From owner-freebsd-security@FreeBSD.ORG Tue Jul 27 01:37:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3050816A4CE for ; Tue, 27 Jul 2004 01:37:15 +0000 (GMT) Received: from tripmail.triparish.net (tripmail.triparish.net [68.153.37.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 70B8F43D1D for ; Tue, 27 Jul 2004 01:37:14 +0000 (GMT) (envelope-from admin@triparish.net) Received: (qmail 43273 invoked from network); 27 Jul 2004 01:37:12 -0000 Received: from unknown (HELO ?192.168.1.225?) (68.152.27.24) by tripmail.triparish.net with SMTP; 27 Jul 2004 01:37:12 -0000 From: Lewey Taylor To: freebsd-security@freebsd.org Content-Type: text/plain Message-Id: <1090892097.7219.0.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Mon, 26 Jul 2004 20:34:58 -0500 Content-Transfer-Encoding: 7bit Subject: Cisco IOS and racoon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 01:37:15 -0000 I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a freebsd 4.9 install with racoon. I have package version freebsd-20040408a and internal version 20001216 in my log file. I posted the full racoon and cisco log below my configs. Racoon keeps saying: 2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:03: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:24:03: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=5(id) 2004-07-26 16:24:03: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid length of payload My Cisco config is: crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 10000 crypto isakmp key donttell address 1.1.1.1 no-xauth ! crypto ipsec security-association lifetime seconds 6000 ! crypto ipsec transform-set MB esp-3des esp-md5-hmac ! crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp description BBE Map set peer 1.1.1.1 set security-association lifetime seconds 10000 set transform-set MB set pfs group2 match address 109 ! ! ! ! interface FastEthernet0/0 ip address 10.0.3.1 255.255.255.0 speed auto ! interface FastEthernet0/0.1 ! interface Serial0/0 ip address 2.2.2.2 255.255.255.252 service-module t1 timeslots 1-24 crypto map FreeBSDIPSEC-MAP ! ip default-gateway 2.2.2.3 ip classless ip route 0.0.0.0 0.0.0.0 2.2.2.3 no ip http server no ip http secure-server ! ! ! access-list 109 permit ip 10.0.3.0 0.0.0.255 10.0.10.0 0.0.0.255 access-list 109 permit ip 10.0.10.0 0.0.0.255 10.0.3.0 0.0.0.255 My racoon.conf # $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $ # "path" must be placed before it should be used. # You can overwrite which you defined, but it should not use due to confusing. path include "/usr/local/etc/racoon" ; #include "remote.conf" ; # search this file for pre_shared_key with various ID key. path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; # racoon will look for certificate file in the directory, # if the certificate/certificate request payload is received. path certificate "/usr/local/etc/cert" ; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". log debug2; # "padding" defines some parameter of padding. You should not touch these. padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } # if no listen directive is specified, racoon will listen to all # available interface addresses. listen { #isakmp ::1 [7000]; isakmp 1.1.1.1 [500]; #admin [7002]; # administrative's port by kmpstat. #strict_address; # required all addresses must be bound. } # Specification of default various timer. timer { # These value can be changed per remote node. counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } remote anonymous { #exchange_mode main,aggressive; exchange_mode main,base,aggressive; doi ipsec_doi; #situation identity_only; my_identifier user_fqdn "bbedevil"; peers_identifier user_fqdn "bbeameliarouter"; nonce_size 16; lifetime time 10000 sec; initial_contact on; support_mip6 on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 10000 sec; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } My spdadd #! /bin/sh #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none; #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none; case "$1" in start) setkey -F setkey -FP setkey -c <&2 ;; esac exit 0 My racoon error.log 2004-07-26 16:23:15: INFO: main.c:172:main(): @(#)package version freebsd-20040408a 2004-07-26 16:23:15: INFO: main.c:174:main(): @(#)internal version 20001216 sakane@kame.net 2004-07-26 16:23:15: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/) 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3> 2004-07-26 16:23:15: DEBUG2: cftoken.l:179:yylex(): begin <11>padding 2004-07-26 16:23:15: DEBUG2: cftoken.l:183:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:181:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:184:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:185:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3> 2004-07-26 16:23:15: DEBUG2: cftoken.l:189:yylex(): begin <13>listen 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13> 2004-07-26 16:23:15: DEBUG2: cftoken.l:191:yylex(): <13> 2004-07-26 16:23:15: DEBUG2: cftoken.l:435:yylex(): <13> 2004-07-26 16:23:15: DEBUG2: cftoken.l:299:yylex(): <13> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3> 2004-07-26 16:23:15: DEBUG2: cftoken.l:197:yylex(): begin <15>timer 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:199:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:200:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:201:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:202:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:203:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15> 2004-07-26 16:23:15: DEBUG2: cftoken.l:228:yylex(): begin <25>remote 2004-07-26 16:23:15: DEBUG2: cftoken.l:229:yylex(): <25> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:233:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:236:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:234:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:235:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:234:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:237:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:238:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:239:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:245:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:367:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:420:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:246:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:367:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:420:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:256:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:268:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:269:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:260:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:285:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:258:yylex(): <27> 2004-07-26 16:23:15: WARNING: cftoken.l:514:yywarn(): /usr/local/etc/racoon/racoon.conf:63: "support_mip6" it is obsoleted. use "support_proxy". 2004-07-26 16:23:15: DEBUG2: cftoken.l:285:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:261:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:262:yylex(): <27> 2004-07-26 16:23:15: DEBUG2: cftoken.l:272:yylex(): begin <29>proposal 2004-07-26 16:23:15: DEBUG2: cftoken.l:278:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cftoken.l:319:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cftoken.l:280:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cftoken.l:339:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cftoken.l:279:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cftoken.l:358:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cftoken.l:281:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <29> 2004-07-26 16:23:15: DEBUG2: cfparse.y:1247:set_isakmp_proposal(): lifetime = 10000 2004-07-26 16:23:15: DEBUG2: cfparse.y:1250:set_isakmp_proposal(): lifebyte = 0 2004-07-26 16:23:15: DEBUG2: cfparse.y:1253:set_isakmp_proposal(): encklen=0 2004-07-26 16:23:15: DEBUG2: cfparse.y:1316:expand_isakmpspec(): p:1 t:1 2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec(): 3DES-CBC(5) 2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec(): MD5(1) 2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec(): 1024-bit MODP group(2) 2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec(): pre-shared key(1) 2004-07-26 16:23:15: DEBUG2: cfparse.y:1327:expand_isakmpspec(): 2004-07-26 16:23:15: DEBUG: algorithm.c:614:alg_oakley_dhdef(): hmac(modp1024) 2004-07-26 16:23:15: DEBUG2: cftoken.l:207:yylex(): begin <21>sainfo 2004-07-26 16:23:15: DEBUG2: cftoken.l:208:yylex(): <21> 2004-07-26 16:23:15: DEBUG2: cftoken.l:216:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:219:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:220:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:222:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:319:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:223:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:332:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:224:yylex(): <23> 2004-07-26 16:23:15: DEBUG2: cftoken.l:346:yylex(): <23> 2004-07-26 16:23:15: DEBUG: pfkey.c:2379:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it. 2004-07-26 16:23:15: DEBUG2: cfparse.y:1429:cfparse(): parse successed. 2004-07-26 16:23:15: INFO: isakmp.c:1368:isakmp_open(): 1.1.1.1[500] used as isakmp port (fd=5) 2004-07-26 16:23:15: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey X_SPDDUMP message 2004-07-26 16:23:15: DEBUG2: plog.c:193:plogdump(): 02120000 0f000100 01000000 0f020000 03000500 04180000 10020000 0a000300 00000000 00000000 03000600 04180000 10020000 0a000100 00000000 00000000 07001200 02000100 02000000 00000000 28003200 02020000 10020000 43203c92 00000000 00000000 10020000 43203c36 00000000 00000000 2004-07-26 16:23:15: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey X_SPDDUMP message 2004-07-26 16:23:15: DEBUG2: plog.c:193:plogdump(): 02120000 0f000100 00000000 0f020000 03000500 04180000 10020000 0a000a00 00000000 00000000 03000600 04180000 10020000 0a000300 00000000 00000000 07001200 02000200 01000000 00000000 28003200 02020000 10020000 43203c36 00000000 00000000 10020000 43203c92 00000000 00000000 2004-07-26 16:23:15: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff9b8: 10.0.10.0/24[0] 10.0.3.0/24[0] proto=4 dir=out 2004-07-26 16:23:15: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a2c08: 10.0.3.0/24[0] 10.0.1.0/24[0] proto=4 dir=in 2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): === 2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 120 bytes message received from 2.2.2.2[500] 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 00000000 00000000 01100200 00000000 00000078 0d000034 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001 80040002 80030001 800b0001 800c2710 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 00000014 90cb8091 3ebb696e 086381b5 ec427b1f 2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:22: DEBUG: remoteconf.c:129:getrmconf(): anonymous configuration selected for 2.2.2.2[500]. 2004-07-26 16:23:22: DEBUG: isakmp.c:899:isakmp_ph1begin_r(): === 2004-07-26 16:23:22: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new phase 1 negotiation: 1.1.1.1[500]<=>2.2.2.2[500] 2004-07-26 16:23:22: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin Identity Protection mode. 2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=1(sa) 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=13(vid) 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=13(vid) 2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed. 2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA len=48 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001 80040002 80030001 800b0001 800c2710 2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=2(prop) 2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed. 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1 len=40 2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=3(trns) 2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed. 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1 len=32 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef(): hash(md5) 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2004-07-26 16:23:22: DEBUG: algorithm.c:614:alg_oakley_dhdef(): hmac(modp1024) 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life Duration, flag=0x8000, lorv=10000 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1: 2004-07-26 16:23:22: DEBUG: proposal.c:895:print_proppair0(): 0x80a8dd0: next=0x0 tnext=0x0 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal #1: 1 transform 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:322:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:327:get_ph1approvalx(): trns#=1, trns-id=IKE 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life Duration, flag=0x8000, lorv=10000 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:338:get_ph1approvalx(): Compared: DB:Peer 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:339:get_ph1approvalx(): (lifetime = 10000:10000) 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:341:get_ph1approvalx(): (lifebyte = 0:0) 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:343:get_ph1approvalx(): enctype = 3DES-CBC:3DES-CBC 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:348:get_ph1approvalx(): (encklen = 0:0) 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:350:get_ph1approvalx(): hashtype = MD5:MD5 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:355:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:360:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2004-07-26 16:23:22: DEBUG: ipsec_doi.c:248:get_ph1approval(): an acceptable proposal found. 2004-07-26 16:23:22: DEBUG: algorithm.c:614:alg_oakley_dhdef(): hmac(modp1024) 2004-07-26 16:23:22: DEBUG: isakmp.c:2006:isakmp_newcookie(): new cookie: e352ee142f02e4f2 2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 48, next type 1 2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 16, next type 13 2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:22: DEBUG: sockmisc.c:421:sendfromto(): sockname 1.1.1.1[500] 2004-07-26 16:23:22: DEBUG: sockmisc.c:423:sendfromto(): send packet from 1.1.1.1[500] 2004-07-26 16:23:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to 2.2.2.2[500] 2004-07-26 16:23:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 100 bytes message will be sent to 2.2.2.2[500] 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 01100200 00000000 00000064 0d000034 00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001 80040002 80030001 800b0001 800c2710 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2004-07-26 16:23:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 77260cb124e74d13:e352ee142f02e4f2 2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): === 2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 256 bytes message received from 2.2.2.2[500] 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 00000100 0a000084 7cda6ebd d8f6e21d 3d39cbc5 52a3e564 d119a7cf c16164a3 cbfee711 2f40edb3 3d234f52 a66b11ac 57374d1c ab1c658d 1f1aa6c3 0fa6e476 3bd5f898 5ae8836b 1d7117e2 55186f70 462fadc7 0c71a9f4 445da4e7 92a3aee8 30293d7a 98a9cdcf e8b367c6 0133fc87 75b708e4 7cf6afba 47ec96e6 30ab0f33 3fd05435 0d54ecff 0d000018 5dfca701 956f4c3b 22b474e9 8c80ac6a ca6bb414 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 0d000014 82e1abac 24e64d13 946773ca 77f7fe51 0000000c 09002689 dfd6b712 2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=4(ke) 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=10(nonce) 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=13(vid) 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=13(vid) 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=13(vid) 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=13(vid) 2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed. 2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2004-07-26 16:23:22: DEBUG: isakmp.c:633:ph1_main(): === 2004-07-26 16:23:22: DEBUG: oakley.c:300:oakley_dh_generate(): compute DH's private. 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 5cb32b6c 3e9febc3 cb777a15 eb049ce2 af60588b e214f80a 4d66df7b 1b5a26fc 766653b1 003fa259 d79a535c f058b6b8 d538319e abf71adf 02581d58 d73a1f51 c1a2b67a 9c6679b1 5b8b7850 63cbfdd0 f9639b97 35f96eef d1a8ee09 c8601300 a0d62f2d bf777d05 4e23592a e7995311 ac35184f b09dac2f ecb4b1a0 c1661e3b 2004-07-26 16:23:22: DEBUG: oakley.c:302:oakley_dh_generate(): compute DH's public. 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a 730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6 071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde 2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 128, next type 4 2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 16, next type 10 2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 16, next type 13 2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:22: DEBUG: sockmisc.c:421:sendfromto(): sockname 1.1.1.1[500] 2004-07-26 16:23:22: DEBUG: sockmisc.c:423:sendfromto(): send packet from 1.1.1.1[500] 2004-07-26 16:23:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to 2.2.2.2[500] 2004-07-26 16:23:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200 bytes message will be sent to 2.2.2.2[500] 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084 5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a 730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6 071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde 0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2004-07-26 16:23:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 77260cb124e74d13:e352ee142f02e4f2 2004-07-26 16:23:22: DEBUG: oakley.c:250:oakley_dh_compute(): compute DH's shared. 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): c21a9cbd 3ae743af 5f192a54 cd8dfc36 9c52f78b 46034118 40cddd67 bac653c7 83d6eaa7 6a932acf 159aa5ce 539771ba be3758e7 c30d3144 d504590d 23d78696 aec8dd1a 63644f4a 97a634ba 3cdd9e16 d6d24d0c dbac61ef 43bf6bd8 0a8fb60c 84e7f5b6 07924df2 fbc791e2 1ee817be e1f284d7 a91f389e 534e4378 87bae3ca 2004-07-26 16:23:22: DEBUG: oakley.c:2104:oakley_skeyid(): the psk found. 2004-07-26 16:23:22: DEBUG2: oakley.c:2106:oakley_skeyid(): psk: 2004-07-26 16:23:22: DEBUG2: plog.c:193:plogdump(): 646f6e74 74656c6c 09 2004-07-26 16:23:22: DEBUG: oakley.c:2119:oakley_skeyid(): nonce 1: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 5dfca701 956f4c3b 22b474e9 8c80ac6a ca6bb414 2004-07-26 16:23:22: DEBUG: oakley.c:2125:oakley_skeyid(): nonce 2: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): fcdeb51e a872e9f3 32fb0b9d 20262525 2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef(): hmac(hmac_md5) 2004-07-26 16:23:22: DEBUG: oakley.c:2178:oakley_skeyid(): SKEYID computed: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): db29fe9b 5653409a 8fcdf873 bc86a047 2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef(): hmac(hmac_md5) 2004-07-26 16:23:22: DEBUG: oakley.c:2235:oakley_skeyid_dae(): SKEYID_d computed: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 2a646ff0 3bc34de2 25fd5ddf 0757a73e 2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef(): hmac(hmac_md5) 2004-07-26 16:23:22: DEBUG: oakley.c:2264:oakley_skeyid_dae(): SKEYID_a computed: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 7de0c436 ec679d9e db8a7a5d 27d24b5a 2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef(): hmac(hmac_md5) 2004-07-26 16:23:22: DEBUG: oakley.c:2293:oakley_skeyid_dae(): SKEYID_e computed: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): db9aa285 c2e8a677 7ccad205 6c715386 2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef(): hash(md5) 2004-07-26 16:23:22: DEBUG: oakley.c:2362:oakley_compute_enckey(): len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 | ...) 2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef(): hmac(hmac_md5) 2004-07-26 16:23:22: DEBUG: oakley.c:2387:oakley_compute_enckey(): compute intermediate encryption key K1 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 00 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef 2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef(): hmac(hmac_md5) 2004-07-26 16:23:22: DEBUG: oakley.c:2387:oakley_compute_enckey(): compute intermediate encryption key K2 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): df13ef04 7d56da3e 206d090d afd4883b 2004-07-26 16:23:22: DEBUG: oakley.c:2435:oakley_compute_enckey(): final encryption key computed: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e 2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef(): hash(md5) 2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:22: DEBUG: oakley.c:2546:oakley_newiv(): IV computed: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 8ee7499c 701de062 2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): === 2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes message received from 2.2.2.2[500] 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217 02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d 8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f 2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:22: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin decryption. 2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:22: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was saved for next processing: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:22: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e 2004-07-26 16:23:22: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted payload by IV: 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:23:22: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted payload, but not trimed. 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 2b7aada3 390dbdf3 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:23:22: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding len=167 2004-07-26 16:23:22: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to trim padding. 2004-07-26 16:23:22: DEBUG: oakley.c:2754:oakley_do_decrypt(): decrypted. 2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c 2b7aada3 390dbdf3 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=5(id) 2004-07-26 16:23:22: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid length of payload 2004-07-26 16:23:32: DEBUG: isakmp.c:233:isakmp_handler(): === 2004-07-26 16:23:32: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes message received from 2.2.2.2[500] 2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217 02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d 8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f 2004-07-26 16:23:32: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:32: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin decryption. 2004-07-26 16:23:32: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:32: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was saved for next processing: 2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:23:32: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:32: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key: 2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e 2004-07-26 16:23:32: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted payload by IV: 2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:23:32: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted payload, but not trimed. 2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump(): c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:23:32: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding len=167 2004-07-26 16:23:32: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to trim padding. 2004-07-26 16:23:32: DEBUG: oakley.c:2754:oakley_do_decrypt(): decrypted. 2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:23:32: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:32: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:23:32: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=5(id) 2004-07-26 16:23:32: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid length of payload 2004-07-26 16:23:42: DEBUG: isakmp.c:233:isakmp_handler(): === 2004-07-26 16:23:42: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes message received from 2.2.2.2[500] 2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217 02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d 8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f 2004-07-26 16:23:42: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:42: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin decryption. 2004-07-26 16:23:42: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:42: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was saved for next processing: 2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:23:42: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:23:42: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key: 2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e 2004-07-26 16:23:42: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted payload by IV: 2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:23:42: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted payload, but not trimed. 2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump(): c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:23:42: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding len=167 2004-07-26 16:23:42: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to trim padding. 2004-07-26 16:23:42: DEBUG: oakley.c:2754:oakley_do_decrypt(): decrypted. 2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:23:42: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:23:42: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:23:42: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=5(id) 2004-07-26 16:23:42: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid length of payload 2004-07-26 16:23:42: DEBUG: sockmisc.c:421:sendfromto(): sockname 1.1.1.1[500] 2004-07-26 16:23:42: DEBUG: sockmisc.c:423:sendfromto(): send packet from 1.1.1.1[500] 2004-07-26 16:23:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to 2.2.2.2[500] 2004-07-26 16:23:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200 bytes message will be sent to 2.2.2.2[500] 2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084 5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a 730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6 071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde 0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2004-07-26 16:23:42: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 77260cb124e74d13:e352ee142f02e4f2 2004-07-26 16:24:02: DEBUG: sockmisc.c:421:sendfromto(): sockname 1.1.1.1[500] 2004-07-26 16:24:02: DEBUG: sockmisc.c:423:sendfromto(): send packet from 1.1.1.1[500] 2004-07-26 16:24:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to 2.2.2.2[500] 2004-07-26 16:24:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200 bytes message will be sent to 2.2.2.2[500] 2004-07-26 16:24:02: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084 5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a 730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6 071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde 0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2004-07-26 16:24:02: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 77260cb124e74d13:e352ee142f02e4f2 2004-07-26 16:24:03: DEBUG: isakmp.c:233:isakmp_handler(): === 2004-07-26 16:24:03: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes message received from 2.2.2.2[500] 2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217 02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d 8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f 2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:03: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin decryption. 2004-07-26 16:24:03: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:24:03: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was saved for next processing: 2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:24:03: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:24:03: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key: 2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e 2004-07-26 16:24:03: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted payload by IV: 2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:24:03: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted payload, but not trimed. 2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump(): c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:24:03: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding len=167 2004-07-26 16:24:03: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to trim padding. 2004-07-26 16:24:03: DEBUG: oakley.c:2754:oakley_do_decrypt(): decrypted. 2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:03: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:24:03: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=5(id) 2004-07-26 16:24:03: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid length of payload 2004-07-26 16:24:13: DEBUG: isakmp.c:233:isakmp_handler(): === 2004-07-26 16:24:13: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes message received from 2.2.2.2[500] 2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217 02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d 8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f 2004-07-26 16:24:13: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:13: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin decryption. 2004-07-26 16:24:13: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:24:13: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was saved for next processing: 2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:24:13: DEBUG: algorithm.c:386:alg_oakley_encdef(): encription(3des) 2004-07-26 16:24:13: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key: 2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump(): 26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e 2004-07-26 16:24:13: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted payload by IV: 2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump(): 613146f4 eb71529f 2004-07-26 16:24:13: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted payload, but not trimed. 2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump(): c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:24:13: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding len=167 2004-07-26 16:24:13: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to trim padding. 2004-07-26 16:24:13: DEBUG: oakley.c:2754:oakley_do_decrypt(): decrypted. 2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7 2004-07-26 16:24:13: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:13: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin. 2004-07-26 16:24:13: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen nptype=5(id) 2004-07-26 16:24:13: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid length of payload 2004-07-26 16:24:22: DEBUG: sockmisc.c:421:sendfromto(): sockname 1.1.1.1[500] 2004-07-26 16:24:22: DEBUG: sockmisc.c:423:sendfromto(): send packet from 1.1.1.1[500] 2004-07-26 16:24:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to 2.2.2.2[500] 2004-07-26 16:24:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200 bytes message will be sent to 2.2.2.2[500] 2004-07-26 16:24:22: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084 5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a 730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6 071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde 0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2004-07-26 16:24:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 77260cb124e74d13:e352ee142f02e4f2 2004-07-26 16:24:42: DEBUG: sockmisc.c:421:sendfromto(): sockname 1.1.1.1[500] 2004-07-26 16:24:42: DEBUG: sockmisc.c:423:sendfromto(): send packet from 1.1.1.1[500] 2004-07-26 16:24:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to 2.2.2.2[500] 2004-07-26 16:24:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200 bytes message will be sent to 2.2.2.2[500] 2004-07-26 16:24:42: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084 5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a 730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6 071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde 0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2004-07-26 16:24:42: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 77260cb124e74d13:e352ee142f02e4f2 2004-07-26 16:25:02: DEBUG: sockmisc.c:421:sendfromto(): sockname 1.1.1.1[500] 2004-07-26 16:25:02: DEBUG: sockmisc.c:423:sendfromto(): send packet from 1.1.1.1[500] 2004-07-26 16:25:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to 2.2.2.2[500] 2004-07-26 16:25:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200 bytes message will be sent to 2.2.2.2[500] 2004-07-26 16:25:02: DEBUG: plog.c:193:plogdump(): 77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084 5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a 730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6 071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde 0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2004-07-26 16:25:02: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 77260cb124e74d13:e352ee142f02e4f2 2004-07-26 16:25:22: ERROR: isakmp.c:1447:isakmp_ph1resend(): phase1 negotiation failed due to time up. 77260cb124e74d13:e352ee142f02e4f2 Cisco log *Mar 1 06:30:02.879: ISAKMP: received ke message (1/1) *Mar 1 06:30:02.879: ISAKMP (0:0): SA request profile is (NULL) *Mar 1 06:30:02.879: ISAKMP: local port 500, remote port 500 *Mar 1 06:30:02.879: ISAKMP: set new node 0 to QM_IDLE *Mar 1 06:30:02.879: ISAKMP: insert sa successfully sa = 818EC56C *Mar 1 06:30:02.879: ISAKMP (0:1): Can not start Aggressive mode, trying Main mode. *Mar 1 06:30:02.879: ISAKMP: Looking for a matching key for 1.1.1.1 in default : success *Mar 1 06:30:02.879: ISAKMP (0:1): found peer pre-shared key matching 1.1.1.1 *Mar 1 06:30:02.879: ISAKMP (0:1): constructed NAT-T vendor-03 ID *Mar 1 06:30:02.879: ISAKMP (0:1): constructed NAT-T vendor-02 ID *Mar 1 06:30:02.879: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Mar 1 06:30:02.879: ISAKMP (0:1): Old State = IKE_READY New State = IKE_I_MM1 *Mar 1 06:30:02.883: ISAKMP (0:1): beginning Main Mode exchange *Mar 1 06:30:02.883: ISAKMP (0:1): sending pack bbeameliarouteet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 06:30:02.899: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE *Mar 1 06:30:02.899: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 1 06:30:02.899: ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM2 *Mar 1 06:30:02.899: ISAKMP (0:1): processing SA payload. message ID = 0 *Mar 1 06:30:02.899: ISAKMP (0:1): processing vendor id payload *Mar 1 06:30:02.899: ISAKMP (0:1): vendor ID seems Unity/DPD but major 139 mismatch *Mar 1 06:30:02.899: ISAKMP: Looking for a matching key for 1.1.1.1 in default : success *Mar 1 06:30:02.899: ISAKMP (0:1): found peer pre-shared key matching 1.1.1.1 *Mar 1 06:30:02.899: ISAKMP (0:1) local preshared key found *Mar 1 06:30:02.899: ISAKMP : Scanning profiles for xauth ... *Mar 1 06:30:02.899: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 1 policy *Mar 1 06:30:02.903: ISAKMP: encryption 3DES-CBC *Mar 1 06:30:02.903: ISAKMP: hash MD5 *Mar 1 06:30:02.903: ISAKMP: default group 2 *Mar 1 06:30:02.903: ISAKMP: auth pre-share *Mar 1 06:30:02.903: ISAKMP: life type in seconds *Mar 1 06:30:02.903: ISAKMP: life duration (basic) of 10000 *Mar 1 06:30:02.903: ISAKMP (0:1): atts are acceptable. Next payload is 0 *Mar 1 06:30:03.035: ISAKMP (0:1): processing vendor id payload *Mar 1 06:30:03.035: ISAKMP (0:1): vendor ID seems Unity/DPD but major 139 mismatch *Mar 1 06:30:03.035: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 1 06:30:03.035: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM2 *Mar 1 06:30:03.039: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP *Mar 1 06:30:03.039: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 1 06:30:03.039: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM3 *Mar 1 06:30:03.099: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP *Mar 1 06:30:03.099: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 1 06:30:03.099: ISAKMP (0:1): Old State = IKE_I_MM3 New State = IKE_I_MM4 *Mar 1 06:30:03.103: ISAKMP (0:1): processing KE payload. message ID = 0 *Mar 1 06:30:03.267: ISAKMP (0:1): processing NONCE payload. message ID = 0 *Mar 1 06:30:03.267: ISAKMP: Looking for a matching key for 1.1.1.1 in default : success *Mar 1 06:30:03.267: ISAKMP (0:1): found peer pre-shared key matching 1.1.1.1 *Mar 1 06:30:03.271: ISAKMP (0:1): SKEYID state generated *Mar 1 06:30:03.271: ISAKMP (0:1): processing vendor id payload *Mar 1 06:30:03.271: ISAKMP (0:1): vendor ID seems Unity/DPD but major 139 mismatch *Mar 1 06:30:03.271: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 1 06:30:03.271: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM4 *Mar 1 06:30:03.271: ISAKMP (0:1): Send initial contact *Mar 1 06:30:03.271: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Mar 1 06:30:03.271: ISAKMP (1): ID payload next-payload : 8 type : 1 addr : 2.2.2.2 protocol : 17 port : 500 length : 8 *Mar 1 06:30:03.271: ISAKMP (1): Total payload length: 12 *Mar 1 06:30:03.275: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Mar 1 06:30:03.275: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 1 06:30:03.275: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM5 r# bbeameliarouter# *Mar 1 06:30:13.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH... *Mar 1 06:30:13.276: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 *Mar 1 06:30:13.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH *Mar 1 06:30:13.276: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH bbeameliarouter# *Mar 1 06:30:23.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH... *Mar 1 06:30:23.276: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 *Mar 1 06:30:23.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH *Mar 1 06:30:23.276: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Mar 1 06:30:23.284: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH *Mar 1 06:30:23.284: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. *Mar 1 06:30:23.284: ISAKMP (0:1): retransmission skipped for phase 1 (time since last transmission 8) bbeameliarouter# *Mar 1 06:30:32.876: ISAKMP: received ke message (1/1) *Mar 1 06:30:32.876: ISAKMP: set new node 0 to QM_IDLE *Mar 1 06:30:32.876: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. (local 2.2.2.2, remote 1.1.1.1) bbeameliarouter# *Mar 1 06:30:43.293: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH *Mar 1 06:30:43.293: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. *Mar 1 06:30:43.293: ISAKMP (0:1): retransmitting due to retransmit phase 1 *Mar 1 06:30:43.293: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH... *Mar 1 06:30:43.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH... *Mar 1 06:30:43.794: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 *Mar 1 06:30:43.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH bbeameliarouter# *Mar 1 06:30:43.794: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH bbeameliarouter# *Mar 1 06:30:53.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH... *Mar 1 06:30:53.794: ISAKMP (0:1): incrementing error counter on sa: retransmit phase 1 *Mar 1 06:30:53.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH *Mar 1 06:30:53.794: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH bbeameliarouter# *Mar 1 06:31:02.809: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH *Mar 1 06:31:02.809: ISAKMP (0:1): phase 1 packet is a duplicate of a previous packet. *Mar 1 06:31:02.809: ISAKMP (0:1): retransmitting due to retransmit phase 1 *Mar 1 06:31:02.809: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH... *Mar 1 06:31:02.877: ISAKMP: received ke message (3/1) *Mar 1 06:31:02.877: ISAKMP (0:1): peer does not do paranoid keepalives. *Mar 1 06:31:02.877: ISAKMP (0:1): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_KEY_EXCH (peer 1.1.1.1) input queue 0 bbeameliarouter# *Mar 1 06:31:02.877: ISAKMP (0:1): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_KEY_EXCH (peer 1.1.1.1) input queue 0 *Mar 1 06:31:02.877: ISAKMP (0:1): deleting node -1933861384 error TRUE reason "gen_ipsec_isakmp_delete but doi isakmp" *Mar 1 06:31:02.877: ISAKMP (0:1): deleting node 1271049171 error TRUE reason "gen_ipsec_isakmp_delete but doi isakmp" *Mar 1 06:31:02.877: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 06:31:02.877: ISAKMP (0:1): Old State = IKE_I_MM5 New State = IKE_DEST_SA bbeameliarouter# *Mar 1 06:31:22.818: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE