There's been a significant rise in AWS cloud integration with private enterprises and I had an opportunity to do a POC using a Cisco ASA 5500-X firewall. The ASA firewall should be able to support IPSec Virtual Tunnel Interface (VTI) over eBGP to the cloud provider.
Below is a sample topology I used for my POC. The enterprise uses BGP ASN 65000 and would be establishing an eBGP session with AWS on ASN 7224.
5525-x# show version
Cisco Adaptive Security Appliance Software Version 9.7(1)4
Firepower Extensible Operating System Version 2.1(1.66)
Device Manager Version 7.6(1)
Compiled on Fri 31-Mar-17 07:26 PDT by builders
System image file is "disk0:/asa971-4-smp-k8.bin"
Config file at boot was "startup-config"
5525-x up 1 hour 17 mins
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4192 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is fc5b.39aa.5164, irq 11
1: Ext: GigabitEthernet0/0 : address is fc5b.39aa.5169, irq 5
2: Ext: GigabitEthernet0/1 : address is fc5b.39aa.5165, irq 5
3: Ext: GigabitEthernet0/2 : address is fc5b.39aa.516a, irq 10
4: Ext: GigabitEthernet0/3 : address is fc5b.39aa.5166, irq 10
5: Ext: GigabitEthernet0/4 : address is fc5b.39aa.516b, irq 5
6: Ext: GigabitEthernet0/5 : address is fc5b.39aa.5167, irq 5
7: Ext: GigabitEthernet0/6 : address is fc5b.39aa.516c, irq 10
8: Ext: GigabitEthernet0/7 : address is fc5b.39aa.5168, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is fc5b.39aa.5164, irq 0
13: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 750 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH1834J123
Running Permanent Activation Key: 0x572bfd4a 0xb4f6583f 0x5d4005dc 0xcd3088e0 0xca20c456
Configuration register is 0x1
Image type : Release
Key version : A
Configuration last modified by enable_15 at 01:26:39.819 UTC Wed Jul 12 2017
5525-x# show interface ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 1.1.1.1 YES manual up up
GigabitEthernet0/1 192.168.1.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
GigabitEthernet0/4 unassigned YES unset administratively down down
GigabitEthernet0/5 unassigned YES unset administratively down down
GigabitEthernet0/6 unassigned YES unset administratively down down
GigabitEthernet0/7 unassigned YES unset administratively down down
Internal-Control0/0 127.0.1.1 YES unset up up
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Internal-Data0/2 unassigned YES unset up up
Internal-Data0/3 169.254.1.1 YES unset up up
Management0/0 unassigned YES unset up up
Tunnel1 169.254.13.190 YES manual up up
5525-x# show run interface tunnel1
!
interface Tunnel1
nameif AWS
ip address 169.254.13.190 255.255.255.252
tunnel source interface outside
tunnel destination 1.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile AWS
5525-x# ping 172.31.1.1 // AWS LAN IP
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
5525-x# show crypto isakmp sa
IKEv1 SAs:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 1.1.1.2
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
There are no IKEv2 SAs
5525-x# show crypto ipsec sa
interface: AWS
Crypto map tag: __vti-crypto-map-4-0-1, seq num: 65280, local addr: 1.1.1.1
access-list __vti-def-acl-0 extended permit ip any any
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer: 1.1.1.2
#pkts encaps: 87, #pkts encrypt: 87, #pkts digest: 87
#pkts decaps: 97, #pkts decrypt: 97, #pkts verify: 97
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 87, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1/0, remote crypto endpt.: 1.1.1.2/0
path mtu 1500, ipsec overhead 74(44), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: AD2A1AEB
current inbound spi : D05BCF8B
inbound esp sas:
spi: 0xD05BCF8B (3495677835)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, VTI, }
slot: 0, conn_id: 12288, crypto-map: __vti-crypto-map-4-0-1
sa timing: remaining key lifetime (kB/sec): (4373994/2531)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xAD2A1AEB (2905217771)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, VTI, }
slot: 0, conn_id: 12288, crypto-map: __vti-crypto-map-4-0-1
sa timing: remaining key lifetime (kB/sec): (4373995/2531)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
5525-x# show run
: Saved
:
: Serial Number: FCH1834J123
: Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
:
ASA Version 9.7(1)4
!
hostname 5525-x
domain-name lab.com
enable password 2KFQnbNIdI.2KYOU encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
description ### WAN ###
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.252
!
interface GigabitEthernet0/1
description ### LAN ###
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
management-only
no nameif
no security-level
no ip address
!
interface Tunnel1
nameif AWS
ip address 169.254.13.190 255.255.255.252
tunnel source interface outside
tunnel destination 1.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile AWS
!
boot system disk0:/asa971-4-smp-k8.bin
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name lab.com
object network INSIDE-SUBNET
subnet 0.0.0.0 0.0.0.0
object network IDENTITY-NAT
subnet 0.0.0.0 0.0.0.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-761.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network IDENTITY-NAT
nat (inside,outside) static INSIDE-SUBNET
router bgp 65000
bgp log-neighbor-changes
address-family ipv4 unicast
neighbor 169.254.13.189 remote-as 7224
neighbor 169.254.13.189 activate
network 192.168.1.0
no auto-summary
no synchronization
exit-address-family
!
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set AWS esp-aes esp-sha-hmac
crypto ipsec profile AWS
set ikev1 transform-set AWS
set pfs group2
set security-association lifetime seconds 3600
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 1
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
username all
tunnel-group 1.1.1.2 type ipsec-l2l
tunnel-group 1.1.1.2 ipsec-attributes
ikev1 pre-shared-key cisco123
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map
inspect icmp
inspect icmp error
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 27
subscribe-to-alert-group configuration periodic monthly 27
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1d49675b0a2dba8e8bfd04398e2a10b1
: end
5525-x# show bgp summary
BGP router identifier 192.168.1.1, local AS number 65000
BGP table version is 2, main routing table version 2
1 network entries using 200 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 208 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 488 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.13.189 4 7224 24 21 2 0 0 00:18:29 0
I've used a Cisco 2901 router to simulate an AWS cloud.
AWS#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 1.1.1.2 YES manual up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 unassigned YES NVRAM administratively down down
Serial0/0/1 unassigned YES NVRAM administratively down down
Loopback0 172.31.1.1 YES manual up up
Tunnel1 169.254.13.189 YES manual up up
AWS#show run
Building configuration...
Current configuration : 2052 bytes
!
! Last configuration change at 07:44:08 UTC Wed Jul 12 2017
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AWS
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2901/K9 sn FCZ17039XYZ
hw-module pvdm 0/0
!
!
!
!
redundancy
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp key cisco123 address 1.1.1.1
!
!
crypto ipsec transform-set AWS esp-aes esp-sha-hmac
!
crypto ipsec profile AWS
set transform-set AWS
set pfs group2
!
!
!
!
!
!
interface Loopback0
description ### LAN ###
ip address 172.31.1.1 255.255.255.0
!
interface Tunnel1
ip address 169.254.13.189 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 1.1.1.1
tunnel protection ipsec profile AWS
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ### WAN ###
ip address 1.1.1.2 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
router bgp 7224
bgp log-neighbor-changes
neighbor 169.254.13.190 remote-as 65000
!
address-family ipv4
network 172.31.1.0
neighbor 169.254.13.190 activate
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
AWS#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
1.1.1.2 1.1.1.1 QM_IDLE 1017 ACTIVE
IPv6 Crypto ISAKMP SA
AWS#show crypto ipsec sa
interface: Tunnel1
Crypto map tag: Tunnel1-head-0, local addr 1.1.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 1.1.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 102, #pkts encrypt: 102, #pkts digest: 102
#pkts decaps: 94, #pkts decrypt: 94, #pkts verify: 94
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 1.1.1.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0xD05BCF8B(3495677835)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0xAD2A1AEB(2905217771)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2005, flow_id: Onboard VPN:5, sibling_flags 80000046, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4498776/2919)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD05BCF8B(3495677835)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2006, flow_id: Onboard VPN:6, sibling_flags 80000046, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4498775/2919)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
AWS#show ip bgp summary
BGP router identifier 172.31.1.1, local AS number 7224
BGP table version is 6, main routing table version 6
1 network entries using 136 bytes of memory
1 path entries using 56 bytes of memory
1/1 BGP path/bestpath attribute entries using 128 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 344 total bytes of memory
BGP activity 1/0 prefixes, 3/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.13.190 4 65000 12 14 6 0 0 00:09:03 1
AWS#show ip bgp
BGP table version is 6, local router ID is 172.31.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0 169.254.13.190 0 0 65000 i
Below are the debug output captured from both ASA 9.7 and AWS router.
Cisco ASA 9.7
5525-x# debug crypto ikev1 ?
<1-255> Specify an optional debug level (default is 1)
timers debug the ikev1 timers
<cr>
5525-x# debug crypto ikev1 255 // I DIDN'T GET DEBUG OUTPUT USING LEVEL 1
5525-x# debug crypto ipsec ?
<1-255> Specify an optional debug level (default is 1)
<cr>
5525-x# debug crypto ipsec 255
5525-x# debug ip ?
bgp BGP information
eigrp Debug IPv4 EIGRP
ospf OSPF information
rip RIP protocol transactions
routing Routing table events
5525-x# debug ip bgp ?
A.B.C.D BGP neighbor address
events BGP events
in BGP Inbound information
ipv4 Address family
ipv6 Address family
keepalives BGP keepalives
out BGP Outbound information
range BGP dynamic range
rib-filter Next hop route watch filter events
updates BGP updates
<cr>
5525-x# debug ip bgp events
BGP events debugging is on
Successfully set for module BGP at level 1
5525-x#
BGP: Regular scanner timer event
BGP: Performing BGP general scanning
BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
BGP(0): Future scanner version: 1028, current scanner version: 1027
5525-x# Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x7d043cfc)
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=15c4d463) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
5525-x#
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 00 63 d4 c4 15 1c 00 00 00 0b 00 00 18 | ....c...........
fa f1 e0 a6 fe 3c 69 c3 cf 66 31 10 2d e2 b3 33 | .....<i..f1.-..3
42 86 02 2a 00 00 00 20 00 00 00 01 01 10 8d 28 | B..*... .......(
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
7d 04 3c fc | }.<.
ISAKMP Header
5525-x# Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 15C4D463
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
fa f1 e0 a6 fe 3c 69 c3 cf 66 31 10 2d e2 b3 33
42 86 02 2a
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
Data: 7d 04 3c fc
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 15C4D463
Length: 92
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500 //IKE UDP PORT 500
IKEv1 Recv RAW packet dump
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 01 31 f3 87 0c 00 00 00 5c 38 5a 44 31 | ....1......\8ZD1
8d 15 6b 72 f4 99 ac 2e 02 1c d7 60 79 c9 78 49 | ..kr.......`y.xI
a7 0f 2f c2 60 53 b7 62 dd ac d1 77 90 fe b0 b2 | ../.`S.b...w....
54 40 11 bd de c1 e2 44 13 12 dd 90 f6 7d cf 1f | T@.....D.....}..
06 5c 7b 92 e2 13 78 23 31 83 e6 64 | .\{...x#1..d
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 31F3870C
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 31F3870C
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
e8 f1 7e af 3f 8e ed c7 67 89 35 f9 55 c6 86 9b
ef 81 9d 4d
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
Data: 7d 04 3c fc
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=31f3870c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x7d043cfc)
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE SA MM:fa27f090 rcv'd Terminate: state MM_ACTIVE flags 0x00018042, refcnt 1, tuncnt 1
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 20480
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Remove from IKEv1 MIB Table succeeded for SA with logical ID 20480
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, sending delete/delete with reason message
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec delete payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=78819259) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
5525-x# 1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 00 59 92 81 78 1c 00 00 00 0c 00 00 18 | ....Y..x........
d9 4b 95 7f 2b 15 33 c5 e0 26 47 cf 55 a4 41 a1 | .K.+.3..&G.U.A.
44 96 bd 69 00 00 00 10 00 00 00 01 03 04 00 01 | D..i............
8b a9 b0 28 | ...(
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 78819259
Length: 28
Payload Hash
Next Payload: Delete
Reserved: 00
Payload Length: 24
Data:
d9 4b 95 7f 2b 15 33 c5 e0 26 47 cf 55 a4 41 a1
44 96 bd 69
Payload Delete
Next Payload: None
Reserved: 00
Payload Length: 16
DOI: IPsec
Protocol-ID: PROTO_IPSEC_ESP
Spi Size: 4
# of SPIs: 1
SPI (Hex dump): 8b a9 b0 28
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 78819259
Length: 76
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Active unit receives a delete event for remote peer 1.1.1.2.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE Deleting SA: Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE SA MM:fa27f090 terminating: flags 0x01018002, refcnt 0, tuncnt 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, sending delete/delete with reason message
IPSEC: Received a PFKey message from IKE
IPSEC DEBUG: Received a DELETE PFKey message from IKE for an inbound SA (SPI 0x8BA9B028)
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) destroy started, state active
IPSEC: Destroy current outbound SPI: 0x2D20E7D2
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) free started, state active
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) state change from active to dead
IPSEC DEBUG: Deleting the outbound encrypt rule for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted outbound encrypt rule, SPI 0x2D20E7D2
Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the outbound permit rule for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted outbound permit rule, SPI 0x2D20E7D2
Rule ID: 0x00007f6a02aeaa50
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the Outbound VPN context for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_free_sa:9198)
IPSEC: Deleted outbound VPN context, SPI 0x2D20E7D2
VPN handle: 0x0000000000013b54
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:11730)
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) free completed
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) destroy completed
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) destroy started, state active
IPSEC: Destroy current inbound SPI: 0x8BA9B028
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) free started, state active
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) state change from active to dead
IPSEC DEBUG: Deleting the inbound decrypt rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound decrypt rule, SPI 0x8BA9B028
Rule ID: 0x00007f6a034e8b50
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the inbound permit rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound permit rule, SPI 0x8BA9B028
Rule ID: 0x00007f6a01e832e0
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the inbound tunnel flow rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound tunnel flow rule, SPI 0x8BA9B028
Rule ID: 0x00007f6a01a7c180
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the Inbound VPN context for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_free_sa:9198)
IPSEC: Deleted inbound VPN context, SPI 0x8BA9B028
VPN handle: 0x0000000000015bac
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:11730)
IPSEC: Removed SA from last received DB, SPI: 0x8BA9B028, user: 1.1.1.2, peer: 1.1.1.2, SessionID: 0x00005000
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) free completed
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) destroy completed
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=0, saddr=1.1.1.1, sport=1, daddr=1.1.1.2, dport=1
IPSEC(crypto_map_check)-3: Checking crypto map __vti-crypto-map-4-0-1 65280: matched.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IKE delete payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=b420f796) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 00 96 f7 20 b4 1c 00 00 00 0c 00 00 18 | ...... .........
b3 6a 14 f7 2c 44 0f 7e f2 56 37 26 4c b0 6f a7 | .j..,D.~.V7&L.o.
a0 95 f0 7b 00 00 00 1c 00 00 00 01 01 10 00 01 | ...{............
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: B420F796
Length: 28
Payload Hash
Next Payload: Delete
Reserved: 00
Payload Length: 24
Data:
b3 6a 14 f7 2c 44 0f 7e f2 56 37 26 4c b0 6f a7
a0 95 f0 7b
Payload Delete
Next Payload: None
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
# of SPIs: 1
SPI (Hex dump):
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: B420F796
Length: 92
Jul 12 18:33:10 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0x8ba9b028
Jul 12 18:33:10 [IKEv1 DEBUG]Pitcher: received a key acquire message, spi 0x0
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=0, saddr=1.1.1.1, sport=1, daddr=1.1.1.2, dport=1
IPSEC(crypto_map_check)-3: Checking crypto map __vti-crypto-map-4-0-1 65280: matched.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Session is being torn down. Reason: Administrator Reset
Jul 12 18:33:10 [IKEv1]Ignoring msg to mark SA with dsID 20480 dead because SA deleted
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 01 46 51 1a bf 00 00 00 5c f6 f2 cf 57 | ....FQ.....\...W
8c fe 53 50 8c 9a 65 f1 25 5d c6 30 d7 6d 60 b3 | ..SP..e.%].0.m`.
71 fd c3 65 52 41 18 00 ba 66 8d 1d 9f 8a 28 9c | q..eRA...f....(.
37 df 40 83 79 f9 dd bc 88 3b 70 b5 28 70 03 1a | 7.@.y....;p.(p..
ae 3b 8b c0 47 b3 bd 19 89 b9 7b 16 | .;..G.....{.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 46511ABF
Length: 92
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Received encrypted packet with no matching SA, dropping
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 00 00 00 00 00 00 00 00 | .x.....W........
01 10 02 00 00 00 00 00 00 00 00 a4 0d 00 00 38 | ...............8
00 00 00 01 00 00 00 01 00 00 00 2c 01 01 00 01 | ...........,....
00 00 00 24 01 01 00 00 80 01 00 07 80 0e 00 80 | ...$............
80 02 00 02 80 04 00 02 80 03 00 01 80 0b 00 01 | ................
80 0c 70 80 0d 00 00 14 4a 13 1c 81 07 03 58 45 | ..p.....J.....XE
5c 57 28 f2 0e 95 45 2f 0d 00 00 14 43 9b 59 f8 | \W(...E/....C.Y.
ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 0d 00 00 14 | .glLw7."........
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | }...S..o,....R.V
00 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ........>.in.c..
ec 42 7b 1f | .B{.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 164
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Key Length: 128
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 70 80
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 164
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Oakley proposal is acceptable
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal RFC VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal ver 03 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal ver 02 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing IKE SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 2
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing ISAKMP SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Traversal VID ver RFC payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing Fragmentation VID + extended capabilities payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 128
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
04 10 02 00 00 00 00 00 00 00 01 1c 0a 00 00 84 | ................
1e d2 8a 2a b0 2f 33 91 99 29 49 f9 e9 cb ea d8 | ...*./3..)I.....
c5 19 5d 88 32 08 24 4b 8a ee 51 d2 a3 a2 27 7c | ..].2.$K..Q...'|
12 aa a8 00 cd 04 a1 f4 53 37 65 c0 61 af fb 07 | ........S7e.a...
f9 35 d6 ef 10 52 3b eb 75 6f 64 4e 8f 65 36 09 | .5...R;.uodN.e6.
57 f8 33 27 65 7e 64 25 55 8b c4 94 e9 cf a8 2d | W.3'e~d%U......-
6a 5c f3 15 91 08 34 7d c5 bf a5 b0 34 69 dc 30 | j\....4}....4i.0
8b 2c d3 34 3d 2c b6 fc b4 9b fa 17 fd ea 98 66 | .,.4=,.........f
84 ca 8a ba ab eb 13 dc f4 d4 2a c2 a7 35 b7 63 | ..........*..5.c
0d 00 00 18 5d fa 40 b3 8d 87 25 f5 36 38 90 b8 | ....].@...%.68..
1f be de 6c ba 6b d6 44 0d 00 00 14 af ca d7 13 | ...l.k.D........
68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14 | h...k...wW......
e9 bf 74 8d c3 8f f9 57 89 b6 05 0e e3 56 42 02 | ..t....W.....VB.
14 00 00 0c 09 00 26 89 df d6 b7 12 14 00 00 18 | ......&.........
fb d9 57 32 67 91 9c da c2 16 cd e4 5d 95 b0 62 | ..W2g.......]..b
54 fe 59 58 00 00 00 18 c2 54 40 c2 e0 f4 a9 33 | T.YX.....T@....3
28 ba d6 5e 2e bd 70 69 3c 4c 41 2b | (..^..pi<LA+
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 284
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
1e d2 8a 2a b0 2f 33 91 99 29 49 f9 e9 cb ea d8
c5 19 5d 88 32 08 24 4b 8a ee 51 d2 a3 a2 27 7c
12 aa a8 00 cd 04 a1 f4 53 37 65 c0 61 af fb 07
f9 35 d6 ef 10 52 3b eb 75 6f 64 4e 8f 65 36 09
57 f8 33 27 65 7e 64 25 55 8b c4 94 e9 cf a8 2d
6a 5c f3 15 91 08 34 7d c5 bf a5 b0 34 69 dc 30
8b 2c d3 34 3d 2c b6 fc b4 9b fa 17 fd ea 98 66
84 ca 8a ba ab eb 13 dc f4 d4 2a c2 a7 35 b7 63
Payload Nonce
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
5d fa 40 b3 8d 87 25 f5 36 38 90 b8 1f be de 6c
ba 6b d6 44
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
e9 bf 74 8d c3 8f f9 57 89 b6 05 0e e3 56 42 02
Payload Vendor ID
Next Payload: NAT-D
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload NAT-D
Next Payload: NAT-D
Reserved: 00
Payload Length: 24
Data:
fb d9 57 32 67 91 9c da c2 16 cd e4 5d 95 b0 62
54 fe 59 58
Payload NAT-D
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
c2 54 40 c2 e0 f4 a9 33 28 ba d6 5e 2e bd 70 69
3c 4c 41 2b
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 284
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing ISA_KE payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received DPD VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000f6f)
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received xauth V6 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing Cisco Unity VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing xauth V6 VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Send IOS VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating keys for Responder...
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 304
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
05 10 02 01 00 00 00 00 00 00 00 6c 16 fc 72 19 | ...........l..r.
28 ef b5 d1 38 be d7 c4 1f 42 4c b8 72 15 67 ec | (...8....BL.r.g.
cb 28 56 cb a5 b9 77 50 cc ee 43 e4 34 ee 02 d9 | .(V...wP..C.4...
29 b8 0d 78 62 d5 98 54 32 91 9a fc f5 93 ab 0b | )..xb..T2.......
13 bb 74 d4 d3 da 62 57 49 b5 2f 11 d8 c6 92 21 | ..t...bWI./....!
0d e7 41 3b df 79 ad 82 b2 eb bf 4f | ..A;.y.....O
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 108
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 108
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: 1.1.1.2
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
ce bf b5 44 94 7a c8 d7 dd 41 ed 50 ff a1 4e 0f
8f 8f 5f 52
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: STATUS_INITIAL_CONTACT
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NOTIFY (11) + NONE (0) total length : 92
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR ID received
1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing ID payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing dpd vid payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 96
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
05 10 02 00 00 00 00 00 1c 00 00 00 08 00 00 0c | ................
01 11 00 00 01 01 01 01 80 00 00 18 84 3e 49 6d | .............>Im
f9 9b 8c b9 b2 4c d3 58 34 9a 0b bb 1f 1d 9b bb | .....L.X4.......
0d 00 00 0c 80 00 7f ff 80 00 7f ff 00 00 00 14 | ..............
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | ....h...k...wW..
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 28
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 0
ID Data: 1.1.1.1
Payload Hash
Next Payload: IOS Proprietary Keepalive or CHRE
Reserved: 00
Payload Length: 24
Data:
84 3e 49 6d f9 9b 8c b9 b2 4c d3 58 34 9a 0b bb
1f 1d 9b bb
Payload IOS Proprietary Keepalive or CHRE
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Default Interval: 32767
Retry Interval: 32767
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 108
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, PHASE 1 COMPLETED
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Keep-alive type for this connection: DPD
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Starting P1 rekey timer: 21600 seconds.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Add to IKEv1 Tunnel Table succeeded for SA with logical ID 24576
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Add to IKEv1 MIB Table succeeded for SA with logical ID 24576
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 20 01 17 fb be 5e 00 00 01 3c ec 34 01 e9 | .. ....^...<.4..
9c ae 09 f3 d4 86 b1 17 db 25 56 e3 3a 9d e1 94 | .........%V.:...
c0 2c 97 6a 7c c6 f1 a1 28 47 8b d2 7a 60 d3 fd | .,.j|...(G..z`..
2f 90 10 cb e3 4b 52 73 fd 2e 01 4f 1f 47 c1 ee | /....KRs...O.G..
64 5e 44 27 32 32 a6 94 b8 db 3a 2f 5b 7e f1 e6 | d^D'22....:/[~..
e0 ce 52 92 07 6d ec 46 6e 8e e6 33 c1 3e 16 11 | ..R..m.Fn..3.>..
fa cc f9 50 b7 91 d3 da 19 90 46 9d 4a fc fb 52 | ...P......F.J..R
6d 45 de 53 b9 9b 7c f4 13 e5 50 ec 6a ab db 21 | mE.S..|...P.j..!
31 df ff 4a 70 ba 31 2a 14 4d 5c 15 e3 6a 6f e6 | 1..Jp.1*.M\..jo.
3c 3c 93 07 e2 b4 da d0 34 81 d1 be dc d2 68 7a | <<......4.....hz
4d 7a 2b 07 ec ca 9f 60 93 2b 0a 64 39 62 9d 2f | Mz+....`.+.d9b./
54 b1 d6 13 5d 98 a4 d6 dd db 90 0d 16 85 38 d2 | T...].........8.
db 0c f3 45 7f 4d 08 a0 9b 70 ba e7 81 b1 de 00 | ...EM...p......
a6 46 4b 8b d2 c2 b1 ec 09 22 24 7b d6 cc 75 ea | .FK......"${..u.
37 4a 48 6c 28 b9 fa a8 41 ce ab 57 dc 32 1c 72 | 7JHl(...A..W.2.r
75 a0 aa c6 bd fd b5 69 5f c4 1a 05 13 d2 d0 47 | u......i_......G
6a 31 3e 87 5e 86 8c 7a d9 1c 53 e6 f2 cb 34 67 | j1>.^..z..S...4g
f1 44 cd be e6 e7 77 d2 35 ac 64 17 e4 a8 91 6a | .D....w.5.d....j
27 a3 96 69 92 78 01 65 63 45 e9 4d | '..i.x.ecE.M
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 316
Jul 12 18:33:10 [IKEv1 DECODE]IP = 1.1.1.2, IKE Responder starting QM: msg id = 17fbbe5e
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 316
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
43 c9 e1 87 08 7a c5 af 71 90 38 32 1e 73 68 b5
12 44 9b 60
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 68
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 56
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: df 8a ac 79
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 44
Transform #: 1
Transform-Id: ESP_AES
Reserved2: 0000
Encapsulation Mode: Tunnel
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Authentication Algorithm: SHA1
Key Length: 128
Group Description: Group 2
Payload Nonce
Next Payload: Key Exchange
Reserved: 00
Payload Length: 24
Data:
74 d4 82 f7 83 a2 c9 c4 d7 97 37 8a cc e0 25 2e
fc 57 0b 56
Payload Key Exchange
Next Payload: Identification
Reserved: 00
Payload Length: 132
Data:
c8 49 46 ba b8 5e be 4c fc 5f 1c f4 5d f1 f3 13
2d a8 48 27 8f dd 78 ff 85 87 b0 fb c7 ee aa 71
6d ba 64 26 6b ae 1f f3 d6 c9 55 f2 ec d6 da b3
4c 6b 93 0d 50 96 45 3a cb 2d 6d 77 d8 5b 88 68
25 98 67 f5 21 d3 bb 6e c7 88 6f fd 67 b1 31 7a
f6 91 ff 38 53 3d 31 23 2b f4 55 71 55 5b d2 bc
e6 70 5b 2e 08 90 2c ce 25 22 03 2a a5 eb 04 a3
51 ca b4 96 2a 57 5a aa 40 34 aa a0 1f e3 a4 07
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NONE (0) total length : 308
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ISA_KE for PFS in phase 2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Received remote IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Received local IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, QM IsRekeyed old sa not found by addr
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = __vti-crypto-map-4-0-1, seq = 65280...
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map __vti-crypto-map-4-0-1, seq = 65280 is a successful match
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, IKE Remote Peer configured for crypto map: __vti-crypto-map-4-0-1
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing IPSec SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IPSec SA Proposal # 1, Transform # 1 acceptable Matches global IPSec SA entry # 65280
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, IKE: requesting SPI!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC DEBUG: Inbound SA (SPI 0x00000000) state change from inactive to embryonic
IPSEC: New embryonic SA created @ 0x00007f6a02a101b0,
SCB: 0x01E81330,
Direction: inbound
SPI : 0x9169931A
Session ID: 0x00006000
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE got SPI from key engine: SPI = 0x9169931a
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, oakley constucting quick mode
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing pfs ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing proxy ID
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Transmitting Proxy Id:
Remote subnet: 0.0.0.0 Mask 0.0.0.0 Protocol 0 Port 0
Local subnet: 0.0.0.0 mask 0.0.0.0 Protocol 0 Port 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, IKE Responder sending 2nd QM pkt: msg id = 17fbbe5e
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NONE (0) total length : 308
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 20 00 5e be fb 17 1c 00 00 00 01 00 00 18 | .. .^...........
26 b5 df 4f 0e 49 c9 59 00 99 15 1f 35 52 dc f2 | &..O.I.Y....5R..
0a 8e 17 28 0a 00 00 44 00 00 00 01 00 00 00 01 | ...(...D........
00 00 00 38 01 03 04 01 91 69 93 1a 00 00 00 2c | ...8.....i.....,
01 0c 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00 02 | .....FP.........
80 03 00 02 80 06 00 80 04 00 00 18 82 10 78 d8 | ..............x.
59 e7 f7 ef e6 99 cd 12 ec 51 27 17 68 bc 19 ae | Y........Q'.h...
05 00 00 84 5d ce 10 8f 52 31 1e e2 4d 4d 89 61 | ....]...R1..MM.a
56 29 7f ff 76 98 5e 69 ff 24 99 b2 3b 55 51 0c | V).v.^i.$..;UQ.
28 94 ef 3e 66 0b 5b 74 ad b6 72 62 a1 5b c9 2c | (..>f.[t..rb.[.,
cf 86 f9 32 a6 5b 7f 93 a0 7c 54 2f 4c 9d b7 2c | ...2.[..|T/L..,
2a a4 84 22 18 99 f3 8f 98 fb f8 af 93 94 71 9b | *.."..........q.
ee b0 b8 33 3a 12 b1 76 5f 8c d7 a1 07 21 78 9b | ...3:..v_....!x.
fe 9c b1 ac 87 f9 12 9a e0 83 6e b1 f9 11 b9 0b | ..........n.....
ae ad ff 9c 3c 54 3f 7f 85 b4 b6 a3 aa ba 4b bc | ....<T?......K.
59 c6 a1 bc 05 00 00 10 04 00 00 00 00 00 00 00 | Y...............
00 00 00 00 00 00 00 10 04 00 00 00 00 00 00 00 | ................
00 00 00 00 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (none)
MessageID: 17FBBE5E
Length: 28
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
26 b5 df 4f 0e 49 c9 59 00 99 15 1f 35 52 dc f2
0a 8e 17 28
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 68
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 56
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: 91 69 93 1a
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 44
Transform #: 1
Transform-Id: ESP_AES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Group Description: Group 2
Key Length: 128
Payload Nonce
Next Payload: Key Exchange
Reserved: 00
Payload Length: 24
Data:
82 10 78 d8 59 e7 f7 ef e6 99 cd 12 ec 51 27 17
68 bc 19 ae
Payload Key Exchange
Next Payload: Identification
Reserved: 00
Payload Length: 132
Data:
5d ce 10 8f 52 31 1e e2 4d 4d 89 61 56 29 7f ff
76 98 5e 69 ff 24 99 b2 3b 55 51 0c 28 94 ef 3e
66 0b 5b 74 ad b6 72 62 a1 5b c9 2c cf 86 f9 32
a6 5b 7f 93 a0 7c 54 2f 4c 9d b7 2c 2a a4 84 22
18 99 f3 8f 98 fb f8 af 93 94 71 9b ee b0 b8 33
3a 12 b1 76 5f 8c d7 a1 07 21 78 9b fe 9c b1 ac
87 f9 12 9a e0 83 6e b1 f9 11 b9 0b ae ad ff 9c
3c 54 3f 7f 85 b4 b6 a3 aa ba 4b bc 59 c6 a1 bc
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 20 01 17 fb be 5e 00 00 00 3c b9 0c 41 d7 | .. ....^...<..A.
a2 2c 63 2b 63 22 bb e8 23 5f 2d bc 77 92 c5 a8 | .,c+c"..#_-.w...
d4 5f 3b 7b 64 63 a0 28 df e5 06 a0 | ._;{dc.(....
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 60
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 60
Payload Hash
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
38 ee de 37 35 3e 9f 70 a4 db 6c 40 c2 b9 a2 39
57 a8 2d 33
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, loading all IPSEC SAs
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating Quick Mode Key!
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating Quick Mode Key!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey ADD message
IPSEC: Creating IPsec SA
IPSEC: Adding the outbound SA, SPI: 0xDF8AAC79
IPSEC DEBUG: Outbound SA (SPI 0xDF8AAC79) state change from inactive to embryonic
IPSEC: New embryonic SA created @ 0x00007f6a0330a100,
SCB: 0x02AF1EF0,
Direction: outbound
SPI : 0xDF8AAC79
Session ID: 0x00006000
VPIF num : 0x00000004
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xDF8AAC79
IPSEC: Creating outbound VPN context, SPI 0xDF8AAC79
Flags: 0x00000005
SA : 0x00007f6a0330a100
SPI : 0xDF8AAC79
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x0E249A81
Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7482)
IPSEC: Completed outbound VPN context, SPI 0xDF8AAC79
VPN handle: 0x000000000001776c
IPSEC: New outbound encrypt rule, SPI 0xDF8AAC79
Src addr: 0.0.0.0
Src mask: 0.0.0.0
Dst addr: 0.0.0.0
Dst mask: 0.0.0.0
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6471)
IPSEC: Completed outbound encrypt rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a02b577d0
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New outbound permit rule, SPI 0xDF8AAC79
Src addr: 1.1.1.1
Src mask: 255.255.255.255
Dst addr: 1.1.1.2
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0xDF8AAC79
Use SPI: true
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6631)
IPSEC: Completed outbound permit rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: Increment SA HW ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_obsa:1243)
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Security negotiation complete for LAN-to-LAN Group (1.1.1.2) Responder, Inbound SPI = 0x9169931a, Outbound SPI = 0xdf8aac79
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE got a KEY_ADD msg for SA: SPI = 0xdf8aac79
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey UPDATE message
IPSEC: Creating IPsec SA
IPSEC: Updating the inbound SA, SPI: 0x9169931A
IPSEC: New embryonic SA created @ 0x00007f6a02a101b0,
SCB: 0x01E81330,
Direction: inbound
SPI : 0x9169931A
Session ID: 0x00006000
VPIF num : 0x00000004
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host IBSA update, SPI 0x9169931A
IPSEC: Creating inbound VPN context, SPI 0x9169931A
Flags: 0x00000006
SA : 0x00007f6a02a101b0
SPI : 0x9169931A
MTU : 0 bytes
VCID : 0x00000000
Peer : 0x0001776C
SCB : 0x0E245B03
Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7415)
IPSEC: Completed inbound VPN context, SPI 0x9169931A
VPN handle: 0x00000000000181e4
IPSEC: Updating outbound VPN context 0x0001776C, SPI 0xDF8AAC79
Flags: 0x00000005
SA : 0x00007f6a0330a100
SPI : 0xDF8AAC79
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x000181E4
SCB : 0x0E249A81
Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_ipsec_update_vpn_context:7611)
IPSEC: Completed outbound VPN context, SPI 0xDF8AAC79
VPN handle: 0x000000000001776c
IPSEC: Completed outbound inner rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a02b577d0
IPSEC: Completed outbound outer SPD rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: New inbound tunnel flow rule, SPI 0x9169931A
Src addr: 0.0.0.0
Src mask: 0.0.0.0
Dst addr: 0.0.0.0
Dst mask: 0.0.0.0
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6100)
IPSEC: Completed inbound tunnel flow rule, SPI 0x9169931A
Rule ID: 0x00007f69f6ef2b00
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New inbound decrypt rule, SPI 0x9169931A
Src addr: 1.1.1.2
Src mask: 255.255.255.255
Dst addr: 1.1.1.1
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x9169931A
Use SPI: true
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6255)
IPSEC: Completed inbound decrypt rule, SPI 0x9169931A
Rule ID: 0x00007f6a03f36d60
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New inbound permit rule, SPI 0x9169931A
Src addr: 1.1.1.2
Src mask: 255.255.255.255
Dst addr: 1.1.1.1
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x9169931A
Use SPI: true
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6255)
IPSEC: Completed inbound permit rule, SPI 0x9169931A
Rule ID: 0x00007f6a01a7c180
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: Increment SA HW ref counter for inbound SPI 0x9169931A, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_ibsa:816)
IPSEC: Added SA to last received DB, SPI: 0x9169931A, user: 1.1.1.2, peer: 1.1.1.2, SessionID: 0x00006000
IPSEC DEBUG: Inbound SA (SPI 0x9169931A) state change from embryonic to active
IPSEC DEBUG: Outbound SA (SPI 0xDF8AAC79) state change from embryonic to active
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Pitcher: received KEY_UPDATE, spi 0x9169931a
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Starting P2 rekey timer: 3060 seconds.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, PHASE 2 COMPLETED (msgid=17fbbe5e)
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df07)
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:30 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=25bd0bb9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 00 b9 0b bd 25 1c 00 00 00 0b 00 00 18 | .......%........
f5 d4 4e d4 ef 3e 0e f6 27 ec 09 54 b2 e9 8a 87 | ..N..>..'..T....
31 44 96 87 00 00 00 20 00 00 00 01 01 10 8d 28 | 1D..... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
2e f1 df 07 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 25BD0BB9
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
f5 d4 4e d4 ef 3e 0e f6 27 ec 09 54 b2 e9 8a 87
31 44 96 87
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 07
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 25BD0BB9
Length: 92
Jul 12 18:33:30 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 01 9d ac 24 d6 00 00 00 5c dc 5c f7 ed | ......$....\.\..
58 e3 13 61 58 b4 06 e3 a1 42 32 94 0d d0 c1 ef | X..aX....B2.....
26 bf 82 57 e7 88 14 6f 2d 9b 78 fd 19 57 99 de | &..W...o-.x..W..
f5 d5 af fa 5a 4e 87 ec d3 63 9c dd 3a 40 cd 99 | ....ZN...c..:@..
ce 57 46 61 4e a6 52 d6 43 fc 38 01 | .WFaN.R.C.8.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 9DAC24D6
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 9DAC24D6
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
09 de c2 bb 90 b1 36 da 06 52 e5 59 81 a8 6b f5
97 00 32 f5
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 07
Jul 12 18:33:30 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=9dac24d6) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df07)
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df08)
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:40 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=88c86466) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 00 66 64 c8 88 1c 00 00 00 0b 00 00 18 | ....fd..........
24 bd 9d c2 f0 0c 8a d6 b8 5c 54 57 1e db 6c 5a | $........\TW..lZ
bb f6 01 72 00 00 00 20 00 00 00 01 01 10 8d 28 | ...r... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
2e f1 df 08 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 88C86466
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
24 bd 9d c2 f0 0c 8a d6 b8 5c 54 57 1e db 6c 5a
bb f6 01 72
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 08
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 88C86466
Length: 92
Jul 12 18:33:40 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 01 87 f1 57 05 00 00 00 5c 23 f0 e9 ec | ......W....\#...
0b 9a e4 ca a2 bc c4 6b 17 ca ec 87 a7 2d 75 56 | .......k.....-uV
c7 47 19 5d 13 9d 45 26 28 46 81 e9 26 c5 d8 bf | .G.]..E&(F..&...
66 5b 82 7d fb c0 27 52 c5 8d c7 ab 22 95 10 4d | f[.}..'R...."..M
47 a0 ba 14 c2 09 db 6c d9 dc 5e 93 | G......l..^.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 87F15705
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 87F15705
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
ff fa 03 68 a0 55 ce df ab e0 2c 10 47 cd d4 32
36 76 1f 12
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 08
Jul 12 18:33:40 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=87f15705) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df08)
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df09)
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:50 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=b95012c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 00 2c 01 95 0b 1c 00 00 00 0b 00 00 18 | ....,...........
4a 35 66 82 41 c8 76 01 66 9c 55 e1 64 b7 fa a0 | J5f.A.v.f.U.d...
5e 53 99 6d 00 00 00 20 00 00 00 01 01 10 8d 28 | ^S.m... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
2e f1 df 09 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 0B95012C
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
4a 35 66 82 41 c8 76 01 66 9c 55 e1 64 b7 fa a0
5e 53 99 6d
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 09
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 0B95012C
Length: 92
Jul 12 18:33:50 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 01 02 cc a6 8d 00 00 00 5c 6f e0 c0 41 | ...........\o..A
ca 50 c0 18 68 c9 af f5 97 dd fc fb cb d1 d8 94 | .P..h...........
10 8b c4 37 3a d5 14 b4 04 a5 98 64 84 62 a0 03 | ...7:......d.b..
62 9e 71 cb 77 54 9c 7d 78 ad ad 2f 38 2b 06 c4 | b.q.wT.}x../8+..
ec c2 20 78 80 eb 59 d9 cd f0 2a 42 | .. x..Y...*B
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 02CCA68D
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 02CCA68D
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
f9 91 86 e1 59 97 e0 9c 48 de 3f 1b 5d e3 c6 72
04 e6 65 7b
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 09
Jul 12 18:33:50 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=2cca68d) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df09)
AWS Router
AWS#debug crypto isakmp
Crypto ISAKMP debugging is on
AWS#debug crypto ipsec
Crypto IPSEC debugging is on
AWS#debug ip bgp event
BGP events debugging is on
Jul 13 00:58:35.815: BGP: Regular scanner timer event
Jul 13 00:58:35.815: BGP: Performing BGP general scanning
Jul 13 00:58:35.815: BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:58:35.815: BGP(0): Future scanner version: 1043, current scanner version: 1042
Jul 13 00:58:35.815: BGP: tbl IPv4 Multicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:58:35.815: BGP(6): Future scanner version: 1043, current scanner version: 1042
Jul 13 00:58:42.071: ISAKMP:(1022):purging node 1479355537
Jul 13 00:58:42.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:58:42.071: ISAKMP: set new node -187656109 to QM_IDLE
Jul 13 00:58:42.071: ISAKMP:(1022): processing HASH payload. message ID = 4107311187
Jul 13 00:58:42.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 4107311187, sa = 0x2BC61EDC
Jul 13 00:58:42.071: ISAKMP:(1022):deleting node -187656109 error FALSE reason "Informational (in) state 1"
Jul 13 00:58:42.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:58:42.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:58:42.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CF9
Jul 13 00:58:42.071: ISAKMP: set new node 337335894 to QM_IDLE
Jul 13 00:58:42.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 337335894
Jul 13 00:58:42.071: ISAKMP:(1022): seq. no 0x7D043CF9
Jul 13 00:58:42.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:58:42.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:58:42.071: ISAKMP:(1022):purging node 337335894
Jul 13 00:58:42.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:58:42.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:58:52.071: ISAKMP:(1022):purging node 1419963963
Jul 13 00:58:52.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:58:52.071: ISAKMP: set new node 463853335 to QM_IDLE
Jul 13 00:58:52.071: ISAKMP:(1022): processing HASH payload. message ID = 463853335
Jul 13 00:58:52.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 463853335, sa = 0x2BC61EDC
Jul 13 00:58:52.071: ISAKMP:(1022):deleting node 463853335 error FALSE reason "Informational (in) state 1"
Jul 13 00:58:52.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:58:52.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:58:52.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFA
Jul 13 00:58:52.071: ISAKMP: set new node -1706223698 to QM_IDLE
Jul 13 00:58:52.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 2588743598
Jul 13 00:58:52.071: ISAKMP:(1022): seq. no 0x7D043CFA
Jul 13 00:58:52.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:58:52.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:58:52.071: ISAKMP:(1022):purging node -1706223698
Jul 13 00:58:52.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:58:52.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:12.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:12.071: ISAKMP: set new node -864962099 to QM_IDLE
Jul 13 00:59:12.071: ISAKMP:(1022): processing HASH payload. message ID = 3430005197
Jul 13 00:59:12.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 3430005197, sa = 0x2BC61EDC
Jul 13 00:59:12.071: ISAKMP:(1022):deleting node -864962099 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:12.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:12.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:12.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFB
Jul 13 00:59:12.071: ISAKMP: set new node -455223525 to QM_IDLE
Jul 13 00:59:12.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 3839743771
Jul 13 00:59:12.071: ISAKMP:(1022): seq. no 0x7D043CFB
Jul 13 00:59:12.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:12.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:12.071: ISAKMP:(1022):purging node -455223525
Jul 13 00:59:12.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:12.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:22.071: ISAKMP:(1022):purging node 737661563
Jul 13 00:59:32.071: ISAKMP:(1022):purging node -187656109
Jul 13 00:59:32.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.071: ISAKMP: set new node 365220963 to QM_IDLE
Jul 13 00:59:32.071: ISAKMP:(1022): processing HASH payload. message ID = 365220963
Jul 13 00:59:32.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 365220963, sa = 0x2BC61EDC
Jul 13 00:59:32.071: ISAKMP:(1022):deleting node 365220963 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:32.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:32.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFC
Jul 13 00:59:32.071: ISAKMP: set new node 838043404 to QM_IDLE
Jul 13 00:59:32.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 838043404
Jul 13 00:59:32.071: ISAKMP:(1022): seq. no 0x7D043CFC
Jul 13 00:59:32.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.071: ISAKMP:(1022):purging node 838043404
Jul 13 00:59:32.075: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:32.075: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:32.279: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.279: ISAKMP: set new node 2021757529 to QM_IDLE
Jul 13 00:59:32.283: ISAKMP:(1022): processing HASH payload. message ID = 2021757529
Jul 13 00:59:32.283: ISAKMP:(1022): processing DELETE payload. message ID = 2021757529
Jul 13 00:59:32.283: ISAKMP:(1022):peer does not do paranoid keepalives.
Jul 13 00:59:32.283: ISAKMP:(1022):deleting node 2021757529 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.283: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jul 13 00:59:32.283: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Jul 13 00:59:32.283: IPSEC(key_engine_delete_sas): delete SA with spi 0x8BA9B028 proto 50 for 1.1.1.1
Jul 13 00:59:32.283: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 1.1.1.2, sa_proto= 50,
sa_spi= 0x2D20E7D2(757131218),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2049
sa_lifetime(k/sec)= (4552519/3600),
(identity) local= 1.1.1.2:0, remote= 1.1.1.1:0,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
Jul 13 00:59:32.283: IPSEC(update_current_outbound_sa): updated peer 1.1.1.1 current outbound sa to SPI 0
Jul 13 00:59:32.283: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 1.1.1.1, sa_proto= 50,
sa_spi= 0x8BA9B028(2343153704),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2050
sa_lifetime(k/sec)= (4552519/3600),
(identity) local= 1.1.1.2:0, remote= 1.1.1.1:0,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
Jul 13 00:59:32.283: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
Jul 13 00:59:32.283: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.283: ISAKMP: set new node -1272907882 to QM_IDLE
Jul 13 00:59:32.283: ISAKMP:(1022): processing HASH payload. message ID = 3022059414
Jul 13 00:59:32.283: ISAKMP:(1022): processing DELETE payload. message ID = 3022059414
Jul 13 00:59:32.283: ISAKMP:(1022):peer does not do paranoid keepalives.
Jul 13 00:59:32.283: ISAKMP:(1022):deleting SA reason "No reason" state (I) QM_IDLE (peer 1.1.1.1)
Jul 13 00:59:32.283: ISAKMP:(1022):deleting node -1272907882 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.283: BGP: tbl IPv4 Unicast:base Service reset requests
Jul 13 00:59:32.283: BGP: tbl IPv4 Multicast:base Service reset requests
Jul 13 00:59:32.283: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 1.1.1.2:500, remote= 1.1.1.1:500,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Jul 13 00:59:32.283: BGP: 169.254.13.190 reset due to Interface flap
Jul 13 00:59:32.283: %BGP-5-ADJCHANGE: neighbor 169.254.13.190 Down Interface flap
Jul 13 00:59:32.283: %BGP_SESSION-5-ADJCHANGE: neighbor 169.254.13.190 IPv4 Unicast topology base removed from session Interface flap
Jul 13 00:59:32.287: EvD: charge penalty 500, new accum. penalty 500, flap count 10
Jul 13 00:59:32.287: ISAKMP: set new node 1179720383 to QM_IDLE
Jul 13 00:59:32.287: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.287: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.287: ISAKMP:(1022):purging node 1179720383
Jul 13 00:59:32.287: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jul 13 00:59:32.287: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
Jul 13 00:59:32.287: ISAKMP:(0): SA request profile is (NULL)
Jul 13 00:59:32.287: ISAKMP: Found a peer struct for 1.1.1.1, peer port 500
Jul 13 00:59:32.287: ISAKMP: Locking peer struct 0x2B7D656C, refcount 2 for isakmp_initiator
Jul 13 00:59:32.287: ISAKMP: local port 500, remote port 500
Jul 13 00:59:32.287: ISAKMP: set new node 0 to QM_IDLE
Jul 13 00:59:32.287: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 3139F86C
Jul 13 00:59:32.287: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Jul 13 00:59:32.287: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-07 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-03 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-02 ID
Jul 13 00:59:32.287: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Jul 13 00:59:32.287: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
Jul 13 00:59:32.287: ISAKMP:(0): beginning Main Mode exchange
Jul 13 00:59:32.287: ISAKMP:(0): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
Jul 13 00:59:32.287: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.287: ISAKMP:(1022):deleting SA reason "No reason" state (I) QM_IDLE (peer 1.1.1.1)
Jul 13 00:59:32.287: ISAKMP: Unlocking peer struct 0x2B7D656C for isadb_mark_sa_deleted(), count 1
Jul 13 00:59:32.287: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.287: ISAKMP:(1022):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Jul 13 00:59:32.291: ISAKMP (0): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Jul 13 00:59:32.291: ISAKMP:(0): processing SA payload. message ID = 0
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jul 13 00:59:32.291: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): processing IKE frag vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0):Support for IKE Fragmentation not enabled
Jul 13 00:59:32.291: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.291: ISAKMP:(0): local preshared key found
Jul 13 00:59:32.291: ISAKMP : Scanning profiles for xauth ...
Jul 13 00:59:32.291: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
Jul 13 00:59:32.291: ISAKMP: encryption AES-CBC
Jul 13 00:59:32.291: ISAKMP: keylength of 128
Jul 13 00:59:32.291: ISAKMP: hash SHA
Jul 13 00:59:32.291: ISAKMP: default group 2
Jul 13 00:59:32.291: ISAKMP: auth pre-share
Jul 13 00:59:32.291: ISAKMP: life type in seconds
Jul 13 00:59:32.291: ISAKMP: life duration (basic) of 28800
Jul 13 00:59:32.291: ISAKMP:(0):atts are acceptable. Next payload is 0
Jul 13 00:59:32.291: ISAKMP:(0):Acceptable atts:actual life: 0
Jul 13 00:59:32.291: ISAKMP:(0):Acceptable atts:life: 0
Jul 13 00:59:32.291: ISAKMP:(0):Basic life_in_seconds:28800
Jul 13 00:59:32.291: ISAKMP:(0):Returning Actual lifetime: 28800
Jul 13 00:59:32.291: ISAKMP:(0)::Started lifetime timer: 28800.
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jul 13 00:59:32.291: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): processing IKE frag vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0):Support for IKE Fragmentation not enabled
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Jul 13 00:59:32.291: ISAKMP:(0): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
Jul 13 00:59:32.291: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Jul 13 00:59:32.291: ISAKMP (0): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
Jul 13 00:59:32.295: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.295: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Jul 13 00:59:32.295: ISAKMP:(0): processing KE payload. message ID = 0
Jul 13 00:59:32.319: ISAKMP:(0): processing NONCE payload. message ID = 0
Jul 13 00:59:32.319: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID is Unity
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID seems Unity/DPD but major 84 mismatch
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID is XAUTH
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): speaking to another IOS box!
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023):vendor ID seems Unity/DPD but hash mismatch
Jul 13 00:59:32.319: ISAKMP:received payload type 20
Jul 13 00:59:32.319: ISAKMP (1023): His hash no match - this node outside NAT
Jul 13 00:59:32.319: ISAKMP:received payload type 20
Jul 13 00:59:32.319: ISAKMP (1023): No NAT Found for self or peer
Jul 13 00:59:32.319: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.319: ISAKMP:(1023):Old State = IKE_I_MM4 New State = IKE_I_MM4
Jul 13 00:59:32.319: ISAKMP:(1023):Send initial contact
Jul 13 00:59:32.319: ISAKMP:(1023):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Jul 13 00:59:32.319: ISAKMP (1023): ID payload
next-payload : 8
type : 1
address : 1.1.1.2
protocol : 17
port : 500
length : 12
Jul 13 00:59:32.319: ISAKMP:(1023):Total payload length: 12
Jul 13 00:59:32.319: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Jul 13 00:59:32.319: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.319: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.319: ISAKMP:(1023):Old State = IKE_I_MM4 New State = IKE_I_MM5
Jul 13 00:59:32.323: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Jul 13 00:59:32.323: ISAKMP:(1023): processing ID payload. message ID = 0
Jul 13 00:59:32.323: ISAKMP (1023): ID payload
next-payload : 8
type : 1
address : 1.1.1.1
protocol : 17
port : 0
length : 12
Jul 13 00:59:32.323: ISAKMP:(0):: peer matches *none* of the profiles
Jul 13 00:59:32.323: ISAKMP:(1023): processing HASH payload. message ID = 0
Jul 13 00:59:32.323: ISAKMP:received payload type 17
Jul 13 00:59:32.323: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.323: ISAKMP:(1023): vendor ID is DPD
Jul 13 00:59:32.323: ISAKMP:(1023):SA authentication status:
authenticated
Jul 13 00:59:32.323: ISAKMP:(1023):SA has been authenticated with 1.1.1.1
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM5 New State = IKE_I_MM6
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM6 New State = IKE_I_MM6
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
Jul 13 00:59:32.323: ISAKMP:(1023):beginning Quick Mode exchange, M-ID of 402374238
Jul 13 00:59:32.343: ISAKMP:(1023):QM Initiator gets spi
Jul 13 00:59:32.343: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.343: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.343: ISAKMP:(1023):Node 402374238, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
Jul 13 00:59:32.343: ISAKMP:(1023):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
Jul 13 00:59:32.343: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jul 13 00:59:32.343: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:32.347: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.347: ISAKMP:(1023): processing HASH payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023): processing SA payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023):Checking IPSec proposal 1
Jul 13 00:59:32.347: ISAKMP: transform 1, ESP_AES
Jul 13 00:59:32.347: ISAKMP: attributes in transform:
Jul 13 00:59:32.347: ISAKMP: SA life type in seconds
Jul 13 00:59:32.347: ISAKMP: SA life duration (basic) of 3600
Jul 13 00:59:32.347: ISAKMP: SA life type in kilobytes
Jul 13 00:59:32.347: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
Jul 13 00:59:32.347: ISAKMP: encaps is 1 (Tunnel)
Jul 13 00:59:32.347: ISAKMP: authenticator is HMAC-SHA
Jul 13 00:59:32.347: ISAKMP: group is 2
Jul 13 00:59:32.347: ISAKMP: key length is 128
Jul 13 00:59:32.347: ISAKMP:(1023):atts are acceptable.
Jul 13 00:59:32.347: IPSEC(validate_proposal_request): proposal part #1
Jul 13 00:59:32.347: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 1.1.1.2:0, remote= 1.1.1.1:0,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Jul 13 00:59:32.347: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
Jul 13 00:59:32.347: ISAKMP:(1023): processing NONCE payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023): processing KE payload. message ID = 402374238
Jul 13 00:59:32.371: ISAKMP:(1023): processing ID payload. message ID = 402374238
Jul 13 00:59:32.371: ISAKMP:(1023): processing ID payload. message ID = 402374238
Jul 13 00:59:32.375: ISAKMP:(1023): Creating IPSec SAs
Jul 13 00:59:32.375: inbound SA from 1.1.1.1 to 1.1.1.2 (f/i) 0/ 0
(proxy 0.0.0.0 to 0.0.0.0)
Jul 13 00:59:32.375: has spi 0xDF8AAC79 and conn_id 0
Jul 13 00:59:32.375: lifetime of 3600 seconds
Jul 13 00:59:32.375: lifetime of 4608000 kilobytes
Jul 13 00:59:32.375: outbound SA from 1.1.1.2 to 1.1.1.1 (f/i) 0/0
(proxy 0.0.0.0 to 0.0.0.0)
Jul 13 00:59:32.375: has spi 0x9169931A and conn_id 0
Jul 13 00:59:32.375: lifetime of 3600 seconds
Jul 13 00:59:32.375: lifetime of 4608000 kilobytes
Jul 13 00:59:32.375: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.375: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.375: ISAKMP:(1023):deleting node 402374238 error FALSE reason "No Error"
Jul 13 00:59:32.375: ISAKMP:(1023):Node 402374238, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jul 13 00:59:32.375: ISAKMP:(1023):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
Jul 13 00:59:32.375: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jul 13 00:59:32.375: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
Jul 13 00:59:32.375: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 1.1.1.1
Jul 13 00:59:32.375: IPSEC(policy_db_add_ident): src 0.0.0.0, dest 0.0.0.0, dest_port 0
Jul 13 00:59:32.375: IPSEC(create_sa): sa created,
(sa) sa_dest= 1.1.1.2, sa_proto= 50,
sa_spi= 0xDF8AAC79(3750407289),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2051
sa_lifetime(k/sec)= (4577962/3600)
Jul 13 00:59:32.375: IPSEC(create_sa): sa created,
(sa) sa_dest= 1.1.1.1, sa_proto= 50,
sa_spi= 0x9169931A(2439615258),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2052
sa_lifetime(k/sec)= (4577962/3600)
Jul 13 00:59:32.375: IPSEC(update_current_outbound_sa): get enable SA peer 1.1.1.1 current outbound sa to SPI 9169931A
Jul 13 00:59:32.375: IPSEC(update_current_outbound_sa): updated peer 1.1.1.1 current outbound sa to SPI 9169931A
Jul 13 00:59:32.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Jul 13 00:59:32.379: EvD: charge penalty 500, new accum. penalty 1000, flap count 11
Jul 13 00:59:35.923: BGP: Regular scanner timer event
Jul 13 00:59:35.923: BGP: Performing BGP general scanning
Jul 13 00:59:35.923: BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:59:35.923: BGP(0): Future scanner version: 1044, current scanner version: 1043
Jul 13 00:59:35.923: BGP: tbl IPv4 Multicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:59:35.923: BGP(6): Future scanner version: 1044, current scanner version: 1043
Jul 13 00:59:40.299: BGP: nopeerup-delay post-boot, set to default, 60s
Jul 13 00:59:40.303: %BGP-5-ADJCHANGE: neighbor 169.254.13.190 Up // IKE PHASE 1 AND 2 MUST BE COMPLETED FIRST BEFORE BGP NEIGHBOR FORMED
Jul 13 00:59:40.303: EvD: charge penalty 500, new accum. penalty 1000, flap count 12
Jul 13 00:59:42.071: ISAKMP:(1022):purging node 463853335
Jul 13 00:59:52.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:52.071: ISAKMP: set new node 633146297 to QM_IDLE
Jul 13 00:59:52.071: ISAKMP:(1023): processing HASH payload. message ID = 633146297
Jul 13 00:59:52.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 633146297, sa = 0x3139F86C
Jul 13 00:59:52.071: ISAKMP:(1023):deleting node 633146297 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:52.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:52.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:52.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF07
Jul 13 00:59:52.071: ISAKMP: set new node -1649662762 to QM_IDLE
Jul 13 00:59:52.071: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 2645304534
Jul 13 00:59:52.075: ISAKMP:(1023): seq. no 0x2EF1DF07
Jul 13 00:59:52.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:52.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:52.075: ISAKMP:(1023):purging node -1649662762
Jul 13 00:59:52.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:52.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:02.071: ISAKMP:(1022):purging node -864962099
Jul 13 01:00:02.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 01:00:02.071: ISAKMP: set new node -2000133018 to QM_IDLE
Jul 13 01:00:02.071: ISAKMP:(1023): processing HASH payload. message ID = 2294834278
Jul 13 01:00:02.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 2294834278, sa = 0x3139F86C
Jul 13 01:00:02.071: ISAKMP:(1023):deleting node -2000133018 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:02.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:02.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:02.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF08
Jul 13 01:00:02.071: ISAKMP: set new node -2014226683 to QM_IDLE
Jul 13 01:00:02.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 2280740613
Jul 13 01:00:02.075: ISAKMP:(1023): seq. no 0x2EF1DF08
Jul 13 01:00:02.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 01:00:02.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:02.075: ISAKMP:(1023):purging node -2014226683
Jul 13 01:00:02.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:02.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:02.827: BGP: aggregate timer expired
Jul 13 01:00:11.019: BGP: aggregate timer expired
Jul 13 01:00:12.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 01:00:12.071: ISAKMP: set new node 194314540 to QM_IDLE
Jul 13 01:00:12.071: ISAKMP:(1023): processing HASH payload. message ID = 194314540
Jul 13 01:00:12.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 194314540, sa = 0x3139F86C
Jul 13 01:00:12.071: ISAKMP:(1023):deleting node 194314540 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:12.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:12.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:12.075: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF09
Jul 13 01:00:12.075: ISAKMP: set new node 46966413 to QM_IDLE
Jul 13 01:00:12.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 46966413
Jul 13 01:00:12.075: ISAKMP:(1023): seq. no 0x2EF1DF09
Jul 13 01:00:12.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 01:00:12.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:12.075: ISAKMP:(1023):purging node 46966413
Jul 13 01:00:12.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:12.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:22.071: ISAKMP:(1022):purging node 365220963
Jul 13 01:00:22.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 01:00:22.071: ISAKMP: set new node 1310864145 to QM_IDLE
Jul 13 01:00:22.071: ISAKMP:(1023): processing HASH payload. message ID = 1310864145
Jul 13 01:00:22.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 1310864145, sa = 0x3139F86C
Jul 13 01:00:22.071: ISAKMP:(1023):deleting node 131l0864145 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:22.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:22.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:22.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF0A
Jul 13 01:00:22.071: ISAKMP: set new node -793370298 to QM_IDLE
Jul 13 01:00:22.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 3501596998
Jul 13 01:00:22.075: ISAKMP:(1023): seq. no 0x2EF1DF0A
Jul 13 01:00:22.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 01:00:22.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:22.075: ISAKMP:(1023):purging node -793370298
Jul 13 01:00:22.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:22.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:22.283: ISAKMP:(1022):purging node 2021757529
Jul 13 01:00:22.283: ISAKMP:(1022):purging node -1272907882
Jul 13 01:00:22.375: ISAKMP:(1023):purging node 402374238
Below is a sample topology I used for my POC. The enterprise uses BGP ASN 65000 and would be establishing an eBGP session with AWS on ASN 7224.
5525-x# show version
Cisco Adaptive Security Appliance Software Version 9.7(1)4
Firepower Extensible Operating System Version 2.1(1.66)
Device Manager Version 7.6(1)
Compiled on Fri 31-Mar-17 07:26 PDT by builders
System image file is "disk0:/asa971-4-smp-k8.bin"
Config file at boot was "startup-config"
5525-x up 1 hour 17 mins
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4192 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is fc5b.39aa.5164, irq 11
1: Ext: GigabitEthernet0/0 : address is fc5b.39aa.5169, irq 5
2: Ext: GigabitEthernet0/1 : address is fc5b.39aa.5165, irq 5
3: Ext: GigabitEthernet0/2 : address is fc5b.39aa.516a, irq 10
4: Ext: GigabitEthernet0/3 : address is fc5b.39aa.5166, irq 10
5: Ext: GigabitEthernet0/4 : address is fc5b.39aa.516b, irq 5
6: Ext: GigabitEthernet0/5 : address is fc5b.39aa.5167, irq 5
7: Ext: GigabitEthernet0/6 : address is fc5b.39aa.516c, irq 10
8: Ext: GigabitEthernet0/7 : address is fc5b.39aa.5168, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is fc5b.39aa.5164, irq 0
13: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 750 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH1834J123
Running Permanent Activation Key: 0x572bfd4a 0xb4f6583f 0x5d4005dc 0xcd3088e0 0xca20c456
Configuration register is 0x1
Image type : Release
Key version : A
Configuration last modified by enable_15 at 01:26:39.819 UTC Wed Jul 12 2017
5525-x# show interface ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 1.1.1.1 YES manual up up
GigabitEthernet0/1 192.168.1.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
GigabitEthernet0/4 unassigned YES unset administratively down down
GigabitEthernet0/5 unassigned YES unset administratively down down
GigabitEthernet0/6 unassigned YES unset administratively down down
GigabitEthernet0/7 unassigned YES unset administratively down down
Internal-Control0/0 127.0.1.1 YES unset up up
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Internal-Data0/2 unassigned YES unset up up
Internal-Data0/3 169.254.1.1 YES unset up up
Management0/0 unassigned YES unset up up
Tunnel1 169.254.13.190 YES manual up up
5525-x# show run interface tunnel1
!
interface Tunnel1
nameif AWS
ip address 169.254.13.190 255.255.255.252
tunnel source interface outside
tunnel destination 1.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile AWS
5525-x# ping 172.31.1.1 // AWS LAN IP
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
5525-x# show crypto isakmp sa
IKEv1 SAs:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 1.1.1.2
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
There are no IKEv2 SAs
5525-x# show crypto ipsec sa
interface: AWS
Crypto map tag: __vti-crypto-map-4-0-1, seq num: 65280, local addr: 1.1.1.1
access-list __vti-def-acl-0 extended permit ip any any
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer: 1.1.1.2
#pkts encaps: 87, #pkts encrypt: 87, #pkts digest: 87
#pkts decaps: 97, #pkts decrypt: 97, #pkts verify: 97
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 87, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1/0, remote crypto endpt.: 1.1.1.2/0
path mtu 1500, ipsec overhead 74(44), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: AD2A1AEB
current inbound spi : D05BCF8B
inbound esp sas:
spi: 0xD05BCF8B (3495677835)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, VTI, }
slot: 0, conn_id: 12288, crypto-map: __vti-crypto-map-4-0-1
sa timing: remaining key lifetime (kB/sec): (4373994/2531)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xAD2A1AEB (2905217771)
transform: esp-aes esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, VTI, }
slot: 0, conn_id: 12288, crypto-map: __vti-crypto-map-4-0-1
sa timing: remaining key lifetime (kB/sec): (4373995/2531)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
5525-x# show run
: Saved
:
: Serial Number: FCH1834J123
: Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
:
ASA Version 9.7(1)4
!
hostname 5525-x
domain-name lab.com
enable password 2KFQnbNIdI.2KYOU encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
description ### WAN ###
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.252
!
interface GigabitEthernet0/1
description ### LAN ###
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
management-only
no nameif
no security-level
no ip address
!
interface Tunnel1
nameif AWS
ip address 169.254.13.190 255.255.255.252
tunnel source interface outside
tunnel destination 1.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile AWS
!
boot system disk0:/asa971-4-smp-k8.bin
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name lab.com
object network INSIDE-SUBNET
subnet 0.0.0.0 0.0.0.0
object network IDENTITY-NAT
subnet 0.0.0.0 0.0.0.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-761.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network IDENTITY-NAT
nat (inside,outside) static INSIDE-SUBNET
router bgp 65000
bgp log-neighbor-changes
address-family ipv4 unicast
neighbor 169.254.13.189 remote-as 7224
neighbor 169.254.13.189 activate
network 192.168.1.0
no auto-summary
no synchronization
exit-address-family
!
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set AWS esp-aes esp-sha-hmac
crypto ipsec profile AWS
set ikev1 transform-set AWS
set pfs group2
set security-association lifetime seconds 3600
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 1
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
username all
tunnel-group 1.1.1.2 type ipsec-l2l
tunnel-group 1.1.1.2 ipsec-attributes
ikev1 pre-shared-key cisco123
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map
inspect icmp
inspect icmp error
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 27
subscribe-to-alert-group configuration periodic monthly 27
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1d49675b0a2dba8e8bfd04398e2a10b1
: end
5525-x# show bgp summary
BGP router identifier 192.168.1.1, local AS number 65000
BGP table version is 2, main routing table version 2
1 network entries using 200 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 208 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 488 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.13.189 4 7224 24 21 2 0 0 00:18:29 0
I've used a Cisco 2901 router to simulate an AWS cloud.
AWS#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 1.1.1.2 YES manual up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 unassigned YES NVRAM administratively down down
Serial0/0/1 unassigned YES NVRAM administratively down down
Loopback0 172.31.1.1 YES manual up up
Tunnel1 169.254.13.189 YES manual up up
AWS#show run
Building configuration...
Current configuration : 2052 bytes
!
! Last configuration change at 07:44:08 UTC Wed Jul 12 2017
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AWS
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2901/K9 sn FCZ17039XYZ
hw-module pvdm 0/0
!
!
!
!
redundancy
!
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp key cisco123 address 1.1.1.1
!
!
crypto ipsec transform-set AWS esp-aes esp-sha-hmac
!
crypto ipsec profile AWS
set transform-set AWS
set pfs group2
!
!
!
!
!
!
interface Loopback0
description ### LAN ###
ip address 172.31.1.1 255.255.255.0
!
interface Tunnel1
ip address 169.254.13.189 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 1.1.1.1
tunnel protection ipsec profile AWS
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ### WAN ###
ip address 1.1.1.2 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
router bgp 7224
bgp log-neighbor-changes
neighbor 169.254.13.190 remote-as 65000
!
address-family ipv4
network 172.31.1.0
neighbor 169.254.13.190 activate
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
AWS#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
1.1.1.2 1.1.1.1 QM_IDLE 1017 ACTIVE
IPv6 Crypto ISAKMP SA
AWS#show crypto ipsec sa
interface: Tunnel1
Crypto map tag: Tunnel1-head-0, local addr 1.1.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 1.1.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 102, #pkts encrypt: 102, #pkts digest: 102
#pkts decaps: 94, #pkts decrypt: 94, #pkts verify: 94
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 1.1.1.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0xD05BCF8B(3495677835)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0xAD2A1AEB(2905217771)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2005, flow_id: Onboard VPN:5, sibling_flags 80000046, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4498776/2919)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD05BCF8B(3495677835)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2006, flow_id: Onboard VPN:6, sibling_flags 80000046, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4498775/2919)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
AWS#show ip bgp summary
BGP router identifier 172.31.1.1, local AS number 7224
BGP table version is 6, main routing table version 6
1 network entries using 136 bytes of memory
1 path entries using 56 bytes of memory
1/1 BGP path/bestpath attribute entries using 128 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 344 total bytes of memory
BGP activity 1/0 prefixes, 3/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.13.190 4 65000 12 14 6 0 0 00:09:03 1
AWS#show ip bgp
BGP table version is 6, local router ID is 172.31.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0 169.254.13.190 0 0 65000 i
Below are the debug output captured from both ASA 9.7 and AWS router.
Cisco ASA 9.7
5525-x# debug crypto ikev1 ?
<1-255> Specify an optional debug level (default is 1)
timers debug the ikev1 timers
<cr>
5525-x# debug crypto ikev1 255 // I DIDN'T GET DEBUG OUTPUT USING LEVEL 1
5525-x# debug crypto ipsec ?
<1-255> Specify an optional debug level (default is 1)
<cr>
5525-x# debug crypto ipsec 255
5525-x# debug ip ?
bgp BGP information
eigrp Debug IPv4 EIGRP
ospf OSPF information
rip RIP protocol transactions
routing Routing table events
5525-x# debug ip bgp ?
A.B.C.D BGP neighbor address
events BGP events
in BGP Inbound information
ipv4 Address family
ipv6 Address family
keepalives BGP keepalives
out BGP Outbound information
range BGP dynamic range
rib-filter Next hop route watch filter events
updates BGP updates
<cr>
5525-x# debug ip bgp events
BGP events debugging is on
Successfully set for module BGP at level 1
5525-x#
BGP: Regular scanner timer event
BGP: Performing BGP general scanning
BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
BGP(0): Future scanner version: 1028, current scanner version: 1027
5525-x# Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x7d043cfc)
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=15c4d463) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
5525-x#
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 00 63 d4 c4 15 1c 00 00 00 0b 00 00 18 | ....c...........
fa f1 e0 a6 fe 3c 69 c3 cf 66 31 10 2d e2 b3 33 | .....<i..f1.-..3
42 86 02 2a 00 00 00 20 00 00 00 01 01 10 8d 28 | B..*... .......(
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
7d 04 3c fc | }.<.
ISAKMP Header
5525-x# Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 15C4D463
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
fa f1 e0 a6 fe 3c 69 c3 cf 66 31 10 2d e2 b3 33
42 86 02 2a
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
Data: 7d 04 3c fc
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 15C4D463
Length: 92
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500 //IKE UDP PORT 500
IKEv1 Recv RAW packet dump
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 01 31 f3 87 0c 00 00 00 5c 38 5a 44 31 | ....1......\8ZD1
8d 15 6b 72 f4 99 ac 2e 02 1c d7 60 79 c9 78 49 | ..kr.......`y.xI
a7 0f 2f c2 60 53 b7 62 dd ac d1 77 90 fe b0 b2 | ../.`S.b...w....
54 40 11 bd de c1 e2 44 13 12 dd 90 f6 7d cf 1f | T@.....D.....}..
06 5c 7b 92 e2 13 78 23 31 83 e6 64 | .\{...x#1..d
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 31F3870C
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 31F3870C
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
e8 f1 7e af 3f 8e ed c7 67 89 35 f9 55 c6 86 9b
ef 81 9d 4d
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
Data: 7d 04 3c fc
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=31f3870c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x7d043cfc)
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE SA MM:fa27f090 rcv'd Terminate: state MM_ACTIVE flags 0x00018042, refcnt 1, tuncnt 1
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Remove from IKEv1 Tunnel Table succeeded for SA with logicalId 20480
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Remove from IKEv1 MIB Table succeeded for SA with logical ID 20480
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, sending delete/delete with reason message
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec delete payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=78819259) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
5525-x# 1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 00 59 92 81 78 1c 00 00 00 0c 00 00 18 | ....Y..x........
d9 4b 95 7f 2b 15 33 c5 e0 26 47 cf 55 a4 41 a1 | .K.+.3..&G.U.A.
44 96 bd 69 00 00 00 10 00 00 00 01 03 04 00 01 | D..i............
8b a9 b0 28 | ...(
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 78819259
Length: 28
Payload Hash
Next Payload: Delete
Reserved: 00
Payload Length: 24
Data:
d9 4b 95 7f 2b 15 33 c5 e0 26 47 cf 55 a4 41 a1
44 96 bd 69
Payload Delete
Next Payload: None
Reserved: 00
Payload Length: 16
DOI: IPsec
Protocol-ID: PROTO_IPSEC_ESP
Spi Size: 4
# of SPIs: 1
SPI (Hex dump): 8b a9 b0 28
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 78819259
Length: 76
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Active unit receives a delete event for remote peer 1.1.1.2.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE Deleting SA: Remote Proxy 0.0.0.0, Local Proxy 0.0.0.0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE SA MM:fa27f090 terminating: flags 0x01018002, refcnt 0, tuncnt 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, sending delete/delete with reason message
IPSEC: Received a PFKey message from IKE
IPSEC DEBUG: Received a DELETE PFKey message from IKE for an inbound SA (SPI 0x8BA9B028)
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) destroy started, state active
IPSEC: Destroy current outbound SPI: 0x2D20E7D2
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) free started, state active
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) state change from active to dead
IPSEC DEBUG: Deleting the outbound encrypt rule for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted outbound encrypt rule, SPI 0x2D20E7D2
Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the outbound permit rule for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted outbound permit rule, SPI 0x2D20E7D2
Rule ID: 0x00007f6a02aeaa50
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the Outbound VPN context for SPI 0x2D20E7D2
IPSEC: Increment SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 0, new value: 1, (ctm_ipsec_free_sa:9198)
IPSEC: Deleted outbound VPN context, SPI 0x2D20E7D2
VPN handle: 0x0000000000013b54
IPSEC: Decrement SA NP ref counter for outbound SPI 0x2D20E7D2, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:11730)
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) free completed
IPSEC DEBUG: Outbound SA (SPI 0x2D20E7D2) destroy completed
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) destroy started, state active
IPSEC: Destroy current inbound SPI: 0x8BA9B028
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) free started, state active
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) state change from active to dead
IPSEC DEBUG: Deleting the inbound decrypt rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound decrypt rule, SPI 0x8BA9B028
Rule ID: 0x00007f6a034e8b50
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the inbound permit rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound permit rule, SPI 0x8BA9B028
Rule ID: 0x00007f6a01e832e0
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the inbound tunnel flow rule for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:7063)
IPSEC: Deleted inbound tunnel flow rule, SPI 0x8BA9B028
Rule ID: 0x00007f6a01a7c180
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5619)
IPSEC DEBUG: Deleting the Inbound VPN context for SPI 0x8BA9B028
IPSEC: Increment SA NP ref counter for inbound SPI 0x8BA9B028, old value: 0, new value: 1, (ctm_ipsec_free_sa:9198)
IPSEC: Deleted inbound VPN context, SPI 0x8BA9B028
VPN handle: 0x0000000000015bac
IPSEC: Decrement SA NP ref counter for inbound SPI 0x8BA9B028, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:11730)
IPSEC: Removed SA from last received DB, SPI: 0x8BA9B028, user: 1.1.1.2, peer: 1.1.1.2, SessionID: 0x00005000
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) free completed
IPSEC DEBUG: Inbound SA (SPI 0x8BA9B028) destroy completed
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=0, saddr=1.1.1.1, sport=1, daddr=1.1.1.2, dport=1
IPSEC(crypto_map_check)-3: Checking crypto map __vti-crypto-map-4-0-1 65280: matched.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IKE delete payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=b420f796) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 00 96 f7 20 b4 1c 00 00 00 0c 00 00 18 | ...... .........
b3 6a 14 f7 2c 44 0f 7e f2 56 37 26 4c b0 6f a7 | .j..,D.~.V7&L.o.
a0 95 f0 7b 00 00 00 1c 00 00 00 01 01 10 00 01 | ...{............
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: B420F796
Length: 28
Payload Hash
Next Payload: Delete
Reserved: 00
Payload Length: 24
Data:
b3 6a 14 f7 2c 44 0f 7e f2 56 37 26 4c b0 6f a7
a0 95 f0 7b
Payload Delete
Next Payload: None
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
# of SPIs: 1
SPI (Hex dump):
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: B420F796
Length: 92
Jul 12 18:33:10 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0x8ba9b028
Jul 12 18:33:10 [IKEv1 DEBUG]Pitcher: received a key acquire message, spi 0x0
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=0, saddr=1.1.1.1, sport=1, daddr=1.1.1.2, dport=1
IPSEC(crypto_map_check)-3: Checking crypto map __vti-crypto-map-4-0-1 65280: matched.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Session is being torn down. Reason: Administrator Reset
Jul 12 18:33:10 [IKEv1]Ignoring msg to mark SA with dsID 20480 dead because SA deleted
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 b2 ea 38 48 90 f0 27 fa 12 8c c0 7d | .x....8H..'....}
08 10 05 01 46 51 1a bf 00 00 00 5c f6 f2 cf 57 | ....FQ.....\...W
8c fe 53 50 8c 9a 65 f1 25 5d c6 30 d7 6d 60 b3 | ..SP..e.%].0.m`.
71 fd c3 65 52 41 18 00 ba 66 8d 1d 9f 8a 28 9c | q..eRA...f....(.
37 df 40 83 79 f9 dd bc 88 3b 70 b5 28 70 03 1a | 7.@.y....;p.(p..
ae 3b 8b c0 47 b3 bd 19 89 b9 7b 16 | .;..G.....{.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 b2 ea 38 48
Responder COOKIE: 90 f0 27 fa 12 8c c0 7d
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 46511ABF
Length: 92
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Received encrypted packet with no matching SA, dropping
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 00 00 00 00 00 00 00 00 | .x.....W........
01 10 02 00 00 00 00 00 00 00 00 a4 0d 00 00 38 | ...............8
00 00 00 01 00 00 00 01 00 00 00 2c 01 01 00 01 | ...........,....
00 00 00 24 01 01 00 00 80 01 00 07 80 0e 00 80 | ...$............
80 02 00 02 80 04 00 02 80 03 00 01 80 0b 00 01 | ................
80 0c 70 80 0d 00 00 14 4a 13 1c 81 07 03 58 45 | ..p.....J.....XE
5c 57 28 f2 0e 95 45 2f 0d 00 00 14 43 9b 59 f8 | \W(...E/....C.Y.
ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 0d 00 00 14 | .glLw7."........
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | }...S..o,....R.V
00 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ........>.in.c..
ec 42 7b 1f | .B{.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 164
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: AES-CBC
Key Length: 128
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 70 80
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 164
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Oakley proposal is acceptable
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal RFC VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal ver 03 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received NAT-Traversal ver 02 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing IKE SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 2
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing ISAKMP SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Traversal VID ver RFC payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing Fragmentation VID + extended capabilities payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 128
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 128
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
04 10 02 00 00 00 00 00 00 00 01 1c 0a 00 00 84 | ................
1e d2 8a 2a b0 2f 33 91 99 29 49 f9 e9 cb ea d8 | ...*./3..)I.....
c5 19 5d 88 32 08 24 4b 8a ee 51 d2 a3 a2 27 7c | ..].2.$K..Q...'|
12 aa a8 00 cd 04 a1 f4 53 37 65 c0 61 af fb 07 | ........S7e.a...
f9 35 d6 ef 10 52 3b eb 75 6f 64 4e 8f 65 36 09 | .5...R;.uodN.e6.
57 f8 33 27 65 7e 64 25 55 8b c4 94 e9 cf a8 2d | W.3'e~d%U......-
6a 5c f3 15 91 08 34 7d c5 bf a5 b0 34 69 dc 30 | j\....4}....4i.0
8b 2c d3 34 3d 2c b6 fc b4 9b fa 17 fd ea 98 66 | .,.4=,.........f
84 ca 8a ba ab eb 13 dc f4 d4 2a c2 a7 35 b7 63 | ..........*..5.c
0d 00 00 18 5d fa 40 b3 8d 87 25 f5 36 38 90 b8 | ....].@...%.68..
1f be de 6c ba 6b d6 44 0d 00 00 14 af ca d7 13 | ...l.k.D........
68 a1 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14 | h...k...wW......
e9 bf 74 8d c3 8f f9 57 89 b6 05 0e e3 56 42 02 | ..t....W.....VB.
14 00 00 0c 09 00 26 89 df d6 b7 12 14 00 00 18 | ......&.........
fb d9 57 32 67 91 9c da c2 16 cd e4 5d 95 b0 62 | ..W2g.......]..b
54 fe 59 58 00 00 00 18 c2 54 40 c2 e0 f4 a9 33 | T.YX.....T@....3
28 ba d6 5e 2e bd 70 69 3c 4c 41 2b | (..^..pi<LA+
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 284
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
1e d2 8a 2a b0 2f 33 91 99 29 49 f9 e9 cb ea d8
c5 19 5d 88 32 08 24 4b 8a ee 51 d2 a3 a2 27 7c
12 aa a8 00 cd 04 a1 f4 53 37 65 c0 61 af fb 07
f9 35 d6 ef 10 52 3b eb 75 6f 64 4e 8f 65 36 09
57 f8 33 27 65 7e 64 25 55 8b c4 94 e9 cf a8 2d
6a 5c f3 15 91 08 34 7d c5 bf a5 b0 34 69 dc 30
8b 2c d3 34 3d 2c b6 fc b4 9b fa 17 fd ea 98 66
84 ca 8a ba ab eb 13 dc f4 d4 2a c2 a7 35 b7 63
Payload Nonce
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
5d fa 40 b3 8d 87 25 f5 36 38 90 b8 1f be de 6c
ba 6b d6 44
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
e9 bf 74 8d c3 8f f9 57 89 b6 05 0e e3 56 42 02
Payload Vendor ID
Next Payload: NAT-D
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload NAT-D
Next Payload: NAT-D
Reserved: 00
Payload Length: 24
Data:
fb d9 57 32 67 91 9c da c2 16 cd e4 5d 95 b0 62
54 fe 59 58
Payload NAT-D
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
c2 54 40 c2 e0 f4 a9 33 28 ba d6 5e 2e bd 70 69
3c 4c 41 2b
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 284
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing ISA_KE payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received DPD VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Processing IOS/PIX Vendor ID payload (version: 1.0.0, capabilities: 00000f6f)
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Received xauth V6 VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, processing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing Cisco Unity VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing xauth V6 VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Send IOS VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing VID payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, constructing NAT-Discovery payload
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, computing NAT Discovery hash
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating keys for Responder...
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + NONE (0) total length : 304
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 304
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
05 10 02 01 00 00 00 00 00 00 00 6c 16 fc 72 19 | ...........l..r.
28 ef b5 d1 38 be d7 c4 1f 42 4c b8 72 15 67 ec | (...8....BL.r.g.
cb 28 56 cb a5 b9 77 50 cc ee 43 e4 34 ee 02 d9 | .(V...wP..C.4...
29 b8 0d 78 62 d5 98 54 32 91 9a fc f5 93 ab 0b | )..xb..T2.......
13 bb 74 d4 d3 da 62 57 49 b5 2f 11 d8 c6 92 21 | ..t...bWI./....!
0d e7 41 3b df 79 ad 82 b2 eb bf 4f | ..A;.y.....O
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 108
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 108
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: 1.1.1.2
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
ce bf b5 44 94 7a c8 d7 dd 41 ed 50 ff a1 4e 0f
8f 8f 5f 52
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: STATUS_INITIAL_CONTACT
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NOTIFY (11) + NONE (0) total length : 92
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR ID received
1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing ID payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jul 12 18:33:10 [IKEv1 DEBUG]IP = 1.1.1.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing dpd vid payload
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 96
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
05 10 02 00 00 00 00 00 1c 00 00 00 08 00 00 0c | ................
01 11 00 00 01 01 01 01 80 00 00 18 84 3e 49 6d | .............>Im
f9 9b 8c b9 b2 4c d3 58 34 9a 0b bb 1f 1d 9b bb | .....L.X4.......
0d 00 00 0c 80 00 7f ff 80 00 7f ff 00 00 00 14 | ..............
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | ....h...k...wW..
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 28
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 0
ID Data: 1.1.1.1
Payload Hash
Next Payload: IOS Proprietary Keepalive or CHRE
Reserved: 00
Payload Length: 24
Data:
84 3e 49 6d f9 9b 8c b9 b2 4c d3 58 34 9a 0b bb
1f 1d 9b bb
Payload IOS Proprietary Keepalive or CHRE
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Default Interval: 32767
Retry Interval: 32767
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 108
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, PHASE 1 COMPLETED
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, Keep-alive type for this connection: DPD
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Starting P1 rekey timer: 21600 seconds.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Add to IKEv1 Tunnel Table succeeded for SA with logical ID 24576
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Add to IKEv1 MIB Table succeeded for SA with logical ID 24576
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 20 01 17 fb be 5e 00 00 01 3c ec 34 01 e9 | .. ....^...<.4..
9c ae 09 f3 d4 86 b1 17 db 25 56 e3 3a 9d e1 94 | .........%V.:...
c0 2c 97 6a 7c c6 f1 a1 28 47 8b d2 7a 60 d3 fd | .,.j|...(G..z`..
2f 90 10 cb e3 4b 52 73 fd 2e 01 4f 1f 47 c1 ee | /....KRs...O.G..
64 5e 44 27 32 32 a6 94 b8 db 3a 2f 5b 7e f1 e6 | d^D'22....:/[~..
e0 ce 52 92 07 6d ec 46 6e 8e e6 33 c1 3e 16 11 | ..R..m.Fn..3.>..
fa cc f9 50 b7 91 d3 da 19 90 46 9d 4a fc fb 52 | ...P......F.J..R
6d 45 de 53 b9 9b 7c f4 13 e5 50 ec 6a ab db 21 | mE.S..|...P.j..!
31 df ff 4a 70 ba 31 2a 14 4d 5c 15 e3 6a 6f e6 | 1..Jp.1*.M\..jo.
3c 3c 93 07 e2 b4 da d0 34 81 d1 be dc d2 68 7a | <<......4.....hz
4d 7a 2b 07 ec ca 9f 60 93 2b 0a 64 39 62 9d 2f | Mz+....`.+.d9b./
54 b1 d6 13 5d 98 a4 d6 dd db 90 0d 16 85 38 d2 | T...].........8.
db 0c f3 45 7f 4d 08 a0 9b 70 ba e7 81 b1 de 00 | ...EM...p......
a6 46 4b 8b d2 c2 b1 ec 09 22 24 7b d6 cc 75 ea | .FK......"${..u.
37 4a 48 6c 28 b9 fa a8 41 ce ab 57 dc 32 1c 72 | 7JHl(...A..W.2.r
75 a0 aa c6 bd fd b5 69 5f c4 1a 05 13 d2 d0 47 | u......i_......G
6a 31 3e 87 5e 86 8c 7a d9 1c 53 e6 f2 cb 34 67 | j1>.^..z..S...4g
f1 44 cd be e6 e7 77 d2 35 ac 64 17 e4 a8 91 6a | .D....w.5.d....j
27 a3 96 69 92 78 01 65 63 45 e9 4d | '..i.x.ecE.M
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 316
Jul 12 18:33:10 [IKEv1 DECODE]IP = 1.1.1.2, IKE Responder starting QM: msg id = 17fbbe5e
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 316
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
43 c9 e1 87 08 7a c5 af 71 90 38 32 1e 73 68 b5
12 44 9b 60
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 68
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 56
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: df 8a ac 79
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 44
Transform #: 1
Transform-Id: ESP_AES
Reserved2: 0000
Encapsulation Mode: Tunnel
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Authentication Algorithm: SHA1
Key Length: 128
Group Description: Group 2
Payload Nonce
Next Payload: Key Exchange
Reserved: 00
Payload Length: 24
Data:
74 d4 82 f7 83 a2 c9 c4 d7 97 37 8a cc e0 25 2e
fc 57 0b 56
Payload Key Exchange
Next Payload: Identification
Reserved: 00
Payload Length: 132
Data:
c8 49 46 ba b8 5e be 4c fc 5f 1c f4 5d f1 f3 13
2d a8 48 27 8f dd 78 ff 85 87 b0 fb c7 ee aa 71
6d ba 64 26 6b ae 1f f3 d6 c9 55 f2 ec d6 da b3
4c 6b 93 0d 50 96 45 3a cb 2d 6d 77 d8 5b 88 68
25 98 67 f5 21 d3 bb 6e c7 88 6f fd 67 b1 31 7a
f6 91 ff 38 53 3d 31 23 2b f4 55 71 55 5b d2 bc
e6 70 5b 2e 08 90 2c ce 25 22 03 2a a5 eb 04 a3
51 ca b4 96 2a 57 5a aa 40 34 aa a0 1f e3 a4 07
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NONE (0) total length : 308
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ISA_KE for PFS in phase 2
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Received remote IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Received local IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, QM IsRekeyed old sa not found by addr
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = __vti-crypto-map-4-0-1, seq = 65280...
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map __vti-crypto-map-4-0-1, seq = 65280 is a successful match
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, IKE Remote Peer configured for crypto map: __vti-crypto-map-4-0-1
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing IPSec SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IPSec SA Proposal # 1, Transform # 1 acceptable Matches global IPSec SA entry # 65280
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, IKE: requesting SPI!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC DEBUG: Inbound SA (SPI 0x00000000) state change from inactive to embryonic
IPSEC: New embryonic SA created @ 0x00007f6a02a101b0,
SCB: 0x01E81330,
Direction: inbound
SPI : 0x9169931A
Session ID: 0x00006000
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE got SPI from key engine: SPI = 0x9169931a
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, oakley constucting quick mode
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec SA payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing IPSec nonce payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing pfs ke payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing proxy ID
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Transmitting Proxy Id:
Remote subnet: 0.0.0.0 Mask 0.0.0.0 Protocol 0 Port 0
Local subnet: 0.0.0.0 mask 0.0.0.0 Protocol 0 Port 0
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:10 [IKEv1 DECODE]Group = 1.1.1.2, IP = 1.1.1.2, IKE Responder sending 2nd QM pkt: msg id = 17fbbe5e
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NONE (0) total length : 308
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 20 00 5e be fb 17 1c 00 00 00 01 00 00 18 | .. .^...........
26 b5 df 4f 0e 49 c9 59 00 99 15 1f 35 52 dc f2 | &..O.I.Y....5R..
0a 8e 17 28 0a 00 00 44 00 00 00 01 00 00 00 01 | ...(...D........
00 00 00 38 01 03 04 01 91 69 93 1a 00 00 00 2c | ...8.....i.....,
01 0c 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00 02 | .....FP.........
80 03 00 02 80 06 00 80 04 00 00 18 82 10 78 d8 | ..............x.
59 e7 f7 ef e6 99 cd 12 ec 51 27 17 68 bc 19 ae | Y........Q'.h...
05 00 00 84 5d ce 10 8f 52 31 1e e2 4d 4d 89 61 | ....]...R1..MM.a
56 29 7f ff 76 98 5e 69 ff 24 99 b2 3b 55 51 0c | V).v.^i.$..;UQ.
28 94 ef 3e 66 0b 5b 74 ad b6 72 62 a1 5b c9 2c | (..>f.[t..rb.[.,
cf 86 f9 32 a6 5b 7f 93 a0 7c 54 2f 4c 9d b7 2c | ...2.[..|T/L..,
2a a4 84 22 18 99 f3 8f 98 fb f8 af 93 94 71 9b | *.."..........q.
ee b0 b8 33 3a 12 b1 76 5f 8c d7 a1 07 21 78 9b | ...3:..v_....!x.
fe 9c b1 ac 87 f9 12 9a e0 83 6e b1 f9 11 b9 0b | ..........n.....
ae ad ff 9c 3c 54 3f 7f 85 b4 b6 a3 aa ba 4b bc | ....<T?......K.
59 c6 a1 bc 05 00 00 10 04 00 00 00 00 00 00 00 | Y...............
00 00 00 00 00 00 00 10 04 00 00 00 00 00 00 00 | ................
00 00 00 00 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (none)
MessageID: 17FBBE5E
Length: 28
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
26 b5 df 4f 0e 49 c9 59 00 99 15 1f 35 52 dc f2
0a 8e 17 28
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 68
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 56
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: 91 69 93 1a
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 44
Transform #: 1
Transform-Id: ESP_AES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Group Description: Group 2
Key Length: 128
Payload Nonce
Next Payload: Key Exchange
Reserved: 00
Payload Length: 24
Data:
82 10 78 d8 59 e7 f7 ef e6 99 cd 12 ec 51 27 17
68 bc 19 ae
Payload Key Exchange
Next Payload: Identification
Reserved: 00
Payload Length: 132
Data:
5d ce 10 8f 52 31 1e e2 4d 4d 89 61 56 29 7f ff
76 98 5e 69 ff 24 99 b2 3b 55 51 0c 28 94 ef 3e
66 0b 5b 74 ad b6 72 62 a1 5b c9 2c cf 86 f9 32
a6 5b 7f 93 a0 7c 54 2f 4c 9d b7 2c 2a a4 84 22
18 99 f3 8f 98 fb f8 af 93 94 71 9b ee b0 b8 33
3a 12 b1 76 5f 8c d7 a1 07 21 78 9b fe 9c b1 ac
87 f9 12 9a e0 83 6e b1 f9 11 b9 0b ae ad ff 9c
3c 54 3f 7f 85 b4 b6 a3 aa ba 4b bc 59 c6 a1 bc
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 0.0.0.0/0.0.0.0
Jul 12 18:33:10 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 20 01 17 fb be 5e 00 00 00 3c b9 0c 41 d7 | .. ....^...<..A.
a2 2c 63 2b 63 22 bb e8 23 5f 2d bc 77 92 c5 a8 | .,c+c"..#_-.w...
d4 5f 3b 7b 64 63 a0 28 df e5 06 a0 | ._;{dc.(....
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 60
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 17FBBE5E
Length: 60
Payload Hash
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
38 ee de 37 35 3e 9f 70 a4 db 6c 40 c2 b9 a2 39
57 a8 2d 33
Jul 12 18:33:10 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=17fbbe5e) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, loading all IPSEC SAs
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating Quick Mode Key!
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Generating Quick Mode Key!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey ADD message
IPSEC: Creating IPsec SA
IPSEC: Adding the outbound SA, SPI: 0xDF8AAC79
IPSEC DEBUG: Outbound SA (SPI 0xDF8AAC79) state change from inactive to embryonic
IPSEC: New embryonic SA created @ 0x00007f6a0330a100,
SCB: 0x02AF1EF0,
Direction: outbound
SPI : 0xDF8AAC79
Session ID: 0x00006000
VPIF num : 0x00000004
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xDF8AAC79
IPSEC: Creating outbound VPN context, SPI 0xDF8AAC79
Flags: 0x00000005
SA : 0x00007f6a0330a100
SPI : 0xDF8AAC79
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x0E249A81
Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7482)
IPSEC: Completed outbound VPN context, SPI 0xDF8AAC79
VPN handle: 0x000000000001776c
IPSEC: New outbound encrypt rule, SPI 0xDF8AAC79
Src addr: 0.0.0.0
Src mask: 0.0.0.0
Dst addr: 0.0.0.0
Dst mask: 0.0.0.0
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6471)
IPSEC: Completed outbound encrypt rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a02b577d0
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New outbound permit rule, SPI 0xDF8AAC79
Src addr: 1.1.1.1
Src mask: 255.255.255.255
Dst addr: 1.1.1.2
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0xDF8AAC79
Use SPI: true
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6631)
IPSEC: Completed outbound permit rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: Increment SA HW ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_obsa:1243)
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, Security negotiation complete for LAN-to-LAN Group (1.1.1.2) Responder, Inbound SPI = 0x9169931a, Outbound SPI = 0xdf8aac79
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, IKE got a KEY_ADD msg for SA: SPI = 0xdf8aac79
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey UPDATE message
IPSEC: Creating IPsec SA
IPSEC: Updating the inbound SA, SPI: 0x9169931A
IPSEC: New embryonic SA created @ 0x00007f6a02a101b0,
SCB: 0x01E81330,
Direction: inbound
SPI : 0x9169931A
Session ID: 0x00006000
VPIF num : 0x00000004
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host IBSA update, SPI 0x9169931A
IPSEC: Creating inbound VPN context, SPI 0x9169931A
Flags: 0x00000006
SA : 0x00007f6a02a101b0
SPI : 0x9169931A
MTU : 0 bytes
VCID : 0x00000000
Peer : 0x0001776C
SCB : 0x0E245B03
Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7415)
IPSEC: Completed inbound VPN context, SPI 0x9169931A
VPN handle: 0x00000000000181e4
IPSEC: Updating outbound VPN context 0x0001776C, SPI 0xDF8AAC79
Flags: 0x00000005
SA : 0x00007f6a0330a100
SPI : 0xDF8AAC79
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x000181E4
SCB : 0x0E249A81
Channel: 0x00007f69f3d5d4c0
IPSEC: Increment SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 0, new value: 1, (ctm_ipsec_update_vpn_context:7611)
IPSEC: Completed outbound VPN context, SPI 0xDF8AAC79
VPN handle: 0x000000000001776c
IPSEC: Completed outbound inner rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a02b577d0
IPSEC: Completed outbound outer SPD rule, SPI 0xDF8AAC79
Rule ID: 0x00007f6a01a83c10
IPSEC: Decrement SA NP ref counter for outbound SPI 0xDF8AAC79, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: New inbound tunnel flow rule, SPI 0x9169931A
Src addr: 0.0.0.0
Src mask: 0.0.0.0
Dst addr: 0.0.0.0
Dst mask: 0.0.0.0
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 0
Use protocol: false
SPI: 0x00000000
Use SPI: false
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6100)
IPSEC: Completed inbound tunnel flow rule, SPI 0x9169931A
Rule ID: 0x00007f69f6ef2b00
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New inbound decrypt rule, SPI 0x9169931A
Src addr: 1.1.1.2
Src mask: 255.255.255.255
Dst addr: 1.1.1.1
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x9169931A
Use SPI: true
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6255)
IPSEC: Completed inbound decrypt rule, SPI 0x9169931A
Rule ID: 0x00007f6a03f36d60
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: New inbound permit rule, SPI 0x9169931A
Src addr: 1.1.1.2
Src mask: 255.255.255.255
Dst addr: 1.1.1.1
Dst mask: 255.255.255.255
Src ports
Upper: 0
Lower: 0
Op : ignore
Dst ports
Upper: 0
Lower: 0
Op : ignore
Protocol: 50
Use protocol: true
SPI: 0x9169931A
Use SPI: true
IPSEC: Increment SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6255)
IPSEC: Completed inbound permit rule, SPI 0x9169931A
Rule ID: 0x00007f6a01a7c180
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5515)
IPSEC: Decrement SA NP ref counter for inbound SPI 0x9169931A, old value: 1, new value: 0, (ctm_np_vpn_context_cb:11670)
IPSEC: Increment SA HW ref counter for inbound SPI 0x9169931A, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_ibsa:816)
IPSEC: Added SA to last received DB, SPI: 0x9169931A, user: 1.1.1.2, peer: 1.1.1.2, SessionID: 0x00006000
IPSEC DEBUG: Inbound SA (SPI 0x9169931A) state change from embryonic to active
IPSEC DEBUG: Outbound SA (SPI 0xDF8AAC79) state change from embryonic to active
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Pitcher: received KEY_UPDATE, spi 0x9169931a
Jul 12 18:33:10 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Starting P2 rekey timer: 3060 seconds.
Jul 12 18:33:10 [IKEv1]Group = 1.1.1.2, IP = 1.1.1.2, PHASE 2 COMPLETED (msgid=17fbbe5e)
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df07)
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:30 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=25bd0bb9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 00 b9 0b bd 25 1c 00 00 00 0b 00 00 18 | .......%........
f5 d4 4e d4 ef 3e 0e f6 27 ec 09 54 b2 e9 8a 87 | ..N..>..'..T....
31 44 96 87 00 00 00 20 00 00 00 01 01 10 8d 28 | 1D..... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
2e f1 df 07 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 25BD0BB9
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
f5 d4 4e d4 ef 3e 0e f6 27 ec 09 54 b2 e9 8a 87
31 44 96 87
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 07
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 25BD0BB9
Length: 92
Jul 12 18:33:30 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 01 9d ac 24 d6 00 00 00 5c dc 5c f7 ed | ......$....\.\..
58 e3 13 61 58 b4 06 e3 a1 42 32 94 0d d0 c1 ef | X..aX....B2.....
26 bf 82 57 e7 88 14 6f 2d 9b 78 fd 19 57 99 de | &..W...o-.x..W..
f5 d5 af fa 5a 4e 87 ec d3 63 9c dd 3a 40 cd 99 | ....ZN...c..:@..
ce 57 46 61 4e a6 52 d6 43 fc 38 01 | .WFaN.R.C.8.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 9DAC24D6
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 9DAC24D6
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
09 de c2 bb 90 b1 36 da 06 52 e5 59 81 a8 6b f5
97 00 32 f5
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 07
Jul 12 18:33:30 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=9dac24d6) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:30 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df07)
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df08)
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:40 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=88c86466) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 00 66 64 c8 88 1c 00 00 00 0b 00 00 18 | ....fd..........
24 bd 9d c2 f0 0c 8a d6 b8 5c 54 57 1e db 6c 5a | $........\TW..lZ
bb f6 01 72 00 00 00 20 00 00 00 01 01 10 8d 28 | ...r... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
2e f1 df 08 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 88C86466
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
24 bd 9d c2 f0 0c 8a d6 b8 5c 54 57 1e db 6c 5a
bb f6 01 72
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 08
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 88C86466
Length: 92
Jul 12 18:33:40 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 01 87 f1 57 05 00 00 00 5c 23 f0 e9 ec | ......W....\#...
0b 9a e4 ca a2 bc c4 6b 17 ca ec 87 a7 2d 75 56 | .......k.....-uV
c7 47 19 5d 13 9d 45 26 28 46 81 e9 26 c5 d8 bf | .G.]..E&(F..&...
66 5b 82 7d fb c0 27 52 c5 8d c7 ab 22 95 10 4d | f[.}..'R...."..M
47 a0 ba 14 c2 09 db 6c d9 dc 5e 93 | G......l..^.
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 87F15705
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 87F15705
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
ff fa 03 68 a0 55 ce df ab e0 2c 10 47 cd d4 32
36 76 1f 12
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 08
Jul 12 18:33:40 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=87f15705) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:40 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df08)
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Sending keep-alive of type DPD R-U-THERE (seq number 0x2ef1df09)
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jul 12 18:33:50 [IKEv1]IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=b95012c) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 00 2c 01 95 0b 1c 00 00 00 0b 00 00 18 | ....,...........
4a 35 66 82 41 c8 76 01 66 9c 55 e1 64 b7 fa a0 | J5f.A.v.f.U.d...
5e 53 99 6d 00 00 00 20 00 00 00 01 01 10 8d 28 | ^S.m... .......(
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
2e f1 df 09 | ....
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (none)
MessageID: 0B95012C
Length: 28
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
4a 35 66 82 41 c8 76 01 66 9c 55 e1 64 b7 fa a0
5e 53 99 6d
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 09
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 0B95012C
Length: 92
Jul 12 18:33:50 [IKEv1]IKE Receiver: Packet received on 1.1.1.1:500 from 1.1.1.2:500
IKEv1 Recv RAW packet dump
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77 | .x.....WU..U.&.w
08 10 05 01 02 cc a6 8d 00 00 00 5c 6f e0 c0 41 | ...........\o..A
ca 50 c0 18 68 c9 af f5 97 dd fc fb cb d1 d8 94 | .P..h...........
10 8b c4 37 3a d5 14 b4 04 a5 98 64 84 62 a0 03 | ...7:......d.b..
62 9e 71 cb 77 54 9c 7d 78 ad ad 2f 38 2b 06 c4 | b.q.wT.}x../8+..
ec c2 20 78 80 eb 59 d9 cd f0 2a 42 | .. x..Y...*B
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 02CCA68D
Length: 92
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: 1c 78 d3 90 c3 8e f9 57
Responder COOKIE: 55 d0 f3 55 f8 26 17 77
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 02CCA68D
Length: 92
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
f9 91 86 e1 59 97 e0 9c 48 de 3f 1b 5d e3 c6 72
04 e6 65 7b
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 32
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: R_U_THERE_ACK
SPI:
1c 78 d3 90 c3 8e f9 57 55 d0 f3 55 f8 26 17 77
Data: 2e f1 df 09
Jul 12 18:33:50 [IKEv1]IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=2cca68d) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jul 12 18:33:50 [IKEv1 DEBUG]Group = 1.1.1.2, IP = 1.1.1.2, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x2ef1df09)
AWS Router
AWS#debug crypto isakmp
Crypto ISAKMP debugging is on
AWS#debug crypto ipsec
Crypto IPSEC debugging is on
AWS#debug ip bgp event
BGP events debugging is on
Jul 13 00:58:35.815: BGP: Regular scanner timer event
Jul 13 00:58:35.815: BGP: Performing BGP general scanning
Jul 13 00:58:35.815: BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:58:35.815: BGP(0): Future scanner version: 1043, current scanner version: 1042
Jul 13 00:58:35.815: BGP: tbl IPv4 Multicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:58:35.815: BGP(6): Future scanner version: 1043, current scanner version: 1042
Jul 13 00:58:42.071: ISAKMP:(1022):purging node 1479355537
Jul 13 00:58:42.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:58:42.071: ISAKMP: set new node -187656109 to QM_IDLE
Jul 13 00:58:42.071: ISAKMP:(1022): processing HASH payload. message ID = 4107311187
Jul 13 00:58:42.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 4107311187, sa = 0x2BC61EDC
Jul 13 00:58:42.071: ISAKMP:(1022):deleting node -187656109 error FALSE reason "Informational (in) state 1"
Jul 13 00:58:42.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:58:42.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:58:42.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CF9
Jul 13 00:58:42.071: ISAKMP: set new node 337335894 to QM_IDLE
Jul 13 00:58:42.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 337335894
Jul 13 00:58:42.071: ISAKMP:(1022): seq. no 0x7D043CF9
Jul 13 00:58:42.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:58:42.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:58:42.071: ISAKMP:(1022):purging node 337335894
Jul 13 00:58:42.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:58:42.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:58:52.071: ISAKMP:(1022):purging node 1419963963
Jul 13 00:58:52.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:58:52.071: ISAKMP: set new node 463853335 to QM_IDLE
Jul 13 00:58:52.071: ISAKMP:(1022): processing HASH payload. message ID = 463853335
Jul 13 00:58:52.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 463853335, sa = 0x2BC61EDC
Jul 13 00:58:52.071: ISAKMP:(1022):deleting node 463853335 error FALSE reason "Informational (in) state 1"
Jul 13 00:58:52.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:58:52.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:58:52.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFA
Jul 13 00:58:52.071: ISAKMP: set new node -1706223698 to QM_IDLE
Jul 13 00:58:52.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 2588743598
Jul 13 00:58:52.071: ISAKMP:(1022): seq. no 0x7D043CFA
Jul 13 00:58:52.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:58:52.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:58:52.071: ISAKMP:(1022):purging node -1706223698
Jul 13 00:58:52.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:58:52.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:12.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:12.071: ISAKMP: set new node -864962099 to QM_IDLE
Jul 13 00:59:12.071: ISAKMP:(1022): processing HASH payload. message ID = 3430005197
Jul 13 00:59:12.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 3430005197, sa = 0x2BC61EDC
Jul 13 00:59:12.071: ISAKMP:(1022):deleting node -864962099 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:12.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:12.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:12.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFB
Jul 13 00:59:12.071: ISAKMP: set new node -455223525 to QM_IDLE
Jul 13 00:59:12.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 3839743771
Jul 13 00:59:12.071: ISAKMP:(1022): seq. no 0x7D043CFB
Jul 13 00:59:12.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:12.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:12.071: ISAKMP:(1022):purging node -455223525
Jul 13 00:59:12.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:12.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:22.071: ISAKMP:(1022):purging node 737661563
Jul 13 00:59:32.071: ISAKMP:(1022):purging node -187656109
Jul 13 00:59:32.071: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.071: ISAKMP: set new node 365220963 to QM_IDLE
Jul 13 00:59:32.071: ISAKMP:(1022): processing HASH payload. message ID = 365220963
Jul 13 00:59:32.071: ISAKMP:(1022): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 365220963, sa = 0x2BC61EDC
Jul 13 00:59:32.071: ISAKMP:(1022):deleting node 365220963 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.071: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:32.071: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:32.071: ISAKMP:(1022):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x7D043CFC
Jul 13 00:59:32.071: ISAKMP: set new node 838043404 to QM_IDLE
Jul 13 00:59:32.071: ISAKMP:(1022):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 838043404
Jul 13 00:59:32.071: ISAKMP:(1022): seq. no 0x7D043CFC
Jul 13 00:59:32.071: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.071: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.071: ISAKMP:(1022):purging node 838043404
Jul 13 00:59:32.075: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:32.075: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:32.279: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.279: ISAKMP: set new node 2021757529 to QM_IDLE
Jul 13 00:59:32.283: ISAKMP:(1022): processing HASH payload. message ID = 2021757529
Jul 13 00:59:32.283: ISAKMP:(1022): processing DELETE payload. message ID = 2021757529
Jul 13 00:59:32.283: ISAKMP:(1022):peer does not do paranoid keepalives.
Jul 13 00:59:32.283: ISAKMP:(1022):deleting node 2021757529 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.283: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jul 13 00:59:32.283: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Jul 13 00:59:32.283: IPSEC(key_engine_delete_sas): delete SA with spi 0x8BA9B028 proto 50 for 1.1.1.1
Jul 13 00:59:32.283: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 1.1.1.2, sa_proto= 50,
sa_spi= 0x2D20E7D2(757131218),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2049
sa_lifetime(k/sec)= (4552519/3600),
(identity) local= 1.1.1.2:0, remote= 1.1.1.1:0,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
Jul 13 00:59:32.283: IPSEC(update_current_outbound_sa): updated peer 1.1.1.1 current outbound sa to SPI 0
Jul 13 00:59:32.283: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 1.1.1.1, sa_proto= 50,
sa_spi= 0x8BA9B028(2343153704),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2050
sa_lifetime(k/sec)= (4552519/3600),
(identity) local= 1.1.1.2:0, remote= 1.1.1.1:0,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
Jul 13 00:59:32.283: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
Jul 13 00:59:32.283: ISAKMP (1022): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.283: ISAKMP: set new node -1272907882 to QM_IDLE
Jul 13 00:59:32.283: ISAKMP:(1022): processing HASH payload. message ID = 3022059414
Jul 13 00:59:32.283: ISAKMP:(1022): processing DELETE payload. message ID = 3022059414
Jul 13 00:59:32.283: ISAKMP:(1022):peer does not do paranoid keepalives.
Jul 13 00:59:32.283: ISAKMP:(1022):deleting SA reason "No reason" state (I) QM_IDLE (peer 1.1.1.1)
Jul 13 00:59:32.283: ISAKMP:(1022):deleting node -1272907882 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:32.283: BGP: tbl IPv4 Unicast:base Service reset requests
Jul 13 00:59:32.283: BGP: tbl IPv4 Multicast:base Service reset requests
Jul 13 00:59:32.283: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 1.1.1.2:500, remote= 1.1.1.1:500,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Jul 13 00:59:32.283: BGP: 169.254.13.190 reset due to Interface flap
Jul 13 00:59:32.283: %BGP-5-ADJCHANGE: neighbor 169.254.13.190 Down Interface flap
Jul 13 00:59:32.283: %BGP_SESSION-5-ADJCHANGE: neighbor 169.254.13.190 IPv4 Unicast topology base removed from session Interface flap
Jul 13 00:59:32.287: EvD: charge penalty 500, new accum. penalty 500, flap count 10
Jul 13 00:59:32.287: ISAKMP: set new node 1179720383 to QM_IDLE
Jul 13 00:59:32.287: ISAKMP:(1022): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.287: ISAKMP:(1022):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.287: ISAKMP:(1022):purging node 1179720383
Jul 13 00:59:32.287: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jul 13 00:59:32.287: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
Jul 13 00:59:32.287: ISAKMP:(0): SA request profile is (NULL)
Jul 13 00:59:32.287: ISAKMP: Found a peer struct for 1.1.1.1, peer port 500
Jul 13 00:59:32.287: ISAKMP: Locking peer struct 0x2B7D656C, refcount 2 for isakmp_initiator
Jul 13 00:59:32.287: ISAKMP: local port 500, remote port 500
Jul 13 00:59:32.287: ISAKMP: set new node 0 to QM_IDLE
Jul 13 00:59:32.287: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 3139F86C
Jul 13 00:59:32.287: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Jul 13 00:59:32.287: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-07 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-03 ID
Jul 13 00:59:32.287: ISAKMP:(0): constructed NAT-T vendor-02 ID
Jul 13 00:59:32.287: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Jul 13 00:59:32.287: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
Jul 13 00:59:32.287: ISAKMP:(0): beginning Main Mode exchange
Jul 13 00:59:32.287: ISAKMP:(0): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
Jul 13 00:59:32.287: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.287: ISAKMP:(1022):deleting SA reason "No reason" state (I) QM_IDLE (peer 1.1.1.1)
Jul 13 00:59:32.287: ISAKMP: Unlocking peer struct 0x2B7D656C for isadb_mark_sa_deleted(), count 1
Jul 13 00:59:32.287: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.287: ISAKMP:(1022):Old State = IKE_DEST_SA New State = IKE_DEST_SA
Jul 13 00:59:32.291: ISAKMP (0): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Jul 13 00:59:32.291: ISAKMP:(0): processing SA payload. message ID = 0
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jul 13 00:59:32.291: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): processing IKE frag vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0):Support for IKE Fragmentation not enabled
Jul 13 00:59:32.291: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.291: ISAKMP:(0): local preshared key found
Jul 13 00:59:32.291: ISAKMP : Scanning profiles for xauth ...
Jul 13 00:59:32.291: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
Jul 13 00:59:32.291: ISAKMP: encryption AES-CBC
Jul 13 00:59:32.291: ISAKMP: keylength of 128
Jul 13 00:59:32.291: ISAKMP: hash SHA
Jul 13 00:59:32.291: ISAKMP: default group 2
Jul 13 00:59:32.291: ISAKMP: auth pre-share
Jul 13 00:59:32.291: ISAKMP: life type in seconds
Jul 13 00:59:32.291: ISAKMP: life duration (basic) of 28800
Jul 13 00:59:32.291: ISAKMP:(0):atts are acceptable. Next payload is 0
Jul 13 00:59:32.291: ISAKMP:(0):Acceptable atts:actual life: 0
Jul 13 00:59:32.291: ISAKMP:(0):Acceptable atts:life: 0
Jul 13 00:59:32.291: ISAKMP:(0):Basic life_in_seconds:28800
Jul 13 00:59:32.291: ISAKMP:(0):Returning Actual lifetime: 28800
Jul 13 00:59:32.291: ISAKMP:(0)::Started lifetime timer: 28800.
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
Jul 13 00:59:32.291: ISAKMP (0): vendor ID is NAT-T RFC 3947
Jul 13 00:59:32.291: ISAKMP:(0): processing vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0): processing IKE frag vendor id payload
Jul 13 00:59:32.291: ISAKMP:(0):Support for IKE Fragmentation not enabled
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Jul 13 00:59:32.291: ISAKMP:(0): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
Jul 13 00:59:32.291: ISAKMP:(0):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.291: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.291: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Jul 13 00:59:32.291: ISAKMP (0): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
Jul 13 00:59:32.295: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.295: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Jul 13 00:59:32.295: ISAKMP:(0): processing KE payload. message ID = 0
Jul 13 00:59:32.319: ISAKMP:(0): processing NONCE payload. message ID = 0
Jul 13 00:59:32.319: ISAKMP:(0):found peer pre-shared key matching 1.1.1.1
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID is Unity
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID seems Unity/DPD but major 84 mismatch
Jul 13 00:59:32.319: ISAKMP:(1023): vendor ID is XAUTH
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023): speaking to another IOS box!
Jul 13 00:59:32.319: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.319: ISAKMP:(1023):vendor ID seems Unity/DPD but hash mismatch
Jul 13 00:59:32.319: ISAKMP:received payload type 20
Jul 13 00:59:32.319: ISAKMP (1023): His hash no match - this node outside NAT
Jul 13 00:59:32.319: ISAKMP:received payload type 20
Jul 13 00:59:32.319: ISAKMP (1023): No NAT Found for self or peer
Jul 13 00:59:32.319: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.319: ISAKMP:(1023):Old State = IKE_I_MM4 New State = IKE_I_MM4
Jul 13 00:59:32.319: ISAKMP:(1023):Send initial contact
Jul 13 00:59:32.319: ISAKMP:(1023):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Jul 13 00:59:32.319: ISAKMP (1023): ID payload
next-payload : 8
type : 1
address : 1.1.1.2
protocol : 17
port : 500
length : 12
Jul 13 00:59:32.319: ISAKMP:(1023):Total payload length: 12
Jul 13 00:59:32.319: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Jul 13 00:59:32.319: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.319: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.319: ISAKMP:(1023):Old State = IKE_I_MM4 New State = IKE_I_MM5
Jul 13 00:59:32.323: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Jul 13 00:59:32.323: ISAKMP:(1023): processing ID payload. message ID = 0
Jul 13 00:59:32.323: ISAKMP (1023): ID payload
next-payload : 8
type : 1
address : 1.1.1.1
protocol : 17
port : 0
length : 12
Jul 13 00:59:32.323: ISAKMP:(0):: peer matches *none* of the profiles
Jul 13 00:59:32.323: ISAKMP:(1023): processing HASH payload. message ID = 0
Jul 13 00:59:32.323: ISAKMP:received payload type 17
Jul 13 00:59:32.323: ISAKMP:(1023): processing vendor id payload
Jul 13 00:59:32.323: ISAKMP:(1023): vendor ID is DPD
Jul 13 00:59:32.323: ISAKMP:(1023):SA authentication status:
authenticated
Jul 13 00:59:32.323: ISAKMP:(1023):SA has been authenticated with 1.1.1.1
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM5 New State = IKE_I_MM6
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM6 New State = IKE_I_MM6
Jul 13 00:59:32.323: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 13 00:59:32.323: ISAKMP:(1023):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
Jul 13 00:59:32.323: ISAKMP:(1023):beginning Quick Mode exchange, M-ID of 402374238
Jul 13 00:59:32.343: ISAKMP:(1023):QM Initiator gets spi
Jul 13 00:59:32.343: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.343: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.343: ISAKMP:(1023):Node 402374238, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
Jul 13 00:59:32.343: ISAKMP:(1023):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
Jul 13 00:59:32.343: ISAKMP:(1023):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jul 13 00:59:32.343: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:32.347: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:32.347: ISAKMP:(1023): processing HASH payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023): processing SA payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023):Checking IPSec proposal 1
Jul 13 00:59:32.347: ISAKMP: transform 1, ESP_AES
Jul 13 00:59:32.347: ISAKMP: attributes in transform:
Jul 13 00:59:32.347: ISAKMP: SA life type in seconds
Jul 13 00:59:32.347: ISAKMP: SA life duration (basic) of 3600
Jul 13 00:59:32.347: ISAKMP: SA life type in kilobytes
Jul 13 00:59:32.347: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
Jul 13 00:59:32.347: ISAKMP: encaps is 1 (Tunnel)
Jul 13 00:59:32.347: ISAKMP: authenticator is HMAC-SHA
Jul 13 00:59:32.347: ISAKMP: group is 2
Jul 13 00:59:32.347: ISAKMP: key length is 128
Jul 13 00:59:32.347: ISAKMP:(1023):atts are acceptable.
Jul 13 00:59:32.347: IPSEC(validate_proposal_request): proposal part #1
Jul 13 00:59:32.347: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 1.1.1.2:0, remote= 1.1.1.1:0,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Jul 13 00:59:32.347: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
Jul 13 00:59:32.347: ISAKMP:(1023): processing NONCE payload. message ID = 402374238
Jul 13 00:59:32.347: ISAKMP:(1023): processing KE payload. message ID = 402374238
Jul 13 00:59:32.371: ISAKMP:(1023): processing ID payload. message ID = 402374238
Jul 13 00:59:32.371: ISAKMP:(1023): processing ID payload. message ID = 402374238
Jul 13 00:59:32.375: ISAKMP:(1023): Creating IPSec SAs
Jul 13 00:59:32.375: inbound SA from 1.1.1.1 to 1.1.1.2 (f/i) 0/ 0
(proxy 0.0.0.0 to 0.0.0.0)
Jul 13 00:59:32.375: has spi 0xDF8AAC79 and conn_id 0
Jul 13 00:59:32.375: lifetime of 3600 seconds
Jul 13 00:59:32.375: lifetime of 4608000 kilobytes
Jul 13 00:59:32.375: outbound SA from 1.1.1.2 to 1.1.1.1 (f/i) 0/0
(proxy 0.0.0.0 to 0.0.0.0)
Jul 13 00:59:32.375: has spi 0x9169931A and conn_id 0
Jul 13 00:59:32.375: lifetime of 3600 seconds
Jul 13 00:59:32.375: lifetime of 4608000 kilobytes
Jul 13 00:59:32.375: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:32.375: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:32.375: ISAKMP:(1023):deleting node 402374238 error FALSE reason "No Error"
Jul 13 00:59:32.375: ISAKMP:(1023):Node 402374238, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
Jul 13 00:59:32.375: ISAKMP:(1023):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
Jul 13 00:59:32.375: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jul 13 00:59:32.375: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
Jul 13 00:59:32.375: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 1.1.1.1
Jul 13 00:59:32.375: IPSEC(policy_db_add_ident): src 0.0.0.0, dest 0.0.0.0, dest_port 0
Jul 13 00:59:32.375: IPSEC(create_sa): sa created,
(sa) sa_dest= 1.1.1.2, sa_proto= 50,
sa_spi= 0xDF8AAC79(3750407289),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2051
sa_lifetime(k/sec)= (4577962/3600)
Jul 13 00:59:32.375: IPSEC(create_sa): sa created,
(sa) sa_dest= 1.1.1.1, sa_proto= 50,
sa_spi= 0x9169931A(2439615258),
sa_trans= esp-aes esp-sha-hmac , sa_conn_id= 2052
sa_lifetime(k/sec)= (4577962/3600)
Jul 13 00:59:32.375: IPSEC(update_current_outbound_sa): get enable SA peer 1.1.1.1 current outbound sa to SPI 9169931A
Jul 13 00:59:32.375: IPSEC(update_current_outbound_sa): updated peer 1.1.1.1 current outbound sa to SPI 9169931A
Jul 13 00:59:32.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
Jul 13 00:59:32.379: EvD: charge penalty 500, new accum. penalty 1000, flap count 11
Jul 13 00:59:35.923: BGP: Regular scanner timer event
Jul 13 00:59:35.923: BGP: Performing BGP general scanning
Jul 13 00:59:35.923: BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:59:35.923: BGP(0): Future scanner version: 1044, current scanner version: 1043
Jul 13 00:59:35.923: BGP: tbl IPv4 Multicast:base Performing BGP Nexthop scanning for general scan
Jul 13 00:59:35.923: BGP(6): Future scanner version: 1044, current scanner version: 1043
Jul 13 00:59:40.299: BGP: nopeerup-delay post-boot, set to default, 60s
Jul 13 00:59:40.303: %BGP-5-ADJCHANGE: neighbor 169.254.13.190 Up // IKE PHASE 1 AND 2 MUST BE COMPLETED FIRST BEFORE BGP NEIGHBOR FORMED
Jul 13 00:59:40.303: EvD: charge penalty 500, new accum. penalty 1000, flap count 12
Jul 13 00:59:42.071: ISAKMP:(1022):purging node 463853335
Jul 13 00:59:52.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 00:59:52.071: ISAKMP: set new node 633146297 to QM_IDLE
Jul 13 00:59:52.071: ISAKMP:(1023): processing HASH payload. message ID = 633146297
Jul 13 00:59:52.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 633146297, sa = 0x3139F86C
Jul 13 00:59:52.071: ISAKMP:(1023):deleting node 633146297 error FALSE reason "Informational (in) state 1"
Jul 13 00:59:52.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 00:59:52.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 00:59:52.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF07
Jul 13 00:59:52.071: ISAKMP: set new node -1649662762 to QM_IDLE
Jul 13 00:59:52.071: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 2645304534
Jul 13 00:59:52.075: ISAKMP:(1023): seq. no 0x2EF1DF07
Jul 13 00:59:52.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 00:59:52.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 00:59:52.075: ISAKMP:(1023):purging node -1649662762
Jul 13 00:59:52.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 00:59:52.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:02.071: ISAKMP:(1022):purging node -864962099
Jul 13 01:00:02.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 01:00:02.071: ISAKMP: set new node -2000133018 to QM_IDLE
Jul 13 01:00:02.071: ISAKMP:(1023): processing HASH payload. message ID = 2294834278
Jul 13 01:00:02.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 2294834278, sa = 0x3139F86C
Jul 13 01:00:02.071: ISAKMP:(1023):deleting node -2000133018 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:02.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:02.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:02.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF08
Jul 13 01:00:02.071: ISAKMP: set new node -2014226683 to QM_IDLE
Jul 13 01:00:02.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 2280740613
Jul 13 01:00:02.075: ISAKMP:(1023): seq. no 0x2EF1DF08
Jul 13 01:00:02.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 01:00:02.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:02.075: ISAKMP:(1023):purging node -2014226683
Jul 13 01:00:02.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:02.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:02.827: BGP: aggregate timer expired
Jul 13 01:00:11.019: BGP: aggregate timer expired
Jul 13 01:00:12.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 01:00:12.071: ISAKMP: set new node 194314540 to QM_IDLE
Jul 13 01:00:12.071: ISAKMP:(1023): processing HASH payload. message ID = 194314540
Jul 13 01:00:12.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 194314540, sa = 0x3139F86C
Jul 13 01:00:12.071: ISAKMP:(1023):deleting node 194314540 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:12.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:12.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:12.075: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF09
Jul 13 01:00:12.075: ISAKMP: set new node 46966413 to QM_IDLE
Jul 13 01:00:12.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 46966413
Jul 13 01:00:12.075: ISAKMP:(1023): seq. no 0x2EF1DF09
Jul 13 01:00:12.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 01:00:12.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:12.075: ISAKMP:(1023):purging node 46966413
Jul 13 01:00:12.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:12.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:22.071: ISAKMP:(1022):purging node 365220963
Jul 13 01:00:22.071: ISAKMP (1023): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
Jul 13 01:00:22.071: ISAKMP: set new node 1310864145 to QM_IDLE
Jul 13 01:00:22.071: ISAKMP:(1023): processing HASH payload. message ID = 1310864145
Jul 13 01:00:22.071: ISAKMP:(1023): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = 1310864145, sa = 0x3139F86C
Jul 13 01:00:22.071: ISAKMP:(1023):deleting node 131l0864145 error FALSE reason "Informational (in) state 1"
Jul 13 01:00:22.071: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 13 01:00:22.071: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:22.071: ISAKMP:(1023):DPD/R_U_THERE received from peer 1.1.1.1, sequence 0x2EF1DF0A
Jul 13 01:00:22.071: ISAKMP: set new node -793370298 to QM_IDLE
Jul 13 01:00:22.075: ISAKMP:(1023):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 822873792, message ID = 3501596998
Jul 13 01:00:22.075: ISAKMP:(1023): seq. no 0x2EF1DF0A
Jul 13 01:00:22.075: ISAKMP:(1023): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
Jul 13 01:00:22.075: ISAKMP:(1023):Sending an IKE IPv4 Packet.
Jul 13 01:00:22.075: ISAKMP:(1023):purging node -793370298
Jul 13 01:00:22.075: ISAKMP:(1023):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
Jul 13 01:00:22.075: ISAKMP:(1023):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
Jul 13 01:00:22.283: ISAKMP:(1022):purging node 2021757529
Jul 13 01:00:22.283: ISAKMP:(1022):purging node -1272907882
Jul 13 01:00:22.375: ISAKMP:(1023):purging node 402374238
No comments:
Post a Comment