router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# *Oct 29 22:10:09.422: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x4509BCB4(1158266036), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:10:09.422: ISAKMP: received ke message (1/1) *Oct 29 22:10:09.422: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:10:09.422: ISAKMP: Created a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:10:09.422: ISAKMP: New peer created peer = 0x652FCBF4 peer_handle = 0x8000016C *Oct 29 22:10:09.422: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:10:09.422: ISAKMP: local port 500, remote port 500 *Oct 29 22:10:09.422: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:10:09.422: insert sa successfully sa = 649E1F14 *Oct 29 22:10:09.422: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:10:09.422: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:10:09.422: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:10:09.426: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:10:09.470: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:10:09.474: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:10:09.474: ISAKMP: encryption 3DES-CBC *Oct 29 22:10:09.474: ISAKMP: hash SHA *Oct 29 22:10:09.474: ISAKMP: default group 2 *Oct 29 22:10:09.474: ISAKMP: auth pre-share *Oct 29 22:10:09.474: ISAKMP: life type in seconds *Oct 29 22:10:09.474: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:10:09.474: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:10:09.530: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE router1# *Oct 29 22:10:09.530: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:10:09.530: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:10:09.530: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:10:09.530: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:10:09.590: ISAKMP (0:134217729): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:10:09.590: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:10:09.590: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:10:09.590: ISAKMP:(0:1:SW:1): processing KE payload. message ID = 0 *Oct 29 22:10:09.654: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:10:09.654: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:10:09.654: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:10:09.654: ISAKMP:(0:1:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:10:09.658: ISAKMP:(0:1:SW:1):SKEYID state generated *Oct 29 22:10:09.658: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:10:09.658: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:10:09.666: ISAKMP:(0:1:SW:1):Send initial contact *Oct 29 22:10:09.666: ISAKMP:(0:1:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:10:09.666: ISAKMP (0:134217729): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:10:09.670: ISAKMP:(0:1:SW:1):Total payload length: 12 *Oct 29 22:10:09.670: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:10:09.670: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:10:09.670: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:10:09.714: ISAKMP (0:134217729): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 0 *Oct 29 22:10:09.714: ISAKMP (0:134217729): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1):: peer matches *none* of the profiles *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1):SA authentication status: authenticated *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:10:09.714: ISAKMP: Trying to insert a peer 172.22.254.1/192.168.1.4/500/, and inserted successfully 652FCBF4. *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:10:09.714: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:10:09.718: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:10:09.718: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:10:09.718: ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of 832287826 *Oct 29 22:10:09.718: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:09.718: ISAKMP:(0:1:SW:1):Node 832287826, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:10:09.718: ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:10:09.722: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:10:09.722: ISAKMP:(0:1:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:10:09.770: ISAKMP (0:134217729): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 832287826 *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1): processing SA payload. message ID = 832287826 *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1):Checking IPSec proposal 1 *Oct 29 22:10:09.774: ISAKMP: transform 1, ESP_3DES *Oct 29 22:10:09.774: ISAKMP: attributes in transform: *Oct 29 22:10:09.774: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:10:09.774: ISAKMP: SA life type in seconds *Oct 29 22:10:09.774: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:10:09.774: ISAKMP: SA life type in kilobytes *Oct 29 22:10:09.774: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:10:09.774: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1):atts are acceptable. *Oct 29 22:10:09.774: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:09.774: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 832287826 *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 832287826 *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 832287826 *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 1158266036, message ID = 832287826, sa = 649E1F14 *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1):SA authentication status: authenticated *Oct 29 22:10:09.774: ISAKMP:(0:1:SW:1): processing responder lifetime *Oct 29 22:10:09.778: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 1 for for stuff_ke *Oct 29 22:10:09.778: ISAKMP:(0:1:SW:1): Creating IPSec SAs *Oct 29 22:10:09.778: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.20) *Oct 29 22:10:09.778: has spi 0x4509BCB4 and conn_id 0 and flags 2 *Oct 29 22:10:09.778: lifetime of 3600 seconds *Oct 29 22:10:09.778: lifetime of 4608000 kilobytes *Oct 29 22:10:09.778: has client flags 0x0 *Oct 29 22:10:09.778: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.20 to 192.168.10.4) *Oct 29 22:10:09.778: has spi -728417712 and conn_id 0 and flags A *Oct 29 22:10:09.778: lifetime of 3600 seconds *Oct 29 22:10:09.778: lifetime of 4608000 kilobytes *Oct 29 22:10:09.778: has client flags 0x0 *Oct 29 22:10:09.778: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:09.778: ISAKMP:(0:1:SW:1):deleting node 832287826 error FALSE reason "No Error" *Oct 29 22:10:09.778: ISAKMP:(0:1:SW:1):Node 832287826, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:10:09.778: ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:10:09.778: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:10:09.778: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x4509BCB4(1158266036), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:09.782: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xD4953A50(3566549584), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:10:09.782: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:09.782: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:10:09.782: IPSec: Flow_switching Allocated flow for sibling 800040E7 *Oct 29 22:10:09.782: IPSEC(policy_db_add_ident): src 172.18.210.20, dest 192.168.10.4, dest_port 0 *Oct 29 22:10:09.782: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 2 for from create_transforms *Oct 29 22:10:09.782: IPSEC(create_sa): sa created router1#, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x4509BCB4(1158266036), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032 *Oct 29 22:10:09.782: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xD4953A50(3566549584), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005 *Oct 29 22:10:09.782: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 1 router1# *Oct 29 22:10:21.042: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 172.18.210.16 -> 192.168.10.4 (8/0), 1 packet *Oct 29 22:10:21.046: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xEE46A5F0(3997607408), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:10:21.046: ISAKMP: received ke message (1/1) *Oct 29 22:10:21.046: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:10:21.046: ISAKMP:(0:1:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:10:21.046: ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of -97435854 *Oct 29 22:10:21.046: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:21.046: ISAKMP:(0:1:SW:1):Node -97435854, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:10:21.046: ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:10:21.098: ISAKMP (0:134217729): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:10:21.098: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = -97435854 *Oct 29 22:10:21.098: ISAKMP:(0:1:SW:1): processing SA payload. message ID = -97435854 *Oct 29 22:10:21.098: ISAKMP:(0:1:SW:1):Checking IPSec proposal 1 *Oct 29 22:10:21.098: ISAKMP: transform 1, ESP_3DES *Oct 29 22:10:21.098: ISAKMP: attributes in transform: *Oct 29 22:10:21.098: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:10:21.098: ISAKMP: SA life type in seconds *Oct 29 22:10:21.098: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:10:21.098: ISAKMP: SA life type in kilobytes *Oct 29 22:10:21.098: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:10:21.102: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:10:21.102: ISAKMP:(0:1:SW:1):atts are acceptable. *Oct 29 22:10:21.102: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:21.102: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:21.102: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = -97435854 *Oct 29 22:10:21.102: ISAKMP:(0:1:SW:1): processing ID payload. message ID = -97435854 *Oct 29 22:10:21.102: ISAKMP:(0:1:SW:1): processing ID payload. message ID = -97435854 *Oct 29 22:10:21.102: ISAKMP:(0:1:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 3997607408, message ID = -97435854, sa = 649E1F14 *Oct 29 22:10:21.102: ISAKMP:(0:1:SW:1):SA authentication status: authenticated *Oct 29 22:10:21.102: ISAKMP:(0:1:SW:1): processing responder lifetime *Oct 29 22:10:21.102: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 2 for for stuff_ke *Oct 29 22:10:21.106: ISAKMP:(0:1:SW:1): Creating IPSec SAs *Oct 29 22:10:21.106: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:10:21.106: has spi 0xEE46A5F0 and conn_id 0 and flags 2 *Oct 29 22:10:21.106: lifetime of 3600 seconds *Oct 29 22:10:21.106: lifetime of 4608000 kilobytes *Oct 29 22:10:21.106: has client flags 0x0 *Oct 29 22:10:21.106: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:10:21.106: has spi -1167164430 and conn_id 0 and flags A *Oct 29 22:10:21.106: lifetime of 3600 seconds *Oct 29 22:10:21.106: lifetime of 4608000 kilobytes *Oct 29 22:10:21.106: has client flags 0x0 *Oct 29 22:10:21.106: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:21.106: ISAKMP:(0:1:SW:1):deleting node -97435854 error FALSE reason "No Error" *Oct 29 22:10:21.106: ISAKMP:(0:1:SW:1):Node -97435854, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:10:21.106: ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:10:21.106: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:10:21.106: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xEE46A5F0(3997607408), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:21.106: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xBA6E7BF2(3127802866), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:10:21.106: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:21.110: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:10:21.110: IPSec: Flow_switching Allocated flow for sibling 8000413D *Oct 29 22:10:21.110: IPSEC(policy_db_add_ident): src 172.18.210.16, dest 192.168.10.4, dest_port 0 router1# router1# *Oct 29 22:10:21.110: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 3 for from create_transforms *Oct 29 22:10:21.110: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xEE46A5F0(3997607408), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021 *Oct 29 22:10:21.110: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xBA6E7BF2(3127802866), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030 *Oct 29 22:10:21.110: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 2 router1# *Oct 29 22:10:39.422: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:10:39.422: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x414049A(68420762), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:10:39.422: ISAKMP: received ke message (1/1) *Oct 29 22:10:39.422: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:10:39.422: ISAKMP:(0:1:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:10:39.422: ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of -2123041432 *Oct 29 22:10:39.422: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:39.426: ISAKMP:(0:1:SW:1):Node -2123041432, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:10:39.426: ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:10:39.482: ISAKMP (0:134217729): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:10:39.482: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = -2123041432 *Oct 29 22:10:39.482: ISAKMP:(0:1:SW:1): processing SA payload. message ID = -2123041432 *Oct 29 22:10:39.482: ISAKMP:(0:1:SW:1):Checking IPSec proposal 1 *Oct 29 22:10:39.482: ISAKMP: transform 1, ESP_3DES *Oct 29 22:10:39.482: ISAKMP: attributes in transform: *Oct 29 22:10:39.482: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:10:39.482: ISAKMP: SA life type in seconds *Oct 29 22:10:39.482: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:10:39.482: ISAKMP: SA life type in kilobytes *Oct 29 22:10:39.482: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:10:39.482: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:10:39.482: ISAKMP:(0:1:SW:1):atts are acceptable. *Oct 29 22:10:39.482: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:39.482: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = -2123041432 *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1): processing ID payload. message ID = -2123041432 *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1): processing ID payload. message ID = -2123041432 *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 68420762, message ID = -2123041432, sa = 649E1F14 *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1):SA authentication status: authenticated *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1): processing responder lifetime *Oct 29 22:10:39.486: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 3 for for stuff_ke *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1): Creating IPSec SAs *Oct 29 22:10:39.486: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.20) *Oct 29 22:10:39.486: has spi 0x414049A and conn_id 0 and flags 2 *Oct 29 22:10:39.486: lifetime of 3600 seconds *Oct 29 22:10:39.486: lifetime of 4608000 kilobytes *Oct 29 22:10:39.486: has client flags 0x0 *Oct 29 22:10:39.486: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.20 to 192.168.10.4) *Oct 29 22:10:39.486: has spi 815134367 and conn_id 0 and flags A *Oct 29 22:10:39.486: lifetime of 3600 seconds *Oct 29 22:10:39.486: lifetime of 4608000 kilobytes *Oct 29 22:10:39.486: has client flags 0x0 *Oct 29 22:10:39.486: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:39.490: ISAKMP:(0:1:SW:1):deleting node -2123041432 error FALSE reason "No Error" *Oct 29 22:10:39.490: ISAKMP:(0:1:SW:1):Node -2123041432, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:10:39.490: ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:10:39.490: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:10:39.490: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x414049A(68420762), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:39.490: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x3095F69F(815134367), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:10:39.490: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:39.490: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:10:39.490: IPSec: Flow_switching Allocated flow for sibling 8000412D *Oct 29 22:10:39.490: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 4 for from create_transforms *Oct 29 22:10:39.490: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x414049A(68420762), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3006 *Oct 29 22:10:39.490: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x3095F69F(815134367), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3037 *Oct 29 22:10:39.490: IPSEC(add_sa): have new SAs -- expire existing in 30 sec. router1#, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x4509BCB4(1158266036), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:10:39.494: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 3 router1# *Oct 29 22:10:51.042: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:10:51.042: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x653785C6(1698137542), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:10:51.042: ISAKMP: received ke message (1/1) *Oct 29 22:10:51.042: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:10:51.042: ISAKMP:(0:1:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:10:51.042: ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of -193186592 *Oct 29 22:10:51.046: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:51.046: ISAKMP:(0:1:SW:1):Node -193186592, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:10:51.046: ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:10:51.094: ISAKMP (0:134217729): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = -193186592 *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1): processing SA payload. message ID = -193186592 *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1):Checking IPSec proposal 1 *Oct 29 22:10:51.098: ISAKMP: transform 1, ESP_3DES *Oct 29 22:10:51.098: ISAKMP: attributes in transform: *Oct 29 22:10:51.098: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:10:51.098: ISAKMP: SA life type in seconds *Oct 29 22:10:51.098: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:10:51.098: ISAKMP: SA life type in kilobytes *Oct 29 22:10:51.098: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:10:51.098: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1):atts are acceptable. *Oct 29 22:10:51.098: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:51.098: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = -193186592 *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1): processing ID payload. message ID = -193186592 *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1): processing ID payload. message ID = -193186592 *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 1698137542, message ID = -193186592, sa = 649E1F14 *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1):SA authentication status: authenticated *Oct 29 22:10:51.098: ISAKMP:(0:1:SW:1): processing responder lifetime *Oct 29 22:10:51.102: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 4 for for stuff_ke *Oct 29 22:10:51.102: ISAKMP:(0:1:SW:1): Creating IPSec SAs *Oct 29 22:10:51.102: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:10:51.102: has spi 0x653785C6 and conn_id 0 and flags 2 *Oct 29 22:10:51.102: lifetime of 3600 seconds *Oct 29 22:10:51.102: lifetime of 4608000 kilobytes *Oct 29 22:10:51.102: has client flags 0x0 *Oct 29 22:10:51.102: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:10:51.102: has spi -1602292370 and conn_id 0 and flags A *Oct 29 22:10:51.102: lifetime of 3600 seconds *Oct 29 22:10:51.102: lifetime of 4608000 kilobytes *Oct 29 22:10:51.102: has client flags 0x0 *Oct 29 22:10:51.102: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:10:51.102: ISAKMP:(0:1:SW:1):deleting node -193186592 error FALSE reason "No Error" *Oct 29 22:10:51.102: ISAKMP:(0:1:SW:1):Node -193186592, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:10:51.102: ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:10:51.102: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:10:51.102: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x653785C6(1698137542), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:10:51.106: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xA07EF56E(2692674926), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:10:51.106: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:10:51.106: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:10:51.106: IPSec: Flow_switching Allocated flow for sibling 80004142 *Oct 29 22:10:51.106: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for from create_transforms *Oct 29 22:10:51.106: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x653785C6(1698137542), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3029 *Oct 29 22:10:51.106: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xA07EF56E(2692674926), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3025 *Oct 29 22:10:51.106: IPSEC(add_sa): have new SAs -- expire existing in 30 sec. router1#, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xEE46A5F0(3997607408), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:10:51.106: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 4 router1# *Oct 29 22:10:59.778: ISAKMP:(0:1:SW:1):purging node 832287826 router1# *Oct 29 22:11:00.706: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 172.18.210.20 -> 192.168.10.4 (8/0), 26 packets router1#sh *Oct 29 22:11:04.938: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 172.18.210.16 -> 192.168.1.7 (8/0), 1 packet *Oct 29 22:11:04.938: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x16AC63A8(380396456), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:11:04.938: ISAKMP: received ke message (1/1) *Oct 29 22:11:04.938: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:11:04.938: ISAKMP:(0:1:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:11:04.938: ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of 843970500 *Oct 29 22:11:04.942: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:04.942: ISAKMP:(0:1:SW:1):Node 843970500, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:11:04.942: ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:11:04.994: ISAKMP (0:134217729): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:11:04.994: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 843970500 *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1): processing SA payload. message ID = 843970500 *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1):Checking IPSec proposal 1 *Oct 29 22:11:04.998: ISAKMP: transform 1, ESP_3DES *Oct 29 22:11:04.998: ISAKMP: attributes in transform: *Oct 29 22:11:04.998: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:11:04.998: ISAKMP: SA life type in seconds *Oct 29 22:11:04.998: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:11:04.998: ISAKMP: SA life type in kilobytes *Oct 29 22:11:04.998: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:11:04.998: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1):atts are acceptable. *Oct 29 22:11:04.998: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:04.998: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 843970500 *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 843970500 *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 843970500 *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 380396456, message ID = 843970500, sa = 649E1F14 *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1):SA authentication status: authenticated *Oct 29 22:11:04.998: ISAKMP:(0:1:SW:1): processing responder lifetime *Oct 29 22:11:05.002: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for for stuff_ke *Oct 29 22:11:05.002: ISAKMP:(0:1:SW:1): Creating IPSec SAs *Oct 29 22:11:05.002: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.1.7 to 172.18.210.16) *Oct 29 22:11:05.002: has spi 0x16AC63A8 and conn_id 0 and flags 2 *Oct 29 22:11:05.002: lifetime of 3600 seconds *Oct 29 22:11:05.002: lifetime of 4608000 kilobytes *Oct 29 22:11:05.002: has client flags 0x0 *Oct 29 22:11:05.002: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.1.7) *Oct 29 22:11:05.002: has spi 2018460117 and conn_id 0 and flags A *Oct 29 22:11:05.002: lifetime of 3600 seconds *Oct 29 22:11:05.002: lifetime of 4608000 kilobytes *Oct 29 22:11:05.002: has client flags 0x0 *Oct 29 22:11:05.002: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:05.002: ISAKMP:(0:1:SW:1):deleting node 843970500 error FALSE reason "No Error" *Oct 29 22:11:05.002: ISAKMP:(0:1:SW:1):Node 843970500, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:11:05.002: ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:11:05.002: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:11:05.002: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x16AC63A8(380396456), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:05.006: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x784F41D5(2018460117), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:11:05.006: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:05.006: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:11:05.006: IPSec: Flow_switching Allocated flow for sibling 80004171 *Oct 29 22:11:05.006: IPSEC(policy_db_add_ident): src 172.18.210.16, dest 192.168.1.7, dest_port 0 router1#sh cry *Oct 29 22:11:05.006: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for from create_transforms *Oct 29 22:11:05.006: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x16AC63A8(380396456), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007 *Oct 29 22:11:05.006: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x784F41D5(2018460117), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041 *Oct 29 22:11:05.006: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 5 router1#sh crypto isa sa *Oct 29 22:11:09.422: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:11:09.422: ISAKMP: received ke message (3/1) *Oct 29 22:11:09.422: ISAKMP:(0:1:SW:1):peer does not do paranoid keepalives. *Oct 29 22:11:09.422: ISAKMP:(0:1:SW:1):deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:11:09.422: ISAKMP: set new node 1702862151 to QM_IDLE *Oct 29 22:11:09.422: ISAKMP:(0:1:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:09.422: ISAKMP:(0:1:SW:1):purging node 1702862151 *Oct 29 22:11:09.422: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:11:09.422: ISAKMP:(0:1:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:11:09.426: ISAKMP:(0:1:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:11:09.426: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:11:09.426: ISAKMP:(0:1:SW:1):deleting node -97435854 error FALSE reason "IKE deleted" *Oct 29 22:11:09.426: ISAKMP:(0:1:SW:1):deleting node -2123041432 error FALSE reason "IKE deleted" *Oct 29 22:11:09.426: ISAKMP:(0:1:SW:1):deleting node -193186592 error FALSE reason "IKE deleted" *Oct 29 22:11:09.426: ISAKMP:(0:1:SW:1):deleting node 843970500 error FALSE reason "IKE deleted" *Oct 29 22:11:09.426: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:09.426: ISAKMP:(0:1:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:11:09.490: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x4509BCB4(1158266036), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:09.490: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xD4953A50(3566549584), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:09.490: IPSec: Flow_switching Deallocated flow for sibling 800040E7 *Oct 29 22:11:09.490: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 4 *Oct 29 22:11:09.490: ISAKMP: received ke message (3/1) *Oct 29 22:11:09.490: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0x4509BCB4 *Oct 29 22:11:09.570: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x77FAA665(2012915301), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:11:09.570: ISAKMP: received ke message (1/1) *Oct 29 22:11:09.570: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:11:09.570: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:11:09.570: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:11:09.570: ISAKMP: local port 500, remote port 500 *Oct 29 22:11:09.570: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:11:09.570: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 648A2840 *Oct 29 22:11:09.570: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:11:09.574: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:11:09.614: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:11:09.618: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:11:09.618: ISAKMP: encryption 3DES-CBC *Oct 29 22:11:09.618: ISAKMP: hash SHA *Oct 29 22:11:09.618: ISAKMP: default group 2 *Oct 29 22:11:09.618: ISAKMP: auth pre-share *Oct 29 22:11:09.618: ISAKMP: life type in seconds *Oct 29 22:11:09.618: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:11:09.618: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:11:09.670: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:11:09.670: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:11:09.670: ISAKMP:(0:2:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:11:09.670: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:11:09.670: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:11:09.726: ISAKMP (0:134217730): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:11:09.726: ISAKMP:(0:2:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:09.726: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:11:09.726: ISAKMP:(0:2:SW:1): processing KE payload. message ID = 0 *Oct 29 22:11:09.790: ISAKMP:(0:2:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:11:09.790: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:11:09.790: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:11:09.790: ISAKMP:(0:2:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:11:09.794: ISAKMP:(0:2:SW:1):SKEYID state generated *Oct 29 22:11:09.794: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:11:09.794: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:11:09.794: ISAKMP:(0:2:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:11:09.794: ISAKMP (0:134217730): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:11:09.794: ISAKMP:(0:2:SW:1):Total payload length: 12 *Oct 29 22:11:09.798: ISAKMP:(0:2:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:11:09.798: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:11:09.798: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:11:09.834: ISAKMP (0:134217730): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1): processing ID payload. message ID = 0 *Oct 29 22:11:09.834: ISAKMP (0:134217730): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1):: peer matches *none* of the profiles *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1):SA authentication status: authenticated *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:11:09.834: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1):beginning Quick Mode exchange, M-ID of 222270993 *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1):Node 222270993, Input = IKE_MESG_INTERNAL, IKE_INIT_QM dst src state conn-id slot status 192.168.1.4 172.22.254.1 QM_IDLE 2 0 ACTIVE 192.168.1.4 172.22.254.1 MM_NO_STATE 1 0 ACTIVE (deleted) router1# *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:11:09.838: ISAKMP:(0:2:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:11:09.898: ISAKMP (0:134217730): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:11:09.898: ISAKMP:(0:2:SW:1): processing HASH payload. message ID = 222270993 *Oct 29 22:11:09.898: ISAKMP:(0:2:SW:1): processing SA payload. message ID = 222270993 *Oct 29 22:11:09.898: ISAKMP:(0:2:SW:1):Checking IPSec proposal 1 *Oct 29 22:11:09.898: ISAKMP: transform 1, ESP_3DES *Oct 29 22:11:09.898: ISAKMP: attributes in transform: *Oct 29 22:11:09.898: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:11:09.898: ISAKMP: SA life type in seconds *Oct 29 22:11:09.898: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:11:09.898: ISAKMP: SA life type in kilobytes *Oct 29 22:11:09.898: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:11:09.898: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:11:09.898: ISAKMP:(0:2:SW:1):atts are acceptable. *Oct 29 22:11:09.898: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:09.898: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1): processing NONCE payload. message ID = 222270993 *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1): processing ID payload. message ID = 222270993 *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1): processing ID payload. message ID = 222270993 *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 2012915301, message ID = 222270993, sa = 648A2840 *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1):SA authentication status: authenticated *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1): processing responder lifetime *Oct 29 22:11:09.902: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for for stuff_ke *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1): Creating IPSec SAs *Oct 29 22:11:09.902: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.20) *Oct 29 22:11:09.902: has spi 0x77FAA665 and conn_id 0 and flags 2 *Oct 29 22:11:09.902: lifetime of 3600 seconds *Oct 29 22:11:09.902: lifetime of 4608000 kilobytes *Oct 29 22:11:09.902: has client flags 0x0 *Oct 29 22:11:09.902: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.20 to 192.168.10.4) *Oct 29 22:11:09.902: has spi -103829222 and conn_id 0 and flags A *Oct 29 22:11:09.902: lifetime of 3600 seconds *Oct 29 22:11:09.902: lifetime of 4608000 kilobytes *Oct 29 22:11:09.902: has client flags 0x0 *Oct 29 22:11:09.902: ISAKMP:(0:2:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:09.906: ISAKMP:(0:2:SW:1):deleting node 222270993 error FALSE reason "No Error" *Oct 29 22:11:09.906: ISAKMP:(0:2:SW:1):Node 222270993, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:11:09.906: ISAKMP:(0:2:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:11:09.906: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:11:09.906: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x77FAA665(2012915301), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:09.906: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xF9CFB11A(4191138074), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:11:09.906: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:09.906: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:11:09.906: IPSec: Flow_switching Allocated flow for sibling 80004149 *Oct 29 22:11:09.906: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for from create_transforms *Oct 29 22:11:09.906: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x77FAA665(2012915301), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005 *Oct 29 22:11:09.906: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xF9CFB11A(4191138074), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032 *Oct 29 22:11:09.906: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x414049A(68420762), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3006, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:09.906: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 5 router1#sh crypto isa sa dst src state conn-id slot status 192.168.1.4 172.22.254.1 QM_IDLE 2 0 ACTIVE 192.168.1.4 172.22.254.1 MM_NO_STATE 1 0 ACTIVE (deleted) router1# *Oct 29 22:11:21.042: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:11:21.042: ISAKMP: received ke message (3/1) *Oct 29 22:11:21.042: ISAKMP:(0:2:SW:1):peer does not do paranoid keepalives. *Oct 29 22:11:21.042: ISAKMP:(0:2:SW:1):deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:11:21.042: ISAKMP:(0:1:SW:1):peer does not do paranoid keepalives. *Oct 29 22:11:21.042: ISAKMP: set new node -1495480217 to QM_IDLE *Oct 29 22:11:21.042: ISAKMP:(0:2:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:21.042: ISAKMP:(0:2:SW:1):purging node -1495480217 *Oct 29 22:11:21.046: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:11:21.046: ISAKMP:(0:2:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:11:21.046: ISAKMP:(0:2:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:11:21.046: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:11:21.046: ISAKMP:(0:2:SW:1):deleting node 222270993 error FALSE reason "IKE deleted" *Oct 29 22:11:21.046: ISAKMP:(0:2:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:21.046: ISAKMP:(0:2:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:11:21.106: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xEE46A5F0(3997607408), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:21.106: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xBA6E7BF2(3127802866), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:21.106: IPSec: Flow_switching Deallocated flow for sibling 8000413D *Oct 29 22:11:21.106: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 4 *Oct 29 22:11:21.106: ISAKMP: received ke message (3/1) router1# *Oct 29 22:11:21.106: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0xEE46A5F0 *Oct 29 22:11:21.974: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xB36BEE44(3010195012), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:11:21.974: ISAKMP: received ke message (1/1) *Oct 29 22:11:21.974: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:11:21.974: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:11:21.974: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:11:21.974: ISAKMP: local port 500, remote port 500 *Oct 29 22:11:21.978: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:11:21.978: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 6600DF20 *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:11:21.978: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:11:22.022: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:11:22.022: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:11:22.022: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:11:22.022: ISAKMP: encryption 3DES-CBC *Oct 29 22:11:22.026: ISAKMP: hash SHA *Oct 29 22:11:22.026: ISAKMP: default group 2 *Oct 29 22:11:22.026: ISAKMP: auth pre-share *Oct 29 22:11:22.026: ISAKMP: life type in seconds *Oct 29 22:11:22.026: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:11:22.026: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:11:22.078: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:11:22.078: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:11:22.078: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:11:22.078: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:11:22.078: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:11:22.134: ISAKMP (0:134217731): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:11:22.138: ISAKMP:(0:3:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:22.138: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:11:22.138: ISAKMP:(0:3:SW:1): processing KE payload. message ID = 0 *Oct 29 22:11:22.202: ISAKMP:(0:3:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:11:22.202: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:11:22.202: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:11:22.202: ISAKMP:(0:3:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:11:22.202: ISAKMP:(0:3:SW:1):SKEYID state generated *Oct 29 22:11:22.202: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:11:22.202: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:11:22.202: ISAKMP:(0:3:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:11:22.202: ISAKMP (0:134217731): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:11:22.206: ISAKMP:(0:3:SW:1):Total payload length: 12 *Oct 29 22:11:22.206: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:11:22.206: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:11:22.206: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:11:22.246: ISAKMP (0:134217731): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:11:22.246: ISAKMP:(0:3:SW:1): processing ID payload. message ID = 0 *Oct 29 22:11:22.246: ISAKMP (0:134217731): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:11:22.246: ISAKMP:(0:3:SW:1):: peer matches *none* of the profiles *Oct 29 22:11:22.246: ISAKMP:(0:3:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:11:22.246: ISAKMP:(0:3:SW:1):SA authentication status: authenticated *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:11:22.250: ISAKMP:(0:3:SW:1):beginning Quick Mode exchange, M-ID of -2002087318 *Oct 29 22:11:22.254: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:22.254: ISAKMP:(0:3:SW:1):Node -2002087318, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:11:22.254: ISAKMP:(0:3:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:11:22.254: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:11:22.254: ISAKMP:(0:3:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:11:22.306: ISAKMP (0:134217731): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:11:22.306: ISAKMP:(0:3:SW:1): processing HASH payload. message ID = -2002087318 *Oct 29 22:11:22.306: ISAKMP:(0:3:SW:1): processing SA payload. message ID = -2002087318 *Oct 29 22:11:22.306: ISAKMP:(0:3:SW:1):Checking IPSec proposal 1 *Oct 29 22:11:22.306: ISAKMP: transform 1, ESP_3DES *Oct 29 22:11:22.306: ISAKMP: attributes in transform: *Oct 29 22:11:22.306: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:11:22.306: ISAKMP: SA life type in seconds *Oct 29 22:11:22.306: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:11:22.306: ISAKMP: SA life type in kilobytes *Oct 29 22:11:22.306: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:11:22.306: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:11:22.306: ISAKMP:(0:3:SW:1):atts are acceptable. *Oct 29 22:11:22.306: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:22.310: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:22.310: ISAKMP:(0:3:SW:1): processing NONCE payload. message ID = -2002087318 *Oct 29 22:11:22.310: ISAKMP:(0:3:SW:1): processing ID payload. message ID = -2002087318 *Oct 29 22:11:22.310: ISAKMP:(0:3:SW:1): processing ID payload. message ID = -2002087318 *Oct 29 22:11:22.310: ISAKMP:(0:3:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 3010195012, message ID = -2002087318, sa = 6600DF20 *Oct 29 22:11:22.310: ISAKMP:(0:3:SW:1):SA authentication status: authenticated *Oct 29 22:11:22.310: ISAKMP:(0:3:SW:1): processing responder lifetime *Oct 29 22:11:22.310: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for for stuff_ke *Oct 29 22:11:22.310: ISAKMP:(0:3:SW:1): Creating IPSec SAs *Oct 29 22:11:22.310: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:11:22.310: has spi 0xB36BEE44 and conn_id 0 and flags 2 *Oct 29 22:11:22.310: lifetime of 3600 seconds *Oct 29 22:11:22.310: lifetime of 4608000 kilobytes *Oct 29 22:11:22.310: has client flags 0x0 *Oct 29 22:11:22.310: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:11:22.310: has spi -1651770150 and conn_id 0 and flags A *Oct 29 22:11:22.310: lifetime of 3600 seconds *Oct 29 22:11:22.310: lifetime of 4608000 kilobytes *Oct 29 22:11:22.310: has client flags 0x0 *Oct 29 22:11:22.314: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:22.314: ISAKMP:(0:3:SW:1):deleting node -2002087318 error FALSE reason "No Error" *Oct 29 22:11:22.314: ISAKMP:(0:3:SW:1):Node -2002087318, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:11:22.314: ISAKMP:(0:3:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:11:22.314: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:11:22.314: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xB36BEE44(3010195012), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:22.314: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x9D8BFCDA(2643197146), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:11:22.314: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:22.314: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:11:22.314: IPSec: Flow_switching Allocated flow for sibling 8000413E *Oct 29 22:11:22.314: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for from create_transforms *Oct 29 22:11:22.314: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xB36BEE44(3010195012), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030 *Oct 29 22:11:22.314: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x9D8BFCDA(2643197146), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021 *Oct 29 22:11:22.314: IPSEC(add_sa): have new SAs -- expire existing in 30 sec. router1#, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x653785C6(1698137542), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3029, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:22.318: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 5 router1#sh crypto isa sa dst src state conn-id slot status 192.168.1.4 172.22.254.1 QM_IDLE 3 0 ACTIVE 192.168.1.4 172.22.254.1 MM_NO_STATE 2 0 ACTIVE (deleted) 192.168.1.4 172.22.254.1 MM_NO_STATE 1 0 ACTIVE (deleted) router1# *Oct 29 22:11:34.938: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1) *Oct 29 22:11:34.938: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xC8203E7F(3357556351), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:11:34.938: ISAKMP: received ke message (1/1) *Oct 29 22:11:34.938: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:11:34.938: ISAKMP:(0:3:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:11:34.938: ISAKMP:(0:3:SW:1):beginning Quick Mode exchange, M-ID of 858072580 *Oct 29 22:11:34.938: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:34.942: ISAKMP:(0:3:SW:1):Node 858072580, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:11:34.942: ISAKMP:(0:3:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:11:34.994: ISAKMP (0:134217731): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:11:34.994: ISAKMP:(0:3:SW:1): processing HASH payload. message ID = 858072580 *Oct 29 22:11:34.994: ISAKMP:(0:3:SW:1): processing SA payload. message ID = 858072580 *Oct 29 22:11:34.994: ISAKMP:(0:3:SW:1):Checking IPSec proposal 1 *Oct 29 22:11:34.994: ISAKMP: transform 1, ESP_3DES *Oct 29 22:11:34.994: ISAKMP: attributes in transform: *Oct 29 22:11:34.994: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:11:34.994: ISAKMP: SA life type in seconds *Oct 29 22:11:34.994: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:11:34.994: ISAKMP: SA life type in kilobytes *Oct 29 22:11:34.994: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:11:34.994: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:11:34.994: ISAKMP:(0:3:SW:1):atts are acceptable. *Oct 29 22:11:34.994: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:34.994: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1): processing NONCE payload. message ID = 858072580 *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1): processing ID payload. message ID = 858072580 *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1): processing ID payload. message ID = 858072580 *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 3357556351, message ID = 858072580, sa = 6600DF20 *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1):SA authentication status: authenticated *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1): processing responder lifetime *Oct 29 22:11:34.998: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for for stuff_ke *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1): Creating IPSec SAs *Oct 29 22:11:34.998: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.1.7 to 172.18.210.16) *Oct 29 22:11:34.998: has spi 0xC8203E7F and conn_id 0 and flags 2 *Oct 29 22:11:34.998: lifetime of 3600 seconds *Oct 29 22:11:34.998: lifetime of 4608000 kilobytes *Oct 29 22:11:34.998: has client flags 0x0 *Oct 29 22:11:34.998: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.1.7) *Oct 29 22:11:34.998: has spi 49477689 and conn_id 0 and flags A *Oct 29 22:11:34.998: lifetime of 3600 seconds *Oct 29 22:11:34.998: lifetime of 4608000 kilobytes *Oct 29 22:11:34.998: has client flags 0x0 *Oct 29 22:11:34.998: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:35.002: ISAKMP:(0:3:SW:1):deleting node 858072580 error FALSE reason "No Error" *Oct 29 22:11:35.002: ISAKMP:(0:3:SW:1):Node 858072580, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:11:35.002: ISAKMP:(0:3:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:11:35.002: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:11:35.002: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xC8203E7F(3357556351), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:35.002: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x2F2F839(49477689), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:11:35.002: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:35.002: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:11:35.002: IPSec: Flow_switching Allocated flow for sibling 8000414E *Oct 29 22:11:35.002: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for from create_transforms *Oct 29 22:11:35.002: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xC8203E7F(3357556351), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3022 *Oct 29 22:11:35.002: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x2F2F839(49477689), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3042 *Oct 29 22:11:35.002: IPSEC(add_sa): have new SAs -- expire existing in 30 sec. router1#, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x16AC63A8(380396456), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:11:35.006: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 6 router1# *Oct 29 22:11:39.570: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:11:39.570: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xB18869AA(2978507178), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:11:39.570: ISAKMP: received ke message (1/1) *Oct 29 22:11:39.570: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:11:39.570: ISAKMP:(0:3:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:11:39.570: ISAKMP:(0:3:SW:1):beginning Quick Mode exchange, M-ID of -1415705509 *Oct 29 22:11:39.570: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:39.574: ISAKMP:(0:3:SW:1):Node -1415705509, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:11:39.574: ISAKMP:(0:3:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:11:39.622: ISAKMP (0:134217731): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1): processing HASH payload. message ID = -1415705509 *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1): processing SA payload. message ID = -1415705509 *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1):Checking IPSec proposal 1 *Oct 29 22:11:39.626: ISAKMP: transform 1, ESP_3DES *Oct 29 22:11:39.626: ISAKMP: attributes in transform: *Oct 29 22:11:39.626: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:11:39.626: ISAKMP: SA life type in seconds *Oct 29 22:11:39.626: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:11:39.626: ISAKMP: SA life type in kilobytes *Oct 29 22:11:39.626: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:11:39.626: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1):atts are acceptable. *Oct 29 22:11:39.626: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:39.626: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1): processing NONCE payload. message ID = -1415705509 *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1): processing ID payload. message ID = -1415705509 *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1): processing ID payload. message ID = -1415705509 *Oct 29 22:11:39.626: ISAKMP:(0:3:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 2978507178, message ID = -1415705509, sa = 6600DF20 *Oct 29 22:11:39.630: ISAKMP:(0:3:SW:1):SA authentication status: authenticated *Oct 29 22:11:39.630: ISAKMP:(0:3:SW:1): processing responder lifetime *Oct 29 22:11:39.630: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for for stuff_ke *Oct 29 22:11:39.630: ISAKMP:(0:3:SW:1): Creating IPSec SAs *Oct 29 22:11:39.630: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.20) *Oct 29 22:11:39.630: has spi 0xB18869AA and conn_id 0 and flags 2 *Oct 29 22:11:39.630: lifetime of 3600 seconds *Oct 29 22:11:39.630: lifetime of 4608000 kilobytes *Oct 29 22:11:39.630: has client flags 0x0 *Oct 29 22:11:39.630: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.20 to 192.168.10.4) *Oct 29 22:11:39.630: has spi -500322399 and conn_id 0 and flags A *Oct 29 22:11:39.630: lifetime of 3600 seconds *Oct 29 22:11:39.630: lifetime of 4608000 kilobytes *Oct 29 22:11:39.630: has client flags 0x0 *Oct 29 22:11:39.630: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:39.630: ISAKMP:(0:3:SW:1):deleting node -1415705509 error FALSE reason "No Error" *Oct 29 22:11:39.630: ISAKMP:(0:3:SW:1):Node -1415705509, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:11:39.634: ISAKMP:(0:3:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:11:39.634: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:11:39.634: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xB18869AA(2978507178), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:39.634: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xE22DAFA1(3794644897), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:11:39.634: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:39.634: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:11:39.634: IPSec: Flow_switching Allocated flow for sibling 80004103 *Oct 29 22:11:39.634: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 8 for from create_transforms *Oct 29 22:11:39.634: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xB18869AA(2978507178), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008 *Oct 29 22:11:39.634: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xE22DAFA1(3794644897), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3020 *Oct 29 22:11:39.634: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x77FAA665(2012915301), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:39.634: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 7 *Oct 29 22:11:39.906: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x414049A(68420762), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3006, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:39.906: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x3095F69F(815134367), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3037, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:39.906: IPSec: Flow_switching Deallocated flow for sibling 8000412D router1# *Oct 29 22:11:39.906: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 6 *Oct 29 22:11:39.906: ISAKMP: received ke message (3/1) *Oct 29 22:11:39.906: ISAKMP: set new node 577275400 to QM_IDLE *Oct 29 22:11:39.906: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:39.906: ISAKMP:(0:3:SW:1):purging node 577275400 *Oct 29 22:11:39.910: ISAKMP:(0:3:SW:1):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL *Oct 29 22:11:39.910: ISAKMP:(0:3:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE router1# *Oct 29 22:11:41.986: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 192.168.1.7 -> 172.18.210.16 (11/0), 1 packet router1# *Oct 29 22:11:41.986: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:11:46.998: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:11:51.974: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:11:51.974: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x62278E34(1646759476), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:11:51.974: ISAKMP: received ke message (1/1) *Oct 29 22:11:51.974: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:11:51.974: ISAKMP:(0:3:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:11:51.974: ISAKMP:(0:3:SW:1):beginning Quick Mode exchange, M-ID of 254672207 *Oct 29 22:11:51.974: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:51.978: ISAKMP:(0:3:SW:1):Node 254672207, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:11:51.978: ISAKMP:(0:3:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:11:52.002: IPSEC(epa_des_crypt): decrypted packet failed SA identity check *Oct 29 22:11:52.030: ISAKMP (0:134217731): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:11:52.030: ISAKMP:(0:3:SW:1): processing HASH payload. message ID = 254672207 *Oct 29 22:11:52.030: ISAKMP:(0:3:SW:1): processing SA payload. message ID = 254672207 *Oct 29 22:11:52.030: ISAKMP:(0:3:SW:1):Checking IPSec proposal 1 *Oct 29 22:11:52.030: ISAKMP: transform 1, ESP_3DES *Oct 29 22:11:52.030: ISAKMP: attributes in transform: *Oct 29 22:11:52.030: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:11:52.030: ISAKMP: SA life type in seconds *Oct 29 22:11:52.030: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:11:52.030: ISAKMP: SA life type in kilobytes *Oct 29 22:11:52.030: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:11:52.030: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:11:52.030: ISAKMP:(0:3:SW:1):atts are acceptable. *Oct 29 22:11:52.030: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:52.034: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:52.034: ISAKMP:(0:3:SW:1): processing NONCE payload. message ID = 254672207 *Oct 29 22:11:52.034: ISAKMP:(0:3:SW:1): processing ID payload. message ID = 254672207 *Oct 29 22:11:52.034: ISAKMP:(0:3:SW:1): processing ID payload. message ID = 254672207 *Oct 29 22:11:52.034: ISAKMP:(0:3:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 1646759476, message ID = 254672207, sa = 6600DF20 *Oct 29 22:11:52.034: ISAKMP:(0:3:SW:1):SA authentication status: authenticated *Oct 29 22:11:52.034: ISAKMP:(0:3:SW:1): processing responder lifetime *Oct 29 22:11:52.034: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for for stuff_ke *Oct 29 22:11:52.034: ISAKMP:(0:3:SW:1): Creating IPSec SAs *Oct 29 22:11:52.034: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:11:52.034: has spi 0x62278E34 and conn_id 0 and flags 2 *Oct 29 22:11:52.034: lifetime of 3600 seconds *Oct 29 22:11:52.034: lifetime of 4608000 kilobytes *Oct 29 22:11:52.034: has client flags 0x0 *Oct 29 22:11:52.034: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:11:52.034: has spi 1792127904 and conn_id 0 and flags A *Oct 29 22:11:52.038: lifetime of 3600 seconds *Oct 29 22:11:52.038: lifetime of 4608000 kilobytes *Oct 29 22:11:52.038: has client flags 0x0 *Oct 29 22:11:52.038: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:52.038: ISAKMP:(0:3:SW:1):deleting node 254672207 error FALSE reason "No Error" *Oct 29 22:11:52.038: ISAKMP:(0:3:SW:1):Node 254672207, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:11:52.038: ISAKMP:(0:3:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:11:52.038: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:11:52.038: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x62278E34(1646759476), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:11:52.038: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x6AD1B3A0(1792127904), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:11:52.038: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:11:52.038: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:11:52.038: IPSec: Flow_switching Allocated flow for sibling 80004154 *Oct 29 22:11:52.038: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 8 for from create_transforms *Oct 29 22:11:52.038: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x62278E34(1646759476), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3037 router1# *Oct 29 22:11:52.042: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x6AD1B3A0(1792127904), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3006 *Oct 29 22:11:52.042: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xB36BEE44(3010195012), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:52.042: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 7 *Oct 29 22:11:52.318: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x653785C6(1698137542), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3029, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:52.318: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xA07EF56E(2692674926), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3025, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:11:52.318: IPSec: Flow_switching Deallocated flow for sibling 80004142 *Oct 29 22:11:52.318: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 6 *Oct 29 22:11:52.318: ISAKMP: received ke message (3/1) *Oct 29 22:11:52.318: ISAKMP: set new node -1315769129 to QM_IDLE *Oct 29 22:11:52.318: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:11:52.318: ISAKMP:(0:3:SW:1):purging node -1315769129 router1# *Oct 29 22:11:52.318: ISAKMP:(0:3:SW:1):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL *Oct 29 22:11:52.322: ISAKMP:(0:3:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE router1# *Oct 29 22:11:57.010: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 192.168.1.7 -> 172.18.210.16 (3/3), 1 packet router1# *Oct 29 22:11:57.010: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:11:59.426: ISAKMP:(0:1:SW:1):purging node -97435854 *Oct 29 22:11:59.426: ISAKMP:(0:1:SW:1):purging node -2123041432 *Oct 29 22:11:59.426: ISAKMP:(0:1:SW:1):purging node -193186592 *Oct 29 22:11:59.426: ISAKMP:(0:1:SW:1):purging node 843970500 router1# *Oct 29 22:12:00.726: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 2 packets router1# *Oct 29 22:12:02.018: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:12:04.938: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1) *Oct 29 22:12:04.938: ISAKMP: received ke message (3/1) *Oct 29 22:12:04.938: ISAKMP:(0:3:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:04.938: ISAKMP:(0:3:SW:1):deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:04.938: ISAKMP:(0:2:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:04.938: ISAKMP:(0:1:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:04.938: ISAKMP: set new node 1678632242 to QM_IDLE *Oct 29 22:12:04.938: ISAKMP:(0:3:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:04.938: ISAKMP:(0:3:SW:1):purging node 1678632242 *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:04.942: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):deleting node -2002087318 error FALSE reason "IKE deleted" *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):deleting node 858072580 error FALSE reason "IKE deleted" *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):deleting node -1415705509 error FALSE reason "IKE deleted" *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):deleting node 254672207 error FALSE reason "IKE deleted" *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:04.942: ISAKMP:(0:3:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:12:05.006: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x16AC63A8(380396456), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:12:05.006: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x784F41D5(2018460117), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) router1# *Oct 29 22:12:05.006: IPSec: Flow_switching Deallocated flow for sibling 80004171 *Oct 29 22:12:05.006: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 5 *Oct 29 22:12:05.006: ISAKMP: received ke message (3/1) *Oct 29 22:12:05.006: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0x16AC63A8 *Oct 29 22:12:05.478: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xEACFFCAB(3939499179), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:12:05.482: ISAKMP: received ke message (1/1) *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:12:05.482: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:05.482: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:12:05.482: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:05.482: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:05.482: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 65F0EE40 *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:12:05.482: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:12:05.526: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:05.526: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:05.526: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:05.526: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:05.526: ISAKMP: hash SHA *Oct 29 22:12:05.526: ISAKMP: default group 2 *Oct 29 22:12:05.530: ISAKMP: auth pre-share *Oct 29 22:12:05.530: ISAKMP: life type in seconds *Oct 29 22:12:05.530: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:05.530: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:05.578: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:05.582: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:12:05.582: ISAKMP:(0:4:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:12:05.582: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:05.582: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:12:05.642: ISAKMP (0:134217732): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:12:05.646: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:05.646: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:12:05.646: ISAKMP:(0:4:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:05.710: ISAKMP:(0:4:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:05.710: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:05.710: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:05.710: ISAKMP:(0:4:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:05.710: ISAKMP:(0:4:SW:1):SKEYID state generated *Oct 29 22:12:05.710: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:05.710: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:12:05.710: ISAKMP:(0:4:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:05.710: ISAKMP (0:134217732): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:12:05.710: ISAKMP:(0:4:SW:1):Total payload length: 12 *Oct 29 22:12:05.714: ISAKMP:(0:4:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:12:05.714: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:05.714: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:12:05.750: ISAKMP (0:134217732): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:05.750: ISAKMP:(0:4:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:05.750: ISAKMP (0:134217732): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:05.750: ISAKMP:(0:4:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:05.750: ISAKMP:(0:4:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:05.750: ISAKMP:(0:4:SW:1):SA authentication status: authenticated *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:12:05.754: ISAKMP:(0:4:SW:1):beginning Quick Mode exchange, M-ID of -218751925 *Oct 29 22:12:05.758: ISAKMP:(0:4:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:05.758: ISAKMP:(0:4:SW:1):Node -218751925, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:12:05.758: ISAKMP:(0:4:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:05.758: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:05.758: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:12:05.810: ISAKMP (0:134217732): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:05.810: ISAKMP:(0:4:SW:1): processing HASH payload. message ID = -218751925 *Oct 29 22:12:05.810: ISAKMP:(0:4:SW:1): processing SA payload. message ID = -218751925 *Oct 29 22:12:05.810: ISAKMP:(0:4:SW:1):Checking IPSec proposal 1 *Oct 29 22:12:05.810: ISAKMP: transform 1, ESP_3DES *Oct 29 22:12:05.810: ISAKMP: attributes in transform: *Oct 29 22:12:05.810: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:12:05.810: ISAKMP: SA life type in seconds *Oct 29 22:12:05.810: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:12:05.810: ISAKMP: SA life type in kilobytes *Oct 29 22:12:05.810: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:12:05.810: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:12:05.810: ISAKMP:(0:4:SW:1):atts are acceptable. *Oct 29 22:12:05.810: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:05.814: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:05.814: ISAKMP:(0:4:SW:1): processing NONCE payload. message ID = -218751925 *Oct 29 22:12:05.814: ISAKMP:(0:4:SW:1): processing ID payload. message ID = -218751925 *Oct 29 22:12:05.814: ISAKMP:(0:4:SW:1): processing ID payload. message ID = -218751925 *Oct 29 22:12:05.814: ISAKMP:(0:4:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 3939499179, message ID = -218751925, sa = 65F0EE40 *Oct 29 22:12:05.814: ISAKMP:(0:4:SW:1):SA authentication status: authenticated *Oct 29 22:12:05.814: ISAKMP:(0:4:SW:1): processing responder lifetime *Oct 29 22:12:05.814: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for for stuff_ke *Oct 29 22:12:05.814: ISAKMP:(0:4:SW:1): Creating IPSec SAs *Oct 29 22:12:05.814: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.1.7 to 172.18.210.16) *Oct 29 22:12:05.814: has spi 0xEACFFCAB and conn_id 0 and flags 2 *Oct 29 22:12:05.814: lifetime of 3600 seconds *Oct 29 22:12:05.814: lifetime of 4608000 kilobytes *Oct 29 22:12:05.814: has client flags 0x0 *Oct 29 22:12:05.814: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.1.7) *Oct 29 22:12:05.814: has spi -2104503026 and conn_id 0 and flags A *Oct 29 22:12:05.814: lifetime of 3600 seconds *Oct 29 22:12:05.814: lifetime of 4608000 kilobytes *Oct 29 22:12:05.818: has client flags 0x0 *Oct 29 22:12:05.818: ISAKMP:(0:4:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:05.818: ISAKMP:(0:4:SW:1):deleting node -218751925 error FALSE reason "No Error" *Oct 29 22:12:05.818: ISAKMP:(0:4:SW:1):Node -218751925, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:12:05.818: ISAKMP:(0:4:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:12:05.818: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:12:05.818: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xEACFFCAB(3939499179), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:05.818: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x828FD50E(2190464270), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:12:05.818: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:05.818: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:12:05.818: IPSec: Flow_switching Allocated flow for sibling 80004148 *Oct 29 22:12:05.818: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for from create_transforms *Oct 29 22:12:05.818: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xEACFFCAB(3939499179), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041 *Oct 29 22:12:05.822: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x828FD50E(2190464270), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007 *Oct 29 22:12:05.822: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xC8203E7F(3357556351), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3022, (identity) router1#local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:12:05.822: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 6 router1# *Oct 29 22:12:07.030: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:12:09.426: ISAKMP:(0:1:SW:1):purging SA., sa=649E1F14, delme=649E1F14 *Oct 29 22:12:09.570: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:12:09.570: ISAKMP: received ke message (3/1) *Oct 29 22:12:09.570: ISAKMP:(0:4:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:09.570: ISAKMP:(0:4:SW:1):deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:09.570: ISAKMP:(0:3:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:09.570: ISAKMP:(0:2:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:09.570: ISAKMP: set new node -1974697320 to QM_IDLE *Oct 29 22:12:09.570: ISAKMP:(0:4:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:09.570: ISAKMP:(0:4:SW:1):purging node -1974697320 *Oct 29 22:12:09.574: ISAKMP:(0:4:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:12:09.574: ISAKMP:(0:4:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:09.574: ISAKMP:(0:4:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:09.574: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:12:09.574: ISAKMP:(0:4:SW:1):deleting node -218751925 error FALSE reason "IKE deleted" *Oct 29 22:12:09.574: ISAKMP:(0:4:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:09.574: ISAKMP:(0:4:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:12:09.634: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x77FAA665(2012915301), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:09.634: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xF9CFB11A(4191138074), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:09.634: IPSec: Flow_switching Deallocated flow for sibling 80004149 *Oct 29 22:12:09.634: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 5 *Oct 29 22:12:09.634: ISAKMP: received ke message (3/1) *Oct 29 22:12:09.634: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0x77FAA665 *Oct 29 22:12:09.726: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xAF06750D(2936435981), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:12:09.726: ISAKMP: received ke message (1/1) *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:12:09.726: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:09.726: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:12:09.726: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:09.726: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:09.726: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 649E1F14 *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:12:09.726: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:12:09.730: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:12:09.730: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:12:09.770: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:12:09.770: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:09.770: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:12:09.770: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:09.770: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:09.770: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:09.770: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:09.770: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:09.774: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:09.774: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:09.774: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:09.774: ISAKMP: hash SHA *Oct 29 22:12:09.774: ISAKMP: default group 2 *Oct 29 22:12:09.774: ISAKMP: auth pre-share *Oct 29 22:12:09.774: ISAKMP: life type in seconds *Oct 29 22:12:09.774: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:09.774: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:09.822: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:09.822: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:12:09.826: ISAKMP:(0:5:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:12:09.826: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:09.826: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:12:09.882: ISAKMP (0:134217733): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:12:09.882: ISAKMP:(0:5:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:09.882: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:12:09.882: ISAKMP:(0:5:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:09.946: ISAKMP:(0:5:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:09.946: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:09.946: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:09.946: ISAKMP:(0:5:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:09.946: ISAKMP:(0:5:SW:1):SKEYID state generated *Oct 29 22:12:09.946: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:09.946: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:12:09.946: ISAKMP:(0:5:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:09.950: ISAKMP (0:134217733): ID payload next-payload : 8 type : 1 router1# address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:12:09.950: ISAKMP:(0:5:SW:1):Total payload length: 12 *Oct 29 22:12:09.950: ISAKMP:(0:5:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:12:09.950: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:09.950: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:12:11.122: ISAKMP (0:134217733): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:11.122: ISAKMP:(0:5:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:11.122: ISAKMP (0:134217733): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:11.122: ISAKMP:(0:5:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:11.122: ISAKMP:(0:5:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1):SA authentication status: authenticated *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:12:11.126: ISAKMP:(0:2:SW:1):purging node 222270993 *Oct 29 22:12:11.126: ISAKMP (0:134217733): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:11.126: ISAKMP (0:134217733): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:11.126: ISAKMP:(0:5:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:11.130: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:11.130: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:12:11.134: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:11.134: ISAKMP:(0:5:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:12:11.134: ISAKMP:(0:5:SW:1):beginning Quick Mode exchange, M-ID of 974224374 *Oct 29 22:12:11.138: ISAKMP:(0:5:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:11.138: ISAKMP:(0:5:SW:1):Node 974224374, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:12:11.138: ISAKMP:(0:5:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:11.138: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:11.138: ISAKMP:(0:5:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE router1# *Oct 29 22:12:12.006: ISAKMP (0:134217733): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1): processing HASH payload. message ID = 974224374 *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1): processing SA payload. message ID = 974224374 *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1):Checking IPSec proposal 1 *Oct 29 22:12:12.010: ISAKMP: transform 1, ESP_3DES *Oct 29 22:12:12.010: ISAKMP: attributes in transform: *Oct 29 22:12:12.010: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:12:12.010: ISAKMP: SA life type in seconds *Oct 29 22:12:12.010: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:12:12.010: ISAKMP: SA life type in kilobytes *Oct 29 22:12:12.010: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:12:12.010: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1):atts are acceptable. *Oct 29 22:12:12.010: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:12.010: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1): processing NONCE payload. message ID = 974224374 *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1): processing ID payload. message ID = 974224374 *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1): processing ID payload. message ID = 974224374 *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 2936435981, message ID = 974224374, sa = 649E1F14 *Oct 29 22:12:12.010: ISAKMP:(0:5:SW:1):SA authentication status: authenticated *Oct 29 22:12:12.014: ISAKMP:(0:5:SW:1): processing responder lifetime *Oct 29 22:12:12.014: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for for stuff_ke *Oct 29 22:12:12.014: ISAKMP:(0:5:SW:1): Creating IPSec SAs *Oct 29 22:12:12.014: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.20) *Oct 29 22:12:12.014: has spi 0xAF06750D and conn_id 0 and flags 2 *Oct 29 22:12:12.014: lifetime of 3600 seconds *Oct 29 22:12:12.014: lifetime of 4608000 kilobytes *Oct 29 22:12:12.014: has client flags 0x0 *Oct 29 22:12:12.014: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.20 to 192.168.10.4) *Oct 29 22:12:12.014: has spi -329630713 and conn_id 0 and flags A *Oct 29 22:12:12.014: lifetime of 3600 seconds *Oct 29 22:12:12.014: lifetime of 4608000 kilobytes *Oct 29 22:12:12.014: has client flags 0x0 *Oct 29 22:12:12.014: ISAKMP:(0:5:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:12.014: ISAKMP:(0:5:SW:1):deleting node 974224374 error FALSE reason "No Error" *Oct 29 22:12:12.014: ISAKMP:(0:5:SW:1):Node 974224374, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:12:12.018: ISAKMP:(0:5:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:12:12.018: ISAKMP:(0:5:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:12:12.018: ISAKMP:(0:5:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:12:12.018: ISAKMP:(0:5:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:12:12.018: ISAKMP:(0:5:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:12.018: ISAKMP:(0:5:SW:1):deleting SA reason "Death by retransmission P1" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:12.022: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:12:12.022: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xAF06750D(2936435981), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:12.022: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xEC5A3C07(3965336583), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:12:12.026: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:12.026: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:12:12.026: IPSec: Flow_switching Allocated flow for sibling 80004160 *Oct 29 22:12:12.026: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for from create_transforms *Oct 29 22:12:12.026: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xAF06750D(2936435981), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032 *Oct 29 22:12:12.026: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xEC5A3C07(3965336583), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005 *Oct 29 22:12:12.026: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xB18869AA(2978507178), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:12.026: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 6 *Oct 29 22:12:12.026: ISAKMP: set new node 810081901 to QM_IDLE *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1):purging node 810081901 *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:12.030: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1):deleting node 974224374 error FALSE reason "IKE deleted" *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:12.030: ISAKMP:(0:5:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA router1# *Oct 29 22:12:13.186: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (N) NEW SA *Oct 29 22:12:13.186: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:13.186: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for crypto_isakmp_process_block *Oct 29 22:12:13.186: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:13.186: insert sa successfully sa = 660162A8 *Oct 29 22:12:13.186: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:13.186: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R_MM1 *Oct 29 22:12:13.186: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:13.186: ISAKMP:(0:0:N/A:0): processing vendor id payload *Oct 29 22:12:13.190: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:12:13.190: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:13.190: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:13.190: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:13.190: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:13.190: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:13.190: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:13.190: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:13.190: ISAKMP: hash SHA *Oct 29 22:12:13.190: ISAKMP: auth pre-share *Oct 29 22:12:13.190: ISAKMP: default group 2 *Oct 29 22:12:13.190: ISAKMP: life type in seconds *Oct 29 22:12:13.190: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:13.190: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:13.242: ISAKMP:(0:6:SW:1): processing vendor id payload *Oct 29 22:12:13.242: ISAKMP:(0:6:SW:1): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:12:13.242: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE router1# *Oct 29 22:12:13.242: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM1 *Oct 29 22:12:13.242: ISAKMP:(0:6:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_SA_SETUP *Oct 29 22:12:13.242: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:13.242: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM2 *Oct 29 22:12:15.098: ISAKMP (0:134217734): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 29 22:12:15.098: ISAKMP:(0:6:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:15.098: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM2 New State = IKE_R_MM3 *Oct 29 22:12:15.102: ISAKMP:(0:6:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:15.166: ISAKMP:(0:6:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:15.166: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:15.166: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:15.166: ISAKMP:(0:6:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:15.166: ISAKMP:(0:6:SW:1):SKEYID state generated *Oct 29 22:12:15.166: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:15.166: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM3 *Oct 29 22:12:15.166: ISAKMP:(0:6:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:12:15.170: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:15.170: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM4 router1# *Oct 29 22:12:18.086: ISAKMP (0:134217734): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:12:18.086: ISAKMP:(0:6:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:18.086: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM4 New State = IKE_R_MM5 *Oct 29 22:12:18.086: ISAKMP (0:134217734): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:12:18.090: ISAKMP:(0:6:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:18.090: ISAKMP:(0:6:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:18.090: ISAKMP:(0:6:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:18.110: ISAKMP:(0:6:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:18.110: ISAKMP (0:134217734): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:18.110: ISAKMP:(0:6:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:18.110: ISAKMP:(0:6:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:18.110: ISAKMP:(0:6:SW:1):SA authentication status: authenticated *Oct 29 22:12:18.110: ISAKMP:(0:6:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:18.110: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:18.110: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM5 New State = IKE_R_MM5 *Oct 29 22:12:18.114: ISAKMP:(0:6:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:18.114: ISAKMP (0:134217734): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:12:18.114: ISAKMP:(0:6:SW:1):Total payload length: 12 *Oct 29 22:12:18.114: ISAKMP:(0:6:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:12:18.114: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:18.114: ISAKMP:(0:6:SW:1):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Oct 29 22:12:18.114: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:18.114: ISAKMP:(0:6:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:12:18.150: ISAKMP (0:134217734): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:12:18.150: ISAKMP: set new node -84298424 to QM_IDLE *Oct 29 22:12:18.154: ISAKMP:(0:6:SW:1): processing HASH payload. message ID = -84298424 *Oct 29 22:12:18.154: ISAKMP:(0:6:SW:1): processing DELETE payload. message ID = -84298424 *Oct 29 22:12:18.154: ISAKMP:(0:6:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:18.154: ISAKMP:(0:6:SW:1):deleting node -84298424 error FALSE reason "Informational (in) state 1" *Oct 29 22:12:18.154: IPSEC(key_engine): got a queue event with 1 kei messages *Oct 29 22:12:18.154: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Oct 29 22:12:18.154: IPSEC(key_engine_delete_sas): delete SA with spi 0x6AD1B3A0 proto 50 for 192.168.1.4 *Oct 29 22:12:18.154: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x62278E34(1646759476), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3037, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:18.154: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x6AD1B3A0(1792127904), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3006, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:18.154: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x6AD1B3A0(1792127904), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3006, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:18.154: IPSec: Flow_switching Deallocated flow for sibling 80004154 *Oct 29 22:12:18.154: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 5 *Oct 29 22:12:18.814: ISAKMP:(0:6:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:12:18.814: ISAKMP:(0:6:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:12:18.814: ISAKMP:(0:6:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:12:18.814: ISAKMP:(0:6:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:18.814: ISAKMP:(0:6:SW:1):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:18.814: ISAKMP: set new node 1969049401 to QM_IDLE *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1):purging node 1969049401 *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL router1# *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:18.818: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1):deleting node -84298424 error FALSE reason "IKE deleted" *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:18.818: ISAKMP:(0:6:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA router1# router1# router1# *Oct 29 22:12:21.046: ISAKMP:(0:2:SW:1):purging SA., sa=648A2840, delme=648A2840 *Oct 29 22:12:21.974: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:12:21.974: ISAKMP: received ke message (3/1) *Oct 29 22:12:21.974: ISAKMP:(0:5:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:21.974: ISAKMP:(0:4:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:21.974: ISAKMP:(0:3:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:21.974: ISAKMP:(0:6:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:21.982: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xD0B6F311(3501650705), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:12:21.982: ISAKMP: received ke message (1/1) *Oct 29 22:12:21.982: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:12:21.982: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:21.982: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:12:21.982: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:21.982: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:21.982: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 66024214 *Oct 29 22:12:21.982: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:12:21.982: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:21.982: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:21.982: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:21.986: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:12:21.986: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:12:21.986: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:12:21.986: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:12:21.986: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:12:21.986: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:12:21.986: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:12:22.030: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:12:22.030: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:22.030: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:12:22.030: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:22.030: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:22.034: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:22.034: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:22.034: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:22.034: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:22.034: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:22.034: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:22.034: ISAKMP: hash SHA *Oct 29 22:12:22.034: ISAKMP: default group 2 *Oct 29 22:12:22.034: ISAKMP: auth pre-share *Oct 29 22:12:22.034: ISAKMP: life type in seconds *Oct 29 22:12:22.034: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:22.034: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:22.086: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:22.086: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:12:22.086: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xB36BEE44(3010195012), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:22.086: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x9D8BFCDA(2643197146), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:22.086: IPSec: Flow_switching Deallocated flow for sibling 8000413E *Oct 29 22:12:22.086: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 4 *Oct 29 22:12:22.090: ISAKMP:(0:7:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:12:22.090: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:22.090: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:12:22.090: ISAKMP: received ke message (3/1) *Oct 29 22:12:22.090: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0xB36BEE44 *Oct 29 22:12:22.594: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:12:22.594: ISAKMP:(0:7:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:22.594: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:12:22.594: ISAKMP:(0:7:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:22.658: ISAKMP:(0:7:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:22.658: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:22.658: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:22.658: ISAKMP:(0:7:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:22.658: ISAKMP:(0:7:SW:1):SKEYID state generated *Oct 29 22:12:22.658: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:22.658: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:12:22.662: ISAKMP:(0:7:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:22.662: ISAKMP (0:134217735): ID payload next-payload : 8 type : 1 router1# address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:12:22.662: ISAKMP:(0:7:SW:1):Total payload length: 12 *Oct 29 22:12:22.662: ISAKMP:(0:7:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:12:22.662: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:22.662: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:12:23.438: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:23.442: ISAKMP (0:134217735): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1):SA authentication status: authenticated *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:12:23.442: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:23.442: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:23.442: ISAKMP:(0:7:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:23.446: ISAKMP:(0:7:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:23.446: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:23.446: ISAKMP: set new node 1559649824 to QM_IDLE *Oct 29 22:12:23.446: ISAKMP:(0:7:SW:1): processing HASH payload. message ID = 1559649824 *Oct 29 22:12:23.446: ISAKMP:(0:7:SW:1): processing DELETE payload. message ID = 1559649824 *Oct 29 22:12:23.446: ISAKMP:(0:7:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:23.446: ISAKMP:(0:7:SW:1):deleting node 1559649824 error FALSE reason "Informational (in) state 1" *Oct 29 22:12:23.446: IPSEC(key_engine): got a queue event with 1 kei messages *Oct 29 22:12:23.446: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Oct 29 22:12:23.446: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:23.446: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:12:23.450: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:23.450: ISAKMP:(0:7:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:12:23.450: ISAKMP:(0:7:SW:1):beginning Quick Mode exchange, M-ID of -1022351598 router1# *Oct 29 22:12:23.450: ISAKMP:(0:7:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:23.454: ISAKMP:(0:7:SW:1):Node -1022351598, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:12:23.454: ISAKMP:(0:7:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:23.454: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:23.454: ISAKMP:(0:7:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:12:26.138: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41213) -> 192.168.10.4(33440), 1 packet *Oct 29 22:12:26.138: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x36A74E65(916934245), conn_id= 0, keysize= 0, flags= 0x400A router1# *Oct 29 22:12:28.242: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:28.242: ISAKMP:(0:7:SW:1): processing HASH payload. message ID = -1022351598 *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1): processing SA payload. message ID = -1022351598 *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1):Checking IPSec proposal 1 *Oct 29 22:12:28.246: ISAKMP: transform 1, ESP_3DES *Oct 29 22:12:28.246: ISAKMP: attributes in transform: *Oct 29 22:12:28.246: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:12:28.246: ISAKMP: SA life type in seconds *Oct 29 22:12:28.246: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:12:28.246: ISAKMP: SA life type in kilobytes *Oct 29 22:12:28.246: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:12:28.246: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1):atts are acceptable. *Oct 29 22:12:28.246: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:28.246: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1): processing NONCE payload. message ID = -1022351598 *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1): processing ID payload. message ID = -1022351598 *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1): processing ID payload. message ID = -1022351598 *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 3501650705, message ID = -1022351598, sa = 66024214 *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1):SA authentication status: authenticated *Oct 29 22:12:28.246: ISAKMP:(0:7:SW:1): processing responder lifetime *Oct 29 22:12:28.250: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for for stuff_ke *Oct 29 22:12:28.250: ISAKMP:(0:7:SW:1): Creating IPSec SAs *Oct 29 22:12:28.250: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:12:28.250: has spi 0xD0B6F311 and conn_id 0 and flags 2 *Oct 29 22:12:28.250: lifetime of 3600 seconds *Oct 29 22:12:28.250: lifetime of 4608000 kilobytes *Oct 29 22:12:28.250: has client flags 0x0 *Oct 29 22:12:28.250: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:12:28.250: has spi 1662262696 and conn_id 0 and flags A *Oct 29 22:12:28.250: lifetime of 3600 seconds *Oct 29 22:12:28.250: lifetime of 4608000 kilobytes *Oct 29 22:12:28.250: has client flags 0x0 *Oct 29 22:12:28.250: ISAKMP:(0:7:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:28.250: ISAKMP:(0:7:SW:1):deleting node -1022351598 error FALSE reason "No Error" *Oct 29 22:12:28.250: ISAKMP:(0:7:SW:1):Node -1022351598, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:12:28.250: ISAKMP:(0:7:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:12:28.250: ISAKMP: received ke message (1/1) *Oct 29 22:12:28.254: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:28.254: ISAKMP:(0:7:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:12:28.254: ISAKMP:(0:7:SW:1):beginning Quick Mode exchange, M-ID of 1159398309 *Oct 29 22:12:28.254: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:12:28.254: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xD0B6F311(3501650705), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:28.254: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x63141DA8(1662262696), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:12:28.254: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:28.254: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:12:28.254: IPSec: Flow_switching Allocated flow for sibling 8000406A *Oct 29 22:12:28.254: IPSEC(policy_db_add_ident): src 172.18.210.16, dest 192.168.10.4, dest_port 0 *Oct 29 22:12:28.254: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for from create_transforms *Oct 29 22:12:28.254: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xD0B6F311(3501650705), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021 *Oct 29 22:12:28.258: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x63141DA8(1662262696), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030 *Oct 29 22:12:28.258: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 5 *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1):Node 1159398309, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:28.262: ISAKMP:(0:7:SW:1):deleting SA reason "Death by retransmission P1" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:28.262: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:28.262: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:28.266: ISAKMP: set new node 691712438 to QM_IDLE *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):purging node 691712438 *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:28.266: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):deleting node -1022351598 error FALSE reason "IKE deleted" *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):deleting node 1559649824 error FALSE reason "IKE deleted" router1# *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):deleting node 1159398309 error FALSE reason "IKE deleted" *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:28.266: ISAKMP:(0:7:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:12:29.406: ISAKMP (0:134217735): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE router1# *Oct 29 22:12:33.190: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (N) NEW SA *Oct 29 22:12:33.190: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:33.190: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for crypto_isakmp_process_block *Oct 29 22:12:33.190: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:33.190: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 649FB804 *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R_MM1 *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0): processing vendor id payload *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:33.190: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:33.190: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:33.190: ISAKMP: hash SHA *Oct 29 22:12:33.190: ISAKMP: auth pre-share *Oct 29 22:12:33.190: ISAKMP: default group 2 *Oct 29 22:12:33.190: ISAKMP: life type in seconds *Oct 29 22:12:33.190: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:33.190: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:33.242: ISAKMP:(0:8:SW:1): processing vendor id payload *Oct 29 22:12:33.242: ISAKMP:(0:8:SW:1): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:12:33.242: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:33.242: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM1 *Oct 29 22:12:33.242: ISAKMP:(0:8:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_SA_SETUP *Oct 29 22:12:33.246: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:33.246: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM2 *Oct 29 22:12:33.286: ISAKMP (0:134217736): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 29 22:12:33.286: ISAKMP:(0:8:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:33.286: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM2 New State = IKE_R_MM3 *Oct 29 22:12:33.286: ISAKMP:(0:8:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:33.350: ISAKMP:(0:8:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:33.350: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:33.350: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:33.350: ISAKMP:(0:8:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:33.354: ISAKMP:(0:8:SW:1):SKEYID state generated *Oct 29 22:12:33.354: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE router1# *Oct 29 22:12:33.354: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM3 *Oct 29 22:12:33.354: ISAKMP:(0:8:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:12:33.354: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:33.354: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM4 *Oct 29 22:12:35.558: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1) *Oct 29 22:12:35.558: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x2A6B211(44478993), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:12:35.958: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xC8203E7F(3357556351), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3022, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:12:35.958: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x2F2F839(49477689), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3042, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:12:35.962: IPSec: Flow_switching Deallocated flow for sibling 8000414E *Oct 29 22:12:35.962: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 4 router1# *Oct 29 22:12:36.638: ISAKMP (0:134217736): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM4 New State = IKE_R_MM5 *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:37.978: ISAKMP (0:134217736): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1):SA authentication status: authenticated *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:37.978: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM5 New State = IKE_R_MM5 *Oct 29 22:12:37.978: ISAKMP: received ke message (1/1) *Oct 29 22:12:37.978: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:12:37.978: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:37.978: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 2 for isakmp_initiator *Oct 29 22:12:37.982: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:37.982: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:37.982: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 6600B404 *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:12:37.982: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:12:37.982: ISAKMP (0:134217736): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:12:37.982: ISAKMP:(0:8:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:37.982: ISAKMP:(0:8:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:37.982: ISAKMP:(0:8:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:37.986: ISAKMP (0:134217736): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:12:37.986: ISAKMP:(0:8:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:37.986: ISAKMP:(0:8:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:37.986: ISAKMP:(0:8:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:37.986: ISAKMP: received ke message (3/1) *Oct 29 22:12:37.986: ISAKMP (0:134217736): Unknown Input IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL: state = IKE_R_MM5 *Oct 29 22:12:37.986: ISAKMP:(0:8:SW:1):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL *Oct 29 22:12:37.986: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM5 New State = IKE_R_MM5 *Oct 29 22:12:37.986: ISAKMP:(0:8:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:37.990: ISAKMP (0:134217736): ID payload next-payload : 8 type : 1 address : 172.22.254.1 router1# protocol : 17 port : 500 length : 12 *Oct 29 22:12:37.990: ISAKMP:(0:8:SW:1):Total payload length: 12 *Oct 29 22:12:37.990: ISAKMP:(0:8:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:12:37.990: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:37.990: ISAKMP:(0:8:SW:1):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Oct 29 22:12:37.990: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:37.990: ISAKMP:(0:8:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:12:38.594: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:12:38.594: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:38.594: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:12:38.594: ISAKMP:(0:8:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:12:38.594: ISAKMP:(0:8:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:12:38.594: ISAKMP:(0:8:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:12:38.594: ISAKMP:(0:8:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:38.594: ISAKMP:(0:8:SW:1):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:38.594: ISAKMP (0:134217736): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:12:38.606: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:38.606: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:38.606: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:38.606: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:38.606: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:38.606: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:38.606: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:38.606: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:38.606: ISAKMP: hash SHA *Oct 29 22:12:38.606: ISAKMP: default group 2 *Oct 29 22:12:38.606: ISAKMP: auth pre-share *Oct 29 22:12:38.606: ISAKMP: life type in seconds *Oct 29 22:12:38.606: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:38.606: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:38.658: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:38.658: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:12:38.662: ISAKMP: set new node 723721531 to QM_IDLE *Oct 29 22:12:38.662: ISAKMP:(0:8:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:12:38.662: ISAKMP:(0:8:SW:1):purging node 723721531 *Oct 29 22:12:38.662: ISAKMP:(0:8:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:12:38.662: ISAKMP:(0:8:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:38.666: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP router1# *Oct 29 22:12:38.666: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:38.666: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:12:38.666: ISAKMP:(0:8:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:38.666: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 1 *Oct 29 22:12:38.666: ISAKMP:(0:8:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:38.666: ISAKMP:(0:8:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:12:39.738: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:12:39.738: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x89BD1797(2310870935), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:12:41.710: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:12:41.710: ISAKMP:(0:9:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:41.710: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:12:41.710: ISAKMP: received ke message (1/1) *Oct 29 22:12:41.714: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:41.714: ISAKMP:(0:9:SW:1):SA is still budding. Attached new ipsec request to it. (local 172.22.254.1, remote 192.168.1.4) *Oct 29 22:12:41.714: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:12:41.714: ISAKMP:(0:9:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:41.714: ISAKMP:(0:9:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:41.714: ISAKMP:(0:9:SW:1): retransmitting phase 1 MM_SA_SETUP... router1# *Oct 29 22:12:42.122: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xB18869AA(2978507178), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:42.122: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xE22DAFA1(3794644897), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3020, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:42.122: IPSec: Flow_switching Deallocated flow for sibling 80004103 *Oct 29 22:12:42.122: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 3 *Oct 29 22:12:42.834: ISAKMP:(0:9:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:42.898: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:42.898: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1):SKEYID state generated *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:12:42.898: ISAKMP: received ke message (3/1) *Oct 29 22:12:42.898: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0xB18869AA *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1): retransmitting phase 1 MM_SA_SETUP... *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1): retransmitting phase 1 MM_SA_SETUP *Oct 29 22:12:42.898: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:12:42.902: %SEC-6-IPACCESSLOGP: list 144 permitted tcp 172.22.2.10(2463) -> 172.17.3.108(2977), 1 packet *Oct 29 22:12:42.902: ISAKMP:(0:9:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:42.906: ISAKMP (0:134217737): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:12:42.906: ISAKMP:(0:9:SW:1):Total payload length: 12 *Oct 29 22:12:42.906: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:12:42.906: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:42.906: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 router1# *Oct 29 22:12:42.906: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:42.906: ISAKMP:(0:9:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:42.906: ISAKMP:(0:9:SW:1): retransmission skipped for phase 1 (time since last transmission 0) *Oct 29 22:12:44.002: %SEC-6-IPACCESSLOGP: list 144 permitted tcp 172.22.2.10(2463) -> 172.17.3.108(2979), 1 packet *Oct 29 22:12:45.094: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:45.094: ISAKMP:(0:9:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:45.094: ISAKMP (0:134217737): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1):SA authentication status: authenticated *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:12:45.098: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:45.098: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:45.098: ISAKMP:(0:9:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:45.102: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:45.102: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:12:45.102: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:45.102: ISAKMP: set new node -1252485049 to QM_IDLE *Oct 29 22:12:45.102: ISAKMP:(0:9:SW:1): processing HASH payload. message ID = -1252485049 *Oct 29 22:12:45.102: ISAKMP:(0:9:SW:1): processing DELETE payload. message ID = -1252485049 *Oct 29 22:12:45.102: ISAKMP:(0:9:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:45.106: ISAKMP:(0:9:SW:1):deleting node -1252485049 error FALSE reason "Informational (in) state 1" *Oct 29 22:12:45.106: IPSEC(key_engine): got a queue event with 1 kei messages *Oct 29 22:12:45.106: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Oct 29 22:12:45.106: IPSEC(key_engine_delete_sas): delete SA with spi 0x828FD50E proto 50 for 192.168.1.4 *Oct 29 22:12:45.106: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xEACFFCAB(3939499179), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:12:45.106: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x828FD50E(2190464270), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:12:45.106: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x828FD50E(2190464270), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:12:45.106: IPSec: Flow_switching Deallocated flow for sibling 80004148 *Oct 29 22:12:45.106: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 2 *Oct 29 22:12:45.106: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:45.110: ISAKMP:(0:9:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:12:45.110: ISAKMP:(0:9:SW:1):beginning Quick Mode exchange, M-ID of -880647121 *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1):Node -880647121, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1):beginning Quick Mode exchange, M-ID of 1669043583 *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1):Node 1669043583, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:45.114: ISAKMP:(0:9:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:12:45.374: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41319) -> 192.168.1.7(33438), 1 packet *Oct 29 22:12:45.374: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x3B8C3336(999043894), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:12:45.930: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:45.930: ISAKMP:(0:9:SW:1): processing HASH payload. message ID = -880647121 *Oct 29 22:12:45.930: ISAKMP:(0:9:SW:1): processing SA payload. message ID = -880647121 *Oct 29 22:12:45.930: ISAKMP:(0:9:SW:1):Checking IPSec proposal 1 *Oct 29 22:12:45.930: ISAKMP: transform 1, ESP_3DES *Oct 29 22:12:45.930: ISAKMP: attributes in transform: *Oct 29 22:12:45.930: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:12:45.930: ISAKMP: SA life type in seconds *Oct 29 22:12:45.930: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:12:45.930: ISAKMP: SA life type in kilobytes *Oct 29 22:12:45.934: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:12:45.934: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:12:45.934: ISAKMP:(0:9:SW:1):atts are acceptable. *Oct 29 22:12:45.934: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:45.934: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:45.934: ISAKMP:(0:9:SW:1): processing NONCE payload. message ID = -880647121 *Oct 29 22:12:45.934: ISAKMP:(0:9:SW:1): processing ID payload. message ID = -880647121 *Oct 29 22:12:45.934: ISAKMP:(0:9:SW:1): processing ID payload. message ID = -880647121 *Oct 29 22:12:45.934: ISAKMP:(0:9:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 44478993, message ID = -880647121, sa = 6600B404 *Oct 29 22:12:45.934: ISAKMP:(0:9:SW:1):SA authentication status: authenticated *Oct 29 22:12:45.934: ISAKMP:(0:9:SW:1): processing responder lifetime *Oct 29 22:12:45.934: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 3 for for stuff_ke *Oct 29 22:12:45.938: ISAKMP:(0:9:SW:1): Creating IPSec SAs *Oct 29 22:12:45.938: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.1.7 to 172.18.210.16) *Oct 29 22:12:45.938: has spi 0x2A6B211 and conn_id 0 and flags 2 *Oct 29 22:12:45.938: lifetime of 3600 seconds *Oct 29 22:12:45.938: lifetime of 4608000 kilobytes *Oct 29 22:12:45.938: has client flags 0x0 *Oct 29 22:12:45.938: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.1.7) *Oct 29 22:12:45.938: has spi 956858512 and conn_id 0 and flags A *Oct 29 22:12:45.938: lifetime of 3600 seconds *Oct 29 22:12:45.938: lifetime of 4608000 kilobytes *Oct 29 22:12:45.938: has client flags 0x0 *Oct 29 22:12:45.938: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:45.938: ISAKMP:(0:9:SW:1):deleting node -880647121 error FALSE reason "No Error" *Oct 29 22:12:45.938: ISAKMP:(0:9:SW:1):Node -880647121, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:12:45.938: ISAKMP:(0:9:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:12:45.938: ISAKMP: received ke message (1/1) *Oct 29 22:12:45.938: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:45.938: ISAKMP:(0:9:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:12:45.938: ISAKMP:(0:9:SW:1):beginning Quick Mode exchange, M-ID of -1430653787 *Oct 29 22:12:45.942: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:12:45.942: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x2A6B211(44478993), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:45.942: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x39088090(956858512), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:12:45.942: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:45.942: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:12:45.942: IPSec: Flow_switching Allocated flow for sibling 80004150 *Oct 29 22:12:45.942: IPSEC(policy_db_add_ident): src 172.18.210.16, dest 192.168.1.7, dest_port 0 *Oct 29 22:12:45.942: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 4 for from create_transforms *Oct 29 22:12:45.942: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x2A6B211(44478993), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007 *Oct 29 22:12:45.942: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x39088090(956858512), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041 *Oct 29 22:12:45.942: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 3 *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1):Node -1430653787, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:45.950: ISAKMP:(0:9:SW:1):deleting SA reason "Death by retransmission P1" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:45.950: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:45.950: ISAKMP: set new node -69694526 to QM_IDLE *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):purging node -69694526 *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) router1# *Oct 29 22:12:45.954: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):deleting node -880647121 error FALSE reason "IKE deleted" *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):deleting node 1669043583 error FALSE reason "IKE deleted" *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):deleting node -1252485049 error FALSE reason "IKE deleted" *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):deleting node -1430653787 error FALSE reason "IKE deleted" *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:45.954: ISAKMP:(0:9:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:12:47.414: ISAKMP (0:134217737): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE router1# *Oct 29 22:12:51.982: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:12:51.982: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x34EE2CCD(888024269), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:12:51.982: ISAKMP: received ke message (1/1) *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:12:51.982: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:51.982: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:12:51.982: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:51.982: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:12:51.982: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 6611B890 *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:12:51.982: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:12:51.986: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:12:51.986: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:12:51.986: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:12:52.026: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:12:52.026: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:52.026: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:12:52.026: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:52.026: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:52.026: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:52.026: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:52.030: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:52.030: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:52.030: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:52.030: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:52.030: ISAKMP: hash SHA *Oct 29 22:12:52.030: ISAKMP: default group 2 *Oct 29 22:12:52.030: ISAKMP: auth pre-share *Oct 29 22:12:52.030: ISAKMP: life type in seconds *Oct 29 22:12:52.030: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:52.030: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:52.078: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:52.078: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:12:52.082: ISAKMP:(0:10:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:12:52.082: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:52.082: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:12:52.138: ISAKMP (0:134217738): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:12:52.138: ISAKMP:(0:10:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:52.138: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:12:52.138: ISAKMP:(0:10:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:52.202: ISAKMP:(0:10:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:52.202: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:52.202: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:52.202: ISAKMP:(0:10:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:52.202: ISAKMP:(0:10:SW:1):SKEYID state generated *Oct 29 22:12:52.202: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:52.202: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:12:52.202: ISAKMP:(0:10:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:52.202: ISAKMP (0:134217738): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:12:52.202: ISAKMP:(0:10:SW:1):Total payload length: 12 *Oct 29 22:12:52.206: ISAKMP:(0:10:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:12:52.206: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:52.206: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:12:52.542: ISAKMP (0:134217738): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:52.542: ISAKMP:(0:10:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:52.542: ISAKMP (0:134217738): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:52.542: ISAKMP:(0:10:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:52.542: ISAKMP:(0:10:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:52.542: ISAKMP:(0:10:SW:1):SA authentication status: authenticated *Oct 29 22:12:52.542: ISAKMP:(0:10:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:52.542: ISAKMP:(0:10:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:52.542: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:12:52.542: ISAKMP (0:134217738): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:12:52.546: ISAKMP (0:134217738): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:52.546: ISAKMP:(0:10:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1):beginning Quick Mode exchange, M-ID of -1821053697 *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1):Node -1821053697, Input = IKE_MESG_INTERNAL, IKE_INIT_QM router1# *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:52.550: ISAKMP:(0:10:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:12:53.030: ISAKMP (0:134217738): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:12:53.034: ISAKMP:(0:10:SW:1): processing HASH payload. message ID = -1821053697 *Oct 29 22:12:53.034: ISAKMP:(0:10:SW:1): processing SA payload. message ID = -1821053697 *Oct 29 22:12:53.034: ISAKMP:(0:10:SW:1):Checking IPSec proposal 1 *Oct 29 22:12:53.034: ISAKMP: transform 1, ESP_3DES *Oct 29 22:12:53.034: ISAKMP: attributes in transform: *Oct 29 22:12:53.034: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:12:53.034: ISAKMP: SA life type in seconds *Oct 29 22:12:53.034: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:12:53.034: ISAKMP: SA life type in kilobytes *Oct 29 22:12:53.034: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:12:53.034: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:12:53.034: ISAKMP:(0:10:SW:1):atts are acceptable. *Oct 29 22:12:53.034: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:53.034: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:53.034: ISAKMP:(0:10:SW:1): processing NONCE payload. message ID = -1821053697 *Oct 29 22:12:53.038: ISAKMP:(0:10:SW:1): processing ID payload. message ID = -1821053697 *Oct 29 22:12:53.038: ISAKMP:(0:10:SW:1): processing ID payload. message ID = -1821053697 *Oct 29 22:12:53.038: ISAKMP:(0:10:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 888024269, message ID = -1821053697, sa = 6611B890 *Oct 29 22:12:53.038: ISAKMP:(0:10:SW:1):SA authentication status: authenticated *Oct 29 22:12:53.038: ISAKMP:(0:10:SW:1): processing responder lifetime *Oct 29 22:12:53.038: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 4 for for stuff_ke *Oct 29 22:12:53.038: ISAKMP:(0:10:SW:1): Creating IPSec SAs *Oct 29 22:12:53.038: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:12:53.038: has spi 0x34EE2CCD and conn_id 0 and flags 2 *Oct 29 22:12:53.038: lifetime of 3600 seconds *Oct 29 22:12:53.038: lifetime of 4608000 kilobytes *Oct 29 22:12:53.038: has client flags 0x0 *Oct 29 22:12:53.038: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:12:53.038: has spi -1322348487 and conn_id 0 and flags A *Oct 29 22:12:53.038: lifetime of 3600 seconds *Oct 29 22:12:53.038: lifetime of 4608000 kilobytes *Oct 29 22:12:53.038: has client flags 0x0 *Oct 29 22:12:53.038: ISAKMP:(0:10:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:53.042: ISAKMP:(0:10:SW:1):deleting node -1821053697 error FALSE reason "No Error" *Oct 29 22:12:53.042: ISAKMP:(0:10:SW:1):Node -1821053697, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:12:53.042: ISAKMP:(0:10:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:12:53.046: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:12:53.046: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x34EE2CCD(888024269), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:12:53.046: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xB12E9039(2972618809), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:12:53.046: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:12:53.050: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:12:53.050: IPSec: Flow_switching Allocated flow for sibling 80004164 *Oct 29 22:12:53.050: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for from create_transforms *Oct 29 22:12:53.050: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x34EE2CCD(888024269), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3020 *Oct 29 22:12:53.050: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xB12E9039(2972618809), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008 *Oct 29 22:12:53.050: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xD0B6F311(3501650705), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:12:53.050: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 4 *Oct 29 22:12:53.050: ISAKMP:(0:10:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:12:53.050: ISAKMP:(0:10:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:12:53.050: ISAKMP:(0:10:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:12:53.050: ISAKMP:(0:10:SW:1):peer does not do paranoid keepalives. *Oct 29 22:12:53.050: ISAKMP:(0:10:SW:1):deleting SA reason "Death by retransmission P1" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:12:53.078: ISAKMP: set new node 1611335581 to QM_IDLE *Oct 29 22:12:53.078: ISAKMP:(0:10:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:12:53.078: ISAKMP:(0:10:SW:1):purging node 1611335581 *Oct 29 22:12:53.078: ISAKMP:(0:10:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:12:53.078: ISAKMP:(0:10:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:12:53.082: ISAKMP:(0:10:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) router1# *Oct 29 22:12:53.082: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:12:53.082: ISAKMP:(0:10:SW:1):deleting node -1821053697 error FALSE reason "IKE deleted" *Oct 29 22:12:53.082: ISAKMP:(0:10:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:53.082: ISAKMP:(0:10:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:12:54.758: %SEC-6-IPACCESSLOGP: list 144 permitted tcp 172.22.2.10(2463) -> 172.17.3.108(2981), 1 packet *Oct 29 22:12:54.774: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (N) NEW SA *Oct 29 22:12:54.774: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:12:54.774: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for crypto_isakmp_process_block *Oct 29 22:12:54.774: ISAKMP: local port 500, remote port 500 *Oct 29 22:12:54.774: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 64A7CF98 *Oct 29 22:12:54.774: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:54.774: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R_MM1 *Oct 29 22:12:54.798: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:12:54.798: ISAKMP:(0:0:N/A:0): processing vendor id payload *Oct 29 22:12:54.798: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:12:54.802: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:54.802: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:54.802: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:54.802: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:12:54.802: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:12:54.802: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:12:54.802: ISAKMP: encryption 3DES-CBC *Oct 29 22:12:54.802: ISAKMP: hash SHA *Oct 29 22:12:54.802: ISAKMP: auth pre-share *Oct 29 22:12:54.802: ISAKMP: default group 2 *Oct 29 22:12:54.802: ISAKMP: life type in seconds *Oct 29 22:12:54.802: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:12:54.802: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:12:54.854: ISAKMP:(0:11:SW:1): processing vendor id payload *Oct 29 22:12:54.854: ISAKMP:(0:11:SW:1): vendor ID seems Unity/DPD but major 175 mismatch router1# *Oct 29 22:12:54.854: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:54.854: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM1 *Oct 29 22:12:54.858: ISAKMP:(0:11:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_SA_SETUP *Oct 29 22:12:54.858: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:54.858: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM2 *Oct 29 22:12:55.842: ISAKMP (0:134217739): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 29 22:12:55.842: ISAKMP:(0:11:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:55.842: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM2 New State = IKE_R_MM3 *Oct 29 22:12:55.842: ISAKMP:(0:3:SW:1):purging node -2002087318 *Oct 29 22:12:55.842: ISAKMP:(0:3:SW:1):purging node 858072580 *Oct 29 22:12:55.842: ISAKMP:(0:3:SW:1):purging node -1415705509 *Oct 29 22:12:55.842: ISAKMP:(0:3:SW:1):purging node 254672207 *Oct 29 22:12:55.842: %SEC-6-IPACCESSLOGP: list 144 permitted tcp 172.22.2.10(2463) -> 172.17.3.108(2985), 1 packet *Oct 29 22:12:55.854: ISAKMP:(0:11:SW:1): processing KE payload. message ID = 0 *Oct 29 22:12:55.918: ISAKMP:(0:11:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:12:55.930: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:12:55.930: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:12:55.930: ISAKMP:(0:11:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:12:55.930: ISAKMP:(0:11:SW:1):SKEYID state generated *Oct 29 22:12:55.930: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:55.930: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM3 router1# *Oct 29 22:12:55.930: ISAKMP:(0:11:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:12:55.934: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:12:55.934: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM4 *Oct 29 22:12:57.818: %SEC-6-IPACCESSLOGP: list 144 permitted tcp 172.22.2.10(2463) -> 172.17.3.108(2989), 1 packet *Oct 29 22:12:59.230: ISAKMP (0:134217739): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:12:59.234: ISAKMP:(0:11:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:12:59.234: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM4 New State = IKE_R_MM5 *Oct 29 22:12:59.234: ISAKMP (0:134217739): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:12:59.234: ISAKMP:(0:11:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:12:59.234: ISAKMP:(0:11:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:12:59.234: ISAKMP:(0:11:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:12:59.234: ISAKMP:(0:11:SW:1): processing ID payload. message ID = 0 *Oct 29 22:12:59.238: ISAKMP (0:134217739): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1):: peer matches *none* of the profiles *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1):SA authentication status: authenticated *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM5 New State = IKE_R_MM5 *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:12:59.238: ISAKMP (0:134217739): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1):Total payload length: 12 *Oct 29 22:12:59.238: ISAKMP:(0:11:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:12:59.242: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE router1# *Oct 29 22:12:59.242: ISAKMP:(0:11:SW:1):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Oct 29 22:12:59.242: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:12:59.242: ISAKMP:(0:11:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:13:00.822: ISAKMP (0:134217739): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:00.822: ISAKMP: set new node 795693108 to QM_IDLE *Oct 29 22:13:00.822: ISAKMP:(0:11:SW:1): processing HASH payload. message ID = 795693108 *Oct 29 22:13:00.822: ISAKMP:(0:11:SW:1): processing DELETE payload. message ID = 795693108 *Oct 29 22:13:00.822: ISAKMP:(0:11:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:00.822: ISAKMP:(0:11:SW:1):deleting node 795693108 error FALSE reason "Informational (in) state 1" *Oct 29 22:13:00.822: ISAKMP:(0:4:SW:1):purging node -218751925 *Oct 29 22:13:00.822: ISAKMP:(0:11:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:13:00.822: ISAKMP:(0:11:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:13:00.822: ISAKMP:(0:11:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:13:00.826: ISAKMP:(0:11:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:00.826: ISAKMP:(0:11:SW:1):deleting SA reason "Death by retransmission P1" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:00.826: IPSEC(key_engine): got a queue event with 1 kei messages *Oct 29 22:13:00.826: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Oct 29 22:13:00.826: IPSEC(key_engine_delete_sas): delete SA with spi 0x39088090 proto 50 for 192.168.1.4 *Oct 29 22:13:00.826: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x2A6B211(44478993), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:13:00.826: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x39088090(956858512), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:13:00.826: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x39088090(956858512), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:13:00.826: IPSec: Flow_switching Deallocated flow for sibling 80004150 *Oct 29 22:13:00.826: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 3 *Oct 29 22:13:00.850: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 111 packets *Oct 29 22:13:00.850: ISAKMP: set new node -1438988436 to QM_IDLE *Oct 29 22:13:00.850: ISAKMP:(0:11:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:00.850: ISAKMP:(0:11:SW:1):purging node -1438988436 *Oct 29 22:13:00.854: ISAKMP:(0:11:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:13:00.854: ISAKMP:(0:11:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:13:00.854: ISAKMP:(0:11:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:00.854: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:13:00.854: ISAKMP:(0:11:SW:1):deleting node 795693108 error FALSE reason "IKE deleted" *Oct 29 22:13:00.854: ISAKMP:(0:11:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:00.854: ISAKMP:(0:11:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA router1# *Oct 29 22:13:01.970: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (N) NEW SA *Oct 29 22:13:01.970: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:13:01.970: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for crypto_isakmp_process_block *Oct 29 22:13:01.970: ISAKMP: local port 500, remote port 500 *Oct 29 22:13:01.970: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 649D1E1C *Oct 29 22:13:01.970: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:01.970: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R_MM1 *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0): processing vendor id payload *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:13:01.974: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:13:01.974: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:13:01.974: ISAKMP: encryption 3DES-CBC *Oct 29 22:13:01.974: ISAKMP: hash SHA *Oct 29 22:13:01.978: ISAKMP: auth pre-share *Oct 29 22:13:01.978: ISAKMP: default group 2 *Oct 29 22:13:01.978: ISAKMP: life type in seconds *Oct 29 22:13:01.978: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:13:01.978: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:13:02.030: ISAKMP:(0:12:SW:1): processing vendor id payload *Oct 29 22:13:02.030: ISAKMP:(0:12:SW:1): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:13:02.030: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:02.030: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM1 *Oct 29 22:13:02.030: ISAKMP:(0:5:SW:1):purging node 974224374 *Oct 29 22:13:02.030: ISAKMP:(0:12:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_SA_SETUP *Oct 29 22:13:02.030: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:02.030: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM2 *Oct 29 22:13:02.562: ISAKMP (0:134217740): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 29 22:13:02.562: ISAKMP:(0:12:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:02.562: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM2 New State = IKE_R_MM3 *Oct 29 22:13:02.562: ISAKMP:(0:12:SW:1): processing KE payload. message ID = 0 *Oct 29 22:13:02.626: ISAKMP:(0:12:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:13:02.626: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:02.626: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:02.626: ISAKMP:(0:12:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:02.630: ISAKMP:(0:12:SW:1):SKEYID state generated router1# *Oct 29 22:13:02.630: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:02.630: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM3 *Oct 29 22:13:02.630: ISAKMP:(0:12:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:13:02.630: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:02.630: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM4 *Oct 29 22:13:03.918: ISAKMP (0:134217740): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM4 New State = IKE_R_MM5 *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1): processing ID payload. message ID = 0 *Oct 29 22:13:03.918: ISAKMP (0:134217740): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1):: peer matches *none* of the profiles *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1):SA authentication status: authenticated *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:03.918: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM5 New State = IKE_R_MM5 *Oct 29 22:13:03.922: ISAKMP:(0:12:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:13:03.922: ISAKMP (0:134217740): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:13:03.922: ISAKMP:(0:12:SW:1):Total payload length: 12 *Oct 29 22:13:03.922: ISAKMP:(0:12:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:13:03.922: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:03.922: ISAKMP:(0:12:SW:1):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Oct 29 22:13:03.922: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:13:03.922: ISAKMP:(0:12:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE router1# *Oct 29 22:13:04.966: ISAKMP (0:134217740): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:04.966: ISAKMP: set new node 1684903294 to QM_IDLE *Oct 29 22:13:04.966: ISAKMP:(0:12:SW:1): processing HASH payload. message ID = 1684903294 *Oct 29 22:13:04.966: ISAKMP:(0:12:SW:1): processing DELETE payload. message ID = 1684903294 *Oct 29 22:13:04.966: ISAKMP:(0:12:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:04.966: ISAKMP:(0:12:SW:1):deleting node 1684903294 error FALSE reason "Informational (in) state 1" *Oct 29 22:13:04.966: ISAKMP:(0:3:SW:1):purging SA., sa=6600DF20, delme=6600DF20 *Oct 29 22:13:04.970: IPSEC(key_engine): got a queue event with 1 kei messages *Oct 29 22:13:04.970: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Oct 29 22:13:04.970: IPSEC(key_engine_delete_sas): delete SA with spi 0xB12E9039 proto 50 for 192.168.1.4 *Oct 29 22:13:04.970: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x34EE2CCD(888024269), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3020, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:04.970: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xB12E9039(2972618809), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:04.970: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xB12E9039(2972618809), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008, (identity) router1#local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:04.970: IPSec: Flow_switching Deallocated flow for sibling 80004164 *Oct 29 22:13:04.970: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 2 *Oct 29 22:13:06.610: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41319) -> 192.168.1.7(33442), 1 packet *Oct 29 22:13:06.610: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xBF889F5(200837621), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:06.614: ISAKMP: received ke message (1/1) *Oct 29 22:13:06.614: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:06.614: ISAKMP:(0:12:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:13:06.614: ISAKMP:(0:12:SW:1):beginning Quick Mode exchange, M-ID of 1035023732 *Oct 29 22:13:06.614: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1) *Oct 29 22:13:06.622: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x6E9574C8(1855288520), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:06.626: ISAKMP:(0:12:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:06.626: ISAKMP:(0:12:SW:1):Node 1035023732, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:06.626: ISAKMP:(0:12:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:13:06.626: ISAKMP: received ke message (3/1) *Oct 29 22:13:06.626: ISAKMP:(0:10:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.626: ISAKMP:(0:9:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.626: ISAKMP:(0:7:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.630: ISAKMP:(0:5:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.630: ISAKMP:(0:4:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.630: ISAKMP:(0:12:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.630: ISAKMP:(0:12:SW:1):deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:06.630: ISAKMP:(0:11:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.630: ISAKMP:(0:8:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.630: ISAKMP:(0:6:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:06.630: ISAKMP: received ke message (1/1) *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:13:06.630: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:13:06.630: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 2 for isakmp_initiator *Oct 29 22:13:06.630: ISAKMP: local port 500, remote port 500 *Oct 29 22:13:06.630: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:06.630: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 6600E354 *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:13:06.630: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:13:06.638: ISAKMP: set new node 518188272 to QM_IDLE *Oct 29 22:13:06.638: ISAKMP:(0:12:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:06.638: ISAKMP:(0:12:SW:1):purging node 518188272 *Oct 29 22:13:06.638: ISAKMP:(0:12:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:13:06.638: ISAKMP:(0:12:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:13:06.642: ISAKMP:(0:12:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:06.642: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 1 *Oct 29 22:13:06.642: ISAKMP:(0:12:SW:1):deleting node 1684903294 error FALSE reason "IKE deleted" *Oct 29 22:13:06.642: ISAKMP:(0:12:SW:1):deleting node 1035023732 error FALSE reason "IKE deleted" *Oct 29 22:13:06.642: ISAKMP:(0:12:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:06.642: ISAKMP:(0:12:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:13:07.106: ISAKMP (0:134217740): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_NO_STATE *Oct 29 22:13:07.106: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:13:07.106: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:07.106: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:13:07.110: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:13:07.110: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:07.110: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:07.110: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:07.110: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:13:07.110: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:13:07.110: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:13:07.110: ISAKMP: encryption 3DES-CBC *Oct 29 22:13:07.110: ISAKMP: hash SHA *Oct 29 22:13:07.110: ISAKMP: default group 2 *Oct 29 22:13:07.110: ISAKMP: auth pre-share *Oct 29 22:13:07.110: ISAKMP: life type in seconds *Oct 29 22:13:07.110: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 router1# *Oct 29 22:13:07.110: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:13:07.162: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:07.162: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:13:07.162: ISAKMP:(0:13:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:13:07.162: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:07.162: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:13:08.618: ISAKMP (0:134217741): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:13:08.622: ISAKMP:(0:13:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:08.622: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:13:08.622: ISAKMP:(0:13:SW:1): processing KE payload. message ID = 0 *Oct 29 22:13:08.686: ISAKMP:(0:13:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:13:08.686: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:08.686: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:08.686: ISAKMP:(0:13:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:08.686: ISAKMP:(0:13:SW:1):SKEYID state generated *Oct 29 22:13:08.686: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:08.686: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:13:08.686: ISAKMP:(0:13:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:13:08.686: ISAKMP (0:134217741): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:13:08.690: ISAKMP:(0:13:SW:1):Total payload length: 12 *Oct 29 22:13:08.690: ISAKMP:(0:13:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:13:08.690: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:08.690: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 router1# *Oct 29 22:13:09.762: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:13:09.962: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x803EACBE(2151591102), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:11.770: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41330) -> 192.168.1.7(33438), 1 packet router1# *Oct 29 22:13:13.222: ISAKMP (0:134217741): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:13.222: ISAKMP:(0:13:SW:1): processing ID payload. message ID = 0 *Oct 29 22:13:13.222: ISAKMP (0:134217741): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:13:13.222: ISAKMP:(0:13:SW:1):: peer matches *none* of the profiles *Oct 29 22:13:13.222: ISAKMP:(0:13:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:13:13.226: ISAKMP:(0:13:SW:1):SA authentication status: authenticated *Oct 29 22:13:13.226: ISAKMP:(0:13:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:13:13.226: ISAKMP:(0:13:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:13.226: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:13:13.226: ISAKMP: received ke message (3/1) *Oct 29 22:13:13.226: ISAKMP:(0:13:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:13:SW:1):deleting SA reason "P1 delete notify (in)" state (I) MM_KEY_EXCH (peer 192.168.1.4) *Oct 29 22:13:13.226: ISAKMP:(0:10:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:9:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:7:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:5:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:4:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:12:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:11:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:8:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:6:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:13.226: ISAKMP:(0:6:SW:1):purging node -84298424 *Oct 29 22:13:13.226: ISAKMP (0:134217741): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:13.226: ISAKMP (0:134217741): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:13.226: ISAKMP: received ke message (1/1) *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:13:13.230: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:13:13.230: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 2 for isakmp_initiator *Oct 29 22:13:13.230: ISAKMP: local port 500, remote port 500 *Oct 29 22:13:13.230: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:13.230: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 649EADCC *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:13:13.230: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:13:13.230: ISAKMP:(0:4:SW:1):purging SA., sa=65F0EE40, delme=65F0EE40 *Oct 29 22:13:13.230: ISAKMP:(0:5:SW:1):purging SA., sa=649E1F14, delme=649E1F14 *Oct 29 22:13:13.234: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:13.234: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:13:13.234: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:13.234: ISAKMP:(0:13:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:13:13.234: ISAKMP: set new node -1101861217 to QM_IDLE *Oct 29 22:13:13.234: ISAKMP:(0:13:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):purging node -1101861217 *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):deleting SA reason "No reason" state (I) MM_KEY_EXCH (peer 192.168.1.4) *Oct 29 22:13:13.238: ISAKMP:(0:0:N/A:0):Can't decrement IKE Call Admisstion Control stat outgoing_negotiating since it's already 0. *Oct 29 22:13:13.238: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 1 *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):deleting node 2132631768 error FALSE reason "IKE deleted" *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE router1# *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):deleting SA reason "No reason" state (I) MM_NO_STATE (peer 192.168.1.4) *Oct 29 22:13:13.238: ISAKMP:(0:0:N/A:0):Can't decrement IKE Call Admisstion Control stat outgoing_negotiating since it's already 0. *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):deleting node 2132631768 error FALSE reason "IKE deleted" *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:13.238: ISAKMP:(0:13:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:13:16.482: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:13:16.482: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:16.482: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:13:16.482: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:13:16.482: ISAKMP:(0:0:N/A:0): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:13:16.482: ISAKMP:(0:0:N/A:0): retransmitting due to retransmit phase 1 *Oct 29 22:13:16.482: ISAKMP:(0:0:N/A:0): retransmitting phase 1 MM_NO_STATE... *Oct 29 22:13:16.486: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:13:16.486: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:16.486: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:16.486: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:16.486: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:13:16.486: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:13:16.486: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:13:16.486: ISAKMP: encryption 3DES-CBC *Oct 29 22:13:16.486: ISAKMP: hash SHA *Oct 29 22:13:16.486: ISAKMP: default group 2 *Oct 29 22:13:16.486: ISAKMP: auth pre-share *Oct 29 22:13:16.486: ISAKMP: life type in seconds *Oct 29 22:13:16.486: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:13:16.486: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:13:16.538: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:16.538: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:13:16.538: ISAKMP:(0:14:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP router1# *Oct 29 22:13:16.538: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:16.538: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:13:16.798: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41330) -> 192.168.1.7(33439), 1 packet *Oct 29 22:13:18.478: ISAKMP (0:134217742): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:13:18.478: ISAKMP:(0:14:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:18.478: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:13:18.478: ISAKMP:(0:7:SW:1):purging node -1022351598 *Oct 29 22:13:18.478: ISAKMP:(0:7:SW:1):purging node 1559649824 *Oct 29 22:13:18.478: ISAKMP:(0:7:SW:1):purging node 1159398309 *Oct 29 22:13:18.478: ISAKMP:(0:14:SW:1): processing KE payload. message ID = 0 *Oct 29 22:13:18.542: ISAKMP:(0:14:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:13:18.546: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:18.546: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:18.546: ISAKMP:(0:14:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:18.546: ISAKMP:(0:14:SW:1):SKEYID state generated *Oct 29 22:13:18.546: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:18.546: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:13:18.550: ISAKMP:(0:14:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:13:18.550: ISAKMP (0:134217742): ID payload next-payload : 8 type : 1 router1# address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:13:18.550: ISAKMP:(0:14:SW:1):Total payload length: 12 *Oct 29 22:13:18.550: ISAKMP:(0:14:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:13:18.550: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:18.550: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:13:20.002: ISAKMP (0:134217742): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:20.002: ISAKMP:(0:14:SW:1): processing ID payload. message ID = 0 *Oct 29 22:13:20.002: ISAKMP (0:134217742): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:13:20.002: ISAKMP:(0:14:SW:1):: peer matches *none* of the profiles *Oct 29 22:13:20.002: ISAKMP:(0:14:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1):SA authentication status: authenticated *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:13:20.006: ISAKMP:(0:6:SW:1):purging SA., sa=660162A8, delme=660162A8 *Oct 29 22:13:20.006: ISAKMP (0:134217742): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:13:20.006: ISAKMP (0:134217742): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:13:20.006: ISAKMP:(0:14:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:13:20.010: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:20.010: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:13:20.010: ISAKMP:(0:0:N/A:0):Can't decrement IKE Call Admisstion Control stat outgoing_negotiating since it's already 0. *Oct 29 22:13:20.010: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:20.010: ISAKMP:(0:14:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:13:20.010: ISAKMP:(0:14:SW:1):beginning Quick Mode exchange, M-ID of 706917199 *Oct 29 22:13:20.014: ISAKMP:(0:14:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:13:20.014: ISAKMP:(0:14:SW:1):Node 706917199, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:20.014: ISAKMP:(0:14:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:13:20.014: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:13:20.014: ISAKMP:(0:14:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE router1# *Oct 29 22:13:20.794: ISAKMP (0:134217742): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:13:20.794: ISAKMP:(0:14:SW:1): processing HASH payload. message ID = 706917199 *Oct 29 22:13:20.794: ISAKMP:(0:14:SW:1): processing SA payload. message ID = 706917199 *Oct 29 22:13:20.794: ISAKMP:(0:14:SW:1):Checking IPSec proposal 1 *Oct 29 22:13:20.794: ISAKMP: transform 1, ESP_3DES *Oct 29 22:13:20.794: ISAKMP: attributes in transform: *Oct 29 22:13:20.794: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:13:20.794: ISAKMP: SA life type in seconds *Oct 29 22:13:20.794: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:13:20.794: ISAKMP: SA life type in kilobytes *Oct 29 22:13:20.794: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:13:20.794: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:13:20.794: ISAKMP:(0:14:SW:1):atts are acceptable. *Oct 29 22:13:20.794: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:20.798: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:20.798: ISAKMP:(0:14:SW:1): processing NONCE payload. message ID = 706917199 *Oct 29 22:13:20.798: ISAKMP:(0:14:SW:1): processing ID payload. message ID = 706917199 *Oct 29 22:13:20.798: ISAKMP:(0:14:SW:1): processing ID payload. message ID = 706917199 *Oct 29 22:13:20.798: ISAKMP:(0:14:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 2151591102, message ID = 706917199, sa = 649EADCC *Oct 29 22:13:20.798: ISAKMP:(0:14:SW:1):SA authentication status: authenticated *Oct 29 22:13:20.798: ISAKMP:(0:14:SW:1): processing responder lifetime *Oct 29 22:13:20.798: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 3 for for stuff_ke *Oct 29 22:13:20.798: ISAKMP:(0:14:SW:1): Creating IPSec SAs *Oct 29 22:13:20.798: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.20) *Oct 29 22:13:20.798: has spi 0x803EACBE and conn_id 0 and flags 2 *Oct 29 22:13:20.798: lifetime of 3600 seconds *Oct 29 22:13:20.798: lifetime of 4608000 kilobytes *Oct 29 22:13:20.798: has client flags 0x0 *Oct 29 22:13:20.798: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.20 to 192.168.10.4) *Oct 29 22:13:20.798: has spi 211010078 and conn_id 0 and flags A *Oct 29 22:13:20.798: lifetime of 3600 seconds *Oct 29 22:13:20.798: lifetime of 4608000 kilobytes *Oct 29 22:13:20.798: has client flags 0x0 *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1):deleting node 706917199 error FALSE reason "No Error" *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1):Node 706917199, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:20.802: ISAKMP:(0:14:SW:1):deleting SA reason "Death by retransmission P1" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:20.802: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:13:20.802: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x803EACBE(2151591102), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:20.802: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xC93C21E(211010078), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:13:20.806: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:20.806: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:13:20.806: IPSec: Flow_switching Allocated flow for sibling 80004116 *Oct 29 22:13:20.806: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 4 for from create_transforms *Oct 29 22:13:20.806: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x803EACBE(2151591102), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008 *Oct 29 22:13:20.806: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xC93C21E(211010078), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3020 *Oct 29 22:13:20.806: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xAF06750D(2936435981), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:20.806: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 3 *Oct 29 22:13:20.806: ISAKMP: set new node -248910309 to QM_IDLE *Oct 29 22:13:20.806: ISAKMP:(0:14:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:13:20.810: ISAKMP:(0:14:SW:1):purging node -248910309 *Oct 29 22:13:20.810: ISAKMP:(0:14:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL router1# *Oct 29 22:13:20.810: ISAKMP:(0:14:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:13:20.810: ISAKMP:(0:14:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:20.810: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:13:20.810: ISAKMP:(0:14:SW:1):deleting node 706917199 error FALSE reason "IKE deleted" *Oct 29 22:13:20.810: ISAKMP:(0:14:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:20.810: ISAKMP:(0:14:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:13:23.110: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41330) -> 192.168.1.7(33440), 1 packet *Oct 29 22:13:23.118: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:13:23.122: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xD0B6F311(3501650705), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:23.122: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x63141DA8(1662262696), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:23.122: IPSec: Flow_switching Deallocated flow for sibling 8000406A *Oct 29 22:13:23.122: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 2 *Oct 29 22:13:23.126: ISAKMP: received ke message (3/1) *Oct 29 22:13:23.126: ISAKMP:(0:14:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP:(0:13:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP:(0:10:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP:(0:9:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP:(0:7:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP:(0:12:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP:(0:11:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP:(0:8:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:23.126: ISAKMP: received ke message (3/1) *Oct 29 22:13:23.126: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0xD0B6F311 *Oct 29 22:13:23.130: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xD00CFA(13634810), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:23.154: ISAKMP: received ke message (1/1) *Oct 29 22:13:23.154: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:13:23.154: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:13:23.154: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:13:23.158: ISAKMP: local port 500, remote port 500 *Oct 29 22:13:23.158: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:23.158: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 660162A8 *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:13:23.158: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:13:24.006: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:13:24.006: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:13:24.010: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:13:24.010: ISAKMP: encryption 3DES-CBC *Oct 29 22:13:24.010: ISAKMP: hash SHA *Oct 29 22:13:24.010: ISAKMP: default group 2 *Oct 29 22:13:24.010: ISAKMP: auth pre-share *Oct 29 22:13:24.010: ISAKMP: life type in seconds *Oct 29 22:13:24.010: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:13:24.010: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:13:24.062: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE router1# *Oct 29 22:13:24.062: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:13:24.062: ISAKMP:(0:15:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:13:24.062: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:24.062: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:13:24.954: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41331) -> 192.168.10.4(33440), 1 packet *Oct 29 22:13:24.954: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xB628A90E(3056118030), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:25.554: ISAKMP (0:134217743): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:13:25.554: ISAKMP:(0:15:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:25.554: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:13:25.554: ISAKMP: received ke message (1/1) *Oct 29 22:13:25.554: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:25.554: ISAKMP:(0:15:SW:1):SA is still budding. Attached new ipsec request to it. (local 172.22.254.1, remote 192.168.1.4) *Oct 29 22:13:25.554: ISAKMP:(0:15:SW:1): processing KE payload. message ID = 0 *Oct 29 22:13:25.618: ISAKMP:(0:15:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:13:25.618: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:25.618: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:25.618: ISAKMP:(0:15:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:25.618: ISAKMP:(0:15:SW:1):SKEYID state generated *Oct 29 22:13:25.622: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:25.622: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:13:25.622: ISAKMP:(0:15:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:13:25.622: ISAKMP (0:134217743): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 router1# *Oct 29 22:13:25.622: ISAKMP:(0:15:SW:1):Total payload length: 12 *Oct 29 22:13:25.622: ISAKMP:(0:15:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:13:25.622: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:25.622: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:13:25.866: ISAKMP (0:134217743): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:25.866: ISAKMP:(0:15:SW:1): processing ID payload. message ID = 0 *Oct 29 22:13:25.870: ISAKMP (0:134217743): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1):: peer matches *none* of the profiles *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1):SA authentication status: authenticated *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:13:25.870: ISAKMP (0:134217743): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:13:25.870: ISAKMP:(0:15:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:13:25.878: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:25.878: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:13:25.882: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:25.882: ISAKMP:(0:15:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE *Oct 29 22:13:25.882: ISAKMP (0:134217743): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:13:25.882: ISAKMP:(0:15:SW:1): phase 1 packet is a duplicate of a previous packet. *Oct 29 22:13:25.882: ISAKMP:(0:15:SW:1): retransmitting due to retransmit phase 1 *Oct 29 22:13:25.882: ISAKMP:(0:15:SW:1): retransmitting phase 1 MM_KEY_EXCH... *Oct 29 22:13:25.886: ISAKMP:(0:15:SW:1):beginning Quick Mode exchange, M-ID of 968139453 *Oct 29 22:13:25.886: ISAKMP:(0:15:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:13:25.886: ISAKMP:(0:15:SW:1):Node 968139453, Input = IKE_MESG_INTERNAL, IKE_INIT_QM router1# *Oct 29 22:13:25.890: ISAKMP:(0:15:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:13:25.890: ISAKMP:(0:15:SW:1):beginning Quick Mode exchange, M-ID of 1780740406 *Oct 29 22:13:25.890: ISAKMP:(0:15:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:13:25.890: ISAKMP:(0:15:SW:1):Node 1780740406, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:25.890: ISAKMP:(0:15:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:13:25.890: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:13:25.890: ISAKMP:(0:15:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:13:26.746: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41330) -> 192.168.1.7(33441), 1 packet *Oct 29 22:13:27.326: ISAKMP (0:134217743): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:13:27.330: ISAKMP:(0:15:SW:1): processing HASH payload. message ID = 968139453 *Oct 29 22:13:27.330: ISAKMP:(0:15:SW:1): processing SA payload. message ID = 968139453 *Oct 29 22:13:27.330: ISAKMP:(0:15:SW:1):Checking IPSec proposal 1 *Oct 29 22:13:27.330: ISAKMP: transform 1, ESP_3DES *Oct 29 22:13:27.330: ISAKMP: attributes in transform: *Oct 29 22:13:27.330: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:13:27.330: ISAKMP: SA life type in seconds *Oct 29 22:13:27.330: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:13:27.330: ISAKMP: SA life type in kilobytes *Oct 29 22:13:27.330: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:13:27.330: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:13:27.330: ISAKMP:(0:15:SW:1):atts are acceptable. *Oct 29 22:13:27.330: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:27.330: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:27.330: ISAKMP:(0:15:SW:1): processing NONCE payload. message ID = 968139453 *Oct 29 22:13:27.330: ISAKMP:(0:15:SW:1): processing ID payload. message ID = 968139453 *Oct 29 22:13:27.330: ISAKMP:(0:15:SW:1): processing ID payload. message ID = 968139453 *Oct 29 22:13:27.334: ISAKMP:(0:15:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 13634810, message ID = 968139453, sa = 660162A8 *Oct 29 22:13:27.334: ISAKMP:(0:15:SW:1):SA authentication status: authenticated *Oct 29 22:13:27.334: ISAKMP:(0:15:SW:1): processing responder lifetime *Oct 29 22:13:27.334: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 3 for for stuff_ke *Oct 29 22:13:27.334: ISAKMP:(0:15:SW:1): Creating IPSec SAs *Oct 29 22:13:27.334: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:13:27.334: has spi 0xD00CFA and conn_id 0 and flags 2 *Oct 29 22:13:27.334: lifetime of 3600 seconds *Oct 29 22:13:27.334: lifetime of 4608000 kilobytes *Oct 29 22:13:27.334: has client flags 0x0 *Oct 29 22:13:27.334: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:13:27.334: has spi -741779021 and conn_id 0 and flags A *Oct 29 22:13:27.334: lifetime of 3600 seconds *Oct 29 22:13:27.334: lifetime of 4608000 kilobytes *Oct 29 22:13:27.334: has client flags 0x0 *Oct 29 22:13:27.334: ISAKMP:(0:15:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:13:27.334: ISAKMP:(0:15:SW:1):deleting node 968139453 error FALSE reason "No Error" *Oct 29 22:13:27.338: ISAKMP:(0:15:SW:1):Node 968139453, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:13:27.338: ISAKMP:(0:15:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:13:27.338: ISAKMP:(0:15:SW:1): retransmitting phase 1 QM_IDLE ... *Oct 29 22:13:27.338: ISAKMP:(0:15:SW:1):incrementing error counter on sa: retransmit phase 1 *Oct 29 22:13:27.338: ISAKMP:(0:15:SW:1): no outgoing phase 1 packet to retransmit. QM_IDLE *Oct 29 22:13:27.338: ISAKMP:(0:15:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:27.338: ISAKMP:(0:15:SW:1):deleting SA reason "Death by retransmission P1" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:27.338: ISAKMP (0:134217743): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:13:27.342: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:13:27.342: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xD00CFA(13634810), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:27.342: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xD3C959B3(3553188275), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:13:27.342: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:27.342: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:13:27.342: IPSec: Flow_switching Allocated flow for sibling 80004178 *Oct 29 22:13:27.342: IPSEC(policy_db_add_ident): src 172.18.210.16, dest 192.168.10.4, dest_port 0 *Oct 29 22:13:27.342: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 4 for from create_transforms *Oct 29 22:13:27.342: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xD00CFA(13634810), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030 *Oct 29 22:13:27.346: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xD3C959B3(3553188275), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021 *Oct 29 22:13:27.346: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 3 *Oct 29 22:13:27.350: ISAKMP: set new node 1706143581 to QM_IDLE *Oct 29 22:13:27.350: ISAKMP:(0:15:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):purging node 1706143581 *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:13:27.354: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 router1# *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):deleting node 968139453 error FALSE reason "IKE deleted" *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):deleting node 1780740406 error FALSE reason "IKE deleted" *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:27.354: ISAKMP:(0:15:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:13:28.990: ISAKMP:(0:7:SW:1):purging SA., sa=66024214, delme=66024214 router1# *Oct 29 22:13:31.658: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41330) -> 192.168.1.7(33442), 1 packet *Oct 29 22:13:31.826: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (N) NEW SA *Oct 29 22:13:31.826: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:13:31.826: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for crypto_isakmp_process_block *Oct 29 22:13:31.826: ISAKMP: local port 500, remote port 500 *Oct 29 22:13:31.826: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 649D2508 *Oct 29 22:13:31.826: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:31.826: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R_MM1 *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0): processing vendor id payload *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 175 mismatch *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:13:31.830: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:13:31.830: ISAKMP: encryption 3DES-CBC *Oct 29 22:13:31.830: ISAKMP: hash SHA *Oct 29 22:13:31.830: ISAKMP: auth pre-share *Oct 29 22:13:31.830: ISAKMP: default group 2 *Oct 29 22:13:31.830: ISAKMP: life type in seconds *Oct 29 22:13:31.830: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:13:31.830: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:13:31.882: ISAKMP:(0:16:SW:1): processing vendor id payload *Oct 29 22:13:31.882: ISAKMP:(0:16:SW:1): vendor ID seems Unity/DPD but major 175 mismatch router1# *Oct 29 22:13:31.882: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:31.882: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM1 *Oct 29 22:13:31.882: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_SA_SETUP *Oct 29 22:13:31.882: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:31.882: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM1 New State = IKE_R_MM2 *Oct 29 22:13:31.930: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_SA_SETUP *Oct 29 22:13:31.930: ISAKMP:(0:16:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:31.930: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM2 New State = IKE_R_MM3 *Oct 29 22:13:31.930: ISAKMP:(0:16:SW:1): processing KE payload. message ID = 0 *Oct 29 22:13:31.994: ISAKMP:(0:16:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:13:31.998: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:13:31.998: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:13:31.998: ISAKMP:(0:16:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:13:31.998: ISAKMP:(0:16:SW:1):SKEYID state generated *Oct 29 22:13:31.998: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE router1# *Oct 29 22:13:31.998: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM3 *Oct 29 22:13:31.998: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:13:31.998: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:32.002: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM3 New State = IKE_R_MM4 *Oct 29 22:13:33.066: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) MM_KEY_EXCH *Oct 29 22:13:33.066: ISAKMP:(0:16:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:13:33.066: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM4 New State = IKE_R_MM5 *Oct 29 22:13:33.074: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 0 *Oct 29 22:13:33.074: ISAKMP (0:134217744): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:13:33.074: ISAKMP:(0:16:SW:1):: peer matches *none* of the profiles *Oct 29 22:13:33.074: ISAKMP:(0:16:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:13:33.074: ISAKMP:(0:16:SW:1):SA authentication status: authenticated *Oct 29 22:13:33.074: ISAKMP:(0:16:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:13:33.074: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:13:33.074: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM5 New State = IKE_R_MM5 *Oct 29 22:13:33.078: ISAKMP:(0:16:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:13:33.078: ISAKMP (0:134217744): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:13:33.078: ISAKMP:(0:16:SW:1):Total payload length: 12 *Oct 29 22:13:33.078: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Oct 29 22:13:33.078: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:13:33.078: ISAKMP:(0:16:SW:1):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Oct 29 22:13:33.082: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:13:33.082: ISAKMP:(0:16:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:13:33.494: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:33.494: ISAKMP: set new node -545337773 to QM_IDLE *Oct 29 22:13:33.494: ISAKMP:(0:16:SW:1): processing HASH payload. message ID = -545337773 *Oct 29 22:13:33.494: ISAKMP:(0:16:SW:1): processing DELETE payload. message ID = -545337773 *Oct 29 22:13:33.498: ISAKMP:(0:16:SW:1):peer does not do paranoid keepalives. *Oct 29 22:13:33.498: ISAKMP:(0:16:SW:1):deleting node -545337773 error FALSE reason "Informational (in) state 1" *Oct 29 22:13:33.498: IPSEC(key_engine): got a queue event with 1 kei messages *Oct 29 22:13:33.498: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Oct 29 22:13:33.498: IPSEC(key_engine_delete_sas): delete SA with spi 0xD3C959B3 proto 50 for 192.168.1.4 *Oct 29 22:13:33.498: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xD00CFA(13634810), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:33.498: IPSEC(delete_sa): deleting SA router1#, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xD3C959B3(3553188275), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:33.502: IPSec: Flow_switching Deallocated flow for sibling 80004178 *Oct 29 22:13:33.502: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 2 router1# *Oct 29 22:13:34.766: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41331) -> 192.168.10.4(33442), 1 packet router1# *Oct 29 22:13:35.954: ISAKMP:(0:9:SW:1):purging node -880647121 *Oct 29 22:13:35.954: ISAKMP:(0:9:SW:1):purging node 1669043583 *Oct 29 22:13:35.954: ISAKMP:(0:9:SW:1):purging node -1252485049 *Oct 29 22:13:35.954: ISAKMP:(0:9:SW:1):purging node -1430653787 *Oct 29 22:13:36.610: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:13:36.610: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x4E829065(1317179493), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:36.610: ISAKMP: received ke message (1/1) *Oct 29 22:13:36.610: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:36.610: ISAKMP:(0:16:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:13:36.610: ISAKMP:(0:16:SW:1):beginning Quick Mode exchange, M-ID of 1614994549 *Oct 29 22:13:36.610: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:36.614: ISAKMP:(0:16:SW:1):Node 1614994549, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:36.614: ISAKMP:(0:16:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:13:36.622: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1) *Oct 29 22:13:36.622: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x5E6261C7(1583505863), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:36.622: ISAKMP: received ke message (1/1) *Oct 29 22:13:36.622: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:36.622: ISAKMP:(0:16:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:13:36.622: ISAKMP:(0:16:SW:1):beginning Quick Mode exchange, M-ID of 1930336290 router1# *Oct 29 22:13:36.622: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:36.626: ISAKMP:(0:16:SW:1):Node 1930336290, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:36.626: ISAKMP:(0:16:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:13:37.682: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41330) -> 192.168.1.7(33443), 1 packet *Oct 29 22:13:37.698: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:37.698: ISAKMP:(0:16:SW:1): processing HASH payload. message ID = 1614994549 *Oct 29 22:13:37.698: ISAKMP:(0:16:SW:1): processing SA payload. message ID = 1614994549 *Oct 29 22:13:37.698: ISAKMP:(0:16:SW:1):Checking IPSec proposal 1 *Oct 29 22:13:37.698: ISAKMP: transform 1, ESP_3DES *Oct 29 22:13:37.698: ISAKMP: attributes in transform: *Oct 29 22:13:37.698: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:13:37.698: ISAKMP: SA life type in seconds *Oct 29 22:13:37.698: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:13:37.698: ISAKMP: SA life type in kilobytes *Oct 29 22:13:37.698: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:13:37.702: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1):atts are acceptable. *Oct 29 22:13:37.702: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:37.702: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1): processing NONCE payload. message ID = 1614994549 *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1614994549 *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1614994549 *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 1317179493, message ID = 1614994549, sa = 649D2508 *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1):SA authentication status: authenticated *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1): processing responder lifetime *Oct 29 22:13:37.702: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 3 for for stuff_ke *Oct 29 22:13:37.702: ISAKMP:(0:16:SW:1): Creating IPSec SAs *Oct 29 22:13:37.706: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.1.7 to 172.18.210.16) *Oct 29 22:13:37.706: has spi 0x4E829065 and conn_id 0 and flags 2 *Oct 29 22:13:37.706: lifetime of 3600 seconds *Oct 29 22:13:37.706: lifetime of 4608000 kilobytes *Oct 29 22:13:37.706: has client flags 0x0 *Oct 29 22:13:37.706: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.1.7) *Oct 29 22:13:37.706: has spi -188863242 and conn_id 0 and flags A *Oct 29 22:13:37.706: lifetime of 3600 seconds *Oct 29 22:13:37.706: lifetime of 4608000 kilobytes *Oct 29 22:13:37.706: has client flags 0x0 *Oct 29 22:13:37.706: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:37.706: ISAKMP:(0:16:SW:1):deleting node 1614994549 error FALSE reason "No Error" *Oct 29 22:13:37.706: ISAKMP:(0:16:SW:1):Node 1614994549, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:13:37.706: ISAKMP:(0:16:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:13:37.706: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:37.706: ISAKMP:(0:16:SW:1): processing HASH payload. message ID = 1930336290 *Oct 29 22:13:37.706: ISAKMP:(0:16:SW:1): processing SA payload. message ID = 1930336290 *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1):Checking IPSec proposal 1 *Oct 29 22:13:37.710: ISAKMP: transform 1, ESP_3DES *Oct 29 22:13:37.710: ISAKMP: attributes in transform: *Oct 29 22:13:37.710: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:13:37.710: ISAKMP: SA life type in seconds *Oct 29 22:13:37.710: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:13:37.710: ISAKMP: SA life type in kilobytes *Oct 29 22:13:37.710: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:13:37.710: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1):atts are acceptable. *Oct 29 22:13:37.710: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:37.710: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1): processing NONCE payload. message ID = 1930336290 *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1930336290 *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1930336290 *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 1583505863, message ID = 1930336290, sa = 649D2508 *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1):SA authentication status: authenticated *Oct 29 22:13:37.710: ISAKMP:(0:16:SW:1): processing responder lifetime *Oct 29 22:13:37.714: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 4 for for stuff_ke *Oct 29 22:13:37.714: ISAKMP:(0:16:SW:1): Creating IPSec SAs *Oct 29 22:13:37.714: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.1.7 to 172.18.210.16) *Oct 29 22:13:37.714: has spi 0x5E6261C7 and conn_id 0 and flags 2 *Oct 29 22:13:37.714: lifetime of 3600 seconds *Oct 29 22:13:37.714: lifetime of 4608000 kilobytes *Oct 29 22:13:37.714: has client flags 0x0 *Oct 29 22:13:37.714: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.1.7) *Oct 29 22:13:37.714: has spi 2130704542 and conn_id 0 and flags A *Oct 29 22:13:37.714: lifetime of 3600 seconds *Oct 29 22:13:37.714: lifetime of 4608000 kilobytes *Oct 29 22:13:37.714: has client flags 0x0 *Oct 29 22:13:37.714: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:37.714: ISAKMP:(0:16:SW:1):deleting node 1930336290 error FALSE reason "No Error" *Oct 29 22:13:37.714: ISAKMP:(0:16:SW:1):Node 1930336290, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:13:37.714: ISAKMP:(0:16:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:13:37.718: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:13:37.718: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x4E829065(1317179493), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:37.718: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xF4BE2CF6(4106104054), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:13:37.718: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:37.718: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:13:37.718: IPSec: Flow_switching Allocated flow for sibling 800040F5 *Oct 29 22:13:37.718: IPSEC(policy_db_add_ident): src 172.18.210.16, dest 192.168.1.7, dest_port 0 *Oct 29 22:13:37.718: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for from create_transforms *Oct 29 22:13:37.718: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x4E829065(1317179493), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021 *Oct 29 22:13:37.718: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xF4BE2CF6(4106104054), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3030 *Oct 29 22:13:37.718: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 4 *Oct 29 22:13:37.718: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:13:37.722: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x5E6261C7(1583505863), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:37.722: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x7EFFF89E(2130704542), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:13:37.722: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:37.722: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:13:37.722: IPSec: Flow_switching Allocated flow for sibling 8000419C *Oct 29 22:13:37.722: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for from create_transforms *Oct 29 22:13:37.722: IPSEC(create_sa): sa created router1#, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x5E6261C7(1583505863), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041 *Oct 29 22:13:37.722: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x7EFFF89E(2130704542), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007 *Oct 29 22:13:37.722: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 4 *Oct 29 22:13:39.930: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41331) -> 192.168.10.4(33443), 1 packet *Oct 29 22:13:40.130: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:13:40.130: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x1153E4DA(290710746), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:40.238: ISAKMP:(0:8:SW:1):purging SA., sa=649FB804, delme=649FB804 *Oct 29 22:13:40.238: ISAKMP: received ke message (1/1) *Oct 29 22:13:40.238: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:40.238: ISAKMP:(0:16:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:13:40.238: ISAKMP:(0:16:SW:1):beginning Quick Mode exchange, M-ID of 469295926 *Oct 29 22:13:40.238: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:40.242: ISAKMP:(0:16:SW:1):Node 469295926, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:40.242: ISAKMP:(0:16:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 router1# *Oct 29 22:13:41.042: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:41.042: ISAKMP:(0:16:SW:1): processing HASH payload. message ID = 469295926 *Oct 29 22:13:41.042: ISAKMP:(0:16:SW:1): processing SA payload. message ID = 469295926 *Oct 29 22:13:41.042: ISAKMP:(0:16:SW:1):Checking IPSec proposal 1 *Oct 29 22:13:41.042: ISAKMP: transform 1, ESP_3DES *Oct 29 22:13:41.042: ISAKMP: attributes in transform: *Oct 29 22:13:41.042: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:13:41.042: ISAKMP: SA life type in seconds *Oct 29 22:13:41.042: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:13:41.042: ISAKMP: SA life type in kilobytes *Oct 29 22:13:41.042: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:13:41.042: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:13:41.042: ISAKMP:(0:16:SW:1):atts are acceptable. *Oct 29 22:13:41.042: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:41.042: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1): processing NONCE payload. message ID = 469295926 *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 469295926 *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 469295926 *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 290710746, message ID = 469295926, sa = 649D2508 *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1):SA authentication status: authenticated *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1): processing responder lifetime *Oct 29 22:13:41.046: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 5 for for stuff_ke *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1): Creating IPSec SAs *Oct 29 22:13:41.046: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.20) *Oct 29 22:13:41.046: has spi 0x1153E4DA and conn_id 0 and flags 2 *Oct 29 22:13:41.046: lifetime of 3600 seconds *Oct 29 22:13:41.046: lifetime of 4608000 kilobytes *Oct 29 22:13:41.046: has client flags 0x0 *Oct 29 22:13:41.046: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.20 to 192.168.10.4) *Oct 29 22:13:41.046: has spi -2008490943 and conn_id 0 and flags A *Oct 29 22:13:41.046: lifetime of 3600 seconds *Oct 29 22:13:41.046: lifetime of 4608000 kilobytes *Oct 29 22:13:41.046: has client flags 0x0 *Oct 29 22:13:41.046: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:41.050: ISAKMP:(0:16:SW:1):deleting node 469295926 error FALSE reason "No Error" *Oct 29 22:13:41.050: ISAKMP:(0:16:SW:1):Node 469295926, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:13:41.050: ISAKMP:(0:16:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:13:41.050: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:13:41.050: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x1153E4DA(290710746), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:41.050: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x8848DC41(2286476353), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:13:41.050: Crypto mapdb : proxy_match src addr : 172.18.210.20 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:41.054: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:13:41.054: IPSec: Flow_switching Allocated flow for sibling 8000415A *Oct 29 22:13:41.054: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for from create_transforms *Oct 29 22:13:41.054: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x1153E4DA(290710746), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3042 *Oct 29 22:13:41.054: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x8848DC41(2286476353), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3022 *Oct 29 22:13:41.054: IPSEC(add_sa): have new SAs -- expire existing in 30 sec. router1#, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x803EACBE(2151591102), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:41.054: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 5 *Oct 29 22:13:42.422: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 192.168.1.7 -> 172.18.210.16 (3/3), 1 packet *Oct 29 22:13:42.422: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:13:44.058: ISAKMP:(0:10:SW:1):purging node -1821053697 router1# *Oct 29 22:13:44.766: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41331) -> 192.168.10.4(33444), 1 packet router1# *Oct 29 22:13:45.954: ISAKMP:(0:9:SW:1):purging SA., sa=6600B404, delme=6600B404 *Oct 29 22:13:46.694: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:13:49.766: %SEC-6-IPACCESSLOGP: list 100 permitted udp 172.18.210.16(41331) -> 192.168.10.4(33445), 1 packet *Oct 29 22:13:49.766: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xA84492A5(2823066277), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:49.770: ISAKMP: received ke message (1/1) *Oct 29 22:13:49.770: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:49.770: ISAKMP:(0:16:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:13:49.770: ISAKMP:(0:16:SW:1):beginning Quick Mode exchange, M-ID of 1762628828 *Oct 29 22:13:49.770: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:49.770: ISAKMP:(0:16:SW:1):Node 1762628828, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:49.770: ISAKMP:(0:16:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:13:49.818: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1): processing HASH payload. message ID = 1762628828 *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1): processing SA payload. message ID = 1762628828 *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1):Checking IPSec proposal 1 *Oct 29 22:13:49.822: ISAKMP: transform 1, ESP_3DES *Oct 29 22:13:49.822: ISAKMP: attributes in transform: *Oct 29 22:13:49.822: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:13:49.822: ISAKMP: SA life type in seconds *Oct 29 22:13:49.822: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:13:49.822: ISAKMP: SA life type in kilobytes *Oct 29 22:13:49.822: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:13:49.822: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1):atts are acceptable. *Oct 29 22:13:49.822: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:49.822: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1): processing NONCE payload. message ID = 1762628828 *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1762628828 *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1762628828 *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 2823066277, message ID = 1762628828, sa = 649D2508 *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1):SA authentication status: authenticated *Oct 29 22:13:49.822: ISAKMP:(0:16:SW:1): processing responder lifetime *Oct 29 22:13:49.826: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for for stuff_ke *Oct 29 22:13:49.826: ISAKMP:(0:16:SW:1): Creating IPSec SAs *Oct 29 22:13:49.826: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:13:49.826: has spi 0xA84492A5 and conn_id 0 and flags 2 *Oct 29 22:13:49.826: lifetime of 3600 seconds *Oct 29 22:13:49.826: lifetime of 4608000 kilobytes *Oct 29 22:13:49.826: has client flags 0x0 *Oct 29 22:13:49.826: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:13:49.826: has spi -1772254555 and conn_id 0 and flags A *Oct 29 22:13:49.826: lifetime of 3600 seconds *Oct 29 22:13:49.826: lifetime of 4608000 kilobytes *Oct 29 22:13:49.826: has client flags 0x0 *Oct 29 22:13:49.826: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:49.826: ISAKMP:(0:16:SW:1):deleting node 1762628828 error FALSE reason "No Error" *Oct 29 22:13:49.826: ISAKMP:(0:16:SW:1):Node 1762628828, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:13:49.826: ISAKMP:(0:16:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:13:49.830: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:13:49.830: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xA84492A5(2823066277), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:49.830: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x965D8AA5(2522712741), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:13:49.830: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:49.830: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:13:49.830: IPSec: Flow_switching Allocated flow for sibling 80004173 *Oct 29 22:13:49.830: IPSEC(policy_db_add_ident): src 172.18.210.16, dest 192.168.10.4, dest_port 0 router1# *Oct 29 22:13:49.830: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for from create_transforms *Oct 29 22:13:49.830: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xA84492A5(2823066277), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3006 *Oct 29 22:13:49.830: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x965D8AA5(2522712741), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3037 *Oct 29 22:13:49.830: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 6 *Oct 29 22:13:50.806: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xAF06750D(2936435981), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:50.806: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xEC5A3C07(3965336583), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:13:50.806: IPSec: Flow_switching Deallocated flow for sibling 80004160 *Oct 29 22:13:50.806: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 5 *Oct 29 22:13:50.806: ISAKMP: received ke message (3/1) *Oct 29 22:13:50.806: ISAKMP: set new node -1888510167 to QM_IDLE *Oct 29 22:13:50.806: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:50.806: ISAKMP:(0:16:SW:1):purging node -1888510167 router1# *Oct 29 22:13:50.810: ISAKMP:(0:16:SW:1):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL *Oct 29 22:13:50.810: ISAKMP:(0:16:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:13:51.858: IPSEC(epa_des_crypt): decrypted packet failed SA identity check *Oct 29 22:13:53.274: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:13:53.274: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xE55D8822(3848112162), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:13:54.150: ISAKMP:(0:11:SW:1):purging node 795693108 *Oct 29 22:13:54.154: ISAKMP: received ke message (1/1) *Oct 29 22:13:54.154: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:13:54.154: ISAKMP:(0:16:SW:1): sitting IDLE. Starting QM immediately (QM_IDLE ) *Oct 29 22:13:54.154: ISAKMP:(0:16:SW:1):beginning Quick Mode exchange, M-ID of 1320594148 *Oct 29 22:13:54.154: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:54.154: ISAKMP:(0:16:SW:1):Node 1320594148, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:13:54.154: ISAKMP:(0:16:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 router1# *Oct 29 22:13:54.154: ISAKMP:(0:10:SW:1):purging SA., sa=6611B890, delme=6611B890 *Oct 29 22:13:54.822: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 192.168.10.4 -> 172.18.210.16 (3/3), 1 packet *Oct 29 22:13:54.822: IPSEC(epa_des_crypt): decrypted packet failed SA identity check *Oct 29 22:13:55.774: ISAKMP (0:134217744): received packet from 192.168.1.4 dport 500 sport 500 Global (R) QM_IDLE *Oct 29 22:13:55.774: ISAKMP:(0:16:SW:1): processing HASH payload. message ID = 1320594148 *Oct 29 22:13:55.774: ISAKMP:(0:16:SW:1): processing SA payload. message ID = 1320594148 *Oct 29 22:13:55.774: ISAKMP:(0:16:SW:1):Checking IPSec proposal 1 *Oct 29 22:13:55.774: ISAKMP: transform 1, ESP_3DES *Oct 29 22:13:55.774: ISAKMP: attributes in transform: *Oct 29 22:13:55.774: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:13:55.774: ISAKMP: SA life type in seconds *Oct 29 22:13:55.774: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:13:55.774: ISAKMP: SA life type in kilobytes *Oct 29 22:13:55.774: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:13:55.774: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1):atts are acceptable. *Oct 29 22:13:55.778: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:55.778: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1): processing NONCE payload. message ID = 1320594148 *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1320594148 *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1): processing ID payload. message ID = 1320594148 *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 3848112162, message ID = 1320594148, sa = 649D2508 *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1):SA authentication status: authenticated *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1): processing responder lifetime *Oct 29 22:13:55.778: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 6 for for stuff_ke *Oct 29 22:13:55.778: ISAKMP:(0:16:SW:1): Creating IPSec SAs *Oct 29 22:13:55.778: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.10.4 to 172.18.210.16) *Oct 29 22:13:55.778: has spi 0xE55D8822 and conn_id 0 and flags 2 *Oct 29 22:13:55.778: lifetime of 3600 seconds *Oct 29 22:13:55.782: lifetime of 4608000 kilobytes *Oct 29 22:13:55.782: has client flags 0x0 *Oct 29 22:13:55.782: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.10.4) *Oct 29 22:13:55.782: has spi -1281233130 and conn_id 0 and flags A *Oct 29 22:13:55.782: lifetime of 3600 seconds *Oct 29 22:13:55.782: lifetime of 4608000 kilobytes *Oct 29 22:13:55.782: has client flags 0x0 *Oct 29 22:13:55.782: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:13:55.782: ISAKMP:(0:16:SW:1):deleting node 1320594148 error FALSE reason "No Error" *Oct 29 22:13:55.782: ISAKMP:(0:16:SW:1):Node 1320594148, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:13:55.782: ISAKMP:(0:16:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:13:55.782: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:13:55.782: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xE55D8822(3848112162), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:13:55.782: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.10.4/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xB3A1EF16(3013734166), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:13:55.786: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.10.4 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:13:55.786: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:13:55.786: IPSec: Flow_switching Allocated flow for sibling 8000415F *Oct 29 22:13:55.786: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for from create_transforms *Oct 29 22:13:55.786: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0xE55D8822(3848112162), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3005 router1# *Oct 29 22:13:55.786: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xB3A1EF16(3013734166), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3032 *Oct 29 22:13:55.786: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 6 *Oct 29 22:13:56.842: IPSEC(epa_des_crypt): decrypted packet failed SA identity check *Oct 29 22:13:58.378: ISAKMP:(0:12:SW:1):purging node 1684903294 *Oct 29 22:13:58.378: ISAKMP:(0:12:SW:1):purging node 1035023732 router1# *Oct 29 22:13:59.802: IPSEC(epa_des_crypt): decrypted packet failed SA identity check *Oct 29 22:14:00.870: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 107 packets router1# *Oct 29 22:14:00.870: ISAKMP:(0:11:SW:1):purging SA., sa=64A7CF98, delme=64A7CF98 *Oct 29 22:14:01.702: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:14:03.238: ISAKMP:(0:13:SW:1):purging node 2132631768 router1# *Oct 29 22:14:04.806: IPSEC(epa_des_crypt): decrypted packet failed SA identity check router1# *Oct 29 22:14:06.622: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1) *Oct 29 22:14:06.622: ISAKMP: received ke message (3/1) *Oct 29 22:14:06.622: ISAKMP:(0:15:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:06.622: ISAKMP:(0:14:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:06.622: ISAKMP:(0:13:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:06.622: ISAKMP:(0:16:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:06.622: ISAKMP:(0:16:SW:1):deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:14:06.622: ISAKMP:(0:12:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:06.622: ISAKMP: set new node -1729147321 to QM_IDLE *Oct 29 22:14:06.622: ISAKMP:(0:16:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (R) QM_IDLE *Oct 29 22:14:06.622: ISAKMP:(0:16:SW:1):purging node -1729147321 *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):deleting SA reason "No reason" state (R) QM_IDLE (peer 192.168.1.4) *Oct 29 22:14:06.626: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):deleting node -545337773 error FALSE reason "IKE deleted" *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):deleting node 1614994549 error FALSE reason "IKE deleted" *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):deleting node 1930336290 error FALSE reason "IKE deleted" *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):deleting node 469295926 error FALSE reason "IKE deleted" router1# *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):deleting node 1762628828 error FALSE reason "IKE deleted" *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):deleting node 1320594148 error FALSE reason "IKE deleted" *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:14:06.626: ISAKMP:(0:16:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:14:06.642: ISAKMP:(0:12:SW:1):purging SA., sa=649D1E1C, delme=649D1E1C *Oct 29 22:14:07.494: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x2AC2DB76(717413238), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:14:07.494: ISAKMP: received ke message (1/1) *Oct 29 22:14:07.494: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:14:07.494: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:14:07.494: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:14:07.494: ISAKMP: local port 500, remote port 500 *Oct 29 22:14:07.494: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:14:07.494: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 64A7CF98 *Oct 29 22:14:07.494: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:14:07.494: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:14:07.498: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:14:07.542: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:14:07.542: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:14:07.542: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:14:07.542: ISAKMP: encryption 3DES-CBC *Oct 29 22:14:07.542: ISAKMP: hash SHA *Oct 29 22:14:07.542: ISAKMP: default group 2 *Oct 29 22:14:07.542: ISAKMP: auth pre-share *Oct 29 22:14:07.542: ISAKMP: life type in seconds *Oct 29 22:14:07.546: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:14:07.546: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:14:07.598: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:14:07.598: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:14:07.598: ISAKMP:(0:17:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:14:07.598: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:14:07.598: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 *Oct 29 22:14:07.654: ISAKMP (0:134217745): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP *Oct 29 22:14:07.654: ISAKMP:(0:17:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:14:07.658: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4 *Oct 29 22:14:07.658: ISAKMP:(0:17:SW:1): processing KE payload. message ID = 0 *Oct 29 22:14:07.718: ISAKMP:(0:17:SW:1): processing NONCE payload. message ID = 0 *Oct 29 22:14:07.718: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:14:07.718: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:14:07.718: ISAKMP:(0:17:SW:1):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1):SKEYID state generated *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4 *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Oct 29 22:14:07.722: ISAKMP (0:134217745): ID payload next-payload : 8 type : 1 address : 172.22.254.1 protocol : 17 port : 500 length : 12 *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1):Total payload length: 12 *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_KEY_EXCH *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:14:07.722: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5 *Oct 29 22:14:07.762: ISAKMP (0:134217745): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_KEY_EXCH *Oct 29 22:14:07.762: ISAKMP:(0:17:SW:1): processing ID payload. message ID = 0 *Oct 29 22:14:07.762: ISAKMP (0:134217745): ID payload next-payload : 8 type : 1 address : 192.168.1.4 protocol : 0 port : 0 length : 12 *Oct 29 22:14:07.762: ISAKMP:(0:17:SW:1):: peer matches *none* of the profiles *Oct 29 22:14:07.762: ISAKMP:(0:17:SW:1): processing HASH payload. message ID = 0 *Oct 29 22:14:07.762: ISAKMP:(0:17:SW:1):SA authentication status: authenticated *Oct 29 22:14:07.762: ISAKMP:(0:17:SW:1):SA has been authenticated with 192.168.1.4 *Oct 29 22:14:07.766: ISAKMP:(0:17:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:14:07.766: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6 *Oct 29 22:14:07.766: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:14:07.766: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6 *Oct 29 22:14:07.766: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:14:07.766: ISAKMP:(0:17:SW:1):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE router1# *Oct 29 22:14:07.766: ISAKMP:(0:17:SW:1):beginning Quick Mode exchange, M-ID of 1816694838 *Oct 29 22:14:07.770: ISAKMP:(0:17:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:14:07.770: ISAKMP:(0:17:SW:1):Node 1816694838, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Oct 29 22:14:07.770: ISAKMP:(0:17:SW:1):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Oct 29 22:14:07.770: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Oct 29 22:14:07.770: ISAKMP:(0:17:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Oct 29 22:14:08.422: ISAKMP (0:134217745): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:14:08.422: ISAKMP:(0:17:SW:1): processing HASH payload. message ID = 1816694838 *Oct 29 22:14:08.422: ISAKMP:(0:17:SW:1): processing SA payload. message ID = 1816694838 *Oct 29 22:14:08.422: ISAKMP:(0:17:SW:1):Checking IPSec proposal 1 *Oct 29 22:14:08.422: ISAKMP: transform 1, ESP_3DES *Oct 29 22:14:08.422: ISAKMP: attributes in transform: *Oct 29 22:14:08.422: ISAKMP: encaps is 1 (Tunnel) *Oct 29 22:14:08.422: ISAKMP: SA life type in seconds *Oct 29 22:14:08.422: ISAKMP: SA life duration (basic) of 3600 *Oct 29 22:14:08.422: ISAKMP: SA life type in kilobytes *Oct 29 22:14:08.422: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Oct 29 22:14:08.422: ISAKMP: authenticator is HMAC-SHA *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1):atts are acceptable. *Oct 29 22:14:08.426: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:14:08.426: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1): processing NONCE payload. message ID = 1816694838 *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1): processing ID payload. message ID = 1816694838 *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1): processing ID payload. message ID = 1816694838 *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1): processing NOTIFY RESPONDER_LIFETIME protocol 3 spi 717413238, message ID = 1816694838, sa = 64A7CF98 *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1):SA authentication status: authenticated *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1): processing responder lifetime *Oct 29 22:14:08.426: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 7 for for stuff_ke *Oct 29 22:14:08.426: ISAKMP:(0:17:SW:1): Creating IPSec SAs *Oct 29 22:14:08.426: inbound SA from 192.168.1.4 to 172.22.254.1 (f/i) 0/ 0 (proxy 192.168.1.7 to 172.18.210.16) *Oct 29 22:14:08.430: has spi 0x2AC2DB76 and conn_id 0 and flags 2 *Oct 29 22:14:08.430: lifetime of 3600 seconds *Oct 29 22:14:08.430: lifetime of 4608000 kilobytes *Oct 29 22:14:08.430: has client flags 0x0 *Oct 29 22:14:08.430: outbound SA from 172.22.254.1 to 192.168.1.4 (f/i) 0/0 (proxy 172.18.210.16 to 192.168.1.7) *Oct 29 22:14:08.430: has spi -2107756141 and conn_id 0 and flags A *Oct 29 22:14:08.430: lifetime of 3600 seconds *Oct 29 22:14:08.430: lifetime of 4608000 kilobytes *Oct 29 22:14:08.430: has client flags 0x0 *Oct 29 22:14:08.430: ISAKMP:(0:17:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:14:08.430: ISAKMP:(0:17:SW:1):deleting node 1816694838 error FALSE reason "No Error" *Oct 29 22:14:08.430: ISAKMP:(0:17:SW:1):Node 1816694838, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Oct 29 22:14:08.430: ISAKMP:(0:17:SW:1):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE *Oct 29 22:14:08.438: IPSEC(key_engine): got a queue event with 2 kei messages *Oct 29 22:14:08.438: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x2AC2DB76(717413238), conn_id= 0, keysize= 0, flags= 0x2 *Oct 29 22:14:08.438: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/0.0.0.0/0/0 (type=1), remote_proxy= 192.168.1.7/0.0.0.0/0/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x825E3193(2187211155), conn_id= 0, keysize= 0, flags= 0xA *Oct 29 22:14:08.438: Crypto mapdb : proxy_match src addr : 172.18.210.16 dst addr : 192.168.1.7 protocol : 0 src port : 0 dst port : 0 *Oct 29 22:14:08.438: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 192.168.1.4 *Oct 29 22:14:08.438: IPSec: Flow_switching Allocated flow for sibling 80004177 *Oct 29 22:14:08.438: ISAKMP: Locking peer struct 0x652FCBF4, IPSEC refcount 8 for from create_transforms *Oct 29 22:14:08.438: IPSEC(create_sa): sa created, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x2AC2DB76(717413238), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3025 *Oct 29 22:14:08.438: IPSEC(create_sa): sa created, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x825E3193(2187211155), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3029 *Oct 29 22:14:08.438: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x4E829065(1317179493), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3021, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:14:08.438: IPSEC(add_sa): have new SAs -- expire existing in 30 sec., (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x5E6261C7(1583505863), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041, (identity) router1#ulocal= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:14:08.438: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from create_transforms, count 7 *Oct 29 22:14:10.162: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1) *Oct 29 22:14:11.170: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x803EACBE(2151591102), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3008, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:14:11.170: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0xC93C21E(211010078), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3020, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/0/0 (type=1) *Oct 29 22:14:11.170: IPSec: Flow_switching Deallocated flow for sibling 80004116 *Oct 29 22:14:11.170: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 6 *Oct 29 22:14:11.774: IPSEC(epa_des_crypt): decrypted packet failed SA identity checkn router1#undebu *Oct 29 22:14:11.962: ISAKMP (0:134217745): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:14:11.962: ISAKMP: set new node 133524620 to QM_IDLE *Oct 29 22:14:11.966: ISAKMP:(0:17:SW:1): processing HASH payload. message ID = 133524620 *Oct 29 22:14:11.966: ISAKMP:(0:17:SW:1): processing DELETE payload. message ID = 133524620 *Oct 29 22:14:11.966: ISAKMP:(0:17:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:11.966: ISAKMP:(0:17:SW:1):deleting node 133524620 error FALSE reason "Informational (in) state 1" *Oct 29 22:14:11.966: ISAKMP: received ke message (3/1) *Oct 29 22:14:11.966: ISAKMP:(0:17:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:11.966: ISAKMP:(0:17:SW:1):deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:14:11.966: ISAKMP:(0:15:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:11.966: ISAKMP:(0:14:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:11.966: ISAKMP:(0:13:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:11.966: ISAKMP:(0:16:SW:1):peer does not do paranoid keepalives. *Oct 29 22:14:11.966: ISAKMP:(0:14:SW:1):purging node 706917199 *Oct 29 22:14:11.966: ISAKMP: received ke message (3/1) *Oct 29 22:14:11.966: ISAKMP: ignoring request to send delete notify (no ISAKMP sa) src 172.22.254.1 dst 192.168.1.4 for SPI 0x803EACBE *Oct 29 22:14:11.970: IPSEC(key_engine): got a queue event with 1 kei messages *Oct 29 22:14:11.970: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP *Oct 29 22:14:11.970: IPSEC(key_engine_delete_sas): delete SA with spi 0x7EFFF89E proto 50 for 192.168.1.4 *Oct 29 22:14:11.970: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 172.22.254.1, sa_proto= 50, sa_spi= 0x5E6261C7(1583505863), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3041, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:14:11.970: IPSEC(delete_sa): deleting SA, (sa) sa_dest= 192.168.1.4, sa_proto= 50, sa_spi= 0x7EFFF89E(2130704542), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3007, (identity) local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.16/255.255.255.255/0/0 (type=1), remote_proxy= 192.168.1.7/255.255.255.255/0/0 (type=1) *Oct 29 22:14:11.970: IPSec: Flow_switching Deallocated flow for sibling 8000419C *Oct 29 22:14:11.970: ISAKMP: Unlocking IPSEC struct 0x652FCBF4 from delete_siblings, count 5 *Oct 29 22:14:11.970: ISAKMP: set new node 2128354493 to QM_IDLE *Oct 29 22:14:11.970: ISAKMP:(0:17:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) QM_IDLE *Oct 29 22:14:11.974: ISAKMP:(0:17:SW:1):purging node 2128354493 *Oct 29 22:14:11.974: ISAKMP:(0:17:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Oct 29 22:14:11.974: ISAKMP:(0:17:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Oct 29 22:14:11.974: ISAKMP (0:134217745): received packet from 192.168.1.4 dport 500 sport 500 Global (I) QM_IDLE *Oct 29 22:14:11.982: ISAKMP:(0:17:SW:1):deleting SA reason "No reason" state (I) QM_IDLE (peer 192.168.1.4) *Oct 29 22:14:11.982: ISAKMP: Unlocking IKE struct 0x652FCBF4 for isadb_mark_sa_deleted(), count 0 *Oct 29 22:14:11.982: ISAKMP:(0:17:SW:1):deleting node 1816694838 error FALSE reason "IKE deleted" *Oct 29 22:14:11.982: ISAKMP:(0:17:SW:1):deleting node 133524620 error FALSE reason "IKE deleted" *Oct 29 22:14:11.982: ISAKMP:(0:17:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:14:11.982: ISAKMP:(0:17:SW:1):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Oct 29 22:14:12.870: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 172.22.254.1, remote= 192.168.1.4, local_proxy= 172.18.210.20/255.255.255.255/1/0 (type=1), remote_proxy= 192.168.10.4/255.255.255.255/1/0 (type=1), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x348D5DB5(881679797), conn_id= 0, keysize= 0, flags= 0x400A *Oct 29 22:14:12.870: ISAKMP: received ke message (1/1) *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0): SA request profile is (NULL) *Oct 29 22:14:12.874: ISAKMP: Found a peer struct for 192.168.1.4, peer port 500 *Oct 29 22:14:12.874: ISAKMP: Locking peer struct 0x652FCBF4, IKE refcount 1 for isakmp_initiator *Oct 29 22:14:12.874: ISAKMP: local port 500, remote port 500 *Oct 29 22:14:12.874: ISAKMP: set new node 0 to QM_IDLE *Oct 29 22:14:12.874: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 6611B890 *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode. *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 IDg router1#undebug *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_I_MM1 *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange *Oct 29 22:14:12.874: ISAKMP:(0:0:N/A:0): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_NO_STATE *Oct 29 22:14:14.546: ISAKMP (0:0): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_NO_STATE *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1 New State = IKE_I_MM2 *Oct 29 22:14:14.546: ISAKMP:(0:13:SW:1):purging SA., sa=6600E354, delme=6600E354 *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0):Looking for a matching key for 192.168.1.4 in default *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0): : success *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 192.168.1.4 *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0): local preshared key found *Oct 29 22:14:14.546: ISAKMP : Scanning profiles for xauth ... *Oct 29 22:14:14.546: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Oct 29 22:14:14.546: ISAKMP: encryption 3DES-CBC *Oct 29 22:14:14.546: ISAKMP: hash SHA *Oct 29 22:14:14.546: ISAKMP: default group 2 *Oct 29 22:14:14.546: ISAKMP: auth pre-share *Oct 29 22:14:14.546: ISAKMP: life type in seconds *Oct 29 22:14:14.550: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 *Oct 29 22:14:14.550: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 *Oct 29 22:14:14.598: ISAKMP:(0:18:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Oct 29 22:14:14.598: ISAKMP:(0:18:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM2 *Oct 29 22:14:14.602: ISAKMP:(0:18:SW:1): sending packet to 192.168.1.4 my_port 500 peer_port 500 (I) MM_SA_SETUP *Oct 29 22:14:14.602: ISAKMP:(0:18:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Oct 29 22:14:14.602: ISAKMP:(0:18:SW:1):Old State = IKE_I_MM2 New State = IKE_I_MM3 all Port Statistics for unclassified packets is not turned on. All possible debugging has been turned off router1# *Oct 29 22:14:20.662: ISAKMP (0:134217746): received packet from 192.168.1.4 dport 500 sport 500 Global (I) MM_SA_SETUP router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1# router1#