Solved: VPN Connectivity - Page 5

wynneitmgr · ‎10-12-2020

We currently have a VPN setup for our users when they are on the road or working from home using Cisco AnyConnect. We have the VPN setup on our ASA 5508 Firewall.

I now have a client that we send data to that needs us to setup a VPN for the connection. I was wondering if there was anyone out there that would be able to help me create the VPN (IKEv1 or IKEv2) and fill out this VPN questionnaire. Thank you in advance!!

wynneitmgr · ‎10-26-2020

@Rob Ingram

Our 3rd party replied with "Understood. Our ACLs allow for 10.0.0.3/32 to access 66.20.45.233/32 and 66.20.45.234/32"

wynneitmgr · ‎10-26-2020

@Rob Ingram

@Aref Alsouqi

Just a quick look again at the Packet Tracer results, it appears that its being blocked by a configured rule on our Firewall “Drop-reason: (acl-drop) Flow is denied by configured rule” I'm just not sure what rule this is referring to??

Aref Alsouqi · ‎10-26-2020

Can you please post the sanitized output of the following commands from CLI?

sh run cry map

sh run tunnel

sh run group-policy

sh run nat

sh run access-list <the access list you see on the sh run cry map output>

wynneitmgr · ‎10-26-2020

@Aref Alsouqi

@Rob Ingram

Result of the command: "sh run cry map"

crypto map wynnemap 1 match address outside_cryptomap
crypto map wynnemap 1 set peer 148.59.168.18
crypto map wynnemap 1 set ikev2 ipsec-proposal AES128-SHA AES256-SHA DES 3DES AES AES192 AES256
crypto map wynnemap 65535 ipsec-isakmp dynamic dynmap
crypto map wynnemap interface outside

Result of the command: "sh run tunnel"

tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 60 retry 10
tunnel-group DefaultRAGroup general-attributes
address-pool ippool
authentication-server-group AD-RADIUS LOCAL
default-group-policy wynnevpn
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 10
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ipsec-attributes
isakmp keepalive threshold 60 retry 10
tunnel-group 72.214.235.53 type ipsec-l2l
tunnel-group 72.214.235.53 ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 10
tunnel-group wynnevpn type remote-access
tunnel-group wynnevpn general-attributes
authentication-server-group AD-RADIUS LOCAL
default-group-policy wynnevpn
tunnel-group wynnevpn webvpn-attributes
group-alias "Wynne Transportation" enable
group-url https://63.147.191.66/remote-access enable
tunnel-group wynnevpn ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group CAMBIUM-RA type remote-access
tunnel-group CAMBIUM-RA general-attributes
default-group-policy wynnevpn
tunnel-group CAMBIUM-RA webvpn-attributes
group-url https://63.147.191.66/cambium-ra enable
without-csd
tunnel-group 148.59.168.18 type ipsec-l2l
tunnel-group 148.59.168.18 general-attributes
default-group-policy GroupPolicy_148.59.168.18
tunnel-group 148.59.168.18 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****

Result of the command: "sh run group-policy"

group-policy GroupPolicy_148.59.168.18 internal
group-policy GroupPolicy_148.59.168.18 attributes
vpn-tunnel-protocol ikev2
group-policy wynnevpn internal
group-policy wynnevpn attributes
wins-server value 10.0.0.2
dns-server value 10.0.0.2 10.0.0.100
vpn-simultaneous-logins 250
vpn-idle-timeout 1800
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client
pfs enable
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNClientTraffic
default-domain value corp.wynnetr.com
nem disable
address-pools value ippool
webvpn
anyconnect profiles value wynnetr type user

Result of the command: "sh run nat"

nat (inside,outside) source static WYNNE-CORP WYNNE-CORP destination static IPPOOL IPPOOL no-proxy-arp route-lookup
nat (any,outside) source dynamic IPPOOL interface
nat (inside,outside) source static WYNNEAPPS1 WYNNEAPPS1 destination static COMDATA COMDATA no-proxy-arp
!
object network WYNNEAPPS1
nat (inside,outside) static 63.147.191.67
!
nat (inside,outside) after-auto source dynamic WYNNE-CORP interface

wynneitmgr · ‎10-26-2020

@Rob Ingram

@Aref Alsouqi

Aref Alsouqi · ‎10-26-2020

Please post the output of the command sh run access-list outside_cryptomap.

wynneitmgr · ‎10-26-2020

@Aref Alsouqi

@Rob Ingram

Result of the command: "sh run access-list outside_cryptomap"

access-list outside_cryptomap extended permit ip object WYNNEAPPS1 object-group COMDATA

Aref Alsouqi · ‎10-26-2020

No really sure why is not working, I think the issue would be that on the remote side they did not configure the right encryption domains ACL. One last thing I would try for now would be to add the keyword route-lookup to the identity NAT rule and place it on the top, but honestly I think that would not make a difference:

no nat (inside,outside) source static WYNNEAPPS1 WYNNEAPPS1 destination static COMDATA COMDATA no-proxy-arp

nat (inside,outside) 1 source static WYNNEAPPS1 WYNNEAPPS1 destination static COMDATA COMDATA no-proxy-arp route-lookup

wynneitmgr · ‎10-26-2020

@Aref Alsouqi

@Rob Ingram

What about “Drop-reason: (acl-drop) Flow is denied by configured rule” ??

wynneitmgr · ‎10-26-2020

@Aref Alsouqi

@Rob Ingram

I added the route lookup. Still not pinging.

I have asked the 3rd party and they say everything is setup correctly on their end. Is there something specific I can have them confirm to ensure their settings are correct?

Aref Alsouqi · ‎10-26-2020

I would try to schedule a call with them, and doing the tests together. At the same time, I would enable debugging on the firewall with the command deb cry ikev2 pro 127 (I think you are using IKEv2, if not it would be deb cry ikev1 127). Actually, you can enable that and try again with packet tracer, that should give you some indications of what the issue would be. The third party should also do the same. If they should keep saying no issues on our end, I would ask them to provide all the VPN config details to review it.

wynneitmgr · ‎10-26-2020

@Aref Alsouqi

@Rob Ingram

Here are the results after enabling debugging with deb cry ikev2 pro 127

WYNNE-ASA5508-X# deb cry ikev2 pro 127
WYNNE-ASA5508-X# packet-tracer input inside icmp 10.0.0.3 8 0 66.20.45.233

Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 63.147.191.65 using egress ifc outside

Phase: 2
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,outside) source static WYNNEAPPS1 WYNNEAPPS1 destination static COMDATA COMDATA no-proxy-arp route-lookup
Additional Information:
NAT divert to egress interface outside
Untranslate 66.20.45.233/0 to 66.20.45.233/0

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
<--- More --->IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-5: (59): Setting configured policies
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-2: (59): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 21
IKEv2-PROTO-2: (59): Request queued for computation of DH key
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (59): Action: Action_Null
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (59): Generating IKE_SA_INIT message
IKEv2-PROTO-2: (59): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 14
(59): AES-GCM(59): AES-GCM(59): AES-GCM(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 14
(59): AES-GCM(59): AES-GCM(59): AES-GCM(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 3, SPI size: 0 (initial negotiation),
Num. transforms: 14
(59): AES-GCM(59): AES-GCM(59): AES-GCM(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 4, SPI size: 0 (initial negotiation),
Num. transforms: 20
(59): AES-CBC(59): AES-CBC(59): AES-CBC(59): 3DES(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): MD5(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 5, SPI size: 0 (initial negotiation),
Num. transforms: 20
(59): AES-CBC(59): AES-CBC(59): AES-CBC(59): 3DES(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): MD5(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 6, SPI size: 0 (initial negotiation),
Num. transforms: 20
(59): AES-CBC(59): AES-CBC(59): AES-CBC(59): 3DES(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): MD5(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATION(59):
IKEv2-PROTO-2: (59): Sending Packet [To 148.59.168.18:500/From 63.147.191.66:500/VRF i0:f0]
(59): Initiator SPI : 3D8CC4B7E23B7517 - Responder SPI : 0000000000000000 Message id: 0
(59): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-3: (59): Next payload: SA, version: 2.0 (59): Exchange type: IKE_SA_INIT, flags: INITIATOR (59): Message id: 0, length: 1342(59):
Payload contents:
(59): SA(59): Next payload: KE, reserved: 0x0, length: 940
(59): last proposal: 0x2, reserved: 0x0, length: 132
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 14(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 132
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 14(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 132
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 14(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 180
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 20(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 180
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 20(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x0, reserved: 0x0, length: 180
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 20(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): KE(59): Next payload: N, reserved: 0x0, length: 140
(59): DH group: 21, Reserved: 0x0
(59):
(59): 00 93 fd 63 6c 1c 10 7b 9c 52 ff 8d a7 5e f1 d9
(59): 48 66 75 78 be d8 b1 0e a1 46 c6 6e 59 16 6b ed
(59): 48 fd 62 55 61 0e e8 2b 3a fa 63 76 c4 22 1a ce
(59): 88 ae b4 02 cd 69 2e 3a 39 91 34 ca 3d 0f 1f 0f
(59): 02 f8 01 19 f7 5e 8a eb 26 e7 9c 09 7e e7 35 17
(59): 91 23 f2 d3 8f aa ec 9d cd 91 3b 31 f4 ab 7d 12
(59): ac e4 53 12 0e 7c 07 ce 48 4f 2c 30 d9 79 fe 47
(59): cd ff 39 00 2a 34 22 61 c7 d1 56 79 f7 49 a6 fe
(59): 81 91 23 79
(59): N(59): Next payload: VID, reserved: 0x0, length: 68
(59):
(59): 71 17 a1 4f 4f 7b ad 39 43 8d 6f 69 f7 f3 ff 17
(59): 3f dd f2 1a f9 6b 6b 24 e7 58 ac 37 f0 61 a1 a1
(59): 42 ed 11 1d 6b 49 17 83 6d 77 f0 c1 af 57 56 fe
(59): 5a df 4f 4b 21 74 d3 36 38 41 81 2a a3 7d 26 a4
(59): VID(59): Next payload: VID, reserved: 0x0, length: 23
(59):
(59): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(59): 53 4f 4e
(59): VID(59): Next payload: NOTIFY, reserved: 0x0, length: 59
(59):
(59): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(59): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(59): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(59): 73 2c 20 49 6e 63 2e
(59): NOTIFY(NAT_DETECTION_SOURCE_IP)(59): Next payload: NOTIFY, reserved: 0x0, length: 28
(59): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(59):
(59): 92 55 36 d4 86 10 b1 8d 09 1e 71 73 10 df 02 e0
(59): 0f 1b fa 40
(59): NOTIFY(NAT_DETECTION_DESTINATION_IP)(59): Next payload: NOTIFY, reserved: 0x0, length: 28
(59): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(59):
(59): 62 df 67 b7 ba 03 4a e1 ef f1 a4 81 71 78 87 45
(59): 14 d7 b1 f1
(59): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(59): Next payload: VID, reserved: 0x0, length: 8
(59): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(59): VID(59): Next payload: NONE, reserved: 0x0, length: 20
(59):
(59): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(59):
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-2: (59): Insert SA
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
(59):
IKEv2-PROTO-2: (59): Received Packet [From 148.59.168.18:500/To 63.147.191.66:500/VRF i0:f0]
(59): Initiator SPI : 3D8CC4B7E23B7517 - Responder SPI : 0000000000000000 Message id: 0
(59): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-3: (59): Next payload: NOTIFY, version: 2.0 (59): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (59): Message id: 0, length: 38(59):
Payload contents:
IKEv2-PROTO-5: Parse Notify Payload: INVALID_KE_PAYLOAD(59): NOTIFY(INVALID_KE_PAYLOAD)(59): Next payload: NONE, reserved: 0x0, length: 10
(59): Security protocol id: IKE, spi size: 0, type: INVALID_KE_PAYLOAD
(59):
(59): 00 05
(59):
(59): Decrypted packet:(59): Data: 38 bytes
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-5: (59): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (59): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_INV_KE
IKEv2-PROTO-2: (59): Processing invalid ke notification, we sent group 21, peer prefers group 5
IKEv2-PROTO-1: (59):
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-2: (59): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 5
IKEv2-PROTO-2: (59): Request queued for computation of DH key
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (59): Action: Action_Null
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (59): Generating IKE_SA_INIT message
IKEv2-PROTO-2: (59): IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 14
(59): AES-GCM(59): AES-GCM(59): AES-GCM(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 2, SPI size: 0 (initial negotiation),
Num. transforms: 14
(59): AES-GCM(59): AES-GCM(59): AES-GCM(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 3, SPI size: 0 (initial negotiation),
Num. transforms: 14
(59): AES-GCM(59): AES-GCM(59): AES-GCM(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 4, SPI size: 0 (initial negotiation),
Num. transforms: 20
(59): AES-CBC(59): AES-CBC(59): AES-CBC(59): 3DES(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): MD5(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 5, SPI size: 0 (initial negotiation),
Num. transforms: 20
(59): AES-CBC(59): AES-CBC(59): AES-CBC(59): 3DES(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): MD5(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-2: (59): IKE Proposal: 6, SPI size: 0 (initial negotiation),
Num. transforms: 20
(59): AES-CBC(59): AES-CBC(59): AES-CBC(59): 3DES(59): SHA512(59): SHA384(59): SHA256(59): SHA1(59): MD5(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): DH_GROUP_521_ECP/Group 21(59): DH_GROUP_384_ECP/Group 20(59): DH_GROUP_256_ECP/Group 19(59): DH_GROUP_2048_MODP_256_PRIME/Group 24(59): DH_GROUP_2048_MODP/Group 14(59): DH_GROUP_1536_MODP/Group 5(59): DH_GROUP_1024_MODP/Group 2IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Notify Payload: IKEV2_FRAGMENTATION_SUPPORTEDIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATION(59):
IKEv2-PROTO-2: (59): Sending Packet [To 148.59.168.18:500/From 63.147.191.66:500/VRF i0:f0]
(59): Initiator SPI : 3D8CC4B7E23B7517 - Responder SPI : 0000000000000000 Message id: 0
(59): IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-3: (59): Next payload: SA, version: 2.0 (59): Exchange type: IKE_SA_INIT, flags: INITIATOR (59): Message id: 0, length: 1402(59):
Payload contents:
(59): SA(59): Next payload: KE, reserved: 0x0, length: 940
(59): last proposal: 0x2, reserved: 0x0, length: 132
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 14(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 132
Proposal: 2, Protocol id: IKE, SPI size: 0, #trans: 14(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 132
Proposal: 3, Protocol id: IKE, SPI size: 0, #trans: 14(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-GCM
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 180
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 20(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x2, reserved: 0x0, length: 180
Proposal: 5, Protocol id: IKE, SPI size: 0, #trans: 20(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): last proposal: 0x0, reserved: 0x0, length: 180
Proposal: 6, Protocol id: IKE, SPI size: 0, #trans: 20(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_521_ECP/Group 21
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_384_ECP/Group 20
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_256_ECP/Group 19
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP_256_PRIME/Group 24
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2
(59): KE(59): Next payload: N, reserved: 0x0, length: 200
(59): DH group: 5, Reserved: 0x0
(59):
(59): 50 f0 df e9 80 a5 42 3a 06 07 88 00 b4 98 cb 91
(59): 86 63 72 d8 28 31 87 2d d0 68 ef 28 d6 28 b5 ae
(59): 7b 46 1d 2a c6 f0 16 77 06 17 b1 17 26 9b e3 79
(59): e2 65 9c a4 00 0f c1 fa e2 eb 7f 6d 4d a4 7d 2e
(59): 07 d5 24 21 23 bf 73 af 99 e1 7f ce c8 3e 02 5e
(59): af e3 27 2b 60 e7 c3 15 a4 d1 ca c3 e6 f0 fb 9e
(59): ad 8d de ae 9e e6 fb 9e e7 83 ea b8 1e 13 5a 32
(59): 7f 14 e1 37 fa ed 71 5a cb 92 f3 57 4d 12 ec dc
(59): 70 51 c0 a1 70 36 15 85 0d 3c 0e 5f 61 1d 0a 8d
(59): 39 f5 73 70 be 3e 7e f9 fe 5e 8f 6c dd c8 34 42
(59): 74 06 d3 81 74 95 05 0a f3 d7 00 04 b3 b9 c0 88
(59): 66 f3 46 25 48 f6 c0 02 53 02 03 d7 35 60 1a b8
(59): N(59): Next payload: VID, reserved: 0x0, length: 68
(59):
(59): 19 be 27 2e 23 db 37 90 eb 71 95 ca e0 58 6f 25
(59): 2e ad 35 f5 19 84 79 63 08 f7 6c ca 28 e2 f4 41
(59): 83 3a e1 8a 52 ef 19 c9 9a 4e 11 fe cd 2a e3 12
(59): 04 c2 40 79 ee 29 12 8f 3f 25 40 c1 41 c6 0f b8
(59): VID(59): Next payload: VID, reserved: 0x0, length: 23
(59):
(59): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(59): 53 4f 4e
(59): VID(59): Next payload: NOTIFY, reserved: 0x0, length: 59
(59):
(59): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(59): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(59): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(59): 73 2c 20 49 6e 63 2e
(59): NOTIFY(NAT_DETECTION_SOURCE_IP)(59): Next payload: NOTIFY, reserved: 0x0, length: 28
(59): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(59):
(59): 92 55 36 d4 86 10 b1 8d 09 1e 71 73 10 df 02 e0
(59): 0f 1b fa 40
(59): NOTIFY(NAT_DETECTION_DESTINATION_IP)(59): Next payload: NOTIFY, reserved: 0x0, length: 28
(59): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(59):
(59): 62 df 67 b7 ba 03 4a e1 ef f1 a4 81 71 78 87 45
(59): 14 d7 b1 f1
(59): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(59): Next payload: VID, reserved: 0x0, length: 8
(59): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
(59): VID(59): Next payload: NONE, reserved: 0x0, length: 20
(59):
(59): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(59):
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
(59):
IKEv2-PROTO-2: (59): Received Packet [From 148.59.168.18:500/To 63.147.191.66:500/VRF i0:f0]
(59): Initiator SPI : 3D8CC4B7E23B7517 - Responder SPI : 34AF12D306430D24 Message id: 0
(59): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-3: (59): Next payload: SA, version: 2.0 (59): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (59): Message id: 0, length: 535(59):
Payload contents:
(59): SA(59): Next payload: KE, reserved: 0x0, length: 48
(59): last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 4, Protocol id: IKE, SPI size: 0, #trans: 4(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA1
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
(59): KE(59): Next payload: N, reserved: 0x0, length: 200
(59): DH group: 5, Reserved: 0x0
(59):
(59): a5 2f 76 0a 74 59 e7 f0 9f ea ee ed 0c d1 cc d2
(59): 8e 24 a3 59 9a 57 22 0c 6f 42 a6 c5 84 52 cf 22
(59): 64 be 59 19 48 5a 5b c5 b1 e8 71 60 11 72 80 4f
(59): 8a 2c cb 89 66 4a e0 f4 f2 58 56 d3 80 0b 10 4a
(59): 9f 0c 1a 43 27 84 5c 2a 0c c3 35 e3 cf 21 e8 99
(59): 1c e3 60 0b fb 76 ef 03 3e 23 12 ce 27 22 92 83
(59): 20 4a 17 f3 72 17 e0 42 93 c6 cd cb 3d 0c f9 38
(59): 2d d3 6a 1e e3 75 89 90 87 0e ec b2 9c 8a a5 cb
(59): b3 4e 57 d9 e9 2f aa 18 a5 c0 25 a5 36 b5 98 63
(59): ef dd 7e c3 4c c8 44 3d 74 99 78 68 70 09 a8 b5
(59): 08 78 c1 08 21 4a 79 89 c0 2e d1 b9 3c e0 2f 05
(59): 24 f5 40 97 6f e2 96 d6 e8 b5 17 f6 e3 7e 8f 8a
(59): N(59): Next payload: VID, reserved: 0x0, length: 68
(59):
(59): ce 91 70 66 9a 71 16 88 28 55 f1 74 f9 ae f4 5a
(59): 03 c9 f1 1e f3 82 21 95 e6 bb 2f 00 86 6a ef 75
(59): 57 d4 70 13 e9 51 f6 aa f1 89 0f 37 f4 06 3a e8
(59): c8 5a 66 9a 05 2b 82 89 89 f7 2b 04 72 42 b0 6c
IKEv2-PROTO-5: Parse Vendor Specific Payload: CISCO-DELETE-REASON(59): VID(59): Next payload: VID, reserved: 0x0, length: 23
(59):
(59): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
(59): 53 4f 4e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM)(59): VID(59): Next payload: NOTIFY, reserved: 0x0, length: 59
(59):
(59): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
(59): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
(59): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
(59): 73 2c 20 49 6e 63 2e
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_SOURCE_IP(59): NOTIFY(NAT_DETECTION_SOURCE_IP)(59): Next payload: NOTIFY, reserved: 0x0, length: 28
(59): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
(59):
(59): 08 62 87 fc 37 01 8a 90 54 99 d7 9f 55 44 9a 54
(59): cb 46 42 98
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP(59): NOTIFY(NAT_DETECTION_DESTINATION_IP)(59): Next payload: CERTREQ, reserved: 0x0, length: 28
(59): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
(59):
(59): 84 8f a0 9e 21 79 b0 7f f6 56 5b 9c 58 49 a7 bb
(59): 07 e4 d9 b1
(59): CERTREQ(59): Next payload: NOTIFY, reserved: 0x0, length: 25
(59): Cert encoding X.509 Certificate - signature
(59): CertReq data: 20 bytes
IKEv2-PROTO-5: Parse Notify Payload: IKEV2_FRAGMENTATION_SUPPORTED(59): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(59): Next payload: VID, reserved: 0x0, length: 8
(59): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
IKEv2-PROTO-5: Parse Vendor Specific Payload: FRAGMENTATION(59): VID(59): Next payload: NONE, reserved: 0x0, length: 20
(59):
(59): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
(59):
(59): Decrypted packet:(59): Data: 535 bytes
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-5: (59): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (59): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-2: (59): Verify SA init message
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (59): Processing IKE_SA_INIT message
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-5: (59): Process NAT discovery notify
IKEv2-PROTO-5: (59): Processing nat detect src notify
IKEv2-PROTO-5: (59): Remote address matched
IKEv2-PROTO-5: (59): Processing nat detect dst notify
IKEv2-PROTO-5: (59): Local address matched
IKEv2-PROTO-5: (59): No NAT found
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-2: (59): Checking NAT discovery
IKEv2-PROTO-2: (59): NAT not found
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-2: (59): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 5
IKEv2-PROTO-2: (59): Request queued for computation of DH secret
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (59): Action: Action_Null
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-5: (59): Generate skeyid
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-2: (59): IETF Fragmentation is enabled
IKEv2-PROTO-2: (59): Cisco Fragmentation is enabled
IKEv2-PROTO-5: (59): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-2: (59): Completed SA init exchange
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-2: (59): Check for EAP exchange
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-2: (59): Generate my authentication data
IKEv2-PROTO-2: (59): Use preshared key for id 63.147.191.66, key len 32
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-2: (59): Get my authentication method
IKEv2-PROTO-2: (59): My authentication method is 'PSK'
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-2: (59): Check for EAP exchange
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (59): Generating IKE_AUTH message
IKEv2-PROTO-5: Construct Vendor Specific Payload: CISCO-GRANITEIKEv2-PROTO-2: (59): Constructing IDi payload: '63.147.191.66' of type 'IPv4 address'
IKEv2-PROTO-2: (59): ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 6
(59): AES-CBC(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): Don't use ESNIKEv2-PROTO-2: (59): ESP Proposal: 2, SPI size: 4 (IPSec negotiation),
Num. transforms: 6
(59): AES-CBC(59): SHA512(59): SHA384(59): SHA256(59): SHA96(59): Don't use ESNIKEv2-PROTO-2: (59): ESP Proposal: 3, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(59): DES(59): SHA96(59): MD596(59): Don't use ESNIKEv2-PROTO-2: (59): ESP Proposal: 4, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(59): 3DES(59): SHA96(59): MD596(59): Don't use ESNIKEv2-PROTO-2: (59): ESP Proposal: 5, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(59): AES-CBC(59): SHA96(59): MD596(59): Don't use ESNIKEv2-PROTO-2: (59): ESP Proposal: 6, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(59): AES-CBC(59): SHA96(59): MD596(59): Don't use ESNIKEv2-PROTO-2: (59): ESP Proposal: 7, SPI size: 4 (IPSec negotiation),
Num. transforms: 4
(59): AES-CBC(59): SHA96(59): MD596(59): Don't use ESNIKEv2-PROTO-5: Construct Notify Payload: INITIAL_CONTACTIKEv2-PROTO-5: Construct Notify Payload: ESP_TFC_NO_SUPPORTIKEv2-PROTO-5: Construct Notify Payload: NON_FIRST_FRAGSIKEv2-PROTO-2: (59): Building packet for encryption.
(59):
Payload contents:
(59): VID(59): Next payload: IDi, reserved: 0x0, length: 20
(59):
(59): 3f 8c c5 b7 f1 0c 86 50 3b ce 55 20 9e 58 1e 01
(59): IDi(59): Next payload: AUTH, reserved: 0x0, length: 12
(59): Id type: IPv4 address, Reserved: 0x0 0x0
(59):
(59): 3f 93 bf 42
(59): AUTH(59): Next payload: SA, reserved: 0x0, length: 28
(59): Auth method PSK, reserved: 0x0, reserved 0x0
(59): Auth data: 20 bytes
(59): SA(59): Next payload: TSi, reserved: 0x0, length: 364
(59): last proposal: 0x2, reserved: 0x0, length: 64
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 6(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(59): last proposal: 0x2, reserved: 0x0, length: 64
Proposal: 2, Protocol id: ESP, SPI size: 4, #trans: 6(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA512
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA384
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(59): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 3, Protocol id: ESP, SPI size: 4, #trans: 4(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(59): last proposal: 0x2, reserved: 0x0, length: 44
Proposal: 4, Protocol id: ESP, SPI size: 4, #trans: 4(59): last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(59): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 5, Protocol id: ESP, SPI size: 4, #trans: 4(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(59): last proposal: 0x2, reserved: 0x0, length: 48
Proposal: 6, Protocol id: ESP, SPI size: 4, #trans: 4(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(59): last proposal: 0x0, reserved: 0x0, length: 48
Proposal: 7, Protocol id: ESP, SPI size: 4, #trans: 4(59): last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA96
(59): last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
(59): last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
(59): TSi(59): Next payload: TSr, reserved: 0x0, length: 24
(59): Num of TSs: 1, reserved 0x0, reserved 0x0
(59): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(59): start port: 0, end port: 65535
(59): start addr: 10.0.0.3, end addr: 10.0.0.3
(59): TSr(59): Next payload: NOTIFY, reserved: 0x0, length: 24
(59): Num of TSs: 1, reserved 0x0, reserved 0x0
(59): TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
(59): start port: 0, end port: 65535
(59): start addr: 66.20.45.233, end addr: 66.20.45.233
(59): NOTIFY(INITIAL_CONTACT)(59): Next payload: NOTIFY, reserved: 0x0, length: 8
(59): Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
(59): NOTIFY(ESP_TFC_NO_SUPPORT)(59): Next payload: NOTIFY, reserved: 0x0, length: 8
(59): Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
(59): NOTIFY(NON_FIRST_FRAGS)(59): Next payload: NONE, reserved: 0x0, length: 8
(59): Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_ENCRYPT_MSG
IKEv2-PROTO-2: (59):
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_OK_ENCRYPT_RESP
IKEv2-PROTO-5: (59): Action: Action_Null
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_TRYSEND
(59):
IKEv2-PROTO-2: (59): Sending Packet [To 148.59.168.18:500/From 63.147.191.66:500/VRF i0:f0]
(59): Initiator SPI : 3D8CC4B7E23B7517 - Responder SPI : 34AF12D306430D24 Message id: 1
(59): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-3: (59): Next payload: ENCR, version: 2.0 (59): Exchange type: IKE_AUTH, flags: INITIATOR (59): Message id: 1, length: 572(59):
Payload contents:
(59): ENCR(59): Next payload: VID, reserved: 0x0, length: 544
(59): Encrypted data: 540 bytes
(59):
IKEv2-PROTO-5: (59): Fragmenting packet, Fragment MTU: 548, Number of fragments: 2, Fragment ID: 1
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_BLD_AUTH Event: EV_CHK_EAP_POST_ASYNC
IKEv2-PROTO-2: (59): Check for EAP exchange
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
(59):
IKEv2-PROTO-2: (59): Received Packet [From 148.59.168.18:500/To 63.147.191.66:500/VRF i0:f0]
(59): Initiator SPI : 3D8CC4B7E23B7517 - Responder SPI : 34AF12D306430D24 Message id: 1
(59): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-3: (59): Next payload: ENCR, version: 2.0 (59): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (59): Message id: 1, length: 76(59):
Payload contents:
IKEv2-PROTO-1: decrypt queued(59):
(59): Decrypted packet:(59): Data: 76 bytes
IKEv2-PROTO-1: Asynchronous request queued
IKEv2-PROTO-1:
(59): REAL Decrypted packet:(59): Data: 8 bytes
IKEv2-PROTO-5: Parse Notify Payload: AUTHENTICATION_FAILED NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED

IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-5: (59): Action: Action_Null
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (59): Process auth response notify
IKEv2-PROTO-1: (59):
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-2: (59): Auth exchange failed
IKEv2-PROTO-1: (59): Auth exchange failed
IKEv2-PROTO-1: (59): Auth exchange failed
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-5: (59): SM Trace-> SA: I_SPI=3D8CC4B7E23B7517 R_SPI=34AF12D306430D24 (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-2: (59): Abort exchange
IKEv2-PROTO-2: (59): Deleting SA
access-list inside_access_in extended permit ip any4 any4
Additional Information:

Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside,outside) source static WYNNEAPPS1 WYNNEAPPS1 destination static COMDATA COMDATA no-proxy-arp route-lookup
Additional Information:
Static translate 10.0.0.3/0 to 10.0.0.3/0

Phase: 5
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:

Phase: 8
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 9
Type: QOS
Subtype:
Result: ALLOW
Config:
class-map class-default
match any
policy-map global_policy
class class-default
service-policy global_policy global
Additional Information:

Phase: 10
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule