Site1#
*Feb 7 08:42:03.367: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 202.100.1.1:500, remote= 61.128.1.1:500,
local_proxy= 1.1.1.0/255.255.255.0/256/0,
remote_proxy= 2.2.2.0/255.255.255.0/256/0,
protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Feb 7 08:42:03.367: ISAKMP: (0):SA request profile is (NULL)
*Feb 7 08:42:03.367: ISAKMP: (0):Created a peer struct for 61.128.1.1, peer port 500
*Feb 7 08:42:03.367: ISAKMP: (0):New peer created peer = 0xF6D8A3D8 peer_handle = 0x80000003
*Feb 7 08:42:03.367: ISAKMP: (0):Locking peer struct 0xF6D8A3D8, refcount 1 for isakmp_initiator
*Feb 7 08:42:03.367: ISAKMP: (0):local port 500, remote port 500
*Feb 7 08:42:03.367: ISAKMP: (0):set new node 0 to QM_IDLE
*Feb 7 08:42:03.367: ISAKMP: (0):insert sa successfully sa = F4AE6228
*Feb 7 08:42:03.367: ISAKMP: (0):Can not start Aggressive mode, trying Main mode.
*Feb 7 08:42:03.367: ISAKMP: (0):found peer pre-shared key matching 61.128.1.1
*Feb 7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID
*Feb 7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-07 ID
*Feb 7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-03 ID
*Feb 7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-02 ID
*Feb 7 08:42:03.367: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Feb 7 08:42:03.367: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1
*Feb 7 08:42:03.367: ISAKMP: (0):beginning Main Mode exchange
*Feb 7 08:42:03.368: ISAKMP-PAK: (0):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb 7 08:42:03.368: ISAKMP: (0):Sending an IKE IPv4 Packet.
*Feb 7 08:42:03.369: ISAKMP-PAK: (0):received packet from 61.128.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
*Feb 7 08:42:03.369: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Feb 7 08:42:03.369: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_I_MM2
*Feb 7 08:42:03.369: ISAKMP: (0):processing SA payload. message ID = 0
*Feb 7 08:42:03.369: ISAKMP: (0):processing vendor id payload
*Feb 7 08:42:03.369: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
*Feb 7 08:42:03.369: ISAKMP: (0):vendor ID is NAT-T RFC 3947
*Feb 7 08:42:03.369: ISAKMP: (0):found peer pre-shared key matching 61.128.1.1
*Feb 7 08:42:03.369: ISAKMP: (0):local preshared key found
*Feb 7 08:42:03.369: ISAKMP: (0):Scanning profiles for xauth ...
*Feb 7 08:42:03.369: ISAKMP: (0):Checking ISAKMP transform 1 against priority 10 policy
*Feb 7 08:42:03.369: ISAKMP: (0): encryption 3DES-CBC
*Feb 7 08:42:03.369: ISAKMP: (0): hash MD5
*Feb 7 08:42:03.369: ISAKMP: (0): default group 2
*Feb 7 08:42:03.369: ISAKMP: (0): auth pre-share
*Feb 7 08:42:03.369: ISAKMP: (0): life type in seconds
*Feb 7 08:42:03.369: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Feb 7 08:42:03.369: ISAKMP: (0):atts are acceptable. Next payload is 0
*Feb 7 08:42:03.369: ISAKMP: (0):Acceptable atts:actual life: 0
*Feb 7 08:42:03.369: ISAKMP: (0):Acceptable atts:life: 0
*Feb 7 08:42:03.369: ISAKMP: (0):Fill atts in sa vpi_length:4
*Feb 7 08:42:03.369: ISAKMP: (0):Fill atts in sa life_in_seconds:86400
*Feb 7 08:42:03.369: ISAKMP: (0):Returning Actual lifetime: 86400
*Feb 7 08:42:03.369: ISAKMP: (0):Started lifetime timer: 86400.
*Feb 7 08:42:03.369: ISAKMP: (0):processing vendor id payload
*Feb 7 08:42:03.369: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
*Feb 7 08:42:03.369: ISAKMP: (0):vendor ID is NAT-T RFC 3947
*Feb 7 08:42:03.369: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Feb 7 08:42:03.369: ISAKMP: (0):Old State = IKE_I_MM2 New State = IKE_I_MM2
*Feb 7 08:42:03.370: ISAKMP-PAK: (0):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
*Feb 7 08:42:03.370: ISAKMP: (0):Sending an IKE IPv4 Packet.
*Feb 7 08:42:03.370: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Feb 7 08:42:03.370: ISAKMP: (0):Old State = IKE_I_MM2 New State = IKE_I_MM3
*Feb 7 08:42:03.377: ISAKMP-PAK: (0):received packet from 61.128.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
*Feb 7 08:42:03.377: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Feb 7 08:42:03.377: ISAKMP: (0):Old State = IKE_I_MM3 New State = IKE_I_MM4
*Feb 7 08:42:03.377: ISAKMP: (0):processing KE payload. message ID = 0
*Feb 7 08:42:03.379: ISAKMP: (0):processing NONCE payload. message ID = 0
*Feb 7 08:42:03.379: ISAKMP: (0):found peer pre-shared key matching 61.128.1.1
*Feb 7 08:42:03.379: ISAKMP: (1002):processing vendor id payload
*Feb 7 08:42:03.379: ISAKMP: (1002):vendor ID is Unity
*Feb 7 08:42:03.379: ISAKMP: (1002):processing vendor id payload
*Feb 7 08:42:03.379: ISAKMP: (1002):vendor ID is DPD
*Feb 7 08:42:03.379: ISAKMP: (1002):processing vendor id payload
*Feb 7 08:42:03.379: ISAKMP: (1002):speaking to another IOS box!
*Feb 7 08:42:03.379: ISAKMP: (1002):received payload type 20
*Feb 7 08:42:03.379: ISAKMP: (1002):His hash no match - this node outside NAT
*Feb 7 08:42:03.379: ISAKMP: (1002):received payload type 20
*Feb 7 08:42:03.379: ISAKMP: (1002):No NAT Found for self or peer
*Feb 7 08:42:03.379: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Feb 7 08:42:03.379: ISAKMP: (1002):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Feb 7 08:42:03.380: ISAKMP: (1002):Send initial contact
*Feb 7 08:42:03.380: ISAKMP: (1002):SA is doing
*Feb 7 08:42:03.380: ISAKMP: (1002):pre-shared key authentication using id type ID_IPV4_ADDR
*Feb 7 08:42:03.380: ISAKMP: (1002):ID payload
next-payload : 8
type : 1
*Feb 7 08:42:03.380: ISAKMP: (1002): address : 202.100.1.1
*Feb 7 08:42:03.380: ISAKMP: (1002): protocol : 17
port : 500
length : 12
*Feb 7 08:42:03.380: ISAKMP: (1002):Total payload length: 12
*Feb 7 08:42:03.380: ISAKMP-PAK: (1002):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Feb 7 08:42:03.380: ISAKMP: (1002):Sending an IKE IPv4 Packet.
*Feb 7 08:42:03.380: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Feb 7 08:42:03.380: ISAKMP: (1002):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Feb 7 08:42:03.381: ISAKMP-PAK: (0):received packet from 61.128.1.1 dport 500 sport 500 Global (N) NEW SA
*Feb 7 08:42:03.381: %CRYPTO-4-IKMP_NO_SA: IKE message from 61.128.1.1 has no SA and is not an initialization offer
*Feb 7 08:42:03.385: ISAKMP-PAK: (1002):received packet from 61.128.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
*Feb 7 08:42:03.385: ISAKMP: (1002):processing ID payload. message ID = 0
*Feb 7 08:42:03.385: ISAKMP: (1002):ID payload
next-payload : 8
type : 1
*Feb 7 08:42:03.385: ISAKMP: (1002): address : 61.128.1.1
*Feb 7 08:42:03.385: ISAKMP: (1002): protocol : 17
port : 500
length : 12
*Feb 7 08:42:03.385: ISAKMP: (0):peer matches *none* of the profiles
*Feb 7 08:42:03.385: ISAKMP: (1002):processing HASH payload. message ID = 0
*Feb 7 08:42:03.385: ISAKMP: (1002):SA authentication status:
authenticated
*Feb 7 08:42:03.385: ISAKMP: (1002):SA has been authenticated with 61.128.1.1
*Feb 7 08:42:03.385: ISAKMP: (0):Trying to insert a peer 202.100.1.1/61.128.1.1/500/,
*Feb 7 08:42:03.385: ISAKMP: (0): and inserted successfully F6D8A3D8.
*Feb 7 08:42:03.385: ISAKMP: (1002):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Feb 7 08:42:03.385: ISAKMP: (1002):Old State = IKE_I_MM5 New State = IKE_I_MM6
*Feb 7 08:42:03.385: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Feb 7 08:42:03.385: ISAKMP: (1002):Old State = IKE_I_MM6 New State = IKE_I_MM6
*Feb 7 08:42:03.389: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Feb 7 08:42:03.389: ISAKMP: (1002):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
*Feb 7 08:42:03.389: ISAKMP: (1002):beginning Quick Mode exchange, M-ID of 1338724135
*Feb 7 08:42:03.389: ISAKMP: (1002):QM Initiator gets spi
*Feb 7 08:42:03.389: ISAKMP-PAK: (1002):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) QM_IDLE
*Feb 7 08:42:03.389: ISAKMP: (1002):Sending an IKE IPv4 Packet.
*Feb 7 08:42:03.389: ISAKMP: (1002):Node 1338724135, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Feb 7 08:42:03.389: ISAKMP: (1002):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
*Feb 7 08:42:03.389: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Feb 7 08:42:03.389: ISAKMP: (1002):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Feb 7 08:42:03.391: ISAKMP-PAK: (1002):received packet from 61.128.1.1 dport 500 sport 500 Global (I) QM_IDLE
*Feb 7 08:42:03.391: ISAKMP: (1002):processing HASH payload. message ID = 1338724135
*Feb 7 08:42:03.391: ISAKMP: (1002):processing SA payload. message ID = 1338724135
*Feb 7 08:42:03.391: ISAKMP: (1002):Checking IPSec proposal 1
*Feb 7 08:42:03.391: ISAKMP: (1002):transform 1, ESP_DES
*Feb 7 08:42:03.391: ISAKMP: (1002): attributes in transform:
*Feb 7 08:42:03.391: ISAKMP: (1002): encaps is 1 (Tunnel)
*Feb 7 08:42:03.391: ISAKMP: (1002): SA life type in seconds
*Feb 7 08:42:03.391: ISAKMP: (1002): SA life duration (basic) of 3600
*Feb 7 08:42:03.391: ISAKMP: (1002): SA life type in kilobytes
*Feb 7 08:42:03.391: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Feb 7 08:42:03.391: ISAKMP: (1002): authenticator is HMAC-MD5
*Feb 7 08:42:03.391: ISAKMP: (1002):atts are acceptable.
*Feb 7 08:42:03.391: IPSEC(validate_proposal_request): proposal part #1
*Feb 7 08:42:03.391: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 202.100.1.1:0, remote= 61.128.1.1:0,
local_proxy= 1.1.1.0/255.255.255.0/256/0,
remote_proxy= 2.2.2.0/255.255.255.0/256/0,
protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Feb 7 08:42:03.391: Crypto mapdb : proxy_match
src addr : 1.1.1.0
dst addr : 2.2.2.0
protocol : 0
src port : 0
dst port : 0
*Feb 7 08:42:03.391: (ipsec_process_proposal)Map Accepted: cry-map, 10
*Feb 7 08:42:03.391: ISAKMP: (1002):processing NONCE payload. message ID = 1338724135
*Feb 7 08:42:03.391: ISAKMP: (1002):processing ID payload. message ID = 1338724135
*Feb 7 08:42:03.391: ISAKMP: (1002):processing ID payload. message ID = 1338724135
*Feb 7 08:42:03.391: ISAKMP: (1002):Node 1338724135, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Feb 7 08:42:03.391: ISAKMP: (1002):Old State = IKE_QM_I_QM1 New State = IKE_QM_IPSEC_INSTALL_AWAIT
*Feb 7 08:42:03.391: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Feb 7 08:42:03.391: Crypto mapdb : proxy_match
src addr : 1.1.1.0
dst addr : 2.2.2.0
protocol : 256
src port : 0
dst port : 0
*Feb 7 08:42:03.391: IPSEC(crypto_ipsec_create_ipsec_sas): Map found cry-map, 10
*Feb 7 08:42:03.391: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 61.128.1.1
*Feb 7 08:42:03.391: IPSEC(get_old_outbound_sa_for_peer): No outbound SA found for peer F68B2834
*Feb 7 08:42:03.391: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.100.1.1, sa_proto= 50,
sa_spi= 0x662899B7(1713936823),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 5
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 202.100.1.1:0, remote= 61.128.1.1:0,
local_proxy= 1.1.1.0/255.255.255.0/256/0,
remote_proxy= 2.2.2.0/255.255.255.0/256/0
*Feb 7 08:42:03.391: IPSEC(create_sa): sa created,
(sa) sa_dest= 61.128.1.1, sa_proto= 50,
sa_spi= 0x7FB90FCC(2142834636),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 6
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 202.100.1.1:0, remote= 61.128.1.1:0,
local_proxy= 1.1.1.0/255.255.255.0/256/0,
remote_proxy= 2.2.2.0/255.255.255.0/256/0
*Feb 7 08:42:03.391: IPSEC: Expand action denied, notify RP
*Feb 7 08:42:03.391: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
*Feb 7 08:42:03.392: ISAKMP: (1002):Received IPSec Install callback... proceeding with the negotiation
*Feb 7 08:42:03.392: ISAKMP: (1002):Successfully installed IPSEC SA (SPI:0x662899B7) on Ethernet0/1
Site1#
*Feb 7 08:42:03.392: ISAKMP-PAK: (1002):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) QM_IDLE
*Feb 7 08:42:03.392: ISAKMP: (1002):Sending an IKE IPv4 Packet.
*Feb 7 08:42:03.392: ISAKMP: (1002):deleting node 1338724135 error FALSE reason "No Error"
*Feb 7 08:42:03.392: ISAKMP: (1002):Node 1338724135, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
*Feb 7 08:42:03.392: ISAKMP: (1002):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_PHASE2_COMPLETE
Site1#
*Feb 7 08:42:53.398: ISAKMP: (1002):purging node 1338724135
Site1#un all
All possible debugging has been turned off
Site1#