Date: Mon, 26 Jul 2004 20:34:58 -0500 From: Lewey Taylor <admin@triparish.net> To: freebsd-security@freebsd.org Subject: Cisco IOS and racoon Message-ID: <1090892097.7219.0.camel@localhost>
next in thread | raw e-mail | index | archive | help
I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a
freebsd 4.9 install with racoon. I have package version
freebsd-20040408a and internal version 20001216 in my log file.
I posted the full racoon and cisco log below my configs.
Racoon keeps saying:
2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:24:03: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:24:03: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=5(id)
2004-07-26 16:24:03: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
length of payload
My Cisco config is:
<cisco config>
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 10000
crypto isakmp key donttell address 1.1.1.1 no-xauth
!
crypto ipsec security-association lifetime seconds 6000
!
crypto ipsec transform-set MB esp-3des esp-md5-hmac
!
crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp
description BBE Map
set peer 1.1.1.1
set security-association lifetime seconds 10000
set transform-set MB
set pfs group2
match address 109
!
!
!
!
interface FastEthernet0/0
ip address 10.0.3.1 255.255.255.0
speed auto
!
interface FastEthernet0/0.1
!
interface Serial0/0
ip address 2.2.2.2 255.255.255.252
service-module t1 timeslots 1-24
crypto map FreeBSDIPSEC-MAP
!
ip default-gateway 2.2.2.3
ip classless
ip route 0.0.0.0 0.0.0.0 2.2.2.3
no ip http server
no ip http secure-server
!
!
!
access-list 109 permit ip 10.0.3.0 0.0.0.255 10.0.10.0 0.0.0.255
access-list 109 permit ip 10.0.10.0 0.0.0.255 10.0.3.0 0.0.0.255
</cisco config>
My racoon.conf
<racoon.conf>
# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
# "path" must be placed before it should be used.
# You can overwrite which you defined, but it should not use due to
confusing.
path include "/usr/local/etc/racoon" ;
#include "remote.conf" ;
# search this file for pre_shared_key with various ID key.
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
path certificate "/usr/local/etc/cert" ;
# "log" specifies logging level. It is followed by either "notify",
"debug"
# or "debug2".
log debug2;
# "padding" defines some parameter of padding. You should not touch
these.
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
# if no listen directive is specified, racoon will listen to all
# available interface addresses.
listen
{
#isakmp ::1 [7000];
isakmp 1.1.1.1 [500];
#admin [7002]; # administrative's port by kmpstat.
#strict_address; # required all addresses must be bound.
}
# Specification of default various timer.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 30 sec;
phase2 15 sec;
}
remote anonymous
{
#exchange_mode main,aggressive;
exchange_mode main,base,aggressive;
doi ipsec_doi;
#situation identity_only;
my_identifier user_fqdn "bbedevil";
peers_identifier user_fqdn "bbeameliarouter";
nonce_size 16;
lifetime time 10000 sec;
initial_contact on;
support_mip6 on;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 10000 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
</racoon.conf>
My spdadd
<spdadd>
#! /bin/sh
#spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none;
#spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none;
case "$1" in
start)
setkey -F
setkey -FP
setkey -c <<EOF
spdadd 10.0.10.0/24 10.0.3.0/24 ipencap -P out ipsec
esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 10.0.3.0/24 10.0.1.0/24 ipencap -P in ipsec
esp/tunnel/2.2.2.2-1.1.1.1/require;
EOF
;;
stop)
setkey -F
setkey -FP
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac
exit 0
</spdadd>
My racoon error.log
<racoon.log>
2004-07-26 16:23:15: INFO: main.c:172:main(): @(#)package version
freebsd-20040408a
2004-07-26 16:23:15: INFO: main.c:174:main(): @(#)internal version
20001216 sakane@kame.net
2004-07-26 16:23:15: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
2004-07-26 16:23:15: DEBUG2: cftoken.l:179:yylex(): begin <11>padding
2004-07-26 16:23:15: DEBUG2: cftoken.l:183:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:181:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:184:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:185:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
2004-07-26 16:23:15: DEBUG2: cftoken.l:189:yylex(): begin <13>listen
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13>
2004-07-26 16:23:15: DEBUG2: cftoken.l:191:yylex(): <13>
2004-07-26 16:23:15: DEBUG2: cftoken.l:435:yylex(): <13>
2004-07-26 16:23:15: DEBUG2: cftoken.l:299:yylex(): <13>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
2004-07-26 16:23:15: DEBUG2: cftoken.l:197:yylex(): begin <15>timer
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:199:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:200:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:201:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:202:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:203:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15>
2004-07-26 16:23:15: DEBUG2: cftoken.l:228:yylex(): begin <25>remote
2004-07-26 16:23:15: DEBUG2: cftoken.l:229:yylex(): <25>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:233:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:236:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:234:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:235:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:234:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:237:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:238:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:239:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:245:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:367:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:420:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:246:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:367:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:420:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:256:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:268:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:269:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:260:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:285:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:258:yylex(): <27>
2004-07-26 16:23:15: WARNING: cftoken.l:514:yywarn():
/usr/local/etc/racoon/racoon.conf:63: "support_mip6" it is obsoleted.
use "support_proxy".
2004-07-26 16:23:15: DEBUG2: cftoken.l:285:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:261:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:262:yylex(): <27>
2004-07-26 16:23:15: DEBUG2: cftoken.l:272:yylex(): begin <29>proposal
2004-07-26 16:23:15: DEBUG2: cftoken.l:278:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cftoken.l:319:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cftoken.l:280:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cftoken.l:339:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cftoken.l:279:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cftoken.l:358:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cftoken.l:281:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <29>
2004-07-26 16:23:15: DEBUG2: cfparse.y:1247:set_isakmp_proposal():
lifetime = 10000
2004-07-26 16:23:15: DEBUG2: cfparse.y:1250:set_isakmp_proposal():
lifebyte = 0
2004-07-26 16:23:15: DEBUG2: cfparse.y:1253:set_isakmp_proposal():
encklen=0
2004-07-26 16:23:15: DEBUG2: cfparse.y:1316:expand_isakmpspec(): p:1 t:1
2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec():
3DES-CBC(5)
2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec(): MD5(1)
2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec():
1024-bit MODP group(2)
2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec():
pre-shared key(1)
2004-07-26 16:23:15: DEBUG2: cfparse.y:1327:expand_isakmpspec():
2004-07-26 16:23:15: DEBUG: algorithm.c:614:alg_oakley_dhdef():
hmac(modp1024)
2004-07-26 16:23:15: DEBUG2: cftoken.l:207:yylex(): begin <21>sainfo
2004-07-26 16:23:15: DEBUG2: cftoken.l:208:yylex(): <21>
2004-07-26 16:23:15: DEBUG2: cftoken.l:216:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:219:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:220:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:222:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:319:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:223:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:332:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:224:yylex(): <23>
2004-07-26 16:23:15: DEBUG2: cftoken.l:346:yylex(): <23>
2004-07-26 16:23:15: DEBUG: pfkey.c:2379:pk_checkalg(): compression
algorithm can not be checked because sadb message doesn't support it.
2004-07-26 16:23:15: DEBUG2: cfparse.y:1429:cfparse(): parse successed.
2004-07-26 16:23:15: INFO: isakmp.c:1368:isakmp_open(): 1.1.1.1[500]
used as isakmp port (fd=5)
2004-07-26 16:23:15: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey
X_SPDDUMP message
2004-07-26 16:23:15: DEBUG2: plog.c:193:plogdump():
02120000 0f000100 01000000 0f020000 03000500 04180000 10020000 0a000300
00000000 00000000 03000600 04180000 10020000 0a000100 00000000 00000000
07001200 02000100 02000000 00000000 28003200 02020000 10020000 43203c92
00000000 00000000 10020000 43203c36 00000000 00000000
2004-07-26 16:23:15: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey
X_SPDDUMP message
2004-07-26 16:23:15: DEBUG2: plog.c:193:plogdump():
02120000 0f000100 00000000 0f020000 03000500 04180000 10020000 0a000a00
00000000 00000000 03000600 04180000 10020000 0a000300 00000000 00000000
07001200 02000200 01000000 00000000 28003200 02020000 10020000 43203c36
00000000 00000000 10020000 43203c92 00000000 00000000
2004-07-26 16:23:15: DEBUG: policy.c:184:cmpspidxstrict():
sub:0xbfbff9b8: 10.0.10.0/24[0] 10.0.3.0/24[0] proto=4 dir=out
2004-07-26 16:23:15: DEBUG: policy.c:185:cmpspidxstrict(): db
:0x80a2c08: 10.0.3.0/24[0] 10.0.1.0/24[0] proto=4 dir=in
2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): ===
2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 120 bytes
message received from 2.2.2.2[500]
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 00000000 00000000 01100200 00000000 00000078 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001
80040002 80030001 800b0001 800c2710 0d000014 7d9419a6 5310ca6f 2c179d92
15529d56 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:22: DEBUG: remoteconf.c:129:getrmconf(): anonymous
configuration selected for 2.2.2.2[500].
2004-07-26 16:23:22: DEBUG: isakmp.c:899:isakmp_ph1begin_r(): ===
2004-07-26 16:23:22: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new
phase 1 negotiation: 1.1.1.1[500]<=>2.2.2.2[500]
2004-07-26 16:23:22: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
Identity Protection mode.
2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=1(sa)
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=13(vid)
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=13(vid)
2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA
len=48
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001
80040002 80030001 800b0001 800c2710
2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=2(prop)
2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1
len=40
2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=3(trns)
2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1311:get_transform(): transform
#1 len=32
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Hash Algorithm, flag=0x8000, lorv=MD5
2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef():
hash(md5)
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2004-07-26 16:23:22: DEBUG: algorithm.c:614:alg_oakley_dhdef():
hmac(modp1024)
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Authentication Method, flag=0x8000, lorv=pre-shared key
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Life Type, flag=0x8000, lorv=seconds
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Life Duration, flag=0x8000, lorv=10000
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1:
2004-07-26 16:23:22: DEBUG: proposal.c:895:print_proppair0():
0x80a8dd0: next=0x0 tnext=0x0
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal
#1: 1 transform
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:322:get_ph1approvalx(): prop#=1,
prot-id=ISAKMP, spi-size=0, #trns=1
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:327:get_ph1approvalx(): trns#=1,
trns-id=IKE
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa():
type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Hash
Algorithm, flag=0x8000, lorv=MD5
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Group
Description, flag=0x8000, lorv=1024-bit MODP group
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa():
type=Authentication Method, flag=0x8000, lorv=pre-shared key
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life
Type, flag=0x8000, lorv=seconds
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life
Duration, flag=0x8000, lorv=10000
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:338:get_ph1approvalx():
Compared: DB:Peer
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:339:get_ph1approvalx():
(lifetime = 10000:10000)
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:341:get_ph1approvalx():
(lifebyte = 0:0)
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:343:get_ph1approvalx(): enctype
= 3DES-CBC:3DES-CBC
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:348:get_ph1approvalx(): (encklen
= 0:0)
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:350:get_ph1approvalx(): hashtype
= MD5:MD5
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:355:get_ph1approvalx():
authmethod = pre-shared key:pre-shared key
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:360:get_ph1approvalx(): dh_group
= 1024-bit MODP group:1024-bit MODP group
2004-07-26 16:23:22: DEBUG: ipsec_doi.c:248:get_ph1approval(): an
acceptable proposal found.
2004-07-26 16:23:22: DEBUG: algorithm.c:614:alg_oakley_dhdef():
hmac(modp1024)
2004-07-26 16:23:22: DEBUG: isakmp.c:2006:isakmp_newcookie(): new
cookie:
e352ee142f02e4f2
2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
payload of len 48, next type 1
2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
payload of len 16, next type 13
2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:22: DEBUG: sockmisc.c:421:sendfromto(): sockname
1.1.1.1[500]
2004-07-26 16:23:22: DEBUG: sockmisc.c:423:sendfromto(): send packet
from 1.1.1.1[500]
2004-07-26 16:23:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to
2.2.2.2[500]
2004-07-26 16:23:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 100
bytes message will be sent to 2.2.2.2[500]
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 01100200 00000000 00000064 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001
80040002 80030001 800b0001 800c2710 00000014 7003cbc1 097dbe9c 2600ba69
83bc8b35
2004-07-26 16:23:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
phase1 packet 77260cb124e74d13:e352ee142f02e4f2
2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): ===
2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 256 bytes
message received from 2.2.2.2[500]
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 00000100 0a000084
7cda6ebd d8f6e21d 3d39cbc5 52a3e564 d119a7cf c16164a3 cbfee711 2f40edb3
3d234f52 a66b11ac 57374d1c ab1c658d 1f1aa6c3 0fa6e476 3bd5f898 5ae8836b
1d7117e2 55186f70 462fadc7 0c71a9f4 445da4e7 92a3aee8 30293d7a 98a9cdcf
e8b367c6 0133fc87 75b708e4 7cf6afba 47ec96e6 30ab0f33 3fd05435 0d54ecff
0d000018 5dfca701 956f4c3b 22b474e9 8c80ac6a ca6bb414 0d000014 12f5f28c
457168a9 702d9fe2 74cc0100 0d000014 afcad713 68a1f1c9 6b8696fc 77570100
0d000014 82e1abac 24e64d13 946773ca 77f7fe51 0000000c 09002689 dfd6b712
2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=4(ke)
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=10(nonce)
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=13(vid)
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=13(vid)
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=13(vid)
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=13(vid)
2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2004-07-26 16:23:22: DEBUG: isakmp.c:633:ph1_main(): ===
2004-07-26 16:23:22: DEBUG: oakley.c:300:oakley_dh_generate(): compute
DH's private.
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
5cb32b6c 3e9febc3 cb777a15 eb049ce2 af60588b e214f80a 4d66df7b 1b5a26fc
766653b1 003fa259 d79a535c f058b6b8 d538319e abf71adf 02581d58 d73a1f51
c1a2b67a 9c6679b1 5b8b7850 63cbfdd0 f9639b97 35f96eef d1a8ee09 c8601300
a0d62f2d bf777d05 4e23592a e7995311 ac35184f b09dac2f ecb4b1a0 c1661e3b
2004-07-26 16:23:22: DEBUG: oakley.c:302:oakley_dh_generate(): compute
DH's public.
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
payload of len 128, next type 4
2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
payload of len 16, next type 10
2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
payload of len 16, next type 13
2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:22: DEBUG: sockmisc.c:421:sendfromto(): sockname
1.1.1.1[500]
2004-07-26 16:23:22: DEBUG: sockmisc.c:423:sendfromto(): send packet
from 1.1.1.1[500]
2004-07-26 16:23:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to
2.2.2.2[500]
2004-07-26 16:23:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
bytes message will be sent to 2.2.2.2[500]
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
2600ba69 83bc8b35
2004-07-26 16:23:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
phase1 packet 77260cb124e74d13:e352ee142f02e4f2
2004-07-26 16:23:22: DEBUG: oakley.c:250:oakley_dh_compute(): compute
DH's shared.
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
c21a9cbd 3ae743af 5f192a54 cd8dfc36 9c52f78b 46034118 40cddd67 bac653c7
83d6eaa7 6a932acf 159aa5ce 539771ba be3758e7 c30d3144 d504590d 23d78696
aec8dd1a 63644f4a 97a634ba 3cdd9e16 d6d24d0c dbac61ef 43bf6bd8 0a8fb60c
84e7f5b6 07924df2 fbc791e2 1ee817be e1f284d7 a91f389e 534e4378 87bae3ca
2004-07-26 16:23:22: DEBUG: oakley.c:2104:oakley_skeyid(): the psk
found.
2004-07-26 16:23:22: DEBUG2: oakley.c:2106:oakley_skeyid(): psk:
2004-07-26 16:23:22: DEBUG2: plog.c:193:plogdump():
646f6e74 74656c6c 09
2004-07-26 16:23:22: DEBUG: oakley.c:2119:oakley_skeyid(): nonce 1:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
5dfca701 956f4c3b 22b474e9 8c80ac6a ca6bb414
2004-07-26 16:23:22: DEBUG: oakley.c:2125:oakley_skeyid(): nonce 2:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
fcdeb51e a872e9f3 32fb0b9d 20262525
2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
hmac(hmac_md5)
2004-07-26 16:23:22: DEBUG: oakley.c:2178:oakley_skeyid(): SKEYID
computed:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
db29fe9b 5653409a 8fcdf873 bc86a047
2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
hmac(hmac_md5)
2004-07-26 16:23:22: DEBUG: oakley.c:2235:oakley_skeyid_dae(): SKEYID_d
computed:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
2a646ff0 3bc34de2 25fd5ddf 0757a73e
2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
hmac(hmac_md5)
2004-07-26 16:23:22: DEBUG: oakley.c:2264:oakley_skeyid_dae(): SKEYID_a
computed:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
7de0c436 ec679d9e db8a7a5d 27d24b5a
2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
hmac(hmac_md5)
2004-07-26 16:23:22: DEBUG: oakley.c:2293:oakley_skeyid_dae(): SKEYID_e
computed:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
db9aa285 c2e8a677 7ccad205 6c715386
2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef():
hash(md5)
2004-07-26 16:23:22: DEBUG: oakley.c:2362:oakley_compute_enckey():
len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 |
...)
2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
hmac(hmac_md5)
2004-07-26 16:23:22: DEBUG: oakley.c:2387:oakley_compute_enckey():
compute intermediate encryption key K1
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
00
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef
2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
hmac(hmac_md5)
2004-07-26 16:23:22: DEBUG: oakley.c:2387:oakley_compute_enckey():
compute intermediate encryption key K2
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
df13ef04 7d56da3e 206d090d afd4883b
2004-07-26 16:23:22: DEBUG: oakley.c:2435:oakley_compute_enckey(): final
encryption key computed:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef():
hash(md5)
2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:22: DEBUG: oakley.c:2546:oakley_newiv(): IV computed:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
8ee7499c 701de062
2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): ===
2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
message received from 2.2.2.2[500]
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:22: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
decryption.
2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:22: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
saved for next processing:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:22: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
2004-07-26 16:23:22: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
payload by IV:
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:23:22: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
payload, but not trimed.
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
2b7aada3 390dbdf3 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:23:22: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
len=167
2004-07-26 16:23:22: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
trim padding.
2004-07-26 16:23:22: DEBUG: oakley.c:2754:oakley_do_decrypt():
decrypted.
2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c 2b7aada3
390dbdf3 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=5(id)
2004-07-26 16:23:22: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
length of payload
2004-07-26 16:23:32: DEBUG: isakmp.c:233:isakmp_handler(): ===
2004-07-26 16:23:32: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
message received from 2.2.2.2[500]
2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
2004-07-26 16:23:32: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:32: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
decryption.
2004-07-26 16:23:32: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:32: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
saved for next processing:
2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:23:32: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:32: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
2004-07-26 16:23:32: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
payload by IV:
2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:23:32: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
payload, but not trimed.
2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:23:32: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
len=167
2004-07-26 16:23:32: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
trim padding.
2004-07-26 16:23:32: DEBUG: oakley.c:2754:oakley_do_decrypt():
decrypted.
2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:23:32: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:32: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:23:32: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=5(id)
2004-07-26 16:23:32: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
length of payload
2004-07-26 16:23:42: DEBUG: isakmp.c:233:isakmp_handler(): ===
2004-07-26 16:23:42: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
message received from 2.2.2.2[500]
2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
2004-07-26 16:23:42: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:42: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
decryption.
2004-07-26 16:23:42: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:42: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
saved for next processing:
2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:23:42: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:23:42: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
2004-07-26 16:23:42: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
payload by IV:
2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:23:42: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
payload, but not trimed.
2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:23:42: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
len=167
2004-07-26 16:23:42: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
trim padding.
2004-07-26 16:23:42: DEBUG: oakley.c:2754:oakley_do_decrypt():
decrypted.
2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:23:42: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:23:42: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:23:42: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=5(id)
2004-07-26 16:23:42: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
length of payload
2004-07-26 16:23:42: DEBUG: sockmisc.c:421:sendfromto(): sockname
1.1.1.1[500]
2004-07-26 16:23:42: DEBUG: sockmisc.c:423:sendfromto(): send packet
from 1.1.1.1[500]
2004-07-26 16:23:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to
2.2.2.2[500]
2004-07-26 16:23:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
bytes message will be sent to 2.2.2.2[500]
2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
2600ba69 83bc8b35
2004-07-26 16:23:42: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
phase1 packet 77260cb124e74d13:e352ee142f02e4f2
2004-07-26 16:24:02: DEBUG: sockmisc.c:421:sendfromto(): sockname
1.1.1.1[500]
2004-07-26 16:24:02: DEBUG: sockmisc.c:423:sendfromto(): send packet
from 1.1.1.1[500]
2004-07-26 16:24:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to
2.2.2.2[500]
2004-07-26 16:24:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
bytes message will be sent to 2.2.2.2[500]
2004-07-26 16:24:02: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
2600ba69 83bc8b35
2004-07-26 16:24:02: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
phase1 packet 77260cb124e74d13:e352ee142f02e4f2
2004-07-26 16:24:03: DEBUG: isakmp.c:233:isakmp_handler(): ===
2004-07-26 16:24:03: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
message received from 2.2.2.2[500]
2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:24:03: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
decryption.
2004-07-26 16:24:03: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:24:03: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
saved for next processing:
2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:24:03: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:24:03: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
2004-07-26 16:24:03: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
payload by IV:
2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:24:03: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
payload, but not trimed.
2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:24:03: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
len=167
2004-07-26 16:24:03: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
trim padding.
2004-07-26 16:24:03: DEBUG: oakley.c:2754:oakley_do_decrypt():
decrypted.
2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:24:03: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:24:03: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=5(id)
2004-07-26 16:24:03: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
length of payload
2004-07-26 16:24:13: DEBUG: isakmp.c:233:isakmp_handler(): ===
2004-07-26 16:24:13: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
message received from 2.2.2.2[500]
2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
2004-07-26 16:24:13: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:24:13: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
decryption.
2004-07-26 16:24:13: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:24:13: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
saved for next processing:
2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:24:13: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2004-07-26 16:24:13: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
2004-07-26 16:24:13: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
payload by IV:
2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
613146f4 eb71529f
2004-07-26 16:24:13: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
payload, but not trimed.
2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:24:13: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
len=167
2004-07-26 16:24:13: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
trim padding.
2004-07-26 16:24:13: DEBUG: oakley.c:2754:oakley_do_decrypt():
decrypted.
2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
2004-07-26 16:24:13: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:24:13: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2004-07-26 16:24:13: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=5(id)
2004-07-26 16:24:13: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
length of payload
2004-07-26 16:24:22: DEBUG: sockmisc.c:421:sendfromto(): sockname
1.1.1.1[500]
2004-07-26 16:24:22: DEBUG: sockmisc.c:423:sendfromto(): send packet
from 1.1.1.1[500]
2004-07-26 16:24:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to
2.2.2.2[500]
2004-07-26 16:24:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
bytes message will be sent to 2.2.2.2[500]
2004-07-26 16:24:22: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
2600ba69 83bc8b35
2004-07-26 16:24:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
phase1 packet 77260cb124e74d13:e352ee142f02e4f2
2004-07-26 16:24:42: DEBUG: sockmisc.c:421:sendfromto(): sockname
1.1.1.1[500]
2004-07-26 16:24:42: DEBUG: sockmisc.c:423:sendfromto(): send packet
from 1.1.1.1[500]
2004-07-26 16:24:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to
2.2.2.2[500]
2004-07-26 16:24:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
bytes message will be sent to 2.2.2.2[500]
2004-07-26 16:24:42: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
2600ba69 83bc8b35
2004-07-26 16:24:42: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
phase1 packet 77260cb124e74d13:e352ee142f02e4f2
2004-07-26 16:25:02: DEBUG: sockmisc.c:421:sendfromto(): sockname
1.1.1.1[500]
2004-07-26 16:25:02: DEBUG: sockmisc.c:423:sendfromto(): send packet
from 1.1.1.1[500]
2004-07-26 16:25:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to
2.2.2.2[500]
2004-07-26 16:25:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
bytes message will be sent to 2.2.2.2[500]
2004-07-26 16:25:02: DEBUG: plog.c:193:plogdump():
77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
2600ba69 83bc8b35
2004-07-26 16:25:02: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
phase1 packet 77260cb124e74d13:e352ee142f02e4f2
2004-07-26 16:25:22: ERROR: isakmp.c:1447:isakmp_ph1resend(): phase1
negotiation failed due to time up. 77260cb124e74d13:e352ee142f02e4f2
Cisco log
*Mar 1 06:30:02.879: ISAKMP: received ke message (1/1)
*Mar 1 06:30:02.879: ISAKMP (0:0): SA request profile is (NULL)
*Mar 1 06:30:02.879: ISAKMP: local port 500, remote port 500
*Mar 1 06:30:02.879: ISAKMP: set new node 0 to QM_IDLE
*Mar 1 06:30:02.879: ISAKMP: insert sa successfully sa = 818EC56C
*Mar 1 06:30:02.879: ISAKMP (0:1): Can not start Aggressive mode,
trying Main mode.
*Mar 1 06:30:02.879: ISAKMP: Looking for a matching key for 1.1.1.1 in
default : success
*Mar 1 06:30:02.879: ISAKMP (0:1): found peer pre-shared key matching
1.1.1.1
*Mar 1 06:30:02.879: ISAKMP (0:1): constructed NAT-T vendor-03 ID
*Mar 1 06:30:02.879: ISAKMP (0:1): constructed NAT-T vendor-02 ID
*Mar 1 06:30:02.879: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC,
IKE_SA_REQ_MM
*Mar 1 06:30:02.879: ISAKMP (0:1): Old State = IKE_READY New State =
IKE_I_MM1
*Mar 1 06:30:02.883: ISAKMP (0:1): beginning Main Mode exchange
*Mar 1 06:30:02.883: ISAKMP (0:1): sending pack
bbeameliarouteet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
*Mar 1 06:30:02.899: ISAKMP (0:1): received packet from 1.1.1.1 dport
500 sport 500 Global (I) MM_NO_STATE
*Mar 1 06:30:02.899: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
*Mar 1 06:30:02.899: ISAKMP (0:1): Old State = IKE_I_MM1 New State =
IKE_I_MM2
*Mar 1 06:30:02.899: ISAKMP (0:1): processing SA payload. message ID =
0
*Mar 1 06:30:02.899: ISAKMP (0:1): processing vendor id payload
*Mar 1 06:30:02.899: ISAKMP (0:1): vendor ID seems Unity/DPD but major
139 mismatch
*Mar 1 06:30:02.899: ISAKMP: Looking for a matching key for 1.1.1.1 in
default : success
*Mar 1 06:30:02.899: ISAKMP (0:1): found peer pre-shared key matching
1.1.1.1
*Mar 1 06:30:02.899: ISAKMP (0:1) local preshared key found
*Mar 1 06:30:02.899: ISAKMP : Scanning profiles for xauth ...
*Mar 1 06:30:02.899: ISAKMP (0:1): Checking ISAKMP transform 1 against
priority 1 policy
*Mar 1 06:30:02.903: ISAKMP: encryption 3DES-CBC
*Mar 1 06:30:02.903: ISAKMP: hash MD5
*Mar 1 06:30:02.903: ISAKMP: default group 2
*Mar 1 06:30:02.903: ISAKMP: auth pre-share
*Mar 1 06:30:02.903: ISAKMP: life type in seconds
*Mar 1 06:30:02.903: ISAKMP: life duration (basic) of 10000
*Mar 1 06:30:02.903: ISAKMP (0:1): atts are acceptable. Next payload is
0
*Mar 1 06:30:03.035: ISAKMP (0:1): processing vendor id payload
*Mar 1 06:30:03.035: ISAKMP (0:1): vendor ID seems Unity/DPD but major
139 mismatch
*Mar 1 06:30:03.035: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
*Mar 1 06:30:03.035: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
IKE_I_MM2
*Mar 1 06:30:03.039: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
500 peer_port 500 (I) MM_SA_SETUP
*Mar 1 06:30:03.039: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
*Mar 1 06:30:03.039: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
IKE_I_MM3
*Mar 1 06:30:03.099: ISAKMP (0:1): received packet from 1.1.1.1 dport
500 sport 500 Global (I) MM_SA_SETUP
*Mar 1 06:30:03.099: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
IKE_MM_EXCH
*Mar 1 06:30:03.099: ISAKMP (0:1): Old State = IKE_I_MM3 New State =
IKE_I_MM4
*Mar 1 06:30:03.103: ISAKMP (0:1): processing KE payload. message ID =
0
*Mar 1 06:30:03.267: ISAKMP (0:1): processing NONCE payload. message ID
= 0
*Mar 1 06:30:03.267: ISAKMP: Looking for a matching key for 1.1.1.1 in
default : success
*Mar 1 06:30:03.267: ISAKMP (0:1): found peer pre-shared key matching
1.1.1.1
*Mar 1 06:30:03.271: ISAKMP (0:1): SKEYID state generated
*Mar 1 06:30:03.271: ISAKMP (0:1): processing vendor id payload
*Mar 1 06:30:03.271: ISAKMP (0:1): vendor ID seems Unity/DPD but major
139 mismatch
*Mar 1 06:30:03.271: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
*Mar 1 06:30:03.271: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
IKE_I_MM4
*Mar 1 06:30:03.271: ISAKMP (0:1): Send initial contact
*Mar 1 06:30:03.271: ISAKMP (0:1): SA is doing pre-shared key
authentication using id type ID_IPV4_ADDR
*Mar 1 06:30:03.271: ISAKMP (1): ID payload
next-payload : 8
type : 1
addr : 2.2.2.2
protocol : 17
port : 500
length : 8
*Mar 1 06:30:03.271: ISAKMP (1): Total payload length: 12
*Mar 1 06:30:03.275: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 06:30:03.275: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PROCESS_COMPLETE
*Mar 1 06:30:03.275: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
IKE_I_MM5
r#
bbeameliarouter#
*Mar 1 06:30:13.276: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 06:30:13.276: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
*Mar 1 06:30:13.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 06:30:13.276: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
500 peer_port 500 (I) MM_KEY_EXCH
bbeameliarouter#
*Mar 1 06:30:23.276: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 06:30:23.276: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
*Mar 1 06:30:23.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 06:30:23.276: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
500 peer_port 500 (I) MM_KEY_EXCH
*Mar 1 06:30:23.284: ISAKMP (0:1): received packet from 1.1.1.1 dport
500 sport 500 Global (I) MM_KEY_EXCH
*Mar 1 06:30:23.284: ISAKMP (0:1): phase 1 packet is a duplicate of a
previous packet.
*Mar 1 06:30:23.284: ISAKMP (0:1): retransmission skipped for phase 1
(time since last transmission 8)
bbeameliarouter#
*Mar 1 06:30:32.876: ISAKMP: received ke message (1/1)
*Mar 1 06:30:32.876: ISAKMP: set new node 0 to QM_IDLE
*Mar 1 06:30:32.876: ISAKMP (0:1): SA is still budding. Attached new
ipsec request to it. (local 2.2.2.2, remote 1.1.1.1)
bbeameliarouter#
*Mar 1 06:30:43.293: ISAKMP (0:1): received packet from 1.1.1.1 dport
500 sport 500 Global (I) MM_KEY_EXCH
*Mar 1 06:30:43.293: ISAKMP (0:1): phase 1 packet is a duplicate of a
previous packet.
*Mar 1 06:30:43.293: ISAKMP (0:1): retransmitting due to retransmit
phase 1
*Mar 1 06:30:43.293: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 06:30:43.794: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 06:30:43.794: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
*Mar 1 06:30:43.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
bbeameliarouter#
*Mar 1 06:30:43.794: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
500 peer_port 500 (I) MM_KEY_EXCH
bbeameliarouter#
*Mar 1 06:30:53.794: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 06:30:53.794: ISAKMP (0:1): incrementing error counter on sa:
retransmit phase 1
*Mar 1 06:30:53.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
*Mar 1 06:30:53.794: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
500 peer_port 500 (I) MM_KEY_EXCH
bbeameliarouter#
*Mar 1 06:31:02.809: ISAKMP (0:1): received packet from 1.1.1.1 dport
500 sport 500 Global (I) MM_KEY_EXCH
*Mar 1 06:31:02.809: ISAKMP (0:1): phase 1 packet is a duplicate of a
previous packet.
*Mar 1 06:31:02.809: ISAKMP (0:1): retransmitting due to retransmit
phase 1
*Mar 1 06:31:02.809: ISAKMP (0:1): retransmitting phase 1
MM_KEY_EXCH...
*Mar 1 06:31:02.877: ISAKMP: received ke message (3/1)
*Mar 1 06:31:02.877: ISAKMP (0:1): peer does not do paranoid
keepalives.
*Mar 1 06:31:02.877: ISAKMP (0:1): deleting SA reason
"gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_KEY_EXCH (peer
1.1.1.1) input queue 0
bbeameliarouter#
*Mar 1 06:31:02.877: ISAKMP (0:1): deleting SA reason
"gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_KEY_EXCH (peer
1.1.1.1) input queue 0
*Mar 1 06:31:02.877: ISAKMP (0:1): deleting node -1933861384 error TRUE
reason "gen_ipsec_isakmp_delete but doi isakmp"
*Mar 1 06:31:02.877: ISAKMP (0:1): deleting node 1271049171 error TRUE
reason "gen_ipsec_isakmp_delete but doi isakmp"
*Mar 1 06:31:02.877: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
IKE_PHASE1_DEL
*Mar 1 06:31:02.877: ISAKMP (0:1): Old State = IKE_I_MM5 New State =
IKE_DEST_SA
bbeameliarouter#
*Mar 1 06:31:22.818: ISAKMP (0:1): received packet from 1.1.1.1 dport
500 sport 500 Global (I) MM_NO_STATE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1090892097.7219.0.camel>