHA1(20): SHA96(20): DH_GROUP_1536_MODP/Group 5(20): DH_GROUP_1024_MODP/Group 2(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:500/From 192.168.13.2:500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : 0000000000000000 Message id: 0
(20): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: SA, version: 2.0 (20): Exchange type: IKE_SA_INIT, flags: INITIATOR (20): Message id: 0, length: 718(20):
Payload contents:
(20): SA(20): Next payload: KE, reserved: 0x0, length: 256
(20): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(20): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(20): last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(20): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(20): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 5(20): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(20): KE(20): Next payload: N, reserved: 0x0, length: 200
(20): DH group: 5, Reserved: 0x0
(20):
(20): f0 8c f6 7e 91 8e b4 6c cd 79 84 4d 55 a3 22 16
(20): eb a0 d5 71 5e ea 79 50 28 0f c3 15 1e 5e e8 9e
(20): ef 31 48 00 f3 71 ec b4 78 61 9a 80 b4 f0 85 2b
(20): 1f 36 bb 42 6c ec 1c 6d 8d 0b 82 b9 cf fd 73 ea
(20): a1 56 2d e3 78 40 89 47 9d 92 8d cd 01 17 a1 ff
(20): 90 70 1d bd 8f d9 0c 8f 68 89 64 17 fe 96 70 21
(20): 65 eb ea f9 fa ea 9b 7a d7 e3 09 ac c5 81 52 dd
(20): f8 34 b2 e0 58 f3 f1 fb c3 ef 4e 59 ce 8e 59 93
(20): b4 4e 90 fb 8d b8 12 15 ca 67 e0 d3 b6 bc f8 e9
(20): e9 48 ff f3 14 ed 23 6d 24 b1 38 d4 c3 cd 57 18
(20): 02 64 d5 c6 f8 4b f0 db 34 bf 86 90 4b 8f b0 14
(20): 95 4e 48 70 b2 b1 be 59 e6 8c 98 1c fe e3 6e b2
(20): N(20): Next payload: VID, reserved: 0x0, length: 68
(20):
(20): 3a ee 1e 9e 32 65 55 d8 a4 7a 00 90 a6 2e 7f a2
(20): e8 c8 d9 bb 82 89 70 48 d1 a9 0c bd 27 ac d5 02
(20): 0d b3 8b 83 35 c4 67 da 38 2a 27 7e a4 fa 59 d1
(20): 7b c2 20 1f f2 45 83 2f a2 d0 dd 38 41 b2 5c a2
(20): VID(20): Next payload: VID, reserved: 0x0, length: 23
(20):
(20): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(20): 53 4f 4e
(20): VID(20): Next payload: NOTIFY, reserved: 0x0, length: 59
(20):
(20): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(20): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(20): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(20): 73 2c 20 49 6e 63 2e
(20): NOTIFY(NAT_DETECTION_SOURCE_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28
(20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(20):
(20): be ae cd bf 28 a8 dd 0e e7 a6 fe 04 a1 0b 36 6f
(20): 18 a5 10 05
(20): NOTIFY(NAT_DETECTION_DESTINATION_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28
(20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(20):
(20): 51 57 57 d0 09 7a 96 3d b1 c6 5c d1 bb 7f ea 29
(20): 51 41 3e ff
(20): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(20): Next payload: VID, reserved: 0x0, length: 8
(20): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(20): VID(20): Next payload: NONE, reserved: 0x0, length: 20
(20):
(20): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-2: (20): Insert SA
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
(20):
IKEv2-PROTO-2: (20): Received Packet [From 176....:500/To 192.168.13.2:500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 0
(20): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-3: (20): Next payload: SA, version: 2.0 (20): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (20): Message id: 0, length: 510(20):
Payload contents:
(20): SA(20): Next payload: KE, reserved: 0x0, length: 48
(20): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(20): KE(20): Next payload: N, reserved: 0x0, length: 200
(20): DH group: 5, Reserved: 0x0
(20):
(20): 4f 2e e9 81 f0 10 cf 50 85 20 72 36 6b 47 a9 24
(20): 8d e2 92 68 c0 e4 c1 76 08 18 99 9f 8b 0d 33 14
(20): c0 bc 63 53 0e eb 9a ff e6 9f 3a 27 e4 99 b8 b4
(20): cf 04 53 1a 6d 73 c8 92 2d ff e4 b6 4e 4f 18 8a
(20): fd 20 72 25 bf 41 d2 46 d6 d6 34 59 49 0d dc 81
(20): 55 8f 15 e6 77 94 db 24 01 6e 4c 10 47 29 44 7b
(20): a7 48 e2 7b 27 89 60 7a e4 4c 9e 4c d4 67 b1 b8
(20): 40 04 37 72 2a 63 8c 16 09 86 1d a2 46 2f 96 cf
(20): 4d 81 e5 c7 43 47 b9 ed 8e c0 14 61 40 94 fd 1f
(20): 29 b9 28 f2 af 6d ff 42 0b 77 fc 95 b1 89 65 18
(20): 3a dc 59 17 88 6e fd 1c 71 34 90 0e 5a e1 a0 e6
(20): b9 0d df 94 ec 7f ca f3 42 eb 2d f1 45 e3 29 4d
(20): N(20): Next payload: VID, reserved: 0x0, length: 68
(20):
(20): d2 a9 95 1f 3c 57 cc 9c e3 a6 01 d8 6d a1 40 f9
(20): 2b 73 3b 64 5d f6 2e 00 9a 26 f8 c1 9c 57 b7 f7
(20): d8 e7 42 5c 66 c5 b2 45 97 6e 4c e6 c8 fe 5a 27
(20): 95 34 02 c3 b5 c4 a5 26 8f 72 c8 e0 ec 82 0d c8
(20): VID(20): Next payload: VID, reserved: 0x0, length: 23
(20):
(20): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(20): 53 4f 4e
(20): VID(20): Next payload: NOTIFY, reserved: 0x0, length: 59
(20):
(20): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(20): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(20): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(20): 73 2c 20 49 6e 63 2e
(20): NOTIFY(NAT_DETECTION_SOURCE_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28
(20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(20):
(20): 22 0a 28 1e f8 9b 3a 21 83 2e 01 ee b7 4f 0a a8
(20): d4 4d 88 c9
(20): NOTIFY(NAT_DETECTION_DESTINATION_IP)(20): Next payload: NOTIFY, reserved: 0x0, length: 28
(20): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(20):
(20): c5 df 37 bc 68 33 8f 87 c0 0a 4d 09 5b 84 b5 a8
(20): 16 d7 50 3c
(20): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(20): Next payload: VID, reserved: 0x0, length: 8
(20): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(20): VID(20): Next payload: NONE, reserved: 0x0, length: 20
(20):
(20): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(20):
(20): Decrypted packet:(20): Data: 510 bytes
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-5: (20): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (20): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-2: (20): Verify SA init message
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (20): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-5: (20): Process NAT discovery notify
IKEv2-PROTO-5: (20): Processing nat detect src notify
IKEv2-PROTO-5: (20): Remote address not matched
IKEv2-PROTO-5: (20): Processing nat detect dst notify
IKEv2-PROTO-5: (20): Local address not matched
IKEv2-PROTO-5: (20): Host is located NAT inside
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-2: (20): Checking NAT discovery
IKEv2-PROTO-2: (20): NAT INSIDE found
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHG_NAT_T_PORT
IKEv2-PROTO-2: (20): NAT detected float to init port 4500, resp port 4500
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-2: (20): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 5
IKEv2-PROTO-2: (20): Request queued for computation of DH secret
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (20): Action: Action_Null
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-5: (20): Generate skeyid
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-2: (20): IETF Fragmentation is enabled
IKEv2-PROTO-2: (20): Cisco Fragmentation is enabled
IKEv2-PROTO-5: (20): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-2: (20): Completed SA init exchange
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-2: (20): Check for EAP exchange
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-2: (20): Generate my authentication data
IKEv2-PROTO-2: (20): Use preshared key for id 192.168.13.2, key len 9
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-2: (20): Get my authentication method
IKEv2-PROTO-2: (20): My authentication method is 'PSK'
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-2: (20): Check for EAP exchange
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (20): Generating IKE_AUTH message
IKEv2-PROTO-2: (20): Constructing IDi payload: '192.168.13.2' of type 'IPv4 address'
IKEv2-PROTO-2: (20): ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(20): AES-CBC(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 2, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(20): AES-CBC(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 3, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(20): AES-CBC(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 4, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(20): 3DES(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): ESP Proposal: 5, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(20): DES(20): SHA96(20): MD596(20): Don't use ESNIKEv2-PROTO-2: (20): Building packet for encryption.
(20):
Payload contents:
(20): VID(20): Next payload: IDi, reserved: 0x0, length: 20
(20):
(20): 1b 83 b0 6f 38 ff 8f 40 ed 6a 86 f3 05 f9 62 f6
(20): IDi(20): Next payload: AUTH, reserved: 0x0, length: 12
(20): Id type: IPv4 address, Reserved: 0x0 0x0
(20):
(20): c0 a8 0d 02
(20): AUTH(20): Next payload: SA, reserved: 0x0, length: 28
(20): Auth method PSK, reserved: 0x0, reserved 0x0
(20): Auth data: 20 bytes
(20): SA(20): Next payload: TSi, reserved: 0x0, length: 236
(20): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(20): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(20): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 3, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(20): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(20): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 5, Protocol id: ESP, SPI size: 4, #trans: 4(20): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(20): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(20): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(20): TSi(20): Next payload: TSr, reserved: 0x0, length: 40
(20): Num of TSs: 2, reserved 0x0, reserved 0x0
(20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(20): start port: 0, end port: 65535
(20): start addr: 192.168.53.31, end addr: 192.168.53.31
(20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(20): start port: 0, end port: 65535
(20): start addr: 192.168.53.0, end addr: 192.168.53.255
(20): TSr(20): Next payload: NOTIFY, reserved: 0x0, length: 40
(20): Num of TSs: 2, reserved 0x0, reserved 0x0
(20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(20): start port: 0, end port: 65535
(20): start addr: 192.168.59.254, end addr: 192.168.59.254
(20): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(20): start port: 0, end port: 65535
(20): start addr: 192.168.59.0, end addr: 192.168.59.255
(20): NOTIFY(INITIAL_CONTACT)(20): Next payload: NOTIFY, reserved: 0x0, length: 8
(20): Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
(20): NOTIFY(ESP_TFC_NO_SUPPORT)(20): Next payload: NOTIFY, reserved: 0x0, length: 8
(20): Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
(20): NOTIFY(NON_FIRST_FRAGS)(20): Next payload: NONE, reserved: 0x0, length: 8
(20): Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_ENCRYPT_MSG
IKEv2-PROTO-2: (20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_OK_ENCRYPT_RESP
IKEv2-PROTO-5: (20): Action: Action_Null
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_TRYSEND
(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1
(20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20):
Payload contents:
(20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448
(20): Encrypted data: 444 bytes
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_CHK_EAP_POST_ASYNC
IKEv2-PROTO-2: (20): Check for EAP exchange
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT
IKEv2-PROTO-2: (20): Retransmitting packet
(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1
(20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20):
Payload contents:
(20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448
(20): Encrypted data: 444 bytes
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT
IKEv2-PROTO-2: (20): Retransmitting packet
(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1
(20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20):
Payload contents:
(20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448
(20): Encrypted data: 444 bytes
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT
IKEv2-PROTO-2: (20): Retransmitting packet
(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1
(20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20):
Payload contents:
(20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448
(20): Encrypted data: 444 bytes
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT
IKEv2-PROTO-2: (20): Retransmitting packet
(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1
(20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20):
Payload contents:
(20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448
(20): Encrypted data: 444 bytes
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT
IKEv2-PROTO-2: (20): Retransmitting packet
(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1
(20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20):
Payload contents:
(20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448
(20): Encrypted data: 444 bytes
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-2: Received Packet [From 176....:500/To 192.168.13.2:500/VRF i0:f0]
Initiator SPI : F3A220800F1D080E - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-3: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 718
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 256
last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 52
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 5 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
1b b8 a8 78 8e a4 52 43 6b d4 be b8 e2 b9 70 c3
c7 89 5e 61 5b 3a a8 68 49 22 92 d4 11 61 58 4f
b6 cb 0c 44 84 6d 70 b2 3f 08 e4 e4 b1 65 60 47
1b ea 80 69 75 54 fa d5 e2 29 8d 45 ff b5 51 28
ea 4d 1b c2 68 89 b7 ac 42 f4 5a f3 42 96 60 ec
e9 db 79 6d 12 e3 a7 48 b9 46 45 12 40 45 bb 47
84 72 1d 1a 46 c9 84 73 da fe b8 a3 9f 8b 11 a1
c9 d2 e9 70 79 c6 ab f9 7f bf 40 95 2c e5 04 fe
7c 06 ae 30 5e 6f 53 e8 37 8d 6a e7 4b 1b 92 22
b0 95 9b 81 c2 bd 14 ca 1c 2f 49 af 18 03 89 60
c4 22 e7 1a b0 b7 57 49 11 da f1 13 7f 8e 29 19
fc b3 5b 65 35 b1 36 b9 50 d3 ac ab 70 84 c9 dc
N Next payload: VID, reserved: 0x0, length: 68
d9 fa ac fe 38 1e ff 33 94 e8 a3 08 cf 03 8e ec
e4 48 b8 25 fb e8 19 9d ce 65 7c 04 c6 e9 be d2
69 75 88 51 5a 1b 98 68 e3 5b 52 ee b3 04 d7 69
2c a8 ee d9 5b 71 d6 ae 0f d3 e3 32 97 31 f1 53
VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
VID Next payload: NOTIFY, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
fa eb b9 f5 51 61 72 46 97 52 64 97 00 30 98 75
4d e1 7d a8
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
37 6c b6 64 e7 3b 65 01 df c3 3c ec b7 b0 20 cb
d7 76 1f 10
NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: VID, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
VID Next payload: NONE, reserved: 0x0, length: 20
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
Decrypted packet:Data: 718 bytes
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-2: (21): Checking NAT discovery
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
IKEv2-PROTO-5: (21): Redirect check is not needed, skipping it
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-2: (21): Verify SA init message
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-2: (21): Insert SA
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (21): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-5: (21): Process NAT discovery notify
IKEv2-PROTO-5: (21): Processing nat detect src notify
IKEv2-PROTO-5: (21): Remote address not matched
IKEv2-PROTO-5: (21): Processing nat detect dst notify
IKEv2-PROTO-5: (21): Local address not matched
IKEv2-PROTO-5: (21): Host is located NAT inside
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-5: (21): Setting configured policies
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-5: (21): Opening a PKI session
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-2: (21): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5
IKEv2-PROTO-2: (21): Request queued for computation of DH key
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (21): Action: Action_Null
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
IKEv2-PROTO-2: (21): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 5
IKEv2-PROTO-2: (21): Request queued for computation of DH secret
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (21): Action: Action_Null
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
IKEv2-PROTO-5: (21): Generate skeyid
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (21): Generating IKE_SA_INIT message
IKEv2-PROTO-2: (21): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
(21): AES-CBC(21): SHA1(21): SHA96(21): DH_GROUP_1536_MODP/Group 5(21):
IKEv2-PROTO-2: (21): Sending Packet [To 176....:500/From 192.168.13.2:500/VRF i0:f0]
(21): Initiator SPI : F3A220800F1D080E - Responder SPI : 9996C27D83C6FFA7 Message id: 0
(21): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-3: (21): Next payload: SA, version: 2.0 (21): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (21): Message id: 0, length: 510(21):
Payload contents:
(21): SA(21): Next payload: KE, reserved: 0x0, length: 48
(21): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(21): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(21): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(21): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(21): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(21): KE(21): Next payload: N, reserved: 0x0, length: 200
(21): DH group: 5, Reserved: 0x0
(21):
(21): 90 3c 4b 48 be c5 e7 0c 71 df 45 26 51 31 c7 f2
(21): 43 f3 18 1f 8d bb bc c7 34 bd f3 3c e2 23 b6 07
(21): 08 94 64 46 24 1a 91 53 a2 f0 42 b5 e1 4b 6f 23
(21): 86 21 9e c5 dc 10 2d 59 69 be e3 17 c6 3e 72 f6
(21): a2 07 88 32 09 a5 06 c3 c6 bd 06 04 01 63 f1 61
(21): 76 55 08 bd a6 03 98 37 d3 f5 73 20 1d 0e 6f 4b
(21): 2c 7c fe f3 c9 ce a7 0c a0 42 52 f2 e7 b7 f9 73
(21): e7 fb 14 39 7b 9a a4 f0 b8 f2 12 c8 53 22 e6 77
(21): 86 8f 37 4d a1 b5 d6 1a 69 d9 c0 eb f0 27 0b 8b
(21): 2b 00 38 18 7e cd 5f c8 d2 0a 10 3c 78 08 db 22
(21): a3 c1 83 b6 3a fa d8 62 84 8c e6 d7 d1 b0 e3 0c
(21): 3b 54 36 8c 43 ed bd 20 a0 b0 90 3e 74 e7 0d 61
(21): N(21): Next payload: VID, reserved: 0x0, length: 68
(21):
(21): af f1 44 a6 d7 f6 35 f6 59 aa 0a e4 c2 1c 3b 62
(21): 11 14 13 2b 23 8a b5 72 05 bd cf 43 32 53 c1 9b
(21): f9 7a e1 d0 0c 65 20 21 99 9d ff 96 eb 5d c7 d7
(21): 73 1d b8 b2 22 f2 69 cb 6f b2 74 2d 76 ed 35 ab
(21): VID(21): Next payload: VID, reserved: 0x0, length: 23
(21):
(21): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(21): 53 4f 4e
(21): VID(21): Next payload: NOTIFY, reserved: 0x0, length: 59
(21):
(21): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(21): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(21): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(21): 73 2c 20 49 6e 63 2e
(21): NOTIFY(NAT_DETECTION_SOURCE_IP)(21): Next payload: NOTIFY, reserved: 0x0, length: 28
(21): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(21):
(21): a8 f0 5e 54 37 75 8f 51 f8 56 fa d0 08 ca 68 50
(21): bd f5 bf 9c
(21): NOTIFY(NAT_DETECTION_DESTINATION_IP)(21): Next payload: NOTIFY, reserved: 0x0, length: 28
(21): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(21):
(21): e4 6a 0d 35 b7 f1 c1 3e 45 17 29 9c fc 82 19 25
(21): e2 d3 17 27
(21): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(21): Next payload: VID, reserved: 0x0, length: 8
(21): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(21): VID(21): Next payload: NONE, reserved: 0x0, length: 20
(21):
(21): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(21):
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-2: (21): IETF Fragmentation is enabled
IKEv2-PROTO-2: (21): Cisco Fragmentation is enabled
IKEv2-PROTO-5: (21): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-2: (21): Completed SA init exchange
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
IKEv2-PROTO-2: (21): Starting timer (30 sec) to wait for auth message
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_WAIT4_AUTH_TMO
IKEv2-PROTO-1: (21): Failed to receive the AUTH msg before the timer expired
IKEv2-PROTO-1: (21):
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-2: (21): Auth exchange failed
IKEv2-PROTO-1: (21): Auth exchange failed
IKEv2-PROTO-1: (21): Auth exchange failed
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-5: (21): SM Trace-> SA: I_SPI=F3A220800F1D080E R_SPI=9996C27D83C6FFA7 (R) MsgID = 00000000 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-2: (21): Abort exchange
IKEv2-PROTO-2: (21): Deleting SA
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT
IKEv2-PROTO-2: (20): Retransmitting packet
(20):
IKEv2-PROTO-2: (20): Sending Packet [To 176....:4500/From 192.168.13.2:4500/VRF i0:f0]
(20): Initiator SPI : 1983B16F2BC87C07 - Responder SPI : D565D2E1D3B833E5 Message id: 1
(20): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (20): Next payload: ENCR, version: 2.0 (20): Exchange type: IKE_AUTH, flags: INITIATOR (20): Message id: 1, length: 476(20):
Payload contents:
(20): ENCR(20): Next payload: VID, reserved: 0x0, length: 448
(20): Encrypted data: 444 bytes
(20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RE_XMT_EXCEED
IKEv2-PROTO-1: (20): Maximum number of retransmissions reached
IKEv2-PROTO-1: (20):
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-2: (20): Auth exchange failed
IKEv2-PROTO-1: (20): Auth exchange failed
IKEv2-PROTO-1: (20): Auth exchange failed
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-5: (20): SM Trace-> SA: I_SPI=1983B16F2BC87C07 R_SPI=D565D2E1D3B833E5 (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-2: (20): Abort exchange
IKEv2-PROTO-2: (20): Deleting SA
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-5: (22): Setting configured policies
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-2: (22): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5
IKEv2-PROTO-2: (22): Request queued for computation of DH key
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (22): Action: Action_Null
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (22): SM Trace-> SA: I_SPI=E82EB2A87381B5A2 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (22): Generating IKE_SA_INIT message
IKEv2-PROTO-2: (22): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 5
(22): AES-CBC(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 5
(22): AES-CBC(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 3, SPI size: 0 (initial negotiation),
Num. transforms: 5
(22): AES-CBC(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 4, SPI size: 0 (initial negotiation),
Num. transforms: 5
(22): 3DES(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (22): IKE Proposal: 5, SPI size: 0 (initial negotiation),
Num. transforms: 5
(22): DES(22): SHA1(22): SHA96(22): DH_GROUP_1536_MODP/Group 5(22): DH_GROUP_1024_MODP/Group 2(22):
Here the config
The one where I changed the identity
! interface GigabitEthernet1/1 nameif outside security-level 0 ip address 192.168.10.253 255.255.255.0 ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 192.168.59.254 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only no nameif no security-level no ip address ! ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 object network obj_any subnet 0.0.0.0 0.0.0.0 object network insideNetwork subnet 192.168.59.0 255.255.255.0 object network ClientNetwork subnet 192.168.0.0 255.255.0.0 object network ServerNetwork subnet 192.168.49.0 255.255.255.0 object network MuenchenNetwork subnet 192.168.53.0 255.255.255.0 object network NETWORK_OBJ_192.168.59.0_24 subnet 192.168.59.0 255.255.255.0 object network ClientNetz subnet 192.168.51.0 255.255.255.0 object network BerlinNetz subnet 192.168.52.0 255.255.255.0 object-group network RemoteNetwork network-object object BerlinNetz network-object object ClientNetz network-object object ServerNetwork object-group network DM_INLINE_NETWORK_1 network-object object ServerNetwork network-object object BerlinNetz network-object object ClientNetz network-object object MuenchenNetwork object-group service internet service-object icmp service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object udp destination eq domain object-group network DM_INLINE_NETWORK_2 network-object object MuenchenNetwork group-object RemoteNetwork access-list outside_cryptomap extended permit ip object insideNetwork object-group RemoteNetwork access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 192.168.59.0 255.255.255.0 access-list inside_access_in extended permit object-group internet 192.168.59.0 255.255.255.0 any access-list inside_access_in extended permit ip 192.168.59.0 255.255.255.0 object-group RemoteNetwork access-list inside_access_in extended permit ip 192.168.59.0 255.255.255.0 object MuenchenNetwork access-list inside_access_in extended deny ip any any access-list outside_cryptomap_2 extended permit ip object insideNetwork object MuenchenNetwork pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-761.bin no asdm history enable arp inside 192.168.59.59 14da.e9cd.1ec9 arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static insideNetwork insideNetwork destination static RemoteNetwork RemoteNetwork no-proxy-arp route-lookup nat (inside,outside) source static NETWORK_OBJ_192.168.59.0_24 NETWORK_OBJ_192.168.59.0_24 destination static MuenchenNetwork MuenchenNetwork no-proxy-arp route-lookup nat (inside,outside) source static insideNetwork insideNetwork destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside,outside) source static insideNetwork insideNetwork destination static MuenchenNetwork MuenchenNetwork no-proxy-arp route-lookup ! object network obj_any nat (any,outside) dynamic interface object network insideNetwork nat (any,outside) dynamic interface access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 192.168.10.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable http 192.168.1.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 inside http 192.168.59.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 inside no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map outside_map1 1 match address outside_cryptomap crypto map outside_map1 1 set peer 92.... crypto map outside_map1 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 1 set security-association lifetime seconds 86400 crypto map outside_map1 1 set security-association lifetime kilobytes unlimited crypto map outside_map1 2 match address outside_cryptomap_2 crypto map outside_map1 2 set peer 217.... crypto map outside_map1 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 interface outside crypto ca trustpool policy crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 no ssh stricthostkeycheck ssh 192.168.49.0 255.255.255.0 outside ssh 192.168.49.0 255.255.255.0 inside ssh 192.168.53.0 255.255.255.0 inside ssh 192.168.59.0 255.255.255.0 inside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd address 192.168.59.60-192.168.59.200 inside dhcpd dns 192.168.49.1 4.2.2.2 interface inside dhcpd enable inside ! ntp server 129.217.131.21 prefer group-policy GroupPolicy2 internal group-policy GroupPolicy2 attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol ikev2 group-policy gpolicyMain internal group-policy gpolicyMain attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 dynamic-access-policy-record DfltAccessPolicy username Cisco password CNM39dVbVYF9qTEc encrypted privilege 15 username ..password 5.hmROwzSjKk4pTL encrypted privilege 15 username ..password IQ.Jl3uQBtj3cVgD encrypted privilege 15 tunnel-group 62... type ipsec-l2l tunnel-group 62... general-attributes default-group-policy gpolicyMain tunnel-group 62... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 92... type ipsec-l2l tunnel-group 92... general-attributes default-group-policy gpolicyMain tunnel-group 92... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 217... type ipsec-l2l tunnel-group 217.... general-attributes default-group-policy GroupPolicy2 tunnel-group 217... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:ac252d15d11d868f3fef49ee086f757e : end
The other one
! interface GigabitEthernet1/1 nameif outside security-level 0 ip address 192.168.13.2 255.255.255.0 ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 192.168.53.254 255.255.255.0 ! interface GigabitEthernet1/3 shutdown nameif scanner security-level 100 ip address 192.168.63.254 255.255.255.0 ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only nameif management security-level 100 ip address 10.0.40.217 255.255.255.0 ! ftp mode passive same-security-traffic permit intra-interface object network inside subnet 192.168.53.0 255.255.255.0 object network RZNetwork subnet 192.168.49.0 255.255.255.0 object network scanner subnet 192.168.63.0 255.255.255.0 object network ClientNetwork subnet 192.168.51.0 255.255.255.0 object network Messe subnet 192.168.60.0 255.255.255.0 object network MUC2 subnet 192.168.54.0 255.255.255.0 object network RemoteNetwork subnet 192.168.149.0 255.255.255.0 object network bNetwork subnet 192.168.59.0 255.255.255.0 object network NETWORK_OBJ_192.168.53.0_24 subnet 192.168.53.0 255.255.255.0 object-group network RemoteNetworks network-object object RZNetwork network-object object ClientNetwork network-object object RemoteNetwork network-object object NETWORK_OBJ_192.168.53.0_24 object-group network LocalNetworks network-object object inside network-object object scanner object-group service internet service-object icmp service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object udp destination eq domain object-group network Alarmanlage network-object host 188... network-object host 62... network-object host 62... network-object host 80... access-list outside_cryptomap extended permit ip object-group LocalNetworks object-group RemoteNetworks access-list outside_cryptomap_1 extended permit ip object inside object Messe access-list inside_access_in extended permit object-group internet object inside any access-list inside_access_in extended permit ip object inside object-group RemoteNetworks access-list inside_access_in extended permit tcp any object-group Alarmanlage eq 2683 access-list inside_access_in extended permit ip object inside object BNetwork access-list inside_access_in extended deny ip any any access-list outside_cryptomap_7 extended permit ip object inside object BNetwork access-list outside_access_in extended permit ip object BNetwork any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu scanner 1500 mtu management 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-782.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (inside,outside) source static inside inside destination static RZNetwork RZNetwork no-proxy-arp route-lookup nat (scanner,outside) source static scanner scanner destination static RZNetwork RZNetwork no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static ClientNetwork ClientNetwork no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static Messe Messe no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static MUC2 MUC2 no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static RemoteNetworks RemoteNetworks no-proxy-arp route-lookup nat (inside,outside) source static inside inside destination static RemoteNetwork RemoteNetwork route-lookup nat (inside,outside) source static inside inside destination static BNetwork BNetwork no-proxy-arp route-lookup ! object network inside nat (any,outside) dynamic interface object network scanner nat (any,outside) dynamic interface access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 192.168.13.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authentication login-history http server enable http 192.168.1.0 255.255.255.0 management http 10.10.0.0 255.255.255.0 management http 213.203.223.132 255.255.255.255 outside http 192.168.53.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 inside http 192.168.49.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 outside http 192.168.51.0 255.255.255.0 inside no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map outside_map1 1 match address outside_cryptomap crypto map outside_map1 1 set peer 92... crypto map outside_map1 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 1 set security-association lifetime seconds 86400 crypto map outside_map1 1 set security-association lifetime kilobytes unlimited crypto map outside_map1 2 match address outside_cryptomap_1 crypto map outside_map1 2 set peer 212.... crypto map outside_map1 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 2 set security-association lifetime seconds 86400 crypto map outside_map1 2 set security-association lifetime kilobytes unlimited crypto map outside_map1 3 match address outside_cryptomap_7 crypto map outside_map1 3 set peer 176.... crypto map outside_map1 3 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map1 interface outside crypto ca trustpool policy crypto isakmp identity address crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 telnet timeout 5 no ssh stricthostkeycheck ssh 192.168.49.0 255.255.255.0 outside ssh 192.168.51.0 255.255.255.0 outside ssh 192.168.49.0 255.255.255.0 inside ssh 192.168.53.0 255.255.255.0 inside ssh 192.168.51.0 255.255.255.0 inside ssh 10.10.0.0 255.255.255.0 management ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd address 192.168.53.50-192.168.53.200 inside dhcpd dns 192.168.49.1 4.2.2.2 interface inside dhcpd option 43 hex f104c0a8310f interface inside dhcpd enable inside ! dhcpd address 192.168.63.50-192.168.63.200 scanner dhcpd dns 192.168.49.1 4.2.2.2 interface scanner dhcpd enable scanner ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev2 l2tp-ipsec ssl-clientless group-policy GroupPolicy2 internal group-policy GroupPolicy2 attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol ikev2 group-policy gpolicyMain internal group-policy gpolicyMain attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 group-policy gpolicymuc internal group-policy gpolicymuc attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol l2tp-ipsec periodic-authentication certificate none dynamic-access-policy-record DfltAccessPolicy username Cisco password $sha512$5000$52iVX12RdZJB8iPpuJn7RQ==$mI4SJgMu6WEcijMzmJBSlQ== pbkdf2 privilege 15 tunnel-group 212.,.. type ipsec-l2l tunnel-group 212.... general-attributes default-group-policy gpolicymuc tunnel-group 212.... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 92.... type ipsec-l2l tunnel-group 92... general-attributes default-group-policy gpolicyMain tunnel-group 92... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 176.... type ipsec-l2l tunnel-group 176.... general-attributes default-group-policy GroupPolicy2 tunnel-group 176... ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:29bd7c9ee28a00a0fb3ba5fb94974169 : end
Thank you!!
Labels:
- Labels:
-
IPSEC
0 Replies 0
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents