Friday, April 13, 2018

Configuring Secure eBGP with IPSec VTI on a Cisco ASA 9.7

There's been a significant rise in AWS cloud integration with private enterprises and I had an opportunity to do a POC using a Cisco ASA 5500-X firewall. The ASA firewall should be able to support IPSec Virtual Tunnel Interface (VTI) over eBGP to the cloud provider.

Below is a sample topology I used for my POC. The enterprise uses BGP ASN 65000 and would be establishing an eBGP session with AWS on ASN 7224.


5525-x# show version

Cisco Adaptive Security Appliance Software Version 9.7(1)4
Firepower Extensible Operating System Version 2.1(1.66)
Device Manager Version 7.6(1)

Compiled on Fri 31-Mar-17 07:26 PDT by builders
System image file is "disk0:/asa971-4-smp-k8.bin"
Config file at boot was "startup-config"

5525-x up 1 hour 17 mins

Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
            ASA: 4192 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
                             Boot microcode        : CNPx-MC-BOOT-2.00
                             SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005
                             IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026
                             Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4


 0: Int: Internal-Data0/0    : address is fc5b.39aa.5164, irq 11
 1: Ext: GigabitEthernet0/0  : address is fc5b.39aa.5169, irq 5
 2: Ext: GigabitEthernet0/1  : address is fc5b.39aa.5165, irq 5
 3: Ext: GigabitEthernet0/2  : address is fc5b.39aa.516a, irq 10
 4: Ext: GigabitEthernet0/3  : address is fc5b.39aa.5166, irq 10
 5: Ext: GigabitEthernet0/4  : address is fc5b.39aa.516b, irq 5
 6: Ext: GigabitEthernet0/5  : address is fc5b.39aa.5167, irq 5
 7: Ext: GigabitEthernet0/6  : address is fc5b.39aa.516c, irq 10
 8: Ext: GigabitEthernet0/7  : address is fc5b.39aa.5168, irq 10
 9: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0
12: Ext: Management0/0       : address is fc5b.39aa.5164, irq 0
13: Int: Internal-Data0/3    : address is 0000.0100.0001, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 750            perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual

This platform has an ASA5525 VPN Premium license.

Serial Number: FCH1834J123
Running Permanent Activation Key: 0x572bfd4a 0xb4f6583f 0x5d4005dc 0xcd3088e0 0xca20c456
Configuration register is 0x1

Image type          : Release
Key version         : A

Configuration last modified by enable_15 at 01:26:39.819 UTC Wed Jul 12 2017

5525-x# show interface ip brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         1.1.1.1         YES manual up                    up 
GigabitEthernet0/1         192.168.1.1     YES manual up                    up 
GigabitEthernet0/2         unassigned      YES unset  administratively down down
GigabitEthernet0/3         unassigned      YES unset  administratively down down
GigabitEthernet0/4         unassigned      YES unset  administratively down down
GigabitEthernet0/5         unassigned      YES unset  administratively down down
GigabitEthernet0/6         unassigned      YES unset  administratively down down
GigabitEthernet0/7         unassigned      YES unset  administratively down down
Internal-Control0/0        127.0.1.1       YES unset  up                    up 
Internal-Data0/0           unassigned      YES unset  up                    up 
Internal-Data0/1           unassigned      YES unset  up                    up 
Internal-Data0/2           unassigned      YES unset  up                    up 
Internal-Data0/3           169.254.1.1     YES unset  up                    up 
Management0/0              unassigned      YES unset  up                    up 
Tunnel1                    169.254.13.190  YES manual up                    up 


5525-x# show run interface tunnel1
!
interface Tunnel1
 nameif AWS
 ip address 169.254.13.190 255.255.255.252
 tunnel source interface outside
 tunnel destination 1.1.1.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile AWS

5525-x# ping 172.31.1.1       // AWS LAN IP
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


5525-x# show crypto isakmp sa

IKEv1 SAs:

   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 1.1.1.2
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE

There are no IKEv2 SAs

5525-x# show crypto ipsec sa
interface: AWS
    Crypto map tag: __vti-crypto-map-4-0-1, seq num: 65280, local addr: 1.1.1.1

      access-list __vti-def-acl-0 extended permit ip any any
      local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
      remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
      current_peer: 1.1.1.2

      #pkts encaps: 87, #pkts encrypt: 87, #pkts digest: 87
      #pkts decaps: 97, #pkts decrypt: 97, #pkts verify: 97
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 87, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #TFC rcvd: 0, #TFC sent: 0
      #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 1.1.1.1/0, remote crypto endpt.: 1.1.1.2/0
      path mtu 1500, ipsec overhead 74(44), media mtu 1500
      PMTU time remaining (sec): 0, DF policy: copy-df
      ICMP error validation: disabled, TFC packets: disabled
      current outbound spi: AD2A1AEB
      current inbound spi : D05BCF8B
             
    inbound esp sas:
      spi: 0xD05BCF8B (3495677835)
         transform: esp-aes esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, VTI, }
         slot: 0, conn_id: 12288, crypto-map: __vti-crypto-map-4-0-1
         sa timing: remaining key lifetime (kB/sec): (4373994/2531)
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
      spi: 0xAD2A1AEB (2905217771)
         transform: esp-aes esp-sha-hmac no compression
         in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, VTI, }
         slot: 0, conn_id: 12288, crypto-map: __vti-crypto-map-4-0-1
         sa timing: remaining key lifetime (kB/sec): (4373995/2531)
         IV size: 16 bytes
         replay detection support: Y
         Anti replay bitmap:
          0x00000000 0x00000001


5525-x# show run
: Saved
:
: Serial Number: FCH1834J123
: Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
:
ASA Version 9.7(1)4
!
hostname 5525-x
domain-name lab.com
enable password 2KFQnbNIdI.2KYOU encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
 description ### WAN  ###
 nameif outside
 security-level 0
 ip address 1.1.1.1 255.255.255.252
!
interface GigabitEthernet0/1
 description ### LAN ###
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif   
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 management-only
 no nameif
 no security-level
 no ip address
!
interface Tunnel1
 nameif AWS
 ip address 169.254.13.190 255.255.255.252
 tunnel source interface outside
 tunnel destination 1.1.1.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile AWS
!
boot system disk0:/asa971-4-smp-k8.bin
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 8.8.8.8
 domain-name lab.com
object network INSIDE-SUBNET
 subnet 0.0.0.0 0.0.0.0
object network IDENTITY-NAT
 subnet 0.0.0.0 0.0.0.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-761.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network IDENTITY-NAT
 nat (inside,outside) static INSIDE-SUBNET
router bgp 65000
 bgp log-neighbor-changes
 address-family ipv4 unicast
  neighbor 169.254.13.189 remote-as 7224
  neighbor 169.254.13.189 activate
  network 192.168.1.0
  no auto-summary
  no synchronization
 exit-address-family
!            
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set AWS esp-aes esp-sha-hmac
crypto ipsec profile AWS
 set ikev1 transform-set AWS
 set pfs group2
 set security-association lifetime seconds 3600
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 28800
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 1
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
username all
tunnel-group 1.1.1.2 type ipsec-l2l
tunnel-group 1.1.1.2 ipsec-attributes
 ikev1 pre-shared-key cisco123
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny 
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip 
  inspect xdmcp
  inspect dns preset_dns_map
  inspect icmp
  inspect icmp error
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly 27
  subscribe-to-alert-group configuration periodic monthly 27
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1d49675b0a2dba8e8bfd04398e2a10b1
: end

5525-x# show bgp summary
BGP router identifier 192.168.1.1, local AS number 65000
BGP table version is 2, main routing table version 2
1 network entries using 200 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 208 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 488 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
169.254.13.189  4         7224 24      21             2    0    0 00:18:29  0 


I've used a Cisco 2901 router to simulate an AWS cloud.


AWS#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down   
GigabitEthernet0/0         1.1.1.2         YES manual up                    up     
GigabitEthernet0/1         unassigned      YES NVRAM  administratively down down   
Serial0/0/0                unassigned      YES NVRAM  administratively down down   
Serial0/0/1                unassigned      YES NVRAM  administratively down down   
Loopback0                  172.31.1.1      YES manual up                    up     
Tunnel1                    169.254.13.189  YES manual up                    up     


AWS#show run
Building configuration...

Current configuration : 2052 bytes
!
! Last configuration change at 07:44:08 UTC Wed Jul 12 2017
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AWS
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!        
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2901/K9 sn FCZ17039XYZ
hw-module pvdm 0/0
!
!        
!
!
redundancy
!
!
!
!
!
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key cisco123 address 1.1.1.1
!
!
crypto ipsec transform-set AWS esp-aes esp-sha-hmac
!
crypto ipsec profile AWS
 set transform-set AWS
 set pfs group2
!
!        
!
!
!
!
interface Loopback0
 description ### LAN ###
 ip address 172.31.1.1 255.255.255.0
!
interface Tunnel1
 ip address 169.254.13.189 255.255.255.252
 tunnel source GigabitEthernet0/0
 tunnel mode ipsec ipv4
 tunnel destination 1.1.1.1
 tunnel protection ipsec profile AWS
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description ### WAN ###
 ip address 1.1.1.2 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown
 clock rate 2000000
!
router bgp 7224
 bgp log-neighbor-changes
 neighbor 169.254.13.190 remote-as 65000
 !
 address-family ipv4
  network 172.31.1.0
  neighbor 169.254.13.190 activate
 exit-address-family
!        
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!        
gatekeeper
 shutdown
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
end


AWS#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
1.1.1.2         1.1.1.1         QM_IDLE           1017 ACTIVE

IPv6 Crypto ISAKMP SA


AWS#show crypto ipsec sa

interface: Tunnel1
    Crypto map tag: Tunnel1-head-0, local addr 1.1.1.2

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   current_peer 1.1.1.1 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 102, #pkts encrypt: 102, #pkts digest: 102
    #pkts decaps: 94, #pkts decrypt: 94, #pkts verify: 94
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 1, #recv errors 0

     local crypto endpt.: 1.1.1.2, remote crypto endpt.: 1.1.1.1
     path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
     current outbound spi: 0xD05BCF8B(3495677835)
     PFS (Y/N): Y, DH group: group2

     inbound esp sas:
      spi: 0xAD2A1AEB(2905217771)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2005, flow_id: Onboard VPN:5, sibling_flags 80000046, crypto map: Tunnel1-head-0
        sa timing: remaining key lifetime (k/sec): (4498776/2919)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xD05BCF8B(3495677835)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2006, flow_id: Onboard VPN:6, sibling_flags 80000046, crypto map: Tunnel1-head-0
        sa timing: remaining key lifetime (k/sec): (4498775/2919)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:
         
     outbound pcp sas:


AWS#show ip bgp summary
BGP router identifier 172.31.1.1, local AS number 7224
BGP table version is 6, main routing table version 6
1 network entries using 136 bytes of memory
1 path entries using 56 bytes of memory
1/1 BGP path/bestpath attribute entries using 128 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 344 total bytes of memory
BGP activity 1/0 prefixes, 3/2 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
169.254.13.190  4        65000      12      14        6    0    0 00:09:03        1


AWS#show ip bgp
BGP table version is 6, local router ID is 172.31.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.1.0      169.254.13.190           0             0 65000 i


Below are the debug output captured from both ASA 9.7 and AWS router.

Cisco ASA 9.7

5525-x# debug crypto ikev1 ?

  <1-255>  Specify an optional debug level (default is 1)
  timers   debug the ikev1 timers
  <cr>

5525-x# debug crypto ikev1 255      // I DIDN'T GET DEBUG OUTPUT USING LEVEL 1

5525-x# debug crypto  ipsec ?

  <1-255>  Specify an optional debug level (default is 1)
  <cr>

5525-x# debug crypto ipsec 255

5525-x# debug ip ?

  bgp      BGP information
  eigrp    Debug IPv4 EIGRP
  ospf     OSPF information
  rip      RIP protocol transactions
  routing  Routing table events

5525-x# debug ip bgp ?

  A.B.C.D     BGP neighbor address
  events      BGP events
  in          BGP Inbound information
  ipv4        Address family
  ipv6        Address family
  keepalives  BGP keepalives
  out         BGP Outbound information
  range       BGP dynamic range
  rib-filter  Next hop route watch filter events
  updates     BGP updates
  <cr>

5525-x# debug ip bgp events
BGP events debugging is on
Successfully set for module BGP at level 1

5525-x#
BGP: Regular scanner timer event
BGP: Performing BGP general scanning
BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
BGP(0): Future scanner version: 1028, current scanner version: 1027

5525-x# Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x7d043cfc)
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=15c4d463) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84

5525-x#
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d    |  .x....8H..'....}
08 10 05 00 63 d4 c4 15 1c 00 00 00 0b 00 00 18    |  ....c...........
fa f1 e0 a6 fe 3c 69 c3 cf 66 31 10 2d e2 b3 33    |  .....<i..f1.-..3
42 86 02 2a 00 00 00 20 00 00 00 01 01 10 8d 28    |  B..*... .......(
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d    |  .x....8H..'....}
7d 04 3c fc                                        |  }.<.

ISAKMP Header


5525-x#   Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (none)
  MessageID: 15C4D463
  Length: 28
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      fa f1 e0 a6 fe 3c 69 c3 cf 66 31 10 2d e2 b3 33
      42 86 02 2a
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE
    SPI:
      1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
    Data: 7d 04 3c fc

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 15C4D463
  Length: 92
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500     //IKE UDP PORT 500


IKEv1 Recv RAW packet dump
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d    |  .x....8H..'....}
08 10 05 01 31 f3 87 0c 00 00 00 5c 38 5a 44 31    |  ....1......\8ZD1
8d 15 6b 72 f4 99 ac 2e 02 1c d7 60 79 c9 78 49    |  ..kr.......`y.xI
a7 0f 2f c2 60 53 b7 62 dd ac d1 77 90 fe b0 b2    |  ../.`S.b...w....
54 40 11 bd de c1 e2 44 13 12 dd 90 f6 7d cf 1f    |  T@.....D.....}..
06 5c 7b 92 e2 13 78 23 31 83 e6 64                |  .\{...x#1..d

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 31F3870C
  Length: 92

AFTER DECRYPTION
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 31F3870C
  Length: 92
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      e8 f1 7e af 3f 8e ed c7 67 89 35 f9 55 c6 86 9b
      ef 81 9d 4d
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE_ACK
    SPI:
      1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
    Data: 7d 04 3c fc
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=31f3870c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x7d043cfc)
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE SA MM:fa27f090 rcv'd Terminate: state MM_ACTIVE  flags 0x00018042, refcnt 1, tuncnt 1
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 20480
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Remove from IKEv1 MIB Table succeeded for SA with logical ID 20480
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, sending delete/delete with reason message
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec delete payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=78819259) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68

BEFORE ENCRYPTION
RAW PACKET DUMP on SEND


5525-x# 1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d    |  .x....8H..'....}
08 10 05 00 59 92 81 78 1c 00 00 00 0c 00 00 18    |  ....Y..x........
d9 4b 95 7f 2b 15 33 c5 e0 26 47 cf 55 a4 41 a1    |  .K.+.3..&G.U.A.
44 96 bd 69 00 00 00 10 00 00 00 01 03 04 00 01    |  D..i............
8b a9 b0 28                                        |  ...(

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (none)
  MessageID: 78819259
  Length: 28
  Payload Hash
    Next Payload: Delete
    Reserved: 00
    Payload Length: 24
    Data:
      d9 4b 95 7f 2b 15 33 c5 e0 26 47 cf 55 a4 41 a1
      44 96 bd 69
  Payload Delete
    Next Payload: None
    Reserved: 00
    Payload Length: 16
    DOI: IPsec
    Protocol-ID: PROTO_IPSEC_ESP
    Spi Size: 4
    # of SPIs: 1
    SPI (Hex dump): 8b a9 b0 28

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 78819259
  Length: 76
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Active unit receives a delete event for remote peer 1.1.1.2.

Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE Deleting SA: Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE SA MM:fa27f090 terminating:  flags 0x01018002, refcnt 0, tuncnt 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, sending delete/delete with reason message
IPSEC: Received a PFKey message from IKE
IPSEC DEBUG: Received a DELETE PFKey message from IKE for an inbound SA (SPI 0x8BA9B028)
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) destroy started, state active
IPSEC: Destroy current outbound SPI: 0x2D20E7D2
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) free started, state active
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) state change from active to dead
IPSEC DEBUG: Deleting the outbound encrypt rule for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted outbound encrypt rule, SPI 0x2D20E7D2
    Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the outbound permit rule for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted outbound permit rule, SPI 0x2D20E7D2
    Rule ID: 0x00007f6a02aeaa50
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the Outbound VPN context for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_free_sa:9198)
IPSEC: Deleted outbound VPN context, SPI 0x2D20E7D2
    VPN handle: 0x0000000000013b54
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:11730)
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) free completed
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) destroy completed
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) destroy started, state active
IPSEC: Destroy current inbound SPI: 0x8BA9B028
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) free started, state active
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) state change from active to dead
IPSEC DEBUG: Deleting the inbound decrypt rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound decrypt rule, SPI 0x8BA9B028
    Rule ID: 0x00007f6a034e8b50
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the inbound permit rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound permit rule, SPI 0x8BA9B028
    Rule ID: 0x00007f6a01e832e0
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the inbound tunnel flow rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound tunnel flow rule, SPI 0x8BA9B028
    Rule ID: 0x00007f6a01a7c180
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the Inbound VPN context for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_free_sa:9198)
IPSEC: Deleted inbound VPN context, SPI 0x8BA9B028
    VPN handle: 0x0000000000015bac
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:11730)
IPSEC: Removed SA from last received DB, SPI: 0x8BA9B028, user: 1.1.1.2, peer: 1.1.1.2, SessionID: 0x00005000
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) free completed
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) destroy completed
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=0, saddr=1.1.1.1, sport=1, daddr=1.1.1.2, dport=1
IPSEC(crypto_map_check)-3: Checking crypto map __vti-crypto-map-4-0-1 65280: matched.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IKE delete payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=b420f796) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80

BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d    |  .x....8H..'....}
08 10 05 00 96 f7 20 b4 1c 00 00 00 0c 00 00 18    |  ...... .........
b3 6a 14 f7 2c 44 0f 7e f2 56 37 26 4c b0 6f a7    |  .j..,D.~.V7&L.o.
a0 95 f0 7b 00 00 00 1c 00 00 00 01 01 10 00 01    |  ...{............
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d    |  .x....8H..'....}

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (none)
  MessageID: B420F796
  Length: 28
  Payload Hash
    Next Payload: Delete
    Reserved: 00
    Payload Length: 24
    Data:
      b3 6a 14 f7 2c 44 0f 7e f2 56 37 26 4c b0 6f a7
      a0 95 f0 7b
  Payload Delete
    Next Payload: None
    Reserved: 00
    Payload Length: 28
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    # of SPIs: 1
    SPI (Hex dump):
      1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: B420F796
  Length: 92
Jul 12 18:33:10 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0x8ba9b028
Jul 12 18:33:10 [IKEv1 DEBUG]Pitcher: received a key acquire message, spi 0x0
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=0, saddr=1.1.1.1, sport=1, daddr=1.1.1.2, dport=1
IPSEC(crypto_map_check)-3: Checking crypto map __vti-crypto-map-4-0-1 65280: matched.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Session is being torn down. Reason: Administrator Reset
Jul 12 18:33:10 [IKEv1]Ignoring msg to mark SA with dsID 20480 dead because SA deleted
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d    |  .x....8H..'....}
08 10 05 01 46 51 1a bf 00 00 00 5c f6 f2 cf 57    |  ....FQ.....\...W
8c fe 53 50 8c 9a 65 f1 25 5d c6 30 d7 6d 60 b3    |  ..SP..e.%].0.m`.
71 fd c3 65 52 41 18 00 ba 66 8d 1d 9f 8a 28 9c    |  q..eRA...f....(.
37 df 40 83 79 f9 dd bc 88 3b 70 b5 28 70 03 1a    |  7.@.y....;p.(p..
ae 3b 8b c0 47 b3 bd 19 89 b9 7b 16                |  .;..G.....{.

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
  Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 46511ABF
  Length: 92
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Received encrypted packet with no matching SA, dropping
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 00 00 00 00 00 00 00 00    |  .x.....W........
01 10 02 00 00 00 00 00 00 00 00 a4 0d 00 00 38    |  ...............8
00 00 00 01 00 00 00 01 00 00 00 2c 01 01 00 01    |  ...........,....
00 00 00 24 01 01 00 00 80 01 00 07 80 0e 00 80    |  ...$............
80 02 00 02 80 04 00 02 80 03 00 01 80 0b 00 01    |  ................
80 0c 70 80 0d 00 00 14 4a 13 1c 81 07 03 58 45    |  ..p.....J.....XE
5c 57 28 f2 0e 95 45 2f 0d 00 00 14 43 9b 59 f8    |  \W(...E/....C.Y.
ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 0d 00 00 14    |  .glLw7."........
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56    |  }...S..o,....R.V
00 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5    |  ........>.in.c..
ec 42 7b 1f                                        |  .B{.

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 00 00 00 00 00 00 00 00
  Next Payload: Security Association
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (none)
  MessageID: 00000000
  Length: 164
  Payload Security Association
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 56
    DOI: IPsec
    Situation:(SIT_IDENTITY_ONLY)
    Payload Proposal
      Next Payload: None
      Reserved: 00
      Payload Length: 44
      Proposal #: 1
      Protocol-Id: PROTO_ISAKMP
      SPI Size: 0
      # of transforms: 1
      Payload Transform
        Next Payload: None
        Reserved: 00
        Payload Length: 36
        Transform #: 1
        Transform-Id: KEY_IKE
        Reserved2: 0000
        Encryption Algorithm: AES-CBC
        Key Length: 128
        Hash Algorithm: SHA1
        Group Description: Group 2
        Authentication Method: Preshared key
        Life Type: seconds
        Life Duration (Hex): 70 80
  Payload Vendor ID
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 20
    Data (In Hex):
      4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
  Payload Vendor ID
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 20
    Data (In Hex):
      43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82
  Payload Vendor ID
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 20
    Data (In Hex):
      7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
  Payload Vendor ID
    Next Payload: None
    Reserved: 00
    Payload Length: 20
    Data (In Hex):
      90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 164
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Oakley proposal is acceptable
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal RFC VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal ver 03 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal ver 02 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing IKE SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, IKE SA Proposal # 1, Transform # 1 acceptable  Matches global IKE entry # 2
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing ISAKMP SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Traversal VID ver RFC payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing Fragmentation VID + extended capabilities payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128

SENDING PACKET to 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Security Association
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (none)
  MessageID: 00000000
  Length: 128
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
04 10 02 00 00 00 00 00 00 00 01 1c 0a 00 00 84    |  ................
1e d2 8a 2a b0 2f 33 91 99 29 49 f9 e9 cb ea d8    |  ...*./3..)I.....
c5 19 5d 88 32 08 24 4b 8a ee 51 d2 a3 a2 27 7c    |  ..].2.$K..Q...'|
12 aa a8 00 cd 04 a1 f4 53 37 65 c0 61 af fb 07    |  ........S7e.a...
f9 35 d6 ef 10 52 3b eb 75 6f 64 4e 8f 65 36 09    |  .5...R;.uodN.e6.
57 f8 33 27 65 7e 64 25 55 8b c4 94 e9 cf a8 2d    |  W.3'e~d%U......-
6a 5c f3 15 91 08 34 7d c5 bf a5 b0 34 69 dc 30    |  j\....4}....4i.0
8b 2c d3 34 3d 2c b6 fc b4 9b fa 17 fd ea 98 66    |  .,.4=,.........f
84 ca 8a ba ab eb 13 dc f4 d4 2a c2 a7 35 b7 63    |  ..........*..5.c
0d 00 00 18 5d fa 40 b3 8d 87 25 f5 36 38 90 b8    |  ....].@...%.68..
1f be de 6c ba 6b d6 44 0d 00 00 14 af ca d7 13    |  ...l.k.D........
68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14    |  h...k...wW......
e9 bf 74 8d c3 8f f9 57 89 b6 05 0e e3 56 42 02    |  ..t....W.....VB.
14 00 00 0c 09 00 26 89 df d6 b7 12 14 00 00 18    |  ......&.........
fb d9 57 32 67 91 9c da c2 16 cd e4 5d 95 b0 62    |  ..W2g.......]..b
54 fe 59 58 00 00 00 18 c2 54 40 c2 e0 f4 a9 33    |  T.YX.....T@....3
28 ba d6 5e 2e bd 70 69 3c 4c 41 2b                |  (..^..pi<LA+

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Key Exchange
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (none)
  MessageID: 00000000
  Length: 284
  Payload Key Exchange
    Next Payload: Nonce
    Reserved: 00
    Payload Length: 132
    Data:
      1e d2 8a 2a b0 2f 33 91 99 29 49 f9 e9 cb ea d8
      c5 19 5d 88 32 08 24 4b 8a ee 51 d2 a3 a2 27 7c
      12 aa a8 00 cd 04 a1 f4 53 37 65 c0 61 af fb 07
      f9 35 d6 ef 10 52 3b eb 75 6f 64 4e 8f 65 36 09
      57 f8 33 27 65 7e 64 25 55 8b c4 94 e9 cf a8 2d
      6a 5c f3 15 91 08 34 7d c5 bf a5 b0 34 69 dc 30
      8b 2c d3 34 3d 2c b6 fc b4 9b fa 17 fd ea 98 66
      84 ca 8a ba ab eb 13 dc f4 d4 2a c2 a7 35 b7 63
  Payload Nonce
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 24
    Data:
      5d fa 40 b3 8d 87 25 f5 36 38 90 b8 1f be de 6c
      ba 6b d6 44
  Payload Vendor ID
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 20
    Data (In Hex):
      af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
  Payload Vendor ID
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 20
    Data (In Hex):
      e9 bf 74 8d c3 8f f9 57 89 b6 05 0e e3 56 42 02
  Payload Vendor ID
    Next Payload: NAT-D
    Reserved: 00
    Payload Length: 12
    Data (In Hex): 09 00 26 89 df d6 b7 12
  Payload NAT-D
    Next Payload: NAT-D
    Reserved: 00
    Payload Length: 24
    Data:
      fb d9 57 32 67 91 9c da c2 16 cd e4 5d 95 b0 62
      54 fe 59 58
  Payload NAT-D
    Next Payload: None
    Reserved: 00
    Payload Length: 24
    Data:
      c2 54 40 c2 e0 f4 a9 33 28 ba d6 5e 2e bd 70 69
      3c 4c 41 2b
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 284
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing ISA_KE payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received DPD VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000f6f)
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received xauth V6 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing Cisco Unity VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing xauth V6 VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Send IOS VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating keys for Responder...
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304

SENDING PACKET to 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Key Exchange
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (none)
  MessageID: 00000000
  Length: 304
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
05 10 02 01 00 00 00 00 00 00 00 6c 16 fc 72 19    |  ...........l..r.
28 ef b5 d1 38 be d7 c4 1f 42 4c b8 72 15 67 ec    |  (...8....BL.r.g.
cb 28 56 cb a5 b9 77 50 cc ee 43 e4 34 ee 02 d9    |  .(V...wP..C.4...
29 b8 0d 78 62 d5 98 54 32 91 9a fc f5 93 ab 0b    |  )..xb..T2.......
13 bb 74 d4 d3 da 62 57 49 b5 2f 11 d8 c6 92 21    |  ..t...bWI./....!
0d e7 41 3b df 79 ad 82 b2 eb bf 4f                |  ..A;.y.....O

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Identification
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (Encryption)
  MessageID: 00000000
  Length: 108

AFTER DECRYPTION
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Identification
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (Encryption)
  MessageID: 00000000
  Length: 108
  Payload Identification
    Next Payload: Hash
    Reserved: 00
    Payload Length: 12
    ID Type: IPv4 Address (1)
    Protocol ID (UDP/TCP, etc...): 17
    Port: 500
    ID Data: 1.1.1.2
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      ce bf b5 44 94 7a c8 d7 dd 41 ed 50 ff a1 4e 0f
      8f 8f 5f 52
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 28
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: STATUS_INITIAL_CONTACT
    SPI:
      1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NOTIFY (11) + NONE (0) total length : 92
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR ID received
1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing ID payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing dpd vid payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 96

BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
05 10 02 00 00 00 00 00 1c 00 00 00 08 00 00 0c    |  ................
01 11 00 00 01 01 01 01 80 00 00 18 84 3e 49 6d    |  .............>Im
f9 9b 8c b9 b2 4c d3 58 34 9a 0b bb 1f 1d 9b bb    |  .....L.X4.......
0d 00 00 0c 80 00 7f ff 80 00 7f ff 00 00 00 14    |  ..............
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00    |  ....h...k...wW..

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Identification
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (none)
  MessageID: 00000000
  Length: 28
  Payload Identification
    Next Payload: Hash
    Reserved: 00
    Payload Length: 12
    ID Type: IPv4 Address (1)
    Protocol ID (UDP/TCP, etc...): 17
    Port: 0
    ID Data: 1.1.1.1
  Payload Hash
    Next Payload: IOS Proprietary Keepalive or CHRE
    Reserved: 00
    Payload Length: 24
    Data:
      84 3e 49 6d f9 9b 8c b9 b2 4c d3 58 34 9a 0b bb
      1f 1d 9b bb
  Payload IOS Proprietary Keepalive or CHRE
    Next Payload: Vendor ID
    Reserved: 00
    Payload Length: 12
    Default Interval: 32767
    Retry Interval: 32767
  Payload Vendor ID
    Next Payload: None
    Reserved: 00
    Payload Length: 20
    Data (In Hex):
      af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00

SENDING PACKET to 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Identification
  Version: 1.0
  Exchange Type: Identity Protection (Main Mode)
  Flags: (Encryption)
  MessageID: 00000000
  Length: 108
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, PHASE 1 COMPLETED
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Keep-alive type for this connection: DPD
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Starting P1 rekey timer: 21600 seconds.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Add to IKEv1 Tunnel Table succeeded for SA with logical ID 24576
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Add to IKEv1 MIB Table succeeded for SA with logical ID 24576
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 20 01 17 fb be 5e 00 00 01 3c ec 34 01 e9    |  .. ....^...<.4..
9c ae 09 f3 d4 86 b1 17 db 25 56 e3 3a 9d e1 94    |  .........%V.:...
c0 2c 97 6a 7c c6 f1 a1 28 47 8b d2 7a 60 d3 fd    |  .,.j|...(G..z`..
2f 90 10 cb e3 4b 52 73 fd 2e 01 4f 1f 47 c1 ee    |  /....KRs...O.G..
64 5e 44 27 32 32 a6 94 b8 db 3a 2f 5b 7e f1 e6    |  d^D'22....:/[~..
e0 ce 52 92 07 6d ec 46 6e 8e e6 33 c1 3e 16 11    |  ..R..m.Fn..3.>..
fa cc f9 50 b7 91 d3 da 19 90 46 9d 4a fc fb 52    |  ...P......F.J..R
6d 45 de 53 b9 9b 7c f4 13 e5 50 ec 6a ab db 21    |  mE.S..|...P.j..!
31 df ff 4a 70 ba 31 2a 14 4d 5c 15 e3 6a 6f e6    |  1..Jp.1*.M\..jo.
3c 3c 93 07 e2 b4 da d0 34 81 d1 be dc d2 68 7a    |  <<......4.....hz
4d 7a 2b 07 ec ca 9f 60 93 2b 0a 64 39 62 9d 2f    |  Mz+....`.+.d9b./
54 b1 d6 13 5d 98 a4 d6 dd db 90 0d 16 85 38 d2    |  T...].........8.
db 0c f3 45 7f 4d 08 a0 9b 70 ba e7 81 b1 de 00    |  ...EM...p......
a6 46 4b 8b d2 c2 b1 ec 09 22 24 7b d6 cc 75 ea    |  .FK......"${..u.
37 4a 48 6c 28 b9 fa a8 41 ce ab 57 dc 32 1c 72    |  7JHl(...A..W.2.r
75 a0 aa c6 bd fd b5 69 5f c4 1a 05 13 d2 d0 47    |  u......i_......G
6a 31 3e 87 5e 86 8c 7a d9 1c 53 e6 f2 cb 34 67    |  j1>.^..z..S...4g
f1 44 cd be e6 e7 77 d2 35 ac 64 17 e4 a8 91 6a    |  .D....w.5.d....j
27 a3 96 69 92 78 01 65 63 45 e9 4d                |  '..i.x.ecE.M

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Quick Mode
  Flags: (Encryption)
  MessageID: 17FBBE5E
  Length: 316
Jul 12 18:33:10 [IKEv1 DECODE]IP = 1.1.1.2, IKE Responder starting QM: msg id = 17fbbe5e

AFTER DECRYPTION
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Quick Mode
  Flags: (Encryption)
  MessageID: 17FBBE5E
  Length: 316
  Payload Hash
    Next Payload: Security Association
    Reserved: 00
    Payload Length: 24
    Data:
      43 c9 e1 87 08 7a c5 af 71 90 38 32 1e 73 68 b5
      12 44 9b 60
  Payload Security Association
    Next Payload: Nonce
    Reserved: 00
    Payload Length: 68
    DOI: IPsec
    Situation:(SIT_IDENTITY_ONLY)
    Payload Proposal
      Next Payload: None
      Reserved: 00
      Payload Length: 56
      Proposal #: 1
      Protocol-Id: PROTO_IPSEC_ESP
      SPI Size: 4
      # of transforms: 1
      SPI: df 8a ac 79
      Payload Transform
        Next Payload: None
        Reserved: 00
        Payload Length: 44
        Transform #: 1
        Transform-Id: ESP_AES
        Reserved2: 0000
        Encapsulation Mode: Tunnel
        Life Type: Seconds
        Life Duration (Hex): 0e 10
        Life Type: Kilobytes
        Life Duration (Hex): 00 46 50 00
        Authentication Algorithm: SHA1
        Key Length: 128
        Group Description: Group 2
  Payload Nonce
    Next Payload: Key Exchange
    Reserved: 00
    Payload Length: 24
    Data:
      74 d4 82 f7 83 a2 c9 c4 d7 97 37 8a cc e0 25 2e
      fc 57 0b 56
  Payload Key Exchange
    Next Payload: Identification
    Reserved: 00
    Payload Length: 132
    Data:
      c8 49 46 ba b8 5e be 4c fc 5f 1c f4 5d f1 f3 13
      2d a8 48 27 8f dd 78 ff 85 87 b0 fb c7 ee aa 71
      6d ba 64 26 6b ae 1f f3 d6 c9 55 f2 ec d6 da b3
      4c 6b 93 0d 50 96 45 3a cb 2d 6d 77 d8 5b 88 68
      25 98 67 f5 21 d3 bb 6e c7 88 6f fd 67 b1 31 7a
      f6 91 ff 38 53 3d 31 23 2b f4 55 71 55 5b d2 bc
      e6 70 5b 2e 08 90 2c ce 25 22 03 2a a5 eb 04 a3
      51 ca b4 96 2a 57 5a aa 40 34 aa a0 1f e3 a4 07
  Payload Identification
    Next Payload: Identification
    Reserved: 00
    Payload Length: 16
    ID Type: IPv4 Subnet (4)
    Protocol ID (UDP/TCP, etc...): 0
    Port: 0
    ID Data: 0.0.0.0/0.0.0.0
  Payload Identification
    Next Payload: None
    Reserved: 00
    Payload Length: 16
    ID Type: IPv4 Subnet (4)
    Protocol ID (UDP/TCP, etc...): 0
    Port: 0
    ID Data: 0.0.0.0/0.0.0.0
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NONE (0) total length : 308
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ISA_KE for PFS in phase 2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Received remote IP Proxy Subnet data in ID Payload:   Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Received local IP Proxy Subnet data in ID Payload:   Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, QM IsRekeyed old sa not found by addr
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = __vti-crypto-map-4-0-1, seq = 65280...
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map __vti-crypto-map-4-0-1, seq = 65280 is a successful match
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, IKE Remote Peer configured for crypto map: __vti-crypto-map-4-0-1
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing IPSec SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IPSec SA Proposal # 1, Transform # 1 acceptable  Matches global IPSec SA entry # 65280
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, IKE: requesting SPI!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC DEBUG: Inbound SA (SPI 0x00000000) state change from inactive to embryonic
IPSEC: New embryonic SA created @ 0x00007f6a02a101b0,
    SCB: 0x01E81330,
    Direction: inbound
    SPI      : 0x9169931A
    Session ID: 0x00006000
    VPIF num  : 0x00000002
    Tunnel type: l2l
    Protocol   : esp
    Lifetime   : 240 seconds
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE got SPI from key engine: SPI = 0x9169931a
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, oakley constucting quick mode
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing pfs ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing proxy ID
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Transmitting Proxy Id:
  Remote subnet: 0.0.0.0  Mask 0.0.0.0 Protocol 0  Port 0
  Local subnet:  0.0.0.0  mask 0.0.0.0 Protocol 0  Port 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, IKE Responder sending 2nd QM pkt: msg id = 17fbbe5e
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NONE (0) total length : 308

BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 20 00 5e be fb 17 1c 00 00 00 01 00 00 18    |  .. .^...........
26 b5 df 4f 0e 49 c9 59 00 99 15 1f 35 52 dc f2    |  &..O.I.Y....5R..
0a 8e 17 28 0a 00 00 44 00 00 00 01 00 00 00 01    |  ...(...D........
00 00 00 38 01 03 04 01 91 69 93 1a 00 00 00 2c    |  ...8.....i.....,
01 0c 00 00 80 01 00 01 80 02 0e 10 80 01 00 02    |  ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00 02    |  .....FP.........
80 03 00 02 80 06 00 80 04 00 00 18 82 10 78 d8    |  ..............x.
59 e7 f7 ef e6 99 cd 12 ec 51 27 17 68 bc 19 ae    |  Y........Q'.h...
05 00 00 84 5d ce 10 8f 52 31 1e e2 4d 4d 89 61    |  ....]...R1..MM.a
56 29 7f ff 76 98 5e 69 ff 24 99 b2 3b 55 51 0c    |  V).v.^i.$..;UQ.
28 94 ef 3e 66 0b 5b 74 ad b6 72 62 a1 5b c9 2c    |  (..>f.[t..rb.[.,
cf 86 f9 32 a6 5b 7f 93 a0 7c 54 2f 4c 9d b7 2c    |  ...2.[..|T/L..,
2a a4 84 22 18 99 f3 8f 98 fb f8 af 93 94 71 9b    |  *.."..........q.
ee b0 b8 33 3a 12 b1 76 5f 8c d7 a1 07 21 78 9b    |  ...3:..v_....!x.
fe 9c b1 ac 87 f9 12 9a e0 83 6e b1 f9 11 b9 0b    |  ..........n.....
ae ad ff 9c 3c 54 3f 7f 85 b4 b6 a3 aa ba 4b bc    |  ....<T?......K.
59 c6 a1 bc 05 00 00 10 04 00 00 00 00 00 00 00    |  Y...............
00 00 00 00 00 00 00 10 04 00 00 00 00 00 00 00    |  ................
00 00 00 00                                        |  ....

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Quick Mode
  Flags: (none)
  MessageID: 17FBBE5E
  Length: 28
  Payload Hash
    Next Payload: Security Association
    Reserved: 00
    Payload Length: 24
    Data:
      26 b5 df 4f 0e 49 c9 59 00 99 15 1f 35 52 dc f2
      0a 8e 17 28
  Payload Security Association
    Next Payload: Nonce
    Reserved: 00
    Payload Length: 68
    DOI: IPsec
    Situation:(SIT_IDENTITY_ONLY)
    Payload Proposal
      Next Payload: None
      Reserved: 00
      Payload Length: 56
      Proposal #: 1
      Protocol-Id: PROTO_IPSEC_ESP
      SPI Size: 4
      # of transforms: 1
      SPI: 91 69 93 1a
      Payload Transform
        Next Payload: None
        Reserved: 00
        Payload Length: 44
        Transform #: 1
        Transform-Id: ESP_AES
        Reserved2: 0000
        Life Type: Seconds
        Life Duration (Hex): 0e 10
        Life Type: Kilobytes
        Life Duration (Hex): 00 46 50 00
        Encapsulation Mode: Tunnel
        Authentication Algorithm: SHA1
        Group Description: Group 2
        Key Length: 128
  Payload Nonce
    Next Payload: Key Exchange
    Reserved: 00
    Payload Length: 24
    Data:
      82 10 78 d8 59 e7 f7 ef e6 99 cd 12 ec 51 27 17
      68 bc 19 ae
  Payload Key Exchange
    Next Payload: Identification
    Reserved: 00
    Payload Length: 132
    Data:
      5d ce 10 8f 52 31 1e e2 4d 4d 89 61 56 29 7f ff
      76 98 5e 69 ff 24 99 b2 3b 55 51 0c 28 94 ef 3e
      66 0b 5b 74 ad b6 72 62 a1 5b c9 2c cf 86 f9 32
      a6 5b 7f 93 a0 7c 54 2f 4c 9d b7 2c 2a a4 84 22
      18 99 f3 8f 98 fb f8 af 93 94 71 9b ee b0 b8 33
      3a 12 b1 76 5f 8c d7 a1 07 21 78 9b fe 9c b1 ac
      87 f9 12 9a e0 83 6e b1 f9 11 b9 0b ae ad ff 9c
      3c 54 3f 7f 85 b4 b6 a3 aa ba 4b bc 59 c6 a1 bc
  Payload Identification
    Next Payload: Identification
    Reserved: 00
    Payload Length: 16
    ID Type: IPv4 Subnet (4)
    Protocol ID (UDP/TCP, etc...): 0
    Port: 0
    ID Data: 0.0.0.0/0.0.0.0
  Payload Identification
    Next Payload: None
    Reserved: 00
    Payload Length: 16
    ID Type: IPv4 Subnet (4)
    Protocol ID (UDP/TCP, etc...): 0
    Port: 0
    ID Data: 0.0.0.0/0.0.0.0
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 20 01 17 fb be 5e 00 00 00 3c b9 0c 41 d7    |  .. ....^...<..A.
a2 2c 63 2b 63 22 bb e8 23 5f 2d bc 77 92 c5 a8    |  .,c+c"..#_-.w...
d4 5f 3b 7b 64 63 a0 28 df e5 06 a0                |  ._;{dc.(....

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Quick Mode
  Flags: (Encryption)
  MessageID: 17FBBE5E
  Length: 60

AFTER DECRYPTION
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Quick Mode
  Flags: (Encryption)
  MessageID: 17FBBE5E
  Length: 60
  Payload Hash
    Next Payload: None
    Reserved: 00
    Payload Length: 24
    Data:
      38 ee de 37 35 3e 9f 70 a4 db 6c 40 c2 b9 a2 39
      57 a8 2d 33
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, loading all IPSEC SAs
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating Quick Mode Key!
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating Quick Mode Key!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey ADD message
IPSEC: Creating IPsec SA
IPSEC: Adding the outbound SA, SPI: 0xDF8AAC79
IPSEC DEBUG: Outbound SA (SPI 0xDF8AAC79) state change from inactive to embryonic
IPSEC: New embryonic SA created @ 0x00007f6a0330a100,
    SCB: 0x02AF1EF0,
    Direction: outbound
    SPI      : 0xDF8AAC79
    Session ID: 0x00006000
    VPIF num  : 0x00000004
    Tunnel type: l2l
    Protocol   : esp
    Lifetime   : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xDF8AAC79
IPSEC: Creating outbound VPN context, SPI 0xDF8AAC79
    Flags: 0x00000005
    SA   : 0x00007f6a0330a100
    SPI  : 0xDF8AAC79
    MTU  : 1500 bytes
    VCID : 0x00000000
    Peer : 0x00000000
    SCB  : 0x0E249A81
    Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7482)
IPSEC: Completed outbound VPN context, SPI 0xDF8AAC79
    VPN handle: 0x000000000001776c
IPSEC: New outbound encrypt rule, SPI 0xDF8AAC79
    Src addr: 0.0.0.0
    Src mask: 0.0.0.0
    Dst addr: 0.0.0.0
    Dst mask: 0.0.0.0
    Src ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Dst ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Protocol: 0
    Use protocol: false
    SPI: 0x00000000
    Use SPI: false
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6471)
IPSEC: Completed outbound encrypt rule, SPI 0xDF8AAC79
    Rule ID: 0x00007f6a02b577d0
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New outbound permit rule, SPI 0xDF8AAC79
    Src addr: 1.1.1.1
    Src mask: 255.255.255.255
    Dst addr: 1.1.1.2
    Dst mask: 255.255.255.255
    Src ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Dst ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Protocol: 50
    Use protocol: true
    SPI: 0xDF8AAC79
    Use SPI: true
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6631)
IPSEC: Completed outbound permit rule, SPI 0xDF8AAC79
    Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: Increment SA HW ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_obsa:1243)
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Security negotiation complete for LAN-to-LAN Group (1.1.1.2)  Responder, Inbound SPI = 0x9169931a, Outbound SPI = 0xdf8aac79
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE got a KEY_ADD msg for SA: SPI = 0xdf8aac79
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey UPDATE message
IPSEC: Creating IPsec SA
IPSEC: Updating the inbound SA, SPI: 0x9169931A
IPSEC: New embryonic SA created @ 0x00007f6a02a101b0,
    SCB: 0x01E81330,
    Direction: inbound
    SPI      : 0x9169931A
    Session ID: 0x00006000
    VPIF num  : 0x00000004
    Tunnel type: l2l
    Protocol   : esp
    Lifetime   : 240 seconds
IPSEC: Completed host IBSA update, SPI 0x9169931A
IPSEC: Creating inbound VPN context, SPI 0x9169931A
    Flags: 0x00000006
    SA   : 0x00007f6a02a101b0
    SPI  : 0x9169931A
    MTU  : 0 bytes
    VCID : 0x00000000
    Peer : 0x0001776C
    SCB  : 0x0E245B03
    Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7415)
IPSEC: Completed inbound VPN context, SPI 0x9169931A
    VPN handle: 0x00000000000181e4
IPSEC: Updating outbound VPN context 0x0001776C, SPI 0xDF8AAC79
    Flags: 0x00000005
    SA   : 0x00007f6a0330a100
    SPI  : 0xDF8AAC79
    MTU  : 1500 bytes
    VCID : 0x00000000
    Peer : 0x000181E4
    SCB  : 0x0E249A81
    Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_ipsec_update_vpn_context:7611)
IPSEC: Completed outbound VPN context, SPI 0xDF8AAC79
    VPN handle: 0x000000000001776c
IPSEC: Completed outbound inner rule, SPI 0xDF8AAC79
    Rule ID: 0x00007f6a02b577d0
IPSEC: Completed outbound outer SPD rule, SPI 0xDF8AAC79
    Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: New inbound tunnel flow rule, SPI 0x9169931A
    Src addr: 0.0.0.0
    Src mask: 0.0.0.0
    Dst addr: 0.0.0.0
    Dst mask: 0.0.0.0
    Src ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Dst ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Protocol: 0
    Use protocol: false
    SPI: 0x00000000
    Use SPI: false
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6100)
IPSEC: Completed inbound tunnel flow rule, SPI 0x9169931A
    Rule ID: 0x00007f69f6ef2b00
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New inbound decrypt rule, SPI 0x9169931A
    Src addr: 1.1.1.2
    Src mask: 255.255.255.255
    Dst addr: 1.1.1.1
    Dst mask: 255.255.255.255
    Src ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Dst ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Protocol: 50
    Use protocol: true
    SPI: 0x9169931A
    Use SPI: true
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6255)
IPSEC: Completed inbound decrypt rule, SPI 0x9169931A
    Rule ID: 0x00007f6a03f36d60
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New inbound permit rule, SPI 0x9169931A
    Src addr: 1.1.1.2
    Src mask: 255.255.255.255
    Dst addr: 1.1.1.1
    Dst mask: 255.255.255.255
    Src ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Dst ports
      Upper: 0
      Lower: 0
      Op   : ignore
    Protocol: 50
    Use protocol: true
    SPI: 0x9169931A
    Use SPI: true
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6255)
IPSEC: Completed inbound permit rule, SPI 0x9169931A
    Rule ID: 0x00007f6a01a7c180
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: Increment SA HW ref counter for inbound SPI 0x9169931A, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_ibsa:816)
IPSEC: Added SA to last received DB, SPI: 0x9169931A, user: 1.1.1.2, peer: 1.1.1.2, SessionID: 0x00006000
IPSEC DEBUG: Inbound SA (SPI 0x9169931A) state change from embryonic to active
IPSEC DEBUG: Outbound SA (SPI 0xDF8AAC79) state change from embryonic to active
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Pitcher: received KEY_UPDATE, spi 0x9169931a
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Starting P2 rekey timer: 3060 seconds.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, PHASE 2 COMPLETED (msgid=17fbbe5e)
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df07)
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:30 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=25bd0bb9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84

BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 05 00 b9 0b bd 25 1c 00 00 00 0b 00 00 18    |  .......%........
f5 d4 4e d4 ef 3e 0e f6 27 ec 09 54 b2 e9 8a 87    |  ..N..>..'..T....
31 44 96 87 00 00 00 20 00 00 00 01 01 10 8d 28    |  1D..... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
2e f1 df 07                                        |  ....

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (none)
  MessageID: 25BD0BB9
  Length: 28
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      f5 d4 4e d4 ef 3e 0e f6 27 ec 09 54 b2 e9 8a 87
      31 44 96 87
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE
    SPI:
      1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
    Data: 2e f1 df 07

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 25BD0BB9
  Length: 92
Jul 12 18:33:30 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 05 01 9d ac 24 d6 00 00 00 5c dc 5c f7 ed    |  ......$....\.\..
58 e3 13 61 58 b4 06 e3 a1 42 32 94 0d d0 c1 ef    |  X..aX....B2.....
26 bf 82 57 e7 88 14 6f 2d 9b 78 fd 19 57 99 de    |  &..W...o-.x..W..
f5 d5 af fa 5a 4e 87 ec d3 63 9c dd 3a 40 cd 99    |  ....ZN...c..:@..
ce 57 46 61 4e a6 52 d6 43 fc 38 01                |  .WFaN.R.C.8.

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 9DAC24D6
  Length: 92

AFTER DECRYPTION
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 9DAC24D6
  Length: 92
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      09 de c2 bb 90 b1 36 da 06 52 e5 59 81 a8 6b f5
      97 00 32 f5
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE_ACK
    SPI:
      1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
    Data: 2e f1 df 07
Jul 12 18:33:30 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=9dac24d6) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df07)
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df08)
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:40 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=88c86466) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84

BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 05 00 66 64 c8 88 1c 00 00 00 0b 00 00 18    |  ....fd..........
24 bd 9d c2 f0 0c 8a d6 b8 5c 54 57 1e db 6c 5a    |  $........\TW..lZ
bb f6 01 72 00 00 00 20 00 00 00 01 01 10 8d 28    |  ...r... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
2e f1 df 08                                        |  ....

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (none)
  MessageID: 88C86466
  Length: 28
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      24 bd 9d c2 f0 0c 8a d6 b8 5c 54 57 1e db 6c 5a
      bb f6 01 72
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE
    SPI:
      1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
    Data: 2e f1 df 08

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 88C86466
  Length: 92
Jul 12 18:33:40 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 05 01 87 f1 57 05 00 00 00 5c 23 f0 e9 ec    |  ......W....\#...
0b 9a e4 ca a2 bc c4 6b 17 ca ec 87 a7 2d 75 56    |  .......k.....-uV
c7 47 19 5d 13 9d 45 26 28 46 81 e9 26 c5 d8 bf    |  .G.]..E&(F..&...
66 5b 82 7d fb c0 27 52 c5 8d c7 ab 22 95 10 4d    |  f[.}..'R...."..M
47 a0 ba 14 c2 09 db 6c d9 dc 5e 93                |  G......l..^.

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 87F15705
  Length: 92

AFTER DECRYPTION
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 87F15705
  Length: 92
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      ff fa 03 68 a0 55 ce df ab e0 2c 10 47 cd d4 32
      36 76 1f 12
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE_ACK
    SPI:
      1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
    Data: 2e f1 df 08
Jul 12 18:33:40 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=87f15705) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df08)
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df09)
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:50 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=b95012c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84

BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 05 00 2c 01 95 0b 1c 00 00 00 0b 00 00 18    |  ....,...........
4a 35 66 82 41 c8 76 01 66 9c 55 e1 64 b7 fa a0    |  J5f.A.v.f.U.d...
5e 53 99 6d 00 00 00 20 00 00 00 01 01 10 8d 28    |  ^S.m... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
2e f1 df 09                                        |  ....

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (none)
  MessageID: 0B95012C
  Length: 28
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      4a 35 66 82 41 c8 76 01 66 9c 55 e1 64 b7 fa a0
      5e 53 99 6d
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE
    SPI:
      1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
    Data: 2e f1 df 09

ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 0B95012C
  Length: 92
Jul 12 18:33:50 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500


IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77    |  .x.....WU..U.&.w
08 10 05 01 02 cc a6 8d 00 00 00 5c 6f e0 c0 41    |  ...........\o..A
ca 50 c0 18 68 c9 af f5 97 dd fc fb cb d1 d8 94    |  .P..h...........
10 8b c4 37 3a d5 14 b4 04 a5 98 64 84 62 a0 03    |  ...7:......d.b..
62 9e 71 cb 77 54 9c 7d 78 ad ad 2f 38 2b 06 c4    |  b.q.wT.}x../8+..
ec c2 20 78 80 eb 59 d9 cd f0 2a 42                |  .. x..Y...*B

 RECV PACKET from 1.1.1.2
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 02CCA68D
  Length: 92

AFTER DECRYPTION
ISAKMP Header
  Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
  Responder COOKIE: 55 d0 f3 55 f8 26 17 77
  Next Payload: Hash
  Version: 1.0
  Exchange Type: Informational
  Flags: (Encryption)
  MessageID: 02CCA68D
  Length: 92
  Payload Hash
    Next Payload: Notification
    Reserved: 00
    Payload Length: 24
    Data:
      f9 91 86 e1 59 97 e0 9c 48 de 3f 1b 5d e3 c6 72
      04 e6 65 7b
  Payload Notification
    Next Payload: None
    Reserved: 00
    Payload Length: 32
    DOI: IPsec
    Protocol-ID: PROTO_ISAKMP
    Spi Size: 16
    Notify Type: R_U_THERE_ACK
    SPI:
      1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
    Data: 2e f1 df 09
Jul 12 18:33:50 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=2cca68d) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df09)


AWS Router

AWS#debug crypto isakmp
Crypto ISAKMP debugging is on

AWS#debug crypto ipsec
 Crypto IPSEC debugging is on

AWS#debug ip bgp event
BGP events debugging is on
Jul 13 00:58:35.815: BGP: Regular scanner timer event
Jul 13 00:58:35.815: BGP: Performing BGP general scanning
Jul 13 00:58:35.815: BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:58:35.815: BGP(0): Future scanner version: 1043, current scanner version: 1042
Jul 13 00:58:35.815: BGP: tbl IPv4 Multicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:58:35.815: BGP(6): Future scanner version: 1043, current scanner version: 1042
Jul 13 00:58:42.071: ISAKMP:(1022):purging node 1479355537
Jul 13 00:58:42.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:58:42.071: ISAKMP: set new node -187656109 to QM_IDLE     
Jul 13 00:58:42.071: ISAKMP:(1022): processing HASH payload. message ID = 4107311187
Jul 13 00:58:42.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 4107311187, sa = 0x2BC61EDC
Jul 13 00:58:42.071: ISAKMP:(1022):deleting node -187656109 error FALSE reason "Informational (in) state 1"
Jul 13 00:58:42.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:58:42.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:58:42.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CF9
Jul 13 00:58:42.071: ISAKMP: set new node 337335894 to QM_IDLE     
Jul 13 00:58:42.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 337335894
Jul 13 00:58:42.071: ISAKMP:(1022): seq. no 0x7D043CF9
Jul 13 00:58:42.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:58:42.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:58:42.071: ISAKMP:(1022):purging node 337335894
Jul 13 00:58:42.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:58:42.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:58:52.071: ISAKMP:(1022):purging node 1419963963
Jul 13 00:58:52.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:58:52.071: ISAKMP: set new node 463853335 to QM_IDLE     
Jul 13 00:58:52.071: ISAKMP:(1022): processing HASH payload. message ID = 463853335
Jul 13 00:58:52.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 463853335, sa = 0x2BC61EDC
Jul 13 00:58:52.071: ISAKMP:(1022):deleting node 463853335 error FALSE reason "Informational (in) state 1"
Jul 13 00:58:52.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:58:52.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:58:52.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFA
Jul 13 00:58:52.071: ISAKMP: set new node -1706223698 to QM_IDLE     
Jul 13 00:58:52.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 2588743598
Jul 13 00:58:52.071: ISAKMP:(1022): seq. no 0x7D043CFA
Jul 13 00:58:52.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:58:52.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:58:52.071: ISAKMP:(1022):purging node -1706223698
Jul 13 00:58:52.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:58:52.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:59:12.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:59:12.071: ISAKMP: set new node -864962099 to QM_IDLE     
Jul 13 00:59:12.071: ISAKMP:(1022): processing HASH payload. message ID = 3430005197
Jul 13 00:59:12.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 3430005197, sa = 0x2BC61EDC
Jul 13 00:59:12.071: ISAKMP:(1022):deleting node -864962099 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:12.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:12.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:59:12.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFB
Jul 13 00:59:12.071: ISAKMP: set new node -455223525 to QM_IDLE     
Jul 13 00:59:12.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 3839743771
Jul 13 00:59:12.071: ISAKMP:(1022): seq. no 0x7D043CFB
Jul 13 00:59:12.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:59:12.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:12.071: ISAKMP:(1022):purging node -455223525
Jul 13 00:59:12.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:12.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:59:22.071: ISAKMP:(1022):purging node 737661563
Jul 13 00:59:32.071: ISAKMP:(1022):purging node -187656109
Jul 13 00:59:32.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:59:32.071: ISAKMP: set new node 365220963 to QM_IDLE     
Jul 13 00:59:32.071: ISAKMP:(1022): processing HASH payload. message ID = 365220963
Jul 13 00:59:32.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 365220963, sa = 0x2BC61EDC
Jul 13 00:59:32.071: ISAKMP:(1022):deleting node 365220963 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:32.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:59:32.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFC
Jul 13 00:59:32.071: ISAKMP: set new node 838043404 to QM_IDLE     
Jul 13 00:59:32.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 838043404
Jul 13 00:59:32.071: ISAKMP:(1022): seq. no 0x7D043CFC
Jul 13 00:59:32.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:59:32.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.071: ISAKMP:(1022):purging node 838043404
Jul 13 00:59:32.075: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:32.075: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:59:32.279: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:59:32.279: ISAKMP: set new node 2021757529 to QM_IDLE     
Jul 13 00:59:32.283: ISAKMP:(1022): processing HASH payload. message ID = 2021757529
Jul 13 00:59:32.283: ISAKMP:(1022): processing DELETE payload. message ID = 2021757529
Jul 13 00:59:32.283: ISAKMP:(1022):peer does not do paranoid keepalives.
Jul 13 00:59:32.283: ISAKMP:(1022):deleting node 2021757529 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.283: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jul 13 00:59:32.283: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Jul 13 00:59:32.283: IPSEC(key_engine_delete_sas): delete SA with spi 0x8BA9B028 proto 50 for 1.1.1.1
Jul 13 00:59:32.283: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 1.1.1.2, sa_proto= 50,
    sa_spi= 0x2D20E7D2(757131218),
    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2049
    sa_lifetime(k/sec)= (4552519/3600),
  (identity) local= 1.1.1.2:0, remote= 1.1.1.1:0,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
Jul 13 00:59:32.283: IPSEC(update_current_outbound_sa): updated peer 1.1.1.1 current outbound sa to SPI 0
Jul 13 00:59:32.283: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 1.1.1.1, sa_proto= 50,
    sa_spi= 0x8BA9B028(2343153704),
    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2050
    sa_lifetime(k/sec)= (4552519/3600),
  (identity) local= 1.1.1.2:0, remote= 1.1.1.1:0,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
Jul 13 00:59:32.283: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
Jul 13 00:59:32.283: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:59:32.283: ISAKMP: set new node -1272907882 to QM_IDLE     
Jul 13 00:59:32.283: ISAKMP:(1022): processing HASH payload. message ID = 3022059414
Jul 13 00:59:32.283: ISAKMP:(1022): processing DELETE payload. message ID = 3022059414
Jul 13 00:59:32.283: ISAKMP:(1022):peer does not do paranoid keepalives.
Jul 13 00:59:32.283: ISAKMP:(1022):deleting SA reason "No reason" state (I) QM_IDLE       (peer 1.1.1.1)
Jul 13 00:59:32.283: ISAKMP:(1022):deleting node -1272907882 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.283: BGP: tbl IPv4 Unicast:base Service reset requests
Jul 13 00:59:32.283: BGP: tbl IPv4 Multicast:base Service reset requests
Jul 13 00:59:32.283: IPSEC(sa_request): ,
  (key eng. msg.) OUTBOUND local= 1.1.1.2:500, remote= 1.1.1.1:500,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    protocol= ESP, transform= esp-aes esp-sha-hmac  (Tunnel),
    lifedur= 3600s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Jul 13 00:59:32.283: BGP: 169.254.13.190 reset due to Interface flap
Jul 13 00:59:32.283: %BGP-5-ADJCHANGE: neighbor 169.254.13.190 Down Interface flap
Jul 13 00:59:32.283: %BGP_SESSION-5-ADJCHANGE: neighbor 169.254.13.190 IPv4 Unicast topology base removed from session  Interface flap
Jul 13 00:59:32.287: EvD: charge penalty 500, new accum. penalty 500, flap count 10
Jul 13 00:59:32.287: ISAKMP: set new node 1179720383 to QM_IDLE     
Jul 13 00:59:32.287: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:59:32.287: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.287: ISAKMP:(1022):purging node 1179720383
Jul 13 00:59:32.287: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jul 13 00:59:32.287: ISAKMP:(1022):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA
Jul 13 00:59:32.287: ISAKMP:(0): SA request profile is (NULL)
Jul 13 00:59:32.287: ISAKMP: Found a peer struct for 1.1.1.1, peer port 500
Jul 13 00:59:32.287: ISAKMP: Locking peer struct 0x2B7D656C, refcount 2 for isakmp_initiator
Jul 13 00:59:32.287: ISAKMP: local port 500, remote port 500
Jul 13 00:59:32.287: ISAKMP: set new node 0 to QM_IDLE     
Jul 13 00:59:32.287: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 3139F86C
Jul 13 00:59:32.287: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Jul 13 00:59:32.287: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-07 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-03 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-02 ID
Jul 13 00:59:32.287: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Jul 13 00:59:32.287: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1
Jul 13 00:59:32.287: ISAKMP:(0): beginning Main Mode exchange
Jul 13 00:59:32.287: ISAKMP:(0): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
Jul 13 00:59:32.287: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.287: ISAKMP:(1022):deleting SA reason "No reason" state (I) QM_IDLE       (peer 1.1.1.1)
Jul 13 00:59:32.287: ISAKMP: Unlocking peer struct 0x2B7D656C for isadb_mark_sa_deleted(), count 1
Jul 13 00:59:32.287: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.287: ISAKMP:(1022):Old State = IKE_DEST_SA  New State = IKE_DEST_SA
Jul 13 00:59:32.291: ISAKMP (0): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2
Jul 13 00:59:32.291: ISAKMP:(0): processing SA payload. message ID = 0
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jul 13 00:59:32.291: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): processing IKE frag vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0):Support for IKE Fragmentation not enabled
Jul 13 00:59:32.291: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.291: ISAKMP:(0): local preshared key found
Jul 13 00:59:32.291: ISAKMP : Scanning profiles for xauth ...
Jul 13 00:59:32.291: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
Jul 13 00:59:32.291: ISAKMP:      encryption AES-CBC
Jul 13 00:59:32.291: ISAKMP:      keylength of 128
Jul 13 00:59:32.291: ISAKMP:      hash SHA
Jul 13 00:59:32.291: ISAKMP:      default group 2
Jul 13 00:59:32.291: ISAKMP:      auth pre-share
Jul 13 00:59:32.291: ISAKMP:      life type in seconds
Jul 13 00:59:32.291: ISAKMP:      life duration (basic) of 28800
Jul 13 00:59:32.291: ISAKMP:(0):atts are acceptable. Next payload is 0
Jul 13 00:59:32.291: ISAKMP:(0):Acceptable atts:actual life: 0
Jul 13 00:59:32.291: ISAKMP:(0):Acceptable atts:life: 0
Jul 13 00:59:32.291: ISAKMP:(0):Basic life_in_seconds:28800
Jul 13 00:59:32.291: ISAKMP:(0):Returning Actual lifetime: 28800
Jul 13 00:59:32.291: ISAKMP:(0)::Started lifetime timer: 28800.
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jul 13 00:59:32.291: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): processing IKE frag vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0):Support for IKE Fragmentation not enabled
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2
Jul 13 00:59:32.291: ISAKMP:(0): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
Jul 13 00:59:32.291: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3
Jul 13 00:59:32.291: ISAKMP (0): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
Jul 13 00:59:32.295: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.295: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4
Jul 13 00:59:32.295: ISAKMP:(0): processing KE payload. message ID = 0
Jul 13 00:59:32.319: ISAKMP:(0): processing NONCE payload. message ID = 0
Jul 13 00:59:32.319: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID is Unity
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID seems Unity/DPD but major 84 mismatch
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID is XAUTH
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): speaking to another IOS box!
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023):vendor ID seems Unity/DPD but hash mismatch
Jul 13 00:59:32.319: ISAKMP:received payload type 20
Jul 13 00:59:32.319: ISAKMP (1023): His hash no match - this node outside NAT
Jul 13 00:59:32.319: ISAKMP:received payload type 20
Jul 13 00:59:32.319: ISAKMP (1023): No NAT Found for self or peer
Jul 13 00:59:32.319: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.319: ISAKMP:(1023):Old State = IKE_I_MM4  New State = IKE_I_MM4
Jul 13 00:59:32.319: ISAKMP:(1023):Send initial contact
Jul 13 00:59:32.319: ISAKMP:(1023):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Jul 13 00:59:32.319: ISAKMP (1023): ID payload
    next-payload : 8
    type         : 1
    address      : 1.1.1.2
    protocol     : 17
    port         : 500
    length       : 12
Jul 13 00:59:32.319: ISAKMP:(1023):Total payload length: 12
Jul 13 00:59:32.319: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Jul 13 00:59:32.319: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.319: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.319: ISAKMP:(1023):Old State = IKE_I_MM4  New State = IKE_I_MM5
Jul 13 00:59:32.323: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Jul 13 00:59:32.323: ISAKMP:(1023): processing ID payload. message ID = 0
Jul 13 00:59:32.323: ISAKMP (1023): ID payload
    next-payload : 8
    type         : 1
    address      : 1.1.1.1
    protocol     : 17
    port         : 0
    length       : 12
Jul 13 00:59:32.323: ISAKMP:(0):: peer matches *none* of the profiles
Jul 13 00:59:32.323: ISAKMP:(1023): processing HASH payload. message ID = 0
Jul 13 00:59:32.323: ISAKMP:received payload type 17
Jul 13 00:59:32.323: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.323: ISAKMP:(1023): vendor ID is DPD
Jul 13 00:59:32.323: ISAKMP:(1023):SA authentication status:
    authenticated
Jul 13 00:59:32.323: ISAKMP:(1023):SA has been authenticated with 1.1.1.1
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM5  New State = IKE_I_MM6
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM6  New State = IKE_I_MM6
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM6  New State = IKE_P1_COMPLETE
Jul 13 00:59:32.323: ISAKMP:(1023):beginning Quick Mode exchange, M-ID of 402374238
Jul 13 00:59:32.343: ISAKMP:(1023):QM Initiator gets spi
Jul 13 00:59:32.343: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:59:32.343: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.343: ISAKMP:(1023):Node 402374238, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
Jul 13 00:59:32.343: ISAKMP:(1023):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1
Jul 13 00:59:32.343: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jul 13 00:59:32.343: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:59:32.347: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:59:32.347: ISAKMP:(1023): processing HASH payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023): processing SA payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023):Checking IPSec proposal 1
Jul 13 00:59:32.347: ISAKMP: transform 1, ESP_AES
Jul 13 00:59:32.347: ISAKMP:   attributes in transform:
Jul 13 00:59:32.347: ISAKMP:      SA life type in seconds
Jul 13 00:59:32.347: ISAKMP:      SA life duration (basic) of 3600
Jul 13 00:59:32.347: ISAKMP:      SA life type in kilobytes
Jul 13 00:59:32.347: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
Jul 13 00:59:32.347: ISAKMP:      encaps is 1 (Tunnel)
Jul 13 00:59:32.347: ISAKMP:      authenticator is HMAC-SHA
Jul 13 00:59:32.347: ISAKMP:      group is 2
Jul 13 00:59:32.347: ISAKMP:      key length is 128
Jul 13 00:59:32.347: ISAKMP:(1023):atts are acceptable.
Jul 13 00:59:32.347: IPSEC(validate_proposal_request): proposal part #1
Jul 13 00:59:32.347: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 1.1.1.2:0, remote= 1.1.1.1:0,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    protocol= ESP, transform= NONE  (Tunnel),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Jul 13 00:59:32.347: Crypto mapdb : proxy_match
    src addr     : 0.0.0.0
    dst addr     : 0.0.0.0
    protocol     : 0
    src port     : 0
    dst port     : 0
Jul 13 00:59:32.347: ISAKMP:(1023): processing NONCE payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023): processing KE payload. message ID = 402374238
Jul 13 00:59:32.371: ISAKMP:(1023): processing ID payload. message ID = 402374238
Jul 13 00:59:32.371: ISAKMP:(1023): processing ID payload. message ID = 402374238
Jul 13 00:59:32.375: ISAKMP:(1023): Creating IPSec SAs
Jul 13 00:59:32.375:         inbound SA from 1.1.1.1 to 1.1.1.2 (f/i)  0/ 0
        (proxy 0.0.0.0 to 0.0.0.0)
Jul 13 00:59:32.375:         has spi 0xDF8AAC79 and conn_id 0
Jul 13 00:59:32.375:         lifetime of 3600 seconds
Jul 13 00:59:32.375:         lifetime of 4608000 kilobytes
Jul 13 00:59:32.375:         outbound SA from 1.1.1.2 to 1.1.1.1 (f/i) 0/0
        (proxy 0.0.0.0 to 0.0.0.0)
Jul 13 00:59:32.375:         has spi  0x9169931A and conn_id 0
Jul 13 00:59:32.375:         lifetime of 3600 seconds
Jul 13 00:59:32.375:         lifetime of 4608000 kilobytes
Jul 13 00:59:32.375: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:59:32.375: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.375: ISAKMP:(1023):deleting node 402374238 error FALSE reason "No Error"
Jul 13 00:59:32.375: ISAKMP:(1023):Node 402374238, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jul 13 00:59:32.375: ISAKMP:(1023):Old State = IKE_QM_I_QM1  New State = IKE_QM_PHASE2_COMPLETE
Jul 13 00:59:32.375: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jul 13 00:59:32.375: Crypto mapdb : proxy_match
    src addr     : 0.0.0.0
    dst addr     : 0.0.0.0
    protocol     : 0
    src port     : 0
    dst port     : 0
Jul 13 00:59:32.375: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 1.1.1.1
Jul 13 00:59:32.375: IPSEC(policy_db_add_ident): src 0.0.0.0, dest 0.0.0.0, dest_port 0
Jul 13 00:59:32.375: IPSEC(create_sa): sa created,
  (sa) sa_dest= 1.1.1.2, sa_proto= 50,
    sa_spi= 0xDF8AAC79(3750407289),
    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2051
    sa_lifetime(k/sec)= (4577962/3600)
Jul 13 00:59:32.375: IPSEC(create_sa): sa created,
  (sa) sa_dest= 1.1.1.1, sa_proto= 50,
    sa_spi= 0x9169931A(2439615258),
    sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2052
    sa_lifetime(k/sec)= (4577962/3600)
Jul 13 00:59:32.375: IPSEC(update_current_outbound_sa): get enable SA peer 1.1.1.1 current outbound sa to SPI 9169931A
Jul 13 00:59:32.375: IPSEC(update_current_outbound_sa): updated peer 1.1.1.1 current outbound sa to SPI 9169931A
Jul 13 00:59:32.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Jul 13 00:59:32.379: EvD: charge penalty 500, new accum. penalty 1000, flap count 11
Jul 13 00:59:35.923: BGP: Regular scanner timer event
Jul 13 00:59:35.923: BGP: Performing BGP general scanning
Jul 13 00:59:35.923: BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:59:35.923: BGP(0): Future scanner version: 1044, current scanner version: 1043
Jul 13 00:59:35.923: BGP: tbl IPv4 Multicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:59:35.923: BGP(6): Future scanner version: 1044, current scanner version: 1043
Jul 13 00:59:40.299: BGP: nopeerup-delay post-boot, set to default, 60s
Jul 13 00:59:40.303: %BGP-5-ADJCHANGE: neighbor 169.254.13.190 Up      // IKE PHASE 1 AND 2 MUST BE COMPLETED FIRST BEFORE BGP NEIGHBOR FORMED
Jul 13 00:59:40.303: EvD: charge penalty 500, new accum. penalty 1000, flap count 12
Jul 13 00:59:42.071: ISAKMP:(1022):purging node 463853335
Jul 13 00:59:52.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 00:59:52.071: ISAKMP: set new node 633146297 to QM_IDLE     
Jul 13 00:59:52.071: ISAKMP:(1023): processing HASH payload. message ID = 633146297
Jul 13 00:59:52.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 633146297, sa = 0x3139F86C
Jul 13 00:59:52.071: ISAKMP:(1023):deleting node 633146297 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:52.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:52.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 00:59:52.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF07
Jul 13 00:59:52.071: ISAKMP: set new node -1649662762 to QM_IDLE     
Jul 13 00:59:52.071: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 2645304534
Jul 13 00:59:52.075: ISAKMP:(1023): seq. no 0x2EF1DF07
Jul 13 00:59:52.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 00:59:52.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:52.075: ISAKMP:(1023):purging node -1649662762
Jul 13 00:59:52.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:52.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 01:00:02.071: ISAKMP:(1022):purging node -864962099
Jul 13 01:00:02.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 01:00:02.071: ISAKMP: set new node -2000133018 to QM_IDLE     
Jul 13 01:00:02.071: ISAKMP:(1023): processing HASH payload. message ID = 2294834278
Jul 13 01:00:02.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 2294834278, sa = 0x3139F86C
Jul 13 01:00:02.071: ISAKMP:(1023):deleting node -2000133018 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:02.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:02.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 01:00:02.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF08
Jul 13 01:00:02.071: ISAKMP: set new node -2014226683 to QM_IDLE     
Jul 13 01:00:02.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 2280740613
Jul 13 01:00:02.075: ISAKMP:(1023): seq. no 0x2EF1DF08
Jul 13 01:00:02.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 01:00:02.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:02.075: ISAKMP:(1023):purging node -2014226683
Jul 13 01:00:02.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:02.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 01:00:02.827: BGP: aggregate timer expired
Jul 13 01:00:11.019: BGP: aggregate timer expired
Jul 13 01:00:12.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 01:00:12.071: ISAKMP: set new node 194314540 to QM_IDLE     
Jul 13 01:00:12.071: ISAKMP:(1023): processing HASH payload. message ID = 194314540
Jul 13 01:00:12.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 194314540, sa = 0x3139F86C
Jul 13 01:00:12.071: ISAKMP:(1023):deleting node 194314540 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:12.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:12.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 01:00:12.075: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF09
Jul 13 01:00:12.075: ISAKMP: set new node 46966413 to QM_IDLE     
Jul 13 01:00:12.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 46966413
Jul 13 01:00:12.075: ISAKMP:(1023): seq. no 0x2EF1DF09
Jul 13 01:00:12.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 01:00:12.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:12.075: ISAKMP:(1023):purging node 46966413
Jul 13 01:00:12.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:12.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 01:00:22.071: ISAKMP:(1022):purging node 365220963
Jul 13 01:00:22.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE     
Jul 13 01:00:22.071: ISAKMP: set new node 1310864145 to QM_IDLE     
Jul 13 01:00:22.071: ISAKMP:(1023): processing HASH payload. message ID = 1310864145
Jul 13 01:00:22.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
    spi 0, message ID = 1310864145, sa = 0x3139F86C
Jul 13 01:00:22.071: ISAKMP:(1023):deleting node 131l0864145 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:22.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:22.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 01:00:22.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF0A
Jul 13 01:00:22.071: ISAKMP: set new node -793370298 to QM_IDLE     
Jul 13 01:00:22.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
    spi 822873792, message ID = 3501596998
Jul 13 01:00:22.075: ISAKMP:(1023): seq. no 0x2EF1DF0A
Jul 13 01:00:22.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE     
Jul 13 01:00:22.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:22.075: ISAKMP:(1023):purging node -793370298
Jul 13 01:00:22.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:22.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
Jul 13 01:00:22.283: ISAKMP:(1022):purging node 2021757529
Jul 13 01:00:22.283: ISAKMP:(1022):purging node -1272907882
Jul 13 01:00:22.375: ISAKMP:(1023):purging node 402374238

No comments:

Post a Comment